Wednesday, October 28, 2009

ebtables and 64-bit OpenVZ Linux kernel

CentOS 5.4 doesn't have its own ebtables package, so we use the ebtables package found in the EPEL repository. Unfortunately, when you install the x86_64 OpenVZ kernel onto your 64-bit CentOS 5.4, this ebtables (ebtables-2.0.8-1.el5.x86_64) package doesn't work:

# ebtables -N test -P DROP
The kernel doesn't support a certain ebtables extension, consider 
recompiling your kernel or insmod the extension.
#

And the kernel gives us this message:

# dmesg | tail
Ebtables v2.0 registered
kernel msg: ebtables bug: please report to author: entries_size too small

If you download the latest ebtables source (ebtables-v2.0.9.tar.gz) and do a make && make install you experience the same problem. When you build with make static things appear to work somewhat, but some commands still fail.

The solution is to fall back to the year 2003 and get ebtables-v2.0.6.tar.gz. You'll need the three patches found here: 2.6.20.patch, gcc4.patch, and iets.patch.

Here is how to make it work:

> tar xzf ebtables-v2.0.6.tar.gz
> cd ebtables-v2.0.6.tar.gz
> patch -p1 < ~/2.6.20.patch
patching file include/linux/netfilter_bridge.h
> patch -p1 < ~/gcc4.patch
patching file extensions/ebt_ip.c
patching file extensions/ebt_limit.c
patching file extensions/ebt_vlan.c
> patch -p1 < ~/iets.patch
patching file ebtables.c
> make
> sudo make install

Now you'll have a working ebtables, but with 2003 syntax. This means some commands won't work, such as:
ebtables -N test -P DROP
now must be written as:
ebtables -N test; ebtables -P test DROP
or
ebtables -I FORWARD -j ACCEPT
now requires a rule number:
ebtables -I FORWARD 1 -j ACCEPT

Maybe there is a better solution out there?
Posted by at No comments:
Labels: ,

Wednesday, September 23, 2009

Installing OpenVZ on Fedora 11

This describes how to install the OpenVZ virtualization kernel and software on a Fedora 11 system. Instead of using the default rhel5 stable OpenVZ kernel, we'll be using the experimental 2.6.27 OpenVZ kernel.

EXT4 Warning: the 2.6.27 OpenVZ kernel does not have support for ext4 compiled in; your life will be easier if you install Fedora 11 onto an ext3 partition rather than the default ext4.
update April 2010: OpenVZ developers have backported the ext4 driver for 2.6.27 and released 2.6.32 kernels, so this should no longer be an issue.

  1. setup the openvz.repo as described in the OpenVZ quick install instructions
  2. edit the /etc/yum.repos.d/openvz.repo file and change the [openvz-kernel-2.6.27] section to enabled=1
  3. change the [openvz-kernel-rhel5] section to enabled=0
  4. the 2.6.27 kernel is older than Fedora 11's 2.6.29 kernel, so you need to force the install using this yum plugin:
    yum install yum-allowdowngrade

  5. finally, you may install the kernel and utlilities
    yum install vzkernel --alow-downgrade
    yum install vzctl
  6. don't forget to edit /etc/grub.conf and give the kernel a sensible name, such as "OpenVZ"
Posted by at No comments:
Labels: , ,

Tuesday, September 15, 2009

CORE 3.5 released

A new 3.5 release of CORE is available.

To obtain the software, visit:
http://cs.itd.nrl.navy.mil/work/core/
http://downloads.pf.itd.nrl.navy.mil/core/packages/3.5/

This is mostly a maintenance and bugfix release aimed at improving stability. The main improvements over the previous version are:
  • improved stability on Linux with OpenVZ
  • fixed distributed emulation (batch mode) on FreeBSD
    (note that distributed emulation from one GUI is not yet supported inthe Linux version)
  • various bugfixes
  • new global startup script supported
  • init/rc.d scripts used to start CORE daemons

The FreeBSD kernel and Quagga packages remain unchanged from CORE 3.4.
VMware images of both the FreeBSD and Linux versions are now available.
Posted by at No comments:
Labels: , ,

Tuesday, June 23, 2009

CORE 3.4 released


A new 3.4 release of CORE is available.
There are now two flavors of CORE:
  1. FreeBSD 7.x version that drives virtual network stacks

  2. Linux version that drives OpenVZ virtual Linux containers
#1 continues to be the most scalable and stable option, but #2 is available for those that have applications requiring Linux support. Most, but not all of the features rom the FreeBSD version are available under Linux. CORE now uses FreeBSD or Linux packages without the installer script. You can install CORE using the 'pkg_add' (FreeBSD) or 'rpm' (Linux) utilities. This means you now need to download more than one file to install CORE.

To obtain the software, visit:
http://cs.itd.nrl.navy.mil/work/core/
http://downloads.pf.itd.nrl.navy.mil/core/packages/3.4/

The main improvements over the previous version are:
  • support for lightweight Linux OpenVZ containers
  • updated FreeBSD 7.2 kernel (vimage version 20090505)
  • VCORE 3.4 VMware image initially available only for FreeBSD
    (some issues need to be fixed to consistently run OpenVZ under VMware)
  • RPM installer for CentOS 5.3 + OpenVZ system
  • New node renumbering tool
  • New preferences dialog
  • New random waypoint mobility model
  • "core_wlan daemon" becomes cored
  • autostart helper daemons
  • Span Windows support improved
  • Scripted model supports looping
  • "wlan modules" becomes plugins, plugins have capabilities
  • various API enhancements in support of Linux
  • autoconf build system used for entire project
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)