Wednesday, November 17, 2010

VMWare 2.0.2 Install on Debian Squeeze

These instructions are vital in order to get a working copy of VMWare on Debian Squeeze.  This information was originally available at http//:wiki.debian.org/VMware.  Please check there first for any further updates or information.  The document listed below is for my reference and in the event the wiki is unavailable. 

Installing VMware Server 2 on Squeeze


In general the installation is similiar to that in Lenny, with the following differences:
  • There are different versions of the linux kernel and gcc.
  • Different patches are required for the installer and the modules.
Instructions:
  1. Get the VMWare Server archive (at least version 2.0.2) and your license. Hopefully the issues will be fixed in later versions.
  2. Install the prerequisites (including kernel-headers for your version, and gcc version 4.3).
  3. Unzip the VMWare archive, install VMWare, but do not configure it yet, i. e. answer the question to run "vmware-config.pl" with "no".
  4. Patch vmware-config.pl using a file from the patch archive (choose the directory where you installed the binaries, if not "/usr/bin").
cd /usr/bin
patch -p3 < vmware-config.patch

  1. Patch the module sources using another file from the patch archive (choose the directory where you installed the libraries, if not "/usr/lib").
cd /usr/lib/vmware/modules/source
for i in *.tar ; do tar xpf $i ; done
patch -p4 < vmware-server-2.0.2-203138-update.patch
for i in vmci vmmon vmnet vsock ; do tar cpf $i.tar $i-only ; done

  1. Now run vmware-config.pl.
After that the installation is complete, but a bug related to Tomcat/Java may prevent the web admin interface at http://localhost:8222 from being operational. If you get the message "Error 503: Service unavailable", then continue patching.
[Note: If you want to learn more about this issue, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572048. As Java is embedded in VMWare, switching to a current version is no option, neither should be disabling IPv6.]
  1. IPv6 must be disabled for the "WebAccess" service only. Create a patch file named "vmware.patch" (see the "Lenny" section for how to do this using an editor):
--- vmware.orig 2010-05-24 17:05:09.251864323 +0200
+++ vmware      2010-05-24 21:40:37.563871986 +0200
@@ -675,7 +675,7 @@
 watchdog="${vmdb_answer_BINDIR}/vmware-watchdog"
 webAccessServiceName="VMware Virtual Infrastructure Web Access"
 CATALINA_HOME="${vmdb_answer_LIBDIR}/webAccess/tomcat/apache-tomcat-6.0.16"
-webAccessOpts="-client -Xmx64m -XX:MinHeapFreeRatio=30 -XX:MaxHeapFreeRatio=30 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=$CATALINA_HOME/common/endorsed -classpath $CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-logging-api.jar -Dcatalina.base=$CATALINA_HOME -Dcatalina.home=$CATALINA_HOME -Djava.io.tmpdir=$CATALINA_HOME/temp org.apache.catalina.startup.Bootstrap"
+webAccessOpts="-Djava.net.preferIPv4Stack=true -client -Xmx64m -XX:MinHeapFreeRatio=30 -XX:MaxHeapFreeRatio=30 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=$CATALINA_HOME/common/endorsed -classpath $CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-logging-api.jar -Dcatalina.base=$CATALINA_HOME -Dcatalina.home=$CATALINA_HOME -Djava.io.tmpdir=$CATALINA_HOME/temp org.apache.catalina.startup.Bootstrap"
 
 #
 # Utilities

  1. Patch /etc/init.d/vmware, and restart the daemon.
cd /etc/init.d
patch < vmware.patch
./vmware-mgmt restart 
Done.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2013 - Squeeze Update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After running VMware install but BEFORE the configuration....


