How to use custom tap with libvirt? - virtualization

i need help about one issue that i cannot understand.
I have some virtual machines that runs on an embedded device, i create dynamically one vm and after i start this one for load some parameters inside that. The network take an ip from dhcp server without problem, you can see the qemu command that i use:
qemu-system-aarch64 \
-cpu host \
-machine type=virt \
-enable-kvm \
-nographic \
-smp 1 \
-m 64 \
-serial stdio \
-monitor telnet:127.0.0.1:4448,server,nowait \
-kernel ./Image \
-append 'console=ttyAMA0 earlyprintk=pl011,0x1c090000 loglevel=9 root=/dev/vda rw rootwait' \
-drive file=./rootfs.ext4,if=none,format=raw,id=hd0 -device virtio-blk-device,drive=hd0 \
-netdev tap,id=eth0,script=no,ifname=tap0 \
-device virtio-net-pci,netdev=eth0,mac=00:16:35:AF:94:00
Before to start the vm i create one tap interface connected to a bridge, where the phisical interface eth0 is also connected to bridge.
Everything is working with qemu, but i need to use libvirt to manage the vms and i don't understand how can i use my tap interface with libvirt. I try to use the default bridge which is generated from virtual manager, it's working but libvirt generate a random mac address for the internal interface of vm. And I need to set manually the mac address like qemu command.

Thank you Daniel, i solved the problems and this is my actually configuration:
You have to be sure the /etc/sysctl.conf contains the following lines
net.ipv4.ip_forward = 1
net.ipv4.conf.all.proxy_arp = 1
net.ipv6.conf.all.forwarding = 1
Than i have created new macvtap interface
sudo ip link add link eth0 name macvtap0 type macvtap mode bridge
sudo ip link set macvtap0 address 1a:46:0b:ca:bc:7b up
sudo ip link show macvtap0
Qemu command for x86_64 vm with macvtap network
qemu-system-aarch64 \
-cpu host \
-machine type=virt \
-enable-kvm \
-nographic \
-smp 1 \
-m 64 \
-serial stdio \
-monitor telnet:127.0.0.1:4448,server,nowait \
-kernel ./Image \
-append 'console=ttyAMA0 earlyprintk=pl011,0x1c090000 loglevel=9 root=/dev/vda rw rootwait' \
-drive file=./rootfs.ext4,if=none,format=raw,id=hd0 -device virtio-blk-device,drive=hd0 \
-netdev tap,id=eth0,script=no,ifname=tap9 \
-device virtio-net-pci,netdev=eth0,mac=00:16:35:AF:94:4B
Where tap9 in my case is the tap that is been created from macvtap interface. So with qemu-kvm it's working.
Now I show you the xml that i have created for libvirt
<domain type="kvm">
<name>vmdhcp</name>
<memory unit='KiB'>55200</memory>
<currentMemory unit='KiB'>55200</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='aarch64' machine='virt'>hvm</type>
<kernel>/var/lib/libvirt/images/Image</kernel>
<cmdline>root=/dev/vda</cmdline>
<boot dev='hd'/>
</os>
<cpu mode='custom' match='exact'>
<model fallback='allow'>host</model>
</cpu>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-aarch64</emulator>
<disk type='file' device='disk'>
<source file='/var/lib/libvirt/images/rootfs.ext4'/>
<target dev='vda' bus='virtio'/>
</disk>
<interface type='direct'>
<mac address='00:16:00:7b:4b:8c'/>
<source dev='eth0' mode='bridge'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
</devices>
With libvirt you don't need to create manually macvtap interfaces, because with this configuration libvirt create automatically one macvtap interface connected to eth0 physical interface, one for each vm running.
So, i hope that this explanation is helpful for other users.

Related

Build failed while appending line in source of docker container

I'm working on https://github.com/audip/rpi-haproxy and get this error message when building the docker container:
Build failed: The command '/bin/sh -c echo "deb http://httpredir.debian.org/debian jessie-backports main" >> /etc/apt/sources.list' returned a non-zero code: 1
This can be viewed at https://hub.docker.com/r/audip/rpi-haproxy/builds/brxdkayq3g45jjhppndcwnb/
I tried to find answers, but the problem seems to be something off on Line 4 of the Dockerfile. Need help to fix this build from failing.
# Pull base image.
FROM resin/rpi-raspbian:latest
# Enable Jessie backports
RUN echo "deb http://httpredir.debian.org/debian jessie-backports main" >> /etc/apt/sources.list
# Setup GPG keys
RUN gpg --keyserver pgpkeys.mit.edu --recv-key 8B48AD6246925553 \
&& gpg -a --export 8B48AD6246925553 | sudo apt-key add - \
&& gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010 \
&& gpg -a --export 7638D0442B90D010 | sudo apt-key add -
# Install HAProxy
RUN apt-get update \
&& apt-get install haproxy -t jessie-backports
# Define working directory.
WORKDIR /usr/local/etc/haproxy/
# Copy config file to container
COPY haproxy.cfg .
COPY start.bash .
# Define mountable directories.
VOLUME ["/haproxy-override"]
# Run loadbalancer
# CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
# Define default command.
CMD ["bash", "start.bash"]
# Expose ports.
EXPOSE 80
EXPOSE 443
From your logs:
standard_init_linux.go:178: exec user process caused "exec format error"
It's complaining about an invalid binary format. The image you are using is a Raspberry Pi image, which would be based on an ARM chipset. Your build is running on an AMD64 chipset. These are not binary compatible. I believe this image is designed to be built on a Pi itself.

Start Docker with SSL

I'm trying to setup a docker application to run on SSL.
How can I start the docker with SSL?
This is to install Tangerine - https://github.com/Tangerine-Community/Tangerine.
The app has a start.sh script that has the following,
#!/usr/bin/env bash
set -v
if [ -f "./config.sh" ]
then
source ./config.sh
fi
docker pull tangerine/tangerine:$TANGERINE_VERSION
docker stop tangerine-container
docker rm tangerine-container
docker run -d \
--name tangerine-container \
--env "T_PROTOCOL=$T_PROTOCOL" \
--env "T_ADMIN=$T_ADMIN" \
--env "T_PASS=$T_PASS" \
--env "T_USER1=$T_USER1" \
--env "T_USER1_PASSWORD=$T_USER1_PASSWORD" \
--env "T_HOST_NAME=$T_HOST_NAME" \
-p 80:80 \
--volume $(pwd)/data/couchdb/:/var/lib/couchdb \
--volume $(pwd)/data/media_assets/:/tangerine-server/client/media_assets/ \
tangerine/tangerine:$TANGERINE_VERSION
I tried changing the port to 443 but didn't seem to work.
Is there any other approach that I can use in this case?
The docs indicate To use SSL, put an SSL enabled Reverse Proxy in front of Tangerine and set the T_PROTOCOL variable in config.sh to https before running start.sh
So an alternative approach would be to run two docker containers, one as a reverse proxy configured for SSL, and one for tangerine as you have above.
You can use nginx https://hub.docker.com/_/nginx/ for the reverse proxy. You will need to supply the SSL certificate and the nginx configuration to proxy_pass to tangerine. https://www.nginx.com/resources/admin-guide/reverse-proxy/
docker-compose can make it easier to run both containers and to link them.

Firefox Proxy to Docker Fiddler refusing connection

Running docker-fiddler container on Ubuntu-14.04 host. Container brings up fiddler and redirects GUI to host, but proxy fails. Docker ver 1.11.1,
Firefox displays either "The connection was reset" or "The proxy server is refusing connections" depending on setups shown below.
Question:
What are the correct Firefox proxy settings, http and ssl?
What changes are need to docker run cmd line?
What changes are need for the Dockerfile?
Note: I am hitting an http url, not https
This configuration, localhost, assuming port fwd, FF Output: The connection was reset
Firefox proxy:
manual proxy
HTTP Proxy 127.0.0.1 Port 8888
SSL Proxy 127.0.0.1 Port 8888
This Configuration, using container ip, FF Output: The Proxy server is refusing connections
Firefox proxy:
manual proxy
HTTP Proxy 172.17.02 Port 8888
SSL Proxy 172.17.02 Port 8888
TL;DR
Docker Run:
docker run -d -p 8888:8888 -v /tmp/.X11-unix:/tmp/.X11-unix -e \
DISPLAY=$DISPLAY fiddler -h $HOSTNAME -v \
$HOME/.Xauthority:/home/$USER/.Xauthority
docker ps:
16a4f7531222 fiddler "mono /app/Fiddler.ex" 3 hours ago Up 3 hours 0.0.0.0:8888->8888/tcp cranky_pare
Dockerfile jwieringa/docker-fiddler , I added expose 8888, and User config to support bind mount X server
FROM debian:wheezy
RUN apt-get update \
&& apt-get install -y curl unzip \
&& rm -rf /var/lib/apt/lists/*
RUN apt-key adv --keyserver pgp.mit.edu --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
RUN echo "deb http://download.mono-project.com/repo/debian wheezy/snapshots/3.12.0 main" > /etc/apt/sources.list.d/mono-xamarin.list \
&& apt-get update \
&& apt-get install -y mono-devel ca-certificates-mono fsharp mono-vbnc nuget \
&& rm -rf /var/lib/apt/lists/*
RUN cd /tmp && curl -O http://ericlawrence.com/dl/MonoFiddler-v4484.zip
RUN unzip /tmp/MonoFiddler-v4484.zip
## I added this for X11 Display of Fiddler GUI on linux Host
RUN groupadd -g <gid> <user>
RUN useradd -d /home/<user> -s /bin/bash -m <user> -u <uid> -g <gid>
USER <user>
ENV HOME /home/<user>
# I added this also
EXPOSE 8888
ENTRYPOINT ["mono", "/app/Fiddler.exe"]
1) The Host is considered a remote computer to docker-fiddler container
Fiddler > Tools > Fiddler Options > Connections > [x] Allow remote computers to connect
2) Fiddler requires a reset after changing this attribute, this closes the container. must add bind-mount volume to Dockerfile to maintain config
-v /tmp/docker-fiddler/.mono:/home/$USER/.mono
3) create /tmp/docker-fiddler/.mono on the host first and give it $USER permissions. Docker should do this for me but, I'm not sure how
4) Changed docker run to :
docker run -d -p 8888:8888 \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-h $HOSTNAME \
-v $HOME/.Xauthority:/home/$USER/.Xauthority \
-v /tmp/docker-fiddler/.mono:/home/$USER/.mono \
-e DISPLAY=$DISPLAY fiddler
5) For debugging, change the first line above to add Debug (-D) and remove daemon (-d), doing this was key to finding the missing libs
docker -D run -p 8888:8888
6) There were several libs missing, the last one was gsettings-desktop-schema which contains/brings in the gnome proxy schema. This is used by fiddler, until this was in place the "AllowRemote" config setting was not being stored
.mono/registry/CurrentUser/software/telerik/fiddler/values.xml:<value name="AllowRemote"
7) Several changes to Dockerfile, including using ubuntu, creates a very large image, might be able to backout libglib2.0-bin libcanberra-gtk-module:
FROM ubuntu:14.04
RUN apt-get update \
&& apt-get install -y curl unzip libglib2.0-bin libcanberra-gtk-module gsettings-desktop-schemas \
&& rm -f /etc/apt/sources.list.d/mono-xamarin* \
&& rm -rf /var/lib/apt/lists/*
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
RUN echo "deb http://download.mono-project.com/repo/debian wheezy main" > /etc/apt/sources.list.d/mono-xamarin.list \
&& apt-get update \
&& apt-get install -y mono-complete ca-certificates-mono fsharp mono-vbnc nuget \
&& rm -rf /var/lib/apt/lists/*
RUN cd /tmp && curl -O http://ericlawrence.com/dl/MonoFiddler-v4484.zip
RUN unzip /tmp/MonoFiddler-v4484.zip
RUN groupadd -g 1000 <USER>
RUN useradd -d /home/<USER> -s /bin/bash \
-m <USER> -u <UID> -g <GID>
USER <user>
ENV HOME /home/<USER>
EXPOSE 8888
ENTRYPOINT ["mono", "/app/Fiddler.exe"]
8) Firefox Proxy, - did not address HTTPS/SSL
FF > edit > preferences > Advanced > settings
manual proxy
HTTP Proxy <container-ip> Port 8888
SSL Proxy <left this blank>
see: Install Mono on Linux
see: Docker In Practice, Miell/Sayers - CH4 Tech 26 Running GUIs, X11

Couchbase running in a container not accessible

So I've created this Dockerfile:
FROM centos
EXPOSE 7081 8092 11210
RUN yum install -y \
hostname \
initscripts \
openssl098e \
pkgconfig \
sudo \
tar \
wget \
&& wget http://packages.couchbase.com/releases/3.0.2/couchbase-server-enterprise-3.0.2-centos6.x86_64.rpm \
&& yum install -y couchbase-server-enterprise-3.0.2-centos6.x86_64.rpm \
&& rm -f ./couchbase-server-enterprise-3.0.2-centos6.x86_64.rpm \
CMD /opt/couchbase/bin/couchbase-server start -- -noinput
And that seems to be working (running the couchbase server) and to build and run it I do:
docker build -t="my/couchbase" .
docker run -itd --name=couchbase -p 11210:11210 -p 8091:7081 -p 8092:8092 my/couchbase
Now for some reason I can't connect to it via http. I tried to get ip address of the container with docker inspect couchbase | grep IP
and then going to http://containters_ip:7081
It's trying to get there for a very long time, but eventually times out.
What am I doing wrong?
You need EXPOSE 8091 8092 11210 (think of this as "the container listens on these ports") and -p 7081:8091 to get the mapping you seek. In -p it's hostport:containerport order.

How do I start plack application on boot

Does anyone know how to start a plack application on boot.
The os is raspbian(raspberry pi).
I think i have run it as a normal user(pi). That's how i start it manually.
I have tried adding something like this to rc.local but without success
su pi -c 'cd /path/to/app && plackup -d -p 5000 -r -R ./lib,./t -a ./bin/app.psgi &'
This will in-turn be used by Apache and the app is written in dancer2 if it makes any difference.
The issue was that the perl 5 environment variables were not initialised (which are in .bashrc).
so the solution was to run the plackup command inside bash -i so that it reads .bashrc or set the PERL5LIB before invoking plackup
On a raspberry pi I use systemd to create and start a service, in the file:
/etc/systemd/system/dancer.service
[Unit]
Description=NCI Starman Dancer App
After=syslog.target
[Service]
Type=forking
ExecStart=/usr/local/bin/starman --daemonize -l 127.0.0.1:3004 \
--user myuser --group myuser --workers 8 -D -E production \
--pid /var/run/dancer.pid -I/home/myuser/webservers/Dancer/lib \
--error-log=/home/myuser/logs/dancer_error.log \
/home/myuser/webservers/Dancer/bin/app.psgi
Restart=always
[Install]
WantedBy=multi-user.target
And then I enable this with systemctl enable dancer.service
Or start it manually with systemtctl start dancer.service
Instead of startman, you can of course use plackup.
You may also want to use monit or supervisord to be sure your app is always run and will be restarted in case of kill by any reason, for example OOM

Resources