Installing Openvswitch 1.10 on Debian Wheezy

15/06/201323/06/201313 Comments

Ok. Now that I’m using Debian again it’s time for Openvswitch. Building a .deb pack for openvswitch it’s very easy thanks to the readme files provided by Openvswitch and Nicira.

We’ll need a few packages first (thanks for the gdebi-core tip):

aptitude -y install gcc make automake autoconf debhelper libssl-dev pkg-config python-all python-qt4 python-zopeinterface python-twisted-conch gdebi-core

I’m building the package as a non root user. I’ll create a directory and download OVS 1.10 version. After that I’ll use dpkg-buildpackage to create the debian package.

mkdir openvswitch
cd openvswitch

wget http://openvswitch.org/releases/openvswitch-1.10.0.tar.gz

tar xvfz openvswitch-1.10.0.tar.gz

mv openvswitch-1.10.0.tar.gz openvswitch_1.10.0.orig.tar.gz

cd openvswitch-1.10.0
dpkg-buildpackage -us -uc
cd ..

Ok, now we’ll use our root account. Go to the directory where you’ve downloaded the openvswitch tar.gz file. We’ll install some debian packages and build the openvswitch kernel module. We’ll use gdebi to solve dependency problems when installing local deb files.

su
gdebi openvswitch-datapath-source_1.10.0-1_all.deb
module-assistant auto-install openvswitch-datapath // Wait a few minutes for compilation to finish
gdebi openvswitch-common_1.10.0-1_amd64.deb
gdebi openvswitch-switch_1.10.0-1_amd64.deb

Let’s try to run a few OVS commands:


# ovs-vsctl -V
ovs-vsctl (Open vSwitch) 1.10.0
Compiled Jun 15 2013 19:23:15

# ovs-vsctl show
b5e96ffe-9cba-426e-a7e8-9dc2abca15e7
 ovs_version: "1.10.0"

# ovs-vsctl add-br brtest0
# ovs-vsctl show
b5e96ffe-9cba-426e-a7e8-9dc2abca15e7
 Bridge "brtest0"
 Port "brtest0"
 Interface "brtest0"
 type: internal
 ovs_version: "1.10.0"

It looks good. This one was easy….

Installing OpenNebula 4.0.1 using deb packages in Debian Wheezy

15/06/201315/06/20135 Comments

Hi again!

I’m a CentOS guy but a long time ago I started my Linux career with Debian. I’ve been asked to try to install OpenNebula 4.0.1 in Debian Wheezy so here is a post about what I’ve done.

Remember: I only want to try to help people, but I’m no Debian expert so I’m not responsible for direct or indirect damage caused by the use of the information on this site.

In general OpenNebula official packages works fine for Debian Wheezy, but there’s one package (opennebula_4.0.1-1_amd64.deb) that we’ll need to modify to avoid problems with dependencies. I’m going to execute all the commands as root and using a clean Debian minimal installation (only OpenSSH and utilies installed)

The first thing we’re going to do is to download and extract the OpenNebula source files from the official downloads page.

tar xvfz opennebula-4.0.1.tar.gz
cd opennebula-4.0.1

We’ll need to compile the opennebula source files using the instructions found in the README.md file but first we’ll need a few packages.

aptitude -y install g++ ruby ruby-sqlite3 openssl libxmlrpc-core-c3-dev libsqlite3-dev libxmlrpc-c++4-dev scons flex bison libxml2-dev libssl-dev rake rubygems ruby-dev libmysqld-dev ruby-xmlparser libxslt1-dev libcurl4-openssl-dev

Now we are going to compile opennebula with mysql support. After the compilation we’re going to install the opennebula files in a temp directory called one_build:

scons mysql=yes
mkdir ../one_build/
./install.sh -d ../one_build/

Ok we’re done. Now let’s download the opennebula 4.0.1 packages for debian 6.0.7 from the opennebula.org download site and move them to a directory. Uncompress the files.

tar xvfz Debian-6.0.7-opennebula-4.0.1-1.tar.gz
cd opennebula-4.0.1-1/

I’m a Debian newbie so I’ve decided to modify the existing deb package instead of building my own from scratch. I’ve used this useful forum post. We’ll use a temp directory called buildeb.

mkdir buildeb
dpkg-deb -x opennebula_4.0.1-1_amd64.deb buildeb/
dpkg-deb --control opennebula_4.0.1-1_amd64.deb
mv DEBIAN buildeb/
cd buildeb

Ok let’s modify the deb package.

