Procedure to create a VM
- Create a replicated volume for the VM’s OS, as described above, naming the volume after the VM (e.g. fusilli).
- Create replicated volumes for large data areas the VM will need (e.g. web pages, mail repository, p2p downloads), prefixing the naming the volume name with the name of the VM (e.g. fusilli_web, fusilli_mail, fusilli_p2p).
- Use virt-manager to define the VM, attach the storage and attach the VM’s NICs to the appropriate networks (normally two).
NFS services from a VM
This procedure is to be run on a single VM, not on the virtualisation servers!
- Install a VM.
- Create a suitably sized replicated volume to store the data to be shared via NFS, as described above, attach it to the VM, within the VM format it for use by LVM, create a suitably sized LV, format it and mount it (e.g. at /vol/pub).
- Due to Ubuntu bug 1558196, run the following commands:
systemctl add-wants multi-user.target rpcbind.service(See https://askubuntu.com/questions/771319/in-ubuntu-16-04-not-start-rpcbind-on-boot for more details.)
- If an NFS client is a VM and it is running on the same physical host as the NFS server, then some performance increase can be gained by directing the NFS client to that NIC on the the NFS server that is on the shared virtual network. Therefore:
- Ensure the VM has a second interface connected to the virtual network that was created in the virtualisation servers earlier. For the sake of this procedure, let’s assume that the network is 192.168.10.0/24 and the servers will be 192.168.10.28.
- Note that, later, when creating other VMs:
- they will also need a second interface connected to the virtual network that was created in the virtualisation servers earlier.
- they should attempt to mount the NFS share first using the NFS server’s second interface and the fall back to the NFS server’s first interface, as in this example automounter entry:
pub -nordirplus,noatime,nodiratime,nfsvers=3,proto=tcp filer.pasta.net,fettuce.pasta.net:/vol/pub
- Write a suitable /etc/exports file, with exports accessible both over the public network and the “co-hosted VMs” network. As an example here is my own:
/vol/small/home 192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check) 192.168.10.9(rw,sync,no_root_squash,no_subtree_check) /vol/small/home 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash,no_subtree_check) 192.168.10.9(rw,sync,no_root_squash,no_subtree_check) /vol/pub 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash,no_subtree_check) 192.168.10.9(rw,sync,no_root_squash,no_subtree_check) /vol/small/home 192.168.1.8(ro,no_root_squash,no_subtree_check) 192.168.10.8(ro,no_root_squash,no_subtree_check) /vol/pub 192.168.1.8(ro,no_root_squash,no_subtree_check) 192.168.10.8(ro,no_root_squash,no_subtree_check) /vol/small/svn 192.168.1.8(rw,sync,no_root_squash,no_all_squash,no_subtree_check) 192.168.10.8(rw,sync,no_root_squash,no_all_squash,no_subtree_check) /vol/small/mail 192.168.1.29(rw,sync,no_root_squash,no_all_squash,no_subtree_check) 192.168.10.29(rw,sync,no_root_squash,no_all_squash,no_subtree_check)
- Run:
exportfs -av
- Note for NFS clients:
- For reasons I don’t understand, when I try to ‘svn commit’ then the NFS server logs:
lockd: cannot monitor <web-server-hostname>
The only fix I’ve been able to find for this is to include the following in the NFS client’s mount options (or in the auto.staging map):
...,nolock,...
- Clients should attempt to mount the NFS share first using the NFS server’s interface on the “co-hosted VMs” network and the fall back to the NFS server’s public interface, as in this example automounter entry:
pub -nordirplus,noatime,nodiratime,nfsvers=3,proto=tcp filer.pasta.net,fettuce.pasta.net:/vol/pub
- For reasons I don’t understand, when I try to ‘svn commit’ then the NFS server logs:
SMB services from a VM
SMB is useful for allowing smartphones, Windows and Mac machines to transfer files (e.g. to put MP3s onto a smartphone).
- Run:
apt-get install samba
- Convert Unix accounts to SMB accounts as follows:
# pdbedit seems to have no way to pre-lock accounts so we'll use secure passwords pwgen() { dd if=/dev/urandom bs=1 count=100 2>/dev/null | base64 -w0; } # we'll need to extract login and fullname from entries in /etc/passwd or getent fanoutpwent() { perl -pe 's/^([^:]*):([^:]*):([^:]*):([^:]*):([^,]*),([^,]*),([^,]*),([^,]*):([^:]*):([^:]*)\n/"$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "$10"\n/g;' <<<"$1"; } # generic function to run a shell command after getting ok to run it shi() { while read -r X; do eval set -- "$X"; read -p "$1: " YESNO < /dev/tty; [ "X$YESNO" != Xy ] || eval "$2"; done; } UID_MIN=$(sed -n 's/^UID_MIN[\t ]*//p' /etc/login.defs) UID_MAX=$(sed -n 's/^UID_MAX[\t ]*//p' /etc/login.defs) getent passwd | awk -F: "{ if ( \$3 >= $UID_MIN && \$3 <= $UID_MAX ) { print } }" | while read PWENT; do \ eval set -- $(fanoutpwent "$PWENT"); P=$(pwgen); echo "$1 '{ echo \"$P\"; echo \"$P\"; } | pdbedit --create --user "$1" --fullname \"$5\" --password-from-stdin'" done | shiand follow the prompts regarding which accounts to create.
- Edit /etc/samba/smb.conf and set:
[global] ... # See http://www.spinics.net/lists/samba/msg69479.html strict locking = no # this doesn't work so don't bother uncommenting it #hide dot files = yes ... [homes] ... read only = no # this doesn't work so don't bother uncommenting it #hide dot files = yes ... [pub] comment = Public Archive browsable = yes path = /pub/ #[printers] #... #[print$] #... - Run:
service samba reload
- Try to connect from a SMB client using smbclient as follows:
- Edit /etc/samba/smb.conf on the client and change:
syslog = 0
to
logging = syslog@0
(Without this you will see the warning message ‘WARNING: The “syslog” option is deprecated’. Note also that there is no need to make this change on the SMB server.)
- Run:
smbclient '\\fettuce\pub'
and
smbclient '\\fettuce\alexis'
- Edit /etc/samba/smb.conf on the client and change: