VMware ESXi 3.5 /4.0 on Xen (How-to)

This may seem a truly useless idea to a lot of people, however I’ve always found having a ‘lab’ at home capable of building pretty much every system scenario very useful. Dealing daily with VMware ESX servers and VMs in a production environment means that I can never “fiddle” around and get to grips with whats under the hood or deal with the unsupported or hidden functionality. My Xen server has allowed me to create pretty much every scenario I may need Oracle RAC clusters, interoperability between various operating systems and various development environments. When I first received the server that I use for my environments my first choice of setup was going to be a VMware ESX setup, however the hardware requirements restrict most installations to a subset of hardware configurations meaning I couldn’t install it. Originally it would have been impossible to install it under a xen HVM on the basis that the virtualised network adapters are unsupported by ESX, however luckily from 3.4.0 onwards the xen-tools have been updated and allow the use of the e1000/e100 network.

SSH tunnels

Sometimes getting to various servers especially virtualised systems, can be a nightmare due to various firewall rules restricting the physical machine or just down to the network architecture itself. For this example we’ll use two virtual machines which are located behind nat’d firewalls on two different physical hosts the firewalls permit SSH access out that is it.

[PHYS_A [VM_A:5901]]  <–/–>  [PHYS_B [VM_B]]

VM_A needs to run a VNC Server that will bind to VM_A:5901, however will no access to the firewall etc.. there is no way that there can be any port forwarding to this internal VM. We could use IPtables on the VM_A and then again use IPtables on PHYS_A to bind 5901 from VM_A’s IP to PHYS_A, however we are still behind a firewall.

To accomplish this sharing a server running SSH is required, the location of this server is completely irrelevant as long as it’s accessible with a standard user account. This server will be called SSH and both machines can access it through the firewall.

[PHYS_A [VM_A:5901]]  <—> [SSH] <—>  [PHYS_B [VM_B]]

The next step is to push the port on VM_A to the SSH server using the following command:

[user@VM_A]$ ssh -R5901: -C user@SSH

This will open a session that will create the port 5901 on the server SSH, this can be confirmed by running a netstat -a on the server SSH and seeing that 5901 is now listed as a TCP4 listening port.

[PHYS_A [VM_A:5901]]  <—> [SSH:5901] <—>  [PHYS_B [VM_B]]

The next step is to pull the port on SSH to VM_B where we have the client software (vncviwer). The following command is used to pull the port from an IP address and bind it to a local port in VM_B.

[user@VM_B]$ ssh -L5901: -C user@SSH

There will now be the port created on VM_B that tunnels through SSH to VM_A.

[PHYS_A [VM_A:5901]]  <—> [SSH:5901] <—>  [PHYS_B [VM_B:5901]]

The user on VM_B can now use the service as if it was actually running on the host itself.

[user@VM_B] vncviewer localhost:5901

Notes for SSH flags:

-R   [port to bind to on remote host] : [local host IP] : [localhost port]

-L   [local port to use] : [remote IP] : [remote port]

-C (adds compression)

Console/text based applications

Spending my days logging into systems remotely i’ve spent a good many years using many various text based applications that would under most circumstances completely depend upon a GUI. Also the fact that the display is based upon 80×25 characters, makes for multitasking applications that have text based user interfaces nigh on impossible without some help. I think i’ve pretty much gotten all of my configuration files sorted, and my set up is pretty much rock solid.

I’ve thrown together of scripts as well which make my life a heck of a lot more easier. I intend to comment through my configuration files and upload them, hopefully i’ll make someone else’s life a little bit easier.

Oracle Installation woes…

Oracle installs normally require a long time to change various settings and this is before you can get to the barebones install. A quick step through the ‘basics’ of setting up oracle requires:

– Tuning of Kernel Network parameters

– Creation of Users/groups

– Creation of Oracle directories/correct permissions

– Checking Physical memory/swap

– Configuration of Shared memory segments (more kernel tuning)

– Configuration of Semaphores (Read here (if you care))

– Configuration of File Handles

– Configuration of IP port ranges

– Configuration of various shell contraints

This is before you’ve installed one piece of Oracle software, and can result in some tedious work. I’ve created ‘albeit a rough edition’ a script that should hopefully reduce this tedium to about 2-3 minutes work. It’s only for linux EL at the moment, however it’ll be tuned to work on Solaris as soon as I build another host and tune the script.  Few to-do’s and i’ll upload it, perhaps someone might use it.