Christian Zartl, BSc

Private blog and WWW page

Christian Zartl, BSc

Christian Zartl, BSc - Private blog and WWW page

How to install Virtual Machines with XAPI on Xen Cloud Platform 1.1

Prerequisites

For this little how-to I assume that you have Xen Cloud Platform (XCP) already installed and successfully configured. The first things to do will be

  • creating and / or joining a resource pool,
  • creating and attaching a storage repository and
  • configuring the network (e.g. with bonding).

I will not describe how to do this here, as it really depends on your configuration. You can look for further help here. Even if these documents are really outdated (XCP v0.1), most information is still accurate and useful.

You just have to ignore some special things which have been taken over from Citrix XenServer (e.g. installing Linux Tools is absolutely not necessary as you will also see here). Another thing that should be working already is a connection to the Dom0 console however you prefer it.

xsconsole on XCP 1.1

Access Local Command Shell via xsconsole on Xen Cloud Platform 1.1

If you are accessing xsconsole directly, you can choose "Local Command Shell". The recommended way would be using ssh and this is also what I do. First of all you have to choose which guest (DomU) operating system you would like to install.

In general there are two possible ways of installing VMs on XCP:

  • Installing Windows VMs
  • Installing Linux VMs

There are a few differences in installing Windows guests in comparison to Linux VMs. I will not describe how to install Windows guests but you can find all necessary information here.

 

Installing Linux VMs

Still there is another decision to make:

  1. Installing with templates
  2. Installing from vendor media

Do a xe template-list | less to scroll through the available templates. If you can find a template for the distribution you would like to install, you should go on with step 1.

It is not absolutely necessary to use templates, so if you want to install the most recent version of some Linux distribution where there is no template available yet, this is also possible. It is just more comfortable with templates. Still I'm not going to describe how to install a guest from vendor media, so please see here for a step-by-step guide.

 

1. Installing with templates

I'm going to install the most current Ubuntu Long Term Support (LTS) version which is 10.04 Lucid Lynx in 64-bit mode. Don't worry about the (experimental) in the template name, it does work very well.

So now you can install your VM with the following command:

xe vm-install template=[Your\ desired\ OS] new-name-label=[NameOfYourVM]

You can always use tab to automatically finish one command, so you don't have to type the whole name of the template. This will give you the UUID of the created VM:

9ecea6e2-6964-b944-e909-65a23b819ce7

Next you should check all parameters of your VM:

xe vm-list uuid=9ecea6e2-6964-b944-e909-65a23b819ce7 params=all

Again use tab to write the UUID automatically. What I'm actually interested in are the memory settings:

uuid ( RO)                          : 9ecea6e2-6964-b944-e909-65a23b819ce7
                    name-label ( RW): sugar
              name-description ( RW): Installed via xe CLI
                  user-version ( RW): 1
[...]
                 memory-actual ( RO): 0
                 memory-target ( RO):
               memory-overhead ( RO): 4194304
             memory-static-max ( RW): 268435456
            memory-dynamic-max ( RW): 268435456
            memory-dynamic-min ( RW): 268435456
             memory-static-min ( RW): 134217728
[...]
             protection-policy ( RW):
         is-snapshot-from-vmpp ( RO): false
                          tags (SRW):

These are only 268MB of RAM for this VM, so the installation will be very slow. Therefor we should change this by using a great Xen functionality called Dynamic Memory Control (DMC).

There are two modes available:

  • Target Mode and
  • Dynamic Range Mode.

Please read this FAQ about what to use and how. I've decided to use Target Mode. But first you have to change the static and dynamic max and min values to something more appropriate (otherwise you won't be able to set a memory-target).

So here is how it works:

xe vm-param-set uuid=9ecea6e2-6964-b944-e909-65a23b819ce7 memory-static-max=[SMa]

xe vm-param-set uuid=9ecea6e2-6964-b944-e909-65a23b819ce7 memory-dynamic-max=[DMa]

xe vm-param-set uuid=9ecea6e2-6964-b944-e909-65a23b819ce7 memory-dynamic-min=[DMi]

xe vm-param-set uuid=9ecea6e2-6964-b944-e909-65a23b819ce7 memory-static-min=[SMi]

The formula for these values is SMi \le DMi \le DMa \le SMa. What to choose for each of them is very up to you. Here is just a little recommendation from me but you really don't have to do this:

As SMa can be the largest value, you could set it to your actual amount of RAM. But please consider that there is also Dom0 which needs some of this memory. So I have 4GB of RAM in my old servers, therefor I set SMa to 3.5GB or SMa = 3500000000.

SMi depends on how much RAM you have in your servers and how many VMs you are planning to execute on them. As I am very limited with 4GB I set SMi = 512000000 and DMi = SMi and DMa = SMa. Finally you can set your memory-target:

xe vm-memory-target-set uuid=9ecea6e2-6964-b944-e909-65a23b819ce7 target=[memory-target]

This will be most likely the same value as DMa.

Now you have a last choice to make:

  1. Install from Install Repository
  2. Install from vendor media

As I'm using a template I will also use the default way of installation via an install repository. Even if you are using templates you could still install from vendor media, e.g if you only have a slow or even no Internet connection at all. Again, I will not describe how to do this here as you can find it in the Xen Cloud Platform Virtual Machine Installation Guide.

1.1 Install from Install Repository

First of all you have to find out the URL of your desired distribution install repository. You will have to search a bit to figure this out. For Ubuntu you can find it on http://archive.ubuntu.com/ubuntu.

It is recommended to use a mirror near to your location, so add your country code before archive. For Austria this is http://at.archive.ubuntu.com/ubuntu. Now set this repository for your created VM:

xe vm-param-set uuid=9ecea6e2-6964-b944-e909-65a23b819ce7 other-config:install-repository=http://at.archive.ubuntu.com/ubuntu/

Next you will have to assign a virtual network interface (VIF) for your VM. So check your available networks first:

xe network-list

Depending on how many network interface cards (NICs) you have in your servers this will show you different amounts of Xen bridges (xenbr). I will use the one from eth0 for my VM now:

uuid ( RO)                : edf3408d-29b6-51de-252d-c28031363a7b
          name-label ( RW): Host internal management network
    name-description ( RW): Network on which guests will get assigned a private link-local IP address
[...]
uuid ( RO)                : baf6dd81-6550-7446-b57f-dfe633759b33
          name-label ( RW): Pool-wide network associated with eth0
    name-description ( RW):
              bridge ( RO): xenbr0
[...]
          name-label ( RW): Host internal management network
    name-description ( RW): Network on which guests will get assigned a private link-local IP address
              bridge ( RO): xapi1

So this means xenbr0 for me:

xe network-list bridge=xenbr0 --minimal

This will give me the UUID only:

baf6dd81-6550-7446-b57f-dfe633759b33

At last we can create the VIF:

xe vif-create vm-uuid=9ecea6e2-6964-b944-e909-65a23b819ce7 network-uuid=baf6dd81-6550-7446-b57f-dfe633759b33 mac=random device=0

This will again show you the UUID of the newly created VIF:

348f8790-0f9b-bbe5-abd2-f4d86cf26fd7

Finally, we can start the VM with the following command:

xe vm-start uuid=9ecea6e2-6964-b944-e909-65a23b819ce7

This will take a few seconds and if there are no errors, it means that it worked and the VM is running. Now the last thing to do is to follow the installation and do some configuration steps inside the OS. Therefor you would have to access the console.

Actually this is provided by Virtual Network Computing (VNC) so you would only need to connect with a VNC viewer. Unfortunately this is quite circumstantial and not that easy to handle. So I would recommend you to use a graphical software for this.

If you are working on Windows you could use XenCenter which is provided by Citrix for free, even if it is not open source. Alternatively you could try OpenXenManager which is open source but in my experience not working very well on Windows.

Oracle VM VirtualBox on Windows Vista

Ubuntu 10.04 Desktop VM in Oracle VM VirtualBox on Windows Vista

If you are running Linux then this may be your first choice. I have an Oracle VM running on my Windows PC with Ubuntu 10.04 Desktop and have OpenXenManager installed on this.

Xen VNC console in OpenXenManager

Xen VNC console in OpenXenManager on Linux Ubuntu

How to secure WordPress

One of my favorite blogs on the Internet is the one by eITWebguru which offers very useful information for a wide area of computer and especially hosting topics. Additionally there are various tricks and tweaks for several problems and issues.

Recently, author Milind, as far as I know the only one posting on this blog at the moment, wrote an article about steps to secure WordPress. As I'm using this great free tool for my homepage myself and am also always interested in security, I instantly tested and implemented these steps.

Nevertheless I found some of them not to be very current or accurate. Therefor I wanted to offer you a short summary of the single steps:

  1. Keep your blog updated
    1. WordPress can check for updates automatically
    2. You should always install the most current version
    3. Also keep all your plugins updated
    4. Don't use plugins that are not under active development
    5. Delete inactive plugins
  2. Secure wp-config.php
    1. Set permissions to 750
  3. Hide the version of your WordPress install
    1. Use the Secure WordPress plugin
  4. Disallow wp-* folders from being crawled
    1. Create or update your robots.txt
  5. Use Intrusion Detection System (IDS) Plugins
    1. Mute Screamer
    2. Installs PHPIDS, a state-of-the-art security layer for PHP
    3. Includes monitoring
  6. Use strong passwords
  7. Run Backups regularly

How to take ownership of user profile folders in Microsoft Windows domains

User profile folders in Microsoft Windows domains are automatically generated by the system itself and grant access for the user only. If you want to have access to this folder as a domain administrator, you have to take ownership of the folder first.

The following how-to is not only for profile folders but works always if you want to change messed up security settings or system-generated folders.

When you do a right click on the user profile folder and choose the "Security" tab, you will see a window similar to this:

Security tab of Properties

Properties of a system-generated User Profile Folder

It says "You do not have permission to view or edit this object's permission settings."

  • Click on "Advanced"
    • Now choose the "Owner" tab
Owner tab

Take ownership of a system-generated folder

  • Click "Edit..."
    • Select your administrator account
    • Tick the checkbox
      • "Replace owner on subcontainers and objects"
Replace owner on subcontainers and objects

Replace owner on subcontainers and objects

      • Click "Apply"
      • You will get a very important warning message
All permissions will be replaced

Windows Security warning message

It says: "All permissions will be replaced if you press Yes." So click "Yes" only if you know how to set the correct permissions lateron.

After pressing "Yes" it shows some progress depending on the amount of files and subfolders inside the folder and finally another Windows security information:

You will need to close and reopen the properties

Windows Security information

So click "OK" four times on open the properties again. Now you are able to edit the security settings, but your user is the only one with granted access. For a user profile folder you will have to at least add the SYSTEM and the user account who belongs to this profile.

Default permissions on user profile folders

Permissions

Grant them all full control.

Howto create Password protected (and encrypted) Folders in Linux Ubuntu 11.10

I have some files and folders on my computer which are really only for me and noone else. Now there are two separate situations where this could become a problem:

  • Data gets lost or stolen
    • In this case I would like to have private files not only protected with a password, but also encrypted, so that no unwanted access is possible.
    • It could also happen when you store files on an USB stick or someone tries to mount your disk inside another machine, which would allow him to access all your unprotected files.
  • PC is not locked and someone uses this situation to access my files
    • When you are logged in with your user, it is of course possible to access all your files. So if you are away from keyboard for a while and forget to lock your screen, it might happen that another person opens your private files.

I thought there has to be a great solution for this integrated within Ubuntu already. Unfortunately this is not really the case, but still there are lots of great tools enabling you to protect your files however you want to.

So I started to investigate into this a bit and found the great package eCryptFS. This might be installed on your system already, as it is possible to encrypt your whole home directory all the time.

This is an option you can choose during the installation of current Ubuntu versions. If you check it, Ubuntu uses eCryptFS to encrypt your home directory with your login password, and automatically decrypts it when you login so you can access all your files. This is great espacially for business laptops, so when they get stolen, it's very hard to crack them and steal data as well.

To generate an encrypted directory you first need to check if eCryptFS is already installed via the Ubuntu Software Center.

Check if eCryptFS is already installed

Search for eCryptFS

Open the Ubuntu Software Center and search for "ecryptfs". If it is marked with the green checkmark it is installed already. Otherwise install it by choosing it and then clicking on "install".

You could also use the terminal, as we will nevertheless need it soon:

sudo apt-get install ecryptfs-utils

Afterwards it can be used to create an encrypted folder in your home directory. By default, this directory is called "Private" and is automatically decrypted when you log in. It is then automatically encrypted when you log off.

To create it, simply:

ecryptfs-setup-private

This will ask first for your login password, so enter it here. You will next be asked to "Enter your mount passphrase [leave blank to generate one]" , leave this blank (hit the enter key) and a random passphrase will be generated. That is all there is to it. Any data you place in ~/Private will be encrypted in ~/.Private when you log off.

Now this helps for my first problem, but there is still the other issue about forgetting to lock the screen. The private folder doesn't help there, since as soon as I'm logged in, the folder is decrypted and can be accessed by anyone.

So my search continued, but I soon found the great tool Cryptkeeper. It can also be installed via the Ubuntu Software Center or the terminal by typing:

sudo apt-get install cryptkeeper

Unfortunately this didn't work or at least it absolutely seemed to be not working. When I tried to start Cryptkeeper, just nothing happened. Well, actually it started the process sleeping, but I wasn't able to see anything.

Actually you should be able to see it in the notification area (systray):

Cryptkeeper (the keys icon) appearing in the notification area

Cryptkeeper (the keys icon) in the notification area

As I wasn't able to see those keys at the right top of my screen I gave up and continued my search for an alternative. So I found TrueCrypt. This was at least working, but not exactly the way I wanted to.

TrueCrypt seems to be great for encrypting whole USB sticks or external drives, but it's not so good for encrypting single folders. It is indeed possible, but you can't create a real folder, but some kind of binary file you then have to open with TrueCrypt.

So it's too circuitous for me, why I had to find out what was going on with Cryptkeeper and why it won't be working. After a short investigation I was able to find the reason:

When Gnome became Unity, it lost its notification area (called Systray by the Ubuntu developers) in 11.04, but it was reenabled with an update soon afterwards. Unfortunately only for a few applications: Java apps, Mumble, Wine applications, Skype, and hp-systray.

But there's an easy way to either re-enable the Systray for all applications or to whitelist Cryptkeeper only.

  • To enable the Notification Area (Systray) for all applications, run the following command:
gsettings set com.canonical.Unity.Panel systray-whitelist "['all']"
  • You can only whitelist a certain application if you want, for Cryptkeeper by using the following command:
gsettings set com.canonical.Unity.Panel systray-whitelist "['JavaEmbeddedFrame', 'Mumble', 'Wine', 'Skype', 'hp-systray', 'cryptkeeper']"

Once you run the command, log out and then log back in. Here is a step by step tutorial of Cryptkeeper, but it is very easy and intuitive to use. Now that is exactly what I was looking for!

Howto export Microsoft Outlook Contacts and import them into Evolution

I have only one mobile phone at the moment, which is my business BlackBerry.

BlackBerry is really great in synchronizing all your Microsoft Outlook data with your mobile. So although I'm using Linux privately, I always created all my contacts within Outlook, also my private ones.

But now I have tested the new great service Ubuntu One, a 5 GB online storage within the public Ubuntu Cloud for free. This allows you to synchronize your data between several Ubuntu clients, but also with other computers and even smart phones, as long as they have Internet access.

Additionally, there is a special contact synchronization service, so you need to have only one contact database and never have the problem of inconsitencies or loosing single contacts anymore. Sounds great, doesn't it? Well, for me it sounds at least really interesting, so I decided to give it a try.

But now I had the issue to move my contacts from Microsoft Windows running Outlook to Linux Ubuntu running Evolution. But you know, in modern times like these, this is as easy as it could be. Maybe this is the reason why I almost didn't find any howto for this, so I decided to write my own, even if it is really very easy. Nevertheless I hope it might be useful for someone.

Here's how it works:

Export Microsoft Outlook contacts to a Comma Separated Values (CSV) file

  • In Microsoft Outlook 2007 (should be very similar in other versions) click on "Contacts"
Contacts in Microsoft Outlook 2007

Contacts in Microsoft Outlook 2007

    • Then go to "File --> Import and Export ..."
      • Choose "Export to a file" and click "Next >"
Import and Export Wizard in Microsoft Outlook 2007

Import and Export Wizard in Microsoft Outlook 2007

  • Now choose "Comma Separated Values (Windows)" and click "Next >"
Export to a file dialog in Microsoft Outlook 2007

Export to a file dialog in Microsoft Outlook 2007

  • Then check that only "Contacts" is selected and click "Next >" again
    • Afterwards choose a path and file name, click "Next >" and "Finish" to export your contacts

Finally, transfer the CSV file to your Linux computer. There are several possibilities how to do that, e.g. use a USB stick, email it to yourself, share it via the network, etc. Do whatever suits you best.

Import the CSV file into Evolution

  • In Evolution 3.2.1 (and previous versions, but not before 2.0) go to "File --> Import ..."
    • Click "Continue"
    • Now choose "Import a single file" and click "Continue"
    • Click the filename field and browse for your CSV file
    • Choose “Outlook CSV or Tab (.csv, .tab)”
    • Pick a folder to import to

That's it!

Howto set default file associations in Nautilus on Linux Ubuntu 11.10

If you are browsing files and decide to open them from a Nautilus window by double-clicking the file, it will open in a specific default application. But what if the file association isn’t what you want and you would like to open the files with another program?

Thinking that you could simply access File Association settings like in Windows? Well, of course, there is something very similar to this which is easy to handle:

  • Right-click on a file of the type you wish to set a default application to open it with
    • Select Properties
Access properties of a file in Nautilus

Access properties of a file in Nautilus

  • Select the Open With tab
Open With tab in Properties

Open With tab in Properties

  • Select the application you want associated with that file-type

I want to open html files with KompoZer by default, so I additionally click on show other applications to see it in the list. Now that's it!

Howto disable run prompt for executable text files in Nautilus on Linux Ubuntu 11.10

By default, Nautilus in Ubuntu asks you every time you double-click an executable text file: "Do you want to run <the file>, or display its contents?"

Open Text File Prompt

Open Text File Prompt

In Nautilus go to "Edit --> Preferences".

Preferences in Nautilus

Preferences in Nautilus

On the second tab, Behavior, under Executable Text Files there is a choice to execute, open, or ask every time. Select the action you want.

Behavior in Preferences

Behavior in Preferences

In my case, I would like to show or open the files automatically, so I chose the second option. I hope this helps.

Of course you could also change the file permissions, but in my case I have several such files copied from older Linux distributions (mainly Freespire), and somehow it always created them this way or made them executable somehow. These settings are for Nautilus, the default file manager in Gnome or Unity desktops, so this should also work for other Ubuntu versions and even other distros.