Notes on Virtualbox 4.3.30 and OS X 10.8.5 for CentOS 7

Virtualbox 4.3.30 on OS X 10.8.5 with CentOS 7 guest VMs work ok on my notebook for web development, but setup was a little fussy.

I use VMs for:

  1. general web development and testing, to stay off the production environment
  2. destructive performance testing (intrusive changes to source code and configurations that require VM rollback to undo, most of which will never be commmitted.) This is great for work on profiling, i18n, caching, mod_rewrite rules, etc.
  3. accelerating automation testing, since a VM can boot in 10 seconds on my Mac with SSD, and VM creation is scriptable. This is a huge win.
  4. working offline (no-Wifi areas.)

Terminology

  • “Host” is your Mac notebook. It runs Virtualbox under Mac OS X.
  • “Guest” is the VM running under Virtualbox. A guest can be any operating system, but in this case we’re using CentOS 7.x.

Getting Started

  • check Internet for known software issues first
  • update to the latest version of Virtualbox

Choose Network Topology

I wanted to run my web site in a VM, viewable from the Mac browser and have the VM be able to run ‘yum update’, so needed host => guest and guest => Internet routing. There’s 2 networking choices that match those requirements:

  1. Bridged – easiest and works best if a Mac network adapter is always connected, like in the office, or at home if your Wifi access point is always on
  2. NAT – always works, but you have to NAT from host => guest (ie. 127.0.0.1:8000 => 10.0.0.5:80). You can use Mac’s ipfw or ipf firewalls to then NAT from 80 to 8000, making it seamless:

    sudo ipfw add 100 fwd 127.0.0.1,8080 tcp from any to any 80 in

Bridged

  • under “Machine … Settings”, choose “Bridged Adapter”
  • guest IP address will come from Virtualbox DHCP server, usually the guest IP address is 192.168.56.101
  • on the host, you just use the guest’s real IP address from above
  • if you bridge to the Airport interface (en0), and the host Wifi is off, you lose your guest lease (ie. no routing inside or outside guest VM)
  • binds to a host’s physical interface (conceptually speaking)
  • no NAT needed or available in Virtualbox settings
  • the Virtualbox DHCP address is 192.168.x.100

NAT

  • under “Machine … Settings”, just choose NAT, not “NAT Network”
  • guest IP address will come from Virtualbox DHCP server, usually 10.0.0.5 or 10.0.2.15
  • host IP address will be 127.0.0.1 (NATTed to guest address above)
  • click on “Port Forwarding” button and use host ports above 1024 (usually 2222 for ssh and 8000 for HTTP)

Troubleshooting

  • the Virtualbox manual is a reference, not a tutorial. After reading this blog post, the manual is useful to fill in details.
  • disable CentOS 7 firewall with ‘service firewalld stop’
  • view CentOS 7 interfaces with ‘ip a’
  • if one networking topology doesn’t work for you, try another. No need to reboot the VM.
  • if you spend more than an hour without success, try VMware Fusion. It covers my use case automatically.

Exercises

  • do ‘tail -f /var/log/messages’, disable “Cable Connected”, click “OK”, and watch as DHCP lease is lost. Then click on “Cable Connected”, click “OK” to restore
  • if using Bridged on en0, do ‘tail -f /var/log/messages’, do “Turn Wi-fi Off” on Mac, and watch as DHCP lease is lost. Then turn Wifi back on.

Network Security

  • use strong passwords if you value what’s inside the VM
  • enable guest firewall with ‘service firewalld start’
  • TCP wrappers is an easy and effective filtering method
    /etc/hosts.allow:

    sshd: 10.0.0.0/255.0.0.0 192.168.0.0/255.255.0.0
    http: 10.0.0.0/255.0.0.0 192.168.0.0/255.255.0.0

    /etc/hosts.deny:

    ALL: ALL

Simulating Production

You can update /etc/hosts to have your browser access your web site in a VM:

/etc/hosts:

# NAT
127.0.0.1 www.mysite.com
or
# Bridged
10.0.0.5 www.mysite.com

But I find that Firefox gets less confused with permanent redirects, etc. by prefixing the hostname:

/etc/hosts:

# Virtualbox NAT Topology (don't forget to use ports 2222 and 8000 from host => guest!)
#127.0.0.1 www.test-mysite.com
or
# Virtualbox Bridged Topology
#10.0.0.5 www.test-mysite.com
#10.0.2.15 www.test-mysite.com

Backups

Take advantage of Virtualbox’s clone and snapshot features.

forums.virtualbox.org: What does “Cable connected” checkbox change?
Port Forwarding in Mac OSX Mavericks
Port Forwarding in Mac OS Yosemite

Posted in Linux, Open Source, Oracle, Tech | Leave a comment

Notes on Upgrading from CentOS 5 to CentOS 7

If CentOS 5 or 6 still work fine for you and you’re happy with the security updates you’re getting, then there’s no pressing need to upgrade.

