Virtualbox Bridging
Posted by Dataforce
Edit: This is now pretty much unneeded, the new version of VirtualBox seems to handle this all nicely on its own.
As I mentioned in my last post, One of the useful advantages of the network boot setup is that I can use it to quickly install virtual machines.
Now a few things:
- My Desktop is a lot more powerful than my server, so I run the virtual machines on it.
- I use virtualbox rather than vmware.
- All the network boot stuff is on my server not my desktop (obviously)
So in order to allow this, virtualbox needed to be setup to bridge to my existing adapter, this was quite straight forward, pretty much exactly as the manual said.
sudo apt-get install bridge-utils
Edit /etc/network/interfaces, and add
auto br0 iface br0 inet dhcp bridge_ports eth0
Now the next suggestion was to setup a tkap0 device and tell virtualbox to use that, or to use a dynamic configuration.
The dynamic configuration sounded better as it meant I didn't need to remember to add a new tap device for each vm.
The suggested dynamic configuration suggests using kdesu/gksudo and a script in the home dir of the user that will setup and cleaup the tap device (this means inputting your password every tiem you start/stop the VM and requiring a separate script for each user that wants to have a vm with bridging) this seemed rather annoying so I came up with an alternative.
/usr/bin/setuptap
#!/bin/bash
# Make sure we are root
if [ $(whoami) != root ]; then
exit 1;
fi;
# Create an new TAP interface for the user and remember its name.
interface=`VBoxTunctl -b -u ${SUDO_USER}`
# If for some reason the interface could not be created, return 1 to
# tell this to VirtualBox.
if [ -z "$interface" ]; then
exit 1
fi
# Write the name of the interface to the standard output.
echo ${interface}
# Bring up the interface.
/sbin/ifconfig ${interface} up
# And add it to the bridge.
/usr/sbin/brctl addif br0 ${interface}
/usr/bin/cleanuptap
#!/bin/bash
# Make sure we are root
if [ $(whoami) != root ]; then
exit 1;
fi;
# Remove the interface from the bridge. The second script parameter is
# the interface name.
/usr/sbin/brctl delif br0 $2
# And use VBoxTunctl to remove the interface.
VBoxTunctl -d $2
Now these scripts run with sudo as any user will setup the tap device for that user (thats what ${SUDO_USER} is for)
This still requires a password for starting/stopping the VMs tho, so we use
sudo visudo
or if you prefer nano
sudo EDITOR=nano visudo
and add
# Allow virtualbox users to setup/cleanup tap devices %vboxusers ALL=NOPASSWD:/usr/bin/setuptap,/usr/bin/cleanuptap
now:
- configure virtualbox to attach the network device to a "host interface"
- leave the Interface name blank (setuptap creates the next available one)
- Setup Application: "sudo /usr/bin/setuptap"
- Terminate Application: "sudo /usr/bin/cleanuptap"
And virtualbox will be able to create/destroy the tap device as needed.
However. there is still one problem, DHCP will not work for these VMs without a little help, so we need to:
sudo apt-get install dhcp3-relay
and answer the questions asked. (DHCP Server IP, and INterface to listen on (br0))
Virtualbox unfortunatly seems to need a little push to actually network boot, so I also use an etherboot iso to actually boot from the network along with the "PCnet-FAST III" adapter type.
and thats all there is to it, you can now network boot and dhcp from virtual machines not hosted on the server.
PXE Goodness
Posted by Dataforce
Another post in under 3 months?
So as you may or may not know from time to time I have the joy of fixing computers for various people. Alot of these fixes result in a reinstall of windows and away.
This is a rather easy enough job, I have a KVM switch that I attach to the machine, pop a windows CD in (I used to have an unattended CD but don't anymore), answer a few questions and then occasionally switch the KVM over to see if the install died or so.
Now this is all well and good except for 2 problems:
- It means I need to keep (or remember to bring) windows CDs at home (where I do most of my jobs)
- I recently had a machine to fix that had a non-working CD Drive
Now, the first one isn't so much of a problem, but the second one was.
So for some reason known only to him, my dad a while ago decided to invest in an External CD Writer rather than an internal one, so I do have a USB cd drive.
