Tag Archives: Xen

Linode hosting

Posted by on 7/5/2010 1 comment

Did a bit of digging a few weeks ago and came across Linode VPS. With better prices than Slicehost, data centers both here in the US as well as the UK and excellent reviews I ended up giving it a spin and eventually moving wholesale. Performance is much better with the new hosting, was able to set up a fully customized OS install (SELinux, encrypted fs) and then duplicate that image over from my primary ATL vm to my secondary in the UK. Yea, I’ve now got a fully distributed setup complete with a hot spare on a different continent (better than most ecommerce sites on the web today) for less than the price of my single Slice.

With a really nice management console and solid (so far) service, this is pretty much the best option I’ve seen in the VPS hosting space. I’d highly recommend it for anyone with a more technical background looking for a full-featured Xen host.

Xen and vlans

Posted by on 7/7/2008 3 comments

During a big lab move at work a few months ago, we decided that our utility virt server needed VLAN support. The dhcp vm needed interfaces on three different networks and it seemed rather silly to add extra physical interface for the minimal traffic generated.

The first issue we encountered was the rather interesting bridging script installed by default. It does wonders for being able to bridge the primary interface and can be used to bridge multiple interface, but it fails entirely for VLAN interfaces. Best bet is just to disable any network scripts in /etc/xen/xend-config.sxp and let the os handle it. We’re using RHEL5, so we created the VLAN interface along with the bridge using the normal configs in /etc/sysconfig/network-scripts. Our naming scheme for the devices was ${DEVICE_TYPE}{$VLAN_NUMBER}.conf.

Example vlan123.conf:

DEVICE=vlan123
VLAN=yes
VLAN_NAME_TYPE=VLAN_PLUS_VID_NO_PAD
PHYSDEV=eth1
BOOTPROTO=static
ONBOOT=yes
BRIDGE=xenbr123

As you can see, eth1 is the physical interface connected to the switch port tagged with the vlans. We added the ‘VLAN_PLUS_VID_NO_PAD’ param to use the vlan${NUMBER} scheme. We aren’t bringing the interface up with an ip as it’s gonna be part of a bridge.

xenbr123.conf:

DEVICE=xenbr123
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes

This brings up our bridge without an ip address. The dom0 doesn’t need an ip on this VLAN, so no point in enabling it. To use the bridge in your domu’s, just specify the interface in the config file (or at creation time).

Example domu def file with multiple interfaces:

name = "example"
uuid = "62e4f71f-a46c-25f7-e947-f161aaad6f00"
maxmem = 512
memory = 512
vcpus = 1
bootloader = "/usr/bin/pygrub"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
vfb = [ ]
disk = [ "phy:/dev/vm/example,xvda,w" ]
vif = [ "mac=00:16:3e:4b:a5:46,bridge=xenbr123", "mac=00:16:3e:4b:a5:4a,bridge=xenbr456", mac=00:16:3e:4b:a5:47,bridge=xenbr789"]

The above was pretty straightforward, but after putting it in place we ran into a very odd issue. The vm’s couldn’t actually communicate via the vlan’d interfaces. After a bit of tcpdumping we discovered the default firewall was allowing outbound traffic on the bridge, but incoming was getting rejected. Easy fix was to add the following lines to /etc/sysconfig/iptables:


-A RH-Firewall-1-INPUT -i xenbr+ -j ACCEPT
-A RH-Firewall-1-INPUT -o xenbr+ -j ACCEPT

Note that this allows all traffic to pass on all xenbr devices. Since the dom0 doesn’t have an ip bound it’s not an issue in our configuration since the only traffic on the bridges are for the domu’s. If you do use the devices in your dom0, you’ll need to adjust the firewall accordingly or you’ll end up with a gaping hole in your security scheme.

virt-install

Posted by on 4/7/2007 3 comments

My favorite RHEL5 feature by far is the new ‘virt-install’ utility. Being able to do a VM install by running:

virt-install -p --location=nfs:SOMESERVER:/PATH/TO/INSTALL/TREE --noautoconsole --file=/dev/LVM/VOLUME --name=FOO --ram=512 --vnc -x "ks=http://KSSERVER/KICKSTART.ks ip=IP netmask=NETMASK dns=DNS gateway=GW"

absolutely rocks.

RHEL5 XEN nat’ing

Posted by on 3/23/2007 No comments

Been playing with the new virt layer in RHEL5 and having a blast. I did have to make some changes to get NAT to work with guest domains. Nothing huge, just created a dummy network device and bridged to that instead of the normal eth0 as such -

/etc/sysconfig/network-scripts/ifcfg-dummy0:
# Dummy interface for Xen
DEVICE=dummy0
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes
TYPE=Ethernet
NETMASK=255.255.255.0
IPADDR=x.x.x.x
ARP=yes

/etc/xen/xend-config.sxp – changed (network-script network-bridge) to (network-script 'network-bridge netdev=dummy0')

I then enabled NAT for the interfaces -

/etc/sysctl.conf – changed net.ipv4.ip_forward = 1 to net.ipv4.ip_forward = 1 and ran sysctl -p to make the change live

Last step was doing the needful iptables setup. Running iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE will setup the basics, you may also have to add a rule to allow the traffic on the dummy interface iptables -I INPUT -i dummy+ -j ACCEPT. The ‘-I’ is important with the default RHEL firewall as it is evaluated before the other rules.

New host

Posted by on 6/21/2006 No comments

Finally got setup on a proper hosting service I think I’ll be able to live with for a while. My requirements never seemed all that exotic, but I couldn’t ever find anything I felt all that comfortable with. Until now.

Thanks to Xen, I now have a fully functional VPS running Dapper. I decided to try out VPSLand because they are cheap, and folks seemed to be pretty happy with em.

So far I’m quite happy with the level of service. My one support request was taken care of promptly and correctly. My server was setup just as advertised, but I am gonna move up from my current 96 MB plan to 192 MB. I figured it wasn’t gonna be enough, but I didn’t wanna commit any more cash than I had to just to try it out…

[tags]Ubuntu,Dapper,VPS,VPSLand,Hosting,Xen[/tags]

Switch to our mobile site