Step 1, edit the DEBIAN/control file.

Change these dependencies:

libssl0.9.8 (>= 0.9.8m-1) -> libssl1.0.0 (>= 1.0.1e-2)
libmysqlclient16 (>= 5.1.21-1) -> libmysqlclient18 (>= 5.5.31)
libxmlrpc-c3 -> libxmlrpc-core-c3 (>= 1.16.33-3.2)

Add this dependency after libxmlrpc-core-c3 (the comma is to separate dependencies :-D):

, libxmlrpc-c++4 (>= 1.16.33-3.2)

Step 2, we are going to substitute some binaries from the .deb with those that we’ve just compiled so the right libraries are used.

# cp ../../one_build/bin/tty_expect usr/bin/
# cp ../../one_build/bin/oned usr/bin/
# cp ../../one_build/bin/one usr/bin/
# cp ../../one_build/bin/mm_sched usr/bin/
# cp ../../one_build/bin/onedb usr/bin/

OK now we’re ready to build our opennebula debian package for wheezy:

cd ..
# dpkg -b buildeb opennebula_4.0.1-1_amd64_wheezy.deb

OK. All packages are ready but before installing them we are going to insall gdebi. It’ll help us to install the local deb files solving dependencies.

aptitude -y install gdebi

Come on, let’s install!

# gdebi opennebula-common_4.0.1-1_all.deb
# gdebi ruby-opennebula_4.0.1-1_all.deb
# gdebi opennebula-tools_4.0.1-1_all.deb
# gdebi opennebula_4.0.1-1_amd64_wheezy.deb
# gdebi opennebula-sunstone_4.0.1-1_all.deb

Now we’ll check if opennebula and sunstone are running:

service opennebula status
[ ok ] one is running.grep

netstat -ntap | grep 9869
tcp 0 0 127.0.0.1:9869 0.0.0.0:* LISTEN 22034/ruby

And finally let’s switch to user oneadmin and run a few commands:

$ onehost list
 ID NAME CLUSTER RVM ALLOCATED_CPU ALLOCATED_MEM STAT

oneadmin@lestrade:/home/mcabrerizo/opennebula-4.0.1-1$ onevm list
 ID USER GROUP NAME STAT UCPU UMEM HOST TIME

Ok. The installation seems fine! but I’ll check in the next days if I missed something important. If all is good I’ll post here an URL to download the deb package I’ve bulit so you can save time (or write me an email if you can’t wait! look for my contact information)

Please I appreciate your feedbacks it helps me to keep my blog useful for the community.
Enjoy!

Openvswitch 1.9 – CentOS 6.4

05/06/20131 Comment

Hi,
I’ve posted about this topic again in case you really need to use Openvswitch 1.9 (LTS version), it worked for me but I can’t guarantee that it’ll work for you, I only try to help. I’ve installed recently the 1.10 version as it’s easier to install.

Ok. CentOS 6.4 already has an openswitch module that you can load with: insmod openvswitch, but you’ll need the binaries to manage openvswitch.

The first thing is to install the development tools. I use the groupinstall method though it’ll install libraries and compilers that you may not need…. but it’s a quick method. I also install the EPEL repository, uml_utilities and the OpenSSL development libraries.


yum groupinstall "Development Tools"
yum install wget

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum localinstall epel-release-6-8.noarch.rpm

yum install uml_utilities openssl-devel

If you want to use the openvswitch module which comes with CentOS 6.4 and you only want to compile the tools to manage the openvswitch, let’s add an user ovswitch and switch to that user.

adduser ovswitch
cd /home/ovswitch
su ovswitch

Let’s download the files from OpenVswitch and build from the source.

mkdir -p rpmbuild/SOURCES
wget http://openvswitch.org/releases/openvswitch-1.9.0.tar.gz
tar xvfz openvswitch-1.9.0.tar.gz
cd openvswitch-1.9.0

./configure
make dist

cp openvswitch-1.9.0.tar.gz ../rpmbuild/SOURCES/

Now we are going to modify the openvswitch.spec so the openvswitch-kmod is not needed and you can install it later. Edit rhel/openvswitch.spec and remove openvswitch-kmod from the Requires lines. Finally let’s build the rpm file.

rpmbuild -bb rhel/openvswitch.spec // If building operation succeded just exit
exit

Using our root account we’ll install the daemons and the utilities. Thanks to Nicira, Inc for the start/stop daemons.

yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-1.9.0-1.x86_64.rpm

Check if openvswitch tools are ready, and if it works let’s start the service and configure to start at boot

ovs-vsctl -V

service openvswitch start
Starting ovsdb-server [ OK ]

Configuring Open vSwitch system IDs [ OK ]
Starting ovs-vswitchd [ OK ]

chkconfig openvswitch on

End of part one.