First port of call was to attach the CD Drive, pop in the CD, reboot the machine, tell it to boot from usb... oh, it doesn't recognise the drive. bugger.
So I googled a bit, There was lots of suggestions mostly to use a floppy disk with the USB drivers to bootstrap the install (no thanks, I doubt I 6 (yes, SIX!) working floppies required to bootstrap the windows installer).
Then I remembered ages ago when I was making my unattended CD, I discovered an app called (shockingly) "unattended" (link) so I updated the copy of unattended I had on my server and went to investigate how to use it
The main suggested methods:
- Burn a CD
- Create a boot floopy
Neither of these were appealing (Floppies suck, I probably don't have a spare floppy anywhere that works) and the reason I was even looking at this was because the machine had no CD Drive.
However there was an alternative, network booting. Quickly check the back of the laptop, bingo! a network port!
So, I quickly (I say quickly, but my server was still Redhat 9 at the time, so rather slowly and painfully) I installed the tftp server (apt-get install tftp-hda on ubuntu), configured xinet.d (see below) and my dhcp server (see below).
xinet.d/tftp:
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
port = 69
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
dhcpd.conf:
# Not sure if this is needed, I added it anyway allow bootp; # My Servers IP next-server 192.168.0.5; # PXE Boot filename "pxelinux.0";
pxelinux.0 and its config directory can be found in bootdisk/tftpboot in the unattended distribution.
I also configured my internal DNS server as required by unattended to provide the ntinstall host.
This allowed me to boot up the machine using the network and install windows as normal (There are a few issues with this, namely that the windows xp installer sucks and requires a fat32 partition for swap space, so you can't use unattended to upgrade an existing ntfs install, it has to format the drive as fat32, install, convert it to ntfs, and defrag it)
This made me quite pleased, I copied my windows disks into the install/os directory, and my office disk into the appropriate directory (see the unattended site for all related configuration etc) and left it be.
A few days later I after I restarded one of my machines, it managed to network boot itself into the unattended menu rather than the hard disk, I quickly googled to find out how to make it boot its main hard drive, it gets IP 192.168.0.10, so I created /tftpboot/pxelinux.cfg/C0A8000A with the contents:
default local label local localboot 0
This then prompted me to look at the pxelinux config a bit more, Wouldn't it be awesome to be able to install ubuntu OR windows using network boot? Yes, it would. I also threw in network boot support for DBAN aswell.
my /tftpboot/pxelinux.cfg/default now looks something like this:
DEFAULT menu.c32
PROMPT 0
MENU TITLE Network Boot Options
LABEL disk
MENU LABEL ^Local Disk Boot
MENU DEFAULT
LOCALBOOT 0
LABEL unattended
MENU LABEL ^Unattended Windows Install
KERNEL /unattended/bzImage
APPEND initrd=unattended/initrd
LABEL autonuke
MENU LABEL DBAN ^Autonuke
KERNEL /dban/kernel.bzi
APPEND initrd=dban/initrd.gz root=/dev/ram0 init=/rc nuke="dwipe --autonuke" silent
LABEL dban
MENU LABEL ^DBAN normal
KERNEL /dban/kernel.bzi
APPEND initrd=dban/initrd.gz root=/dev/ram0 init=/rc nuke="dwipe" silent
MENU SEPARATOR
LABEL -32
MENU LABEL Ubuntu i386:
MENU DISABLE
LABEL 32install
MENU LABEL Ubuntu i386 Install
MENU INDENT 1
KERNEL ubuntu-installer/i386/linux
APPEND vga=normal initrd=ubuntu-installer/i386/initrd.gz --
LABEL 32cli
MENU LABEL Ubuntu i386 CLI
MENU INDENT 1
KERNEL ubuntu-installer/i386/linux
APPEND tasks=standard pkgsel/language-pack-patterns= pkgsel/install-language-support=false vga=normal initrd=ubuntu-installer/i386/initrd.gz --
LABEL 32expert
MENU LABEL Ubuntu i386 Expert
MENU INDENT 1
KERNEL ubuntu-installer/i386/linux
APPEND priority=low vga=normal initrd=ubuntu-installer/i386/initrd.gz --
LABEL 32cli-expert
MENU LABEL Ubuntu i386 Expert CLI
MENU INDENT 1
KERNEL ubuntu-installer/i386/linux
APPEND tasks=standard pkgsel/language-pack-patterns= pkgsel/install-language-support=false priority=low vga=normal initrd=ubuntu-installer/i386/initrd.gz --
LABEL 32rescue
MENU LABEL Ubuntu i386 Rescue
MENU INDENT 1
KERNEL ubuntu-installer/i386/linux
APPEND vga=normal initrd=ubuntu-installer/i386/initrd.gz rescue/enable=true --
MENU SEPARATOR
LABEL -64
MENU LABEL Ubuntu x68_64:
MENU DISABLE
LABEL 64install
MENU LABEL Ubuntu x86_64 Install
MENU INDENT 1
KERNEL ubuntu-installer/amd64/linux
APPEND vga=normal initrd=ubuntu-installer/amd64/initrd.gz --
LABEL 64cli
MENU LABEL Ubuntu x86_64 CLI
MENU INDENT 1
KERNEL ubuntu-installer/amd64/linux
APPEND tasks=standard pkgsel/language-pack-patterns= pkgsel/install-language-support=false vga=normal initrd=ubuntu-installer/amd64/initrd.gz --
LABEL 64expert
MENU LABEL Ubuntu x86_64 Expert
MENU INDENT 1
KERNEL ubuntu-installer/amd64/linux
APPEND priority=low vga=normal initrd=ubuntu-installer/amd64/initrd.gz --
LABEL 64cli-expert
MENU LABEL Ubuntu x86_64 Expert CLI
MENU INDENT 1
KERNEL ubuntu-installer/amd64/linux
APPEND tasks=standard pkgsel/language-pack-patterns= pkgsel/install-language-support=false priority=low vga=normal initrd=ubuntu-installer/amd64/initrd.gz --
LABEL 64rescue
MENU LABEL Ubuntu x86_64 Rescue
MENU INDENT 1
KERNEL ubuntu-installer/amd64/linux
APPEND vga=normal initrd=ubuntu-installer/amd64/initrd.gz rescue/enable=true --
I can now boot the local hdd (default, incase I don't want any of the network boot options), securely wipe drives, install windows (via unattended), or use any of the features from the ubuntu disks (both 64bit and 32bit).
I would like to add some other options at a later date such as BSD/Solaris Installers or knoppix network boot as the main use for this are for fixing PCs for people (hense windows and knoppix) and a side benefit of making installing OSs in VMs easier (VM network boots to the boot menu for me to install from)
If anyone wants to know more about the setup or has any questions, just use the comment form.
Updates!
Posted by Dataforce
So, it was brought to my attention that I havn't actually updated this in a while, so here you go, an update! (However dissapointing you might find it!)
Ok, so the most important update of recent is that I finally (after 4 years of being out of date) upgraded the OS on my server from Redhat 9 (EOL April 2004!) to the ubuntu server 8.04 ("Hardy Heron").
This also as a result of to a change in iptables between the ancient 2.4.30 Kernel and the current 2.6.24 prompted me to rewrite my IPTables firewall scripts (As the old one broke stuff, like my multiple IPs - which in turn managed to break logging into Authgate in a fun way!).
For anyone who is interested, they can be downloaded here.
Once downloaded, extract them to a directory (I use /root and thus they are currently configured as such) and edit the "nat" file to change the main settings.
You can then run it by using:
/bin/bash /root/nat
(Change to suit where you extracted to)
I have also included shape.php, which allows you to setup traffic shaping for People >:E
It needs configuring separately to the main script, and is called by nat-shape.sh (which is called by the main script).
Once you have configured shape.php you will need to edit nat-shape.sh to make it actually call it (remove the first echo, and remove the # from the start of the other 2 lines)
The next thing I've done recently is to tidy up the DMG generation script for DMDirc.
Now it manages to create compressed images on linux aswell as on OS X, and doesn't require stupidly ugly code or a patched version of Apples DiskDev tools!
And finally I'm now back home for the next 4 months rather than at uni, yay for no more stupid download cap! (Seriously, 20GB for a whole month kills me!)