Difference between revisions of "User:Dennisvd@nikhef.nl/testbed"

From PDP/Grid Wiki
Jump to navigationJump to search
(begin mac os x section)
(→‎Ent, the Mac OS X host: add firewall links)
Line 82: Line 82:
 
== Ent, the Mac OS X host ==
 
== Ent, the Mac OS X host ==
  
To enable testing on Mac OS X, Apple hardware is required. This allows Mac OS X Server to be run as virtual machines. Please don't use ent for anything else, since it's a mere mac mini.
+
To enable testing on Mac OS X, Apple hardware is required. This allows Mac OS X Server to be run as virtual machines. Please don't use ent for anything else, since it's a mere mac mini. Its configuration is a little different from the other machines. [http://www.parallels.com/eu/products/desktop/ Parallels Desktop] is the virtualization solution ([http://www.vmware.com/products/fusion/ VMWare Fusion] doesn't appear to work because the cpu is too old).
  
Its configuration is a little different from the other machines. [http://www.parallels.com/eu/products/desktop/ Parallels Desktop] is the virtualization solution ([http://www.vmware.com/products/fusion/ VMWare Fusion] doesn't appear to work because the cpu is too old).
+
The Mac OS X firewall is <tt>[http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man8/ipfw.8.html ipfw]</tt> (see also [http://www.ibiblio.org/macsupport/ipfw/ here] and
 +
[http://www.macshadows.com/kb/index.php?title=Firewall_Tunning_on_Mac_OS_X here], and [http://osxfaq.com/ReaderReports/NAT_PPP/index.ws something] on <tt>[http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man8/natd.8.html nat]</tt>).

Revision as of 11:28, 16 November 2009

Diagram of the agile test bed

Hardware

The testbed currently consists of five physical machines: bleek, toom, kudde, span and ent.

name type #cores mem OS disk remarks
bleek Intel 5150 @2.66GHz 4 8GB CentOS4-64 software raid1 2×500GB disks High Availability, dual power supply
toom Intel E5440 @2.83GHz 8 16GB CentOS5-64 Hardware raid1 2×715GB disks
kudde Intel E5440 @2.83GHz 8 16GB CentOS5-64 Hardware raid1 2×715GB disks
span Intel E5440 @2.83GHz 8 24GB CentOS5-64 Hardware raid10 on 4×470GB disks (950GB net) DHCP,DNS,NFS,LDAP
ent Intel Core Duo @1.66GHz 1 2GB OS X 10.6 SATA 80GB OS X virtual machines using Parallels


Network

The network between these machines is a bit particular: They all live in the same VLAN (194.171.96.16/28) but they all have an extra alias interface in the 10.198.0.0/16 range. The Xen DomUs on each of the Xen machines that live in that address range are given connectivity to the other DomUs in the same VLAN without using NAT, and connectivity to the outside with SNAT. Here's an example of the iptables on span:

Chain POSTROUTING (policy ACCEPT 58M packets, 3693M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    any     10.198.0.0/16        194.171.96.16/28    
  436 63986 ACCEPT     all  --  any    any     10.198.0.0/16        10.198.0.0/16       
    1   190 SNAT       all  --  any    any     10.198.0.0/16        anywhere            to:194.171.96.28

So all traffic from a DomU on span will appear to have come from span to the outside.

Note that DomUs that have interfaces in the public address range do not need SNAT at all, they simply connect to the hosts xen bridge.

There is a separate network attached to each machine to allow IPMI management and Serial-Over-Lan.

Software Installation

The central machine in the network is span, it runs

  • dnsmasq for DNS and DHCP based on /etc/hosts and /etc/ethers
  • NFS server for the home directories and ssh and pem host keys

The other Xen machines, toom and kudde, run Xen 3.1. On these machines the creation and destruction of virtual machines is best left to the generate-machine and destroy-machine scripts, part of the nl.vl-e.poc.ctb.mktestbed software package.

Ent, the Mac OS X host

To enable testing on Mac OS X, Apple hardware is required. This allows Mac OS X Server to be run as virtual machines. Please don't use ent for anything else, since it's a mere mac mini. Its configuration is a little different from the other machines. Parallels Desktop is the virtualization solution (VMWare Fusion doesn't appear to work because the cpu is too old).

The Mac OS X firewall is ipfw (see also here and here, and something on nat).