Learning Tree Course 1902
Linux Virtualization

Downloads

These are chapter-by-chapter downloads for the material from Learning Tree's course #1902, Linux Virtualization. To get something very close to what you used in the class:

Install CentOS 7. Use the CentOS 7 Everything ISO image and you may have all the needed pieces already.
Download all the below archives, and extract them within /usr/local/src on that CentOS 7 system. The result will be directories /usr/local/src/ex-0* plus a directory /usr/local/src/learningtreerepo.
You may need some packages now in /usr/local/src/learningtreerepo or maybe not, depending on what all you installed from CentOS 7. It would be easier overall if you could simply add from the centos.org repo.
Install Ubuntu 14.04.2 (Trusty Tahr) or later on another platform.
Have the two plugged into a switch with a DHCP server and a default route getting them to the world.

chap02.tar.xz
214 MB
expands to 229 MB

chap03.tar.xz
275 MB
expands to 283 MB

chap04.tar.xz
424 bytes
expands to 4 kB

chap05.tar.xz
2.1 GB
expands to 2.3 GB

chap06.tar.xz
146 MB
expands to 148 MB

chap07.tar.xz
299 MB
expands to 1.4 GB

chap08.tar.xz
1.7 GB
expands to 8.1 GB

repo.tar.xz
77 MB
expands to 82 MB

YUM Repo

Now create a file /etc/yum.repos.d/course1902.repo containing the following:

[Course 1902]
name=Course 1902 Local Repository
baseurl=file:///usr/local/src/learningtreerepot
enabled=1
gpgcheck=0
priority=20

[CentOS]
name=CentOS 7 Everything ISO Image
baseurl=file:///usr/local/src/centos
enabled=1
gpgcheck=0

Finally, decide whether you need to make the CentOS 7 Everything ISO image part of your repo. You may have installed enough that you won't need to add anything. And, your installation should have created a repo definition from centos.org. So, go into that file above and change the last stanza to include enabled=0.

But if you still need to add the CentOS 7 Everything ISO image as a repo, get that downloaded ISO image, mount it up, and copy all its contents into /usr/local/src/centos. If the ISO image file is on your system, let's say in /usr/local/src/centos7-everything.iso, you could do something like this:

# cd /usr/local/src
# mkdir centos
# mount -o loop centos7-everything.iso centos
# df -hT

Exercise Tips

These are some hints and tips to go into the next revision:

Ex 1.1

Really, at all times: if you are doing nested virtualization, so your Linux machine that is the virtualization host is itself a virtual machine, maybe under vSphere, there are a few gotchas.

The host should always have IP routes! If it loses them somehow, add them back:

# ip route

if nothing seen, bounce the interface and test:

# ifdown enp0s20
# ifup enp0s20
# ip route

This applies throughout the course!

If you are trying to enable nested virtualization in ESXi, see this page.

Ex 2.1

In step 10, cd and pwd work because they are part of the shell, they aren't standalone commands. Notice in the output of step 8 that the chroot's /bin/ directory only contains bash, there aren't any other commands.

Ex 2.2

STEPS	WHAT HAPPENS
1-5	Build your own copy of what you used in Ex 2.1.
6-9	Test it.  Not very exciting...
10-15	Build a much more useful one out of BusyBox.
16-21	Test it.  That's more useful!  And still quite small:
	$ du -sh ~student/BBchroot
	Just under 1 MB.

Ex 2.3

STEPS	WHAT HAPPENS
1-5	Set up a much more complete chroot.
	(basically a complete Linux distro)
6-9	Denial of service!
10-17	Break out with jailbreak, as shown in the slides.
Bonus	Need root for entry, then unprivileged inside.

Ex 3.1

You might try this to see how many kernel objects are currently defined. A lot!

# find /sys /type f | wc -l

Again, make sure your IPv4 interface is up at the end, as explained above.

Ex 3.2

Again, make sure your IPv4 interface is up at the end, as explained above.

Ex 3.3

Here's a new container security project.

Ex 5.1

If your host OS, the Linux server running the virtualization, is itself a virtual machine running on top of vSphere, it is possible that you created it without a USB controller. A motherboard without a USB controller! How exotic! I don't know if you could easily buy such a thing. The people who wrote virt-manager did not account for such a strange situation.

Do these tests:

$ lspci | grep -i usb
$ lsusb

You would expect to see useful output from both commands. If the first command has no output, and the second only says:
unable to initialize libusb: -99
then you are in this strange situation.

If you are running without a USB controller on the host OS, then virt-manager cannot automatically open a virt-viewer connection to the virtual machine's console.

It's a simple fix: Close the failed viewer window. Then run this command, changing vmname to the name of your virtual machine:

# virt-viewer vmname &

This fix applies through the rest of the course.

Other tips or clarifications for just Ex 5.1:

In step 10 you are defining "myvm", you see that it gets defined.

In step 12, once you say "OK" to storage and set a root password, you can let it run and go on with step 13 in parallel.

In step 15, make sure you disable the screensaver! Bonus steps 23-25 show you why this is important.

Reason: the GNOME desktop environment used by default on Red Hat is a horrible resource sink, you will see that the virtualization hypervisor uses maybe 3-5% of one CPU while the host's graphics use 150-200%, or 1.5 to 2 complete CPUs.

Ex 5.2

See this page for an example of the uncommon vulnerabilities. This is VM escape by abusing CPU microcode. Notice that it is only possible on certain CPU models; it takes a kernel oops event, which is fixed by a kernel update and so you would have to be running an older kernel; and even then it only happens may 2 times out of every 30 or so attempts.

Ex 6.1

As for a bonus: Run top again as you did in step 14. See what process is using most of the CPU. Terminate it with the kill command. It will auto-respawn, so keep doing the top and kill. Eventually this will get you to the Android screen!

Unfortunately, at this point you can't go any further because Android is expecting a certain type of touch screen.

Ex 7.1

If you want to take the shortcut at step 18, make sure to do it exactly that way! (copy-paste instead of the File menu). That's the fault of Eclipse, it gets itself into a strange state if you use the File menu.

In step 27, make sure that you are bringing "primary" up and down, and watching what "standby" does in response. If you try to just shutdown "standby", your monitoring program immediately says "Both are down, start standby!"

Ex 7.2

Yet another example of where you must manually start virt-viewer.

Windows takes ages to boot because it said "Oh, I'm on a new platform, I need to re-run the lengthy sysprep stuff!" And, Windows lacks paravirtualized drivers, so it will go slower anyway.

During the course, step 19 and 37 may fail, with an error screen "Error initializing USB support: Other error [-99]". This is because Skytap refuses to set up the environment the way we asked them to.

Workaround:

# virt-viewer windows &

and then later:

# virt-viewer win81-vmware &

Ex 8.1

While the conversion is running, do:
man qemu-img
in another window. Page down to the NOTES sections, from there to the end it talks about available formats and options. Also run:
qemu-img --help
and look at the list of supported formats at the very bottom.

To run the host OS: SysFS Performance Tuning/

Course 144 explains SysFS. Course 1901 explains performance tuning, which requires working with SysFS.

Linux and
Open-Source
Topics