Convert an existing Windows installation to a Xen guest

January 19th, 2010

I’ve been dual booting Linux and Windows for as long as I’ve run Linux on the desktop. Recently I installed Xen on Ubuntu and subsequently decided to port my old Windows bare-metal install to a Xen domU.

Running Windows as a Xen domU has several advantages, the most obvious being the ability to access Windows while running Linux. Additionally, you can take advantage of features such as domain migration, save/restore and LVM snapshots.

In this article, I’ll walk through how I converted my existing Windows XP Professional bare-metal (normal) install to a Xen guest (domU). In my setup, the Xen dom0 is running on an LVM volume on a separate physical disk from the original Windows installation. I will show you how to move the original Windows installation to a LVM logical volume. You will need a retail or volume Windows license. Xen emulates different hardware that will cause you to have to reactivate Windows. An OEM license is not allowed to move hardware. While I’d argue the physical hardware is still the same, I’m sure there is some definition that says otherwise ;). Finally, I converted a Windows XP installation, but the same procedure should work with any NTFS-based Windows installation (Vista, 7, Server 2003, Server 2008).

Server Admin ,

Installing Xen on Ubuntu 9.10

January 16th, 2010

Recently I switched to Ubuntu as the primary operating system on my desktop machine. As part of the switch, I wanted to install Xen to virtualize some additional operating systems. Xen provides very good performance when virtualizing Linux distributions due to paravirtualization. The latest versions can also virtualize certain unmodified guest operating systems on processors that support virtualization.

In a Xen setup, the Xen hypervisor runs directly on the hardware (bare-metal). The first guest operating system (dom0) runs “on top” of Xen and has full access to the underlying hardware. Additional guests (domU) also run on top of the Xen hypervisor, but with limited access to the underlying hardware.

Converting an existing Ubuntu install to a Xen dom0 install requires installing the Xen hypervisor. In previous versions of Ubuntu this could easily be done using apt. Unfortunately no packages exist for Ubuntu 9.10 (Karmic Koala). In this post I’ll describe the steps I took to install Xen from source on Karmic. If you’d rather install via binary packages you’ll need to find a third-party repository.

Server Admin , ,

IPv6 support for qmail-jms1

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

IPv6 support in qmail

Supporting IPv6 in qmail largely revolves around DNS lookups. Patches for tcpserver and sslserver allow incoming connections over IPv6. In order to support IPv6 in qmail:

  • DNS lookups should prefer AAAA records, falling back to A records only if AAAA records are not available
  • All code referencing IP addresses should support IPv4 and IPv6 addresses
  • SPF queries should support IPv6 addresses

The fujiwara patch

A qmail IPv6 patch has existed since 2002 that covers the first two issues above. It is written to apply cleanly on the base qmail-1.03 distributed on Daniel Bernstein’s site. It does not include support for SPF queries as SPF is not included in the original version of qmail.

Server Admin ,

IPv6 support for jgreylist

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

jgreylist Changes

jgreylist is a program provided by John Simpson to allow greylisting in qmail. John provides two versions, one written in Perl, and one written in C. I chose to only patch the C version.

jgreylist works by using the unix timestamps of empty files to track when individual IP address or class C blocks last visited your qmail server. John does a great job of explaining how this works on his jgreylist page. You should understand how his program, especially the C version, works and is configured before continuing.

Server Admin ,

IPv6 support for sslserver

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

ucspi-ssl

The ucspi-ssl package provides the sslserver program. sslserver accepts incoming SSL connections and passes them to another program such as qmail-smtpd. sslserver is almost identical to tcpserver except that it deals with encrypted SSL traffic rather than clear text.

I could not find an IPv6 patch for sslserver, however I was able to port the tcpserver patch to sslserver. You can easily apply my ucspi-ssl-0.70-ipv6.patch:

$ wget http://www.superscript.com/ucspi-ssl/ucspi-ssl-0.70.tar.gz
$ wget http://www.bltweb.net/qmail/ucspi-ssl-0.70-ipv6.patch
$ tar -xzf ucspi-ssl-0.70.tar.gz
$ cd host/superscript.com/net/ucspi-ssl-0.70
$ patch -p1 < ../../../../ucspi-ssl-0.70-ipv6.patch
$ package/compile
$ sudo package/install

sslserver

To understand what the sslserver portion of the IPv6 patch does, you should be familiar with the sslserver man page and read about how tcpserver handles IPv6 on Fefe’s ucspi-tcp page. Essentially, if a client connects via IPv4, sslserver exhibits it’s normal behavior. If a client connects with IPv6, the PROTO environment variable will be set to “SSL6” instead of “SSL“.

Server Admin ,

IPv6 support for tcpserver and rblsmtpd

August 7th, 2009

This post is part of a series of posts dedicated to IPv6 support for qmail:

ucspi-tcp

The ucspi-tcp package provides the tcpserver and rblsmtpd programs. tcpserver accepts incoming TCP connections and passes them to another program such as qmail-smtpd. rblsmtpd blocks connections from RBL listed IPs.

Thanks to Fefe, a patch has been around for a while that adds IPv6 support to tcpserver. Fefe’s patch does not touch rblsmtpd, however.

I’ve modified Fefe’s patch to patch rblsmtpd as well. You can easily apply my ucspi-tcp-0.88-ipv6.patch:

$ wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
$ wget http://www.bltweb.net/qmail/ucspi-tcp-0.88-ipv6.patch
$ tar -xzf ucspi-tcp-0.88.tar.gz
$ cd ucspi-tcp-0.88
$ patch -p1 < ../ucspi-tcp-0.88-ipv6.patch
$ make
$ sudo make install

tcpserver

To understand what the tcpserver portion of the IPv6 patch does, you should read Fefe’s ucspi-tcp page. Essentially, if a client connects via IPv4, tcpserver exhibits it’s normal behavior. If a client connects with IPv6, the PROTO environment variable will be set to “TCP6“.

Server Admin ,

Qmail IPv6

August 7th, 2009

Adding IPv6 support to qmail can be a daunting task. A modern qmail system includes several different components, with various patches and configuration options for each. There are a few patches on the internet that claim to add IPv6 support for a specific component, but I had trouble finding patches for every piece of my qmail install.

I’m not trying to defend IPv6. I realize there are many people with strong feelings towards the subject, including qmail’s author. Switching to IPv6 is a monumental task. It may never happen, but something needs to – we can’t keep NATing forever.

Many software projects have already added support for IPv6. My Gentoo box has been on an IPv6 network, via Hurricane Electric’s free tunnel broker service for a while now. Mac OS X has support for IPv6, as do the latest versions of Windows. Even Windows XP can support IPv6 if enabled. Postfix, Exim, and Sendmail all support IPv6.

Server Admin , ,

FastCGI with a PHP opcode cache benchmarks

July 29th, 2009

In my previous post, I described how to implement FastCGI with a PHP opcode cache on an Apache webserver. My primary motivation for moving to FastCGI was to take advantage of the extra security provided by FastCGI with suEXEC over mod_php. In this post, I’ll compare the two environments and provide a few benchmark results.

Benchmark Setup

To compare mod_php to FastCGI with a PHP opcode cache, I used the ab tool on my desktop running PHP 5.3.0, mod_fastcgi 2.4.6 and Apache 2.2.11 on Gentoo linux. Apache had a limited number of modules enabled (actions alias authz_host dav deflate dir expires filter headers log_config mime rewrite setenvif status vhost_alias). The hardware consisted of a Intel Core2 Quad Q6600 (2 x 4MB L2 cache) with 2GB of RAM.

Server Admin , , , , , ,

FastCGI with a PHP APC Opcode Cache

July 7th, 2009

Hosting PHP web applications in a shared environment usually involves a choice between two exclusive options: host a fast application by using a persistent opcode cache, or host an application that your shared neighbors can’t snoop around or destroy. In this post I discuss a way to get the best of both worlds, by combining FastCGI with a single opcode cache per user.

This is a long post, ready to jump right in? Skip the history!

The evolution of mod_php to FastCGI

In the early days of all-you-can eat shared hosting, administrators served PHP via mod_php. mod_php loads the PHP interpreter into every web server process during server startup, thus alleviating the expense of starting an interpreter each time a script executes. This allowed executing PHP scripts relatively fast.

mod_php came with a few drawbacks:

Server Admin , , , ,

Using Doctrine 1.1 with Symfony 1.2

May 4th, 2009

I recently started a new project using the Symfony PHP Framework. I’ve used Symfony before and love it. In the past I’ve used Propel, but as Symfony now fully supports Doctrine and Doctrine looks very promising, I decided to give it a shot for my latest project.

Symfony 1.2 currently uses Doctrine 1.0. Doctrine 1.1 was released in March. Symfony 1.3 will support Doctrine 1.1, but won’t be released until November.

Since I’m starting a new project, I wanted to try to use the latest version of Doctrine. I’ll be honest, I don’t have a great reason for doing this other then the pain I went through migrating an old project (with lots of custom model stuff) from Propel 1.2 to Propel 1.3. I understand this is an apples to oranges comparison, however its the only motivation I’ve got. Feel free to stop reading now.

Web Applications ,