Monday, May 14, 2012

Oracle Virtual Machine (OVM) LAB on VirtualBox

Oracle Virtual Machine (OVM) 3.1.1. was released on the 8th May 2012 and finally it's supported on VirtualBox.  This is great news for anyone who wants to give installing an OVM Lab a go.

I gave it a go.

I created 3 VirtualBox guests:
  1. Openfiler for iSCSI with a 40GB virtual disk for chopping up into LUNs and iSCSI.
  2. Oracle Linux 6.0 on which I installed OVM 3.1.1. in Demo mode.  This guest has 4GB of RAM assigned to it and a 25GB HD.  Probably a bit big, but OVM is a large application with an Oracle XE database and Oracle Weblogic services installed, I thought better safe than sorry.
  3. Oracle Virtual Server 3.1.1.  This guest had just a 4GB HD and 1536MB of RAM which I figured would be just enough to get 1 virtual machine up and running on it.
My VirtualBox is configured with a couple of host only networks:

vboxnet0 => 192.168.56.0/24 => Management network.  I also have dnsmasq configured on this network to serve IP addresses via DHCP to clients on this network.  Dnsmasq is installed on my laptop for this specific purpose.  See previous blog post...
vboxnet1 => 192.168.57.0/24 => Used for the storage network.
vboxnet2 => 192.168.58.0/24 => Production network for virtual machines.

So I set up openfiler to offer 2x8GB LUNS, 1x2GB LUN for the cluster storage network on my server pool and 10GB NFS Share for the repository.

The installation of OVS and OVM on Oracle Linux all went by without a hitch.  I made sure that each VirtualBox guest set their own hostnames against dnsmasq using the DHCP_HOSTNAME parameter on /etc/sysconfig/network.  This meant that all guests resolve nicely on DNS which is a prerequisite for a successful OVM LAB.

The new OVM3.1.1. GUI is actually quite nice.  It's more polished and intuitive than 3.0.3. and more of the Right Mouse Button menus are enabled.

I also made sure that SELINUX and IPTABLES was disabled in both OVS and the OVM guests.

Server discovery went fine.  No problems at all.  Just enter the agent password and hostname of the OVS server.

Storage discovery was a little tricky.  The NFS Share (Filesystem share) was no problem.  OVM was able to find and mount it wouthout any difficulty.  The only trouble I had there was making sure that Openfiler was configured correctly.  But that's not relevant to the OVM LAB really.

The iSCSI discovery had me stumped for quite some time.  I could discover the iSCSI target presented by Openfiler without issue but could not get OVM to show me any LUNS. (Physical Disks)  After much trial and error I finally figured out that my OVS server did not have the multipathd service running.  Once I enabled and started multipathd (no change to default configuration), I was able to refresh the iSCSI storage in OVM and the physical disks were presented.  To recap: First perform iSCSI storage discovery using the OVS guest as the Storage Manager.  Then start multipathd on the OVS guest, then refresh the iSCSI storage on OVM and your LUNs will appear.

I was able to create a server pool, assign the repository, assign the 2GB iSCSI LUN to the pool for it's cluster configuration data and actually configure a virtual machine.  I configured an Ubuntu VM with just 512MB of ram and one iSCSI LUN.

Finally after so much success, my LAB failed me at the most crucial stage.  Starting the virtual machine. - It would not start.  It turns out that VirtualBox does not present hardware acceleration to it's guests.  So my OVS guest was running without any hardware acceleration in the virtual CPU.  OVM was not able to start the VM.  What a shame but there  you go.

The good news is that many of the minor irritations in OVM3.0.3 seem to be cleared up and folks are able to now use VirtualBox for their LABs but they can't start OVM Virtual Machines if their OVS is actually a VirtualBox guest.

Next step... Commandeer an old server somewhere, install OVS, bind it to the right LAN and carry on.

Wednesday, May 9, 2012

Create a NAT for VirtualBox Host Only Network

VirtualBox does a fairly good job with the built in NAT feature on the virtual network device. But there are some drawbacks:
  1.  You can't easily monitor the network on the built in NAT.  So if your VM is misbehaving, you couldn't use tcpdump to troubleshoot.
  2. The built in NAT reaches directly to the Internet in a transparent manner.  If you wanted to control access to the Internet you would have to switch to a bridge device or go with host-only.
  3. Most importantly for me, it does not support GRE packets very well.  This means that if you want to access a Microsoft PPTP VPN from your VM, it won't work with the VirtualBox built in NAT. (Well it didn't for me anyway)
EDIT: An updated script for the firewall component is described in a new post found here: http://david-latham.blogspot.co.nz/2013/03/firewall-script-for-opensuse-and-others.html

So with some simple tweaks to your host, you can NAT the VirtualBox host only network and enjoy some extra features.

In VirtualBox create a default host-only network.  This is done in File -> Preferences -> Network.  Click the green icon with a PLUS sign in it.  A new network is created called vboxnet0.  Then click the little screwdriver icon to edit the vboxnet0 settings.  Select the DHCP Server tab and make sure "Enable Server" is unticked.  It will be ticked by default.

Make sure that the DHCP server is not enabled.  This is important because you will configure DHCP with dnsmasq on the next step.

Then install dnsmasq.  You need this for DNS.  I like that with dnsmasq, and dhcp client id's specified on the VM's, I can do things like "ssh vm_hostname" from the host pc.

sudo apt-get install dnsmasq

Accept the defaults.

dnsmasq uses a config.d approach for configuration so create a file called: /etc/dnsmasq.d/virtualbox as follows:

# cat /etc/dnsmasq.d/virtualbox
interface=vboxnet0
dhcp-range=192.168.56.2,192.168.56.150


Restart dnsmasq:

sudo /etc/init.d/dnsmasq restart

Now configure IPTABLES.  I took a lazy approach and added these commands to /etc/rc.local
I have not bothered to learn how to do this with ubunut's default UFW becasue I don't much like UFW and so don't use it.

sudo ufw disable (if you're interested ...)

Add the following lines to /etc/rc.local (before the last line which is "exit 0")
# Flush IPTABLES
iptables -F
iptables -t nat -F
# Loopack
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Allow all from virtualbox
iptables -A INPUT -s 192.168.56.0/24 -j ACCEPT

# Accept SSH  If you have openssh installed that is.
iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

# Accept DNS
#iptables -A INPUT -p tcp --dport 53 -j ACCEPT
#iptables -A INPUT -p udp --dport 53 -j ACCEPT

# Accept DHCP
#iptables -A INPUT -p tcp --dport 67 -j ACCEPT
#iptables -A INPUT -p udp --dport 67 -j ACCEPT

# Masquerade virtualbox network
iptables -t nat -A POSTROUTING -s 192.168.56.0/24 -j MASQUERADE

#turn on ip forwarding.  Can be done in /etc/syctl.conf - As I said - lazy.
sysctl -w net.ipv4.ip_forward=1

Then reboot your computer.

sudo reboot

Now change the nic on your VirtualBox vm to a Host Only network and start the VM.  If you did everything right, your VM will start, obtain a lease from dnsmasq and have access to the internet.

The firewall rules above allow everything from VirtualBox to go out on the internet.  If you wanted to lock things down a bit, you could add more rules to do so and remove the line that accepts everything from the 192.168.56.0/24 subnet.

Oh and your Microsoft PPTP VPN will work now.  Even if you use wireless...

Have fun!