Ok. As far as I know If you still need the bridge compatibility: brcompat, you’ll need to compile the module…

Compilation will show errors about ‘redefinition of…’. As this link suggests I’ve created a patch that comments the lines that prevents compilation but I can’t guarantee that it has no secondary effects and this is the first time I create a patch for rpm (thanks to these links: link#1, link#2). I had recently an issue when creating a port mirror, I don’t know if it was a problem with my solution but I think I should mention it.

Please download the patch and the modified spec file from my google drive shared folder and follow these instructions:

Copy the openvswitch-1.9.0-el6.patch to the /home/ovswitch/rpmbuild/SOURCES/
Substitute the spec file with the one downloaded inside the /home/ovswitch/openvswitch-1.9.0/rhel/
Build the kernel module: rpmbuild -bb rhel/openvswitch-kmod-rhel6.spec

Now as the root user install the module (it will take time be patient):

yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/kmod-openvswitch-1.9.0-1.el6.x86_64.rpm

The new openvswitch module can’t be loaded if the bridge module is in use. If you don’t need the default bridge that is autostarted by the libvirtd daemon, remove the link that loads the bridge and the module. After that, restart the libvirtd daemon and check that the bridge module is not loaded. Warning: the default virbr0 bridge will dissapear.

rm /etc/libvirt/qemu/networks/autostart/default.xml
/etc/init.d/libvirtd restart

Now we want to prevent the original kernel module that comes with CentOS 6.4 to be loaded. Maybe there are better ways but I’ve chosen to make a backup of that module and substitute it with the new one.

cp /lib/modules/2.6.32-358.el6.x86_64/kernel/net/openvswitch/openvswitch.ko /root/
mv /lib/modules/2.6.32-358.el6.x86_64/weak-updates/openvswitch/openvswitch.ko /lib/modules/2.6.32-358.el6.x86_64/kernel/net/openvswitch/openvswitch.ko

Reboot the machine.

If you want to use the brcompat option:

Edit the /etc/sysconfig/openvswitch file and uncomment BRCOMPAT=yes
Start the openvswitch service: /etc/init.d/openvswitch start
Check that the brcompat module has been loaded. I tested OpenNebula 3.8.3 with OpenVswitch and it worked with brcompat.

lsmod | grep brcompat
brcompat 5905 0
openvswitch 96981 1 brcompat

Ok… it’s a long post and maybe you don’t need the brcompat module but who knows?

Please I wish that my posts are clear and error free, I appreciate your help and feedback. Tthank you Adrian and Roni for sharing your issues and Arthur for your comment.

CentOS 6.4 – Openvswitch installation

03/06/201331/08/201638 Comments

UPDATE: If you need help to run Open vSwitch 2.5.0 LTS have a look at a more recent post

Hi,
this post has been rewritten (reloaded?). I’ve found a little spare time to update this article. A couple months ago I wrote a post about how to install openvswitch 1.9.0 version. It was a tricky installation and I even had to create a little patch, but with the latest stable 1.10 version the installation is a piece of cake. Only 5 minutes!.

Update: I’ve checked that the following instructions allows me to build openvswitch 2.0.0 and openvswitch LTS 1.9.3

I’m showing you the steps after a clean minimal installation of CentOS. If you see # it means that the command must be executed as root, and if you see $ the command must me executed as the ovswitch user that I’ve created.

Note that all this information is in the INSTALL.RHEL file that comes with the tar.gz file, but if you’re too lazy (like me) that’s what I’ve executed.

I’d like to thank Openvswitch creators for such a great code and Nicira Inc for the daemon scripts.

