I have been using Linux for the past 3 or so years, either running it for workstations or servers, and now I want to set up a server for Virtualization. I have been doing a fair bit of research about the different ways of doing this, and I have decided to go with KVM. I usually use CentOS, but will have to use Debian to use KVM. I just have a few questions about the best way of setting it up.
We have a pretty powerful server* which we are planning on collocating to a data centre and running web servers from the VMs. Virtualization seems like the best way to allow for simpler administration, and also allow us get the most out of our server's resources.
*Intel Xeon X3230 Quad Core, 8GB Ram, 4x 15k 147gb SAS (RAID 6)
What is the best way to set this up then? I was thinking we could install Debian as the Host/Hypervisor over the whole drive, and give it a 16GB swap partition. Then I guess when the VMs are installed they live on the Debian drive as a file, or do they need their own partitions?
Are the guest OS's capable of using the Host's swap space? Its bad enough losing 16GB as a swap partition to the host OS, but please don't tell me I need to supply the VMs with their own swap partition aswell - im curious as to if the server will ever need to use swap space as it has alot of ram, let alone require extra swap for each VM too?
KVM is still very new, but does anyone know any good books/resources out there? The virtualization books I have seen don't seem to cover KVM, just Xen and others.
how to install Ubuntu (either 7.10 or 8.04) as a XEN domU guest on a CentOS 5 / Fedora Core 8 XEN dom0 server?
I have tried installing Ubuntu as a fully virtualized guest, but the Ubuntu CD doesn't even bootup. I get the Linux bootloader, and that's it,it doesn't continue to boot. Odd.
When trying to install a Paravirtualized guest, I had to use the debootstrap method, but can't get it to boot up.
Quote:
xm create anya_zanet Using config file "/etc/xen/anya_zanet". Error: (2, 'Invalid kernel', 'xc_dom_find_loader: no loader found ')
For those keeping up with the lastest virtualization news, Red Hat's hypervisor is now "Generally Available" as of today. Based on KVM, it may be a good alternative to VMWare if you need commercial support in your virtualization implementation.
Redhat Link
The code is GPL so I'm guessing we might see this soon in a Centos flavor?
I have this vps,which is pending cancellation in a few days. Hardware Node = EL 5 x86_64, Vz = Xen
I asked my provider for 32 bit centos, I even rebuilt it, but my "uname --all" still
Quote:
Linux xxx.xxx.com 2.6.18-128.1.10.el5xen #1 SMP Thu May 7 11:07:18 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
so I opened a ticket asking about the vps arch. The provider have told me that to run a vps 32 bit guest, what you have to do is (?)
+++++++++++++++++++++++++ yum clean all echo i686-redhat-linux > /etc/rpm/platform +++++++++++++++++++++++++
so yum will exclude any x86_64 packages. The provider has told me also that my "uname" display x86_64 because the hardware node is 64 bit. Is this true ?
I'm no linux or vps guru, but that's doesnt feel right at all. This has cause me some issues especially with kernel-headers and some program failed to compile.
So, is it possible to run a 32 bit OS as xen guest inside 64 bit node?
I was surprised when hypervm brought in a 64bit guest os. Maybe it's me..but...is this a good idea? Maybe it works fine.. it just does not *seem* like it would.
I have a CENTOS 64bit running, with 1 guest OS (WinXP) in a VMWare Server. I have tried the following: I have 6 public IP's attached to my 1 Ethernet card in the CENTOS host.
Try 1:
The Guest OS is set to use "Bridged" Networking. This allows full use of the internet, in both directions. Not exactly optimal, but it does work. I can reach the Guest via RD, which is a requirement for this client. The guest OS is mainly assigned one of the 6 public IP's (x.x.x.118). The problem with this setup is the Guest OS can not reach the host. For example the host has a mail server on it, and when the Guest tries to reach the host, it times out.
Try 2:
The Guest OS is set up to use "NAT" and gets 192.168.100.128 as its IP via DHCP inside of VMWare. The nat config file for VMWare is set to open port 3389 (RD port). Guest OS can reach the host with out any problem, and can reach the internet with out any problem, however I can not RD in to the Guest OS.
I prefer setup number 2 for all the obvious reasons, but I just can not get my IPTables rules to work. This is what I thought should work, but does not:
iptables -t nat -I PREROUTING -d x.x.x.118 -j DNAT --to-destination=192.168.100.128 iptables -t nat -I POSTROUTING -s 192.168.100.128 -j SNAT --to-source=x.x.x.118 I realize that would have done all traffic, and defeated the benefits of NAT,but since forwarding only 3389 was not working I tried forwarding everything.
After a yum update on a centos 5.2 box (including an update to the latest version of xen) my guests don't have a network connection anymore (nor windows, nor linux VMs). The windows VM does see an unknown PCI device (great, no drivers and no internet), of which I guess is the network card seeing there are no other network cards listed in the VM.
I've just downloaded Microsoft Virtual PC and the Internet Explorer 6 Application Compatibility VPC Image containing an XP installation for testing sites with IE6 [url].
Everything works fine, I chose VPC Shared Networking (NAT) and I can access the internet from the VPC as well as my Apache development server which runs on the host OS (Win XP) by going to the host's IP address which is [url] in my case. And here I have 2 problems:
1. I want to access [url]on VPC just by typing [url]. I added the following line to the hosts file:
192.168.52.141 localhost
But this doesn't work. Interestingly, any name other than localhost works fine, for example:
192.168.52.141 localhost.localhost or 192.168.52.141 local
This is not a major problem but I'd prefer localhost. Any ideas how to do that?
2. And the more important issue: on my host OS I have some development sites which I have set up to be accessed by subdomains, for example [url], in httpd.conf:
Code: <VirtualHost 127.0.0.3> ServerName perfekt.localhost DocumentRoot C:wwwperfekt DirectoryIndex index.php index.html </VirtualHost> and in hosts file:
Code: 127.0.0.3 perfekt perfekt.localhost And now I want to access this site from my VPC too by using subdomains like this! How can I do that? The address 127.0.0.3 seems to be local to the OS and VPC can't see it. I have tried setting other IP addesses in httpd.conf but nothing outside the 127.x.x.x range works on either OS. I suppose I need to make each of my sites to be seen under a different IP from the outside network so that VPC (which is "outside" the host OS) can access them - then I just set up the appropriate subdomain names in VPC hosts file -
How do I run a virtual instance of Windows server 2008 on my Linux dedi? Do I need to partition the server and create a VPS for this or can I run it on something like VMware? (Please look at my other thread here [url]t=857377 to learn more about my server, its resources and current config.)
Why would I want to do this? Because my primary desktop OS is still Vista Ultimate 64 and I've invested a lot in Windows-based software and hardware--too much to make a total switch to Linux. But, I don't want to invest more than I have to in order to run a Windows server that allows my business partner to access documents remotely or for us to share various files securely and privately and still serve my mostly Windows-based clients and colleagues. I'm one of, well, two people I know who even use Linux (at least at the OS level and know it).
Since my research shows I **can** do this on Centos 5, the responses that would be most useful to me would be those that focus on how I can do this successfully (even if it seems complicate; I can figure it out with help and/or direction) and what to consider or avoid when creating this virtual guest OS on my Linux dedi.
As my clients' needs expand, they're asking for chroot ssh/sftp setup. I'm currently on a dedicated Linux setup but don't really have the time to set up a whole new box with full virtualization or investigate a full chroot solution (baby on the way), and to be honest it would be less hassle to move to a new provider than worry about down time with sites.
What I'm looking for:
- linux hosting - hosting for 30+ accounts, some with several domains - at least 6 IP addresses for SSL certs - each account in a full chroot environment (ssh/sftp/ftp) so they can't poke around each others' files, or each account set up in a virtual machine setup (ie: openvz) - maildir - spamassassin - php 5, mysql, perl 5.8.8 - suexec apache would be nice
I have learnt it is harder to setup than I initially expected (since I have just moved from a shared hosting service). I am in need of some help setting up my DNS servers, as I am very confused. Here is most of the info I know:
1) I am running HyperVM
2) I've installed LXAdmin
3) I own the domain (purchased from xeodomains.com) runemart.com
4) My VPS hostname is: vps.runemart.com
5) I know my IP
6) My host has said:
'For VPS customers that have a HyperVM login you can now host forward DNS on the DNS servers rdns1.vaserv.com (US)rdns2.vaserv.com (UK'
And I am unsure what this means/how to do it.
I am not sure if I need some more information to set up my DNS, however I am sure that I can get it if I do.
Now, my questions begin. Firstly, I need to point my domain - runemart.com - somewhere. I believe I need to set up my DNS via HyperVM or LXAdmin so that they are something like: ns1.runemart.com and ns2.runemart.com. Though, is this correct? Am I able to set up my own actual domain name servers, or will my domain have to point at something like rdns2.vaserv.com?
If anyone can assist me in this I would be very greatful, as I am waiting to get my website running. This is all I will ask for now, I will take it one step at a time =).
