December 23, 201312 yr I wanted to break out a separate discussion about some generalities when it comes to all the latest fun with virtualization and unRAID along with any other VM at that point. Maybe a dumping ground for questions that fall off-topic from the 2 main threads. My initial question is regarding portability of linux. There has been plenty of mention about installing to a USB flash drive, so it seems logical to ask. Can I move the USB from system to system to run my Linux OS? I know Windows will implode as it is missing the needed drivers and in order to fix it requires a repair and it is just a mess. What is the story with Linux? Is it more capable of handling different hardware at boot time? I know it is still installing drivers and all that during installation, but what happens if I boot to new hardware, will it fail much like windows or can one still easily boot to the OS where they can then scan for their new hardware as needed? If so, this makes a lot of the testing people might do much easier. For instance, I have a separate system I am using to test, but once everything works, can I easily move my install to the "production" hardware without going through all the setup again? In my case this is most useful since I have a pfsense firewall in ESX which is where this would all end up. Obviously if I need to do all the installation from scratch during the switch over I would be without internet until I make things work again. Unless I install a temporary system for the move. Another basic question to discuss would be good partition sizes for these projects. Numbers are all over the place on the net, so for our purposes here we should have our own too.
December 23, 201312 yr you can move linux to another set of hardware as long as the drivers for the hardware are part of the kernel/modules. I.E. you can swap out a motherboard underneath a system without too much ill effect. linux scans for hardware upon bootup all the time. An issue can arise if you move the installation to a motherboard with unsupported hardware and expect that hardware to function.
December 24, 201312 yr Author Does it fail in the same fashion as Windows or is injecting the drivers easier with a simple scan and install from a command prompt?
December 24, 201312 yr Since Linux loads to a command prompt (unless you load a graphic shell), it's far more forgiving. I've never seen a Linux system boot to a BSOD like Windows ... it will almost certainly boot to a command prompt -- it may simply be missing some key hardware support (e.g. drivers for the network adapter).
December 24, 201312 yr It depends how the kernel was built, you can build a kernel that contains pretty much everything under the sun or you can build one that is stripped down for your specific hardware. A mainstream binary distro (e.g. debian, rhel etc) is the former, source distros (e.g. gentoo) are the latter. Switching from one system to another can be as simple as plugging it in and going (or perhaps just a grub reinstall to pick up the right disk if you have n disks).
December 24, 201312 yr Even a pretty basic distro, like the Slackware used with UnRAID, is very tolerant. You can boot an UnRAID USB flash drive in a very wide variety of hardware. There ARE some disk controllers it doesn't support; and a few NICs ... but those are about the only issues you ever hear of when folks try to use their flash drive on a different set of hardware. The system still boots -- and you can simply look at the messages on the console to isolate what, if anything, isn't working. [in fact, as long as the NIC is supported, you don't even need a console to do that -- you can look at the Web GUI and/or just Telnet to the server]
December 24, 201312 yr With most modern Linux Distros you should be able to install it on a USB Flash Drive on one computer and move it to another. Most Linux Distros have 2,000+ Drivers modules included. unRAID only has 170+ to put it comparison. When Linux boots the Kernel and ramfs (a smaller image with 95% of the drivers needed to boot most Hard Drives / Controllers) it then scans your hardware and loads the modules / drivers (from the 2,000+ it has on the hard drive) and loads what it needs for your hardware. On most Linux Distros... 1. The network is usually the only thing you might have to "fix". Plenty of guides online for how to enable the network with your "new" network card for each Linux Distro. However, a lot of the Linux Distros do this for you automatically. 2. It is good practice to update the ramfs on the new machine. You Linux Distro will probably add some more modules / drivers it detected on the new computer. In Arch mkinitcpio -p linux In Ubuntu update-initramfs -u Are a couple of examples. If you install Linux on a hard drive in one computer and move it to another where the Hard Drive is connected to a RAID / SAS Controller card... You might have some issues with that too. Simple solution on the new computer would be to boot into a recovery CD, chroot into your Linux install and add the RAID / SAS Controller into the ramfs.
December 26, 201312 yr Author good to know grumpy. Another basic thought is with partition sizes and recommendations. For example, we say Arch fits onto a 10GB drive/USB, well, what about 8? (I know, but it is what i had) What size should things be, what needs to be the biggest? boot, 200MB, that much I got, my main question is really with root and home does either have a real minimum? Second, on this same topic, I tried opensuse to the same 8GB USB and it complains that there is just 300MB left, is this because it is so much larger when loading a GUI and everything compared to Arch? I assume yes, or it has to do with the auto partitioning or the fact that when I try to do it manually I dont allocate enough space to one of the partitions, but in general, should opensuse fit here or does it need the 10GB actually recommended or maybe even more? Just thoughts...trying to learn and understand, so I hope these are things that will help everyone and not just me. Thanks
December 26, 201312 yr For example, we say Arch fits onto a 10GB drive/USB, well, what about 8? (I know, but it is what i had) What size should things be, what needs to be the biggest? boot, 200MB, that much I got, my main question is really with root and home does either have a real minimum? Arch will easily fit on a 8GB Flash Drive. When installed it's less than 1GB. When you add all the stuff you need for what you are doing it should still be under 4GB easy. I have a boot partition of 500MB (I boot into various distros so I need more space). I have a separate boot partition because it makes repairing grub easier. I do not break out anymore partitions except for a LVM one where I house VMs, ISOs, etc. Since you are installing on a Flash Drive, don't worry about that. You do not need to have a separate home partition. On a server, you won't use it much. The documentation you see on the web telling you to do that is if you are using a Linux Desktop. That is where all your documents, downloads, user settings, etc. are stored. Since you aren't running a Desktop and using LibreOffice and Email Client... Don't worry about it. sda1 - /boot - 200MB sda2 - / (root) - The rest of the space Second, on this same topic, I tried opensuse to the same 8GB USB and it complains that there is just 300MB left, is this because it is so much larger when loading a GUI and everything compared to Arch? Yes and when you installed it, you must have let it have a separate home partition and installed Apps you do not need. I didn't create a separate home partition and I told mine not to load Games, LibreOffice, Graphics, Multimedia, etc.
December 26, 201312 yr Author sweet. based on this, can one assume swap is also no longer needed these days?
December 26, 201312 yr sweet. based on this, can one assume swap is also no longer needed these days? I haven't used a swap partition in 5+ years. The only reason you MIGHT need it... If you put your computer to sleep and didn't sleep it to memory.
December 26, 201312 yr Author the linux folks ought to document this. everything still talks about swap... regardless, now we know, for our purpose, servers never sleep so it is not needed.
December 27, 201312 yr Author here is something that has come up as I work to get things running. I currently run pfsense as my home firewall, from the quick searches I have done it seems this might not be possible with xen, can anyone speak on that? It runs fine is esx, but the plan is currently xen...I am fine moving to another linux firewall too if I need to, but this would mean I need some suggestions, if they exist.
December 27, 201312 yr here is something that has come up as I work to get things running. I currently run pfsense as my home firewall, from the quick searches I have done it seems this might not be possible with xen, can anyone speak on that? It runs fine is esx, but the plan is currently xen...I am fine moving to another linux firewall too if I need to, but this would mean I need some suggestions, if they exist. pfSense works in Xen and KVM. I have run it fine on both.
December 27, 201312 yr Author do I boot to the iso as normal like with installing via esx or do i need to build out a kernel or some crap? -- secondly, going back to the partition talk, you mention /boot and root and that swap is no longer needed. what about home, you say for a server it is not needed. Does the install care if it is not mounted/not there are all? meaning I can go say 200-500MB as boot and a few Gb (3-7) for root and thats it for a good install? -- What am I missing? localhost ~ # lvcreate -L5G -s -n testsnap /dev/mapper/vg_arch-lv_root Volume group "vg_arch" has insufficient free space (0 extents): 1280 required. localhost ~ # lvcreate -L1G -s -n testsnap /dev/mapper/vg_arch-lv_root Volume group "vg_arch" has insufficient free space (0 extents): 256 required. localhost ~ # lvcreate -L1G -s -n testsnap /dev/mapper/vg_arch-lv_home Volume group "vg_arch" has insufficient free space (0 extents): 256 required.
December 27, 201312 yr do I boot to the iso as normal like with installing via esx or do i need to build out a kernel or some crap? Install via the ISO. secondly, going back to the partition talk, you mention /boot and root and that swap is no longer needed. what about home, you say for a server it is not needed. Does the install care if it is not mounted/not there are all? meaning I can go say 200-500MB as boot and a few Gb (3-7) for root and thats it for a good install? /boot <--- Optional if MBR parition. Required if GPT or using BTRFS. / (root) <--- Required <--- I put that either on a separate LVM (only my root lives on this lvm and my other stuff in another LVM) or I use BTRFS since I can take snapshots (LVM or BTRFS). Anything Else <--- Optional Don't make your life complicated. Only have a root (/) and boot partition. If you were to break out partitions on a Server, it would be /var and /usr before /home. However, you do not need to do this and if you system crashed you do not have the skills or know why those folders are "important". You will learn in time but like I said, keep it simple until you acquire more knowledge / skills. Your VMs will be on LVM so if you blow up your OS... You simply reload the OS, install Xen, add the VMs back (CPU, Memory, Etc. <--- You can change the sizes and your VM will adjust by itself) but point them to the correct VM hard drives on your LVM. If you do that, they will never know anything happened / changed.
December 27, 201312 yr Author which builder/kernel would be used? Second, I like the suggestion about the partitions. Keep it simple.... I did set my current install to use LVM. It was a 36GB drive and as noted I do not need it all. I essentially have: pvdisplay --- Physical volume --- PV Name /dev/sda2 VG Name vg_arch PV Size 34.29 GiB / not usable 4.35 MiB Allocatable yes (but full) PE Size 4.00 MiB Total PE 8778 Free PE 0 Allocated PE 8778 PV UUID ZU5LXu-ELHU-BBFs-wj9d-TqWM-LLW4-fM9H0Y vgdisplay --- Volume group --- VG Name vg_arch System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 4 VG Access read/write VG Status resizable MAX LV 0 Cur LV 3 Open LV 2 Max PV 0 Cur PV 1 Act PV 1 VG Size 34.29 GiB PE Size 4.00 MiB Total PE 8778 Alloc PE / Size 8778 / 34.29 GiB Free PE / Size 0 / 0 VG UUID m8Q7aF-DHfV-zqAx-TgDK-ew7Q-o5N4-VvG7a1 lvdisplay --- Logical volume --- LV Path /dev/vg_arch/lv_swap LV Name lv_swap VG Name vg_arch LV UUID ghhpDC-dj2M-cqvj-75dQ-w3lf-uQUt-E31JVr LV Write Access read/write LV Creation host, time archiso, 2013-12-25 15:06:07 -0500 LV Status available # open 0 LV Size 1.00 GiB Current LE 256 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 254:0 --- Logical volume --- LV Path /dev/vg_arch/lv_root LV Name lv_root VG Name vg_arch LV UUID HGeuOP-yVSe-X719-73ov-CrCR-3cJ5-338kdM LV Write Access read/write LV Creation host, time archiso, 2013-12-25 15:06:35 -0500 LV Status available # open 1 LV Size 5.00 GiB Current LE 1280 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 254:1 --- Logical volume --- LV Path /dev/vg_arch/lv_home LV Name lv_home VG Name vg_arch LV UUID N20GG8-0l7m-YXQC-wRdU-YJmG-hbcU-LRWcv1 LV Write Access read/write LV Creation host, time archiso, 2013-12-25 15:07:03 -0500 LV Status available # open 1 LV Size 28.29 GiB Current LE 7242 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 254:2 So, obviously I dont need all of this. So, do I start again, make my partitions more appropriate? If I use the same 36GB I imagine the same PV. But instead of a great big VG, I make one for arch and then one for xen. In arch I have the single root LV. Then in Xen, I can make and LV for unRAID, pfsense and whatever, but if the whatever is windows I will most likely end up on a second drive which is larger. Or is some of this still possible without a complete tear down and install?