3. Patching vmware-server-2.0.2

At this point we need to patch vmware-config.pl file as well as vmware modules. First download and decompress patch provided by: Radu Cotescu:
# cd
# wget http://linuxconfig.org/images/files/2.6.3x-vmware-patch.tar.bz2
# tar xjf 2.6.3x-vmware-patch.tar.bz2
Apply patch:
First apply patch to vmware-config:
# cd /usr/bin/
# patch -p3 < ~/2.6.3x-vmware-patch/config.patch
203138-update.patch
config.patch
LICENSE
README
start-VMware-console.sh
vmware-server-2.0.x-kernel-2.6.3x-install.sh
Apply patch to all modules:
# cd /usr/lib/vmware/modules/source
# for f in *.tar ; do tar pxf $f ; done
# patch -p4 < ~/2.6.3x-vmware-patch/203138-update.patch
patching file vmci-only/include/pgtbl.h
patching file vmnet-only/vnetUserListener.c
patching file vmci-only/Makefile
patching file vmmon-only/common/vmx86.c
patching file vmmon-only/include/compat_cred.h
patching file vmmon-only/include/x86svm.h
patching file vmmon-only/linux/driver.c
patching file vmmon-only/linux/hostif.c
patching file vmmon-only/Makefile
patching file vmnet-only/Makefile
patching file vmnet-only/netif.c
patching file vsock-only/Makefile
# for f in vmci vmmon vmnet vsock ; do tar pcf $f.tar $f-only ; done
# rm -fr *-only

4. Set correct gcc version

The kernel on Debian squeeze was compiled with gcc 4.3 and this is the version of gcc we want to use. By default gcc is set to gcc version 4.4:
# ls -l `which gcc`
lrwxrwxrwx 1 root root 7 Mar 20 11:15 /usr/bin/gcc -> gcc-4.4 
Therefore, we need to change gcc compiler to match our kernel compiler version. The easiest way is to set CC environmental variable to point to gcc v4.3.
The second option is to create a new symlink ( when you finish do not forget to put everything where it belongs ) :
# ln -fs /usr/bin/gcc-4.3 /usr/bin/gcc
# ls -l `which gcc`
lrwxrwxrwx 1 root root 16 Mar 20 12:09 /usr/bin/gcc -> /usr/bin/gcc-4.3

5. Configure vmware-server-2.0.2

We are almost done. At this stage we need to configure vmware-server. Follow vmware-config.pl and change default values where appropriate. Start configuration with:
# vmware-config.pl
After successful build you should see:
Enjoy,

--the VMware team

Starting VMware services:
   Virtual machine monitor                                             done
   Virtual machine communication interface                             done
   VM communication interface socket family:                           done
   Virtual ethernet                                                    done
   Bridged networking on /dev/vmnet0                                   done
   Host-only networking on /dev/vmnet1 (background)                    done
   DHCP server on /dev/vmnet1                                          done
   Host-only networking on /dev/vmnet8 (background)                    done
   DHCP server on /dev/vmnet8                                          done
   NAT service on /dev/vmnet8                                          done
   VMware Server Authentication Daemon (background)                    done
   Shared Memory Available                                             done
Starting VMware management services:
   VMware Server Host Agent (background)                               done
   VMware Virtual Infrastructure Web Access
Starting VMware autostart virtual machines:
   Virtual machines                                                    done

The configuration of VMware Server 2.0.2 build-203138 for Linux for this 
running kernel completed successfully.



Sunday, October 24, 2010

LifeRay - Init.d Script

Example of my init.d LifeRay startup script (Debian).

#!/bin/bash
# description: LifeRay Start|Stop|Restart
export PATH
export JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.20/
export CLASSPATH=//usr/lib/jvm/java-6-sun-1.6.0.20/lib/tools.jar:/usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/rt.jar:./
export CATALINA_HOME=/usr/local/liferay/tomcat

start()
        {
        cd $CATALINA_HOME/bin
        sh startup.sh
        }

stop()
        {
        cd $CATALINA_HOME/bin
        sh shutdown.sh
        }

case "$1" in
start) 
        start
        ;;
stop)
        stop
        ;;
restart)
        stop
        start
        ;;
*)
echo "start|stop|restart"
esac

I saved this into /etc/init.d/ as the name liferay, then updated the run levels.

update-rc.d liferay defaults

Thursday, July 22, 2010

Steps to remember when copying a Virtual Machine

I recently copied a VM to reuse and encountered a networking issue.  Part of the process of editing the .vmx file prior to starting the VM should include changing the MAC address of the Network Card.

Simply adjust the .vmx file with the necessary changes ie "nvram, and displayName" along with adding the example below to the end of the file.

Example (to avoid an ipv6 address conflict):

ethernet0.address = "00:50:56:00:00:01"

VMware Server 2.0 - Tuning

I made the following enhancements in an attempt to improve my VMware performance on a Debian 2.6.26-1-686-bigmem. 

