Personalize this online document.There is no real link between the two topics Virtualization and NFS (Network File System) other than pedagogical. Virtualization is about creating other machines within your machine and NFS is about accessing the file system of a server from a separate client machine. Virtualization will give us the two machines we need to set up NFS.
Enter your machine login:
Enter the simple name of your machine:
Enable Virtualization in the BIOSThis is how to do so for the Lab computers. Start by rebooting the machine. You have to catch it before it boots the operating system. Type F12 repeatedly as we did for the installation.
- Select: Enter Setup
- Go to the Advanced tab, select CPU Setup.
- Select Intel (R) Virtualization Technology [Disabled]. Enter
- Select Enabled. Enter.
- Type F10 to save and exit.
Software InstallationInstall the necessary packages:
$ sudo apt-get install kvm qemu virt-manager virt-viewer libvirt-binYou must add yourself to the libvirtd group to use the tools (it may already have been added by the installation):
$ sudo adduser LOGIN libvirtdIf you want to operate from the shell, this should be sufficient to recognize your belonging to the libvirtd group.
$ newgrp libvirtd $ newgrp LOGINA more comprehensive approach is to log out/log in so that non-shell based tools recognize your belonging to this group. Our guest machine's network will be attached to the virtual bridge interface virbr0, which has been generated for you by the libvirt-bin installation. Check it out by:
$ ifconfig virbr0We will use the Virtual Machine Manager (VMM) tool which is like other virtualization software in that it can install a variety of guest systems on your machine which is the host. We are suggesting that you create a dedicated folder for ISOs which you may want to install as virtual machines, e.g.
$ sudo mkdir /usr/local/IsosVMM needs to get access to this path, so best to make it public like this. The installation software used in this document will be the Ubuntu 14.04 server from an ISO file. Retrieve the file from the CS FTP site:
$ wget ftp://www.cs.wcupa.edu/pub/rkline/gradlinux/ubuntu-14.04-server-amd64.iso $ sudo mv ubuntu-14.04-server-amd64.iso /usr/local/Isos/
$ virt-manager &You should see the line (anything other than that means something is wrong).
localhost (QEMU)Our virtual machine's name will be vm1. Click the top left button to start creating a new machine:
Name and installation type
Name: Local install media ...
Installation media and OS
Use ISO image: OS type: Version:
Use the Browse button. Click Browse Local at the bottom left of the dialog and navigate to the ISO file.
- RAM, CPUs: take the defaults. 1GB is plenty of RAM for Ubuntu server. Keep in mind that RAM given to active guests is effectively taken away from the host.
Virtual Storage. Either choice is OK for our purposes.
GB Allocate entire disk now
- Final options (this is important). Open the Advanced Options section:
Keep the other Advanced settings as they are.
Server InstallationDuring installation, don't click the mouse in the virtual machine window. The keyboard works fine. If you get stuck it's "Ctrl-Alt" that breaks you out. Go through a series of pages, taking the defaults for Keyboard and Languages. The choices start here:
- Hostname: vm1
- User full name: Use your Full Name on MACHINE
- Username: LOGIN
- Password: your LOGIN password on MACHINE
- Encrypt: No (default)
- Timezone: America/New_York (default)
- Partition: Guided - use entire disk and set up LVM (default). Enter.
- Select disk to partition: only one (default). Enter
- Write changes: Yes
- Amount of volume group: (default) Continue.
- Write changes: Yes
- HTTP proxy information: empty (default), Continue.
- Configuring tasksel: For our purposes, the default is OK. For real, "Install security updates automatically" is probably better.
- Software selection: OpenSSH server (select with space bar), Continue.
- Install GRUB: (default)
- Finish installation: Continue (default)
Using two machinesAfter completion of the setup, the virtual machine will boot. Now you have two machines. We will do all operations through the shell. In the descriptions that follow, you have to which machine to use to apply the operations which is depicted by the prompts:
[MACHINE] $ command-on-MACHINEand
[vm1] $ command-on-vm1
Set a static IP addressOur goal is to work as little as possible directly on the machine. Instead we want to do all our work through an SSH-connected shell. You have to login in the virtual machine window to find the dynamic IP address assigned:
[vm1] $ clear [vm1] $ ifconfig eth0The information for "inet addr" should be 192.168.122.XXX, a dynamic address. Anything else means the setup we want has not been achieved. Open a shell on MACHINE and SSH in to the virtual machine via the address which showed up:
[MACHINE] $ ssh 192.168.122.XXXFrom here we want to set a static IP address. Edit the file
... auto eth0 iface eth0 inet dhcp
... auto eth0 #iface eth0 inet dhcp iface eth0 inet static address 192.168.122.11 gateway 192.168.122.1 netmask 255.255.255.0 dns-nameservers 192.168.122.1
[vm1] $ sudo shutdown -r nowThis will be the fastest reboot you've ever seen. Test to make sure:
[MACHINE] $ ping 192.168.122.11If OK, assign a name to this IP address. Edit /etc/hosts, adding this line:
192.168.122.11 vm1Then go in from SSH:
[MACHINE] $ ssh vm1
[MACHINE] $ virsh listTry stopping and starting with virsh. First shutdown:
[MACHINE] $ virsh shutdown vm1Then starting it:
[MACHINE] $ virsh start vm1 $ ping vm1A few seconds after the pings come alive you can SSH in. Used without any arguments, virsh acts like a command shell in its own right if you activate it without parameters
[MACHINE] $ virsh virst # helpAlthough we prefer SSH access, the virt-viewer command is yet another way to access a running virtual machine without network access.
[MACHINE] $ virt-viewer vm1
[vm1] $ sudo passwd root [sudo] password for LOGIN: your-password Enter new UNIX password: your-password Retype new UNIX password: your-password passwd: password updated successfullyTest access on the host machine:
[MACHINE] $ ssh root@vm1 lsIt will fail. Why? This is a security measure built into Ubuntu server. Password root access is disabled by default; one can only get in by using a cryptographic key. In general you want to maintain this setting, but we'll change it allow password access to illustrate the point (and skip the details of creating the key). On vm1, edit /etc/sshd/sshd_config. Look for the line:
PermitRootLogin without-passwordModify the file by commenting out the line and making a replacement:
#PermitRootLogin without-password PermitRootLogin yesThen restart ssh:
[vm1] $ sudo service ssh restartNow observe successful root ssh access:
[MACHINE] $ ssh root@vm1 ls
Initial update of guestSend collected packages to guest to make update faster, avoiding the package download:
[MACHINE] $ cd /var/cache/apt/archives/ [MACHINE] $ sudo rsync *.deb vm1:/var/cache/apt/archives/Then do the updates:
[vm1] $ sudo su [vm1] # aptitude update && aptitude upgrade [vm1] # shutdown -r now
Install the server package:
[MACHINE] $ sudo apt-get install nfs-kernel-server
- Export the entire /home file system. Edit the file
in MACHINE, adding this line:
- Restart the NFS service and verify the exports:
[MACHINE] $ sudo service nfs-kernel-server restart [MACHINE] $ sudo exportfs
- Install the client software:
[vm1] $ sudo apt-get install nfs-common [vm1] $ exitIf you have any other shells logged in to [vm1], log out of them as well.
Come in as root and mount the /home directory
[MACHINE] $ ssh root@vm1 [vm1] # mount -o vers=3 192.168.122.1:/home /home [vm1] # exit
Come back in as you and see your host's home directory.
[MACHINE] $ ssh vm1 [vm1] $ ls -l [vm1] $ touch HELLO
[vm1] $ sudo touch AGAIN touch: cannot touch ‘AGAIN’: Permission deniedWhy? I thought I was root! Turns out your not root as far as /home is concerned, you're nobody. This is the effect of the default security measure call "root squash" in that root turns into the user nobody for the exported file systems unless a special flag (which should generally be avoided) is set in /etc/exports:
Set up NFS mount on bootYou want /home to be mounted on boot. Edit the file /etc/fstab and add this line at the end
192.168.122.1:/home /home nfs nfsvers=3 0 0You can, of course, actually do this change as root because /etc/fstab is not within a mounted file system. LDAP document to be able to complete this . In generally, we want to avoid replicating the user password information on the client, and so making our NFS client be an LDAP client as well is a common way to deal with this issue. Install the basic LDAP client-side login access package on the guest:
[vm1] $ sudo apt-get install libnss-ldap ldap-utilsMake these choices in the configurator:
|LDAP server:||ldap://192.168.122.1||(not the default)|
|Distinguished name base:||dc=MACHINE||(not the default)|
|LDAP version:||3||(the default)|
|Make local root Database admin?||No||(not the default)|
|Does the LDAP database
[vm1] $ sudo auth-client-config -t nss -p lac_ldapFinally, run this command to establish LDAP authentication within PAM:
[vm1] $ sudo pam-auth-updateTab to OK and Enter. Then reboot the virtual machine:
[vm1] $ sudo shutdown -r nowOn reentry, give aperson a home directory on the host if you haven't already done so:
[MACHINE] $ sudo cp -r /etc/skel /home/aperson [MACHINE] $ sudo chown -R aperson:apserson /home/apersonThen to test, log into the guest as aperson:
[MACHINE] $ ssh aperson@vm1If you've forgotten the password you created for aperson, you can always change it by:
[MACHINE] $ python ~/workspace/ldap/changePwd.py
LDAP utils on virtual machineIf you want to use the ldap-utils (ldapsearch, etc.), you have to modify /etc/ldap/ldap.conf as follows:
BASE dc=spock URI ldap://192.168.122.1You can test:
[vm1] $ ldapsearch -x