Install windows 2012 R2 over KVM-virtualizaton

Jaime Uriel Torres Serrano asked:

I’m trying to install Windows Server 2012 R2 over linux KVM-virtualization.

The installation process stops and requires drivers to continue.

I’m trying with virtio drivers from fedora but doesn’t work. Installation process doesn’t show a storage device to install.

I’m trying different options to storage:SATA, IDE, Virtio, Virtio SCSI.

Diskpart (list disk) shows me disks but installer can’t use it.

I used different versions of virtio drivers:
virtio-win-0.1.105.iso , virtio-win-0.1.96.iso and virtio-win-0.1.101.iso with the same results.

My installations disk is: SW_DVD9_Windows_Svr_Std_and_DataCtr_2012_R2_64Bit_Spanish_-4_MLF_X19-82897.ISO


I answered:

This is how I currently do installs of Windows with virtio drivers at install:

  1. Create the new VM with a genuine Windows installation ISO image. I cannot guarantee that anything will work if you use a pirated copy of Windows.

    Create a new virtual machine

  2. Choose to customize the machine configuration before install.

    Customize machine configuration before install

  3. Select the IDE hard drive, and change its type to VirtIO. Click Apply.

    Change IDE hard drive to Virtio

  4. Select the IDE CDROM, and change its type to SATA. Click Apply.

    Change IDE CDROM to SATA

  5. Click Add Hardware, then add a second SATA CDROM drive with the virtio-win.iso image.

    Add a SATA CDROM with virtio-win.iso

  6. Click Begin Installation and begin installing Windows.

    When Setup asks you where to install Windows, click Load Driver.

    Windows setup Load Driver

  7. On the next page. click Browse, and browse to the viostor2k12R2amd64 folder on the second CD drive, virtio-win-0.1.xx.

    Select E:viostor2k12R2amd64

  8. The Red Hat VirtIO SCSI Controller will appear. Click Next.

    Use the Red Hat VirtIO SCSI Controller driver

  9. Now your virtual disk is successfully detected. Enjoy!

    Windows finds the virtual disk

When installation is complete, you can use the virtio-win CD to install drivers for the remaining hardware, such as your NIC, balloon driver, etc. Open up Device Manager to see which devices need to have drivers loaded. And when you’re done with installing drivers, you can remove the second virtual CDROM drive from the virtual machine.

(And to upgrade the video driver, see another answer I wrote).


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Apache VirtualHost wildcards with IPv6

TommyPeanuts asked:

Using Apache 2.4 on Ubuntu, I have the following in ports.conf:

Listen XX.73.44.57:80
Listen [2001:XX:0:2c38::39]:80

<IfModule ssl_module>
         Listen XX.73.44.57:443
         Listen [2001:XX:0:2c38::39]:443
</IfModule>

<IfModule mod_gnutls.c>
         Listen XX.73.44.57:443
         Listen [2001:XX:0:2c38::39]:443
</IfModule>

I’d like to have the following in my server configs:

 <VirtualHost *:80>

but that doesn’t seem to work properly as the hosts don’t respond. I’ve also tried:

 <VirtualHost *:80 [::]:80>

The following works:

<VirtualHost [2001:XX:0:2c38::39]:80 XX.73.44.57:80>

but I’d prefer a wildcard. Do I have to give the IP addresses explicitly?


I answered:

If you want to use a wildcard address (listen on all IP addresses) in a VirtualHost, you need your Listen directive to be listening on all IP addresses.

Listen 80
Listen 443

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

NPS and RHEL ssh configuration

Subodh asked:

We have setup windows NPS and RHEL radius client using pam_radius module from freeradius.org for ssh . but on linux client I see error pam_radius_auth: Got RADIUS response code 3 in /var/log/secure. Code 3 means Access Rejected, but from a windows client when I tested using a radius testing tool, the connection was successful and got code 2, code 2 means Access granted. In NPS log I am getting below:

<Event>
 <Timestamp data_type="4">07/04/2015 10:21:02.913</Timestamp>
 <Computer-Name data_type="1">MYADDomainController</Computer-Name>
 <Event-Source data_type="1">IAS</Event-Source>
 <User-Name data_type="1">MYlinuxuser</User-Name>
 <NAS-Identifier data_type="1">sshd</NAS-Identifier>
 <NAS-Port data_type="0">3360</NAS-Port>
 <NAS-Port-Type data_type="0">5</NAS-Port-Type>
 <Service-Type data_type="0">8</Service-Type>
 <Calling-Station-Id data_type="1">MYWindowsClientIP</Calling-Station-Id>
 <Client-IP-Address data_type="3">MYMyLinuxRadiusClientNameInNPSIP</Client-IP-Address>
 <Client-Vendor data_type="0">0</Client-Vendor>
 <Client-Friendly-Name data_type="1">MyLinuxRadiusClientNameInNPS</Client-Friendly-Name>
 <Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name>
 <Provider-Type data_type="0">1</Provider-Type>
  <SAM-Account-Name data_type="1">MyDomainNameMYlinuxuser</SAM-Account-Name>
  <Fully-Qualifed-User-Name data_type="1">MyDomainNameMYlinuxuser</Fully-Qualifed-User-Name>
  <Class data_type="1">311 1 MyRadiusServer 07/04/2015 05:14:52 15</Class>
  <Authentication-Type data_type="0">1</Authentication-Type>
  <Packet-Type data_type="0">1</Packet-Type>
  <Reason-Code data_type="0">0</Reason-Code>
  </Event>
<Event>
  <Timestamp data_type="4">07/04/2015 10:21:02.913</Timestamp>
  <Computer-Name data_type="1">MYADDomainController</Computer-Name>
  <Event-Source data_type="1">IAS</Event-Source>
  <Class data_type="1">311 1 MyRadiusServer 07/04/2015 05:14:52 15</Class>
  <Authentication-Type data_type="0">1</Authentication-Type>
  <Fully-Qualifed-User-Name data_type="1">MyDomainNameMYlinuxuser</Fully-Qualifed-User-Name>
  <SAM-Account-Name data_type="1">MyDomainNameMYlinuxuser</SAM-Account-Name>
  <Provider-Type data_type="0">1</Provider-Type>
  <Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name>
  <Client-IP-Address data_type="3">MYMyLinuxRadiusClientNameInNPSIP</Client-IP-Address>
  <Client-Vendor data_type="0">0</Client-Vendor>
  <Client-Friendly-Name data_type="1">MyLinuxRadiusClientNameInNPS</Client-Friendly-Name>
  <Packet-Type data_type="0">3</Packet-Type>
  <Reason-Code data_type="0">16</Reason-Code>
</Event>

In Windlows event viewer under NPS I dont see any errors, any suggestion what I am missing in NPS.


I answered:

The reason code given in your event log is 16, which is unambiguous:

Authentication failed due to a user credentials mismatch. Either the user name provided does not match an existing user account or the password was incorrect.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

uWSGI is ignoring uid, gid and chown-socket

010110110101 asked:

I’m trying to use uWSGI with nginx. The root problem I am having is that I’m getting “No such file or directory” from nginx trying to connect to the uWSGI socket file.

When I use the following settings, I am expecting the socket file’s permissions to change. However, they aren’t. It continues to show uwsgi:uwsgi.

The error from nginx is *17 connect() to unix:/tmp/myapp.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.1.122, server: , request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/tmp/myapp.sock:", host: "192.168.1.123:81"

myapp.ini (uwsgi)

[uwsgi]
chdir = /var/local/myapp
plugins = python
module = wsgi:app
home = /var/local/virtualenv/myapp
file = main.py
daemonize = /var/log/uwsgi/myapp.log
pidfile = /var/run/uwsgi/myapp.pid
socket = /tmp/%n.sock

chmod-socket = 777
chown-socket = webuser:nginx
uid = webuser
gid = nginx

vacuum = true

file permissions

srwxrwxrwx.  1 uwsgi uwsgi    0 Jul  3 12:43 myapp.sock

myapp.conf (nginx)

server {
    listen 81;

    access_log /var/log/nginx/myapp_access.log;
    error_log /var/log/nginx/myapp_error.log;

    location / {
        try_files $uri @yourapplication;
    }

    location @yourapplication {
        include uwsgi_params;
        uwsgi_pass unix:/tmp/myapp.sock;
    }
}

I also tried this:

usermod -a -G nginx uwsgi
usermod -a -G uwsgi nginx
useradd webuser
usermod -a -G nginx webuser
usermod -a -G uwsgi webuser

and I tried this:

grep avc /var/log/audit/audit.log | audit2allow -M nginx
semodule -i nginx.pp

I answered:

You can’t put sockets for interprocess communication in /tmp.

RHEL/CentOS 7, Fedora, etc., use private /tmp directories, meaning each daemon configured for it (in this case, at least nginx) has a completely different view of /tmp than any other.

To resolve the problem, either place the socket in another directory or use TCP connections.

And don’t blindly audit2allow things without understanding what’s going on. You’ll likely open up some security hole.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

KVM debian wheezy packages with ceph support

mongo533 asked:

Does anybody know any packages out there for kvm which are compiled with RBD support?

I have these installed right now:

ii  kvm                              1:1.1.2+dfsg-6+deb7u8         amd64        dummy transitional package from kvm to qemu-kvm
ii  qemu-kvm                         1.1.2+dfsg-6+deb7u8           amd64        Full virtualization on x86 hardware
ii  libvirt-bin                      1.2.9-9~bpo70+1               amd64        programs for the libvirt library
ii  libvirt-clients                  1.2.9-9~bpo70+1               amd64        programs for the libvirt library
ii  libvirt-daemon                   1.2.9-9~bpo70+1               amd64        programs for the libvirt library
ii  libvirt-daemon-system            1.2.9-9~bpo70+1               amd64        Libvirt daemon configuration files
ii  libvirt0                         1.2.9-9~bpo70+1               amd64        library for interfacing with different virtualization systems
ii  python-libvirt                   1.2.1-2~bpo70+1               amd64        libvirt Python bindings

Building kvm on my own seems to be very difficult since it has many dependencies including gui libraries.

