The Linux Migration: Virtualization Provider
As part of my migration to Linux as my primary laptop OS, I needed to revisit my choice of virtualization provider. Long-time readers probably know that I was an early adopter of VMware Fusion, starting way back in 2006 with the very first “friends and family” release (before it was even publicly available). Obviously I can’t use Fusion on Linux, but do I use VMware Workstation for Linux? VirtualBox? Or something else? That’s what I set out to determine, and in this post I’ll share what I selected and the reasoning behind my selection.
So what were the options to consider? While there may be some other solutions, these are the three I primarily assessed:
- VMware Workstation for Linux 12.5.2
- VirtualBox 5.1.14
- “Native” Linux KVM, supplemented by Libvirt and a GUI like GNOME Boxes (installed by default in Fedora 25)
Since I have been using Vagrant quite a bit over the last few years, whatever solution I selected needed to work reasonably well with Vagrant.
I’m pretty familiar with KVM and Libvirt, so I started there. Given that KVM and Libvirt are “native” to Linux, it felt like it would be a clean solution. While Continue reading
IPTables: Matching A GRE packet based on tunnel key
I was trying to figure out a way to match packets with a certain GRE key and take some action. IPTables does not provide a direct solution to this problem but has the u32 extension modules that can be used to extract 4 bytes of the IP header and match against a pattern. So, I … Continue reading IPTables: Matching A GRE packet based on tunnel key
Installing VirtualBox 5.1 on Fedora 25
Last fall, I wrote a piece about why I had switched to VirtualBox (from VMware Fusion) for my Vagrant needs. As part of my switch to Fedora Linux as my primary laptop OS, I revisited my choice of virtualization provider. I’ll describe that re-assessment in a separate post; the “TL;DR” for this post is that I settled on VirtualBox. As it turns out, though, installing VirtualBox 5.1 on Fedora 25 isn’t as straightforward as one might expect.
After a number of attempts (using a test VM to iron out the “best” procedure), here’s the process I found to be the most straightforward:
-
Run
dnf check-updateanddnf upgradeto pick up the latest packages. If a new kernel version is installed, reboot. (I know this sounds contrived, but I’ve run into issues where some kernel-related packages aren’t available for the kernel version you’re actually running.) -
Install the RPMFusion repos. You only really need the “free” repository, but you can install the “nonfree” as well if you like (it won’t affect this process). I won’t go through the process for how to do this; it’s really well-documented on the RPMFusion web site and is pretty straightforward.
-
Next, use
Continue reading
How To: Setting up a GRE or VXLAN tunnel on Linux
In this post both methods - OpenvSwitch & only linux networking will be discussed. When we speak about VXLAN we normally discuss multicast groups and how endpoints (VTEP) learn and populate both the fdb (forwarding database entry) and the mdb (multicast group database entry). This article describes "not using" a multicast group and dynamic learning when setting the tunnel up natively, i.e. without OVS. Both methods require a fairly newer kernel (3.7 and greater) and needs the "vxlan" kernel module to be loaded. lsmod can be used to check if this Continue reading
Technology Short Take #77
Welcome to Technology Short Take #77. I’ve got a new collection of links and articles from around the Web on various data center-focused technologies.
Networking
- Mark Brookfield takes a moment to remind everyone that you shouldn’t use the (deprecated) C# vSphere Client to manage NSX environments. Good advice.
- Michael Kashin has a great article on how Open Virtual Network (OVN, part of the Open vSwitch project) implements virtual networks in OpenStack. Yes, the article is slightly OpenStack-centric, but it still remains a very informative look at the different components of OVN and how OVN works. (You might also be interested in an earlier article that outlines how to build and install OVN with OpenStack.)
- In a bit of an older post from late summer 2016, Matt Oswalt outlines why network engineers should care about the network software supply chain. I won’t steal Matt’s thunder; go have a look at the post yourself to see if you agree with his assessment.
- Simon Leinen (from SWITCHengines) explains their use of IPv6 with OpenStack.
- John Kozej has a write-up on an NSX logical switch packet walk.
- Sam McGeown discusses deploying ECMP with NSX for a provider logical router.
- Thanks to Ivan Pepelnjak, Continue reading
Increasing SDDC Visibility
In Episode 69 of Software Gone Wild we discussed ways of increasing visibility into VXLAN transport fabric. Another thing we badly need is visibility into the virtual edge behavior, and to help you get there Iwan Rahabok created a set of vRealize dashboards that include the virtual edge networking components. Hope you’ll find them useful.
Multi-Host Container Networking
Running Linux containers on a single host is relatively easy. Building private multi-tenant networks across multiple hosts immediately creates the usual networking mess.
Fortunately the Socketplane team did a pretty good job; for more details watch the video from Docker Networking Fundamentals webinar or listen to the podcast I did with them a year ago.
oVirt Community Newsletter December 2016
It's a new year with new opportunities for oVirt to show up its virtualization features! We're getting ready for DevConf.CZ in Brno next week, and FOSDEM in Brussels the week after that! We look forward to meeting European developers and sysadmins to share your experiences!
Here's what happened in December of 2016.
Software Releases
oVirt 4.0.6 Release is now available
In the Community
oVirt System Tests to the Rescue!—How to Run End-to-End oVirt Tests on Your Patch
CI Please Build—How to build your oVirt project on-demand
The Need for Speed—Coming Changes in oVirt's CI Standards
Еxtension of iptables Rules on oVirt 4.0 Hosts
Deep Dives and Technical Discussions
KVM/Linux Nested Virtualization Support For ARM
Virtual Machines in Kubernetes? How and what makes sense?
ANNOUNCE: New libvirt project Go XML parser model
Using OVN with KVM and Libvirt
New libvirt project Go language bindings
CI tools testing lab: Making it do useful work
CI tools testing lab: Integrating Jenkins and adding Zuul UI
CI tools testing lab: Adding Zuul Merger
CI tools testing lab: Setting up Zuul Server
Technology Short Take #76
Welcome to Technology Short Take #76, the first Technology Short Take of 2017. Normally, I’d publish this on a Friday, but due to extenuating circumstances (my mother-in-law’s funeral is tomorrow) I’m posting it today. Here’s hoping you find something useful!
Networking
- As of Vagrant 1.9.1, the Cumulus plugin for Vagrant is no longer needed. See this post for more details.
- Ivan Pepelnjak (one of my absolutely favorite folks in the IT industry) has a great post on using regex filters in Ansible to parse text printouts from network devices. This is a super-practical post that anyone working with network automation can put to use right away.
- Craig Matsumoto has an informative article on why machine learning is hard to apply to networking. I’ve heard David Meyer—who is quoted extensively in the article—speak several times, and most of the time his stuff is way beyond my understanding. At least now, though, I get the general direction he’s heading.
- Interested in using OVS with VXLAN on Hyper-V, but without OpenStack? This article by Alin Serdean from Cloudbase Solutions describes how it’s done.
- Here’s an article describing how to establish a site-to-site VPN between a Cisco ASA and Microsoft Azure. Anecdotally, Continue reading
Happy New Documentation!
The oVirt Project is pleased to announce the availability of all-new principal documentation for the oVirt 4.0 branch.
There are many people out there who are content to use software without documentation, preferring to muddle through the software based on past experience with similar software or just the desire to put the software through its paces.
We all do this; I could not tell you the last time I looked at documentation for Firefox or Chrome, because I've been using browsers for over 20 years and seriously, what else is there to learn? Until I learn about a cool new feature from a friend or a web site.
In a software community project, one of the biggest things a community must do is to provide proper onboarding to the project's result. This means:
-
Explaining what the software is
-
Providing a clear path to getting the software
-
Demonstrating how to use the software
All three of these onboarding requirements must be done right in order for onboarding to work successfully. Documenation, then, fulfills the third requirement: showing how software can be used. Not every one will need it, but for those users who do need it, it is very nice Continue reading
Upcoming Interview with “The Cube”
Hi folks, as I mentioned earlier in the week, I’ll be in the Northeast next week for the VTUG Winter Warmer event. If you can be there, great.. if not, Stu Miniman of “The Cube” has been gracious enough to invite me to an interview and will be broadcasting it on Thursday, Jan 19th.
