Tuesday, August 23, 2011

gentoo qemu/kvm init script

Since i have a really powerfull server i also play alot around with virtualization. In particular with qemu/kvm. Right now i have 2 guest running all the time. One is a hardened gentoo with a ftp server on it, the other one is a windows xp system. Already when i bought my server i decided to write a start/stop script for my qemu/kvm guests, which i want to share now with the Internet.
I already spend lots of time in this scirpt and i think it's quite useable, though it's far away from perfect, but i still improve it. It's current features are:
  • Start a vm based on their name from the init-scirpt.
    I gonna explain that more detailed:
    When i started to write this script, i wanted to have something similar like the net.lo scirpt in gentoo. For every network device in gentoo will be a new link created to net.lo. The configuration for every device is also in one file. While making a link for every vm is a great deal, having all the configuration in one file isn't a good idea (the config file is quite long), means for every vm exists a seperate config file. Now, the default scirpt is called kvm.init, a start script for a vm is then a link to kvm.init and is, for example, called kvm.winxp. Now, it's important to find the image of the vm.
    Either their is the complete path to the image in the config (/etc/conf.d/kvm.winxp) or there is just the directory in the config means that the script has to find out the image name based on the name of the init scirpt.
    Example: kvm.winxp = it would look for a image called winxp, winxp.img or winxp.qcow2. (no matter which ending it has). Does it find more possible images it wouldn't start anything and gives back an error.
  • Every guest gets an tap device for the network (as long as network is wanted), means every guest has a full featured network device with acces to the local network. The scirpt generates for every guest a tap device on the host system. A bridge has to be setup before. On shutdown, the scirpt deletes the tap device.
  • The script checks other vms for same mac-address, vnc-addresses and ports or images which runs already under a different script. Usually the script adds these options by itself correctly.
  • For many options the scirpt checks for it's correctness.
  • A vm will be shutdown via nc through qemu monitor, giving the guest 80 secounds time to shutdown. That should work at least on windows and linux (as long acpid is installed and runs)
  • Qemu can be run as an different user, even the tap devices can be created under a different user
  • The scirpt supports features like viritio-console, virtio-balloon, virtio-net, virtio-blk or vhost for better/faster virtualization (guest has to support this)
  • Well documented configuration file. I tried to make it as easy as possible.

What is needed for this scirpt:
  • Since it generates a tap device for every guest, you must have a bridge configured!
  • The srcipt itself needs following commands: sleep, rm, ps, [e]grep, brctl, ip, nc, ls, head and wc, thus needs following packages installed: 
    • sys-apps/coreutils
    • sys-process/procps
    • sys-apps/grep
    • sys-apps/iproute2
    • net-misc/bridge-utils
    • net-analyzer/netcat6
  • a processer with vt-x support
  • a kernel with virtualization enabled

How does it work:
  • First of all, download my kvm start-stop script from here: Link
  • Copy kvm.init into /etc/init.d/
  • Make a new link for every guest with: "ln -s kvm.init kvm.windows7"
  • Copy kvm.config into /etc/conf.d/
  • Rename kvm.config into kvm.windows7 (like the init script)
  • For every new guest you have to copy the config again.

Be warned, i never tried this init-scirpt on other machines, so there is no guarantee that it works. Please make sure you have all programms installed which are needed and also have the config file edited to your needs. Especially the path to the image and the bridge device has to be set. I also strongly suggest to create an extra directory for the pid files. (it's set to /var/run/kvm per default)
Have fun with the script. Suggestions, bugs and improvements are welcome :)

The init-script: Link

    Sunday, August 21, 2011

    python: reverse numbers

    Recently i've looked for a nice way to reverse an int variable in python. I wanted to have a function which transforms for example "1234" into "4321". At the internet, i've found a nice math solution which worked flawless. It's code look's like:

    def rev(val):
      if val < 10: return val
        expon = int(math.log10(val))
        ival = val%10
        dval = val/10
        return int(ival*math.pow(10,expon)) + rev(dval)

    But today i tryed to make another, shorter solution. It has nothing todo with math. Actually i just take an int variable, convert it into string, reverse it, and convert it back into int. Really simple and it also works flawless:

    def strrev(sval):
      if len(str(sval)) == 1: return sval
        strcon = str(sval)
        return int(strcon[::-1])

    Now i'm wondering which function would be better and for what reason. I made some benchmarks and found out that the second solution is about 25% faster than the first one, but i just stoped these two version with "time". I think it's not good enough to take is as a benchmark. Besides that, i don't know anything about memory consumption. Anyway, i'll keep the second, since it's faster...

    If someone wants to try it out, i've uploaded both "benchmark" script's. The scirpt generates every number from 1 to 100000, reverses every number and subtracts every number with it's reversed version. 

    Download: Link

    Thursday, August 4, 2011

    alix update

    As i already mentioned in a earlier post, i'm having a alix device. It's a really cool device and i'm using it as my firewall and time-server, means it runs iptables and ntpd (there is also darkstat on it). The gentoo which is on it is a standard minimal installation, but with an hardened profile and hardened kernel. The firewall init-script is my own creation.

    Since this device is pretty slow and i also trying to keep the disk I/O low (the system is on a CF), i update it really rarely. Besides that, it has no vga output and i never could minicom (for the serial I/O) to work, i never know what's going on at the boot up and i can only hope everything works and sshd gets up :)

    Well, recently i made an update and it was an huge update. New gcc-compiler, new kernel and baselayout-2/openrc. I was really suprised that everything worked out flawless. I even have the feeling that my system boots up much faster with the new kernel and openrc. Really cool. Right after the update i took the CF and made a backup with dd.

    For those who still use such an alix device, i've uploaded the kernel config, so you can use it with your device..
    Download: gentoo-2.6.38-r6.config