Administering virtual machines with MLN
Controlling the MLN Daemon
The MLN daemon, mlnd, is started at boot time via the file /etc/init.d/mlnd (linked to the appropriate rcn.d directory).
Also, you can run this script manually with the usual start, stop, and restart arguments.
To start the daemon manually, use the following command:
# mln daemon -D /var/run/mln.pid
The following command will display the status of the MLN daemon on all hosts specified in the daemon_status_query lines in /etc/mln/mln.conf:
# mln daemon_status
When you set up MLN to manage virtual machines and networks, it is a good idea to use LVM for flexible VM storage, including expansion capabilities.
Anticipate resource use before deploying virtual machines, and monitor it on an ongoing basis with software like Munin or Cacti.
To limit remote VM management and live migration, use access control and don't forget security. Virtual machines are not inherently more secure than physical systems, contrary to many vendor claims. In fact, in the absence of precautions, they can even be less secure because they offer new forms of attack. Apply the usual system hardening techniques to virtual machines and, especially, to the physical servers that host them.
Also, think about backups. Either you can choose to back up virtual machines in the usual manner, within your enterprise backup scheme, or back up virtual machines at the virtual level.
Virtualization products are everywhere. What makes MLN so different is its ability to work in a very wide range of deployments. MLN works well for virtualization beginners because it removes the gritty details of VM configuration files, and, at the same time, you can use MLN to deploy far more complex scenarios than most vendors offer.
Creating Templates for Virtual Machines
Under both Xen and various free and commercial flavors of VMware, creating a virtual machine starts with making an empty virtual machine. On the first boot, an operating system is installed just as it would be on physical hardware, often from the same installation media, or, more recently, from the corresponding CD/DVD image files. Once you have a virtual machine with an installed virtual system, its image could be copied to create new virtual machines, although the copies might require customization.
MLN is designed for complex virtualization tasks. As such, it does not install operating systems from standard media or ISO images; rather, it relies on installed operating system image files – what it calls templates – as the basis for instantiating virtual machines (relying on the ability of VMware and Xen to create fully installed virtual machines as well as empty ones).
A few of the options for creating MLN templates are as follows:
- Copy existing virtual machines and use them as templates. Before copying, however, it is a good idea to boot the virtual machine and make it as generic as possible to allow for different deployment contexts and scenarios. This includes removing local users and groups (because MLN can configure these as required for each virtual machine created from the template); eliminating specific network configurations; and removing device names, /etc/fstab entries, and so on.
- Download Xen templates from Internet sites (e.g., jailtime.org). Note that such images typically correspond to paravirtualized virtual machines, meaning that the included operating system knows that it is running in a Xen virtual environment and contains special features for efficient execution. This also means these systems do not contain bootable kernels but rather rely on the kernel and initial ramdisk on the virtualization server for booting.
- Download VM images for VMware Server from Internet sites (e.g., virtualappliances.net, jumpbox.com). These images are typically special-purpose virtual machines ready to run a specific application or fulfill a specific purpose. They are normal VMware VM image files (usually -flat.vmdk preallocated disk image files). Note that you can convert VMware images for use with Xen with the qemu-img convert command.
- The Xen Tools package provides an easy way to create templates for Xen paravirtualized virtual machines from Debian, Ubuntu, Fedora, and other Linux distributions. See the xen-create-image command for easy creation and customization.
- With the dd command, you can harvest an image from an installed operating system, copying the entire partition into an image file.
Once you have a template, you can modify it easily by mounting it in loopback mode, as in the following examples.
For Xen images:
# mount -o loop guest.img /somewhere
and VMware images:
# mount -o loop,offset=32256 guest-flat.vmdk /somewhere
If the image is a Linux operating system, you can chroot /somewhere to access the image. This allows you to use the VM operating system's own tools to make modifications, something that is especially helpful for ensuring proper functioning when you add software. If the image is a Windows operating system, you will have to use external tools to modify items within it.
Once prepared, templates must be registered with the MLN daemon before you can use them to build virtual machines:
# mln register_template -t file-system-image-file
Also, you can use rt as an abbreviation for the register_template subcommand.
Buy this article as PDF
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.
Redmond rushes in to root out alleged malware haven.
New initiative will bring futuristic virtual reality effects to the web surfing experience.
Dyreza malware launches a man-in-the-middle attack that compromises SSL.
New cloud combines worldwide access with local attention to data security.
A first cousin of the recent Heartbleed attack affects EAP-based wireless and peer-to-peer authentication.
FOSS community acts to protect freedom of choice for laptop devices.