What is Proxmox?

Proxmox Virtual Environment is an easy to use Open Source virtualization platform for running Virtual Appliances and Virtual Machines.
Proxmox VE is an open source project, developed and maintained by Proxmox Server Solutions GmbH.

Installation
The first thing that you are going to like of Proxmox, is that the installation of the latest stable consist of installing a Debian minimal on your machine, adding a custom repository and apt-getting proxmox-ve-2.6.32.
Keep in mind that the latest version is great for kvm support (both performances and compatibility) but you don’t get OpenVZ support (but it’s on the roadmap for the end of 2010). If you need OpenVZ support, you should stick to proxmox-ve-2.6.24 (old kernel, maybe incompatible with newer machines).

Network configuration
Before starting using your virtual environment, you need to configure network devices so you can use them. The most common configuration are bridged or routed (NATted).
The bridged configuration is straight-forward, and is great if you don’t need network separation for security reason: virtual machines will get IP from the DHCP of your current network.
The routed configuration is highly suggested for custom network setups, but need some knowledge of routing and iptables.

First access
After rebooting with the proxmox supplied kernel, you can start to configure virtual machines. What you need is HTTPS access to the proxmox server, using a browser (FireFox) with Java support (sigh, needed for getting video output of the guests).
Credentials are the same of the underlying system (user root).

Storage configuration
You can achieve best performances and easy management using a LVM-backed storage for your guests. With LVM you can easily create or expand disks assigned to guests, without the overhead of an underlying filesystem like with disk images (qcow, vdi, vmdk, etc). The standard directory based storage is anyway needed for storing ISO images.

Backups
A feature that I cannot find on other VE manager, is an integrated management of backups. You need to configurare a new storage with type “backups”, I use a remote NFS share.
If you have sufficient space on LVM volume group, you can use the snapshot backup model, that will ensure you only few seconds of downtime even with a very large disk.

Cluster management
Another killer-feature of Proxmox is the cluster management: on one page you can get the status of all of your proxmox machines and within a few clicks you can migrate guest from a server to another. The only things you need is to configure a master node and attach all others as slaves, with only one command on every server.

Questa è una versione di testing (RC1 – Changelog), ma che dovrebbe già esser abbastanza stabile per l’utilizzo di tutti i giorni.

La procedura di aggiornamento del post precedente è sempre valida (DangerSPL è obbligatorio, ma non serve reinstallarlo ogni volta).

Download: XDA
Refs: cyanogenmod.com

Prerequisites:
* A working tor client on your workstation
* A registered nick on Freenode

What you need:
* http://freenode.net/sasl/cap_sasl.pl (irssi plugin for SASL auth)

You should add or change the server for connecting to Freenode:

servers = (
  {
    address = "p4fsi4ockecnea7l.onion";
    chatnet = "freenode";
    port = "6667";
    autoconnect = "yes";
  }
);

wget the perl irssi script in and add it to autostart.

cd ~/.irssi/scripts/
wget http://freenode.net/sasl/cap_sasl.pl
cd ~/.irssi/scripts/autorun
ln -s ../cap_sasl.pl

In irssi do:

/sasl add freenode <nick> <pass> DH-BLOWFISH
/sasl save

Now launch irssi using the tor wrapper, torify:

torify irssi

As an additional note, I added a line to the perl script to make it working on my irssi:

--- cap_sasl_old.pl     2010-01-28 22:38:43.000000000 +0100
+++ cap_sasl.pl 2010-07-10 13:10:04.000000000 +0200
@@ -4,6 +4,7 @@
 # $Id$
 
 use MIME::Base64;
+use Irssi::Irc;
 
 $VERSION = "1.1";
 

For macports users:

sudo port install p5-crypt-blowfish p5-crypt-dh p5-crypt-openssl-bignum \
p5-math-gmp p5-math-pari

Although I’ve installed these libraries, I continue to get the error:

Math::BigInt: couldn't load specified math lib(s), fallback to Math::BigInt::Calc at 
          /opt/local/lib/perl5/vendor_perl/5.8.9/Crypt/DH.pm line 6

Comments welcome.

Reference: http://freenode.net/irc_servers.shtml#tor

Screenshot:

Se avete ancora il firmware originale, dovrebbero ancora valere i passi descritti nel precedente post su CyanogenMod 4.x per poter installare una recovery image custom (fino a Installazione Android 1.6 + CyanogenMod escluso, ovviamente).

Ho seguito la guida presente sul wiki di CM: DangerSPL and CM 5 for Dream.

Requisiti:
* HTC Dream/G1 con immagine di recovery custom (Home+Power in fase di boot)
* Radio Compatibile (versione 2.22.19.26I, vedi con Camera+Power in fase di boot)

Files richiesti:
* Danger Spl
* gapps-ds-ERE36B-signed.zip
* CM5 for Dream/Sapphire

Ultima versione testata da me: CyanogenMod-5.0.8

Passi di installazione:

1. Copia tutti e tre i file zip sulla memoria SD
2. Riavvia in modalità  Recovery (Home+Power)
3. Esegui un nandroid backup (Opzionale)
4. Data/Factory Reset
5. Apply Update: DangerSPL (spl-signed.zip)
6. Reboot e rientra in Recovery (Home+Power)
7. Apply Update: CM5
8. Apply Update: gapps-ds-ERE36B
9. Reboot e attendi con pazienza il primo avvio (circa 5 minuti)

deb http://medibuntu.scorpionworld.it/ hardy free non-free
deb http://medibuntu.scorpionworld.it/ jaunty free non-free
deb http://medibuntu.scorpionworld.it/ karmic free non-free
deb http://medibuntu.scorpionworld.it/ lucid free non-free

New features for Xen 4.0.0 include performance improvements, better scalability, blktap2 for VHD image / snapshots / cloning support, improved IOMMU PCI pass-through for Intel VT-d and AMD IOMMU systems, VGA primary graphics card pass-through support to an HVM guest for high performance graphics using direct access to the graphics card, memory page sharing and page-to-disc for HVM guests, Netchannel2 for improved networking, online resize of guest disks without reboot/shutdown, para-virtual high-performance USB pass-through to both PV and HVM guests, and many other new features and changes.

From Phoronix

VGA Passthrough: 3D hardware acceleration inside guests.

mkdir /media/grip/
mount /dev/sdc1 /media/grip/
sudo debootstrap lenny /media/grip/ http://www.emdebian.org/grip/
cd /media/grip/
mount -o bind /dev/ dev/
mount -o bind /proc proc/
chroot . /bin/bash
aptitude update
aptitude install linux-image-2.6.28-1-686 initramfs-tools
aptitude install what-you-want
aptitude install grub
grub-install /dev/sdc
update-grub
exit
umount dev/
umount proc/
cd ../
umount grip/

Now you have a bootable EmDebian Grip install (less than ~80 Mb required)

When installing a kernel, an error may appear:

Running depmod.
Running update-initramfs.
Error retreiving answer for linux-image-2.6.28-1-686/postinst/create-kimage-link-2.6.28-1-686: Unsupported command "update-initramfs:" (full line was "update-initramfs: Generating /boot/initrd.img-2.6.28-1-686") received from confmodule. at /var/lib/dpkg/info/linux-image-2.6.28-1-686.postinst line 671,  line 3.
dpkg: error processing linux-image-2.6.28-1-686 (--configure):
subprocess post-installation script returned error exit status 128
Errors were encountered while processing:
linux-image-2.6.28-1-686

For fixing it, insert in /etc/kernel-img.conf:

do_symlinks = yes
relative_links = yes
do_bootloader = no
do_bootfloppy = no
do_initrd = yes
link_in_boot = no
postinst_hook = update-grub
postrm_hook   = update-grub

The server was a:
CPU Intel Xeon X3430
RAM 4GB
HD 4x500GB

During the installation, on each of the 4 disks, I created:
- a small /boot partition (~300Mb)
- 10 Gb RAID1 for /
- 1 Gb RAID10 for swap
- remaining space as RAID10, with a big LVM volume on top of it.

Please note: at the end of the installation, you should manually install grub on every disk, because if the first disk get destroyed, you cannot boot your system.

mkdir /boot2 /boot3 /boot4
mount /dev/sdb1 /boot2
mount /dev/sdc1 /boot3
mount /dev/sdd1 /boot4
rsync -av /boot/ /boot2/
rsync -av /boot/ /boot3/
rsync -av /boot/ /boot4/
umount /boot2/ /boot3/ /boot4/
dd if=/dev/sda of=/dev/sdb count=1 bs=512
dd if=/dev/sda of=/dev/sdc count=1 bs=512
dd if=/dev/sda of=/dev/sdd count=1 bs=512

At this point, installing kvm plus virt-manager is straightway:

aptitude install kvm libvirt-bin virt-manager

Remember that Lenny is getting pretty old, so for getting more from your server, you should use the backports.org packages.

Now add your user to the libvirt and kvm system groups (/etc/groups):

[..]
kvm:x:112:bob
libvirt:x:115:bob
[..]

At this point, you should connect to virt-manager GUI. As far as I understood, virt-manager support connections from remote hosts, but the TLS configuration is not so well documented, so you can simply do X11 forwarding or install a VNC server, or NX server, on the host to get the local virt-manager.

What I usually do on my lan from my laptop is:

ssh -X -l myuser myserver.local
virt-manager

And the virt-manager window will popup.

LVM Configuration
Edit->Host Details->Storage
Add your LVM Volume Group defined during the first setup: from this window, you can create virtual disks for your machines.
Using LVM instead of simple disk images give great benefits: less overhead, and the ability to expands images (and filesystems on it) without even rebooting the VM.

Network Configuration
You can use both bridged networks and private networks. Bridged networks are used when a VM should have the same subnet address of the other hosts on the local networks.

Bridged networks requires additional configuration on the host to work:

cat /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#auto eth0
#allow-hotplug eth0
#iface eth0 inet static
#        address 192.168.0.4
#         netmask 255.255.255.0
#         gateway 192.168.0.1

auto br0
allow-hotplug br0
iface br0 inet static
         address 192.168.0.4
         netmask 255.255.255.0
         gateway 192.168.0.1
         bridge_ports eth0
         bridge_stp off
         bridge_maxwait 15

Private networks should be use to isolate the virtual machine from the physical networks. You can create a DMZ using strict iptables rules for allowing clients to reach VM inside a private network. You can take a look on the iptables scripts I am using on the host, that use both bridged and private networks.

cat firewall.sh
#! /bin/bash
# By Giovanni Toraldo

LAN='br0'
VLAN='virbr0'
SUBNET='192.168.0.0/24'
VSUBNET='192.168.122.0/24'

## FLUSH
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

## Default Policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Basic Routing/Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -i lo -j ACCEPT

## Local Inbound Services
iptables -A INPUT -p tcp --dport 22 -j ACCEPT # ssh
iptables -A INPUT -p tcp --dport 25 -j ACCEPT # mail
iptables -A INPUT -p udp --dport 123 -j ACCEPT # ntp
iptables -A INPUT -p tcp --dport 80 -s $SUBNET -j ACCEPT # nginx

# VLAN - I accept and route all traffic
iptables -A INPUT -i $VLAN -j ACCEPT
iptables -A INPUT -i $LAN -j ACCEPT
iptables -A FORWARD -i $VLAN -j ACCEPT
iptables -A FORWARD -i $LAN -o $VLAN -j ACCEPT
# Masquerading packets from private networks only!!
iptables -t nat -A POSTROUTING -s $VSUBNET -o $LAN -j MASQUERADE

My static key server config (/etc/openvpn/ogre.conf):

dev tun
ifconfig 10.0.66.1 10.0.66.2
secret static.key
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
# keep commented if using a privileged port
#user nobody
port 53
proto udp

The logfile of the failing openvpn:

Feb 28 09:48:37 ogre ovpn-ogre[6383]: OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Feb 28 09:48:37 ogre ovpn-ogre[6383]: /usr/sbin/openvpn-vulnkey -q static.key
Feb 28 09:48:38 ogre ovpn-ogre[6383]: LZO compression initialized
Feb 28 09:48:38 ogre ovpn-ogre[6383]: TUN/TAP device tun0 opened
Feb 28 09:48:38 ogre ovpn-ogre[6383]: /sbin/ifconfig tun0 10.0.66.1 pointopoint 10.0.66.2 mtu 1500
Feb 28 09:48:38 ogre ovpn-ogre[6388]: UID set to nobody
Feb 28 09:48:38 ogre ovpn-ogre[6388]: UDPv4 link local (bound): [undef]:53
Feb 28 09:48:38 ogre ovpn-ogre[6388]: UDPv4 link remote: [undef]
Feb 28 09:48:47 ogre ovpn-ogre[6388]: Peer Connection Initiated with 79.47.206.122:62799
Feb 28 09:48:47 ogre ovpn-ogre[6388]: Initialization Sequence Completed
Feb 28 11:28:25 ogre ovpn-ogre[6388]: read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Feb 28 11:28:34 ogre ovpn-ogre[6388]: Inactivity timeout (--ping-restart), restarting
Feb 28 11:28:34 ogre ovpn-ogre[6388]: SIGUSR1[soft,ping-restart] received, process restarting
Feb 28 11:28:36 ogre ovpn-ogre[6388]: Re-using pre-shared static key
Feb 28 11:28:36 ogre ovpn-ogre[6388]: LZO compression initialized
Feb 28 11:28:36 ogre ovpn-ogre[6388]: TCP/UDP: Socket bind failed on local address [undef]:53: Permission denied
Feb 28 11:28:36 ogre ovpn-ogre[6388]: Exiting