I am currently researching and evaluating Network Attached Storage systems and was wondering whether anyone out there has had previous experiences (good or bad) with any particular setup?
I am particularly curious to know:
1- what kind of a performance hit I can expect when data is stored on a NAS and accessed via ethernet over iSCSI as opposed to regular SATA or SCSI.
2- what pre-built NAS system would you recommend for a system that requires about 8 TB of disk space for file data and needs to have 100% uptime? I've been looking at: [url]
However I don't know what sort of limitations this hardware offers as far as simultaneous disk reads/writes go.
I need to setup a vpn for a customer so they can access a development server. I'm running a Tomcat server and an Oracle database that they would need access to, both port 80(or 8080) and port 1521. This needs to be secured as there is customer data that needs to be protected.
This server will be part of our existing servers we rent from Pacificrack. I really would appreciate any suggestions as the best way to do this, short of buying my own cisco or checkpoint firewall with vpn.
I am currently using windows server 2008 standard to host my website. I set my website up with IIS and when i type in localhost i can see it. But, if i type i my ip adress I see my router's config page. I use dyn dns updater which takes my ip adress and uses that to update my website. But, when I go to my website I see my routers config page, not my website.
Hello I have my own web server. Due to some sites being blocked in where I currently reside (no not porn, just websites like flickr, orkut..etc). I have seen some programs that you can download for free and they connect through a VPN but dramatically slow down your connection and filled with ads. It did work. However I want my own setup and VPN
We are currently setting up a VPS server, which will be used for a specific client portfolio that we are aquiring from another company. This is a Linux based server with WHM/Cpanel.
However, we wish to set up DNS in the best possible way, since we need to host DNS for some vital ISP services also. I gather this probably means using a combination of DNS on the VPS server itself, as well as one or more other DNS servers in other physical locations. The VPS server itself is located in Amsterdam, while most clients are here in Norway - thus ensuring reliability for local clients is the most important consideration.
Now some key questions:
- How important is the physical location of the DNS servers, and where should these ideally be located?
- Is a cluster solution the way to go - and is this supported by WHM/Cpanel?
- We have Linux and Windows based servers on our local network; could these be used for DNS also? If so, tips on software needed?
i am currently experimenting DNS with my 2 ips (each with separate servers spread over 2 geographic locations) and my zone file maps these IPs to ns1.domain.com and ns2.domain.com.
Both of my servers run DNS and with zone entry for my domain name. But when i stop the dns server on first IP (ns1) the second dns server (ip2) not working or resolving. Both are master servers.
My question is if first server DNS fails, the second DNS should resolve? why it is not working. i guess that is reason why domain registrars ask for 2 name servers. if one fails other works as backup??
how do i setup these? should i setup a slave or something?
cpanel / whm shared and reseller accounts (300+ domains) secure only ports for cpanel/whm/webmail
Problem:
Seems like too often people get blocked out of firewall for ftp, webmail, pop3 or webmail. I'm not sure what to do without sacrificing good security measures.
Below is my configuration for CSF (chirpy's firewall)
Code: ############################################################################### # Copyright 2006, Way to the Web Limited # URL: http://www.waytotheweb.com # Email: sales@waytotheweb.com ###############################################################################
# Testing flag - enables a CRON job that clears iptables incase of # configuration problems when you start csf. This should be enabled until you # are sure that the firewall works - i.e. incase you get locked out of your # server! Then do remember to set it to 0 and restart csf when you're sure # everything is OK. Stopping csf will remove the line from /etc/crontab TESTING = "0"
# The interval for the crontab in minutes. Since this uses the system clock the # CRON job will run at the interval past the hour and not from when you issue # the start command. Therefore an interval of 5 minutes means the firewall # will be cleared in 0-5 minutes from the firewall start TESTING_INTERVAL = "5"
# Enabling auto updates creates a cron job called /etc/cron.d/csf_update which # runs once per day to see if there is an update to csf+lfd and upgrades if # available and restarts csf and lfd. Updates do not overwrite configuration # files or email templates. An email will be sent to the root account if an # update is performed AUTO_UPDATES = "0"
# Ethernet device setting is taken from the shared IP address in # /etc/wwwacct.conf but can be overridden here (e.g. "eth0") # # If you have multiple ethernet NICs that you want to apply all rules to, then # you can set the following to the interface name immediately followed by a # plus sign. For example, eth+ will apply all rules to eth0, eth1, etc ETH_DEVICE = ""