I had motivation (to use the Cairo graphics libraries) to upgrade some web servers from CentOS 5 to CentOS 7 this week, so here’s my notes.

  • Dell IPMI will show the graphical installer as a light-gray square if you don’t boot into the text installer fast enough. Although I used the graphical installer with a keyboards and no mouse to setup one server, it was arduous compared to using a mouse, especially the network widget
  • eth0 and eth1 interface names are different now. They were enp4s0 and enp8s0 on my Dell 1950’s.
  • naturally, the /etc/sysconfig/network-scripts/ifcfg-* files are now called ifcfg-enp4s0 and ifcfg-enp8s0. They’re still in win.ini format, but network, netmask and mtu parameters seem to be “sticky”. You may need to use the following commands to actually change them per “ip a”:

    nmcli connection down eth0
    nmcli connection up eth0
    or
    /sbin/ip link set eth0 mtu "9000"
    and/or
    service network restart

  • to start and stop daemons manually, ‘service daemon start/stop’ still works, as the command is translated into a systemd command. ‘service httpd graceful’ is no longer supported, so use ‘apachectl graceful’ instead.
  • To see which daemons are enabled at startup:

    systemctl list-unit-files | grep enabled

  • iptables is now managed with the firewall-cmd command. Very desktop-like, no?

    firewall-cmd --zone=public --add-port=80/tcp --permanent
    firewall-cmd --reload

  • selinux is very aggressive, so do ‘setenforce 0′ until everything is working. If you install httpd and even loading index.html error logs with LEVEL=warn, then it’s an selinux issue
  • most of the familiar Unix network commands have been replaced with the ‘ip’ command: ifconfig is ‘ip a’, route is ‘ip r’, etc. You can install package ‘yum install net-tools’ to get them back.
  • for mod_perl, you need to use EPEL since the packagers think mod_perl for 2.4 is not tested enough

    yum -y install epel-release
    yum -y install httpd mod_perl

  • Httpd 2.4 has different syntax than 2.2, so expect the unexpected. use LogLevel debug and ‘Require all granted’ liberally.
  • minimal install just offers shells. You will need to install most other scripting languages. Generally you will want to do something like:

    yum -y install perl perl-devel perl-CPAN python python-devel

  • I’ve heard that cpanel doesn’t work yet, for you cpanel users.
  • for some reason the Perl cpan configuration starts by offering you ‘local::lib’, which will install modules in /root. Choose ‘sudo’ instead if you want the modules installed system-wide. (Although I have to admit, ‘local::lib’ is very, very good at what it does.)
  • if you need a mysql client program, then ‘yum -y install mysql’ will give you just the MariaDB mysql client.

Some of the advantages of upgrading from CentOS 5 to CentOS 7 are:

  • Cairo graphics libraries work much better
  • parted has auto-alignment
  • openssl has SNI support
  • better ext4 support
  • better virtualization, cgroups and docker support.
Posted in Linux, MySQL, Open Source, Perl, Tech | Leave a comment

Poor Man’s Profiling with the Linux ts Command

Sometimes when you’re investigating server performance issues, you don’t have the luxury of a full development suite installed with tools like a profiler.

It turns out that the linux ts command, included in moreutils, can be surprisingly helpful. It can timestamp stdout in microseconds, clearly showing timing gaps:

time ./prog_excerpt.cgi sp_token=1 | ts "%.S"

In the above situation, installing the Perl NYT Profiler failed, but ts and a few print statements gave me the info I needed (a database query was taking almost one-third second when it was expected to take under 100 ms.)

ts and parallel commands

Posted in API Programming, MySQL, MySQL Cluster, Open Source, Perl, Tech | Leave a comment

New Horizons Flyby of Pluto

When I was in school, Pluto was just a name of a far-away planet.

We knew it’s orbit, mass and estimated diameter, but those were all indirectly calculated. The only images we had of Pluto looked like points of light.

So there was mounting excitement world-wide as New Horizons approached within 1.4 million miles of Pluto on July 14, after a 7-year journey. Instead of a frozen rock in space, we were surprised to discover dynamic ice flows.



Well, hello there gorgeous!

Besides capturing the imagination of the public, the scientific data has entirely changed our understanding of the outer solar system. You can’t hope for more from a single mission than that.

Congratulations to the New Horizons team for discovering a new world!

The First New Horizons Study Reveals a Fascinating, Mysterious Pluto
w: New Horizons

Posted in Photography, Tech, Toys | Leave a comment

Percona Clustercheck Improved Error Handling Patch

Here’s my Github pull request for improved error handling in Percona’s clustercheck utility, used by haproxy for health-checking a Percona XtraDB Cluster.

It adds two features:

  1. 401 Unauthorized response for failed authentication
  2. 404 Not Found response if the mysql program can’t be found

The error detection is done in a low-latency manner using PIPESTATUS, without an additional database connection. Here is colored diff output.

Posted in API Programming, Linux, MySQL, MySQL Cluster, Open Source, Tech | Leave a comment