Please remove this {{Draft}}template, when you're sure the page is complete and correct.
|
This Wiki page describes what to do to create a LAN (with Internet access) of Linux virtual machines and their host operating system. This is particularly valuable for testing software components that demand a network. Although currently just VirtualBox is mentioned for the VMs, the 'networking' bulk of the Wiki applies to any Linux virtual machine. Hopefully other VM mechanisms like KVM/Qemu will be added.
This page is ultra-provisional to give you something useful to read. It is currently based on an edited/formatted/Wikified collated series of e-mails. It will be progressively improved and expanded for clarification.
Contents
The building blocks
[TBS]
Host pe-requisites
[TBS]
Setting up VirtualBox guests networking
When creating the vb guest, set the type to Linux, and the version to either Mageia, or Mageia (64 bit). Note that after clicking on the dropdown box for the version, scrolling down will have to be done to select the 64 bit version.
In each guest, depending on the amount of real RAM you have, and the number of simultaneous VMs you intend to run, set the maximum ram usage to 1-4Gb.
When creating the virtual hard drive, I use the default .vdi extension, and change from the default of dynamic to *fixed* size, as it's noticeably faster in usage. I normally give each guest 16GB of disk space.
Once the new vb guest has been created, I select settings, and make the following changes.
- On the general/advanced tab ...
- change shared clipboard from disabled to bi-directional.
- On the system/motherboard tab ...
- change the pointing device from usb tablet to ps/2 mouse.
- enable i/o apic.
- On the system/processor tab ...
- I set the processors to <= what you have.
- enable pae/nx.
- On the display/video tab ...
- Increase video ram to the max 128MB.
- Enable 3d acceleration.
- On the storage tab ...
- Right click on the ide controller, add an existing hard drive, selecting the same one that is shown on the sata controller, then right click on the drive under the sata controller, and remove the attachment. This may not be needed, but in the past, there were problems with the vb sata controller that would cause disk corruption, so it's safer to move the drive to the ide controller.
- Due to bug 44 https://bugs.mageia.org/show_bug.cgi?id=44 if the guest is using a kernel such as the desktop kernel (anything *other than* the server kernel), add the kernel option divider=10. This will improve performance very noticeably, by reducing the number of interrupts generated for the host.
- Do *not* add the option if using the server kernel.
- On the network tab ...
- If a router is being used, change the "attached to" from nat to bridged. When installing the guest, and setting up the network, the same gateway/netmask that is used on the host should be specified.
- If a router is not being used, the host will have to be specified as the gateway, and forwarding set up, plus proper firewall rules [TBS].
- On the shared folders tab ...
- Click on the top icon along the right hand side, to add a share. I specify the path as /, leave the name as the default ROOT, and select Auto-mount. This allows easily copying files to/from the host, from within the guest.
Setting up the host/VM LAN
[The following notes relate to Dave Hodgins' system of 6 VMs, and Olivier's of 2 VMs. The context differentiates them].
For DNS, I use static IP addresses on the host and each of the VB guests. In my case, the host has a hostname of "x3.hodgins.homeip.net" (I used to use dyndns.org, but haven't changed the hostname since switching to www.noip.com for dynamic DNS services).
I install and run bind on the host. In /etc/named.conf I've added the lines ...
zone "homeip.net" IN {
type master;
file "myzone";
allow-update { none; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "myreverse";
allow-update { none; };
};
and changed listen-on and allow-query to any (note that my router does not forward port 53 to the host, so it is not open to the internet).
Also using a zone of homeip.net in bind means I cannot access any other hosts using the domain homeip.net, from this system (I can from my other computer which is running an un-customized version of bind). Note: Do *not* specify a path for the file options in named.conf.
On the host, define the forward/reverse hostnames and IP addresses for each guest, in the myzone and myreverse files. When specifying the hostname and IP address in the guest, make sure the same values are used in the guest, as are specified in the named configuration files on the host.
In each guest, specify the IP address of the host as the first DNS server. Note that additional DNS servers are only used if the first one is either not responding, or is returning a server error msg.
Here are my /var/named/myzone and /var/named/myreverse files, as samples.
/var/named/myzone
$ORIGIN homeip.net.
$TTL 1D
; any time you make a change to the domain, bump the
; "serial" setting below. the format is easy:
; YYYYMMDDI, with the I being an iterator in case you
; make more than one change during any one day
@ IN SOA hodgins hostmaster (
201201021 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
; hodgins.homeip.net serves this domain as both the
; name server (NS) and mail exchange (MX)
NS hodgins
MX 10 hodgins
; just in case someone asks for localhost.homeip.net
localhost A 127.0.0.1
; our hostnames, in alphabetical order
hodgins A 192.168.10.101
i2v.hodgins A 192.168.10.111
i3v.hodgins A 192.168.10.113
i4v.hodgins A 192.168.10.115
w7v.hodgins A 192.168.10.107
x2v.hodgins A 192.168.10.110
x3.hodgins A 192.168.10.2
x3v.hodgins A 192.168.10.112
x4v.hodgins A 192.168.10.114
/var/named/myreverse
$ORIGIN 10.168.192.in-addr.arpa.
$TTL 1D
@ IN SOA hodgins.homeip.net. hostmaster.homeip.net. (
200405190 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
; define the authoritative name server
NS hodgins.homeip.net.
; our hosts, in numeric order
2 PTR x3.hodgins.homeip.net.
101 PTR hodgins.homeip.net.
107 PTR w7v.hodgins.homeip.net.
110 PTR x2v.hodgins.homeip.net.
111 PTR i2v.hodgins.homeip.net.
112 PTR x3v.hodgins.homeip.net.
113 PTR i3v.hodgins.homeip.net.
114 PTR x4v.hodgins.homeip.net.
115 PTR i4v.hodgins.homeip.net.
The host names ending with a v in the first part of the name are all VB guests. The x3 is the host (It's running Mageia 4, I just haven't bothered changing the name since upgrading it). The "hodgins.homeip.net" is my old i586 system, that I now use as a file server, and for running konversation.
The guests are all set to use the host as the DNS server, and the above allows forward/reverse DNS lookups to match, which is required for some packages, such as krb5.
When you say, "a static IP address", is that a public ip address on the host, or a static IP address for a router?
On the host, and each vb guest, run "host $HOSTNAME". Copy the IP address and paste that into "host <ipaddress>". If the name returned from the second hostname doesn't match the $HOSTNAME from the first host command, then there are some packages such as krb5 that will not work.
I mean I have a static public address given by my provider.
My router (which is also my box) has a static private address (192.168.0.254). In the router, I set permanent lease types for my host and my 2 VMs based on their respective MacAdress so that DHCP always allocate the same addresses (192.168.0. 1/3/4).
Network settings on each machine are set on:
- automatic IP (BOOT/DHCP)
- Get DNS servers from DHCP
Commands "host $HOSTNAME" and "host ipaddress" (where I replace $HOSTNAME and ipaddress with actual names and IP adresses) return:
Host $HOSTNAME not found: 3(NXDOMAIN) Host 4.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
I understood that the named.service provided by bind has nothing to do with dyndns. I further saw that bind was not installed on my system, explaining the lack of named.conf.
So I followed the procedure.
My host is on 192.168.0.1, hostname : mageialan
Two guests : 192.168.0.3, vmag364; 192.168.0.4, vmag464
Domain name : zitoun.net
Installed bind.
Edited /etc/named.conf
In "options" section
- Changed listen-on port to any
- Changed allow-query to any
Added:
zone "zitoun.net" IN {
type master;
file "myzone";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "myreverse";
allow-update { none; };
};
/etc/named.conf
//
// named.conf
//
// Provided by Mageia bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named.root.key";
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "zitoun.net" IN {
type master;
file "myzone";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "myreverse";
allow-update { none; };
};
created : /var/named/myzone.
/var/named/myzone
$ORIGIN zitoun.net.
$TTL 1D
; any time you make a change to the domain, bump the
; "serial" setting below. the format is easy:
; YYYYMMDDI, with the I being an iterator in case you
; make more than one change during any one day
@ IN SOA mageialan hostmaster (
201301021 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
; mageialan.zitoun.net serves this domain as both the
; name server (NS) and mail exchange (MX)
NS mageialan
MX 10 mageialan
; just in case someone asks for localhost.zitoun.net
localhost A 127.0.0.1
; our hostnames, in alphabetical order
mageialan A 192.168.0.1
vmag364 A 192.168.0.3
vmag464 A 192.168.0.4
I'm not sure of the 2 following:
in NS, I put mageialan (which is the hostname)
in MX : 10 mageialan (i don't know what the 10 is, I just kept it)
and /var/named/myreverse
/var/named/myreverse
$ORIGIN 0.168.192.in-addr.arpa.
$TTL 1D
@ IN SOA mageialan.zitoun.net hostmaster.zitoun.net. (
200505190 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
; define the authoritative name server
NS mageialan.zitoun.net.
; our hosts, in numeric order
1 PTR mageialan.zitoun.net.
3 PTR vmag364.zitoun.net.
4 PTR vmag464.zitoun.net.
First confirm named is working using "host $HOSTNAME 127.0.0.1", and "host 192.168.0.1 127.0.0.1". Adding the 127.0.0.1 will cause the host command to use named, from the host, instead of whatever is in /etc/resolv.conf.
Once bind is working, on the host modify
/etc/resolvconf/resolv.conf.d/head
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1
Ignore the comment about not editing. It's there so that the comment will show up in /etc/resolv.conf, which will be overwritten on each boot, or network service restart.
Then run "systemctl restart network.service", or reboot the host. Then the host will be using named running on the host.
Confirm it's working using the host commands without the 127.0.0.1
# systemctl status -l named named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; enabled) Active: active (running) since dim. 2014-10-12 02:51:24 CEST; 33s ago Process: 2817 ExecStart=/usr/sbin/named -u named -t /var/lib/named $OPTIONS (code=exited, status=0/SUCCESS) Process: 2785 ExecStartPre=/usr/sbin/named-checkconf -t /var/lib/named -z /etc/named.conf (code=exited, status=0/SUCCESS) Process: 2246 ExecStartPre=/usr/sbin/setup-named-chroot.sh /var/lib/named on (code=exited, status=0/SUCCESS) Main PID: 2820 (named) CGroup: /system.slice/named.service └─2820 /usr/sbin/named -u named -t /var/lib/named oct. 12 02:51:24 mageialan named[2820]: zone localhost.localdomain/IN: loaded serial 0 oct. 12 02:51:24 mageialan named[2820]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 oct. 12 02:51:24 mageialan named[2820]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 oct. 12 02:51:24 mageialan named[2820]: zone localhost/IN: loaded serial 0 oct. 12 02:51:24 mageialan named[2820]: zone 0.168.192.in-addr.arpa/IN: loaded serial 200505190 oct. 12 02:51:24 mageialan named[2820]: zone zitoun.net/IN: loaded serial 201301021 oct. 12 02:51:24 mageialan named[2820]: all zones loaded oct. 12 02:51:24 mageialan named[2820]: running oct. 12 02:51:24 mageialan named[2820]: zone 0.168.192.in-addr.arpa/IN: sending notifies (serial 200505190) oct. 12 02:51:24 mageialan systemd[1]: Started Berkeley Internet Name Domain (DNS).
That worked flawlessly.
Now on each guest, /etc/resolv.conf shows:
- nameserver 192.168.0.01
which is my host running DNS set up with bind.
To be sure, I put only this DNS server in guests's network settings.
On guest mageia4-64,
$ host 192.168.0.13 13.0.168.192.in-addr.arpa domain name pointer vmag364.zitoun.net. $ host vmag364.zitoun.net vmag364.zitoun.net has address 192.168.0.13
On guest mageia3-64, the command host returns:
$ host 192.168.0.14 bash: host : commande introuvable
but
$ ping -c 3 vmag464.zitoun.net PING vmag464.zitoun.net (192.168.0.14) 56(84) bytes of data. 64 bytes from vmag464.zitoun.net (192.168.0.14): icmp_seq=1 ttl=64 time=0.221ms
