Barry's notes on computer software and hardware 2026-05-20T03:45:42-07:00 urn:uuid:f315631b-ab5e-54c7-5a70-5c5d40300ccc urn:uuid:3688ef99-a82d-ea5d-c912-bf76285790ac 2008-12-04T09:25:38-08:00 Barry Pederson bp@barryp.org <p>I'm still experimenting with Ubuntu 8.04 Server (Hardy Heron), and have switched from Xen to KVM (Kernel-based Virtual Machine). Xen worked well on a little test machine I had, but when I tried it on a brand-new Supermicro server, it turned out to have a <a href="https://bugs.launchpad.net/ubuntu/+source/xen-3.2/+bug/236268">problem with the Intel NIC</a>. Since it seems Ubuntu is recommending KVM over Xen, and the server supports hardware virtualization, I figured I'd give it a try. </p> <p>One big difference is that KVM does <em>full</em> emulation, which means any disk space you give it from LVM (Logical Volume Manager), will be a full virtual disk, with a partition table. It's a little more complicated to access filesystems within the virtual disk that it was with Xen, I wanted to jot some notes down here mostly for myself on how to do that. </p> <p>If I've created a logical volume named <code>/dev/myvg/test_vm</code> and installed another linux on it with a single ext3 filesystem (/dev/sda1 from the point of view of the VM) and some swap space (/dev/sda5), it can be accessed when the VM isn't running with the help of the <code>kpartx</code> utility... </p> <pre><code>kpartx -av /dev/myvg/test_vm </code></pre><p>would read the partition table on the virtual disk and create: </p> <pre><code>/dev/mapper/myvg-test_vm1 /dev/mapper/myvg-test_vm2 /dev/mapper/myvg-test_vm5 </code></pre><p>Then you can </p> <pre><code>mount /dev/mapper/myvg-test_vm1 /mnt </code></pre><p>to mess with the VMs <code>/dev/sda1</code>. To clean things up when finished, run: </p> <pre><code>umount /mnt kpartx -d /dev/myvg/test_vm </code></pre> <h3>Snapshots</h3> <p>If you want to look at the contents of a running VM's disks (perhaps for backing it up) you can use LVM snapshots. For example: </p> <pre><code>lvcreate --snapshot --size 1G --name test_snap /dev/myvg/test_vm kpartx -av /dev/myvg/test_snap mount /dev/mapper/myvg-test_snap1 /mnt . (play with VM's /dev/sda1 in /mnt) . umount /mnt kpartx -dv /dev/myvg/test_snap lvremove /dev/myvg/test_snap </code></pre> urn:uuid:788b4189-21a0-395c-27cb-0f1edccc4a0a 2008-10-23T08:43:49-07:00 Barry Pederson bp@barryp.org <p>I've been experimenting with setting up Ubuntu Server 8.04 (Hardy Heron) to run Xen, and had a minor problem with UFW (Uncomplicated Firewall) running in the dom0 blocking network access to a domU running in bridged mode. It seems the fix is just to edit <code>/etc/defaults/ufw</code> and make this change to enable forwarding: </p> <div class="source"><pre><span class="gd">--- a/default/ufw Thu Oct 23 10:00:33 2008 -0500</span> <span class="gi">+++ b/default/ufw Thu Oct 23 10:34:36 2008 -0500</span> <span class="gu">@@ -16,7 +16,7 @@ DEFAULT_OUTPUT_POLICY=&quot;ACCEPT&quot;</span> # set the default forward policy to ACCEPT or DROP. Please note that if you # change this you will most likely want to adjust your rules <span class="gd">-DEFAULT_FORWARD_POLICY=&quot;DROP&quot;</span> <span class="gi">+DEFAULT_FORWARD_POLICY=&quot;ACCEPT&quot;</span> # # IPT backend </pre></div> <p>and then run <code>ufw disable; ufw enable</code>. <br /> </p> <p>I <em>believe</em> dom0 is now protected, and it'll be up the the domU to protect itself. I can't say I'm entirely comfortable with Linux IPTables, sure wish PF was available as an alternative. </p>