Difference between pages "Apache" and "Creating VMs"

From Wikislax
(Difference between pages)
Jump to: navigation, search
(Created page with "{{RightTOC}} == What is Apache ? == [http://httpd.apache.org Apache] is the most widespread and powerful Open Source HTTP server. Apache is included in the base Slackware d...")
 
(Creating a PV VM)
 
Line 1: Line 1:
 
{{RightTOC}}
 
{{RightTOC}}
  
== What is Apache ? ==
+
== the xl tool ==
  
[http://httpd.apache.org Apache] is the most widespread and powerful Open Source HTTP server.
+
There is a variety of tools and commands to handle virtual machines. Here we will use the Xen '''xl''' command.
  
Apache is included in the base Slackware distribution so it is possible to skip installation alltogether and proceed to [[Apache#Configuring Apache|Configuring Apache]] below. As part of Slackware, Apache benefits from Slackware security advisories.
+
* '''xl create ''file''''' affords creating a virtual machine based on the configuration in file ''file''. A one-starting sequential domain id is created.
  
== Installing Apache ==
+
* '''xl destroy ''domid''''' affords destroying a virtual machine with domain id ''domid''. Of course using the system in the VM will be a preferred method to terminate.
  
[http://httpd.apache.org/download.cgi Download] Apache and untar under /usr/local. The [http://httpd.apache.org/docs/2.2 documentation] is available online. By default apache is installed in '''/usr/local/apache2'''. Here we split apache in directories '''/etc''', '''/usr/local''' and '''/var/www'''. '''--enable-authnz-ldap''' and '''--enable-ldap''' enable LDAP based authentication, '''--enable-ssl''' enables SSL/TLS support, '''--with-openssl''' specifies the location of the openssl source and '''--enable-so''' is required for '''PHP''', to be installed at the next step.
+
* '''xl help''' affords getting more information on other xm commands.
  
# groupadd apache
+
Xen supports paravirtualisation and hardware virtualization. Both can be used at the same time on a single Xen system.
# useradd -g apache apache
 
# tar -C /usr/local -xvf httpd-x.y.z.txz
 
# cd /usr/local/httpd*
 
# ./configure --prefix=/var/www --bindir=/usr/local/bin \
 
--sbindir=/usr/local/sbin --sysconfdir=/etc/httpd \
 
--libdir=/usr/local/lib64 --includedir=/usr/local/include \
 
--datarootdir=/usr/local/share --mandir=/usr/local/man \
 
--enable-authnz-ldap --enable-ldap --enable-ssl \
 
--with-openssl=/usr/local/openssl-1.0.2a \
 
--enable-so --enable-mime-magic
 
# make
 
# removepkg /var/log/packages/httpd-x.y.z
 
# mv /etc/httpd /etc/httpd.0
 
# make install
 
# make clean
 
# cd /var
 
# chown -R apache:apache www
 
  
== Configuring Apache ==
+
== Creating a PV VM ==
  
Edit '''/var/www/conf/httpd.conf''' to change the '''User''' and '''Group''' to '''apache''', enter the '''ServerAdmin''' e-mail address. To prevent apache from displaying version information, specify '''ServerSignature Off''' and '''ServerTokens prod'''. To prevent users from viewing directory content, remove the '''Indexes''' option in section '''<Directory "/var/www/htdocs">'''. Check section '''<IfModule dir_module>''' to make sure which file names will be served if a directory is requested (by default '''index.html''').
+
* in paravirtualization (PV) guest operating systems are modified so they are able to interlock with Xen without emulation or virtual emulated hardware. Xen PV guest kernels exist for Linux, NetBSD, FreeBSD, OpenSolaris and Novell Netware. Upstream kernel.org Linux kernels since Linux 2.6.24 include Xen PV guest (domU) support based on the Linux pvops framework, so every upstream Linux kernel can be automatically used as Xen PV guest kernel without any additional patches or modifications.
  
User '''apache'''
+
Paravirtualization requires storing the kernel to boot in the dom0 filesystem, and populating the system in a virtual partition. The kernel generated must be able to manage [http://wiki.qemu.org/download/qemu-doc.html#QEMU-PC-System-emulator the QEMU devices] and include the .config file [http://wiki.xen.org/wiki/Mainline_Linux_Kernel_Configs#Configuring_the_kernel domU options]. Here is a minimal example of such a [{{SERVER}}/wikislax/download/config-domU .config domU] file. The swap partition and VM filesystem can be created as below. Don't forget to update the root device in fstab :
Group '''apache'''
 
. . .
 
ServerAdmin '''postmaster@inner'''
 
 
'''ServerSignature Off'''
 
'''ServerTokens prod'''
 
 
<Directory "/var/www/htdocs">
 
. . .
 
Options '''Indexes''' FollowSymLinks
 
. . .
 
</Directory>
 
 
<IfModule dir_module>
 
    DirectoryIndex '''index.html index.htm index.php'''
 
</IfModule>
 
  
== Running Apache ==
+
# dd if=/dev/zero of=pv-sl12.swap bs=1024k count=1024
 +
# mkswap pv-sl12.swap
 +
# dd if=/dev/zero of=pv-sl12.img bs=1024k count=8192
 +
# mkfs -t ext3 pv-sl12.img
 +
# mkdir /tmp/loop
 +
# mount -o loop pv-sl12.img /tmp/loop
 +
# cp -ax /mnt/sl12/{bin,dev,etc,lib,root,sbin,usr,var} /tmp/loop
 +
# mkdir /tmp/loop/{home,proc,opt,sys,tmp}
 +
# chmod 777 /tmp/loop/tmp
 +
# vi /tmp/loop/etc/fstab
 +
# umount /tmp/loop
  
To automatically launch apache at startup, edit '''/etc/rc.d/rc.httpd''' and update the paths to reflect installation of the software under '''/usr/local/sbin'''. Give the file execution rights, launch the software using '''/etc/rc.d/rc.httpd start''', check if it's running by a '''ps -ef | grep httpd''', point your browser to http://localhost which should load the apache test page with the message '''It works!''', then open port 80 on the firewall.
+
Then a PV config file needs to be created. Samples are available from the /etc/xen directory. Here is an [{{SERVER}}/wikislax/download/sl12 example] running in a X window for slackware 12.1 (32 bits). The main config options to modify are :
  
  # '''vi /etc/rc.d/rc.httpd'''
+
  # Kernel image file in dom0 filesystem
  . . .
+
  kernel = "/boot/vmlinuz-3.4.2-domU"
case "$1" in
+
  # Not using any optional ramdisk
  'start')
+
  #ramdisk = "/boot/initrd.gz"
    /usr'''/local/sbin'''/apachectl -k start
+
  # Initial memory allocation (in megabytes) for the new domain.
  ;;
+
memory = 2048
  'stop')
+
  # A name for the new domain. All domains have to have different names,
    /usr'''/local/sbin'''/apachectl -k stop
+
  name = "sl12"
    killall httpd
+
  # Number of virtual CPUs
    rm -f /var/www/logs/httpd/*.pid
+
  vcpus = 2
  ;;
+
  # Define network interfaces
  'restart')
+
  vif = [ ' ' ]
    /usr'''/local/sbin'''/apachectl -k restart
+
  # Define disk devices. Note the device names xvda and xvdb
  ;;
+
  disk = [ 'file:/mnt/xen/sl12.img,xvda1,w', 'file:/mnt/xen/sl12.swap,xvdb,w' ]
  'graceful')
+
  # Define frame buffer device. Use sdl to view virtual machine in a window
    /usr'''/local/sbin'''/apachectl -k graceful
+
  vfb = [ 'sdl=1' ]
  ;;
+
  # Set root device.
  'graceful-stop')
+
  root = "/dev/xvda1 ro"
    /usr'''/local/sbin'''/apachectl -k graceful-stop
+
  # Window resolution additional parameters
  ;;
+
extra = "xen-fbfront.video=16,1280,768"
  *)
 
    echo "Usage: $0 {start|stop|restart|graceful|graceful-stop}"
 
  ;;
 
  esac
 
''':x'''
 
  # '''chmod u+x /etc/rc.d/rc.httpd'''
 
  # '''/etc/rc.d/rc.httpd start'''
 
  # '''ps -ef | grep httpd'''
 
  root      9875    1 1 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
 
  apache    9876  9875  0 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
 
  apache    9877  9875  0 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
 
  apache    9878  9875  0 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
 
  apache    9879  9875  0 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
 
  apache    9880  9875  0 07:52 ?        00:00:00 /usr/local/sbin/httpd -k start
 
root      9882  3198  0 07:52 pts/1    00:00:00 grep httpd
 
# '''vi /etc/rc.d/rc.firewall'''
 
  . . .
 
  iptables -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW
 
  . . .
 
