Tag Archives: virtualization

Setting up a local Dataset API repository for SmartOS

Leave a reply

The Dataset API is a repository for dataset metadata and files for SmartDataCenter, the commercial product from Joyent for managing a private cloud based on SmartOS. The implementation of this API isn’t open, that means you can’t use it with FiFo and/or your own SmartOS nodes for example. Since I use FiFO to manage my private cloud I really wanted a local repository for my datasets, especially the Windows based ones since they aren’t available from Joyents reposity nor datasets.at. Forturnatley for me Daniel “MerlinDMC” Marlon has developed a free Dataset API server (called dsapid), based on CouchDB and Node.JS ,which I can use. With some help from him I’ve set up my server at home and I thought I’d share my experiences on how to make it work.

Installing a new VM to host dsapid

A new json file for the dsapid server.

{
  "brand": "joyent",
  "alias": "dsapid",
  "tmpfs": 1024,
  "image_uuid": "cf7e2f40-9276-11e2-af9a-0bad2233fb0b",
  "filesystems": [
    {
      "type": "lofs",
      "source": "/zones/dsapi-server-data",
      "target": "/database"
    }
  ],
  "nics": [
    {
      "nic_tag": "admin",
      "ip": "192.168.1.123",
      "netmask": "255.255.255.0",
      "gateway": "192.168.1.1"
    }
  ]
}

This one is based on SmartMachine base64 1.9.1. I’m using a lofs mount to get direct access to a directory under /zones in the GZ, this directory will hold the CouchDB database. You might also want to use a bigger tmpfs if you plan on using big datasets, the dataset is uploaded to /tmp before it’s imported into CouchDB. I use a tmpfs that’s 8 GB, but that’s not big enough sometimes (as you’ll see if you continue reading).

Installing software in the new dsapid zone

It’s time to install the software needed.

pkgin in couchdb nginx node gcc47 gmake scmgit
mkdir /opt/dsapi-ui
chown -R couchdb:couchdb /database

The software is installed and the proper directories created. The dsapid server will be installed later once the database, web server etc. are configured.

Configuration of the installed software

Add the following to /opt/local/etc/couchdb/local.ini under [couchdb]:

database_dir = /database
view_index_dir = /database

To make sure we get periodic syncing from the dataset source (which can be Joyent repo, datasets.at or some other dataset API server), add the following to crontab:
0 * * * * /opt/dsapi/sbin/dsapi-sync-manifests
0 * * * * /opt/dsapi/sbin/dsapi-sync-files

Time to configure nginx, replace the contents of /opt/local/etc/nginx/nginx.conf with the following:
user   www  www;
worker_processes  1;

events {
  # After increasing this value You probably should increase limit
  # of file descriptors (for example in start_precmd in startup script)
  worker_connections  1024;
}

http {
  include       /opt/local/etc/nginx/mime.types;
  default_type  application/octet-stream;

  sendfile        on;
  #tcp_nopush     on;
  tcp_nodelay     on;

  #keepalive_timeout  0;
  keepalive_timeout  65;

  gzip               on;
  gzip_http_version 1.1;
  gzip_proxied      any;
  gzip_vary          on;
  gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
  gzip_disable "MSIE [1-6]\.(?!.*SV1)";
  gzip_buffers    16 8k;

  client_max_body_size 1024m;

  server {
    listen       80;
    server_name  localhost;
    root         /opt/dsapi-ui;

    location = /ping {
      proxy_pass http://localhost:8080;
    }

    location = /stats {
      proxy_pass http://localhost:8080;
    }

    location = /datasets {
      proxy_pass http://localhost:8080;
      proxy_read_timeout 500;
      proxy_connect_timeout 500;
    }

    location ~* ^/datasets/[a-f0-9-]+$ {
      proxy_pass http://localhost:8080;
      proxy_read_timeout 500;
      proxy_connect_timeout 500;
    }

    location ~* ^/datasets/[a-f0-9-]+/.+ {
      proxy_pass http://localhost:5984;
      proxy_read_timeout 500;
      proxy_connect_timeout 500;
    }
  }
}

Increase client_max_body_size to the same as your tmpfs size if you increased that earlier. I’ve also added high timeouts to make sure there’s enough time to upload big datasets.
Now it’s time to start the services we’ve configured.
svcadm enable epmd:default
svcadm enable couchdb:default

Installing dsapid

It’s time to install the dsapid server.

git clone git://github.com/MerlinDMC/smartos-public-dsapi.git /opt/dsapi
cd /opt/dsapi
npm install
svccfg import /opt/dsapid/smf/dsapid.xml
svcadm enable dsapid:default
svcadm enable nginx:default

Adding remote dataset API servers for syncing

If you want to sync an external dataset server, do the following (use -f for manifests AND dataset image files).

/opt/dsapi/bin/add-sync-source joyent https://datasets.joyent.com/datasets (fetch only manifests files get served from the joyent server)
/opt/dsapi/bin/add-sync-source joyent https://datasets.joyent.com/datasets -f (fetch manifests and files)

Installing the web GUI

There’s a web GUI for the dataset server, although it’s made for datasets.at it will work internally (with some stuff still referring to datasets.at).

curl -O https://dl.dropbox.com/u/2265989/SmartOS/dsapi-ui.tar.bz2
tar -xjf dsapi-ui.tar.bz2 -C /opt/dsapi-ui

The web GUI should be available at http://[hostname]

Uploading your own datasets

To start with you need a username and an associated password to be able to upload.

/opt/dsapi/bin/grant-upload [username] [password]

If you haven’t created a dataset before, read my blog post about how to do it. Once you have your manifest file and dataset image file, it’s time to upload it. This is done with curl, for example.
curl -X PUT -u [username]:[password] -F manifest=@[manifest name].dsmanifest -F [image name]=@[image name] http://[dsapi server]/datasets/[dataset UUID]

The “image name” will be something like winserver.zvol.gz or testzone.zfs.bz2. The dataset UUID is the same UUID that you gave the dataset during creation.

If you for some reason don’t get a dataset fully uploaded you’ll have to delete it through Futon, CouchDB’s web management GUI, manually. If you don’t want to change the configuration on the server, which says that CouchDB is only listening on localhost, you can set up a SSH tunnel to access Futon. You’ll probably have to reconfigure sshd to allow root login with a password or add your public key for SSH login.

ssh -f -L 127.0.0.1:5984:127.0.0.1:5984 root@[dsapi server] -N

Now you can access Futon on http://localhost:5984/_utils/ and delete the document created for the dataset (named its UUID).

This is everthing you need to use the dsapi server. To use it with imgadm:

echo "http://[dsapi server]/datasets" > /var/db/imgadm/sources.list
imgadm update

Installing very big datasets

Datasets that are very big will need a very big tmpfs. If you’re dataset is 4 GB you will need over 8 GB of tmps. If you don’t have enough memory you can bypass nginx, which is usually used, and communicate directly with dsapid. By doing this you will only need ~4 GB tmpfs if you are importing a 4 GB dataset.

Start by disabling nginx.

svcadm disable nginx

The next step is to get dsapid to listen on 0.0.0.0 instead of 127.0.0.1. You can disable dsapid in the way you did with nginx and set an env variable (DSAPI_HOST to 127.0.0.1) and start dsapid manually. This won’t persist, if you want this to be persistent:

  • Disable dsapid
  • Remove dsapid using svccfg delete dsapid
  • Edit /opt/dsapi/smf/dsapid.xml and change the DSAPI_HOST variable in the xml file
  • Import the xml file again using svccfg import /opt/dsapi/smf/dsapid.xml

Now you can install the big dataset, use port 8080 with curl. When done you can change back to using nginx. You could (probably) compile nginx with an upload module, but since the nginx available in pkgin doesn’t have this I haven’t tried it.

Using the local dsapid with FiFO

The dsapid is now working with imgadm in native SmartOS, but as I mentioned in the beginning of the post I use FiFo to manage my VMs. To get this working you need some extra tweaks. To start with you need to add the following to your dsapid servers nginx.conf.

if ($request_method = 'OPTIONS') {
   add_header 'Access-Control-Allow-Origin' '*';
   add_header 'Access-Control-Allow-Credentials' 'true';
   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
   add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
   add_header 'Access-Control-Max-Age' 1728000;
   add_header 'Content-Type' 'text/plain charset=UTF-8';
   add_header 'Content-Length' 0;
   return 204;
}

if ($request_method = 'POST') {
   add_header 'Access-Control-Allow-Origin' '*';
   add_header 'Access-Control-Allow-Credentials' 'true';
   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
   add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}

if ($request_method = 'GET') {
   add_header 'Access-Control-Allow-Origin' '*';
   add_header 'Access-Control-Allow-Credentials' 'true';
   add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
   add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}

Add this to the last three “location” statements containing references to /datasets and restart nginx. Now it’s time to make the last change, tell FiFo to use the local dsapi server. Edit /opt/local/jingles/app/scripts/config.js and change the following line:
datasets: 'datasets.at',

Change from datasets.at to whatever your server is called.

Done. Enjoy using your local Dataset API Server!

Creating SmartOS datasets

Leave a reply

Datasets are images that you can base your VMs on, for instance a dataset can contain a basic Ubuntu 12.04 LTS Server installation. Joyent provides a wide range of datasets that you can access via imgadm, if that’s not enough you can add the community dataset provider datasets.at for an even wider range. This is all good, but sometimes you need to customize or run OSes that aren’t free software. In my example I’ll create a dataset for Windows Server 2012.

Preparations

Install a Windows Server 2012 VM, make sure you install the virtio drivers for the storage and NIC. Then sysprep the machine.

Creating the dataset

The actual creation of the dataset begins with a snapshot. The snapshot is then sent to a file which is gzipped.

zfs snapshot zones/[VM UUID]-disk0@dataset
zfs send zones/[VM UUID]-disk0@dataset > win2012.zvol
gzip win2012.zvol

The next step is to create a dataset manifest file. It looks like this.
{
  "name": "win2012standard",
  "version": "1.0",
  "type": "zvol",
  "cpu_type": "host",
  "description": "Windows Server 2012 Standard VM image 1.0",
  "created_at": "2013-03-07T11:40:00.000Z",
  "updated_at": "2013-03-07T11:40:00.000Z",
  "published_at": "2013-03-07T11:40:00.000Z",
  "os": "windows",
  "image_size": "40960",
  "files": [
    {
      "path": "win2012.zvol.gz",
      "sha1": "792ea932dfa38bb4570a3c760ba1a25277c94ef4",
      "size": 4095909399
    }
  ],
  "requirements": {
    "networks": [
      {
        "name": "net0",
        "description": "public"
      }
    ]
  },
  "disk_driver": "virtio",
  "nic_driver": "virtio",
  "uuid": "3cf8fa80-8711-11e2-9e96-0800200c9a66",
  "creator_uuid": "d989b0a0-8663-11e2-9e96-0800200c9a66",
  "vendor_uuid": "d989b0a0-8663-11e2-9e96-0800200c9a66",
  "owner_uuid": "d989b0a0-8663-11e2-9e96-0800200c9a66",
  "creator_name": "Marcus Wilhelmsson",
  "platform_type": "smartos",
  "urn": "smartos:nickebo:win2012standard:1.0"
}

Please adjust the file, create new UUIDs, etc. When this is done, the dataset is ready to be installed.
imgadm install -m [manifest file] -f [snapshop zvol].zvol.gz

That’s it, you can now use your new dataset as a template when creating new VMs.

 

Project FiFo, a promising web interface for SmartOS

Leave a reply

SmartOS is, as you might know, a great piece of software. If you’re running machines in the Joyent Cloud (which uses SmartOS) they’ve built a nice web interface for you to handle your VMs. Wouldn’t a software like this be nice to have in your own datacenter/cloud? You might not be prepared to pay for Joyents solution, in that case you should have a look at Project FiFo.

Project FiFo is a web interface for your own SmartOS based cloud. The current verison is 0.3, you can find it at http://project-fifo.net/display/PF/Project+FiFo+Home.

I’ve installed project FiFo and it looks really promising. Below you can see some screenshots from my installation.

I’m eager to try out all the new features in Project FiFo, as you can’t do that much administrations of your VMs yet (although creating, restarting, etc. works).

Deploying SmartOS in a home environment

18 Replies

What’s the most common hypervisor for home use? I’d say probably the “free” version of VMware vSphere. I’ve been using VMware for a couple of years now and it has served me well, but. There’s always a but, but what is it? For me it’s the overhead, I want to be able to run operating system level virtualization. To do this I had to ditch VMware, even though it works good for full virtualization, it just doesn’t cut it. The next question was what to replace it with? The answer was simple, SmartOS. I’ve always been a big fan of Solaris and ZFS. SmartOS is basically the best parts of Solaris, ZFS, KVM and Dtrace bundled and customised by Joyent. All these wonderful software in one package. I was sold, it was time to get this deployment going!

Do I need new hardware?

It depends. If you’re using a newer Intel Core i3/i5/i7 you’re probably fine. If you’re, like me, using an AMD CPU it’s time to invest. SmartOS won’t run on AMD CPU’s or older Intel CPU’s. I got a motherboard from ASUS (no server grade, just cheap and simple) and a Core i5. To this I added 8 GB RAM and two SATA disks which will be used to store the virtual machines. Why not use iSCSI you might say? If you do you’re missing out on all the wonderful self healing capabilities of ZFS, hence it’s best to use internal disks. OK, hardware’s sorted!

Installing SmartOS

The easiest way to do this is to download an USB image and write it to a pen drive. SmartOS is made to be run from a USB pen drive or SD card. Have a look at the SmartOS wiki for instructions.

Converting virtual machines from VMware to SmartOS

If you’re running VMware ESXi 4.x this isn’t a big deal (in theory). There’s a way to convert and import the vmdk-files. Once again, the SmartOS wiki has the answer.

Now, was I using ESXi 4.x? Of course not, I was using 5.1. Converting a vmdk from 5.1? Nooooo. Won’t work. So, how do you get the machine(s) out of VMware and into SmartOS? I used a combination of dd, netcat and bzip2.

Start by booting up a Linux live cd on the VMware VM you want to convert. When it’s started you’ll need to start a receiving server using netcat on another machine, preferably one with enough harddrive space to fit the VM. Use the following command:

nc -l 19000|bzip2 -d|dd bs=16M of=vm_image.img

The server is ready to receive data, let’s send some!

dd bs=16M if=/dev/sda|bzip2 -c|nc [server ip] 19000

This will send the contents from sda on the Linux VM to an image file on the server. I’m sending it through bzip2 to avoid sending unnecessary data, it’s better to just compress all them zero blocks! OK, the data is extracted from VMware and now resides in an image file. The next step is to transfer the data into SmartOS. Have a look here at Ed Plese’s blog, he explains how to set up a new VM using KVM. It boots an iso file, which is perfect. Boot the same live cd as on VMware earlier and we’ll transfer the image to the virtual disk in SmartOS. Just make sure the virtual disk in SmartOS is big enough to fit the data on the image. When booted, issue the following on the VM:

nc -l 19000|bzip2 -d|dd bs=16M of=/dev/vda

Now, make sure you type /dev/vda instead of /dev/sda since the disk is called vda in SmartOS instead of sda. Now, send the data from the server like this:

dd bs=16M if=vm_image.img|bzip2 -c|nc [vm ip] 19000

When the transfer is done, just reboot the VM and the machine should boot up. This will only work if you’re using UUID’s in /etc/fstab on the virtual machine, if not you’ll have to change from sda to vda before doing the initial transfer out of VMware.

So far?

I’ve had the system up for about three hours, works like it should. No complaints yet, but if you’re a point-and-click kind of guy, this probably isn’t for you. SmartOS is text console all the way. Just the way I like it. Plus the fact that the CPU/memory restrictions in the free license of VMware won’t be an issue. No restrictions here! At last, thank you Joyent! This is one sweet piece of software!

VM's running in SmartOS

VM’s running in SmartOS

NFS or iSCSI for use as backend storage on ESXi?

Leave a reply

VMware, back in the days of early 2001, when there was only VMware ESX Server was built with ONE storage system in mind. A NetApp using NFS. They added support for FibreChannel, iSCSI, etc. but NFS was the main thing for VMware. In many cases it still is! For an average home enthusiast like myself FibreChannel isn’t an option because of price, that means it’s either NFS or iSCSI that’ll be used for storage. Unless you use internal disks in the server itself, but why would you want to do that? Your file server is there for a reason! What are the pros and cons of NFS vs. iSCSI? Here are my thoughts on the matter.

NFS

+

VMware was built for this.

It’s fast when it comes to reading compared to iSCSI, at least in my experience.

The virtual machines are stored as files on the file server and not in an image using VMFS.

-

NFS does sync writes, this tends to be slow. Can be solved by using ZIL, ZFS Intent Log if using ZFS.

Security isn’t the best unless using NFSv4 with authentication, use on a dedicated storage network instead.

 

iSCSI

+

Easier to share between more than one host if using multiple ESXi server.

Can be configured with good security.

-

Slow. At least that’s what my experience tells me.

Not that flexible since the VMs are stored in an image using VMFS, the VMware File System.

 

What to choose?

For me it was an easy choice, I went for NFS. I have used iSCSI before with ESXi and I wasn’t content. It was slow and more or less a pain to backup the machines. With NFS I can just power off the machine and copy the whole thing to another directory on the file server (or a take a snapshot with ZFS). I might add I did use iSCSI under Solaris with the COMSTAR iSCSI target, haven’t tried it under FreeBSD which I’m currently using.

Which ever one you go for I recommend using a dedicated network for storage. This is mostly for security reasons, you don’t want anyone to mess with the storage traffic. Storage also tends to use quite a bit of bandwidth, you probably don’t want this on your LAN. Since I only have two machines, the file server and the ESXi server, I use a single cable between them. No need for a network switch.

Normal load on my ZFS storage system

Normal load on my ZFS storage system

As you can see above I tend to get a lot of reads, I’d say 99% of my storage I/O are read requests.

Upgrading my ESXi server

11 Replies

Since I got an ESXi server (again) I’ve been thinking about changing it’s hardware. Until now I used an Athlon 64 X2 6000+ with 4 GB RAM, a rather pleasant hardware setup although a bit power hungry. 4 GB RAM also keeps me back a bit since I can’t run as many virtual machines as I’d like. The time for an upgrade had arrived!

The hardware of the old ESXi server

The hardware of the old ESXi server

 The new hardware

I wrote a blog post about what hardware to choose for a new ESXi server. The final choice was very close, I went for an ASUS E35M1-M motherboard with the AMD E-350 APU on board. It’s not the fastest CPU avaliable but it’s relativly cheap and foremost it has a VERY low power consumption.

The new motherboard before installation

The new motherboard before installation

What were my other choices? Core i3 did cross my mind, but it’s much more expensive and has a bit higher power consumption. Someone might wonder why I didn’t got for Intels Atom CPU. Atom doesn’t have virtualization support in hardware (VT-x) but the AMD E-350 does (called AMD-V).

Installation

I simply replaced the old stuff with the new, took about 5 minutes.

New motherboard installed

New motherboard installed

Performance and power

So far I’m very satisfied. The machine I run, for instance this web server, aren’t exactly CPU hogs. I mainly need a lot of memory, right now the new machine has 8 GB of RAM which is the maximum it can handle. Since it only uses about 35 watts of power, it’s a big difference compared to the old server which would use about 90-120 watts when the CPU was working at 100%.

ESXi? How?

It works out of the box with ESXi 5.0. I use ESXi from a USB stick and all the hardware in the server is detected and works, even the Realtek NIC. Haven’t had any problems with it to be honest, everything runs very smooth. At normal operation my four virtual machines use about 15% of the total CPU performance.

Running a BIND/named DNS server in a Solaris Zone

1 Reply

I’ve been using my Mac OS X Lion server as DNS for a while, but there was a problem. The support for IPv6 in the DNS GUI was non-existent. Since I use IPv6 in my home network this was starting to bother me, it was time to move the DNS to a new computer.

Since I’m a Solaris fanboy (and wanted to learn more about zones and using one to run a real service) I decided to move it to a Solaris Zone that i called ganymede.

I’ve already blogged about how to set up a Zone, please have a look here.

Now, the DNS server. As most DNS servers under UNIX do, this one runs BIND. Installation of BIND is quite simple in Solaris 11.

pkg install pkg://solaris/network/dns/bind

For some reason BIND under Solaris doesn’t come with an example configuration. I had to create this my self and decided to go with a somewhat standard layout. Main conf-file under /etc/named.conf and all zone files under /var/named.

/etc/named.conf contains the following:

options {
        directory "/var/named";
        allow-transfer {
                none;
        };
        forwarders {
        8.8.8.8;
        };
};

logging {
        channel _default_log {
                file "/var/log/named.log";
                severity info;
                print-time yes;
        };
        category "default" {
                "_default_log";
        };
};

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

zone "nickebo.net" IN {
        type master;
        file "db.nickebo.net";
        allow-transfer {
                none;
        };
        allow-update {
                none;
        };
};
zone "0.16.172.in-addr.arpa" IN {
        type master;
        file "db.0.16.172.in-addr.arpa";
        allow-transfer {
                none;
        };
        allow-update {
                none;
        };
};

This is a pretty standard conf with some standard zones for localhost etc. and one for my internal domain nickebo.net and one reverse zone for 172.16.0. I’ll add a reverse zone for IPv6 later and hopefully blog about it.

The layout of my zone files for nickebo.net and 172.16.0 won’t be posted here since I don’t want the whole Internet to see my internal DNS structure.

Now, there’s one last thing you should do. Add a new user and group for named to run under, mine are both called named. This is from my /etc/passwd, /etc/group and /etc/shadow.

named:x:98:98:named server UID:/:

named::98:

named:*LK*:::::::

When this is you should change the bind service in SMF to start with the newly added users privileges instead of root.

The following commands should to the trick.

svccfg -s svc:/network/dns/server:default
> setprop start/user=named
> setprop start/group=named
> exit
svcadm refresh svc:/network/dns/server:default
svcadm clear svc:/network/dns/server:default
svcadm restart svc:/network/dns/server:default

BIND working as intended (hopefully)

BIND working as intended (hopefully)

Screen shot 2011-02-05 at 20.01.13

Speeding up your internet connection with WAN load balancing

9 Replies

To start with this either requires you to have multiple Internet connections OR, like me, an ISP that gives you 100 Mbit/s download and 10 Mbit/s upload. The thing is that my ISP gives me a 100 Mbit full duplex connection but limits my upload to 10 Mbit/s per IP. Notice, per IP address! I can get five IP addresses, this means 5 x 10 Mbit/s upload. I could have five different computers all uploading at 10 Mbit/s or 5 network cards (NICs) in one computer with load balancing. Of course I use the load balancing solution with pfSense as OS for my router.

To make things even better you can do this by using a virtual, I use VMware ESXi with a dedicated NIC connected to the Internet.

Internet connection in ESXi

Now, create five virtual NICs on that virtual machine like this.

Five virtual NICs

As you can see there are five NICs connected to Internet and one to my LAN. Continue by installing pfSense. Connect LAN and the first WAN NIC when installing pfSense. Your Internet connection should be working (but without load balancing) to go to the next step.

Go to Interfaces > Assign and add your remaining NICs as OPT1-4. When activating them, don’t forget to check “Enable optional interface” at the top of the page and check “Disable userland FTP-proxy application” too.

NICs assigned to opt1-4

All your NICs should get an IP address (hopefully). Check this under Status > Interfaces. Should look something like the picture below.

All NICs have IP addresses

The next step is to create a pool for Load balancing containing all the WAN NICs. This is done under Services > Load balancer.

Use the following settings:
Type: Gateway
Behavior: Load balancing
Monitor: DNS Server 1 (use this if your NIC are all connected to the same ISP, otherwise the gateway of each NIC)

Now, add the interfaces and set an appropriate name for the pool.

Load balancing pool

The last step is to make sure the pool is used, this is done by a firewall rule. Go to Firewall > Rules and the LAN tab. Edit the existing rule and change the gateway to your pool’s name.

Gateway changed

You’re done! This is what I get when using speedtest.net (which doesn’t show my real upload speed, I’ve been achieving 30 MBit/s at least with multiple upload connections).

Speed test

Speedtest nr 2

Now, there’s one thing left. HTTPS can be a bit cranky when it’s load balanced, so you can add a firewall rules to make sure HTTPS is always running from/to the first WAN NIC. Add a new rule under Firewall > Rules under the LAN tab. Choose destination port range and select HTTPS, gateway should be set to Default (not the LB pool). Save the rule and move it to the top of the rules under the LAN tab. I’ve added rules for both HTTPS and HTTP.

HTTP and HTTPS rules

Upgrade no 2, the ESXi server

2 Replies

The time had come when it was time to change the components of my ESXi server. Why? Well, for starters it used to crash about once a week for nu apparent reason. Hopefully this is now a thing of the past. The second reason to upgrade is just for the fun of it, more memory and a faster CPU. You might be wondering what new hardware I’ve put into the machine. I’ll tell you!

