niemueller.de::home niemueller.de
Open Software. Open Knowledge.




 

niemueller.de


Blog & News

Extending VM disk

Consider the following situation: a CentOS 6.2 host (this can also be Fedora or RHEL for that matter) using KVM to run virtual machines (VM). The host uses the Logical Volume Manager (LVM) as storage to create disks for the VMs. Now one of the machines needs more disk space then was originally envisioned and thus the space must be extended. The guest system in turn is also running CentOS 6.2 and itself using LVM to setup its storage.

So we have the following entities to deal with:
Host: The physical machine running CentOS 6.2 and KVM.
Guest: Virtual machine running in KVM.
vg_host/lv_vm: The logical volume on the host system which constitutes the disk drive of the Guest.
/dev/vda2: The second partition on the first virtio disk in the Guest. It contains the only physical volume used on the Guest.
vg_vm: The volume group on the Guest where the only physical volume is /dev/vda2.
vg_vm/lv_root: The logical volume in the Guest volume group which facilitates the root of Guest's filesystem.

To keep things simple we assume that there is only a single mount point for the Guest, i.e. /usr etc. are not split off onto own partitions or logical volumes. Replace vg_host, lv_vm, and vg_vm with the actual values from your system. vgdisplay and lvdisplay can help you to find out about it.

So the following steps are necessary to get more disk space into the VM.

  1. On Host: Extend vg_host/lv_vm
  2. On Guest Extend /dev/vda2 partition
  3. On Guest Extend /dev/vda2 physical volume
  4. On Guest Extend vg_vm/lv_root logical volume
  5. On Guest Extend vg_vm/lv_root file system

Therefore, execute the following steps.

0. Stop the VM:

virsh shutdown VM

1. On Host: Extend vg_host/lv_vm: this code extends by 10GB, change as appropriate, make sure there is enough free space left in the volume group.

lvresize -L+10G vg_host/lv_vm

2. On Guest Extend /dev/vda2 partition: This is critical, take special care! It is important to choose the proper starting cylinder. The suggested start might be wrong, therefore first print the current start and keep it. Sorry this is the German output, but you should be able to match it properly.

fdisk /dev/vda2
Befehl (m für Hilfe): p
   Gerät  boot.     Anfang        Ende     Blöcke   Id  System
/dev/vda1   *           3        1018      512000   83  Linux
Partition 1 endet nicht an einer Zylindergrenze.
/dev/vda2            1018       21391    10267648   8e  Linux LVM
Partition 2 endet nicht an einer Zylindergrenze.
Befehl (m für Hilfe): d
Partitionsnummer (1-4): 2

Befehl (m für Hilfe): n
Befehl  Aktion
   e      Erweiterte
   p      Primäre Partition (1-4)
p
Partitionsnummer (1-4): 2
Erster Zylinder (1-62415, Vorgabe: 1): 1018
Last Zylinder, +Zylinder or +size{K,M,G} (1018-62415, Vorgabe: 62415): 
Benutze den Standardwert 62415

Befehl (m für Hilfe): p

Platte /dev/vda: 32.2 GByte, 32212254720 Byte
16 Köpfe, 63 Sektoren/Spur, 62415 Zylinder
Einheiten = Zylinder von 1008 × 512 = 516096 Bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000407f8

   Gerät  boot.     Anfang        Ende     Blöcke   Id  System
/dev/vda1   *           3        1018      512000   83  Linux
Partition 1 endet nicht an einer Zylindergrenze.
/dev/vda2            1018       62415    30944136   83  Linux

You now need to reboot because the partition is currently in use.

3. On Guest Extend /dev/vda2 physical volume: extend to maximal size. Make sure you have rebooted your system or otherwise this won't work (even though it doesn't report any errors).

# pvresize /dev/vda2
  Physical volume "/dev/vda2" changed
  1 physical volume(s) resized / 0 physical volume(s) not resized

4. On Guest Extend vg_vm/lv_root logical volume

lvresize -l+100%FREE vg_vm/lv_root

5. On Guest Extend vg_vm/lv_root file system: this can be done while the file system is mounted and active. But you'd probably be screwed on a power failure or so.

resize2fs vg_vm/lv_root

Done! Now df -h should report the full space.