Here are the details:
Thursday, January 19th, 2017 @ 1:30 p.m. EST
http://siliconangle.tv/vtug-winter-warmer-2017/
Many thanks to Stu!
Captain KVM
The post Upcoming Interview with “The Cube” appeared first on Captain KVM.
Boston VTUG Winter Warmer
Hi Folks – if any of you are going to be at the VTUG Winter Warmer at Gillette Stadium, come find me, I’ve got a keynote at 10am at “West Side South”. If you’re going to be in the area, it’s an event that’s been going on for several years now and should be fun..
I’ll be talking about Red Hat’s strategy in the Hybrid Cloud and especially how RHV fits into that.
I believe (don’t quote me on this) that the event is free for VTUG members, and that all you need to do is register to become a VTUG member (I believe that is also free) before the event.
Date: January 19, 2017
Location: Gillette Stadium, Patriot Place, Foxboro MA
Hope to see you there,
Captain KVM
The post Boston VTUG Winter Warmer appeared first on Captain KVM.
Introduction to Docker: Featured Video of January 2017
The featured webinar in January 2017 is the Introduction to Docker webinar, and in the featured video Matt Oswalt explains the basic Docker tasks. Other videos in this webinar cover Docker images, volumes, networking, and Docker Compose and Swarm.
To view the featured video, log into my.ipspace.net, select the webinar from the first page, and watch the video marked with star.
Read more ...Container Namespaces – Deep dive into container networking
Of late, there have been various Open source projects to manage networking for containers. Docker implemented "libnetwork". I've written in the past about using Calico with Docker containers. Debugging and low level tweaks to performance isn't easy without an in-depth understanding of how the network stack works for a container. This post tries to explain network namespaces and its role in container networking using default networking that comes out-of-box with docker.
As you probably already know containers use namespaces to isolate resources and rate limit their use. Linux's network namespaces are used to glue container processes and the host networking stack. Docker spawns a container in the containers own network namespace (use the CLONE_NEWNET flag defined in sched.h when calling the clone system call to create a new network namespace for the subprocess) and later on runs a veth pair (a cable with two ends) between the container namespace and the host network stack. If you are new to network namespaces this blog post by Scott gives a quick overview and serves as a good 101 refresher if you are already familiar with these concepts but haven't used them for a while.
As you probably already know containers use namespaces to isolate resources and rate limit their use. Linux's network namespaces are used to glue container processes and the host networking stack. Docker spawns a container in the containers own network namespace (use the CLONE_NEWNET flag defined in sched.h when calling the clone system call to create a new network namespace for the subprocess) and later on runs a veth pair (a cable with two ends) between the container namespace and the host network stack. If you are new to network namespaces this blog post by Scott gives a quick overview and serves as a good 101 refresher if you are already familiar with these concepts but haven't used them for a while.
Now lets see how to Continue reading
oVirt System Tests to the Rescue!—How to Run End-to-End oVirt Tests on Your Patch
Today, when an oVirt developer pushes a patch to review on oVirt Gerrit, various validations are triggered in CI via the 'check-patch' job, as defined by the project maintainers. Usually these jobs includes 'unit-tests', 'db tests', static analysis checks, and even an occasional 'functional test'. While it might seem that it covers alot and gives a good indication that the patch is good to be merged, unfortunately it is not always the case.
The reason it's not enough lies in oVirt's complexity and the fact it's a Virtualization project, which means the only real way to know if your patch didn't break things is to install oVirt and try running a few basic commands, like 'adding host', 'adding vm', 'creating snapshots', and other tasks you can only do if you have a full oVirt system up and running. Here is where OST comes in!
oVirt System Tests
oVirt system tests is a testing framework written in Python, using 'python-nose' and oVirt Python SDK and runs on auto-generated VMs created by Lago. It is used by the oVirt CI to run post merge end-to-end testing that runs on a fully deployed oVirt environment and has been proven to detect multiple regressions Continue reading
Technology Short Take #75
Welcome to Technology Short Take #75, the final Technology Short Take for 2016. Fortunately, it’s not the final Technology Short Take ever, as I’ll be back in 2017 with more content. Until then, here’s some data center-related articles and links for your enjoyment.
Networking
- Ajay Chenampara has some observations about running Ansible at scale against network devices.
- Andrey Khomyakov shares some information on automating the setup of whitebox switches running Cumulus Linux in part 2 of this series on learning network automation.
- Russell Bryant has shared the results of some testing comparing ML2+OVS and OVN as backends for OpenStack networking. As Russell indicates in his post, some additional analysis is needed to truly understand what’s happening, but early looks at the results of his tests show performance improvements in OVN versus ML2+OVS when it comes to total time required to boot a VM.
- Ivan Pepelnjak shares a Python script that creates Ansible inventory from Vagrant’s SSH configuration. Handy.
Servers/Hardware
Nothing this time around!
Security
- James Green shares some information on Docker Bench, a tool designed to help secure Docker environments.
- Via Mike Foley, the community now has a new resource to help educate on VM escapes.
- Gordon Turner Continue reading
brvirt: when brctl meets virsh
Hypervisors diversity is definitely one of the benefits of having Nuage managing your next-generation network. That means that we, as Nuage engineers, have to play with all kinds of hypervisors — like KVM, ESXi and Hyper-V to be more precise. As to me, I love to work with KVM most, simply because it gives you that feel that youCI Please Build—How to build your oVirt project on-demand
All projects in oVirt CI are built today post merge, using the 'build-artifacts' stage from oVirt's CI standards. This ensures that all oVirt projects are built and deployed to oVirt repositories and can be consumed by CI jobs, developers or oVirt users.
However, on some occasions a developer might need to build his project from an open patch. Developers need this capability in order to to examine the effects of their changes on a full oVirt installation before merging those changes. On some cases developers may even want to hand over packages based on un-merged patches to the QE team to verify that a given change will fix some complex issue or to preview a new feature on its early stages of development.
The Current Build Option
Until now, to build rpms from a patch, a developer needed to use a custom Jenkins job, which was only available to ovirt-engine and only for master branch. Another option was to try and build it locally using standard CI 'mock runner.sh' script which will use the same configuration as in CI. For full documentation on how to use 'mock-runner', checkout the Standard CI page.
The New Build Option
To ease Continue reading
IP Networking – generational shift in the industry to pure-L3 network stack
 |
| © Calico project (http://docs-archive.projectcalico.org/en/1.4.3/addressing.html) |
Docker networking eco-system begun with libnetwork and after that has propagated with multitude of solutions by both community and networking vendors. Unlike Flannel (CoreOS) and VXLAN which leverage tunneling and L2 protocols, Calico is a distributed L3 networking solution that works both with Virtual Machines and Continue reading
How to Setup HA for RHV-M pt3
Hi Folks.. the last time I left off, we had just finished setting up the initial pieces for hosted engine (RHEL configuration) in order to provide HA for RHV-M. Today we’re going to add an additional host and test things out.
Let’s get going!Once hosted engine is setup, adding another RHEL host to the configuration is almost identical to a standard configuration. There is only 1 additional step that involves ensuring that the HA pieces specific to hosted engine get installed along with the RHV packages.
The workflow itself is simple:
- Deploy a RHEL host, subscribe it to Red Hat CDN or Satellite and update it
- Add the Cockpit package and enable it (we won’t highlight that here, but you can see it in the previous post)
- Log into RHV-M, go to the “Hosts” tab, select “New”, fill in the relevant information, be sure to visit the “Hosted Engine” tab and select the “deploy” radio button.
- Once it finishes installing, give everything a minute or so to sync up, then test!
As usual, I recorded a walk through so that things are more clear. I sped things up significantly as my home lab is ~very~ slow.. Maybe I’ll get Continue reading