Edit VMware configuration file and add the following:

vi /etc/vmware/config

mainMem.useNamedFile tells VMWare where to put it's temporary workspace file. This file contains the content of the Virtual Machine memory which is not used. By default it is placed in the directory with the virtual machine, however that can seriously impact performance so we'll turn it off.
mainMem.useNamedFile = FALSE

tmpDirectory is the default path for any temp files. We need to change that to be a shared memory filesystem (in RAM).
tmpDirectory="/dev/shm"

prefvmx.useRecommendedLockedMemSize and prefvmx.minVmMemPct tell VMWare to either use a fixed sized memory chunk or balloon and shrink memory as needed. With 4GB of memory we'll use a fixed size of memory to reduce disk IO.

prefvmx.useRecommendedLockedMemSize="TRUE"
prefvmx.minVmMemPct="100"


Be sure to install VMware tools followed by:

Set the time in the Virtual Machine to the hosts time.

tools.syncTime = "TRUE"

Force gracefully stop on each VM.

autostop = "softpoweroff"

I don't care about collapsing memory into a shared pool, this tells the VM to not share which saves CPU cycles:

mem.ShareScanTotal=0
mem.ShareScanVM=0
mem.ShareScanThreshold=4096
sched.mem.maxmemctl=0
sched.mem.pshare.enable = "FALSE"


This basically performs the same action as the configuration I put in /etc/vmware/config by telling the VM to eliminate the temp files and not to balooning and shrink memory, however it doesn't hurt anything to have it in both locations:

mainMem.useNamedFile = "FALSE"
MemTrimRate = "0"
MemAllowAutoScaleDown = "FALSE"


In order for the VMWare configuration to work properly with shared memory, you'll need to increase the default shared memory size for tmpfs to match the amount of memory in your system. This can be done by editing /etc/default/tmpfs:

SHM_SIZE=4096

Wednesday, July 21, 2010

OpenVPN - Linux Client

How-to connect a Linux server to another Linux server via OpenVPN, command line style.

apt-get install openvpn

Copy the example client.conf file

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn

I then edited the client.conf file down as listed below for my initial testing.  Please be sure to adjust according to your own Server configuration as well as proper names for the ca, key and crt files.


#---- OpenVPN Client.conf --------------
dev tap0
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
remote hostname.com 1194
ca ca.crt 
cert hostname.crt
key hostname.key
verb 3
 
Restart OpenVPN

/etc/init.d/openvpn start
Test by pinging or logging into the remote server

Monday, June 21, 2010

VMware Command Line Tools

To start a VM from the command line, issue the following command:

vmrun -T server -h 'https://nameofserver.com:8333' -u root -p 'password here' start "[DataStoreNameHere] Debian/Debian_Lenny.vmx"


I had trouble determining the "DataStore" name and found it listed in one of the Vmware files.  The default seems to be "standard".

Thursday, March 25, 2010

Convert FUSION Virtual Machine to VMWare Server

While moving Virtual Machines created on my Mac using FUSION to a Linux VMware Server environment, I found that it was necessary to remove the following line from the MyVirtualMachineName.vmx file.

serial0.fileType = "thinprint"

After doing so, I was then able to successfully add my Virtual Machines to the "Inventory" of the Linux VMware server.

Tuesday, February 23, 2010

LifeRay Portal 5.2.3 - TomCat 6.0 - PostgreSQL on Debian (sid)

I was recently introduced to LifeRay and determined that I would setup a Virtual Machine & configure it to run LifeRay on TomCat 6.0 with a Postgres database.

I have a preference toward Debian and since I had a base install on a Virtual Machine, I began by duplicating it and updating it to Sid.  (I later installed on a testing version as well following the same procedures outlined below.)

After some light reading on the Liferay site I realized that they didn't have complete documentation for a PostgreSQL installation for the 5.x versions.   It appears that there have been extensive changes since these most recent releases.
_____________________________________

To begin I downloaded the LifeRay Portal bundle with TomCat 6.0 :

cd /usr/local/src/

wget http://sourceforge.net/projects/lportal/files/Liferay%20Portal/liferay-portal-tomcat-6.0-5.2.3.zip

cd /usr/local

unzip liferay-portal-tomcat-6.0-5.2.3.zip

Make the shell scripts executable.

cd /usr/local/liferay-portal-5.2.3/tomcat-6.0.18/bin/

chmod +x *.sh

Obtain the following package: 
Note:  You must have the option of "non-free" in your apt sources list.

apt-get install sun-java6-jdk

Check the java version

java -version

Update ./home/user/.bashrc and add the following line.

