Howto make your private VM Cluster, Part I

I wanted to make some experiments with DRBD, pacemaker and others. The goal is to test a few configurations for an high availability scenario. Since I don't want to make changes to my machine the solution is to use Virtual Machines. I decided to go all open source and use KVM. Since I want more that a single VM I decided to setup a private bridge to which all the VMs would connect. The bridge would provide DHCP and DNS services and NAT + Firewall to the internet.

I use Gentoo. If you use another distribution or firewall tool you should adapt these instructions and scripts to fit your needs.

First I created a script that sets up my bridge. The script is as follows (I called it setupBridge):
#!/bin/bash
set -x

# Setup the bridge
sudo brctl addbr br0
sudo ifconfig br0 192.168.100.1 netmask 255.255.255.0 up

# Launch DNS and DHCP Server on br0
sudo dnsmasq -q -a 192.168.100.1 --dhcp-range=192.168.100.50,192.168.100.150,forever --pid-file=/tmp/br0-dnsmasq.pid

# Launch updated firewall configuration
sudo firehol /home/nsousa/KVM/firehol-br0.conf start
The bridge is created and I give it the 192.168.100.1 ip address. I use dnsmasq to provide DNS and DHCP. The DHCP provided addresses will be from 192.168.100.50 to 150. Finally I adapt the firewall using firehol. Here is the firehold configuration file (firehol-br0.conf): 
version 5

# Allow all traffic in the Bridge
interface br0 bridge
    server all accept
    client all accept

# Accept all client traffic on any interface
interface any world
    client all accept

# NAT to the internet
router bridge2internet inface eth0 outface br0
    masquerade reverse
    client all accept

# Bridge Routing
router bridge-routing inface br0 outface br0
    server all accept
    client all accept
This basically allows the VMs to connect to any service running on br0 (the host). It allows any one to connect to anyone as client (so the host can go to the internet). Finally it sets up NAT using masquerade so the VMs can use the bridge to access the internet, but as clients only.

To undo all these changes I have a script that tears all this setup down. I called it teardownBridge and here are its contents: 
#!/bin/bash
set -x

# Stop DHCP and DNS Server
sudo kill -15 `cat /tmp/br0-dnsmasq.pid`
sudo rm /tmp/br0-dnsmasq.pid

# Stop the bridge
sudo ifconfig br0 down
sudo brctl delbr br0

# Reset the firewall
sudo firehol /etc/firehol/firehol.conf start
Before moving to the script that starts one VM I first need to show the script that sets up the interface for qemu to use (I called it qemu-ifup): 
#!/bin/bash
set -x

if test $(/sbin/ifconfig | grep -c $1) -gt 0; then
    sudo /sbin/brctl delif br0 $1
    sudo /sbin/ifconfig $1 down
fi

sudo /sbin/ifconfig $1 0.0.0.0 promisc up
sudo /sbin/brctl addif br0 $1
The goal here is to add the tap device created to the bridge. I first remove it if it is already there.

Last but not least the script that starts a VM. This script sets up a tap device for the current user, configures KVM start-up parameters and starts KVM. When KVM ends it removes the tap device to keep the system clean. Here is the contents of the script adapted to use a hard disk and the minimal install cd for gentoo (I called it startVM): 
#!/bin/bash
set -x

# Create tap interface so that the script /etc/qemu-ifup can bridge it
# before qemu starts
USERID=`whoami`
IFACE=`sudo tunctl -b -u $USERID`

# Setup KVM parameters
MEMORY="-m 512"
IMGPATH="/home/nsousa/KVM"
IMAGE=gentoo.qcow2
CDROM="-cdrom /home/nsousa/Downloads/install-x86-minimal-20101123.iso"
MACADDRESS="DE:AD:BE:EF:5D:A3"
NET="-net nic -net tap,script=/etc/qemu-ifup"

# Start kvm
kvm $MEMORY -hda $IMGPATH/$IMAGE $CDROM -net nic,macaddr=$MACADDRESS -net tap,ifname=$IFACE,script=/home/nsousa/KVM/qemu-ifup

# kvm has stopped - remove tap tap interface
sudo tunctl -d $IFACE &> /dev/null
Next step is to make a minimal gentoo installation on a VM to use as base for all the VMs in the cluster. I'll probably refactor the startVM script to separate the common parts (the private parts will be the disk image to use and MAC Address).

Stay tuned for more updates.

Comments

Post a Comment

Popular posts from this blog

Back to C: CMake and CUnit

I'm back at programming in C. I proposed something 8 months ago at work that was totally ignore. Now my boss wants me to do it because the other alternatives have totally failed. The idea is to implement an ODBC Driver. If I have the time I'll put a tutorial here on how to do that on Linux. But back to the point of this entry. This small guide will help you create a simple project using CMake to build it and cunit to test it. Yes, I believe in test driven development, no matter the language. Let's imagine a simple project that produces an executable that prints the result of 2 + 3 (I know, lame but sufficient for this example). To make it easier to test I split the application. The functions will go into a library and there will be a source file that starts the program. The library header file is called "lib.h" (extra points for originality). Here are its contents: int add(int a, int b) ; The implementation is on the lib.c file as follows: int add(int a, int b)
Read more

OpenClock and Gentoo

Image
OpenClonk is an open source game that has been in development for some time. Its fun and free. I downloaded a binary some time ago and started using it, but the latest release just doesn't work on my Gentoo machine in binary form. After some digging I didn't found an ebuild for this release, just for the live version. So I wrote my own and added to Gentoo's bug database . I learned a few things along the way but didn't get it as clean as I wanted. If someone knows how to convince cmake to install to a different directory than the prefix used it would be great. I ended up doing a patch for the generated cmake_install.cmake . If anyone knows how to avoid that patch I would appreciate the help. Here is a preview of the game:
Read more

Gentoo with LUKS and LVM

My company has security policy that forces us to encrypt the hard drive of the computer and any other media. Well, not the whole hard drive, but 99% of it: the 1% is what is required for the PC to boot and ask for a password to decrypt the rest of the drive. The good news is that I'm allowed to use Linux. The bad news is that they have red hat enterprise linux and I like Gentoo. For a long time I've been using kubuntu. It is not bad, but it is too easy to use that it borks some time and I like the control Gentoo gives. Since I only installed Gentoo 2 times, one in 2003 and another in 2007 I decided to write all the steps for a bare minimum Gentoo installation. I have tested these steps on a Virtual Machine using KVM. Next step is to make it on the real laptop. It should take something like 35 minutes to do this on a Core 2 Duo at 2.2ghz. Notice: This works for me. Use it at your own risk and remember that these commands wipe your hard drive so, if you want something special
Read more