  ''':x'''
 
  # '''/etc/rc.d/rc.firewall restart'''
 
  
== Using encryption ==
+
The VM can then be launched with '''xl create ''file''''' :
  
As we use HTTP applications that require login with passwords, we configure httpd.conf with SSL/TLS. This is described simply in the Apache documentation [https://httpd.apache.org/docs/2.4/en/ssl/ssl_howto.html SSL/TLS Strong Encryption: How-To]. At least the directives below are required in '''/etc/httpd/httpd.conf'''. The '''SSLCipherSuite''' directive enables only the strongest ciphers. '''apache.mtacert.pem.unsecure''' is a copy of your server certificate owned by '''apache:apache''' :
+
root@inner:/etc/xen# xl create sl12
 +
Parsing config from sl12
 +
root@inner:/etc/xen#
  
LoadModule ssl_module modules/mod_ssl.so
+
== Creating a HVM ==
 
Listen 443
 
<VirtualHost *:443>
 
    ServerName inner.studioware.com
 
    SSLEngine on
 
    SSLCertificateFile "/etc/ssl/certs/mtacert.pem"
 
    SSLCertificateKeyFile "/etc/ssl/private/apache.mtacert.pem.unsecure"
 
    SSLCipherSuite HIGH:!aNULL:!MD5
 
</VirtualHost>
 
  
For this example to work in Firefox with your self-signed CA certificate, you need to import it using the "Preferences" "Advanced" "Certificates" "View certificates" "Authorities" "Import" menu. We have chosen to encrypt all the site but it is possible to restrict directives to specific areas. More details can be found in the [https://httpd.apache.org/docs/2.4/en/mod/mod_ssl.html Apache Module mod_ssl] and [https://httpd.apache.org/docs/2.4/en/ Apache] documentations.
+
* in full hardware virtualization (HVM) guests require CPU virtualization extensions from the host CPU (Intel VT-x, AMD-V). Xen uses a modified version of Qemu to emulate full PC hardware, including BIOS, IDE disk controller, VGA graphic adapter, USB controller, network adapter etc for HVM guests. CPU virtualization extensions are used to boost performance of the emulation. Fully virtualized guests do not require kernel support, so for example Windows operating systems can be used as Xen HVM guest. Fully virtualized guests are usually slower than paravirtualized guests, because of the required emulation.
 +
 
 +
Full hardware virtualization requires only a disk image to execute in. Then a HV config file needs to be created. Samples are available from the /etc/xen directory. Here is an [{{SERVER}}/wikislax/download/win7 example] running in a X window for Windows 7. The main config options to modify are :
 +
 
 +
# Initial memory allocation (in megabytes) for the new domain.
 +
memory = 2048
 +
# A name for the new domain. All domains have to have different names,
 +
name = "win7"
 +
# Number of virtual CPUs
 +
vcpus = 4
 +
# Define network interfaces
 +
vif = [ 'type=ioemu, bridge=br0' ]
 +
# Define disk devices. Note the device names xvda and xvdb
 +
disk = [ 'file:/mnt/xen/win7.img,hda,w', 'file:/mnt/xen/win7.iso,hdc:cdrom,r' ]
 +
# enable SDL library for graphics, default = 0
 +
sdl=1
 +
# enable VNC library for graphics, default = 1
 +
vnc=0
 +
# set VNC display number, default = domid
 +
vncdisplay=7
 +
 
 +
The VM can then be launched with '''xl create ''file''''' :
 +
 
 +
root@inner:/etc/xen# xl create win7
 +
Parsing config from win7
 +
root@inner:/etc/xen#
 +
 
 +
== A little screen shot ==
 +
 
 +
The 3 VMs displayed on this slackware 13.37 dom0 are slackware 12.1, windows 7 and windows 8.
 +
 
 +
[[file:Screenshot.png]]
  
 
<br/>
 
<br/>
  
{{pFoot|[[MySQL]]|[[Main Page]]|[[PHP]]}}
+
{{pFoot|[[Using Grub2]]|[[Main Page]]|[[OpenSSL]]}}

Revision as of 06:32, 7 July 2018

the xl tool

There is a variety of tools and commands to handle virtual machines. Here we will use the Xen xl command.

  • xl create file affords creating a virtual machine based on the configuration in file file. A one-starting sequential domain id is created.
  • xl destroy domid affords destroying a virtual machine with domain id domid. Of course using the system in the VM will be a preferred method to terminate.
  • xl help affords getting more information on other xm commands.

Xen supports paravirtualisation and hardware virtualization. Both can be used at the same time on a single Xen system.