# JAVA6
export JAVA_HOME=/usr/lib/jvm/java-6-sun

Note: DEBIAN Users must modify the setenv.sh file for TomCat and add the following variable if using a testing version Debian or have upgraded from a testing version of Debian. (Thanks to Mr. LBR for pointing this out) You may reference this issue at the following website http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572048

Add the following to JAVA_OPTS line

-Djava.net.preferIPv4Stack=true

OPTIONAL:  If desired, you can simply start TomCat and allow LifeRay to use it's built in database HyperSQL.  I initially installed LifeRay with its default configuration so I could verify that I had a working installation prior to moving to PostgreSQL.

/usr/local/liferay-portal-5.2.3/tomcat-6.0.18/bin/start.sh

The default configuration starts TomCat on port 8080.

The log file is located at:

/usr/local/liferay-portal-5.2.3/tomcat-6.0.18/logs/

Tail the log file.

tail -f catalina.out

Once you see a line similar to the following, you may access your portal.

INFO:  Server startup in 62000 ms

Continuing on with a PostgreSQL database installation, you will need to stop TomCat by running the "Shutdown.sh" script found in the same location as the "start.sh" script.

 Obtain Postgres.  I also installed "-doc" package but didn't note it here.

 apt-get install postgresql 

 Start Postgres, setup a user for postgres, create a new database.

/etc/init.d/postgresql start

adduser newuser

Become a superuser

su postgres

Connect to the Database server.

psql template1 
template1=# CREATE USER newuser WITH PASSWORD 'newuserpassword';
template1=# CREATE DATABASE liferay;
template1=# GRANT ALL PRIVILEGES ON DATABASE liferay to newuser;
template1=# \q

Configure Liferay to use the PostgreSQL Database.

I found that the version or package that I downloaded did not actually have the following file.  I had to create this file.  If your version has this file please modify it with the following.

cd /usr/local/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/classes

vi portal-ext.properties

Insert the following lines with modifications to the database name, username & password to match your configuration.

jdbc.default.driverClassName=org.postgresql.Driver
jdbc.default.url=jdbc:postgresql://localhost:5432/liferay
jdbc.default.username=newuser
jdbc.default.password=newuserpassword

Start TomCat and tail the log file.

/usr/local/liferay-portal-5.2.3/tomcat-6.0.18/bin/start.sh

The default configuration starts TomCat on port 8080.

The log file is located at:

/usr/local/liferay-portal-5.2.3/tomcat-6.0.18/logs/

Tail the log file.

tail -f catalina.out

Once you see a line similar to the following, you may access your portal.

INFO: Server startup in 62332 ms

Login at:  http://localhost:8080

Admin access can be obtained by logging in with the following credentials (as per LifeRay.com)
Username: bruno@7cogs.com
Password: bruno

Overview:  Overall this was not a difficult process.  There were a few hurdles along the way getting the postgres database configured as I wanted with a different user than "postgres".  These were very minor and were primarily resolved once I found the proper location for the portal-ext.properties file.

Reference  & Info Links: 
LifeRay - LifeRay - website, documentation and wiki.
PostgreSQL - Postgresql - website & database commands.
YouTube - Howto change the default Logo on Liferay.  Saved me hunting around in the "control panel".

UPDATE 8/3/2010 - Tested ver. 6.0.4 GA2
  • Found documentation still applicable.  
  • Removed "SevenCogs" data in WEBAPPS folder prior to start up so no "example" data was deployed.  This required using the default username of test@liferay.com and password of "test" to access the admin console.
UPDATE 1/15/2011 - Tested ver. 6.0.5 GA3
  • Debian (testing) users will need to download and install (apt-get) default-java instead of sun-java6-jdk.
  • All other steps worked as documented

Tuesday, February 9, 2010

OpenVPN Howto

Scope:  

1.  Installation of OpenVPN was completed with apt

apt-get install openvpn

The following extra packages were installed when the above command was initiated.

libpkcs11-helper1 
openvpn-blacklist
 
2.  Next determine whether you will use a routed or bridged VPN.  OpenVPN has a more in depth write up of differences here. Each will require a different set of parameters in the openvpn configuration file but it is well documented. I configured my installation first as routed and then transitioned to a bridged model.