The long road to Kerberos/LDAP/NFSv4 and a shortcut

Recently we got a new server at university. It will replace the current file and authentication server which uses NIS and NFSv3. It provides us with a good opportunity to upgrade to something more secure and efficient. So I took on the journey to setup OpenLDAP as user directory, Kerberos for authentication, and NFSv4 for file sharing. But the way took a little time, only to find out later a shortcut which makes it almost a piece of cake. The long way still provides insightful information, therefore it's still useful to try it do-it-yourself style first.

Rather than writing yet another howto, I will link to documents that I used during the initial setup. The most relevant source is the Kerberos/LDAP/NFSv4 HOWTO. It describes the way pretty much step by step. If you want to replace NIS like us the Replacing NIS with Kerberos and LDAP HOWTO is a good read. We use CentOS 5.6 on the file server. The most common pitfall to run into then is that the NFS code there only supports weak ciphers. As client we used a Fedora 14 machine, which will only try strong ciphers by default (cf. for example Red Hat/Fedora bug reports #652273 and #573968). First edit /etc/krb5.conf and set allow_weak_crypto = yes in the [libdefaults] section. Then make sure to add -e des-cbc-crc:normal to the ktadd command to export keys to the keytab for the NFS service keys (nfs/host@REALM). It is described in the NFSv4 Kerberos Setup Guide, as well as the mentioned howto, but something to be easily missed and hard to diagnose when new to the system. The NFSv4 Linux FAQ provides some tips for NFS problems. Another document describes common Kerberos issues. When googling the Ubuntu NFSv4 HOWTO frequently comes up, but it does not provide much useful additional information.

Once I had it running I was pointed to FreeIPA. It is an integrated solution that combines the 389 directory server, Kerberos, and the Dogtag Certificate System with nice console administration tools and a helpful WebUI. I went straight for version 2.0.0 for which a new Enterprise Identity Management Guide is currently work in progress. FreeIPA 2.0.0 is not perfect, yet, and I had to report a few bugs, but it makes the overall process much easier. You still need to allo weak cryptos if CentOS/RHEL 5 is involved by yourself, IPA won't do that automatically for you. If you run into problems that the authentication fails (add -vvvvv as RPC idmapd and gssd/svcgssd flags to see this), wipe out the keys on both server and client and get new ones with the -e des-cbc-crc:normal for the NFS service keys! The nice people behind the project are extremely helpful if you ask nicely via IRC.

Have fun and enjoy secure authentication and encrypted file sharing as we hopefully will once the system is deployed.

Fawkes in Google Summer of Code 2011 with Fedora

Fawkes participates in the Google Summer of Code 2011 under the umbrella of the Fedora Project.

The Fedora Robotics SIG has completed the Fedora Robotics Suite, a set of robotics related software packages that are readily available in Fedora Linux. Fawkes is one prominent member of this package set. The original idea also envisioned creating an educational application, where a user would learn step by step to control a robot, then instruct, and finally program it. The project could not be completed due to a developer shortage.

The project has now been proposed as one possible candidate for the Google Summer of Code 2011 with the Fedora Project as mentoring organization. If you are a student with a background in robotics and experience in C++ software development please consider applying for this project. The Fedora Robotics SIG comprises many developers of upstream software projects providing a good way to get in touch with those projects. It will also be a very visible feature of the Fedora Robotics effort providing a good show case for later applications.

To apply please read information on the Fedora GSoC 2011 page and contact Tim Niemueller of the Fedora Robotics SIG.

UniMensa RWTH Datenbank wieder verfügbar

Die wöchentlich aktualisierte RWTH Mensa Datenbank ist nun wieder verfügbar. Vielen Dank an Holger Jeromin für das Beisteuern eines Scripts zum Auslesen der neuen Website des Studentenwerks.

Damit stehen die Mensapläne wieder für Palm und per WAP zur Verfügung, und auch andere Dienste wie das Aussenden per Skyper von der Amateurfunkgruppe der RWTH-Aachen sollten damit wieder funktionieren. Sollte es noch Probleme geben, bitte eine kurze Nachricht an mich.





Top 5 Pages
Wiki
WebLog
SquidGuard Webmin Module
Link Pile
Friends' blogs




Palm Software
UniMatrix UniMensa UniSorter
UniChat OHS Mobile Onager


My Bookshelf




Valid XHTML 1.1!

RSS Copyright © 2000-2009 by Tim Niemueller