Finding Your Way around UML |
97 |
6. When prompted, enter y to install Xnest on your host.
Xnest lets you view the VM’s graphical desktop within a window on your desktop.
7. If prompted, answer y to add iptables rules to modify your network firewall so that you can talk to the VM from your local network.
If you’re using KDE, the installer creates a new submenu (named User Mode Linux) on your KDE main menu. To start UML, open the KDE main menu and choose User Mode Linux LIDS Off.
At installation, UML adds four options to your menu. LIDS and SELinux are hardening systems that make your computer less vulnerable to attacks from nasty people. We tell you more about UML jails in Technique 58 and more about LIDS in Technique 61. For now, use UML LIDS Off — it will behave just like a standard installation of Fedora.
A console window appears, showing a typical Linux boot sequence; that’s your new virtual machine (see Figure 15-1).
• Figure 15-1: The UML login screen.
When your UML VM has finished booting, login as user root (the initial password is 12qwaszx).
To shut down your virtual machine, enter halt at the command line.
Finding Your Way around UML
When you first start up a VM, the host file system is mounted on /mnt/host. This means that the VM can access every file and directory on your host. Go ahead — take a look:
[root@uml1/] ls /mnt/host |
|
|
|
||
bin |
etc |
jail |
misc |
proc |
tmp |
boot |
home |
lib |
mnt |
root |
usr |
dev |
initrd |
lost+found |
opt |
sbin |
var |
Here are some more important things you’ll likely want to do from the VM:
Use the resources of the host computer: Preface the resource pathname with /mnt/host. For example, to access the CD drive, enter the following command:
$ cd /mnt/host/mnt/cdrom
Before you can use a host file system from within the VM, you have to mount the file system from the host. For example, if you want to use the CD drive from within the VM, you must mount /dev/cdrom in the host. Then use the /mnt/host prefix to access the peripheral devices.
Find the programs on your host: ADIOS has configured the $PATH environment variable to match the $PATH in your host (adjusting it to find commands first within the VM and then on the host). If $PATH is set to /bin:/usr/bin on the host, UML changes that to /mnt/host/bin:/mnt/ host/usr/bin. This means that all the programs you use on the host are available within the VM (although configuration files may not be in the right place).
98 Technique 15: Building a Playpen with User Mode Linux
Get the IP address: Your new VM has a virtual Ethernet adapter. You can find the IP address with the ifconfig command:
# /sbin/ifconfig eth0 | grep inet inet addr: 192.168.201.1
Bcast:192.168.201.255 Mask: 255.255.255.0
Typically, the first VM you create has an IP address of 192.168.201.1, the second VM has an IP address of 192.168.202.1, and so on. You can ping the VM from your host or ping the host from your VM. You can also ssh from one to the other.
Connecting to the Internet from an ADIOS VM
If you want your VM to be able to access the rest of the Internet, you need to turn on NAT (Network Address Translation). NAT enables you to share a physical network interface among multiple computers (in this case, one physical computer and a few virtual computers). Here’s how to turn on NAT in Fedora or Mandrake Linux:
1. From the host computer (not from the VM), open your terminal window and give yourself superuser privileges with the su command.
2. Enter the following command:
# kate /etc/sysconfig/iptables
The Kate text editor opens, with the iptables file ready to edit.
3. Add the following code to the end of the file:
*nat
:POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] COMMIT
4. Save your work and close the editor.
5. Execute the following command to restart your firewall with the new rules you just put in place:
# /sbin/service iptables restart
If you’re using SuSE, check out Technique 34 for information about enabling NAT within your firewall.
Now you should be able to access the Internet (and your local network) from within the VM.
Using a GUI with UML
IceWM is a minimal desktop environment — it doesn’t come with a ton of bells and whistles, but it’s also not a big resource hog.
While you’re configuring your VM, the GUI can be a great help. But after you’re up and running, you’ll probably use the command line for most of your work. Having a GUI that’s a bit sparse really isn’t a problem — you won’t be here for that long.
To run IceWM, open a virtual machine and enter startx at the command line. A new window opens, displaying the IceWM window manager.
Click the IceWM button in the upper-left corner to open the drop-down menu. The other buttons on the taskbar control your workspaces within IceWM, open an Xterm window, or start the Mozilla browser.
Installing Software into UML
The ADIOS distribution of UML comes with the RPM package manager installed and ready to use, making software installation quick and easy. In fact, you
Merging Changes to Your Prototype |
99 |
don’t have to copy an RPM package into the VM before you install it; just mount the host drive that contains the package and nab the file by using the
/mnt/host prefix.
As an example, we walk you through an installation of Webmin. Webmin is a handy tool for managing servers from within a Web browser. Webmin takes care of just about every system administration task you can think of, making it a great addtion to UML. In the next section, we show you how to install Webmin into the VM prototype so all your VMs have quick and easy access to Webmin.
If you need to set up a server that makes resources available to the outside world (such as a Web server or an e-mail server), build the server inside a VM. If troublemakers do get in, you can limit their access to the rest of your system. We show you how in Technique 58.