Motherboard

I first tried a board from Gigabyte, but it refused to boot from my USB stick containing ESXi. What to do? Couldn’t be bothered with trying to get it to boot, so instead i went for the ASUS M4A89GTD. It uses the AMD 890GX chipset and has support for Phenom II X6, which is a must as you’ll see further down. It also has a good amount of expandability with many PCI express slots for upgrades, NICs, etc. Last but not least, it boots my USB/ESXi stick with perfection. My old ESXi server also had an ASUS motherboard, so I think i made the right choice. Since it’s a desktop motherboard I disabled the sound card, SATA controller, onboard ethernet, etc. in BIOS.

CPU

AMD Phenom II X6 1055T, a fast CPU with six cores at a reasonable price. When running a lot of VMs I’d rather have six cores than two or four and because the CPU is cheap it wasn’t a hard decision.

RAM

2x 4 GB Corsair XMS3 1066 MHz DDR3, in total 8 GB RAM. Since my local computer store didn’t have ECC memory I went for these, might replace them with ECC RAM though.

Conclusion

So far everything is running smoothly, although I’ve only had the machine up and running for 16 hours. At the moment it has three VMs, two Linux (Ubuntu) and one Windows XP. With most of the memory and CPU unused I have a lot of power to spare and hopefully I don’t have to upgrade for quite some time. Last but not least, sorry for the lack of pictures. With the Gigabyte motherboard refusing to boot I got so frustrated I forgot to take pictures.

Learn the basics of Solaris Containers

7 Replies

Many of the computer related topics in the world involves virtualization and the cloud in some way. There are many virtualization solutions out there, the biggest players in the league are VMware, Xen and Hyper-V from Microsoft. In this blog post I will discuss another technology, one that doesn’t virtualize the whole computer but rather just the operating system. This technology is called Solaris Containers. Containers has been around since Solaris 10 and was first released in 2005, it’s not exactly a new type of virtualization. The system itself is built upon the same basics as Linux-VServer, FreeBSD Jails, AIX Workload Partitions etc. just to name a few.

Virtualization type

So, what’s the difference between operating system virtualization and full virtualization? The mayor difference is that you don’t create virtual machines but rather virtual operating system instances. These instances, called zones, use the same basic fundamentals as the underlying “master” operating system instance. You can combine resource control and strict separation between the zones. Every zone will act as a separate instance of the operating system running on the same computer. This lowers overhead and cuts down cost compared to full virtualization that uses it’s own virtual hardware. Another advantage is that the zones can share operating system binaries and other files, every zone will thus use very little hard drive space and you will even be able to install software in one zone and make it available in all the others.

There’s always a standard zone or master zone, it’s called the global zone. All other zones are created from the global zone and are thus non-global zones.. In the global zone you have the ability to see all processes running on the system, even those belonging to other zones. This isn’t possible in non-global zones. Every zone has it’s own hostname, virtual network card and storage. The storage is the only hardware resource unique to the zone, don’t need dedicated CPU, RAM, network card or similar for each zone.

Different types of zones

There are two types of zones, the one I just described earlier is called a sparse zone or small zone. This kind of zone shares files with the global zone. You can also create whole root zones or big zones, these zone have their own complete copy of all the operating system files and doesn’t ever have to run the same version of Solaris as the global zone. If you want to use big zones and save disk space you can make ZFS clones. Since clones only saves blocks different from the snapshot it points to you can have big zones and still use very little hard drive space. Another advantage is that you can create new zones in just a matter of seconds (excluded the zone specific configuration).

Example installation of a small zone

I’ll show you how to create a small zone in Solaris. I use Solaris 11 Express in this example, but older versions should work the same way. In this case my new zone utilizes 747 MB disk space, I consider this very good. The global zone uses 2.8 GB.

