Monday, 28 November 2011

Setting up KVM on Ubuntu 10.04 (Lucid Lynx)

After doing a KVM install on Debian Squeeze and trying to get a VM up and running, the hassle convinced me to go back to Ubuntu and their vm-builder package, which allow ones to create VMs relatively easy once the setup is complete. There is a vm-builder port for Debian, though that only works for building older versions of Ubuntu and I want to run the latest, Ubuntu 11.10 (Oneiric Ocelot).

Starting with a bare-metal Ubuntu 10.04 LTS (Lucid Lynx) 64-bit, below is the list of commands and instructions to install and set up the KVM. Details on these instructions can be read in the Ubuntu community documentation, KVM Installation and KVM Networking:

  • sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils

  • virsh -c qemu:///system list (To verify installation, should have no errors)

  • sudo apt-get install libcap2-bin

  • sudo setcap cap_net_admin=ei /usr/bin/qemu-system-x86_64

  • sudo vi /etc/network/interfaces
    • Original file:
      # The loopback network interface
      auto lo
      iface lo inet loopback

      # The primary network interface
      auto eth0
      iface eth0 inet static
      address 10.10.3.140
      broadcast 10.10.3.143
      netmask 255.255.255.248
      gateway 10.10.3.137

      # default route to access subnet
      up route add -net 10.10.3.136 netmask 255.255.255.248 gw 10.10.3.137 eth0

    • Modified file:
      # The loopback network interface
      auto lo
      iface lo inet loopback

      # device: eth0
      auto eth0
      iface eth0 inet manual

      # The primary network interface
      auto br0
      iface br0 inet static
      address 10.10.3.140
      broadcast 10.10.3.143
      netmask 255.255.255.248
      gateway 10.10.3.137
      bridge_ports eth0
      bridge_stp off
      bridge_fd 9
      bridge_hello 2
      bridge_maxage 12


      # default route to access subnet
      up route add -net 10.10.3.136 netmask 255.255.255.248 gw 10.10.3.137 eth0
      up route add -net 10.10.3.136 netmask 255.255.255.248 gw 10.10.3.137 br0

  • sudo /etc/init.d/networking restart

  • Running ifconfig lists the following interfaces br0, eth0, lo, virbr0

This completes the KVM installation and creation of a bridge for the VMs. Up next is replacement of the vm-builder. The one in the Ubuntu packages is faulty and also will not allow you to install Ubuntu 11.10 (Oneiric Ocelot). So I updated to the latest, downloading the source, building and installing it. The steps below can be found in this accepted answer:

  • sudo apt-get install bzr

  • sudo apt-get install epydoc (big install here, ~400mb)

  • bzr branch lp:ubuntu/vm-builder ubzr-vm-builder

  • cd ubzr-vm-builder

  • fakeroot debian/rules binary

  • sudo dpkg -i ../*vm-builder*.deb


With that, everything is installed and vm-builder is ready to run. The easiest way is to use a script so that vm creation can be set once and repeated as desired. The only changes required being hostname, ip and maybe memory. Obtain the Ubuntu 11.10 64-bit server iso and put it in the same place as the script. The directory I used is ~/vm/basekvm:

  • cd ~/vm/basekvm

  • sudo vi create_vm.sh
    • File:
      #!/bin/bash

      # Configure this before running the command
      HOSTNAME=myhostname
      MEMORY=2048
      IP=192.168.122.10
      # -- End of configuration

      vmbuilder kvm ubuntu \
      --destdir=/var/lib/libvirt/images/$HOSTNAME \
      --ip=$IP \
      --hostname=$HOSTNAME \
      --mem=$MEMORY \
      --suite=oneiric \
      --flavour=virtual \
      --arch=amd64 \
      --iso=/root/vm/basekvm/ubuntu-11.10-server-amd64.iso \
      --mirror=http://de.archive.ubuntu.com/ubuntu \
      --libvirt=qemu:///system \
      --domain=localdomain \
      --part=/root/vm/basekvm/vmbuilder.partition \
      --bridge=virbr0 \
      --gw=192.168.122.1 \
      --mask=255.255.255.0 \
      --user=myusername \
      --name=myname \
      --pass=mypassword \
      --tmpfs=- \
      --addpkg=vim-nox \
      --addpkg=acpid \
      --addpkg=unattended-upgrades \
      --addpkg=openssh-server \
      --firstboot=/root/vm/basekvm/fboot.sh \
      -o

  • sudo chmod 700 create_vm.sh

  • sudo vi fboot.sh (Optional)
    • File:
      # This script will run the first time the virtual machine boots
      # It is ran as root.

      # Expire the user account
      passwd -e administrator

      # Install openssh-server
      apt-get update
      apt-get install -qqy --force-yes openssh-server

  • sudo chmod 777 fboot.sh

  • sudo vi vmbuilder.partition
    • File:
      root 8000
      swap 4000
      ---
      /var 8000

  • cd ~/vm

  • ln -s /var/lib/libvirt/images/ images


The create_vm.sh is basically a template script. You can modify it to accept console input so that you don't need to go and edit the file values, that is left for another time. The symbolic link shows the directory where the VM disk images are located once created. Below is how you would use it to create a VM:

  • sudo cp basekvm/create_vm.sh create_vm_myvmname.sh

  • sudo vi create_vm_myvmname.sh. Edit the HOSTNAME, IP and MEMORY as desired

  • sudo ./create_vm_myvmname.sh

  • virsh start myvmname


And that's it! A VM has been successfully created and started up. Give it a few minutes and then you can log in through ssh using the information in the script. If the ssh is slow to connect, try this.

Friday, 25 November 2011

KVM host with gateway guest using port-forwarding

Using the 3 rules listed here and below, a KVM host can forward all http and ssh traffic to a specified gateway guest VM:

iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:80
iptables -t nat -I PREROUTING -p tcp --dport 22 -j DNAT --to-destination 10.0.0.2:22
iptables -I FORWARD -m state -d 10.0.0.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

To make it permanent, requires one to go through this page and use the following commands:

sudo sh -c "iptables-save -c > /etc/iptables.rules" (after applying the 3 commands above)
sudo vi /etc/network/if-pre-up.d/iptablesload

The /etc/network/if-pre-up.d/iptablesload file will have the following text:

#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0

The KVM host will now have VM creation as its sole focus. Ensure the host's ssh port have been changed to make it accessible from outside, otherwise it can be accessed from the gateway guest.

All redirection and VM access are transferred to the the gateway guest. The guest will need to install nginx so it can act as a http proxy for other VMs. All ssh access use the gateway guest as a stepping stone to the other VMs.

Following the 3 rules, it is found the traffic essentially loops back to the gateway guest. This makes it incapable of reaching the other VMs. Applying 1 more rule after the 3 above solves this. The rule accepts all packets from the VM ip range and does not do any forwarding:

iptables -t nat -I PREROUTING -p tcp --source 10.0.0.0/24 -j ACCEPT

Monday, 7 February 2011

A Certain Minimal QR Scanner iPhone app

A QR Code is similar to a barcode, except it contains more information and looks like a pixellated square Rorschach test.

There are a number of free QR readers in the appstore like NeoReader and RedLaser. I especially like the scanning GUI for RedLaser, which seems more streamlined than any of the apps I have tried.

A number of these apps use the open-source ZXing ("Zebra Crossing") scanner library. The library is in Java but has a number of ports which include iPhone.

To start things off, you need to download or checkout the source. Create a new "View-Based Application" project in Xcode. Inside the iphone folder of the source, follow the README on how to include the ZXingWidget project into yours.

Pay attention to the instructions, especially the direct dependency, header search path and the fact the file with the ZXing has to be a .mm instead of .m. If it does not build, you're probably missing something. You can look at the sample projects to see how they include the widget.

One last thing before moving on to the code, put the beep-beep.aiff file from the ScanTest project into your project. This is to get audio confirmation of a scan.

Inside the sole viewController of your project:

#import "ZXingWidgetController.h"
#import "QRCodeReader.h"
#import "ResultParser.h"
#import "URLResultParser.h"
#import "ResultAction.h"

- (void)viewDidLoad {
[super viewDidLoad];
[ResultParser registerResultParserClass:[URLResultParser class]];
}

- (void)viewDidAppear:(BOOL)animated {
[super viewDidAppear:animated];
ZXingWidgetController *widController =
[[ZXingWidgetController alloc] initWithDelegate:self showCancel:NO OneDMode:NO];
QRCodeReader *qrcodeReader = [[QRCodeReader alloc] init];
NSSet *readers = [[NSSet alloc] initWithObjects:qrcodeReader,nil];
[qrcodeReader release];
widController.readers = readers;
[readers release];
NSBundle *mainBundle = [NSBundle mainBundle];
widController.soundToPlay =
[NSURL fileURLWithPath:[mainBundle pathForResource:@"beep-beep" ofType:@"aiff"] isDirectory:NO];
[self presentModalViewController:widController animated:YES];
[widController release];
}

#pragma mark -
#pragma mark ZXingDelegateMethods
- (void)zxingController:(ZXingWidgetController*)controller didScanResult:(NSString *)resultString {
[self dismissModalViewControllerAnimated:YES];
ParsedResult *parsedResult = [[ResultParser parsedResultForString:resultString] retain];
NSArray *actions = [[parsedResult actions] retain];

if ([actions count] == 1) {
ResultAction *theAction = [actions objectAtIndex:0];
[theAction performActionWithController:self shouldConfirm:YES];
} else {
UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"Text Found:"
message:resultString
delegate:nil
cancelButtonTitle:@"OK"
otherButtonTitles:nil];
[alertView show];
[alertView release];
}
}

The code in viewWillAppear is lifted off from the sample projects. This sets up the scanning video camera with the appropriate reader. If a scan is successful, the delegate method didScanResult will execute. The result is parsed to see if it is a URL. You set which parser to use in viewDidLoad. A parsed result can have default actions associated with it, the URLResultParser opens up the url in Safari as default. Otherwise the result is treated as text and displayed.

This app can now scan QR codes and open up URLs in Safari. There are a number of other things you can add to this, eg you can switch out the ResultParser with a UniversalResultParser that includes all the parser classes. You should take a look in the Classes folder of the ZXingWidget project to see what is available.