# Unfiltered ethernet devices in a comma separated list (e.g "eth1,eth2") ETH_DEVICE_SKIP = ""
# Lists of ports in the following comma separated lists can be added using a # colon (e.g. 30000:35000).
# Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "20,21,53,113,123,873,953,6277"
# Allow incoming PING ICMP_IN = "1"
# Allow outgoing PING ICMP_OUT = "1"
# Block outgoing SMTP except for root, exim and mailman (forces scripts/users # to use the exim/sendmail binary instead of sockets access). This replaces the # protection as WHM > Tweak Settings > SMTP Tweaks. This will block hosting # clients from using your server as an SMTP relay SMTP_BLOCK = "0"
# If SMTP_BLOCK is enabled but you want to allow local connections to port 25 # on the server (e.g. for web scripts) then enable this option too SMTP_ALLOWLOCAL = "0"
# If this is a MONOLITHIC kernel (i.e. it has no LKM support, e.g. a VPS) then # set this to 1. Because of the nature of monolithic kernels, it's not easy to # determine which modules have been built-in, so some functionality may not be # available and this firewall script may not work. # # One example is if the ip_conntrack and ip_conntrack_ftp iptables kernel # modules are not available. If this happens, FTP passive mode (PASV) won't # work. In such circumstances you will have to open a hole in your firewall and # configure the FTP daemon to use that same hole. For example, with pure-ftpd # you could add the port range 30000:35000 to TCP_IN and add the following line # to /etc/pure-ftpd.conf (without the leading #): # PassivePortRange30000 35000 # Then restart pure-ftpd and csf and passive FTP should then work MONOLITHIC_KERNEL = "0"
# Enable logging of dropped connections to blocked ports to syslog, usually # /var/log/messages DROP_LOGGING = "1"
# Enable logging of dropped connections to blocked IP addresses in csf.deny or # by lfd with temporary connection tracking blocks DROP_IP_LOGGING = "0"
# Only log reserved port dropped connections (0:1023). Useful since you're not # usually bothered about ephemeral port drops DROP_ONLYRES = "0"
# Commonly blocked ports that you do not want logging as they tend to just fill # up the log file. These ports are specifically blocked (applied to TCP and UDP # protocols) for incoming connections DROP_NOLOG = "67,68,111,113,135:139,445,513,520,1026,1027,1234,1433,1434,1524,3127"
# Enable packet filtering for unwanted or illegal packets PACKET_FILTER = "1"
# Log packets dropped by the packet filtering option PACKET_FILTER. This will # show packet drops that iptables has deemed INVALID (i.e. there is no # established TCP connection in the state table), or if the TCP flags in the # packet are out of sequence in the protocol exchange. # # If you see packets being dropped that you would rather allow then disable the # PACKET_FILTER option above by setting it to "0" DROP_PF_LOGGING = "0"
# Enable verbose output of iptables commands VERBOSE = "1"
# If you wish to allow access from dynamic DNS records (for example if your IP # address changes whenever you connect to the internet but you have a dedicated # dynamic DNS record from the likes of dyndns.org) then you can list the FQDN # records in csf.dyndns and then set the following to the number of seconds to # poll for a change in the IP address. If the IP address has changed iptables # will be updated. # # A setting of 600 would check for IP updates every 10 minutes. Set the value # to 0 to disable the feature DYNDNS = "0"
# If you wish to allow access from all IP's that have authenticated using POP # before SMTP (i.e. are valid clients) then you can whitelist them using this # option which checks for IP addresses in /etc/relayhosts which last for 30 # minutes in that file after a successful POP authentication # # A setting of 60 would update IP's every 1 minute. Set the value # to 0 to disable the feature RELAYHOSTS = "0"
# Enable this option if you want to allow incoming connections from reserved # ports. Normally, only DNS connections have the same SRC and DST port (53) # and any other connections should have a SRC port > 1023. On *nix systems this # rule is generally adhered to and reserved ports are not allocated as SRC # ports. However, other notable OS's appear to ignore this and allocate them at # will. This means it's possible that users may come in on reserved ports, so # enable this option if you want to allow them to, or disable it if you want to # be strict ALLOW_RES_PORTS = "1"
# Limit the number of IP's kept in the /etc/csf/csf.deny file. This can be # important as a large number of IP addresses create a large number of iptables # rules (4 times the number of IP's) which can cause problems on some systems # where either the the number of iptables entries has been limited (esp VPS's) # or where resources are limited. This can result in slow network performance, # or, in the case of iptables entry limits, can prevent your server from # booting as not all the required iptables chain settings will be correctly # configured. The value set here is the maximum number of IPs/CIDRs allowed # if the limit is reached, the entries will be rotated so that the oldest # entries (i.e. the ones at the top) will be removed and the latest is added. # The limit is only checked when using csf -d (which is what lfd also uses) # Set to 0 to disable limiting DENY_IP_LIMIT = "100"
initial WHM DNS setup i tryed at first with whm but it seems like it messes the nameservers IPs so i just put some entries manually I got all name servers IPs and shared IP setup right but i may be have some problems with DNS zones here is my named config
--------------------------------------------------------------------------- view "internal" { /* This view will contain zones you want to serve only to "internal" clients that connect via your directly attached LAN interfaces - "localnets" . */ match-clients { localnets; }; match-destinations { localnets; }; recursion yes;
zone "." IN { type hint; file "/var/named/named.ca"; };
// include "/var/named/named.rfc1912.zones"; // you should not serve your rfc1912 names to non-localhost clients.