root@solaris:~# zonecfg -z testzon
testzon: No such zone configured
Use ‘create’ to begin configuring a new zone.
zonecfg:testzon> create
zonecfg:testzon> set autoboot=true
zonecfg:testzon> set zonepath=/export/testzon
zonecfg:testzon> add net
zonecfg:testzon:net> set address=172.16.0.31
zonecfg:testzon:net> set physical=e1000g0
zonecfg:testzon:net> end
zonecfg:testzon> info
zonecfg:testzon> verify
zonecfg:testzon> commit
zonecfg:testzon> exit
root@solaris:~#
The newly created zone is called “testzon” and I’m putting it under /export/testzon. A network card is added and bound to my physical interface called e1000g0. I’m also giving it a static IP address. Finally everything is verified, committed and that’s it.
Now, take a look in /etc/zones/testzon.xml.
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE zone PUBLIC “-//Sun Microsystems Inc//DTD Zones//EN” “file:///usr/share/lib/xml/dtd/zonecfg.dtd.1″>
<!–
DO NOT EDIT THIS FILE.  Use zonecfg(1M) instead.
–>
<zone name=”testzon” zonepath=”/export/testzon” autoboot=”true” brand=”ipkg”>
<network address=”172.16.0.31″ physical=”e1000g0″/>
</zone>
As you can see the XML file contains the information we entered earlier. Let’s continue with the installation.
root@solaris:~# mkdir /export/testzon
root@solaris:~# chmod 700 /export/testzon/
root@solaris:~# zoneadm -z testzon verify
root@solaris:~# zoneadm -z testzon install
A ZFS file system has been created for this zone.
Publisher: Using solaris (http://pkg.oracle.com/solaris/release/ ).
Image: Preparing at /export/testzon/root.
Sanity Check: Looking for ‘entire’ incorporation.
Installing: Core System (output follows)
————————————————————
Package: pkg://solaris/consolidation/osnet/osnet-incorporation@0.5.11,5.11-0.151.0.1:20101104T230646Z
License: usr/src/pkg/license_files/lic_OTN
Oracle Technology Network Developer License Agreement
bla bla bla bla (wall of text, cut it out)
Packages to install:     1
Create boot environment:    No
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1         1/1      0.0/0.0
PHASE                                        ACTIONS
Install Phase                                  11/11
PHASE                                          ITEMS
Package State Update Phase                       1/1
Image State Update Phase                         2/2
Packages to install:    45
Create boot environment:    No
Services to restart:     3
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                45/45 12511/12511    89.1/89.1
PHASE                                        ACTIONS
Install Phase                            17953/17953
PHASE                                          ITEMS
Package State Update Phase                     45/45
Image State Update Phase                         2/2
Installing: Additional Packages (output follows)
Packages to install:    46
Create boot environment:    No
Services to restart:     2
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                46/46   4498/4498    26.5/26.5
PHASE                                        ACTIONS
Install Phase                              6139/6139
PHASE                                          ITEMS
Package State Update Phase                     46/46
Image State Update Phase                         2/2
Note: Man pages can be obtained by installing SUNWman
Postinstall: Copying SMF seed repository … done.
Postinstall: Applying workarounds.
Done: Installation completed in 500.254 seconds.
Next Steps: Boot the zone, then log into the zone console (zlogin -C)
to complete the configuration process.
root@solaris:~#
We’ll start by creating the folder where the zone will reside and make sure the owner is the only user with permissions to the folder. Verify the zone and install it. Solaris kindly tells us what it’s up to, installing packages and configuring the new zone. On the bottom it says Next Steps: Boot the zone, then log into the zone console (zlogin -C)”, this it the next step.

root@solaris:~# zoneadm list -cv
ID NAME             STATUS     PATH                           BRAND    IP
0 global           running    /                              ipkg     shared
1 small-zone       running    /export/small-zone             ipkg     shared
- testzon          installed  /export/testzon                ipkg     shared
root@solaris:~# zoneadm -z testzon boot
zone ‘testzon’: WARNING: e1000g0:2: no matching subnet found in netmasks(4): 172.16.0.31; using default of 255.255.0.0.
root@solaris:~# zoneadm list -cv
ID NAME             STATUS     PATH                           BRAND    IP
0 global           running    /                              ipkg     shared
1 small-zone       running    /export/small-zone             ipkg     shared
2 testzon          running    /export/testzon                ipkg     shared
root@solaris:~#

First we’ll check what zones the computer has. This computer has three zones, one global and two non-global. Starting the zone is done with zoneadm -z testzon boot. I’ll list the zones again to make sure the new zone started.

root@solaris:~# zlogin -C testzon
[Connected to zone 'testzon' console]
You did not enter a selection.
What type of terminal are you using?
1) ANSI Standard CRT
2) DEC VT100
3) PC Console
4) Sun Command Tool
5) Sun Workstation
6) X Terminal Emulator (xterms)
7) Other
Type the number of your choice and press Return: 2
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses: e1000g0.

The last thing I’ll do is try to login to the new zone with zlogin. I’ll choose the correct term emulation and continue with some other basic setup questions about DNS, root password, etc.