Creating a PV VM

  • in paravirtualization (PV) guest operating systems are modified so they are able to interlock with Xen without emulation or virtual emulated hardware. Xen PV guest kernels exist for Linux, NetBSD, FreeBSD, OpenSolaris and Novell Netware. Upstream kernel.org Linux kernels since Linux 2.6.24 include Xen PV guest (domU) support based on the Linux pvops framework, so every upstream Linux kernel can be automatically used as Xen PV guest kernel without any additional patches or modifications.

Paravirtualization requires storing the kernel to boot in the dom0 filesystem, and populating the system in a virtual partition. The kernel generated must be able to manage the QEMU devices and include the .config file domU options. Here is a minimal example of such a .config domU file. The swap partition and VM filesystem can be created as below. Don't forget to update the root device in fstab : 

# dd if=/dev/zero of=pv-sl12.swap bs=1024k count=1024
# mkswap pv-sl12.swap
# dd if=/dev/zero of=pv-sl12.img bs=1024k count=8192
# mkfs -t ext3 pv-sl12.img
# mkdir /tmp/loop
# mount -o loop pv-sl12.img /tmp/loop
# cp -ax /mnt/sl12/{bin,dev,etc,lib,root,sbin,usr,var} /tmp/loop
# mkdir /tmp/loop/{home,proc,opt,sys,tmp}
# chmod 777 /tmp/loop/tmp
# vi /tmp/loop/etc/fstab
# umount /tmp/loop

Then a PV config file needs to be created. Samples are available from the /etc/xen directory. Here is an example running in a X window for slackware 12.1 (32 bits). The main config options to modify are : 

# Kernel image file in dom0 filesystem
kernel = "/boot/vmlinuz-3.4.2-domU"
# Not using any optional ramdisk
#ramdisk = "/boot/initrd.gz"
# Initial memory allocation (in megabytes) for the new domain.
memory = 2048
# A name for the new domain. All domains have to have different names,
name = "sl12"
# Number of virtual CPUs
vcpus = 2
# Define network interfaces
vif = [ ' ' ]
# Define disk devices. Note the device names xvda and xvdb
disk = [ 'file:/mnt/xen/sl12.img,xvda1,w', 'file:/mnt/xen/sl12.swap,xvdb,w' ]
# Define frame buffer device. Use sdl to view virtual machine in a window
vfb = [ 'sdl=1' ]
# Set root device.
root = "/dev/xvda1 ro"
# Window resolution additional parameters
extra = "xen-fbfront.video=16,1280,768"

The VM can then be launched with xl create file : 

root@inner:/etc/xen# xl create sl12
Parsing config from sl12
root@inner:/etc/xen#

Creating a HVM

  • in full hardware virtualization (HVM) guests require CPU virtualization extensions from the host CPU (Intel VT-x, AMD-V). Xen uses a modified version of Qemu to emulate full PC hardware, including BIOS, IDE disk controller, VGA graphic adapter, USB controller, network adapter etc for HVM guests. CPU virtualization extensions are used to boost performance of the emulation. Fully virtualized guests do not require kernel support, so for example Windows operating systems can be used as Xen HVM guest. Fully virtualized guests are usually slower than paravirtualized guests, because of the required emulation.

Full hardware virtualization requires only a disk image to execute in. Then a HV config file needs to be created. Samples are available from the /etc/xen directory. Here is an example running in a X window for Windows 7. The main config options to modify are : 

# Initial memory allocation (in megabytes) for the new domain.
memory = 2048
# A name for the new domain. All domains have to have different names,
name = "win7"
# Number of virtual CPUs
vcpus = 4
# Define network interfaces
vif = [ 'type=ioemu, bridge=br0' ]
# Define disk devices. Note the device names xvda and xvdb
disk = [ 'file:/mnt/xen/win7.img,hda,w', 'file:/mnt/xen/win7.iso,hdc:cdrom,r' ]
# enable SDL library for graphics, default = 0
sdl=1
# enable VNC library for graphics, default = 1
vnc=0
# set VNC display number, default = domid
vncdisplay=7

The VM can then be launched with xl create file : 

root@inner:/etc/xen# xl create win7
Parsing config from win7
root@inner:/etc/xen#

A little screen shot

The 3 VMs displayed on this slackware 13.37 dom0 are slackware 12.1, windows 7 and windows 8.

Screenshot.png


Using Grub2 Main Page OpenSSL
Retrieved from "http://studioware.com/wikislax/index.php?title=Apache&oldid=58"