Thank you!


I answered:

qemu, libvirt and virt-manager support RBD on Fedora.

Interestingly I did not see support on CentOS 7.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

How configure environment variable with AcceptEnv

Saryas asked:

In /etc/ssh/sshd_config, there is an option called AcceptEnv that allows the ssh client to send environment variables. I need to be able to send a large number of environment variables,
how can i do this?


I answered:

You can specify multiple environment variables on one line with AcceptEnv, and you can even give the option multiple times if you want.

For example:

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

The man page also stated this:

Multiple environment variables may be separated by whitespace or spread across multiple AcceptEnv directives.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Clarification of netcat result

Doug McK asked:

I’ve been trying to debug an issue on our servers and Im confused by this response from netcat. Can anyone explain why Im getting these 2 contradictory messages when checking to see if a port is working? Is it failing to connect via TCP and then succeeding with some other method (*)?

ubuntu@1-2-3-4:/var/log$ nc -vz localhost 7777
nc: connect to localhost port 7777 (tcp) failed: Connection refused
Connection to localhost 7777 port [tcp/*] succeeded!

IP4/6 results

nc -vz4 localhost 7777
Connection to localhost 7777 port [tcp/*] succeeded!
nc -vz6 localhost 7777
nc: connect to localhost port 7777 (tcp) failed: Connection refused

I answered:

This is happening because your daemon is only listening on IPv4.

IPv6 is the default protocol, so if a given hostname has both IPv4 and IPv6 addresses, the IPv6 address is always tried first.

In your case, localhost has the IPv4 address 127.0.0.1 and the IPv6 address ::1. But your daemon is only listening on 127.0.0.1.

So, when nc tries to connect to localhost it first connects to ::1, finds nothing is listening, and returns Connection refused. It then tries to connect to 127.0.0.1 and finds your daemon.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

List of packages for RH 5.x

AverageAllen asked:

I need to install SSSD onto some of my client’s servers, but a few of them are pretty old. Is there a list of all of the packages in the repository for a specific release of redhat?

Specifically I need to see what is the newest version of SSSD that is supported by RH 5.3, 5.4, and 5.4 Beta without downloading them.


I answered:

sssd was added to RHEL 5 with the RHEL 5.6 service pack.

Bring the systems up to date, (the current release is RHEL 5.11) and you will then have access to it.

And, do not run RHEL without a subscription.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Mount windows server 2012 DVD on centos 7

prodigerati asked:

I’m trying to install windows server 2012 R2 on a VM using virt-manager on centos 7. During the install it will not allow me to select the DVD drive (greyed out).

I tried the following command:

mount -r -t iso9660 /dev/sr0 /mnt/DVD/

The DVD mounted without error but there is only one file:

readme.txt

This disc contains a “UDF” file system and requires an operating system
that supports the ISO-13346 “UDF” file system specification.

So I tried the following command:
mount -r -t iso13346 /dev/sr0 /mnt/DVD/

got this error:
mount: unknown filesystem type ‘iso13346′

Could it be that the DVD drive I’m using is too old? It was manufactured in 2003…


I answered:

Don’t specify a filesystem type; mount will figure it out (correctly).

And if you’re trying to install Windows in a virtual machine, you do not need to (and should not) mount the image at all. Simply provide the path to the ISO when setting up the VM in virt-manager.

Virt-manager install media selection page


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

PHP-FPM on Linux, SCHED_BATCH or SCHED_OTHER?

pepoluan asked:

I have a Linux webserver (Ubuntu 12.04, kernel 3.2.0) running Magento with quite a number of PHP-FPM child processes.

Since Magento is a heavy framework, I often see several child processes to baloon in CPU% (when viewed using htop) for several seconds before dropping out of the top N.

I have been reading about Linux CPU schedulers, and what I got was that SCHED_BATCH seems to give longer timeslices to processes than the default SCHED_OTHER.

Would it be beneficial if I change the schedulers for all PHP-FPM processes to SCHED_BATCH? Or am I misunderstanding the schedulers?


I answered:

After learning a little about SCHED_BATCH, I wouldn’t even attempt to benchmark it:

SCHED_BATCH also triggers much longer, batch-like
timeslices – the default SCHED_BATCH timeslice is 1.5 seconds.

SCHED_BATCH was clearly designed for very long running (hours or even days) compute-intensive jobs. Your jobs are only compute-intensive for seconds or fractions of seconds.

This pretty much makes it a no-go for a web server. And it would be worse if the database is on the same machine, as they might contend for one of those extra-long timeslices.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.