Management of Virtual DICE

(This page is for computing staff. If you want to install Virtual DICE on your computer click here for help.)

The configuration of Virtual DICE is split between LCFG (in the form of DIY DICE), VirtualBox and manual configuration on the running virtual machines.

Prepare your DICE machine

Pick a DICE desktop and use it for your management of Virtual DICE. It will need:

  • The latest version of VirtualBox.
  • A bridge to your chosen self-managed subnet. The DIY DICE VM should be installed on one of the self-managed wires. The 164 subnet is assumed in these instructions, but another could be used instead, for example wire R (the 199 subnet). The host DICE machine will need a bridge to the same wire:
    /* Network bridge to SM164 for the DIY DICE VM */                               
    LCFG_NETWORK_ADD_VLAN(164,eth0)                                                 
    LCFG_NETWORK_ADD_BRIDGE(164)                                                    
    
It will also need (in this example) SM164 added to its switch port configuration so that the VLAN is provided to the machine.

Making a new Virtual DICE VM

If you need to make a change in the LCFG configuration of Virtual DICE VMs, it'll be easiest to do it by creating a fresh VM with a new name. Almost all the LCFG configuration is in a header so this isn't a radical step.

Create and configure a VirtualBox VM

First create the VM:

  1. In VirtualBox, click New
  2. Type in the name; choose Type Linux and Version Red Hat or Red Hat (64 bit). Click Next.
  3. Give it 2048MB of memory. Click Next.
  4. Select Create a virtual hard drive now. Click Create.
  5. Click Next and Next again.
  6. Click the folder icon and ensure that the disk image will be created in local disk space rather than AFS.
  7. Increase the hard disk size to 60GB. Click Create.

Then alter its VirtualBox settings:

  1. Click Settings.
  2. Click System. Untick Floppy and ensure that Hard Disk is above Optical in the boot order.
  3. Switch to a shell window and copy a recent DICE install CD image from the MPU AFS space to local disk space.
  4. Back in VirtualBox, Click Storage. Select the "Empty" disc under "Controller: IDE".
  5. From the little disc-icon menu on the right hand side choose Choose Virtual Optical Disk File....
  6. Select your local copy of the DICE install CD image.
  7. Click USB. Untick "Enable USB Controller".
  8. Click Network and change NAT to Bridged Adapter.
  9. Change the bridged adapter name to br164 (if you're using wire SM164, br199 for wire R, etc.).

While in the network settings, click Advanced and note the MAC address. Add this to the new VM's stub profile on the main LCFG servers.

Install DIY DICE

Virtual DICE uses DIY DICE. For general instructions see DIY DICE under VirtualBox and the DIY DICE wiki.

A backup of the LCFG configurations is kept in /afs/inf.ed.ac.uk/group/mp-unit/virtual_dice/diy_backup. Copy the files there to your own DIY DICE directories, and copy any changes or additions of your own back to the backup directory.

Install DIY DICE on your VM. Use a profile like this:

#define FIRST_INSTALL
#include <username/virtual-dice.h>
The rest of the LCFG settings are in virtual-dice.h.

If the install process doesn't manage to download the profile from the LCFG server and prompts you for a URL, type http://diydice.inf.ed.ac.uk/profiles

Post-installation configuration

A few post-installation steps are necessary before the image can be exported. Firstly change some VirtualBox settings:

  1. Shut down the DIY DICE machine.
  2. Click Settings then Storage.
  3. Highlight the DICE install CD and from the disc icon menu choose Remove disk from virtual drive.
  4. Click Network.
  5. Change Attached to: from Bridged Adapter to NAT.
  6. Click Advanced then Port Forwarding.
  7. Click + to create a new port forwarding rule.
  8. Give your rule a name; change the Protocol to UDP, and set Host Port and Guest Port to 88.
  9. Add similar rules (each needs a unique name) for UDP forwarding on port 750 and ports 7000 to 7008 inclusive.
  10. Click OK then OK again.

Next, seed the group and netgroup databases on the running machine, and set up a few other essentials:

  1. Boot the DIY DICE VM.
  2. Login with your DICE credentials, or login as guest (password guest) then kinit using your DICE credentials then aklog.
  3. sudo /etc/cron.daily/man-db.cron (This may take a while.)
  4. sudo /etc/cron.daily/mlocate (This may take a while.)
  5. sudo yum update (There's no need to actually let it install any packages. This step just stops yum from crashing on subsequent runs.)
  6. kdestroy; unlog
  7. Logout; shut down the VM.