Bridging advantages
  • Broadcasts traverse the VPN -- this allows software that depends on LAN broadcasts such as Windows NetBIOS file sharing and network neighborhood browsing to work.
  • No route statements to configure.
  • Works with any protocol that can function over ethernet, including IPv4, IPv6, Netware IPX, AppleTalk, etc.
  • Relatively easy-to-configure solution for road warriors.

Bridging disadvantages

  • Less efficient than routing, and does not scale well.

Routing advantages

  • Efficiency and scalability.
  • Allows better tuning of MTU for efficiency.

Routing disadvantages

  • Clients must use a WINS server (such as samba) to allow cross-VPN network browsing to work.
  • Routes must be set up linking each subnet.
  • Software that depends on broadcasts will not "see" machines on the other side of the VPN.
  • Works only with IPv4 in general, and IPv6 in cases where tun drivers on both ends of the connection support it explicitly.

3.  Certificates need to be generated for both the server and clients.

NOTE:  You must place the key & crt files for the server and client in the same directory as your .conf files unless you explicitly state otherwise it the conf file.

mkdir /etc/openvpn/easy-rsa
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa

3a.  Edit the default values necessary for the certificates.

vi /etc/openvpn/easy-rsa/vars

3b. Generate the Certificate Authority that will be used to sign the certificates.

cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca

3c. Create server keys.

./build-key-server server

3d.  Generate the diffie-hellman parameters.

./build-dh 

3e. Create client keys.

./build-key client1

4. Configure server.conf file.  OpenVPN example found at http://openvpn.net/index.php/open-source/documentation/howto.html#examples

NOTE: For the logging, it will require that you create the /var/log/openvpn directory and I went ahead and created the two logfiles.This example is specifically for a bridged configuration.  Please see the example above for detailed explanations of the various settings and options. 

 

################## 
# server.conf 
##################
local 192.168.0.10 
port 1194 
proto udp 
dev tap0 
ca ca.crt 
cert server.crt 
key server.key 
dh dh2048.pem 
client-config-dir ccd 
server-bridge 192.168.0.10 255.255.255.0 192.168.0.150 192.168.0.160 
ifconfig-pool-persist ipp.txt 
route 192.168.0.0 255.255.255.0 
client-to-client 
keepalive 10 120 
#comp-lzo 
max-clients 15 
#user nobody 
#group nobody 
persist-key 
persist-tun 
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log 
verb 3

 5. Acquire the necessary package for bridged configuration script.

apt-get install bridge-utils

6. Configure the openvpn-bridge script.  I did not have good luck with the example script included on the openvpn.net site.  I opted to utilize the one listed here and it has been successful on multiple systems.  

Edit based on your network settings.

#!/bin/bash

#################################
# OpenVPN Bridge 
#################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"

eth_ip="192.168.0.10"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.0.255"
gw="192.168.0.1"

case "$1" in
  start)
  for t in $tap; do
      openvpn --mktun --dev $t
  done

  brctl addbr $br
  brctl addif $br $eth

  for t in $tap; do
      brctl addif $br $t
  done

  for t in $tap; do
      ifconfig $t 0.0.0.0 promisc up
  done

  ifconfig $eth 0.0.0.0 promisc up

  ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
  route add default gw $gw
  ;;
  stop)
  ifconfig $br down
  brctl delbr $br

  for t in $tap; do
      openvpn --rmtun --dev $t
  done
  ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
  route add default gw $gw
  ;;
  *)
  echo "usage openvpn-bridge {start|stop}"

  exit 1
  ;;
esac
exit 0

7. Set openvpn-bridge script to run at startup. (Please test first.)

update-rc.d openvpn-bridge defaults

8. Once the bridge is up and functional you can proceed to start OpenVPN.

/etc/init.d/openvpn start

9. Firewall. Make the necessary firewall changes to allow your clients to connect on the specified port.

10. Client review and configuration to follow....