To install Webmin in a UML Virtual Machine, follow these steps:
1. On your host machine, open a Web browser and browse to www.webmin.com. Click the RPM download link in the upper-right corner.
You jump to the download server page.
You can surf from inside UML and download directly into your virtual machine, but it’s faster to download to your host machine and access the result via /mnt/host.
2. Click the Download link for the location that’s closest to you. When the Download Manager opens, click the Save button to save the file.
3. From within the VM, cd to the directory that contains the RPM package that you just saved:
$ cd /mnt/host/home/user
Don’t forget to include /mnt/host in your path because you saved the package on the host.
4. Unpack the RPM package with the following command:
$ rpm -Uhv webmin-1.121-1.noarch.rpm
If you downloaded a new version, substitute its name in the command.
5. Press Enter, and the whirring begins.
Webmin creates a mini–Web server inside your VM. You can use Webmin from your host machine to set up the servers you install in the VM. Just open a browser on your host machine and jump to
192.168.201.1:10000
Log in as root and enter your password, and you can quickly manage your virtual servers from the comfort of your host’s browser!
Merging Changes to Your Prototype
If you run many VMs at the same time, each new VM starts out with its own copy of the original ADIOS root file system (we call that the prototype file system because new VMs are created from that file system). This means that software you install in one VM won’t show up in the other VMs.
Occasionally, you may want to install a tool in every virtual machine on your host. To make a permanent change to your prototype file system, change one of the VMs and then merge the changes back into what then becomes your new prototype UML virtual machine.
Merging changes can be a timesaver if you need to set up multiple VMs with similar attributes (for example, you want to use Webmin to manage all your servers). Make your changes to one machine and commit those changes to the prototype. New VMs will reflect the changes.
100 Technique 15: Building a Playpen with User Mode Linux
To merge your changes back into the prototype file system, follow these steps:
1. Open a copy of UML and make the changes you want reflected in all your VMs.
2. Shut down the VM by using the halt command.
3. Open a terminal window and enter the following command:
$ uml_moo -d /tmp/root_fs1
4.Press Enter.
That’s it — all the changes you’ve made to the virtual machine are merged into the prototype UML. Next time you start a new VM, your changes will be waiting for you.
Your original root file system is never modified by changes you make to an open VM unless you merge the changes back into the prototype. All your modifications are recorded in a separate file.
Peeking into the virtual file cabinet
When you start a new UML VM, a few new files appear in the /tmp/uml directory. If you casually browse through /tmp/uml, you may be alarmed to see some huge files. If you’ve started a single VM, you’ll see a file named /tmp/ uml/root_fs1. That’s the root file system for your VM. Use the ls -l command to see this file, and you’ll discover it’s over 500 megabytes long! Start a second VM and another 500 megabyte file appears for the second root file system. Don’t worry, the apparent file size is very misleading.
UML uses a brilliant strategy known as copy-on-write, or COW. When you start a VM, UML mounts the original root file system (/opt/uml/root_fs) in read-only mode, but it also creates a second file (/tmp/uml/root_fs1). When your VM modifies a file within its root file system, the changes are written to the /tmp/uml/root_fs1 file, not to the original file. If you really mess up something in your VM (or if an intruder has made his or her way into your VM), COW makes it easy to revert to a fresh copy of Linux — just remove the COW file (root_fs1) from /tmp/uml. The next time you start the VM, UML creates a fresh new COW file for you.
Part III
Good Housekeeping
with Linux
16 Red-lining RPM
Queries
Technique
Save Time By
Using rpm to locate files
Creating a catalog of your install media
Finding package dependencies
Querying remote packages before bringing them home
RPM (the Red Hat Package Manager) is typically used to install software, but behind the scenes, RPM maintains a database of useful information. Every RPM package includes a mini-database that con-
tains basic information about the package itself. When you install an RPM package, the mini-database is added to the master database of installed packages. The rpm command can peek inside the RPM databases to tell you about software that you’ve already installed or packages that you may want to try out.
An RPM package typically contains a collection of programs, data files, and documentation. A package can also contain scripts that execute when you install, remove, upgrade, or verify the package. Each package also contains a package digest that contains information about the package itself. The digest can tell you a lot about the package: who built the package, when they built it, and what the package is supposed to do. The digest also lists prerequisites for the package (that is, you must install package A before you install package B).
An RPM package also contains two components critical to ensuring that you’re installing software from a trusted source. When an RPM package is created, the person creating the package signs the package with a digital signature. You can use the digital signature to determine whether the package has been modified since it was signed (a mismatched signature tells you that the package has been tampered with). Every file installed by a package is fingerprinted at the time the package is created; you can come back at a later date and verify the fingerprint of the installed version to make sure that the file has not been tampered with since installation. We show you how to verify digital signatures and fingerprints in Technique 18.
In this technique, we show you how to use the rpm command to query RPM databases in useful and interesting ways. We also show you how to save time by creating a complete catalog of your installation media for handy reference.