Making an image

  1. Start up VirtualBox but don't boot the VM.
  2. Highlight your chosen VM in VirtualBox.
  3. From the File menu choose Export Appliance....
  4. Click Next.
  5. Check that the named file is in local disk space, not AFS, then click Next.
  6. Fill in a reasonable value for every field of the Appliance Settings screen. If you don't do this the exported VM won't work properly. The fields and suggested values are
    Name - e.g. vdice
    Product - Virtual DICE
    Product-URL - http://computing.help.inf.ed.ac.uk/vdice
    Vendor - School of Informatics, University of Edinburgh
    Vendor-URL - http://www.inf.ed.ac.uk
    Version - Today's date followed by the host name, e.g. 2017-10-02 rezzonico
    Description - Virtual DICE is School of Informatics DICE Linux adapted to run in a virtual machine.
    License - Some of the components of Virtual DICE may not be freely redistributable, so please don't share it outside of the School of Informatics at the University of Edinburgh.
  7. Click Export then go and make yourself a cup of tea as this step may take 15-30 minutes. Remember to export to a local filesystem such as /disk/scratch with plenty (~15GB) of free space.
  8. Copy the resulting .ova file to /afs/inf.ed.ac.uk/group/mp-unit/virtual_dice/images/new and rename it to vdice.ova.
  9. chmod 644 the file too.
  10. Generate the accompanying checksum file by running e.g. md5sum vdice.ova > vdice.md5sum
  11. Check the checksum: md5sum --check vdice.md5sum (It should reply e.g. vdice.ova: OK)

Testing a new image

After a new image is made, test it before release.

Find test computers. Try to test on Windows, Mac and Linux, e.g. Ubuntu. Ensure that each test machine's OS is up to date. Install VirtualBox or update it to the most recent version. Copy the image file to the test computer.

  • Does its MD5 checksum check correctly?
  • Does the image import into VirtualBox?
  • Several tests involve networking:
Expected results EdLAN external internet, no VPN external internet, Uni VPN Informatics network or OpenVPN No network
choice-yes = yes
choice-no = no
choice-cancel = don't even test this
Does the VM boot? choice-yes choice-yes choice-yes choice-yes choice-yes
Do you see a login screen? choice-yes choice-yes choice-yes choice-yes choice-yes
Can you log in as "guest"? choice-yes choice-yes choice-yes choice-yes choice-yes
Logged in as guest, can you kinit yourDICEaccount at INF.ED.AC.UK? choice-yes choice-yes choice-yes choice-yes choice-cancel
Can you then aklog then read and write from your AFS home directory?
Remember to kdestroy; unlog afterwards.
choice-yes choice-yes choice-yes choice-yes choice-cancel
Can you sudo update-vdice --software ? Check the client, file and updaterpms component logs. choice-no choice-no choice-no choice-yes choice-cancel
  • Does df -h -t ext4 in the VM show a reasonable amount of free space?

Releasing the image

(After having tested it successfully and having copied it to /afs/inf.ed.ac.uk/group/mp-unit/virtual_dice/images/new)
  1. cd /afs/inf.ed.ac.uk/group/mp-unit/virtual_dice/images
  2. rm old/*
  3. mv * old
  4. mv new/* .
  5. Add your release to the list of releases.
  6. Blog about it in the systems blog (here's an example)
  7. Send an announcement and a pointer to your blog article to sys-announce.

Changing an existing Virtual DICE VM

You can make manual changes to a Virtual DICE VM by importing the exported image to VirtualBox; logging in; making whatever changes you want to; then re-exporting the image.

LCFG and package changes can be done in a similar manner, as long as the host appears to be on the Informatics network - so external hosts should be running OpenVPN.

  1. Make whatever LCFG profile changes may be necessary.
  2. Start OpenVPN on the host if its network connection is outside the Informatics firewall.
  3. Boot the VM.
  4. Login.
  5. om client run and ensure that the new profile has been picked up.
  6. om updaterpms run -- -f to make all package changes.
  7. Restart the VM.
  8. Login and nsu.
  9. locallogin username then rm /var/db/passwd.db to update group and netgroup information.
  10. Then shut down the VM and export it as before.

Package exclusions

Various DICE packages are excluded from Virtual DICE. The current list of excluded packages is a combination of obviously commercial packages and those with 'Commercial' in their Licence field. List them using this command on DICE:

rpm -qa --qf "%-30{NAME}%{LICENSE}\n"|grep -i commercial
Package exclusions are in two groups in virtual-dice.h. Those packages excluded by means of a #define are at the top of the file; those excluded using profile.packages are further down. If you change the list of excluded packages, remember also to change the corresponding documentation.
Topic revision: r49 - 12 Sep 2019 - 14:17:51 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies