apt get life - Life around technology

Setting up a KVM host on Ubuntu 18.04 with bridged networking

2018/09/16 by sudo

Since the launch of Ubuntu server 18.04, I’ve had a few people ask me how to setup bridged networking since the changeover to netplan for networking. The setup’s actually quite straight forwards once you know how. Start out by installing KVM and associated packages (I’m assuming you’re on a fresh Ubuntu 18.04 box):

sudo apt install bridge-utils qemu-kvm libvirt-bin

1	sudo apt install bridge-utils qemu-kvm libvirt-bin

You should now be able to access virsh, to test it just run the command to list the virtual machines on the host (this will of course output an empty list. We just want to make sure the command hasn’t failed before going further):

virsh list --all

1	virsh list --all

<h2> Id    Name                           State</h2>

1	<h2> Id Name State</h2>

Now edit the netplan file for the networking configuration of the host system:

sudo nano /etc/netplan/50-cloud-init.yaml

1	sudo nano /etc/netplan/50-cloud-init.yaml

The configuration should be edited to look similar to this:

network:
    ethernets:
        eno1:
            addresses: []
            dhcp4: true
            optional: true
    version: 2
    bridges:
        br0:
            interfaces: [eno1]
            dhcp4: true
            parameters:
                stp: false
                forward-delay: 0

network:

ethernets:

eno1:

addresses: []

dhcp4: true

optional: true

version: 2

bridges:

br0:

interfaces: [eno1]

dhcp4: true

parameters:

stp: false

forward-delay: 0

We’re basically defining a single ethernet port (eno1) and assigning it to a bride. Note that you can check your ethernet port name using the ‘ip address’ command on the command line and it will return your network adapters and IP addresses. It should be resonably obvious which one is your ethernet adapter from the list!

It’s worth noting that in this setup, we’re allowing DHCP to allocate addresses to the machine. If this isn’t what you want, take a look at the netplan examples here: https://netplan.io/examples

You can apply these change using:

sudo netplan apply

1	sudo netplan apply

And check it’s working:

ip address

1	ip address

networkctl list

1	networkctl list

If you’ve gotten this far without a network issue, you should be able to create machines using your favorite tool. I use Virtual Machine Manager (https://virt-manager.org/) which provides a reasonable user interface as well as remote management via SSH.

Setting up a Bond and Bridge in Netplan on Ubuntu 18.04

2018/09/12 by sudo

For some of my Ubuntu 18.04 servers, I need to run KVM virtual machines which require a bridge to the network so the machines get public LAN IP addresses and aren’t hidden behind NAT. With the server configuration for both my co-location and work server room the network interfaces are all bonded for fail-over. This means I need a bond to have a bridge ontop of it for the virtual machines to get public IP addresses, while still allowing for failover of the network connection in the event of a network failure.

There are some good examples of setting up netplan here: https://netplan.io/examples

They have a bridge example:

network:
  version: 2
  renderer: networkd
  bridges:
    br0:
      dhcp4: yes
      interfaces:
        - enp3s0

network:

version: 2

renderer: networkd

bridges:

br0:

dhcp4: yes

interfaces:

- enp3s0

And a bond example:

network:
  version: 2
  renderer: networkd
  bonds:
    bond0:
      dhcp4: yes
      interfaces:
        - enp3s0
        - enp4s0
      parameters:
        mode: active-backup
        primary: enp3s0

network:

version: 2

renderer: networkd

bonds:

bond0:

dhcp4: yes

interfaces:

- enp3s0

- enp4s0

parameters:

mode: active-backup

primary: enp3s0

But there’s not a clear indication of how to amalgamate the two. Here’s what I’ve ended up with in ‘/etc/netplan/50-cloud-init.yaml’:

network:
    bridges:
        br0:
            addresses:
            - 192.168.10.30
            dhcp4: false
            gateway4: 192.168.10.1
            nameservers:
                addresses:
                - 192.168.10.1
                - 192.168.10.2
                search: []
            interfaces:
                - bond0
    bonds:
        bond0:
            interfaces:
            - eno1
            - eno2
            parameters:
                mode: active-backup
    ethernets:
        eno1:
            addresses: []
            dhcp4: false
            dhcp6: false
        eno2:
            addresses: []
            dhcp4: false
            dhcp6: false

network:

bridges:

br0:

addresses:

- 192.168.10.30

dhcp4: false

gateway4: 192.168.10.1

nameservers:

addresses:

- 192.168.10.1

- 192.168.10.2

search: []

interfaces:

- bond0

bonds:

bond0:

interfaces:

- eno1

- eno2

parameters:

mode: active-backup

ethernets:

eno1:

addresses: []

dhcp4: false

dhcp6: false

eno2:

addresses: []

dhcp4: false

dhcp6: false

Note that I’ve obviously defined static IP addresses, but this isn’t a requirement. Just set ‘dhcp4: true’ and remove the ‘address’, ‘gateway’ and ‘nameserver’ sections if you’re using DHCP.

