Beware, so you (too) won’t be bitten by this.
If you’re running vanilla KVM with default qemu-kvm -packages in RHEL (CentOS and probably others):
https://git.centos.org/blob/rpms!qemu-kvm!/958e1b8dccf9809600478f316ab641d490881fe7/SOURCES!kvm-rhel-Drop-machine-type-pc-q35-rhel7.0.0.patch;jsessionid=mc5igseasal0axkra6qhd4it
In short, q35 -support was a technical preview which is now dropped from qemu-kvm (qemu-kvm-rhev -only feature from now on), back to “pc”…
Usually one of the first things we want to do with a new server is to restrict access to SSH -service.
So far it seems that everyone advices “disable firewallD, install iptables service and use it like you’ve always used” but how about trying to get along with this new tech?
Restricting access to SSH isn’t as hard as it might seem at the first glance. First we check what services are allowed in public (usually the default) and internal -zones:
# firewall-cmd --zone=internal --list-services dhcpv6-client ipp-client mdns samba-client ssh # firewall-cmd --zone=public --list-services dhcpv6-client ssh
Then we add our admin-IP to internal -zone:
# firewall-cmd --permanent --zone=internal --add-source=<admin-ip>
Remove access to SSH-service from public:
# firewall-cmd --permanent --zone=public --remove-service=ssh
And reload the changes into use:
# firewall-cmd --reload
–permanent makes changes which stay over reboot/reload, but they aren’t active immediately – without –permanent the changes are active immediately but are lost on reload/reboot
Service definitions can be found (in RHEL/CentOS 7) at /etc/firewalld/services/ – if you create a new one -> use –reload to make it active.
Nowadays LVM has a cache feature, where we can bolt an SSD as a cache-device to a logical volume.
Let’s imagine we have the following setup:
First we’ll create the logical volume which we’ll be working with:
# pvcreate /dev/md0 # vgcreate storage /dev/md0 # lvcreate -n volume -L 4TB storage /dev/md0
Next we’ll bolt the cache-device (which should be RAID1-mirrored in case of disk failure) to the volume, first we’ll extend the volume group to contain the SSD-device:
# vgextend storage /dev/md1
Then we’ll create a cache volume and a metadata volume (there’s 1GB free on purpose):
# lvcreate -n metadata -L 1GB storage /dev/md1 # lvcreate -n cache -L 118GB storage /dev/md1
Now we’ll convert these into a cache pool (this will fail if there isn’t at least the same amount free what’s used for metadata, 1GB, because it’s used for failure recovery):
# lvconvert --type cache-pool --poolmetadata storage/metadata storage/cache
Then all what’s left is attaching the cache to a logical volume:
# lvconvert --type cache --cachepool storage/cache storage/volume
It should say “storage/volume is now cached” and lvs output should look something like this:
# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert cache storage Cwi---C--- 118.00g volume storage Cwi-a-C--- 4.0t cache [storage_corig]
Oh, and if you want the cache to survive a reboot, youll need a package which provides /usr/sbin/cache_check -binary. In Debian that’s “thin-provisioning-tools”, and in RHEL/CentOS/derivatives the package is device-mapper-persistent-data.
Tests were performed on Debian testing Jessie and CentOS 7.0.1406 Core in 10/2014. Official documentation can be found here.
Debian Squeeze was released 06.02.2011.
Please note that Wheezy is still in testing -stage. Debian Wheezy was released 04.05.2013
Just some quick steps how to do the upgrade (on your own risk).
Update Squeeze
aptitude update aptidude upgrade
deb http://ftp.fi.debian.org/debian/ wheezy main contrib non-free deb http://ftp.fi.debian.org/debian/ wheezy-updates main contrib non-free deb http://security.debian.org/ wheezy/updates main contrib non-free
aptitude update
aptitude install dpkg apt aptitude
aptitude upgrade aptitude dist-upgrade
aptitude purge grub-pc aptitude install grub-legacy
<complete instructions>
https://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html
</complete instructions>
Once upon a time, virtual was installed under full virtualization (KVM) -mode. Network wasn’t bridged, it was routed.
And then the problem: IPv6 -traffic flowed nicely inbound, but outbound was capped to about 128 kbps.
Troubleshooting: after googling around with ipv6, kvm and debian we came around to this, Debian bug report about GSO Ipv6 issues under KVM. It’s supposed to be fixed in 2.6.32-5-amd64 (2.6.32-39) -package…well, upgrading didn’t work for us, propably another (similar kind of) bug or something needs to be done at host-machine.
Workaround: disabling virtio_net’s gso worked for us:
ifdown eth0; modprobe -r virtio_net; modprobe virtio_net gso=0; ifup eth0
Debian Squeeze was released 06.02.2011 and Lenny’s support will (probably) be is discontinued since 06.02.2012.
Problem: apt-get update && apt-get dist-upgrade broke everything, server did not boot anymore.
Troubleshooting: squeeze has grub2, which our Xen 3.x and pygrub didn’t understand
Solution: upgrading with following steps, use apt-get or aptitude, whichever you like.
aptitude update aptidude upgrade
deb http://ftp.fi.debian.org/debian/ squeeze main contrib non-free deb http://ftp.fi.debian.org/debian/ squeeze-updates main contrib non-free deb http://security.debian.org/ squeeze/updates main contrib non-free
aptitude update
aptitude install dpkg apt aptitude
aptitude upgrade aptitude dist-upgrade
aptitude purge grub-pc aptitude install grub-legacy
Also remember to use 2.6.39 -kernel from backports for live migration to work.
Update 01/2013: 2.6.32 -kernel usually works just fine, Lenny’s EOL date is 6.2.2012.