Compacting a Linux VM disk

This only works for dynamic disks.

  1. cd to /
  2. dd if=/dev/zero of=ZERO bs=1M
  3. rm ZERO
  4. cd to /boot and repeat

The dd copies blocks of zeros in 1M chunks to a file named ZERO.  The idea is to go to different mount points and zero out unused space.  Only blocks with zero in them are compacted.

As an alternative to using dd, Ben Armstrong suggests:

cat /dev/zero > zero.dat ; sysnc ; sleep 1 ; sync ; rm zero.dat

  1. Shutdown the vm
  2. Vboxmanage modifyhd /fullpath/to/the.vdi –compact

Vboxmanage is in the “\Program Files\Oracle\VirtualBox” directory.

For Hyper-v, you need the PowerShell Hyper-v GUI Management tools installed.  Then run:

Optimize-VHD -Path /fullpath/to/the.vdi -Mode Full

Mounted disks can’t be fully compacted, but mounting the disk as read-only allows a subset of compaction options.

Building a CentOS 6.4 module

  1. Install necessary tools.
    • yum groupinstall "Development Tools
    • yum install rpm-build redhat-rpm-config asciidoc hmaccalc perl-ExtUtils-Embed xmlto
    • yum install binutils-devel elfutils-libelf-devel newt-devel python-devel zlib-devel
  2. Get the kernel headers.
    • yum install kernel-devel
  3. Create a build tree and get the kernel source
  4. Unpack the source files
    • cd ~/rpmbuild/SPECS
    • rpmbuild -bp --target=$(uname -m) kernel.spec
  5. The source tree will be under ~/rpmbuild/BUILD/kernel*/linux*/
  6. Prepare the kernel
    • cd ~/rpmbuild/BUILD/kernel-2.6.32/linux-2.6.32.`uname -m`
    • cp /boot/config-`uname -r` .config
    • make oldconfig
    • make prepare
    • make modules_prepare
  7. Note: make modules_prepare will not build a Module.symvers file. If you need module versioning then the kernel needs to be built.  See http://wiki.centos.org/HowTos/Custom_Kernel
  8. Change directory to the module you want to build
  9. Build the module
    • make -C /lib/modules/`uname -r`/build M=`pwd` modules
  10. Copy the .ko to /lib/modules/`uname -r`/extra on the target system
  11. Update the dependencies
    • depmod -a
  12. Use modprobe to load the module. To display info about a loaded module use modinfo

OpenVPN on CentOS

  1. wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
    rpm -Uvh epel-release-6-8.noarch.rpm
  2. yum install openvpn -y
  3. Easy-rsa isn’t included in OpenVPN anymore.  This is from http://safesrv.net/install-openvpn-on-centos/ –
    Download easy-rsa from below:
    wget https://github.com/downloads/OpenVPN/easy-rsa/easy-rsa-2.2.0_master.tar.gz
    Extract the package:
    tar -zxvf easy-rsa-2.2.0_master.tar.gz
    Copy to the OpenVPN directory:
    cp -R easy-rsa-2.2.0_master/easy-rsa/ /etc/openvpn/
    Open up with vi or other favorite editor /etc/openvpn/easy-rsa/2.0/vars and edit the below line:
    Change:
    export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
    To:
    export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnfNext change the KEY_COUNTRY through KEY_OU values at the end of the file.Save and exit
  4. From same 2.0 directory as var, cp openssl-1.0.0.cnf openssl.cnf
  5. Build the CA, previous changes should be defaults to questions:
    source ./vars
    ./clean-all
    ./build-ca
  6. Create server certificate, answering yes to commit:
    ./build-key-server server
  7. Generate Diffie Hellman key exchange files:
    ./build-dh
    cd keys
    cp dh1024.pem ca.crt server.crt server.key /etc/openvpn
  8. Generate client certificates:
    cd ..
    ./build-key <client name>
  9. Get ca.crt, and <client name>.crt/key to OpenVPN client
  10. cp /usr/share/doc/openvpn-*/samples/sample-config-files/server.conf /etc/openvpn
  11. vi /etc/openvpn/server.conf and set the “local” ip for OpenVPN to listen on.  Uncomment the user and group nobody lines.
  12. service openvpn start
    chkconfig –level 3 openvpn on
  13. modify iptables rules for listening to port 1194 TCP:
    iptables -A INPUT -i eth0 -p tcp --dport 1194 -j ACCEPT
    iptables -A OUTPUT -o eth0 -p tcp --dport 1194 -j ACCEPT
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

    Next you need to allow certain traffic going through the tunnel.  For no restrictions use:

    iptables -A INPUT -i tun0 -j ACCEPT
    iptables -A OUTPUT -o tun0 -j ACCEPT
    iptables -A FORWARD -o tun0 -j ACCEPT

ZeroShell in Hyper-V

Getting ZeroShell installed into a VM is a bit of a trick:

  1. download the 2.0 RC2 .iso and corresponding 2GB .img.gz file from http://www.zeroshell.org/download/#
  2. Make a .iso file from the .img.gz.  I used ImgBurn for this.
  3. Make a new VM with 2 GB hard disk, and add a 2nd CD-ROM
  4. Put the RC2 .iso on CD-ROM1 and the .iso from step 2 on CD-ROM2
  5. Boot the VM
  6. Select ‘S’ to get to the shell prompt
  7. Make a mount point for CD-ROM2 with mkdir /mnt/cdrom
  8. Mount CD-ROM2 with mount /dev/sr1 /mnt/cdrom
  9. Copy the .img into the disk with gunzip -c /mnt/cdrom/ZeroShell-2.0.RC2-IDE-USB-SATA-Disk-2GB.img.gz > /dev/sda
  10. Shutdown the VM with halt
  11. Remove the .isos from the VM
  12. Boot up the VM

Building a CentOS 6.4 cluster

Base installation idea/instructions of the cluster: http://catsysadminblog.blogspot.com/2011/04/building-rhel-6centos-6-ha-cluster-for.html

After installing CentOS in each of the VMs with network adapters, install webmin: http://www.tecmint.com/install-webmin-web-based-system-administration-tool-for-rhel-centos-fedora/

To autostart webmin as a level 3 (normal run level) service:

chkconfig –level 3 webmin on

Note that chkconfig will only configure the service, not actually start it.  To start it before the next reboot:

service webmin start

And update /etc/sysconfig/iptables to allow port 10000 (same syntax as port 22 allow.)

Install ntp – clients will point to each vm in the cluster: http://www.rackspace.com/knowledge_center/article/using-ntp-to-sync-time

Get loginless ssh going: http://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/.  You may need to reset SELinux.  On the target, do a “restorecon -R -v /root/.ssh” – see http://blog.firedaemon.com/2011/07/27/passwordless-root-ssh-public-key-authentication-on-centos-6/

Then install DRBD.  Contrary to the DBRD website, this isn’t in CentOS’ extra repository.  Use El Repo’s repository instead: http://elrepo.org/tiki/tiki-index.php.  Info on DBRD here: http://www.drbd.org/.  You’ll need both drbd84-utils and kmod-drbd84.

Shorewall install on a Hyper-V Centos 6.4

Installation of redundant Shorewall firewalls w/ PPTP: (minimal instructions in reverse order, just for fun)

Need to comment out binaddr in radiusclient.conf: https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=906912

Need to “alias” radiusclient-ng to radiusclient: cd /etc/; ln -s /etc/radiusclient-ng radiusclient

Link to RADIUS client install: http://safesrv.net/setup-pptp-and-freeradius-on-centos-5/

Link to install instructions for PPTP server: https://www.digitalocean.com/community/articles/how-to-setup-your-own-vpn-with-pptp

but better instructions at: http://www.gaggl.com/2012/06/installing-poptop-pppd-vpn-serveron-centos-6/

Link to install instructions for Shorewall on Centos via RPM: http://lawrenceinfinity.blogspot.com/2012/02/shorewall-install-in-centos-server-1.html

Link to install Keepalived: http://manidba.wordpress.com/2011/11/10/keepalived-install-setup-and-usage/

Link to install Wemin: http://www.webmin.com/rpm.html

Link to setting default route in CentOS (DEFROUTE=no on local interfaces): http://xmodulo.com/2012/03/how-to-set-default-route-in-linux.html

Configuring a network adapter for CenOS under Hyper-V: http://blog.nlitee.com/virtualization/hyper-v/centos-6-on-hyper-v-network-adapter-doesnt-work/

Note: for V 3.4 of Integration Services, use RPM under RHEL63