#yum install wget openssl-devel
#yum groupinstall "Development Tools"

#adduser ovswitch
#su ovswitch

$cd
$wget http://openvswitch.org/releases/openvswitch-1.10.0.tar.gz
$tar xvfz openvswitch-1.10.0.tar.gz
$cd openvswitch-1.10.0
$mkdir -p /home/ovswitch/rpmbuild/SOURCES
$cp ../openvswitch-1.10.0.tar.gz /home/ovswitch/rpmbuild/SOURCES/
$cp rhel/openvswitch-kmod.files /home/ovswitch/rpmbuild/SOURCES/
$rpmbuild -bb rhel/openvswitch.spec
$rpmbuild -bb rhel/openvswitch-kmod-rhel6.spec
$exit

#yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/kmod-openvswitch-1.10.0-1.el6.x86_64.rpm
#yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-1.10.0-1.x86_64.rpm

Let’s start the daemon!

#/etc/init.d/openvswitch start
/usr/share/openvswitch/scripts/ovs-lib: line 49: /var/log/openvswitch/ovs-ctl.log: No such file or directory
tee: /var/log/openvswitch/ovs-ctl.log: No such file or directory

/etc/openvswitch/conf.db does not exist ... (warning).
Creating empty database /etc/openvswitch/conf.db [ OK ]
Starting ovsdb-server [ OK ]
Configuring Open vSwitch system IDs [ OK ]
Inserting openvswitch module [ OK ]
Starting ovs-vswitchd [ OK ]
Enabling remote OVSDB managers [ OK ]
Enabling gre with iptables [ OK ]

CentOS 6.4 kernel comes with a openvswitch kernel module but the kmod-openvswitch installation will deal with it and load the new module. Let’s check what module is loaded:

# modinfo openvswitch
filename: /lib/modules/2.6.32-358.el6.x86_64/weak-updates/openvswitch/openvswitch.ko
version: 1.10.0
license: GPL
description: Open vSwitch switching datapath
srcversion: 33CB73C0C5A83F3CD6B7B0F
depends: 
vermagic: 2.6.32-358.6.2.el6.x86_64 SMP mod_unload modversions 
parm: vlan_tso:Enable TSO for VLAN packets (int)

Great! The installation is quick and clean.

P.S: If you need information about openvswitch installation for 1.9 version let me know (use a comment or contact me) because I’ve retired the old post info and I have a copy.

Snorby in CentOS 6.4

02/06/201325/02/201419 Comments

25/02/2014: Hi, I’ve created a new post for CentOS 6.5 but it may work also for CentOS 6.4, please visit this new post before. I’ll keep this article as an archived version if you need to compile wkhtmltopdf for any reason.

If I want to have fun with Suricata IDS I think it will be useful to have a monitoring tool to track possible alerts. I’ve chosen Snorby as it seems to have a nice and intuitive GUI. Snorby uses ruby on rails and a mysql database. After many attempts I’ve finally got it running so I want to share with you the steps I’ve followed.

According to its web page, Snorby requires:

Ruby > 1.9.2
ImageMagick > 6.6.4
Rails > 3.0.0
Wkhtmltopdf

Unfortunately, packages in CentOS 6.4 repositories have older versions, maybe you can find newer versions in other repositories but time I’ll stick with the official repositories. Compilation fun! Warning: if you use the following commands check if newer versions of downloaded packages exist and change directories and names accordingly.

We’ll start installing some packages using yum

yum groupinstall "Development Tools"
yum install openssl-devel readline-devel libxml2-devel libxslt-devel mysql mysql-devel mysql-libs mysql-server urw-fonts libX11-devel libXext-devel qconf fontconfig-devel libXrender-devel unzip wget

Let’s compile ImageMagick.

cd /opt
wget http://ftp.sunet.se/pub/multimedia/graphics/ImageMagick/ImageMagick-6.8.5-9.tar.gz

tar xvfz ImageMagick-6.8.5-9.tar.gz
cd ImageMagick-6.8.5-9
./configure
make
make install
ldconfig /usr/local/lib

Time for Wkhtmltopdf. I’ve downloaded the source files because I had problems with the static versions of Wkhtmltopdf. I’ve used the readme file (README_WKHTMLTOPDF) which comes with wkhtmltopdf as a guide, but notice that the gitorious repository is not found.Warning: this step is going to take a loooong time so if you don’t need pdf reporting skip it.Warning: if you see squares in your pdf report instead of text install with yum the urw-fonts package. This information is provided thanks to this stackoverflow question.
```
cd /opt
git clone git://github.com/jcsalterego/wkhtmltopdf-qt.git wkhtmltopdf-qt
cd wkhtmltopdf-qt
```

// Edit the mkspecs/linux-g++-64/qmake.conf file and change the following lines:
QMAKE_LIBDIR_X11 = /usr/lib64
QMAKE_LIBDIR_OPENGL = /usr/lib64

./configure -nomake tools,examples,demos,docs,translations -opensource -prefix ../wkqt
make -j3
make install

cd /opt
wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.11.0_rc1.tar.bz2
tar jxvf wkhtmltopdf-0.11.0_rc1.tar.bz2
cd wkhtmltopdf-0.11.0_rc1
../wkqt/bin/qmake
make
ldconfig
ln -s /opt/wkhtmltopdf-0.11.0_rc1/bin/wkhtmltopdf /usr/local/bin/wkhtmltopdf
ln -s /opt/wkhtmltopdf-0.11.0_rc1/bin/libwkhtmltox.so.0 /usr/lib64/libwkhtmltox.so.0

MySQL!. Start the service and if it’s the first time you install it use the mysql_secure_installation to set root’s password and remove unnecessary tables.
```
service mysqld start
mysql_secure_installation
chkconfig mysqld on
```

And now we need Ruby and RubyGems. I’m installing ruby 1.9.3 from ruby’s webpage.

cd /opt
wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p448.tar.gz
tar xvfz ruby-1.9.3-p448.tar.gz
cd ruby-1.9.3-p448
./configure
make
make install

cd /opt
wget http://production.cf.rubygems.org/rubygems/rubygems-2.0.4.tgz
tar xvfz rubygems-2.0.4.tgz
cd rubygems-2.0.4
ruby setup.rb

We now have gem installed and we’re going to install bundler gem which is needed by Snorby setup.
```
cd /opt
gem install bundler
```
OK. I want to use Snorby so I need to download it!. I’ve had problems with the latest git version of snorby so I had to use the zip with the stable version (which is linked from Snorby’s webpage).
```
wget -O snorby.zip --no-check-certificate https://github.com/Snorby/snorby/archive/master.zip
unzip snorby.zip
cd snorby-master
```

Now, pay attention! I’ve found many problems trying to use bundle with ruby 9.3 and I spent several hours finding out what to do. This is what I’ve done, I can guarantee that it’ll work with a newer ruby or snorby version but at least if you find the same problem you won’t suffer. If you find any error please contact me maybe I can help you and update the post so it’s useful for other users.

//Edit the Gemfile file and change this line: 
//gem 'rake', '0.9.2'   to:  gem 'rake', '> 0.9.2'
//unless you want this error to show when using bundler: "error: /usr/local/lib/ruby/gems/1.9.1/gems/bundler-1.3.1/lib/bundler/fetcher.rb:112:in `specs': undefined method `each' //for nil:NilClass (NoMethodError)"

//Edit the Gemfile file and add this line: 
//gem 'orm_adapter' after the line: gem netaddr, 
//unless you want this error when using bundler: 'orm_adapter' file not found

//Edit Gemfile.lock and change rake (0.9.2) to rake(0.9.2.2) 
//so rake setup does not complain about a different rake version

//Create a snorby_config.yml file. Edit the production section and set your domain
cp config/snorby_config.yml.example config/snorby_config.yml
// Create a MySQL database and a user for snorby
mysql> create database snorby;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on snorby.* to snorby@localhost identified by 'snorby';

// Create a database.yml config file. 
// Edit the file and set the root password and MySQL server location
cp config/database.yml.example config/database.yml

OK! Now let’s install Snorby. And don’t forget to read the README.md file provided by Snorby’s developers

// We are in the snorby directory 
bundle install
rake snorby:setup

// This is the command's output
ERROR 1007 (HY000) at line 1: Can't create database 'snorby'; database exists
[datamapper] Finished auto_upgrade! for :default repository 'snorby'
[~] Adding `index_timestamp_cid_sid` index to the event table
[~] Adding `id` to the event table
[~] Building `aggregated_events` database view
[~] Building `events_with_join` database view
* Removing old jobs
* Starting the Snorby worker process.
* Adding jobs to the queue

Snorby is installed woohoo! Before launching it let’s create an iptables rule (TCP 3000 is the default port)
```
iptables -I INPUT -p tcp --dport 3000 -m state --state=NEW,ESTABLISHED,RELATED -j ACCEPT
```

And now finally let’s start Snorby in my CentOS 6.4 server:

rails server -e production
Booting WEBrick Rails 3.1.12 application starting in production on http://0.0.0.0:300
Call with -d to detach 
Ctrl-C to shutdown server