// These are your "authoritative" internal zones, and would probably // also be included in the "localhost_resolver" view above :
zone "ns1.xxx.com" { type master; file "/var/named/ns1.xxx.com.db"; };
zone "ns2.xxx.com" { type master; file "/var/named/ns2.xxx.com.db"; };
zone "main.xxx.com" { type master; file "/var/named/main.xxx.com.db"; };
zone "xxx.com" { type master; file "/var/named/xxx.com.db"; }; };
view "external" { /* This view will contain zones you want to serve only to "external" clients * that have addresses that are not on your directly attached LAN interface subnets: */ match-clients { !localnets; !localhost; }; match-destinations { !localnets; !localhost; };
recursion no; // you'd probably want to deny recursion to external clients, so you don't // end up providing free DNS service to all takers
// all views must contain the root hints zone: zone "." IN { type hint; file "/var/named/named.ca"; };
// These are your "authoritative" external zones, and would probably // contain entries for just your web and mail servers:
// BEGIN external zone entries
zone "main.xxx.com" { type master; file "/var/named/main.xxx.com.db"; };
zone "xxx.com" { type master; file "/var/named/xxx.com.db"; }; };
-------------------------------------------------------------------------- main.xxx.com is my hostname I still can't ping main.xxx.com or xxx.com but my name servers are ok what exactly the problem?
i 've tried to setup dns server. i configured dns as well. but it's not reachable by the domain. would you help me to setup this dns settings correctly. will my nameservers would be NS1.mydomain.net and ns2.mydomain.net if i set it up in windows server 2003? i can't login through ftp programs. even when i type my login details. how to change the permission on the server.
Does anyone know of a tutorial that can teach me to setup a dns on my windows server for apache so instead of using an ip address i can use a domain and it would go to my website.
I am trying to run my first PHP 5 application that I bought from SitePoint called "Using Ajax with your web applications" but am having lots of problems trying to configure it to run on Windows XP and IIS.
I have installed Apache2.2 and PHP php-5.2.3-win32-installer.msi
I have made some changes and the last error message I got yesterday was this:
No input file specified.
I have tried to set the doc_root path in the .ini file to C:inetpub/wwwroot/finance/www and also delete it as I saw in some forums but to no avail.
I have set my IIS alias to the "www" folder since it contains the index.php file. It also contains another file I do not know what it is used for (.htaccess) and I left it alone.
[url]
Today, when I tried to open the file again in IE,
[url]
I got the following error:
Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, claudiop@kmrsoftware.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
I would appreciate very much if someone could help me to sort this problem out. What do I have to do to get the server back and running and get it to work with this PHP application?
I am having some trouble correctly setting up IIS 7 on Vista Business.
I have used the standard resources and web casts from Microsoft to get IIS set up to run asp/asp.net applications. When I run them from the localhost they run perfectly and everything seems to be fine. What I am having trouble with is editing and updating websites based in the inetpub>wwwroot folder.
I keep getting security messages and am unable to save edited file directly from studio.
Is there a plain English (yes I am new to server management) tutorial to getting IIS 7 to work fully so that I can develop ASP.NET applications at home.
There are a lot of tense people here lately..and I'll withhold the name the guilty party in this until I see when my next billing date is..should be interesting indeed. It is clear some of you need a good laugh.
Silly me..I was always under the impression when a "VPS has been setup" message via email...it was actually setup. Nope.
Actually..the vps is *NOT* setup. I have to wait another 24-48 hours for it to actually work. Mind you..I'm not talking about DNS at all..the fact remains..I have a setup email..and it ain't setup at all. No placeholder page via http..no power panel..no remote desktop..all tried with a raw ip address. The DNS has been setup, though. I'm going to keep a close eye on these folks for further fun.
Sadly..my experience has been deplorable with people that play games like this on day one. In fact..I've never had day 30 with any of them.