Once the file’s got that setup in it, it’s possible to run ‘sudo netplan apply’ and you should be able to run ‘networkctl list’ to check the bridge and bond are setup.

Fail2ban does not enable some rules

2018/08/12 by sudo

While setting up a webserver, I noticed that

fail2ban-client status

1	fail2ban-client status

did not list all of the rules that I’d configured in

jail.d

jail.d

. Althought configuration files were added to the directory, the status wasn’t showing them listed, so it hadn’t activated the jails. Running

service fail2ban restart

1	service fail2ban restart

didn’t add them either.

After spending some time researching, some people suggest changing the backend used in fail2ban from auto to polling in jail.conf. Since you shouldn’t edit jail.conf on a debian based system, I tried creating a new file

nano /etc/fail2ban/jail.local

1	nano /etc/fail2ban/jail.local

and adding the line

backend = polling

1	backend = polling

. This actually prevented the fail2ban service from starting for me. The errors in

systemctl status fail2ban.service

1	systemctl status fail2ban.service

didn’t show anything useful as to the cause of the error. In the end I reverted this change.

running

fail2ban-client reload

1	fail2ban-client reload

did present error messages detailing which rule couldn’t be activated:

ERROR No file(s) found for glob /var/log/apache2/*.log
ERROR Failed during configuration: Have not found any log file for apache-xmlrpc jail

1 2	ERROR No file(s) found for glob /var/log/apache2/*.log ERROR Failed during configuration: Have not found any log file for apache-xmlrpc jail

This then meant I was able to investigate the

jail.d

jail.d

config file with the rule indicated as causing the problem and correct the log file path.

fail2ban-client status

1	fail2ban-client status

then shows the correct jails running.

mount disk image created with dd using ubuntu

2017/03/05 by sudo

If you’ve cloned a whole drive using dd and you need to access one of the partitions on it here are some steps to follow in order to gain access:

Find the partition start sectors using fdisk -b512 -l. Note that you’re explicitly setting the sector size to 512 bytes and you’ll need to change your command to match your own image file.

fdisk -b512 -l backup_sata.img

1	fdisk -b512 -l backup_sata.img

You should get output similar to this (note I’ve truncated it to only show the appropriate output):

Device         Boot     Start       End   Sectors   Size Id Type
backup_sata.img1 *         2048    206847    204800   100M  7 HPFS/NTFS/exFAT
backup_sata.img2         206848 237185023 236978176   113G  7 HPFS/NTFS/exFAT
backup_sata.img3      237185024 588070911 350885888 167.3G  f W95 Ext'd (LBA)
backup_sata.img4      588070912 625137663  37066752  17.7G 27 Hidden NTFS WinRE
backup_sata.img5      237187072 588070911 350883840 167.3G  7 HPFS/NTFS/exFAT

Device Boot Start End Sectors Size Id Type

backup_sata.img1 * 2048 206847 204800 100M 7 HPFS/NTFS/exFAT

backup_sata.img2 206848 237185023 236978176 113G 7 HPFS/NTFS/exFAT

backup_sata.img3 237185024 588070911 350885888 167.3G f W95 Ext'd (LBA)

backup_sata.img4 588070912 625137663 37066752 17.7G 27 Hidden NTFS WinRE

backup_sata.img5 237187072 588070911 350883840 167.3G 7 HPFS/NTFS/exFAT

Normally sector are 512 bytes, so you can calculate the offset you need in the next command with:

start * 512 = offset

So if you want to mount backup_sata.img5 (partition 5 of the backup image) you’d run 237187072×512=121439780864:

mount -o ro,loop,offset=121439780864 backup_sata.img /backup_sata

1	mount -o ro,loop,offset=121439780864 backup_sata.img /backup_sata

Remember to have created /backup_sata or whatever directory you’re mounting to first!

Fixing Cannot remount block device is write protected on Ubuntu

2017/02/26 by sudo

While working on an old hard drive, I came across a problem that it would only mount as read only, even when specifying that it should mount as read write. Here’s an example:

mount /dev/sdb1 /media/aptgetlife/datadisk -o remount,rw
mount: cannot remount block device /dev/sdb1 read-write, is write-protected

1 2	mount /dev/sdb1 /media/aptgetlife/datadisk -o remount,rw mount: cannot remount block device /dev/sdb1 read-write, is write-protected

By this point I’d already got the data disk mounted to the local user media folder, so I could read data from /media/aptgetlife/datadisk but not write data to it.

After some investigation I was able to found this post on stack overflow regarding a similar problem and a solution using blockdev:

blockdev --setrw /dev/sdb1

1	blockdev --setrw /dev/sdb1

After which it was possible to run the mount command again, which didn’t present an error and allowed me to write data to the disk.

Share this:

Share this:

Share this:

Share this:

Share this: