Saturday, July 21, 2012

Libvirt 0.9.11 has Support for Open vSwitch

Libvirt release 0.9.11 has added support for Open vSwitch so it is no longer required to use bridge compatibility mode! Fedora 17 has 0.9.11 included.

If you have brcompat enabled disable it.

Configuration basically consists of adding the following line to a interface setup in bridge mode with the bridge being a OVS bridge.

<virtualport type='openvswitch'/>

Here are a few links to point you in the right direction.

Configuring a domain's network interface to use Open vSwitch
http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=INSTALL.Libvirt;hb=HEAD

Additional information on Open vSwitch Hypervisor integration.
 http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=IntegrationGuide;hb=HEAD

If you have a version of libvirt older than 0.9.11 you will still need to use bridge compatibility mode as described in the previous post http://binarybitme.blogspot.com/2011/09/using-open-vswitch-with-libvirt-and.html
Posted by 2 comments:
Labels:

Arch Linux ARM Post-Install Notes

Reinstalled Arch Linux ARM on my Pogoplug V3 today. Thought I would write down some notes for the next time I do it. Hopefully others find them useful. Just basic general stuff that is easy to forget. I may add to this over time.

After following http://archlinuxarm.org/support/guides/system/first-steps below are additional steps I take.

General Arch Linux ARM Tips

Never perform a system upgrade (pacman -Syu) without out reading any announcements since your last upgrade otherwise there is a good chance you will break your install if you don't. These can be found for Arch in general at http://www.archlinux.org/, http://archlinuxarm.org/, and the forum for your specific device on http://archlinuxarm.org/forum/.

Additional SSH Server Security

Generate New SSH Host Keys

Arch Linux ARM ships with SSH host keys already generated you need to replace these instead of using the ones shipped with Arch Linux ARM. Most distributions with generate unique keys automatically Arch Linux ARM does not do this for you. If you have issues with entropy on your device see entropy section below.

ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''

Disable Root Login Over SSH

Make sure you have another user on the system that can su/sudo.

adduser USERNAME
gpasswd -a USERNAME wheel
pacman -S sudo
visudo

Uncomment the line.

%wheel ALL=(ALL) ALL

Then save the file.

Then disable root login over SSH.

vi /etc/ssh/sshd_config
Change
#PermitRootLogin yes
to
PermitRootLogin no

For additional security I also recommend replacing password authentication with key based authentication. You can find more info on the Arch Linux Wiki (https://wiki.archlinux.org/index.php/SSH_Keys).

At this point you can either reboot or restart sshd and logout and back in.

Generating Entropy

https://wiki.archlinux.org/index.php/Pacman-key#Initializing_the_keyring

You may run across times where you need more entropy on a system for pacman-key --init and other tasks haveged can generate it for you.

pacman -S haveged
haveged -w 1024
RUN TASK
pkill haveged

If no longer needed you can remove it.
pacman -Rs haveged
Posted by No comments:
Subscribe to: Posts (Atom)