In the course of testing our puppet manifests with beaker I came across the necessity to run KVM virtual machines inside KVM guests. Normally this has a severe performance penalty as the CPUs need to be fully emulated and cannot take advantage of performance enhancing CPU instructions. Several years ago Intel and AMD added functionality which basically enables CPU instruction passthrough to the guests to get around this limitation. You can see these extensions on a host CPU in /proc/cpuinfo

Read more →

A while ago we ran into an issue with an incorrect checksum in a openldap ldif file. This means that someone has hand edited the file and caused the checksum to change without updating the checksum itself. There is a nice warning in the file but of course we as sysadmins know better that to read warnings :-/ [[email protected] ~]# service slapd start Checking configuration files for slapd: [WARNING] 57b5d8d1 ldif_read_file: checksum error on "/etc/openldap/slapd.

Read more →

Basic script to create qcow2 backed kvm domains based on a golden domain. Your golden domain must be using qcow2 To install the the dependencies on fedora 19 run the following: yum install libvirt-client qemu-img libguestfs-tools xmlstarlet libxml2 The virt-sysprep tool can do much more than this and I could potentially set the hostname and configure the machine to run some scripts when it starts up to check in with puppet which I may do in the future.

Read more →

Posting this literally so I don’t forget it. /etc/httpd/conf.d/vhosts.conf NameVirtualHost * include conf.d/vhosts.d/*.conf mkdir /etc/httpd/conf.d/vhosts.d /etc/httpd/conf.d/vhosts.conf NameVirtualHost * include conf.d/vhosts.d/*.conf /etc/httpd/conf.d/default.conf <VirtualHost _default_:*> ServerAdmin [email protected] DocumentRoot /var/www/vhosts/default/html/ ServerName localhost <VirtualHost> /etc/httpd/conf.d/vhosts.d/www.example.com.conf <VirtualHost *:80> ServerName www.example.com ServerAdmin [email protected] DocumentRoot /var/www/vhosts/www.example.com/html RewriteEngine On RewriteCond %{ENV:REDIRECT_STATUS} !=503 RewriteRule .* - [R=503,L] ErrorDocument 503 /index.html Header always set Retry-After "60" <VirtualHost>

Read more →

After a few false starts (Anaconda’s disk configuration is still a mess and very unintuitive) I managed to install the latest and greatest Fedora 19 on my home machine. I like the new introduction and things are looking good. I have noticed a few new things in Settings which are good a welcome site for people that like a little bit of choice. Things such as per application notification settings, media sharing, privacy settings and configuration for what appears in the applications search are all new.

Read more →

I have finally decided to learn all this stuff about Test Driven Design (TDD). I have a few projects that I go back to every now and then and it would be nice to be able to start hacking away without needing to remember every bit of the project. After looking around and investigating several other Continuous Integration systems I have ended up on Jenkins withShiningPanda plugin. The development team where I work uses Jenkins and it is reasonably easy to set up but I was initially against it because the machine I have to run it on is fairly low spec.

Read more →

mkdir /mnt/media/www/conf ln -s /mnt/media/www/conf /etc/httpd/conf.d/local /etc/httpd/conf.d/local.conf include conf.d/local/*.conf semanage fcontext -a -t httpd_sys_content_t "/mnt/media/www(/.*)?" semanage fcontext -a -t httpd_config_t "/mnt/media/www/conf(/.*)?" restorecon -Rv /mnt/media/www /mnt/media/www/conf/vhost_default.conf <VirtualHost _default_:*> ServerAdmin [email protected] DocumentRoot /mnt/media/www/vhosts/default/html/ ErrorLog logs/default-error_log TransferLog logs/default-access_log <Directory "/mnt/media/www/vhosts"> AllowOverride None # Allow open access: Require all granted </Directory> <Directory "/mnt/media/www/vhosts/default/html"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> </VirtualHost>

Read more →

Simple pxeboot environment on a Fedora 15 system. This is useful if machines you are trying to build are on a network that cannot see the internet. My particular case is a home server which I want to setup from a place that doesn’t have cabling. I will move it into the cupboard that does have cabling when done but for the time being it is more convenient to set it up on the desk in my bedroom.

Read more →

Configuration for libvirt to get serial and graphics working at the same time: virt-install \ --name centos6_golden \ --ram 2048 \ --arch x86_64 \ --vcpus 4 \ --disk path=/var/lib/libvirt/images/centos6_golden.disk,format=qcow2,sparse=true,size=24,bus=virtio \ --location http://repos.example.com/repos/centos/6.4/os/x86_64/ \ --hvm \ --accelerate \ --nographics \ --os-type linux \ --os-variant virtio26 \ --extra-args 'acpi=force noipv6 console=tty0 console=ttyS0,115200 ks=http://repos.example.com/kickstarts/el6.ks ksdevice=52:54:00:A8:7A:0A ip=192.168.122.10 gateway=192.168.122.1 netmask=255.255.255.0 dns=192.168.122.1 ' \ --network bridge:br250 \ --mac 52:54:00:A8:7A:0A Serial console in GRUB: serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 terminal --timeout=15 serial console Change the kernel command line to attach ttys in the right spots.

Read more →

This is a simple VPN for those times when you want the ease of use of a VPN but only have a ssh server available. Both servers need to have ssh configured to allow tunnels. You need to change the configs for ssh under /etc/ssh Remote server sshd_config: PermitTunnel yes Local server ssh_config: Tunnel yes Remote server Setting up the tunnels requires you to use root when sshing.

Read more →