December 27, 201312 yr Author I have a question about VT-x and VT-d VT-x: for x86 processor VT-d: for devices DMA access While a VT-x allows for virtualization, VT-d is needed to actually pass devices through like a video card or network controller, correct? For instance, a Xeon W3550 might run some VMs, but I won't be able to have a full desktop passed through from a VM, much like Ironic outlines in his blog.
December 27, 201312 yr I have a question about VT-x and VT-d VT-x: for x86 processor VT-d: for devices DMA access While a VT-x allows for virtualization, VT-d is needed to actually pass devices through like a video card or network controller, correct? For instance, a Xeon W3550 might run some VMs, but I won't be able to have a full desktop passed through from a VM, much like Ironic outlines in his blog. VT-d is the Intel branding for iommu - http://en.m.wikipedia.org/wiki/IOMMU#Virtualization The xen wiki explains what you can do on xen - http://wiki.xen.org/wiki/Xen_PCI_Passthrough#Overview_of_passthrough Basically you can pass through pci devices to a PV guest but not to an HVM guest if you don't have iommu. VGA passthrough requires iommu as I believe KVM does for all cases. Therefore if a "full desktop" means a modern gpu accelerated desktop environment then yes, you need iommu.
December 27, 201312 yr Author I have a question about VT-x and VT-d VT-x: for x86 processor VT-d: for devices DMA access While a VT-x allows for virtualization, VT-d is needed to actually pass devices through like a video card or network controller, correct? For instance, a Xeon W3550 might run some VMs, but I won't be able to have a full desktop passed through from a VM, much like Ironic outlines in his blog. VT-d is the Intel branding for iommu - http://en.m.wikipedia.org/wiki/IOMMU#Virtualization The xen wiki explains what you can do on xen - http://wiki.xen.org/wiki/Xen_PCI_Passthrough#Overview_of_passthrough Basically you can pass through pci devices to a PV guest but not to an HVM guest if you don't have iommu. VGA passthrough requires iommu as I believe KVM does for all cases. Therefore if a "full desktop" means a modern gpu accelerated desktop environment then yes, you need iommu. Does that mean for the case of say a linux FW that only needs a NIC passed through, that this would still be possible using simple PV. However, this bocomes less safe for a FW and therefore might not be a good choice?
December 28, 201312 yr Does that mean for the case of say a linux FW that only needs a NIC passed through, that this would still be possible using simple PV. However, this bocomes less safe for a FW and therefore might not be a good choice? Yes that sounds right to me (nb: not an expert on the security aspects of virtualization). In that situation you are basically giving the guest full access to the device that you are passing through so malicious code could get out via that route. In a home network this is arguably not a big concern but probably not a good idea for a firewall exposed to the public internet.
December 28, 201312 yr Does that mean for the case of say a linux FW that only needs a NIC passed through, that this would still be possible using simple PV. However, this bocomes less safe for a FW and therefore might not be a good choice? Yes that sounds right to me (nb: not an expert on the security aspects of virtualization). In that situation you are basically giving the guest full access to the device that you are passing through so malicious code could get out via that route. In a home network this is arguably not a big concern but probably not a good idea for a firewall exposed to the public internet. You are right in the way that this is not a good choice, but the reason is quite the opposite. A PV NIC still resides on the host physically. A Firewall in a VM does *not* have full control of the NIC down to the wires and you/the Firewall can never be sure what happens in parallel on that wire, hence.
December 29, 201312 yr My point was that malicious code can gain full access to the physical address space of the device in the context of the host machine (ie you are leaking out of the container) so if you have access to that then who knows what can happen.
December 29, 201312 yr so to be safe, we want vt-d and hvm for full pass through to the vm You definitely want vt-d. I don't believe there is any difference between hvm and pv with respect to isolation of the vm. Note that xen 4.4 will bring pvh which may combine the best features of pv and hvm (http://wiki.xen.org/wiki/Xen_Overview#PV_in_an_HVM_Container_.28PVH.29_-_New_in_Xen_4.4).
Archived
This topic is now archived and is closed to further replies.