(91) 350-9520 support@omarine.org M-F: 7 AM - 7 PM; Weekends: 9 AM - 5 PM

Creating manageable virtual machines: General Network Setup

We have brought Omarine to a cloud and run it in a guest VM. Now we create a full virtual machine system that includes a host machine and guest virtual machines.

I/ GENERAL NETWORK SETUP

There are two solutions to setup network interfaces on a server running Omarine: Using NetworkManager and static IP services; use systemd’s systemd-networkd service.

1. Running Omarine on a client machine connected to an intranet

There is nothing to install in this case except for a little adjustment. The client receives the IP address, hostname (FQDN), other network settings from the server through the DHCP server, and routes, which are automatically performed along with the NetworkManager on the client. Most likely you only use an Ethernet card for the client machine.

Firewall is not needed inside the local network:

sudo systemctl stop firewall &&
sudo systemctl disable firewall

Default static IP service should be disabled:

sudo systemctl stop ipstatic && 
sudo systemctl disable ipstatic

Create resolv.conf, assuming your domain name is example.com and the IP address of the server is 192.168.0.1:

sudo tee /etc/resolv.conf << EOF
search example.com
nameserver 192.168.0.1
EOF

Optional. Delete configuration lines in dhclient.conf unused for clients:

sudo sed '/supersede\|prepend/d' -i /etc/dhclient.conf

Restart NetworkManager:

sudo systemctl restart NetworkManager

2. Use NetworkManager together with static IP services

This is the default solution for servers.

Most computers have an Ethernet interface and a WLAN interface. We will use WLAN interface to connect to the Internet and Ethernet interface, for example, to serve a local area network. Since the server needs at least one static IP address, the ipstatic service is started by default. The ipstatic service ensures that the Ethernet interface keeps its IP address even if the link is in UP or DOWN state (even when you unplug the network cable or when the computer enters sleep mode).

First you need to update ipstatic-3.1-2.x86_64:

sudo rpm -U ftp://ftp.omarine.org/phamtyn/packages/04-net/ipstatic-3.1-2.x86_64.rpm

Systemd renames interfaces derived from traditional interface names such as eth0, eth1, wlan0, and so on. Renaming is intended to provide a stable and predictable interface name. To disable such renaming, you have three options:

  1. Disable naming policy:

    sudo mkdir -p /etc/systemd/network &&
    sudo ln -s /dev/null /etc/systemd/network/99-default.link
    

  2. Name the interfaces with names like “internet0”, “lan0” by creating .link files in /etc/systemd/network. See systemd.link (5) for details.
  3. Pass net.ifnames=0 on the kernel command line:

    sed '/GRUB_CMDLINE_LINUX/s@"$@ net.ifnames=0"@' -i /etc/default/grub &&
    sudo grub-mkconfig -o /boot/grub/grub.cfg

In this example we use an Ethernet interface named enp0s25 and a WLAN interface named wlp3s0. We do not set the default gateway for enp0s25 for the server. That’s for wlp3s0. The interface enp0s25 is used as the default gateway for local machines.

The next is to switch the default firewall to the firewall set at the external interface, is wlp3s0:

sudo systemctl stop firewall &&
sudo systemctl enable firewall@wlp &&
sudo systemctl start firewall@wlp

Thus, NetworkManager does not manage the Ethernet interface, but only manages the WLAN interface.

If you have a second Ethernet interface, edit /etc/sysconfig/ipstatic2, then run the ipstatic2 service. To uninstall an interface, for example this second interface, you just turn off the service:

sudo systemctl stop ipstatic2

Optional. You can disable the systemd-networkd services of systemd:

sudo systemctl disable systemd-networkd &&
sudo systemctl disable systemd-networkd-wait-online

3. Setting up network interfaces using systemd’s systemd-networkd service

This is an advanced solution for larger networks. This solution focuses on Ethernet interfaces and bridge interfaces. You can still use WLAN, however, without NetworkManager.

Here we install the Ethernet interfaces and bridge interfaces to prepare for the creation of virtual machines using network bridge. Virtual machines in the virtual machine system with the bridge can connect and become members of a local network as usual.

You create the directory /etc/systemd/network if not yet, then create files in it as follows:

sudo tee /etc/systemd/network/10-br0.netdev << EOF
[NetDev]
Name=br0
Kind=bridge
EOF

sudo tee /etc/systemd/network/11-enp0s25.network << EOF
[Match]
Name=enp0s25

[Network]
Bridge=br0
EOF

sudo tee /etc/systemd/network/20-br0.network << EOF
[Match]
Name=br0

[Network]
Address=192.168.0.1/24
#Gateway=
EOF

sudo tee /etc/systemd/network/21-wlp3s0.network << EOF
[Match]
Name=wlp3s0

[Network]
DHCP=yes
EOF

The installation of firewall is the same as above, set for wlp3s0.

We cancel the NetworkManager service and static IP services:

sudo systemctl stop NetworkManager &&
sudo systemctl disable NetworkManager &&
sudo systemctl stop ipstatic &&
sudo systemctl disable ipstatic &&
sudo systemctl stop ipstatic2 &&
sudo systemctl disable ipstatic2

Operation interface is now br0 instead of enp0s25:

sudo sed '/INTERFACE/c INTERFACE=br0' -i /etc/sysconfig/ipstatic

Install and run systemd-networkd services:

sudo systemctl enable systemd-networkd &&
sudo systemctl start systemd-networkd &&
sudo systemctl enable systemd-networkd-wait-online

Modify the systemd-networkd-wait-online service to make sure the computer safely goes into sleep mode if need:

if ! grep "\-\-timeout" /lib/systemd/system/systemd-networkd-wait-online.service; then
    sudo sed '/ExecStart/s,$, --timeout=0,' \
             -i /lib/systemd/system/systemd-networkd-wait-online.service
fi

Since there is no NetworkManager, we must create a wireless network authentication configuration file directly. Given that the name of the wifi station is MYWIFI, the password is xxxxxxxx:

sudo wpa_passphrase "MYWIFI" "xxxxxxxx" | \
    sudo tee /etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf

Setup wireless network authentication and connectivity:

sudo systemctl enable wpa_supplicant@wlp3s0 &&
sudo systemctl start wpa_supplicant@wlp3s0

Virtual machine system that using the bridge requires IP forwarding. However, the firewall on the external interface has been setup to satisfy for this.

Advertisements

Gửi phản hồi

%d bloggers like this: