Difference between revisions of "Virtual SME Server"

From SME Server
Jump to navigationJump to search
 
(3 intermediate revisions by the same user not shown)
Line 126: Line 126:
 
*Interesting [http://pve.proxmox.com/wiki/SMEServer_KVM article] on installing SME Server as guest on Proxmox
 
*Interesting [http://pve.proxmox.com/wiki/SMEServer_KVM article] on installing SME Server as guest on Proxmox
  
===SME v8 and v9 on Proxmox at Online.net===
+
===SME on Proxmox at Online.net===
 
This is based on work by Daniel here: https://wikit.firewall-services.com/doku.php/tuto/virtualisation/netwok_conf_sur_dedibox
 
This is based on work by Daniel here: https://wikit.firewall-services.com/doku.php/tuto/virtualisation/netwok_conf_sur_dedibox
  
Line 171: Line 171:
 
It doesn't matter which one is 0 or 1 as long as the settings are correct.
 
It doesn't matter which one is 0 or 1 as long as the settings are correct.
  
{{Note box|You still cannot set a different gateway IP in the console configuration due to subnet checking.}}
+
You might want to edit your /etc/network/interfaces
 +
auto vmbr1
 +
iface vmbr1 inet manual
 +
        bridge-ports none
 +
        bridge-stp off
 +
        bridge-fd 0
 +
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
 +
        # we assume external interface is eno1 here, adapt accordingly
 +
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp
 +
        post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr1/proxy_arp
 +
        post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr1/forwarding
 +
        #uniq ip
 +
        post-up /sbin/ip route add VMIP.VMIP.VMIP.VMIP dev vmbr1
 +
        pre-down /sbin/ip route del VMIP.VMIP.VMIP.VMIP
 +
        # multiple routable IP subnet example
 +
        post-up /sbin/ip route add VMIP.VMIP.VMIP.VMIP/29 dev vmbr1
 +
        pre-down /sbin/ip route del VMIP.VMIP.VMIP.VMIP
  
 
After setup you can run:
 
After setup you can run:
Line 180: Line 196:
 
  signal-event post-upgrade;signal-event reboot
 
  signal-event post-upgrade;signal-event reboot
  
{{Warning box|The following sections for v8 and v9 should no longer be relevant with the inclusion of the virtual adaptor code in SME server now}}
+
===SME Configuration===
 +
Now do your standard SME installation.
 +
 
 +
<tabs container><tab name="For SME 10">
 +
* Install SME using ISO
 +
* choose install mode without LVM and RAID add this on boot options: nolvm noraid
 +
* Optionally you could use the Disk tool at the second screen if you want to put /home/e-smith/files in a different disk.
 +
* Enter the console at the end of installation.
 +
** set admin password
 +
** set domain and hostname
 +
** choose server-gateway (do not use server only if you use an IP accessible directly from the internet because Firewall is not designed for that in Server-Mode)
 +
** LAN: choose the dummy interface if you only have an interface, or the appropriate one for LAN
 +
** LAN: use all suggested setting or adapt to your needs
 +
** WAN: choose static mode
 +
** WAN: set the dedicated IP
 +
** WAN: set the Netmask with either 255.255.255.255 or 0.0.0.0 (MASK includes only your IP or MASK includes all IPs)
 +
** WAN: set the Gateway IP (as the Gateway will be quite different from the Server IP you need to have the MASK set as shown above to have it accepted.
 +
 
 +
signale-event post-upgrade; signal-event reboot
  
===SME V8 Configuration===
+
enjoy
Now do your standard SME installation.
 
  
 +
</tab>
 +
<tab name="For SME 8">
 
<here would be a lot easier if we could force it to have a local IP first so you could ssh from Proxmox to SME and you could then use scp to copy files or a terminal to copy and paste>
 
<here would be a lot easier if we could force it to have a local IP first so you could ssh from Proxmox to SME and you could then use scp to copy files or a terminal to copy and paste>
  
Line 270: Line 305:
 
  LocalNetmask=255.255.255.0
 
  LocalNetmask=255.255.255.0
  
===SME V9 Configuration===
+
</tab><tab name="For SME 9">
  
 
Things have changed slightly for v9
 
Things have changed slightly for v9
Line 291: Line 326:
  
 
Note that you will not see MAC addresses in the Internal Interface settings as you did in v8
 
Note that you will not see MAC addresses in the Internal Interface settings as you did in v8
 +
</tab>
 +
</tabs>
  
 
==Xen==
 
==Xen==

Latest revision as of 04:00, 1 September 2022

Important.png Note:
WIP. Place holder page for all things related to using SME Server as a virtualized server. Please add any info you feel is useful and someone from the doc team will format it nicely, so please go ahead!


PythonIcon.png Skill level: Developer
A thorough understanding of SME Server, configuration and the virtualization system to be used is required. Do not deploy in a production environment unless you are very confident you have the skills to manage and troubleshoot and find root causes of possible issues. It's entirely practical to do so, and many installations have run satisfactorily in virtual hosts for many years, but you will generally be responsible for your own solutions!




SME Server as a virtualized Guest server

Examples: Available Virtual Machine hosts

Infrastructure-level

  • Proxmox VM Community edition
  • Linux KVM (Red Hat developed, available with various managment tools also on CentOS, Debian, Ubuntu etc.)
  • VMWare Enterprise (not free)
  • Citrix (not free)

Desktop-level

  • VirtualBox
  • VMWare workstation (not free)
  • VMWare Fusion (Apple) (not free)
  • Parallels (Apple) (not free)
  • Linux KVM

Cloud Hosting

There are many different offerings, too many to explore here.

In general, setup, requirements and management will be similar for most of the above.

Considerations

  • Storage: Local, NAS, iSCSI, LVM, Raid
  • Network: LAN/WAN, VLAN, VPN, Bandwith,
  • Out of band access (VNC, SPICE)


'Hardware' configuration of a Virtual SME Sever

CPU

  • Host CPU or emulate

On Proxmox Host CPU mode is the most performant, but is self-evidently restrictive if you intend to be able to move the VM to a host with different host architecture!.


  • Sockets and cores

Althose two sockets with one core and one socket with two cores produces the same number of cores, it may be treated differently by server licensing (e.g. Windows). This consideration does not apply to Koozali SME Server as a guest: one socket and multiple cores is typically chosen.

Memory options

  • To balloon or to not to balloon: for Linux guests yes, at present avoid for WIndows guests

Disk options

  • Virtio driver or legacy driver: On Proxmox for Linux use VirtIO
  • Disk types pros and cons
  • Disk I/O options

Network options

  • Virtio driver or legacy driver?
  • Bridge, NAT or Route?
  • Bandwidth options


Cloning a virtual SME Server

When you clone a virtual SME server, you might want to reset some unique variables on the cloned machine. Several things (will) have changed like install date and MAC addresses. Visualization platforms will automatically change the MAC addresses of the NIC's for the cloned machine.

After cloning and first boot, log in as root and issue the following commands

config delprop sysconfig SystemID
config setprop sysconfig InstallEpoch `date +%s`
rm -f /etc/udev/rules.d/70-persistent-net.rules

Then run the console application and reconfigure the server to your wishes, where you must perform a signal-event post-upgrade; signal-event reboot for all changes to take effect.


Installation options of a Virtual SME Server

Kernel options

SME Server configuration settings

NTPD

Timing related options are important within Virtual Guests and to the amount of 'pressure' it puts on the host and level/increasing CPU usage of the host and guest. By default SME Server uses the NTP deamon for 'timing' related matters, but by default is focussed on the above mentioned 1000HZ, hence the kernel option 'divider=10', thus reducing the timing cycles/context switching requests on the host. See the above VMWare document mentioned (Way at the bottom).

On a Virtual SME guest server the ntpd SupportLargeDrift DB variable can be enabled as follows:

config setprop ntpd SupportLargeDrift enabled
expand-template /etc/ntp.conf

and

service ntpd restart

to activate the new configuration. This will adjust /etc/ntp.conf to 'better' settings for a virtual guest. By setting the above value to 'disabled' and expand the template, the NTP service and configuration will revert back to SME Server defaults.

Clock/frequency

As per suggestions in this article from VmWare and this one from Oracle on virtual Linux Guests, adjusting the guest Frequency will improve the guests speed.


Important.png Note:
It is suggested that this is not required for RHEL/CentOS 6


You can check if your guest server can benefit from these boot options:

[root@sme8 ~]# grep CONFIG_HZ /boot/config-`uname -r`
# CONFIG_HZ_100 is not set
# CONFIG_HZ_250 is not set
CONFIG_HZ_1000=y
CONFIG_HZ=1000

If you see the above result, these boot options are useful.

For example, if your kernel boot line is:

kernel /vmlinuz-2.6.18-348.6.1.el5 ro root=/dev/main/root 

change it to:

kernel /vmlinuz-2.6.18-348.6.1.el5 ro root=/dev/main/root divider=10 clocksource=acpi_pm


Important.png Note:
We need to come up with a template fragment for grub.conf to make kernel options survive events.


Tools/utilities

iotop

top like utility to monitor the guest I/O (performance)

yum install iotop

cpu info

Detailed info on the guest cpu(s)

cat /proc/cpuinfo

Proxmox

  • Interesting article on installing SME Server as guest on Proxmox

SME on Proxmox at Online.net

This is based on work by Daniel here: https://wikit.firewall-services.com/doku.php/tuto/virtualisation/netwok_conf_sur_dedibox

Online.net configuration

Warning.png Warning:
You need a second IP (failover) address. Assign it to your server and make sure you set the MAC for this IP before you do anything else - failure to do so may block your network !!

The problem is that your IP is NOT on the same network range as your gateway so we have to fool the system.


Some assumptions:

Your main Proxmox server IP address
  • IP address 62.20.20.250
  • Netmask 255.255.255.0
  • Gateway 62.20.20.1
Your secondary IP address
  • 200.30.30.1
  • 10:10:00:00:20:20 - you DID set the MAC didn't you ?


Important.png Note:
Proxmox now have a single Gateway IP you can use for all your VMs : 62.210.0.1


Proxmox configuration

Important.png Note:
Make sure you set your default keyboard - it makes life much easier!!


We will use the vmbr0 that is set up, but we need to create a dummy one so we can put SME in server/gateway mode and use Daniels scripts:

  • Create a new network interface and call it vmbr1
  • Do NOT set IP address/subnet/bridge ports etc.
  • Create your KVM for SME. Make sure that you give it two network adaptors - one is vmbr0 and one is vmbr1
    • vmbr0 should have the following settings :
Model: virtio
MAC: 10:10:00:00:20:20 (as per your mac that you set)
  • After you have created the KVM add a second adaptor:
    • vmbr1 should have the following settings:
Model: virtio
MAC: should be the MAC of your main IP address

It doesn't matter which one is 0 or 1 as long as the settings are correct.

You might want to edit your /etc/network/interfaces

auto vmbr1
iface vmbr1 inet manual
       bridge-ports none
       bridge-stp off
       bridge-fd 0
       post-up echo 1 > /proc/sys/net/ipv4/ip_forward
       # we assume external interface is eno1 here, adapt accordingly
       post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp
       post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr1/proxy_arp
       post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr1/forwarding
       #uniq ip
       post-up /sbin/ip route add VMIP.VMIP.VMIP.VMIP dev vmbr1
       pre-down /sbin/ip route del VMIP.VMIP.VMIP.VMIP
       # multiple routable IP subnet example
       post-up /sbin/ip route add VMIP.VMIP.VMIP.VMIP/29 dev vmbr1
       pre-down /sbin/ip route del VMIP.VMIP.VMIP.VMIP

After setup you can run:

config set GatewayIP 62.210.0.1
/etc/e-smith/events/actions/update-ifcfg
signal-event post-upgrade;signal-event reboot

SME Configuration

Now do your standard SME installation.

  • Install SME using ISO
  • choose install mode without LVM and RAID add this on boot options: nolvm noraid
  • Optionally you could use the Disk tool at the second screen if you want to put /home/e-smith/files in a different disk.
  • Enter the console at the end of installation.
    • set admin password
    • set domain and hostname
    • choose server-gateway (do not use server only if you use an IP accessible directly from the internet because Firewall is not designed for that in Server-Mode)
    • LAN: choose the dummy interface if you only have an interface, or the appropriate one for LAN
    • LAN: use all suggested setting or adapt to your needs
    • WAN: choose static mode
    • WAN: set the dedicated IP
    • WAN: set the Netmask with either 255.255.255.255 or 0.0.0.0 (MASK includes only your IP or MASK includes all IPs)
    • WAN: set the Gateway IP (as the Gateway will be quite different from the Server IP you need to have the MASK set as shown above to have it accepted.
signale-event post-upgrade; signal-event reboot

enjoy

<here would be a lot easier if we could force it to have a local IP first so you could ssh from Proxmox to SME and you could then use scp to copy files or a terminal to copy and paste>

When you go through the setup, make sure you pick the DUMMY adaptor for the local interface, and the real adaptor for the external interface. Make sure you know your MAC addresses so you know which one is which.

you can use your second IP address for the external interface, but you will have to set a subnet mask and gateway IP that it likes e.g.:

IP : 200.30.30.1
Subnet : 255.255.255.0
Gateway : 200.30.30.1

One you have rebooted your network will not be working correctly so we need to follow Daniels guide to fix it :

db configuration set ExternalIP 200.30.30.1
db configuration set ExternalNetmask 255.255.255.255
db configuration set GatewayIP 62.20.20.1
/etc/e-smith/events/actions/initialize-default-databases
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network/
echo '# GATEWAYDEV disabled for dedibox network' > /etc/e-smith/templates-custom/etc/sysconfig/network/40GATEWAYDEV
echo '# GATEWAY disabled for dedibox network' > /etc/e-smith/templates-custom/etc/sysconfig/network/50GATEWAY
expand-template /etc/sysconfig/network
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/route-ethX
cat <<'EOF' > /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/route-ethX/20gateway
{
   die "Need to pass THIS_DEVICE in MORE_DATA\n" unless (defined $THIS_DEVICE);

   my $device = $ExternalInterface{Name};
   unless ($device)
   {   
       warn("Can't determine device name for external network");
       return "# template expansion error - Can't determine device name for external network";
   }

   return "# Gateway only applies on external interface"
       unless ($ExternalInterface{Name} eq $THIS_DEVICE);

   my $gw = $ExternalInterface{'Gateway'};

   $OUT .= "$gw dev $THIS_DEVICE\n";
   $OUT .= "default via $gw dev $THIS_DEVICE";
}
EOF

(See below for SME v9 configuration)

If you have got it right then you should be able to run the following without error :

expand-template /etc/sysconfig/network-scripts/ifcfg-$(db configuration getprop ExternalInterface Name) 
expand-template /etc/sysconfig/network-scripts/route-$(db configuration getprop ExternalInterface Name)

Check all the network settings look correct and then:

signal-event post-upgrade;signal-event reboot

You should now be able to connect to your Proxmox box on your primary IP address, and your SME server on your added IP.

Your network setting should look similar to this:

EthernetDriver1=virtio_net
EthernetDriver2=virtio_net
ExternalDHCP=off
ExternalIP=200.30.30.1
ExternalInterface=interface
   Broadcast=(whatever)
   Configuration=static
   Driver=virtio_net
   Gateway=62.20.20.1 #gateway for your main IP address
   HWAddress=10:10:00:00:20:20 #MAC that you set for 2nd IP address
   IPAddress=200.30.30.1 #your 2nd IP address 
   Name=eth1
   Netmask=255.255.255.255
   Network=200.30.30.1 #your 2nd IP address
ExternalNetmask=255.255.255.255
GatewayIP=62.20.20.1 #gateway for your main IP address

Following your 'local network' and is the range when you VPN :

InternalInterface=interface
   Broadcast=192.168.98.255
   Configuration=static
   Driver=virtio_net
   HWAddress=fe:aa:16:19:e8:bf #MAC for 'virtual' adaptor
   IPAddress=192.168.98.1
   NICBondingOptions=miimon=200 mode=active-backup
   Name=eth0
   Netmask=255.255.255.0
   Network=192.168.98.0
LocalIP=192.168.98.1
LocalNetmask=255.255.255.0

Things have changed slightly for v9

Use the same db settings and templates as for v8.

You can make one small change to the template. Replace :

 my $gw = $ExternalInterface{'Gateway'};

With

 my $gw = $GatewayIP;


To update the config files you now need to run :

/etc/e-smith/events/actions/update-ifcfg
signal-event post-upgrade;signal-event reboot

Note that you will not see MAC addresses in the Internal Interface settings as you did in v8

Xen

QEMU/KVM


Virtualbox

High I/O causing filesystem corruption

It seems during times of high I/O, like backups and etc, the guest filesystem resets to read-only. You can have the following errors in log
https://www.virtualbox.org/ticket/10031

Apr 30 13:37:29 sme9 kernel: ata2.00: exception Emask 0x0 SAct 0x7fffffff SErr 0x0 action 0x6 frozen
Apr 30 13:37:29 sme9 kernel: ata2.00: failed command: WRITE FPDMA QUEUED
Apr 30 13:37:29 sme9 kernel: ata2.00: cmd 61/08:00:08:7d:77/00:00:03:00:00/40 tag 0 ncq 4096 out
Apr 30 13:37:29 sme9 kernel:         res 40/00:01:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout)

the workaround is to set virtualbox to use the host I/O disk cache : see settings/storage/controller and activate the option


OpenNode

See this forum post


Warning.png Warning:
The procedures listed here are outside normal SME operation. They are not guaranteed to work. Make sure you fully understand what you are going before proceeding


Example to create a SME Server 8.1-x86_64 VM :

1) you have to install OpenNode, it can be installed after a CentOS6 on cloud hosting : http://opennodecloud.com/downloads/


2) Connect to your VE :

ssh -c blowfish -X -C root@YourServerIP


3) Download SME Server ISO :

cd /storage/local/iso/
wget http://mirror.smeserver.eu/smeserver/releases/8.1/iso/x86_64/smeserver-8.1-x86_64.iso


4) Pre-create VM disk image :

qemu-img create -f qcow2 -o preallocation=metadata /storage/local/images/smeserver8vm.qcow2 10G


5) Launch installation inside screen :

screen
virt-install --connect qemu:///system \
--name smeserver8vm --ram 1024 --vcpus 1 \
--disk path=/storage/local/images/smeserver8vm.qcow2,format=qcow2,bus=virtio,cache=none \
--network=bridge:vmbr0,model=virtio --vnc --os-type=linux --os-variant=rhel5 \
--cdrom /storage/local/iso/smeserver-8.1-x86_64.iso --accelerate --noautoconsole --keymap=fr


6) Detach screen :

[CTRL+A+D]


7) launch virt-manager to manage your VM

virt-manager


SME v9

Please see the forum post for instructions on v9


You will find help in the opennode's wiki and forum.

SME Server as a Host server

Phpvirtualbox


VMware

  • Contribs.org Wiki page on installing VMware on SME Server
  • Wiki page on installing SME Server as a VMWare guest
  • Interesting guide from Verizon on performance tuning.