Oracle 12c RAC ASM Flex Cluster on LXC Linux Containers Ubuntu 14.10

Contents

  1. 1 Updated Begin for Ubuntu 15.04 2015-05-16
    1. 1.1 Update End for Ubuntu 15.04 2015-05-16
  2. 2 Design Assumptions
  3. 3 Definitions
  4. 4 Design Features
  5. 5 Install Synaptic Package Manager (optional)
  6. 6 Install Oracle Ksplice (optional)
    1. 6.1 Install Pre-requisite Packages for Oracle KSplice
    2. 6.2 Download Oracle KSplice Uptrack
    3. 6.3 Install Oracle KSplice Uptrack
    4. 6.4 Test KSplice GUI
  7. 7 Update Fresh Installation (optional)
  8. 8 Install LXC, OpenvSwitch, and UML-Utilities Packages
  9. 9 Install DNS and DHCP packages
  10. 10 Install OpenvSwitch Configuration Scripts
    1. 10.1 Update Ubuntu 15.04 2015-05-16
    2. 10.2 Update End Ubuntu 15.04 2015-05-16
  11. 11 Setup DNS and DHCP for System
    1. 11.1 Backup DNS Default Configuration Files and Install Downloaded Versions
    2. 11.2 Backup DHCP Default Configuration Files
    3. 11.3 Update Begin Ubuntu 15.04 2015-05-16
    4. 11.4 Install Downloaded DHCP Files
    5. 11.5 Update Begin Ubuntu 15.04 2015-05-16
    6. 11.6 Update End Ubuntu 15.04 2015-05-16
    7. 11.7 Update DHCP Configuration Files with Correct RNDC Key
    8. 11.8 Set Ownership and Permissions of DHCP Configuration Files
    9. 11.9 Install DNS Forward and Reverse Zone Configuration Files
    10. 11.10 Edit DNS Forward and Reverse Zone Files
    11. 11.11 Update Begin Ubuntu 15.04 2015-05-16
    12. 11.12 Update End Ubuntu 15.04 2015-05-16
    13. 11.13 Configure dnsmasq-base
    14. 11.14 Update Begin Ubuntu 15.04 2015-05-16
    15. 11.15 Update End Ubuntu 15.04 2015-05-16
    16. 11.16 Configure /etc/network/interfaces
    17. 11.17 Configure /etc/sysctl.conf
    18. 11.18 Install and Configure Required Apparmor Package
    19. 11.19 Add Settings to /etc/sysctl.conf File
  12. 12 Restart DNS and DHCP to Verify Configuration
    1. 12.1 Update Begin Ubuntu 15.04 2015-05-16
  13. 13 Create Oracle Enteprise Linux 6.5 LXC Linux Container
    1. 13.1 Install Ubuntu rpm and yum Packages
    2. 13.2 Install Ubuntu yum Package
    3. 13.3 Create LXC Container
  14. 14 Configure LXC Container for OpenvSwitch Networking
    1. 14.1 Edit LXC Container config File for OpenvSwitch
    2. 14.2 Create Additional Required Networking Files
    3. 14.3 Configure dhclient.conf File
    4. 14.4 Verify Container Operation on DHCP and DNS with OpenvSwitch
    5. 14.5 Verify Container on OpenvSwitch Network
    6. 14.6 Verify Container /etc/resolv.conf Correct Dynamic Formatting
    7. 14.7 Install Package "bind-utils" into LXC Container
    8. 14.8 Run nslookup Tests in LXC Container to Verify DNS Resolutions
    9. 14.9 Run Various Status Commands on Container
  15. 15 Create File Management Links
This blog post is intended to be a complete, comprehensive step-by-step how-to for installing Oracle 12c RAC GNS ASM Flex Cluster on Ubuntu 14.10 using Oracle Enterprise Linux 6.5 LXC Linux Containers and OpenvSwitch. 

Updated Begin for Ubuntu 15.04 2015-05-16

I recently upgraded my laptop to Ubuntu 15.04 and there were a few issues which were resolved which had to do with SCST.  The cpu_mask issue is a reported bug in SCST.  Bart Van Assche responded back to my SCST list server enquiry with the following information:

Until June 2014 there was a bug in the SCST code for parsing cpu masks. You may have hit that bug.  Updating to SCST trunk r5596 or later or to the latest version of the  SCST 3.0 branch should resolve the issue related to parsing cpu masks.

Update End for Ubuntu 15.04 2015-05-16

This guide is also a de-facto recipe for creating an OpenvSwitch-based Ubuntu Linux [ desktop | laptop ] networking environment that accomplishes a number of key goals as enumerated below.

Design Assumptions

This set of procedures has been tested and built on a fresh install of the following Ubuntu distributions.  Installation on matching Ubuntu installations which have been running for a few months or years and have been customized could possibly introduce variations of existing configuration that could cause the steps described in this blog to have results different from the desired and expected results, YMMV.   This blog to reiterate assumes a fresh install of the following distributions, and has been built and tested successfully on all of the following distributions of Ubuntu Linux.
  • Ubuntu 14.04 64-bit desktop edition
  • Ubuntu 14.10 64-bit desktop edition
  • Ubuntu 15.04 64-bit desktop edition

Note, if installing Ubuntu 14.04 or 14.10 fresh for this work, do NOT accept the "download updates during install" option.  The reason is because these updates contain a number of CVE kernel security updates, and this procedure uses the post install Ubuntu CVE updates to check and verify correct operation of Oracle Ksplice, so, in other words, Oracle Ksplice will handle the post-install CVE kernel security updates.  Once KSplice operation has been so verified, Ubuntu Software Updater can be used for updates going forward as normal.  Oracle KSplice can be used for urgent CVE kernel security updates with zero downtime as needed.

Definitions

DEU   

Density and elasticity unit.  What formerly was called a "VM" but which now, with the advent of Linux Containers, requires imho a new term which includes density and elasticity solutions such as LXC which do not use hardware virtualization and as such are not "machines" at all.  So in this blog, a "DEU" will be used as the all-inclusive term to describe a single "VM" or "LXC Linux Container".

VM

A type of DEU which uses a hypervisor to virtualize (emulate using software) the hardware layers of an actual physical machine and provides what is often called a "guest" operating system.

LXC

The term LXC will be used interchangeably according to context to either mean the software called LXC which is a Linux Container software in the same category as OpenVZ and others, and in other contexts, LXC may be used to denote a specific single LXC DEU which is running on LXC software.

Design Features

  1. No changes to Ubuntu dnsmasq-base default network, i.e is a pure add-on networking overlay;
  2. Does not require any changes to Ubuntu NetworkManager or to default Ubuntu networking;
  3. Does not require any removal of Linux Bridge software;
  4. No physical interfaces directly to the OpenvSwitch (iptables/NAT/masq for external address resolution);
  5. Allows external interface switching on LXC containers are running with NO loss of www DNS resolution;
  6. Automatic internet-connected interface (eth0, wlan0, bnep0) detection and connection to OpenvSwitch;
  7. Uses OpenvSwitch as the networking solution for LXC, KVM and VirtualBox DEUs;
  8. Uses bind9 for OpenvSwitch DNS;
  9. Uses isc-dhcp-server for OpenvSwitch DHCP services;
  10. Integrates DNS and DHCP to update DNS automatically when new DEUs are added;
  11. Uses the built-in Ubuntu dnsmasq-base for Ubuntu default networking.
  12. Because it's LXC, VT-d and VT-x are NOT needed so older laptops and desktops without VT-d/x should be able to run LXC
The installation of bind9 is constructed so as not to interfere with the default Ubuntu desktop; that is, both bind9 and dnsmasq-base coexist peacefully and successfully so that even with the OpenvSwitch and bind9 installed, all the features of Ubuntu NetworkManager are preserved, including use of WIFI network manager, VPN manager, and in general ALL default and configurable features of Ubuntu NetworkManager. 

Install Synaptic Package Manager (optional)

Synaptic Package Manager is not required, but has some very nice features so it can be installed.  It was the GUI for package management in Ubuntu Linux desktop prior to the introduction of the "Ubuntu Software Manager".  Both tools can coexist, and synaptic can sometimes be very useful for some tasks.

gstanden@W520:~$ sudo apt-get install synaptic
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following extra packages will be installed:
  docbook-xml libcairo-perl libept1.4.12 libglib-perl libgtk2-perl libpango-perl librarian0 rarian-compat sgml-data
Suggested packages:
  docbook docbook-dsssl docbook-xsl docbook-defguide libfont-freetype-perl libgtk2-perl-doc perlsgml w3-recs opensp libxml2-utils dwww menu deborphan tasksel
The following NEW packages will be installed:
  docbook-xml libcairo-perl libept1.4.12 libglib-perl libgtk2-perl libpango-perl librarian0 rarian-compat sgml-data synaptic
0 upgraded, 10 newly installed, 0 to remove and 79 not upgraded.
Need to get 3,396 kB of archives.
After this operation, 17.5 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu/ utopic/main libept1.4.12 amd64 1.0.12 [142 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu/ utopic/main sgml-data all 2.0.9-1 [277 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ utopic/main docbook-xml all 4.5-7.2 [336 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu/ utopic/universe libcairo-perl amd64 1.104-1build1 [91.9 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu/ utopic/universe libglib-perl amd64 3:1.305-1build1 [334 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu/ utopic/universe libpango-perl amd64 1.226-1build1 [187 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu/ utopic/universe libgtk2-perl amd64 2:1.2492-2 [560 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu/ utopic/main librarian0 amd64 0.8.1-6 [50.4 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu/ utopic/main rarian-compat amd64 0.8.1-6 [55.7 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu/ utopic/universe synaptic amd64 0.81.2 [1,361 kB]
Fetched 3,396 kB in 3s (884 kB/s)     
Selecting previously unselected package libept1.4.12:amd64.
(Reading database ... 169725 files and directories currently installed.)
Preparing to unpack .../libept1.4.12_1.0.12_amd64.deb ...
Unpacking libept1.4.12:amd64 (1.0.12) ...
Selecting previously unselected package sgml-data.
Preparing to unpack .../sgml-data_2.0.9-1_all.deb ...
Unpacking sgml-data (2.0.9-1) ...
Selecting previously unselected package docbook-xml.
Preparing to unpack .../docbook-xml_4.5-7.2_all.deb ...
Unpacking docbook-xml (4.5-7.2) ...
Selecting previously unselected package libcairo-perl.
Preparing to unpack .../libcairo-perl_1.104-1build1_amd64.deb ...
Unpacking libcairo-perl (1.104-1build1) ...
Selecting previously unselected package libglib-perl.
Preparing to unpack .../libglib-perl_3%3a1.305-1build1_amd64.deb ...
Unpacking libglib-perl (3:1.305-1build1) ...
Selecting previously unselected package libpango-perl.
Preparing to unpack .../libpango-perl_1.226-1build1_amd64.deb ...
Unpacking libpango-perl (1.226-1build1) ...
Selecting previously unselected package libgtk2-perl.
Preparing to unpack .../libgtk2-perl_2%3a1.2492-2_amd64.deb ...
Unpacking libgtk2-perl (2:1.2492-2) ...
Selecting previously unselected package librarian0.
Preparing to unpack .../librarian0_0.8.1-6_amd64.deb ...
Unpacking librarian0 (0.8.1-6) ...
Selecting previously unselected package rarian-compat.
Preparing to unpack .../rarian-compat_0.8.1-6_amd64.deb ...
Unpacking rarian-compat (0.8.1-6) ...
Selecting previously unselected package synaptic.
Preparing to unpack .../synaptic_0.81.2_amd64.deb ...
Unpacking synaptic (0.81.2) ...
Processing triggers for sgml-base (1.26+nmu4ubuntu1) ...
Processing triggers for man-db (2.7.0.2-2) ...
Processing triggers for doc-base (0.10.6) ...
Scrollkeeper was installed, forcing re-registration of all documents.
Unregistering 34 doc-base files, re-registering 34 doc-base files...
Registering documents with scrollkeeper...
Processing triggers for gnome-menus (3.10.1-0ubuntu2) ...
Processing triggers for desktop-file-utils (0.22-1ubuntu2) ...
Processing triggers for bamfdaemon (0.5.1+14.10.20140925-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for mime-support (3.55ubuntu1) ...
Processing triggers for hicolor-icon-theme (0.13-1) ...
Setting up libept1.4.12:amd64 (1.0.12) ...
Setting up sgml-data (2.0.9-1) ...
Setting up libcairo-perl (1.104-1build1) ...
Setting up libglib-perl (3:1.305-1build1) ...
Setting up libpango-perl (1.226-1build1) ...
Setting up libgtk2-perl (2:1.2492-2) ...
Setting up librarian0 (0.8.1-6) ...
Setting up synaptic (0.81.2) ...
Processing triggers for sgml-base (1.26+nmu4ubuntu1) ...
Setting up docbook-xml (4.5-7.2) ...
Processing triggers for sgml-base (1.26+nmu4ubuntu1) ...
Setting up rarian-compat (0.8.1-6) ...
Processing triggers for libc-bin (2.19-10ubuntu2) ...
gstanden@W520:~$

Install Oracle Ksplice (optional)

Oracle Ksplice is a free product for Ubuntu Linux which allows updates of kernel software with no downtime.  Oracle Ksplice is not required for this project, but as Wim Coaekerts has pointed out here, Oracle Ksplice is likely to play a big role for organizations using Linux Containers, because Ksplice allows zero downtime kernel security patching.  So it is included in this blog as part of this build, especially since Ksplice is free to install and use the service for Ubuntu Linux.

Oracle Ksplice will be a key part of any LXC Linux Container deployment because it allows all LXC Containers to continue running during security updates to the single kernel used by all LXC containers on the system. Installation of Ksplice for Ubuntu 14.10 is detailed here

Note, however, that I found that the instructions given at that link DO NOT work for Ubuntu 14.04 nor for Ubuntu 14.10 desktops.  In particular, the Oracle agreement popups do not launch from the Ubuntu Software Manager.  Thus KSplice must be installed as shown below.  Along the way a couple of screens will appear that require accepting license terms etc.  Accept the terms and continue.  KSplice Uptrack is successfully installed.  Installing KSplice I found required attempting to install using Ubuntu Software Center, which fails (screen goes gray), then killing the Ubuntu Software Center screen (force quit) and then running the install with dpkg -i command.  There's probably a better way but this works.

Install Pre-requisite Packages for Oracle KSplice

Next install the pre-requisite packages for KSplice.  Some of them will already be present, but issue the command with all of them to be sure to get all required Ksplice pre-requisite packages installed.

gstanden@W520:~/Downloads$ sudo apt-get install python python-support debconf python-yaml uuid-runtime gnupg python-pycurl lsb-base python-gtk2 python-glade2 gksu dbus dbus-x11 python-dbus consolekit librsvg2-common module-init-tools lsb-release dmidecode iproute util-linux cron debconf curl

Reading package lists... Done
Building dependency tree      
Reading state information... Done
cron is already the newest version.
debconf is already the newest version.
dmidecode is already the newest version.
gnupg is already the newest version.
iproute is already the newest version.
librsvg2-common is already the newest version.
lsb-base is already the newest version.
lsb-release is already the newest version.
module-init-tools is already the newest version.
python is already the newest version.
python-dbus is already the newest version.
python-gtk2 is already the newest version.
util-linux is already the newest version.
uuid-runtime is already the newest version.
The following extra packages will be installed:
  libck-connector0 libcurl3 libgksu2-0 libglade2-0 libpam-ck-connector libyaml-0-2
Suggested packages:
  python-gtk2-doc libcurl4-gnutls-dev python-pycurl-dbg python-pycurl-doc
The following NEW packages will be installed:
  consolekit curl gksu libck-connector0 libgksu2-0 libglade2-0 libpam-ck-connector libyaml-0-2 python-glade2 python-pycurl python-support python-yaml
The following packages will be upgraded:
  dbus dbus-x11 libcurl3
3 upgraded, 12 newly installed, 0 to remove and 76 not upgraded.
Need to get 1,028 kB of archives.
After this operation, 2,962 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu/ utopic/main libck-connector0 amd64 0.4.6-5 [8,784 B]
Get:2 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main libcurl3 amd64 7.37.1-1ubuntu3.1 [178 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ utopic/main libglade2-0 amd64 1:2.6.4-2 [44.6 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu/ utopic/main libyaml-0-2 amd64 0.1.6-1 [47.4 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main dbus amd64 1.8.8-1ubuntu2.1 [243 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu/ utopic/main consolekit amd64 0.4.6-5 [77.3 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main curl amd64 7.37.1-1ubuntu3.1 [126 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main dbus-x11 amd64 1.8.8-1ubuntu2.1 [21.3 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu/ utopic/universe libgksu2-0 amd64 2.0.13~pre1-6ubuntu7 [72.1 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu/ utopic/universe gksu amd64 2.0.2-6ubuntu2 [27.8 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu/ utopic/main libpam-ck-connector amd64 0.4.6-5 [7,616 B]
Get:12 http://us.archive.ubuntu.com/ubuntu/ utopic/main python-glade2 amd64 2.24.0-3ubuntu3 [8,744 B]
Get:13 http://us.archive.ubuntu.com/ubuntu/ utopic/universe python-support all 1.0.15 [26.7 kB]
Get:14 http://us.archive.ubuntu.com/ubuntu/ utopic/main python-yaml amd64 3.11-1 [103 kB]
Get:15 http://us.archive.ubuntu.com/ubuntu/ utopic/main python-pycurl amd64 7.19.5-3ubuntu1 [36.2 kB]
Fetched 1,028 kB in 3s (262 kB/s)       
Selecting previously unselected package libck-connector0:amd64.
(Reading database ... 170668 files and directories currently installed.)
Preparing to unpack .../libck-connector0_0.4.6-5_amd64.deb ...
Unpacking libck-connector0:amd64 (0.4.6-5) ...
Preparing to unpack .../libcurl3_7.37.1-1ubuntu3.1_amd64.deb ...
Unpacking libcurl3:amd64 (7.37.1-1ubuntu3.1) over (7.37.1-1ubuntu3) ...
Selecting previously unselected package libglade2-0:amd64.
Preparing to unpack .../libglade2-0_1%3a2.6.4-2_amd64.deb ...
Unpacking libglade2-0:amd64 (1:2.6.4-2) ...
Selecting previously unselected package libyaml-0-2:amd64.
Preparing to unpack .../libyaml-0-2_0.1.6-1_amd64.deb ...
Unpacking libyaml-0-2:amd64 (0.1.6-1) ...
Preparing to unpack .../dbus_1.8.8-1ubuntu2.1_amd64.deb ...
Unpacking dbus (1.8.8-1ubuntu2.1) over (1.8.8-1ubuntu2) ...
Selecting previously unselected package consolekit.
Preparing to unpack .../consolekit_0.4.6-5_amd64.deb ...
Unpacking consolekit (0.4.6-5) ...
Selecting previously unselected package curl.
Preparing to unpack .../curl_7.37.1-1ubuntu3.1_amd64.deb ...
Unpacking curl (7.37.1-1ubuntu3.1) ...
Preparing to unpack .../dbus-x11_1.8.8-1ubuntu2.1_amd64.deb ...
Unpacking dbus-x11 (1.8.8-1ubuntu2.1) over (1.8.8-1ubuntu2) ...
Selecting previously unselected package libgksu2-0.
Preparing to unpack .../libgksu2-0_2.0.13~pre1-6ubuntu7_amd64.deb ...
Unpacking libgksu2-0 (2.0.13~pre1-6ubuntu7) ...
Selecting previously unselected package gksu.
Preparing to unpack .../gksu_2.0.2-6ubuntu2_amd64.deb ...
Unpacking gksu (2.0.2-6ubuntu2) ...
Selecting previously unselected package libpam-ck-connector:amd64.
Preparing to unpack .../libpam-ck-connector_0.4.6-5_amd64.deb ...
Unpacking libpam-ck-connector:amd64 (0.4.6-5) ...
Selecting previously unselected package python-glade2.
Preparing to unpack .../python-glade2_2.24.0-3ubuntu3_amd64.deb ...
Unpacking python-glade2 (2.24.0-3ubuntu3) ...
Selecting previously unselected package python-support.
Preparing to unpack .../python-support_1.0.15_all.deb ...
Unpacking python-support (1.0.15) ...
Selecting previously unselected package python-yaml.
Preparing to unpack .../python-yaml_3.11-1_amd64.deb ...
Unpacking python-yaml (3.11-1) ...
Selecting previously unselected package python-pycurl.
Preparing to unpack .../python-pycurl_7.19.5-3ubuntu1_amd64.deb ...
Unpacking python-pycurl (7.19.5-3ubuntu1) ...
Processing triggers for ureadahead (0.100.0-16) ...
ureadahead will be reprofiled on next reboot
Processing triggers for man-db (2.7.0.2-2) ...
Processing triggers for gconf2 (3.2.6-2ubuntu1) ...
Processing triggers for gnome-menus (3.10.1-0ubuntu2) ...
Processing triggers for desktop-file-utils (0.22-1ubuntu2) ...
Processing triggers for bamfdaemon (0.5.1+14.10.20140925-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for mime-support (3.55ubuntu1) ...
Setting up libck-connector0:amd64 (0.4.6-5) ...
Setting up libcurl3:amd64 (7.37.1-1ubuntu3.1) ...
Setting up libglade2-0:amd64 (1:2.6.4-2) ...
Setting up libyaml-0-2:amd64 (0.1.6-1) ...
Setting up dbus (1.8.8-1ubuntu2.1) ...
Installing new version of config file /etc/init.d/dbus ...
Setting up curl (7.37.1-1ubuntu3.1) ...
Setting up libgksu2-0 (2.0.13~pre1-6ubuntu7) ...
update-alternatives: using /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo to provide /usr/share/gconf/defaults/10_libgksu (libgksu-gconf-defaults) in auto mode
Setting up libpam-ck-connector:amd64 (0.4.6-5) ...
Setting up python-glade2 (2.24.0-3ubuntu3) ...
Setting up python-support (1.0.15) ...
Setting up python-yaml (3.11-1) ...
Setting up python-pycurl (7.19.5-3ubuntu1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up consolekit (0.4.6-5) ...
Setting up dbus-x11 (1.8.8-1ubuntu2.1) ...
Processing triggers for gconf2 (3.2.6-2ubuntu1) ...
Setting up gksu (2.0.2-6ubuntu2) ...
Processing triggers for libc-bin (2.19-10ubuntu2) ...
Processing triggers for dbus (1.8.8-1ubuntu2.1) ...

gstanden@W520:~/Downloads$

Download Oracle KSplice Uptrack

Now download the KSplice Uptrack *.deb package from the Ksplice website.  Download it but do not install it (do not use Ubuntu Software Installer option).  The installation will be done manually using the "dpkg -i" command as shown below.

gstanden@W520:~/Downloads$ ls -lrt
-rw-rw-r-- 1 gstanden gstanden 250832 Dec 25 22:54 ksplice-uptrack.deb

Install Oracle KSplice Uptrack

Now install KSplice using "dpkg -i" command as shown below.

gstanden@W520:~/Downloads$ sudo dpkg -i ksplice-uptrack.deb

Selecting previously unselected package ksplice-uptrack.
(Reading database ... 170869 files and directories currently installed.)
Preparing to unpack ksplice-uptrack.deb ...
Unpacking ksplice-uptrack (1.2.23-1~ubuntu14.10) ...
Setting up ksplice-uptrack (1.2.23-1~ubuntu14.10) ...
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Adding 'diversion of /sbin/modprobe to /sbin/modprobe.ksplice-orig by ksplice-uptrack'
Adding 'diversion of /sbin/depmod to /sbin/depmod.ksplice-orig by ksplice-uptrack'
Adding 'diversion of /usr/share/update-notifier/notify-reboot-required to /usr/share/update-notifier/notify-reboot-required.ksplice-orig by ksplice-uptrack'
Adding 'diversion of /etc/kerneloops.conf to /etc/kerneloops.conf.ksplice-orig by ksplice-uptrack'
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
 * Restarting Kernel Oops catching service kerneloops                    [ OK ]
OK
Processing triggers for ureadahead (0.100.0-16) ...
Processing triggers for hicolor-icon-theme (0.13-1) ...
Processing triggers for gnome-menus (3.10.1-0ubuntu2) ...
Processing triggers for desktop-file-utils (0.22-1ubuntu2) ...
Processing triggers for bamfdaemon (0.5.1+14.10.20140925-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for mime-support (3.55ubuntu1) ...
Processing triggers for man-db (2.7.0.2-2) ...
Processing triggers for python-support (1.0.15) ...

gstanden@W520:~/Downloads$

Test KSplice GUI

Test Ksplice using the GUI tool and see if it finds any updates that are needed.  As shown below, KSplice locates CVE kernel security updates that are available and queues them up for installation.


As usual, Ubuntu requires authentication to run a privileged app.  Enter your linux account password and press "authenticate".


Oracle KSplice Uptrack installs all updates and indicates which updates are currently installing on the progress bar as shown below.


Oracle KSplice Uptrack reports on the GUI that kernel is now fully updated and all CVE have been applied as shown below.  Review the updates and press "close".

Update Fresh Installation (optional)

If this is a fresh install, then update Ubuntu software to get all most recent updates using the Software Updater app or "sudo apt-get update".  If this is not a fresh install, optionally check for updates using the same steps.

Install LXC, OpenvSwitch, and UML-Utilities Packages

Now install other required packages as shown below.

gstanden@W520:~$ sudo apt-get install lxc uml-utilities openvswitch-switch
[sudo] password for gstanden:
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following extra packages will be installed:
  bridge-utils cloud-image-utils debootstrap distro-info distro-info-data euca2ools libaio1 libboost-thread1.55.0 liblxc1 librados2 librbd1 libseccomp2 lxc-templates
  openvswitch-common python-distro-info python-requestbuilder python-requests python-setuptools python-urllib3 python3-lxc qemu-utils sharutils uidmap
Suggested packages:
  shunit2 btrfs-tools lxctl qemu-user-static openvswitch-datapath-module bsd-mailx mailx user-mode-linux
The following NEW packages will be installed:
  bridge-utils cloud-image-utils debootstrap distro-info distro-info-data euca2ools libaio1 libboost-thread1.55.0 liblxc1 librados2 librbd1 libseccomp2 lxc
  lxc-templates openvswitch-common openvswitch-switch python-distro-info python-requestbuilder python-requests python-setuptools python-urllib3 python3-lxc qemu-utils
  sharutils uidmap uml-utilities
0 upgraded, 26 newly installed, 0 to remove and 0 not upgraded.
Need to get 5,711 kB of archives.
After this operation, 25.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu/ utopic/main libaio1 amd64 0.3.110-1 [6,454 B]
Get:2 http://us.archive.ubuntu.com/ubuntu/ utopic/main libboost-thread1.55.0 amd64 1.55.0+dfsg-1ubuntu3 [27.4 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ utopic/main libseccomp2 amd64 2.1.1-1 [26.3 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu/ utopic/main liblxc1 amd64 1.1.0~alpha2-0ubuntu3 [173 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main librados2 amd64 0.80.7-0ubuntu0.14.10.1 [1,582 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main librbd1 amd64 0.80.7-0ubuntu0.14.10.1 [355 kB]

Get:7 http://us.archive.ubuntu.com/ubuntu/ utopic/main python-urllib3 all 1.8.3-1 [43.9 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu/ utopic/main python-requests all 2.3.0-1 [191 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu/ utopic/main python-requestbuilder all 0.1.0-1 [25.5 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu/ utopic/main bridge-utils amd64 1.5-7ubuntu1 [29.1 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu/ utopic/main distro-info-data all 0.23 [4,032 B]
Get:12 http://us.archive.ubuntu.com/ubuntu/ utopic/main distro-info amd64 0.14 [20.1 kB]
Get:13 http://us.archive.ubuntu.com/ubuntu/ utopic/main python-setuptools all 5.5.1-1 [218 kB]
Get:14 http://us.archive.ubuntu.com/ubuntu/ utopic/main euca2ools all 3.0.2-1ubuntu1 [251 kB]
Get:15 http://us.archive.ubuntu.com/ubuntu/ utopic/main python3-lxc amd64 1.1.0~alpha2-0ubuntu3 [20.3 kB]
Get:16 http://us.archive.ubuntu.com/ubuntu/ utopic/main lxc amd64 1.1.0~alpha2-0ubuntu3 [509 kB]
Get:17 http://us.archive.ubuntu.com/ubuntu/ utopic/main lxc-templates amd64 1.1.0~alpha2-0ubuntu3 [63.1 kB]
Get:18 http://us.archive.ubuntu.com/ubuntu/ utopic/main python-distro-info all 0.14 [8,200 B]
Get:19 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main qemu-utils amd64 2.1+dfsg-4ubuntu6.3 [426 kB]
Get:20 http://us.archive.ubuntu.com/ubuntu/ utopic/main sharutils amd64 1:4.14-2 [146 kB]
Get:21 http://us.archive.ubuntu.com/ubuntu/ utopic/main uidmap amd64 1:4.1.5.1-1.1ubuntu2 [63.0 kB]
Get:22 http://us.archive.ubuntu.com/ubuntu/ utopic/main cloud-image-utils all 0.27-0ubuntu10 [25.8 kB]
Get:23 http://us.archive.ubuntu.com/ubuntu/ utopic/main debootstrap all 1.0.64 [30.0 kB]
Get:24 http://us.archive.ubuntu.com/ubuntu/ utopic/main openvswitch-common amd64 2.1.3-0ubuntu1 [488 kB]
Get:25 http://us.archive.ubuntu.com/ubuntu/ utopic/main openvswitch-switch amd64 2.1.3-0ubuntu1 [919 kB]
Get:26 http://us.archive.ubuntu.com/ubuntu/ utopic/universe uml-utilities amd64 20070815-1.3ubuntu1 [61.9 kB]
Fetched 5,711 kB in 35s (161 kB/s)            
Selecting previously unselected package libaio1:amd64.
(Reading database ... 200362 files and directories currently installed.)
Preparing to unpack .../libaio1_0.3.110-1_amd64.deb ...
Unpacking libaio1:amd64 (0.3.110-1) ...
Selecting previously unselected package libboost-thread1.55.0:amd64.
Preparing to unpack .../libboost-thread1.55.0_1.55.0+dfsg-1ubuntu3_amd64.deb ...
Unpacking libboost-thread1.55.0:amd64 (1.55.0+dfsg-1ubuntu3) ...
Selecting previously unselected package libseccomp2:amd64.
Preparing to unpack .../libseccomp2_2.1.1-1_amd64.deb ...
Unpacking libseccomp2:amd64 (2.1.1-1) ...
Selecting previously unselected package liblxc1.
Preparing to unpack .../liblxc1_1.1.0~alpha2-0ubuntu3_amd64.deb ...
Unpacking liblxc1 (1.1.0~alpha2-0ubuntu3) ...
Selecting previously unselected package librados2.
Preparing to unpack .../librados2_0.80.7-0ubuntu0.14.10.1_amd64.deb ...
Unpacking librados2 (0.80.7-0ubuntu0.14.10.1) ...
Selecting previously unselected package librbd1.
Preparing to unpack .../librbd1_0.80.7-0ubuntu0.14.10.1_amd64.deb ...
Unpacking librbd1 (0.80.7-0ubuntu0.14.10.1) ...
Selecting previously unselected package python-urllib3.
Preparing to unpack .../python-urllib3_1.8.3-1_all.deb ...
Unpacking python-urllib3 (1.8.3-1) ...
Selecting previously unselected package python-requests.
Preparing to unpack .../python-requests_2.3.0-1_all.deb ...
Unpacking python-requests (2.3.0-1) ...
Selecting previously unselected package python-requestbuilder.
Preparing to unpack .../python-requestbuilder_0.1.0-1_all.deb ...
Unpacking python-requestbuilder (0.1.0-1) ...
Selecting previously unselected package bridge-utils.
Preparing to unpack .../bridge-utils_1.5-7ubuntu1_amd64.deb ...
Unpacking bridge-utils (1.5-7ubuntu1) ...
Selecting previously unselected package distro-info-data.
Preparing to unpack .../distro-info-data_0.23_all.deb ...
Unpacking distro-info-data (0.23) ...
Selecting previously unselected package distro-info.
Preparing to unpack .../distro-info_0.14_amd64.deb ...
Unpacking distro-info (0.14) ...
Selecting previously unselected package python-setuptools.
Preparing to unpack .../python-setuptools_5.5.1-1_all.deb ...
Unpacking python-setuptools (5.5.1-1) ...
Selecting previously unselected package euca2ools.
Preparing to unpack .../euca2ools_3.0.2-1ubuntu1_all.deb ...
Unpacking euca2ools (3.0.2-1ubuntu1) ...
Selecting previously unselected package python3-lxc.
Preparing to unpack .../python3-lxc_1.1.0~alpha2-0ubuntu3_amd64.deb ...
Unpacking python3-lxc (1.1.0~alpha2-0ubuntu3) ...
Selecting previously unselected package lxc.
Preparing to unpack .../lxc_1.1.0~alpha2-0ubuntu3_amd64.deb ...
Unpacking lxc (1.1.0~alpha2-0ubuntu3) ...
Selecting previously unselected package lxc-templates.
Preparing to unpack .../lxc-templates_1.1.0~alpha2-0ubuntu3_amd64.deb ...
Unpacking lxc-templates (1.1.0~alpha2-0ubuntu3) ...
Selecting previously unselected package python-distro-info.
Preparing to unpack .../python-distro-info_0.14_all.deb ...
Unpacking python-distro-info (0.14) ...
Selecting previously unselected package qemu-utils.
Preparing to unpack .../qemu-utils_2.1+dfsg-4ubuntu6.3_amd64.deb ...
Unpacking qemu-utils (2.1+dfsg-4ubuntu6.3) ...
Selecting previously unselected package sharutils.
Preparing to unpack .../sharutils_1%3a4.14-2_amd64.deb ...
Unpacking sharutils (1:4.14-2) ...
Selecting previously unselected package uidmap.
Preparing to unpack .../uidmap_1%3a4.1.5.1-1.1ubuntu2_amd64.deb ...
Unpacking uidmap (1:4.1.5.1-1.1ubuntu2) ...
Selecting previously unselected package cloud-image-utils.
Preparing to unpack .../cloud-image-utils_0.27-0ubuntu10_all.deb ...
Unpacking cloud-image-utils (0.27-0ubuntu10) ...
Selecting previously unselected package debootstrap.
Preparing to unpack .../debootstrap_1.0.64_all.deb ...
Unpacking debootstrap (1.0.64) ...
Selecting previously unselected package openvswitch-common.
Preparing to unpack .../openvswitch-common_2.1.3-0ubuntu1_amd64.deb ...
Unpacking openvswitch-common (2.1.3-0ubuntu1) ...
Selecting previously unselected package openvswitch-switch.
Preparing to unpack .../openvswitch-switch_2.1.3-0ubuntu1_amd64.deb ...
Unpacking openvswitch-switch (2.1.3-0ubuntu1) ...
Selecting previously unselected package uml-utilities.
Preparing to unpack .../uml-utilities_20070815-1.3ubuntu1_amd64.deb ...
Unpacking uml-utilities (20070815-1.3ubuntu1) ...
Processing triggers for man-db (2.7.0.2-2) ...
Processing triggers for ureadahead (0.100.0-16) ...
ureadahead will be reprofiled on next reboot
Processing triggers for install-info (5.2.0.dfsg.1-4) ...
Setting up libaio1:amd64 (0.3.110-1) ...
Setting up libboost-thread1.55.0:amd64 (1.55.0+dfsg-1ubuntu3) ...
Setting up libseccomp2:amd64 (2.1.1-1) ...
Setting up liblxc1 (1.1.0~alpha2-0ubuntu3) ...
Setting up librados2 (0.80.7-0ubuntu0.14.10.1) ...
Setting up librbd1 (0.80.7-0ubuntu0.14.10.1) ...
Setting up python-urllib3 (1.8.3-1) ...
Setting up python-requests (2.3.0-1) ...
Setting up python-requestbuilder (0.1.0-1) ...
Setting up bridge-utils (1.5-7ubuntu1) ...
Setting up distro-info-data (0.23) ...
Setting up distro-info (0.14) ...
Setting up python-setuptools (5.5.1-1) ...
Setting up euca2ools (3.0.2-1ubuntu1) ...
Setting up python3-lxc (1.1.0~alpha2-0ubuntu3) ...
Setting up lxc (1.1.0~alpha2-0ubuntu3) ...
lxc start/running
Setting up lxc dnsmasq configuration.
Setting up python-distro-info (0.14) ...
Setting up qemu-utils (2.1+dfsg-4ubuntu6.3) ...
Setting up sharutils (1:4.14-2) ...
Setting up uidmap (1:4.1.5.1-1.1ubuntu2) ...
Setting up cloud-image-utils (0.27-0ubuntu10) ...
Setting up debootstrap (1.0.64) ...
Setting up openvswitch-common (2.1.3-0ubuntu1) ...
Setting up openvswitch-switch (2.1.3-0ubuntu1) ...
openvswitch-switch start/running
Setting up uml-utilities (20070815-1.3ubuntu1) ...
 * Starting User-mode networking switch uml_switch                                                                                                                 [ OK ]
Processing triggers for ureadahead (0.100.0-16) ...
Setting up lxc-templates (1.1.0~alpha2-0ubuntu3) ...
Processing triggers for libc-bin (2.19-10ubuntu2.1) ...
gstanden@W520:~$

Install DNS and DHCP packages

Next install bind9 and isc-dhcp-utils as shown below.


gstanden@W520:~$ sudo apt-get install bind9 bind9utils isc-dhcp-server
Reading package lists... Done
Building dependency tree      
Reading state information... Done
Suggested packages:
  bind9-doc isc-dhcp-server-ldap
The following NEW packages will be installed:
  bind9 bind9utils isc-dhcp-server
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,222 kB of archives.
After this operation, 3,826 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main bind9utils amd64 1:9.9.5.dfsg-4.3ubuntu0.1 [146 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main bind9 amd64 1:9.9.5.dfsg-4.3ubuntu0.1 [294 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ utopic/main isc-dhcp-server amd64 4.2.4-7ubuntu14 [782 kB]
Fetched 1,222 kB in 2s (443 kB/s)       
Preconfiguring packages ...
Selecting previously unselected package bind9utils.
(Reading database ... 201707 files and directories currently installed.)
Preparing to unpack .../bind9utils_1%3a9.9.5.dfsg-4.3ubuntu0.1_amd64.deb ...
Unpacking bind9utils (1:9.9.5.dfsg-4.3ubuntu0.1) ...
Selecting previously unselected package bind9.
Preparing to unpack .../bind9_1%3a9.9.5.dfsg-4.3ubuntu0.1_amd64.deb ...
Unpacking bind9 (1:9.9.5.dfsg-4.3ubuntu0.1) ...
Selecting previously unselected package isc-dhcp-server.
Preparing to unpack .../isc-dhcp-server_4.2.4-7ubuntu14_amd64.deb ...
Unpacking isc-dhcp-server (4.2.4-7ubuntu14) ...
Processing triggers for man-db (2.7.0.2-2) ...
Processing triggers for ufw (0.34~rc-0ubuntu4) ...
Processing triggers for ureadahead (0.100.0-16) ...
ureadahead will be reprofiled on next reboot
Setting up bind9utils (1:9.9.5.dfsg-4.3ubuntu0.1) ...
Setting up bind9 (1:9.9.5.dfsg-4.3ubuntu0.1) ...
Adding group `bind' (GID 128) ...
Done.
Adding system user `bind' (UID 118) ...
Adding new user `bind' (UID 118) with group `bind' ...
Not creating home directory `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
#
 * Starting domain name service... bind9                                                                                                                           [ OK ]
Setting up isc-dhcp-server (4.2.4-7ubuntu14) ...
Generating /etc/default/isc-dhcp-server...
isc-dhcp-server start/running, process 4943
isc-dhcp-server6 stop/pre-start, process 4994
Processing triggers for ufw (0.34~rc-0ubuntu4) ...
Processing triggers for ureadahead (0.100.0-16) ...
gstanden@W520:~$

Install OpenvSwitch Configuration Scripts

These scripts create and configure the OpenvSwitch switches.  The "crt_ovs_sw*.sh" scripts and the /etc/init/my-network-up script and reboot to verify openvswitch is creating switches and ports correctly. The scripts are attached to this blog and can be downloaded directly.  They will be downloaded by default to "/home/username/Downloads" directory.

Once the scripts are downloaded, create a directory "/home/username/OpenvSwitch" and install the "crt_ovs_sw*.sh" scripts to that directory and set correct permissions as shown below.

Also download the "my-network-up.sh" script from the end of this blog.  This script is used to ensure that the OpenvSwitch "crt_ovs_sw*.sh" scripts run only after networking has started.  The idea of using the "my-network-up.sh" script for starting up the OpenvSwitches at boot after the network interfaces are up is thanks to Cheesehead here.

Update Ubuntu 15.04 2015-05-16

The my-network-up.sh script doesn't seem to be working anymore in Ubuntu 15.04.  In any case, I had to add entries to /etc/rc.local script to get OpenvSwitch network to startup ok at boot on 15.04, so currently, the /etc/init/my-network-up.sh script is still in place, but not working, and now also the following entries are added in /etc/rc.local as well as shown below and it is the /etc/rc.local entries that are starting the OpenvSwitch at boot.

gstanden@vmem1:~/OpenvSwitch$ cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

/home/gstanden/OpenvSwitch/crt_ovs_sx1.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sx1.log
/home/gstanden/OpenvSwitch/crt_ovs_sw1.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw1.log
/home/gstanden/OpenvSwitch/crt_ovs_sw2.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw2.log
/home/gstanden/OpenvSwitch/crt_ovs_sw3.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw3.log
/home/gstanden/OpenvSwitch/crt_ovs_sw4.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw4.log
/home/gstanden/OpenvSwitch/crt_ovs_sw5.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw5.log
/home/gstanden/OpenvSwitch/crt_ovs_sw6.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw6.log
/home/gstanden/OpenvSwitch/crt_ovs_sw7.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw7.log
/home/gstanden/OpenvSwitch/crt_ovs_sw8.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw8.log
/home/gstanden/OpenvSwitch/crt_ovs_sw9.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw9.log

exit 0

gstanden@vmem1:~/OpenvSwitch$

Note also that crt_ovs_sx1.sh has been added.  This is the addition of a new network subnet 10.207.29.1 and comes with a new set of bind9 and dhcp configurations.  Basically, this update to the guide here shows how you add additional networks to the DNS-DHCP bind9/isc-dhcp-server setup on the laptop such that the additional networks will also hand out DHCP addresses over the OpenvSwitch network and also automatically add the newly assigned IP addresses to DNS bind9 (named).

Update End Ubuntu 15.04 2015-05-16

Once the "crt_ovs_sw*.sh" scripts are downloaded, create a directory for them as shown below, and move the scripts to the "/home/username/OpenvSwitch" directory as shown below. Ensure that the "crt_ovs_sw*.sh" scripts have the correct ownership, permissions, and are installed in the directory as shown below.  The log files do not need to be created.  They are written automatically during each bootup of the laptop or desktop when the OpenvSwitch switches are created during bootup.

At this time, also download and install the "my-network-up.sh" script and also ensure that /etc/rc.local is configured as shown above.  Install the my-network-up.sh script as shown into the "/etc/init" directory.  Create a soft link in the "/home/username/OpenvSwitch" directory as a reminder of where this important script is installed for future maintenance or reference.  The idea is that all scripts directly relevant to the OpenvSwitch configuration are linked in the "/home/username/OpenvSwitch" directory for quick reference and accessability.

gstanden@W520:~$ pwd
/home/gstanden
gstanden@W520:~$ ls -lrt
total 52
-rw-r--r-- 1 gstanden gstanden 8980 Dec 25 22:29 examples.desktop
drwxr-xr-x 2 gstanden gstanden 4096 Dec 25 22:48 Videos
drwxr-xr-x 2 gstanden gstanden 4096 Dec 25 22:48 Templates
drwxr-xr-x 2 gstanden gstanden 4096 Dec 25 22:48 Public
drwxr-xr-x 2 gstanden gstanden 4096 Dec 25 22:48 Music
drwxr-xr-x 2 gstanden gstanden 4096 Dec 25 22:48 Documents
drwxr-xr-x 2 gstanden gstanden 4096 Dec 25 22:48 Desktop
drwxr-xr-x 4 gstanden gstanden 4096 Dec 25 23:03 Pictures
drwxr-xr-x 2 gstanden gstanden 4096 Dec 26 12:09 Downloads
drwxr-xr-x 2 gstanden gstanden 4096 Dec 26 12:19 OpenvSwitch
drwxrwxr-x 2 gstanden gstanden 4096 Dec 26 14:31 Networking

gstanden@W520:~$ cd OpenvSwitch/

gstanden@W520:~/OpenvSwitch$ ls -lrt
total 52
-rwxr-xr-x 1 gstanden gstanden  704 Oct 27  2014 crt_ovs_sw4.sh
-rwxr-xr-x 1 gstanden gstanden  704 Oct 28  2014 crt_ovs_sw5.sh
-rwxr-xr-x 1 gstanden gstanden  704 Oct 28  2014 crt_ovs_sw6.sh
-rwxr-xr-x 1 gstanden gstanden  704 Oct 28  2014 crt_ovs_sw7.sh
-rwxr-xr-x 1 gstanden gstanden  704 Oct 28  2014 crt_ovs_sw8.sh
-rwxr-xr-x 1 gstanden gstanden  704 Oct 31  2014 crt_ovs_sw9.sh
-rwxr-xr-x 1 gstanden gstanden 1016 Oct 31  2014 crt_ovs_sw2.sh
-rwxr-xr-x 1 gstanden gstanden 1019 Oct 31  2014 crt_ovs_sw3.sh
-rwxr-xr-x 1 gstanden gstanden 1921 May  2 20:13 crt_ovs_sw1.sh
-rwxr-xr-x 1 gstanden gstanden 1935 May  2 20:24 crt_ovs_sx1.sh
lrwxrwxrwx 1 gstanden gstanden   26 May 16 16:30 my-network-up.sh -> /etc/init/my-network-up.sh
lrwxrwxrwx 1 gstanden gstanden   13 May 16 16:31 rc.local -> /etc/rc.local
-rw-r--r-- 1 gstanden gstanden  413 Dec 26 14:12 crt_ovs_sw1.log
-rw-r--r-- 1 gstanden gstanden  195 Dec 26 14:12 crt_ovs_sw2.log
-rw-r--r-- 1 gstanden gstanden  195 Dec 26 14:12 crt_ovs_sw3.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 26 14:12 crt_ovs_sw4.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 26 14:12 crt_ovs_sw5.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 26 14:12 crt_ovs_sw6.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 26 14:12 crt_ovs_sw7.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 26 14:12 crt_ovs_sw8.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 26 14:12 crt_ovs_sw9.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 26 14:12 crt_ovs_sx1.log
gstanden@W520:~/OpenvSwitch$


Ensure as shown below that the "/etc/init/my-network-up.sh" script is installed in the correct directory, and has the ownership, group, and permissions and review the content of the file as shown below.


gstanden@W520:~/OpenvSwitch$ ls -l /etc/init/my-network-up.conf
-rw-r--r-- 1 gstanden gstanden 1288 Dec 26 01:25 /etc/init/my-network-up.conf


gstanden@W520:~/OpenvSwitch$ cat /etc/init/my-network-up.conf

# 'my-network-up.conf' - My custom upstart events
#
# These are the scripts that run when a network appears.

description "My custom upstart events"

start on net-device-up     # Start a daemon or run a script
stop on net-device-down    # (Optional) Stop a daemon, scripts already self-terminate.

script
# You can really put shell script in here, including if/then and tests.
/home/gstanden/OpenvSwitch/crt_ovs_sw1.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw1.log
/home/gstanden/OpenvSwitch/crt_ovs_sw2.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw2.log
/home/gstanden/OpenvSwitch/crt_ovs_sw3.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw3.log
/home/gstanden/OpenvSwitch/crt_ovs_sw4.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw4.log
/home/gstanden/OpenvSwitch/crt_ovs_sw5.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw5.log
/home/gstanden/OpenvSwitch/crt_ovs_sw6.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw6.log
/home/gstanden/OpenvSwitch/crt_ovs_sw7.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw7.log
/home/gstanden/OpenvSwitch/crt_ovs_sw8.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw8.log
/home/gstanden/OpenvSwitch/crt_ovs_sw9.sh 2>&1 > /home/gstanden/OpenvSwitch/crt_ovs_sw9.log
/bin/chown gstanden:gstanden /home/gstanden/OpenvSwitch/crt_ovs_sw*.log
end script

gstanden@W520:~/OpenvSwitch$ ls -lrt /etc/init/my-network-up.conf
-rw-r--r-- 1 gstanden gstanden 1288 Dec 26 10:06 /etc/init/my-network-up.conf
gstanden@W520:~$

The OpenvSwitch switch scripts are also listed below for reference.

gstanden@vmem1:~/OpenvSwitch$ more crt_ovs_s*.sh

::::::::::::::
crt_ovs_sw1.sh
::::::::::::::

#!/bin/bash
# Requires use of Upstart Script /etc/init/my-network-up.conf to ensure interfaces are up before running.
 
tunctl -t s1
tunctl -t s2
tunctl -t s3
tunctl -t s4
tunctl -t s5
#tunctl -t s6
ip link set s1 up
ip link set s2 up
ip link set s3 up
ip link set s4 up
ip link set s5 up
#ip link set s6 up
ovs-vsctl add-br sw1
ovs-vsctl add-port sw1 s1
ovs-vsctl add-port sw1 s2
ovs-vsctl add-port sw1 s3
ovs-vsctl add-port sw1 s4
ovs-vsctl add-port sw1 s5
#ovs-vsctl add-port sw1 s6
ip link set up dev sw1
ip addr add 10.207.39.1/24 dev sw1
ip route replace 10.207.39.0/24 dev sw1

ovs-vsctl set port sw1 trunks=10
ovs-vsctl set port sw1 tag=10

# GLS 20140825 Get active external interface dynamically at boot.  Tested & works with {wlan0, eth0, bnep0} on Ubuntu 14.04.1 Desktop x86_64.
# GLS 20140825 Interface "bnep0" is Blackberry Z30 OS10 Bluetooth Tether.

### BEGIN Get Active EXTIF Dynamcially. ###
function GetInterface
{
ifconfig | egrep -B1 'inet addr' | egrep -A1 'wlan|eth|bnep' | sed '$!N;s/\n/ /' | sed 's/  */ /g' | cut -f1,7 -d' ' | sed 's/ addr//' | head -1 | cut -f1 -d':'
}
function GetIP
{
ifconfig | egrep -B1 'inet addr' | egrep -A1 'wlan|eth|bnep' | sed '$!N;s/\n/ /' | sed 's/  */ /g' | cut -f1,7 -d' ' | sed 's/ addr//' | head -1 | cut -f2 -d':'
}
### END Get Active EXTIF Dynamically. ###

echo '       IP: '$(GetIP)
echo 'Interface: '$(GetInterface)

INTIF="sw1"
EXTIF=$(GetInterface)
# EXTIF="wlan0"

echo 1 > /proc/sys/net/ipv4/ip_forward

# clear existing iptable rules, set a default policy
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F

# set forwarding and nat rules
iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

service isc-dhcp-server start
service bind9 restart

::::::::::::::
crt_ovs_sw2.sh
::::::::::::::

#!/bin/bash

tunctl -t t1
tunctl -t t2
tunctl -t t3
tunctl -t t4
tunctl -t t5
ip link set t1 up
ip link set t2 up
ip link set t3 up
ip link set t4 up
ip link set t5 up
ovs-vsctl add-br sw2
ovs-vsctl add-port sw2 t1
ovs-vsctl add-port sw2 t2
ovs-vsctl add-port sw2 t3
ovs-vsctl add-port sw2 t4
ovs-vsctl add-port sw2 t5
ip link set up dev sw2
ip addr add 10.207.40.1/24 dev sw2
ip route replace 10.207.40.0/24 dev sw2
ifconfig sw2 10.207.40.1 netmask 255.255.255.0

ovs-vsctl set port sw2 tag=80

# INTIF="sw2"
# EXTIF="wlan0"
# echo 1 > /proc/sys/net/ipv4/ip_forward

# clear existing iptable rules, set a default policy
# iptables -P INPUT ACCEPT
# iptables -F INPUT
# iptables -P OUTPUT ACCEPT
# iptables -F OUTPUT
# iptables -P FORWARD DROP
# iptables -F FORWARD
# iptables -t nat -F

# set forwarding and nat rules
# iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
# iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# service isc-dhcp-server start

::::::::::::::
crt_ovs_sw3.sh
::::::::::::::

#!/bin/bash

tunctl -t w1
tunctl -t w2
tunctl -t w3
tunctl -t w4
tunctl -t w5
ip link set w1 up
ip link set w2 up
ip link set w3 up
ip link set w4 up
ip link set w5 up
ovs-vsctl add-br sw3
ovs-vsctl add-port sw3 w1
ovs-vsctl add-port sw3 w2
ovs-vsctl add-port sw3 w3
ovs-vsctl add-port sw3 w4
ovs-vsctl add-port sw3 w5

ip link set up dev sw3
ip addr add 10.207.41.1/24 dev sw3
ip route replace 10.207.41.0/24 dev sw3
ifconfig sw3 10.207.41.1 netmask 255.255.255.0

 ovs-vsctl set port sw3 tag=90

# INTIF="sw3"
# EXTIF="wlan0"
# echo 1 > /proc/sys/net/ipv4/ip_forward

# clear existing iptable rules, set a default policy
# iptables -P INPUT ACCEPT
# iptables -F INPUT
# iptables -P OUTPUT ACCEPT
# iptables -F OUTPUT
# iptables -P FORWARD DROP
# iptables -F FORWARD
# iptables -t nat -F

# set forwarding and nat rules
# iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
# iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# service isc-dhcp-server start

::::::::::::::
crt_ovs_sw4.sh
::::::::::::::

#!/bin/bash

ovs-vsctl add-br sw4
ip link set up dev sw4
ip addr add 192.210.39.1/24 dev sw4
ip route replace 192.210.39.0/24 dev sw4
ifconfig sw4 192.210.39.1 netmask 255.255.255.0

# INTIF="sw3"
# EXTIF="wlan0"
# echo 1 > /proc/sys/net/ipv4/ip_forward

# clear existing iptable rules, set a default policy
# iptables -P INPUT ACCEPT
# iptables -F INPUT
# iptables -P OUTPUT ACCEPT
# iptables -F OUTPUT
# iptables -P FORWARD DROP
# iptables -F FORWARD
# iptables -t nat -F

# set forwarding and nat rules
# iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
# iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# service isc-dhcp-server start

::::::::::::::
crt_ovs_sw5.sh
::::::::::::::

#!/bin/bash

ovs-vsctl add-br sw5
ip link set up dev sw5
ip addr add 192.211.39.1/24 dev sw5
ip route replace 192.211.39.0/24 dev sw5
ifconfig sw5 192.211.39.1 netmask 255.255.255.0

# INTIF="sw3"
# EXTIF="wlan0"
# echo 1 > /proc/sys/net/ipv4/ip_forward

# clear existing iptable rules, set a default policy
# iptables -P INPUT ACCEPT
# iptables -F INPUT
# iptables -P OUTPUT ACCEPT
# iptables -F OUTPUT
# iptables -P FORWARD DROP
# iptables -F FORWARD
# iptables -t nat -F

# set forwarding and nat rules
# iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
# iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# service isc-dhcp-server start

::::::::::::::
crt_ovs_sw6.sh
::::::::::::::

#!/bin/bash

ovs-vsctl add-br sw6
ip link set up dev sw6
ip addr add 192.212.39.1/24 dev sw6
ip route replace 192.212.39.0/24 dev sw6
ifconfig sw6 192.212.39.1 netmask 255.255.255.0

# INTIF="sw3"
# EXTIF="wlan0"
# echo 1 > /proc/sys/net/ipv4/ip_forward

# clear existing iptable rules, set a default policy
# iptables -P INPUT ACCEPT
# iptables -F INPUT
# iptables -P OUTPUT ACCEPT
# iptables -F OUTPUT
# iptables -P FORWARD DROP
# iptables -F FORWARD
# iptables -t nat -F

# set forwarding and nat rules
# iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
# iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# service isc-dhcp-server start

::::::::::::::
crt_ovs_sw7.sh
::::::::::::::

#!/bin/bash

ovs-vsctl add-br sw7
ip link set up dev sw7
ip addr add 192.213.39.1/24 dev sw7
ip route replace 192.213.39.0/24 dev sw7
ifconfig sw7 192.213.39.1 netmask 255.255.255.0

# INTIF="sw3"
# EXTIF="wlan0"
# echo 1 > /proc/sys/net/ipv4/ip_forward

# clear existing iptable rules, set a default policy
# iptables -P INPUT ACCEPT
# iptables -F INPUT
# iptables -P OUTPUT ACCEPT
# iptables -F OUTPUT
# iptables -P FORWARD DROP
# iptables -F FORWARD
# iptables -t nat -F

# set forwarding and nat rules
# iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
# iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# service isc-dhcp-server start

::::::::::::::
crt_ovs_sw8.sh
::::::::::::::

#!/bin/bash

ovs-vsctl add-br sw8
ip link set up dev sw8
ip addr add 172.220.40.1/24 dev sw8
ip route replace 172.220.40.0/24 dev sw8
ifconfig sw8 172.220.40.1 netmask 255.255.255.0

# INTIF="sw3"
# EXTIF="wlan0"
# echo 1 > /proc/sys/net/ipv4/ip_forward

# clear existing iptable rules, set a default policy
# iptables -P INPUT ACCEPT
# iptables -F INPUT
# iptables -P OUTPUT ACCEPT
# iptables -F OUTPUT
# iptables -P FORWARD DROP
# iptables -F FORWARD
# iptables -t nat -F

# set forwarding and nat rules
# iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
# iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# service isc-dhcp-server start

::::::::::::::
crt_ovs_sw9.sh
::::::::::::::

#!/bin/bash

ovs-vsctl add-br sw9
ip link set up dev sw9
ip addr add 172.221.40.1/24 dev sw9
ip route replace 172.221.40.0/24 dev sw9
ifconfig sw9 172.221.40.1 netmask 255.255.255.0

# INTIF="sw3"
# EXTIF="wlan0"
# echo 1 > /proc/sys/net/ipv4/ip_forward

# clear existing iptable rules, set a default policy
# iptables -P INPUT ACCEPT
# iptables -F INPUT
# iptables -P OUTPUT ACCEPT
# iptables -F OUTPUT
# iptables -P FORWARD DROP
# iptables -F FORWARD
# iptables -t nat -F

# set forwarding and nat rules
# iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
# iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# service isc-dhcp-server start

::::::::::::::
crt_ovs_sx1.sh
::::::::::::::

#!/bin/bash
# Requires use of Upstart Script /etc/init/my-network-up.conf to ensure interfaces are up before running.
sleep 10
tunctl -t a1
tunctl -t a2
tunctl -t a3
tunctl -t a4
tunctl -t a5
#tunctl -t a6
ip link set a1 up
ip link set a2 up
ip link set a3 up
ip link set a4 up
ip link set a5 up
#ip link set a6 up
ovs-vsctl add-br sx1
ovs-vsctl add-port sx1 a1
ovs-vsctl add-port sx1 a2
ovs-vsctl add-port sx1 a3
ovs-vsctl add-port sx1 a4
ovs-vsctl add-port sx1 a5
#ovs-vsctl add-port sx1 a6
ip link set up dev sx1
ip addr add 10.207.29.1/24 dev sx1
ip route replace 10.207.29.0/24 dev sx1

ovs-vsctl set port sx1 trunks=10
ovs-vsctl set port sx1 tag=10

# GLS 20140825 Get active external interface dynamically at boot.  Tested & works with {wlan0, eth0, bnep0} on Ubuntu 14.04.1 Desktop x86_64.
# GLS 20140825 Interface "bnep0" is Blackberry Z30 OS10 Bluetooth Tether.

### BEGIN Get Active EXTIF Dynamcially. ###
function GetInterface
{
ifconfig | egrep -B1 'inet addr' | egrep -A1 'wlan|eth|bnep' | sed '$!N;s/\n/ /' | sed 's/  */ /g' | cut -f1,7 -d' ' | sed 's/ addr//' | head -1 | cut -f1 -d':'
}
function GetIP
{
ifconfig | egrep -B1 'inet addr' | egrep -A1 'wlan|eth|bnep' | sed '$!N;s/\n/ /' | sed 's/  */ /g' | cut -f1,7 -d' ' | sed 's/ addr//' | head -1 | cut -f2 -d':'
}
### END Get Active EXTIF Dynamically. ###

echo '       IP: '$(GetIP)
echo 'Interface: '$(GetInterface)

INTIF="sx1"
EXTIF=$(GetInterface)
# EXTIF="wlan0"

echo 1 > /proc/sys/net/ipv4/ip_forward

# clear existing iptable rules, set a default policy
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F

# set forwarding and nat rules
iptables -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

# service isc-dhcp-server restart
# service bind9 restart

gstanden@vmem1:~/OpenvSwitch$


Setup DNS and DHCP for System

The DNS and DHCP are setup in this blog so that DHCP can provide addresses to LXC containers and VMs on the OpenvSwitch, and also add those DHCP assignments to DNS automatically.

Backup DNS Default Configuration Files and Install Downloaded Versions

First backup the default configuration files as shown below. 

Then download from the end of this blog this files "named.conf.options" and "named.conf.local" and move to "/etc/bind" directory as shown below.

gstanden@W520:~$ cd /etc/bind
gstanden@W520:/etc/bind$ ls -lrt
total 52
-rw-r--r-- 1 root root 1317 Dec  9 13:06 zones.rfc1918
-rw-r--r-- 1 root bind  165 Dec  9 13:06 named.conf.local
-rw-r--r-- 1 root bind  490 Dec  9 13:06 named.conf.default-zones
-rw-r--r-- 1 root bind  463 Dec  9 13:06 named.conf
-rw-r--r-- 1 root root 3048 Dec  9 13:06 db.root
-rw-r--r-- 1 root root  270 Dec  9 13:06 db.local
-rw-r--r-- 1 root root  353 Dec  9 13:06 db.empty
-rw-r--r-- 1 root root  237 Dec  9 13:06 db.255
-rw-r--r-- 1 root root  271 Dec  9 13:06 db.127
-rw-r--r-- 1 root root  237 Dec  9 13:06 db.0
-rw-r--r-- 1 root root 2389 Dec  9 13:06 bind.keys
-rw-r----- 1 bind bind   77 Dec 26 01:01 rndc.key
-rw-r--r-- 1 root bind  890 Dec 26 01:01 named.conf.options

gstanden@W520:/etc/bind$ sudo cp -p named.conf.local named.conf.local.original.install.bak
gstanden@W520:/etc/bind$ sudo cp -p named.conf.options named.conf.options.original.install.bak
gstanden@W520:/etc/bind$ sudo cp -p rndc.key rndc.key.original.install.bak
gstanden@W520:/etc/bind$ cd

gstanden@w520:~/Downloads$ sudo mv named.* /etc/bind/.
gstanden@w520:~/Downloads$

Backup DHCP Default Configuration Files

Now backup the isc-dhcp-server (DHCP) original install configuration files as shown below.  Although dhclient.conf is backed up, there are no changes to dhclient.conf and it is used as is default format.  Only the dhcpd.conf file needs to be updated with the downloaded version.

Update Begin Ubuntu 15.04 2015-05-16

There is a change to the /etc/dhcp/dhclient.conf file for the added mccc.org domain as shown below.

root@vmem1:/etc/dhcp# cat dhclient.conf
# Configuration file for /sbin/dhclient, which is included in Debian's
#    dhcp3-client package.
#
# This is a sample configuration file for dhclient. See dhclient.conf's
#    man page for more information about the syntax of this file
#    and a more comprehensive list of the parameters understood by
#    dhclient.
#
# Normally, if the DHCP server provides reasonable information and does
#    not leave anything out (like the domain name, for example), then
#    few changes must be made to this file, if any.
#

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;

send host-name = gethostname();
prepend domain-name-servers 127.0.0.1;

# Oracle GNS and additional domains
append domain-name " mccc.org";

request subnet-mask, broadcast-address, time-offset, routers,
    domain-name, domain-name-servers, domain-search, host-name,
    dhcp6.name-servers, dhcp6.domain-search,
    netbios-name-servers, netbios-scope, interface-mtu,
    rfc3442-classless-static-routes, ntp-servers,
    dhcp6.fqdn, dhcp6.sntp-servers;
root@vmem1:/etc/dhcp#

Note the section in bold which adds mccc.org to the dhclient.conf and this is responsible for adding it to /etc/resolv.conf at bootup.

gstanden@W520:/etc/dhcp$ sudo cp -p dhcpd.conf dhcpd.conf.original.install.bak
gstanden@W520:/etc/dhcp$ sudo cp -p dhclient.conf dhclient.conf.original.install.bak
gstanden@W520:/etc/dhcp$

Install Downloaded DHCP Files

Move the downloaded "dhcpd.conf" to "/etc/dhcp" directory as shown below.

gstanden@W520:~$ cd Downloads
gstanden@W520:~/Downloads$ ls -lrt
total 272
-rw-rw-r-- 1 gstanden gstanden 250832 Dec 25 22:54 ksplice-uptrack.deb
-rw-rw-r-- 1 gstanden gstanden    940 Dec 26 10:15 dhclient.conf
-rw-rw-r-- 1 gstanden gstanden    890 Dec 26 10:15 dhcpd.conf
-rw-rw-r-- 1 gstanden gstanden   1096 Dec 26 10:15 fwd.vmem.org
-rw-rw-r-- 1 gstanden gstanden    435 Dec 26 10:15 named.conf.local
-rw-rw-r-- 1 gstanden gstanden    299 Dec 26 10:15 named.conf.options
-rw-rw-r-- 1 gstanden gstanden    671 Dec 26 10:16 rev.vmem.org
gstanden@W520:~/Downloads$ sudo mv dhcpd.conf /etc/dhcp/.

gstanden@W520:~/Downloads$ sudo su -
root@W520:~# cd /etc/dhcp
root@W520:/etc/dhcp# ls -lrt
total 28
-rw-r--r-- 1 root     root     3602 Apr  3  2014 dhcpd.conf.original.install.bak
-rw-r--r-- 1 root     root     1830 Apr  3  2014 dhclient.conf.original.install.bak
drwxr-xr-x 2 root     root     4096 Oct 22 14:11 dhclient-enter-hooks.d
drwxr-xr-x 2 root     root     4096 Dec 25 23:14 dhclient-exit-hooks.d
drwxr-x--- 2 root     dhcpd    4096 Dec 26 01:01 ddns-keys
-rw-rw-r-- 1 gstanden gstanden  940 Dec 26 10:15 dhclient.conf
-rw-rw-r-- 1 gstanden gstanden  890 Dec 26 10:15 dhcpd.conf
root@W520:/etc/dhcp# cat dhcpd.conf
#
# Configuration file for ISC dhcpd for Ubuntu 14.04
#
ddns-updates on; 
ddns-update-style interim; 
update-static-leases on; 
authoritative; 
key rndc-key { algorithm hmac-md5; secret "5rcWKMkWCP6RBUeu9tjIZg==";<-- This value must be changed. 
allow unknown-clients; 
use-host-decl-names on; 
default-lease-time 1814400;
max-lease-time 1814400;
log-facility local7; 

zone vmem.org. {
    primary 10.207.39.1;
    key rndc-key;
}
zone 39.207.10.in-addr.arpa. {
    primary 10.207.39.1;
    key rndc-key;
}
subnet 10.207.39.0 netmask 255.255.255.0 {
#   default gateway
    option routers             10.207.39.1;
    option subnet-mask         255.255.255.0;
    option domain-name         "vmem.org";
    option domain-name-servers 10.207.39.1;
#   option ntp-servers         10.207.39.1;
    ddns-domainname            "vmem.org.";
    ddns-rev-domainname        "in-addr.arpa.";
    range                      10.207.39.70 10.207.39.254;
    default-lease-time         1814400;
    max-lease-time             1814400;
}
root@W520:/etc/dhcp#

Update Begin Ubuntu 15.04 2015-05-16

I have updated the dhcpd.conf to support multiple DHCP-DNS networks, so see below for an example of having multiple networks support and multiple domains support by named as shown below for dhcpd.conf.  In the example below, the 10.207.29.1 subnet has been added to my original 10.207.39.1 supported subnet, and the mccc.org domain has been added to the vmem.org domain support. The new sections added for the new subnet are in bold as shown below.

gstanden@vmem1:~/OpenvSwitch$ cat /etc/dhcp/dhcpd.conf
#
# Configuration file for ISC dhcpd for Ubuntu 14.04
# Configuration file for ISC dhcpd for Ubuntu 15.04 GLS Tested on 15.04 2015.05.02
# Added a second subnet configuration (10.207.29.1/24) for mediacomcorp.org domain
#
ddns-updates on; 
ddns-update-style interim; 
update-static-leases on; 
authoritative; 
key rndc-key { algorithm hmac-md5; secret "5rcWKMkWCP6RBUeu9tjIZg==";} 
allow unknown-clients; 
use-host-decl-names on; 
default-lease-time 1814400;
max-lease-time 1814400;
log-facility local7; 

zone vmem.org. {
    primary 10.207.39.1;
    key rndc-key;
}
zone mccc.org. {
    primary 10.207.29.1;
    key rndc-key;

}
zone 39.207.10.in-addr.arpa. {
    primary 10.207.39.1;
    key rndc-key;
}
zone 29.207.10.in-addr.arpa. {
    primary 10.207.29.1;
    key rndc-key;

}
subnet 10.207.39.0 netmask 255.255.255.0 {
#  ---  default gateway
    option routers             10.207.39.1;
    option subnet-mask         255.255.255.0;
    option domain-name         "vmem.org";
    option domain-name-servers 10.207.39.1;
#   option ntp-servers         10.207.39.1;
    ddns-domainname            "vmem.org.";
    ddns-rev-domainname        "in-addr.arpa.";
    range                      10.207.39.70 10.207.39.254;
    default-lease-time         1814400;
    max-lease-time             1814400;
}
subnet 10.207.29.0 netmask 255.255.255.0 {
#  ---  default gateway
    option routers             10.207.29.1;
    option subnet-mask         255.255.255.0;
    option domain-name         "mccc.org";
    option domain-name-servers 10.207.29.1;
#   option ntp-servers         10.207.29.1;
    ddns-domainname            "mccc.org.";
    ddns-rev-domainname        "in-addr.arpa.";
    range                      10.207.29.70 10.207.29.254;
    default-lease-time         1814400;
    max-lease-time             1814400;
}

gstanden@vmem1:~/OpenvSwitch$

Update End Ubuntu 15.04 2015-05-16

Update DHCP Configuration Files with Correct RNDC Key

The dhcpd.conf file must be updated with a correct rndc.key value so this is a good time to update the rndc.key value. The value from the install can be used, or a new rndc.key file can be generated.  Here the value from the installed rndc.key file is used.  Notice that with the newly added second supported subnet of 10.207.29.1, we still can use the same rndc.key for both subnets.  it may be possible to use different keys for different subnets (probably is, or I should think it would be) but for the purposes of this blog, the same rndc.key value is used for all subnets.


root@W520:/etc/dhcp# cd /etc/bind
root@W520:/etc/bind# ls -lrt
total 64
-rw-r--r-- 1 root root 1317 Dec  9 13:06 zones.rfc1918
-rw-r--r-- 1 root bind  165 Dec  9 13:06 named.conf.local.original.install.bak
-rw-r--r-- 1 root bind  165 Dec  9 13:06 named.conf.local
-rw-r--r-- 1 root bind  490 Dec  9 13:06 named.conf.default-zones
-rw-r--r-- 1 root bind  463 Dec  9 13:06 named.conf
-rw-r--r-- 1 root root 3048 Dec  9 13:06 db.root
-rw-r--r-- 1 root root  270 Dec  9 13:06 db.local
-rw-r--r-- 1 root root  353 Dec  9 13:06 db.empty
-rw-r--r-- 1 root root  237 Dec  9 13:06 db.255
-rw-r--r-- 1 root root  271 Dec  9 13:06 db.127
-rw-r--r-- 1 root root  237 Dec  9 13:06 db.0
-rw-r--r-- 1 root root 2389 Dec  9 13:06 bind.keys
-rw-r----- 1 bind bind   77 Dec 26 01:01 rndc.key.original.install.bak
-rw-r----- 1 bind bind   77 Dec 26 01:01 rndc.key
-rw-r--r-- 1 root bind  890 Dec 26 01:01 named.conf.options.original.install.bak
-rw-r--r-- 1 root bind  890 Dec 26 01:01 named.conf.options

root@W520:/etc/bind# cat rndc.key

key "rndc-key" {
    algorithm hmac-md5;
    secret "
5rcWKMkWCP6RBUeu9tjIZg==";
};

root@W520:/etc/bind#

Edit the dhcpd.conf file and update the secret key value as shown below.

root@W520:/etc/dhcp# vi dhcpd.conf
root@W520:/etc/dhcp# cat dhcpd.conf

#
# Configuration file for ISC dhcpd for Ubuntu 14.04
#
ddns-updates on; 
ddns-update-style interim; 
update-static-leases on; 
authoritative; 
key rndc-key { algorithm hmac-md5; secret "
5rcWKMkWCP6RBUeu9tjIZg==";)  <-- Key value has been changed. 
allow unknown-clients; 
use-host-decl-names on; 
default-lease-time 1814400;
max-lease-time 1814400;
log-facility local7; 

zone vmem.org. {
    primary 10.207.39.1;
    key rndc-key;
}
zone 39.207.10.in-addr.arpa. {
    primary 10.207.39.1;
    key rndc-key;
}
subnet 10.207.39.0 netmask 255.255.255.0 {
#   default gateway
    option routers             10.207.39.1;
    option subnet-mask         255.255.255.0;
    option domain-name         "vmem.org";
    option domain-name-servers 10.207.39.1;
#   option ntp-servers         10.207.39.1;
    ddns-domainname            "vmem.org.";
    ddns-rev-domainname        "in-addr.arpa.";
    range                      10.207.39.70 10.207.39.254;
    default-lease-time         1814400;
    max-lease-time             1814400;
}
root@W520:/etc/dhcp#

Set Ownership and Permissions of DHCP Configuration Files

Change ownership of dhcp configuration files to root as shown below.

root@W520:/etc/dhcp# chown root:root dhclient.conf dhcpd.conf
root@W520:/etc/dhcp# ls -lrt *.conf
total 28
-rw-rw-r-- 1 root root   940 Dec 26 10:15 dhclient.conf
-rw-rw-r-- 1 root root   890 Dec 26 10:25 dhcpd.conf

root@W520:/etc/dhcp#

Install DNS Forward and Reverse Zone Configuration Files

Download the "fwd.vmem.org" and the "rev.vmem.org" zone files from the downloadable files at the end of this blog. Install the downloaded zone files into correct location as shown below.  Download the "named.conf.options" and the "named.conf.local" file from the downloadable files at the end of the blog and install.

gstanden@W520:~$ cd Downloads
gstanden@W520:~/Downloads$ ls -lrt
total 264
-rw-rw-r-- 1 gstanden gstanden 250832 Dec 25 22:54 ksplice-uptrack.deb
-rw-rw-r-- 1 gstanden gstanden   1096 Dec 26 10:15 fwd.vmem.org
-rw-rw-r-- 1 gstanden gstanden    435 Dec 26 10:15 named.conf.local
-rw-rw-r-- 1 gstanden gstanden    299 Dec 26 10:15 named.conf.options
-rw-rw-r-- 1 gstanden gstanden    671 Dec 26 10:16 rev.vmem.org
gstanden@W520:~/Downloads$ sudo mv fwd.vmem.org /var/lib/bind/.
gstanden@W520:~/Downloads$ sudo mv rev.vmem.org /var/lib/bind/.
gstanden@W520:~/Downloads$ sudo su -
root@W520:~# cd /var/lib/bind
root@W520:/var/lib/bind#

Edit DNS Forward and Reverse Zone Files

Setup the forward and reverse zone files.  Change the domain name information if desired. Be careful when editing not to remove any of the "." characters in the file, they matter!  Also, verify the hostname as shown and make sure to update the forward and reverse zone files with the name of your desktop host (in this example the desktop hostname is "W520").

root@W520:/var/lib/bind# cat fwd.vmem.org

$ORIGIN .
$TTL 86400                 ; time-to-live in seconds
vmem.org        IN SOA    W520.vmem.org. postmaster.vmem.org. (
                1412261100 ; serial
                60         ; refresh (1 minute)
                1800       ; retry (30 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
            NS    W520.vmem.org.
$ORIGIN vmem.org.
_sflow._udp        TXT    "txtvers=1" "polling=20" "sampling=512"
            SRV    0 0 6343 W520
W520            A    10.207.39.1
lxc1-gns-vip.vmem.org.    A    10.207.39.3
$ORIGIN gns1.vmem.org.
@    IN        NS    lxc1-gns-vip.vmem.org.

root@W520:/var/lib/bind# named-checkzone vmem.org fwd.vmem.org
zone vmem.org/IN: loaded serial 1412261100
OK

root@W520:/var/lib/bind# cat rev.vmem.org
$ORIGIN .
$TTL 86400            ; time-to-live in seconds
39.207.10.in-addr.arpa    IN SOA    W520.vmem.org. postmaster.vmem.org. (
                1412261100 ; serial
                60         ; refresh (1 hour)
                1800       ; retry (30 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
            NS    W520.vmem.org.
$ORIGIN 39.207.10.in-addr.arpa.
1            PTR    W520.vmem.org.
3            PTR    lxc1-gns-vip.vmem.org.
39.207.10.in-addr.arpa    NS    W520.vmem.org.
W520            A    10.207.39.1

root@W520:/var/lib/bind# named-checkzone 39.207.10.in-addr.arpa rev.vmem.org
zone 39.207.10.in-addr.arpa/IN: loaded serial 1412261100
OK

root@W520:/var/lib/bind# uname -a
Linux W520 3.16.0-28-generic #38-Ubuntu SMP Fri Dec 12 17:37:40 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

root@W520:/var/lib/bind# hostname -f
W520
root@W520:/var/lib/bind#

Update Begin Ubuntu 15.04 2015-05-16

Additional zones have been added for the mccc.org domain and for the 10.207.29.1/24 network reverse lookups as shown below.

root@vmem1:/var/lib/bind# named-checkzone mccc.org fwd.mccc.org
zone mccc.org/IN: loaded serial 1505021309
OK

root@vmem1:/var/lib/bind# named-checkzone 29.207.10.in-addr.arpa rev.mccc.org
zone 29.207.10.in-addr.arpa/IN: loaded serial 1411021420
OK

root@vmem1:/var/lib/bind# cat fwd.mccc.org

$ORIGIN .
$TTL 86400    ; 1 day
mccc.org        IN SOA    mccc1.mccc.org. postmaster.mccc.org. (
                1505021309 ; serial
                60         ; refresh (1 minute)
                1800       ; retry (30 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
                NS    mccc1.mccc.org.
$ORIGIN mccc.org.
_sflow._udp        TXT    "txtvers=1" "polling=20" "sampling=512"
            SRV    0 0 6343 mccc1
mccc1            A    10.207.29.1

root@vmem1:/var/lib/bind# cat rev.mccc.org

$ORIGIN .
$TTL 86400    ; 1 day
29.207.10.in-addr.arpa    IN SOA    mccc1.mccc.org. postmaster.mccc.org. (
                1411021420 ; serial
                3600       ; refresh (1 hour)
                1800       ; retry (30 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
                NS    mccc1.mccc.org.
$ORIGIN 29.207.10.in-addr.arpa.
1               PTR    mccc1.mccc.org.

root@vmem1:/var/lib/bind#

Update End Ubuntu 15.04 2015-05-16

Configure dnsmasq-base

Now configure dnsmasq-base ("NetworkManager" component) to IGNORE DNS requests for the local-only vmem.org domain as shown below. In other words, this step puts the local domain "vmem.org" under the control of bind9, and tells dnsmasq-base to ignore this domain.

gstanden@W520:~$ sudo vi /etc/NetworkManager/dnsmasq.d/local
[sudo] password for gstanden:
gstanden@W520:~$ sudo vi /etc/NetworkManager/dnsmasq.d/local
gstanden@W520:~$ cat /etc/NetworkManager/dnsmasq.d/local
server=/vmem.org/10.207.39.1
server=/39.207.10.in-addr.arpa/10.207.39.1

gstanden@W520:~$

Update Begin Ubuntu 15.04 2015-05-16

Additional entries are needed for the new subnet forward and reverse lookups to /etc/NetworkManager/dnsmasq.d/local to ensure that dnsmasq ignores these networks and allows bind9 (named) to managed the DNS lookups for these networks.  The updated /etc/NetworkManager/dnsmasq.d/local file is shown below.

root@vmem1:/var/lib/bind# cat /etc/NetworkManager/dnsmasq.d/local

server=/vmem.org/10.207.39.1
server=/39.207.10.in-addr.arpa/10.207.39.1
server=/mccc.org/10.207.29.1
server=/29.207.10.in-addr.arpa/10.207.29.1


root@vmem1:/var/lib/bind#

Note the new entries above, in bold, for the mccc.org and 10.207.29.1 forward and reverse lookup zones.

Update End Ubuntu 15.04 2015-05-16

Configure /etc/network/interfaces

Ensure that "/etc/network/interfaces" file has the following three lines added after "iface" line.  These lines are responsible for configuring the "/etc/resolv.conf" file.  There are no changes to the /etc/network/interfaces file for the Ubuntu 15.04 update.  Note that "mccc.org" is added to /etc/resolv.conf using /etc/dhcp/dhclient.conf (see above) but it probably could also be added here in /etc/network/interfaces as an additional entry on the "dns-search" line.

gstanden@W520:~$ sudo vi /etc/network/interfaces
[sudo] password for gstanden:
gstanden@W520:~$ cat /etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
    dns-domain vmem.org
    dns-search gns1.vmem.org
    dns-nameserver 127.0.0.1

gstanden@W520:~$

Configure /etc/sysctl.conf

Make the settings values changes to existing parameters in the /etc/sysctl.conf as shown below thanks to the blogpost from Venu Murthy here. Additional reference material and full-resolution schematics of OpenvSwitch OpenStack networking can be found at OpenStack documentation.

gstanden@W520:~/Networking$ cat /etc/sysctl.conf | egrep -B1 'rp_filter|ip_forward'
# GLS 20141226 http://thenewstack.io/solving-a-common-beginners-problem-when-pinging-from-an-openstack-instance/
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

--
# GLS 20141226 http://thenewstack.io/solving-a-common-beginners-problem-when-pinging-from-an-openstack-instance/
net.ipv4.ip_forward=1

gstanden@W520:~/Networking$

Install and Configure Required Apparmor Package

Next install apparmor-utils package as shown below.

gstanden@W520:~$ sudo apt-get install apparmor-utils

Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following extra packages will be installed:
  python3-apparmor python3-libapparmor
Suggested packages:
  apparmor-docs vim-addon-manager
The following NEW packages will be installed:
  apparmor-utils python3-apparmor python3-libapparmor
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 140 kB of archives.
After this operation, 903 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu/ utopic/main python3-libapparmor amd64 2.8.98-0ubuntu2 [24.7 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu/ utopic/main python3-apparmor amd64 2.8.98-0ubuntu2 [62.1 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ utopic/main apparmor-utils amd64 2.8.98-0ubuntu2 [53.0 kB]
Fetched 140 kB in 1s (78.5 kB/s)      
Selecting previously unselected package python3-libapparmor.
(Reading database ... 203805 files and directories currently installed.)
Preparing to unpack .../python3-libapparmor_2.8.98-0ubuntu2_amd64.deb ...
Unpacking python3-libapparmor (2.8.98-0ubuntu2) ...
Selecting previously unselected package python3-apparmor.
Preparing to unpack .../python3-apparmor_2.8.98-0ubuntu2_amd64.deb ...
Unpacking python3-apparmor (2.8.98-0ubuntu2) ...
Selecting previously unselected package apparmor-utils.
Preparing to unpack .../apparmor-utils_2.8.98-0ubuntu2_amd64.deb ...
Unpacking apparmor-utils (2.8.98-0ubuntu2) ...
Processing triggers for man-db (2.7.0.2-2) ...
Setting up python3-libapparmor (2.8.98-0ubuntu2) ...
Setting up python3-apparmor (2.8.98-0ubuntu2) ...
Setting up apparmor-utils (2.8.98-0ubuntu2) ...

gstanden@W520:~$

Set the apparmor profile for lxc-start to "complain" mode as shown below.  Currently, this is considered by the author to be the Ubuntu Linux equivalent of setting selinux to "permissive" but not absolutely sure of that.  This then would mean that this is the equivalent step in Venu's blog post for setting selinux to permissive mode in the apparmor paradigm.

gstanden@W520:~$ sudo aa-complain /usr/bin/lxc-start
Setting /usr/bin/lxc-start to complain mode.
gstanden@W520:~$

Add Settings to /etc/sysctl.conf File

Next add the following settings at the end of /etc/sysctl.conf for Oracle as shown below.  Hugepages value is optional and can be adjusted downward depending on whether Hugepages are used or not and depending on what size of Oracle SGA.

# Oracle

kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 6815744
fs.aio-max-nr = 1048576

net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576

vm.nr_hugepages = 2060
kernel.panic_on_oops = 1

The final /etc/sysctl.conf file after all above edits should be similar to the one shown below. Sections edited and added are shown in bold.

gstanden@W520:~/Networking$ cat /etc/sysctl.conf

# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
# GLS 20141226 http://thenewstack.io/solving-a-common-beginners-problem-when-pinging-from-an-openstack-instance/
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
# GLS 20141226 http://thenewstack.io/solving-a-common-beginners-problem-when-pinging-from-an-openstack-instance/
net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1

# Oracle
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 6815744
fs.aio-max-nr = 1048576

net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576

vm.nr_hugepages = 2060
kernel.panic_on_oops = 1


gstanden@W520:~/Networking$

Apply the changes to the system using the command as shown below and verify that all new settings were accepted and applied.

gstanden@W520:~/Networking$ sudo sysctl -p

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.ip_forward = 1
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 6815744
fs.aio-max-nr = 1048576
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
vm.nr_hugepages = 2060
kernel.panic_on_oops = 1


gstanden@W520:~/Networking$

Restart DNS and DHCP to Verify Configuration

Reboot the desktop host to reset the "/etc/resolv.conf" file to the new settings, and verify DNS and DHCP configuration is correct by doing an nslookup on "w520" and "w520.vmem.org".  Both should return the local IP address for that server. Run the tests as shown below to:

  • Verify DNS is working;
  • Verify that "named" is monitoring 10.207.39.1
  • Verify that "named" in monitoring 10.207.29.1 (new network for mccc.org)  GLS 2015-05-16
  • Verify that "dnsmasq" is monitoring 10.0.3.1
  • Verify that the OpenvSwitch switches are created
  • Verify that "/etc/resolv.conf" has the correct settings

These tests are shown below with correct expected output.

gstanden@w520:~$ cat /etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search vmem.org gns1.vmem.org

gstanden@w520:~$
gstanden@w520:~$ nslookup w520

Server:        127.0.0.1
Address:    127.0.0.1#53

Name:    W520.vmem.org
Address: 10.207.39.1

gstanden@w520:~$ nslookup w520.vmem.org
Server:        127.0.0.1
Address:    127.0.0.1#53

Name:    W520.vmem.org
Address: 10.207.39.1

gstanden@w520:~$ sudo netstat -ulnp | grep 53
[sudo] password for gstanden:
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           655/avahi-daemon: r
udp        0      0 0.0.0.0:55382           0.0.0.0:*                           2262/dhcpd     
udp        0      0 10.0.3.1:53             0.0.0.0:*                           3139/dnsmasq   
udp        0      0 10.207.39.1:53          0.0.0.0:*                           2374/named     
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2374/named     
udp        0      0 127.0.1.1:53            0.0.0.0:*                           2062/dnsmasq   
udp6       0      0 :::5353                 :::*                                655/avahi-daemon: r
udp6       0      0 fe80::14f1:a8ff:fe89:53 :::*                                3139/dnsmasq   
udp6       0      0 :::53                   :::*                                2374/named     
gstanden@w520:~$ sudo ovs-vsctl show
2044e8b7-5949-4c10-8e3a-0825f7b69ea5
    Bridge "sw9"
        Port "sw9"
            Interface "sw9"
                type: internal
    Bridge "sw6"
        Port "sw6"
            Interface "sw6"
                type: internal
    Bridge "sw5"
        Port "sw5"
            Interface "sw5"
                type: internal
    Bridge "sw8"
        Port "sw8"
            Interface "sw8"
                type: internal
    Bridge "sw7"
        Port "sw7"
            Interface "sw7"
                type: internal
    Bridge "sw4"
        Port "sw4"
            Interface "sw4"
                type: internal
    Bridge "sw3"
        Port "sw3"
            tag: 90
            Interface "sw3"
                type: internal
        Port "w2"
            Interface "w2"
        Port "w4"
            Interface "w4"
        Port "w3"
            Interface "w3"
        Port "w5"
            Interface "w5"
        Port "w1"
            Interface "w1"
    Bridge "sw1"
        Port "s4"
            Interface "s4"
        Port "s3"
            Interface "s3"
        Port "s1"
            Interface "s1"
        Port "s2"
            Interface "s2"
        Port "s5"
            Interface "s5"
        Port "sw1"
            tag: 10
            trunks: [10]
            Interface "sw1"
                type: internal
    Bridge "sw2"
        Port "t1"
            Interface "t1"
        Port "t4"
            Interface "t4"
        Port "t2"
            Interface "t2"
        Port "t5"
            Interface "t5"
        Port "t3"
            Interface "t3"
        Port "sw2"
            tag: 80
            Interface "sw2"
                type: internal
    ovs_version: "2.1.3"
gstanden@w520:~$

Update Begin Ubuntu 15.04 2015-05-16

gstanden@vmem1:~/OpenvSwitch$ nslookup vmem1
Server:        127.0.1.1
Address:    127.0.1.1#53

Name:    vmem1.vmem.org
Address: 10.207.39.1

gstanden@vmem1:~/OpenvSwitch$ nslookup mccc1
Server:        127.0.1.1
Address:    127.0.1.1#53

Name:    mccc1.mccc.org
Address: 10.207.29.1

gstanden@vmem1:~/OpenvSwitch$ sudo ovs-vsctl show

2fc24710-34b5-4aa2-a32d-4e7bcb1afa1a
    Bridge "sw8"
        Port "sw8"
            tag: 60
            trunks: [60, 70]
            Interface "sw8"
                type: internal
    Bridge "sw7"
        Port "sw7"
            tag: 50
            trunks: [20, 30, 40, 50]
            Interface "sw7"
                type: internal
    Bridge "sw4"
        Port "sw4"
            tag: 20
            trunks: [20, 30, 40, 50]
            Interface "sw4"
                type: internal
    Bridge "sw6"
        Port "sw6"
            tag: 40
            trunks: [20, 30, 40, 50]
            Interface "sw6"
                type: internal
    Bridge "sw5"
        Port "sw5"
            tag: 30
            trunks: [20, 30, 40, 50]
            Interface "sw5"
                type: internal
    Bridge "sw2"
        Port "t1"
            Interface "t1"
        Port "sw2"
            tag: 80
            Interface "sw2"
                type: internal
        Port "t4"
            Interface "t4"
        Port "t3"
            Interface "t3"
        Port "t2"
            Interface "t2"
        Port "t5"
            Interface "t5"
    Bridge "sw9"
        Port "sw9"
            tag: 70
            trunks: [60, 70]
            Interface "sw9"
                type: internal
    Bridge "sw1"
        Port "s2"
            Interface "s2"
        Port "s4"
            Interface "s4"
        Port "s1"
            Interface "s1"
        Port "s5"
            Interface "s5"
        Port "sw1"
            tag: 10
            trunks: [10]
            Interface "sw1"
                type: internal
        Port "s3"
            Interface "s3"
    Bridge "sw3"
        Port "w4"
            Interface "w4"
        Port "w2"
            Interface "w2"
        Port "w1"
            Interface "w1"
        Port "sw3"
            tag: 90
            Interface "sw3"
                type: internal
        Port "w3"
            Interface "w3"
        Port "w5"
            Interface "w5"
    Bridge "sx1"
        Port "a4"
            Interface "a4"
        Port "a5"
            Interface "a5"
        Port "a3"
            Interface "a3"
        Port "a2"
            Interface "a2"
        Port "a1"
            Interface "a1"
        Port "sx1"
            tag: 10
            trunks: [10]
            Interface "sx1"
                type: internal
    ovs_version: "2.3.1"

gstanden@vmem1:~/OpenvSwitch$ sudo netstat -ulnp | grep 53
[sudo] password for gstanden:

udp        0      0 0.0.0.0:5353            0.0.0.0:*                           1031/avahi-daemon:
udp        0      0 192.168.122.1:53        0.0.0.0:*                           3285/named     
udp        0      0 10.207.29.1:53          0.0.0.0:*                           3285/named <-- New Network added     
udp        0      0 10.207.39.1:53          0.0.0.0:*                           3285/named     
udp        0      0 127.0.0.1:53            0.0.0.0:*                           3285/named     
udp        0      0 192.168.122.1:53        0.0.0.0:*                           2810/dnsmasq   
udp        0      0 127.0.1.1:53            0.0.0.0:*                           1993/dnsmasq   
udp6       0      0 :::53622                :::*                                1174/rpc.mountd
udp6       0      0 :::5353                 :::*                                1031/avahi-daemon:
udp6       0      0 :::53                   :::*                                3285/named     
gstanden@vmem1:~/OpenvSwitch$

Create Oracle Enteprise Linux 6.5 LXC Linux Container

Install Ubuntu rpm and yum Packages

Create an Oracle Enteprise Linux (OEL) 6.5 LXC Linux Container as shown below.  Notice that the "rpm" and "yum" deb packages must be installed first.  As shown below, LXC container creation is not possible without the Ubuntu versions of "rpm" and "yum" installed first.

gstanden@W520:~$ sudo lxc-create -t oracle -n lxcora01 | tee lxcora01.log

Host is Ubuntu 14.10
No release specified with -R, defaulting to 6.5
Create configuration file /var/lib/lxc/lxcora01/config
failed: The rpm command is required, please install it
lxc_container: lxccontainer.c: create_run_template: 1121 container creation template for lxcora01 failed
lxc_container: lxc_create.c: main: 280 Error creating container lxcora01

gstanden@W520:~$ sudo apt-get install rpm

Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following extra packages will be installed:
  debugedit librpm3 librpmbuild3 librpmio3 librpmsign1 rpm-common rpm2cpio
Suggested packages:
  rpm-i18n alien elfutils rpmlint rpm2html
The following NEW packages will be installed:
  debugedit librpm3 librpmbuild3 librpmio3 librpmsign1 rpm rpm-common rpm2cpio
0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 451 kB of archives.
After this operation, 2,026 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu/ utopic/main librpmio3 amd64 4.11.2-3 [69.0 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu/ utopic/main debugedit amd64 4.11.2-3 [15.6 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ utopic/main librpm3 amd64 4.11.2-3 [154 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu/ utopic/main librpmbuild3 amd64 4.11.2-3 [58.0 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu/ utopic/main librpmsign1 amd64 4.11.2-3 [8,024 B]
Get:6 http://us.archive.ubuntu.com/ubuntu/ utopic/main rpm-common amd64 4.11.2-3 [26.3 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu/ utopic/main rpm2cpio amd64 4.11.2-3 [5,196 B]
Get:8 http://us.archive.ubuntu.com/ubuntu/ utopic/main rpm amd64 4.11.2-3 [115 kB]
Fetched 451 kB in 2s (152 kB/s)
Selecting previously unselected package librpmio3.
(Reading database ... 203302 files and directories currently installed.)
Preparing to unpack .../librpmio3_4.11.2-3_amd64.deb ...
Unpacking librpmio3 (4.11.2-3) ...
Selecting previously unselected package debugedit.
Preparing to unpack .../debugedit_4.11.2-3_amd64.deb ...
Unpacking debugedit (4.11.2-3) ...
Selecting previously unselected package librpm3.
Preparing to unpack .../librpm3_4.11.2-3_amd64.deb ...
Unpacking librpm3 (4.11.2-3) ...
Selecting previously unselected package librpmbuild3.
Preparing to unpack .../librpmbuild3_4.11.2-3_amd64.deb ...
Unpacking librpmbuild3 (4.11.2-3) ...
Selecting previously unselected package librpmsign1.
Preparing to unpack .../librpmsign1_4.11.2-3_amd64.deb ...
Unpacking librpmsign1 (4.11.2-3) ...
Selecting previously unselected package rpm-common.
Preparing to unpack .../rpm-common_4.11.2-3_amd64.deb ...
Unpacking rpm-common (4.11.2-3) ...
Selecting previously unselected package rpm2cpio.
Preparing to unpack .../rpm2cpio_4.11.2-3_amd64.deb ...
Unpacking rpm2cpio (4.11.2-3) ...
Selecting previously unselected package rpm.
Preparing to unpack .../rpm_4.11.2-3_amd64.deb ...
Unpacking rpm (4.11.2-3) ...
Processing triggers for man-db (2.7.0.2-2) ...

gstanden@W520:~$

Install Ubuntu yum Package

Now install the OEL 6.5 LXC Linux Container as shown below.  Notice that the "yum" deb package must first be installed, as shown below.

gstanden@W520:~$ sudo lxc-create -t oracle -n lxcora01

Host is Ubuntu 14.10
No release specified with -R, defaulting to 6.5
Create configuration file /var/lib/lxc/lxcora01/config
failed: The yum command is required, please install it
lxc_container: lxccontainer.c: create_run_template: 1121 container creation template for lxcora01 failed
lxc_container: lxc_create.c: main: 280 Error creating container lxcora01

gstanden@W520:~$ sudo apt-get install yum

Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following extra packages will be installed:
  libsqlite0 python-libxml2 python-rpm python-sqlite python-sqlitecachec python-urlgrabber
Suggested packages:
  python-sqlite-dbg
The following NEW packages will be installed:
  libsqlite0 python-libxml2 python-rpm python-sqlite python-sqlitecachec python-urlgrabber yum
0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,220 kB of archives.
After this operation, 5,391 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu/ utopic/universe libsqlite0 amd64 2.8.17-10ubuntu2 [139 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu/ utopic/main python-libxml2 amd64 2.9.1+dfsg1-4ubuntu1 [143 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ utopic/universe python-sqlite amd64 1.0.1-11 [20.7 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu/ utopic/main python-urlgrabber all 3.9.1-4ubuntu3 [42.3 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu/ utopic/universe python-rpm amd64 4.11.2-3 [33.5 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu/ utopic/universe python-sqlitecachec amd64 1.1.4-1 [21.4 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu/ utopic/universe yum all 3.4.3-2ubuntu1 [821 kB]
Fetched 1,220 kB in 5s (209 kB/s)
Selecting previously unselected package libsqlite0.
(Reading database ... 203549 files and directories currently installed.)
Preparing to unpack .../libsqlite0_2.8.17-10ubuntu2_amd64.deb ...
Unpacking libsqlite0 (2.8.17-10ubuntu2) ...
Selecting previously unselected package python-libxml2.
Preparing to unpack .../python-libxml2_2.9.1+dfsg1-4ubuntu1_amd64.deb ...
Unpacking python-libxml2 (2.9.1+dfsg1-4ubuntu1) ...
Selecting previously unselected package python-sqlite.
Preparing to unpack .../python-sqlite_1.0.1-11_amd64.deb ...
Unpacking python-sqlite (1.0.1-11) ...
Selecting previously unselected package python-urlgrabber.
Preparing to unpack .../python-urlgrabber_3.9.1-4ubuntu3_all.deb ...
Unpacking python-urlgrabber (3.9.1-4ubuntu3) ...
Selecting previously unselected package python-rpm.
Preparing to unpack .../python-rpm_4.11.2-3_amd64.deb ...
Unpacking python-rpm (4.11.2-3) ...
Selecting previously unselected package python-sqlitecachec.
Preparing to unpack .../python-sqlitecachec_1.1.4-1_amd64.deb ...
Unpacking python-sqlitecachec (1.1.4-1) ...
Selecting previously unselected package yum.
Preparing to unpack .../yum_3.4.3-2ubuntu1_all.deb ...
Unpacking yum (3.4.3-2ubuntu1) ...
Processing triggers for man-db (2.7.0.2-2) ...
Setting up libsqlite0 (2.8.17-10ubuntu2) ...
Setting up python-libxml2 (2.9.1+dfsg1-4ubuntu1) ...
Setting up python-sqlite (1.0.1-11) ...
Setting up python-urlgrabber (3.9.1-4ubuntu3) ...
Setting up python-rpm (4.11.2-3) ...
Setting up python-sqlitecachec (1.1.4-1) ...
Setting up yum (3.4.3-2ubuntu1) ...
Processing triggers for libc-bin (2.19-10ubuntu2.1) ...

gstanden@W520:~$

Create LXC Container

Now install the OEL 6.5 LXC Linux Container as shown below.  The full log of the installation is attached to the blog as "lxcora01.log".  Abridged information from the creation of the LXC is shown below.

gstanden@W520:~$ sudo lxc-create -t oracle -n lxcora01 | tee lxcora01.log
gstanden@W520:~$ head lxcora01.log


Host is Ubuntu 14.10
No release specified with -R, defaulting to 6.5
Create configuration file /var/lib/lxc/lxcora01/config
Yum installing release 6.5 for x86_64
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package chkconfig.x86_64 0:1.3.49.3-2.el6_4.1 will be installed
--> Processing Dependency: libc.so.6(GLIBC_2.2.5)(64bit) for package: chkconfig-1.3.49.3-2.el6_4.1.x86_64
--> Processing Dependency: libc.so.6(GLIBC_2.8)(64bit) for package: chkconfig-1.3.49.3-2.el6_4.1.x86_64
...
...
...
Complete!
Rebuilding rpm database
Patching container rootfs /var/lib/lxc/lxcora01/rootfs for Oracle Linux 6.5
Configuring container for Oracle Linux 6.5
Added container user:oracle password:oracle
Added container user:root password:root
Container : /var/lib/lxc/lxcora01/rootfs
Config    : /var/lib/lxc/lxcora01/config
Network   : eth0 (veth) on virbr0


gstanden@W520:~$  sudo lxc-ls -f
 
NAME      STATE    IPV4  IPV6  GROUPS  AUTOSTART 
------------------------------------------------
lxcora01  STOPPED  -     -     -       NO
        
gstanden@W520:~$

Start LXC Linux Container lxcora01 in foreground mode ("-F") so that console will connect on current startup session as shown below.  Notice that DHCP provided by default by dnsmasq-base listening on lxcbr0 (10.0.3.1) has provided a dhcp-issued IP address for the container.  This is the default networking provided by the standard template.  After verifying, shutdown the container using "shutdown -h now" as shown below.

Also, note the MAC address shown in bold below which will be used when editing the config file for the container for OpenvSwitch networking.

gstanden@W520:~$ sudo lxc-start -n lxcora01 -F

        Welcome to Oracle Linux Server
Setting hostname lxcora01:                                 [  OK  ]
Checking filesystems
                                                           [  OK  ]
Mounting local filesystems:                                [  OK  ]
Enabling /etc/fstab swaps:                                 [  OK  ]
Entering non-interactive startup
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0: 
Determining IP information for eth0... done.
                                                           [  OK  ]
Starting system logger:                                    [  OK  ]
Mounting filesystems:                                      [  OK  ]
Generating SSH1 RSA host key:                              [  OK  ]
Generating SSH2 RSA host key:                              [  OK  ]
Generating SSH2 DSA host key:                              [  OK  ]
Starting sshd:                                             [  OK  ]

Oracle Linux Server release 6.5
Kernel 3.16.0-28-generic on an x86_64

lxcora01 login: root
Password:

[root@lxcora01 ~]# ifconfig

eth0      Link encap:Ethernet  HWaddr FE:71:FA:7E:CB:AF 
          inet addr:10.0.3.116  Bcast:10.0.3.255  Mask:255.255.255.0
          inet6 addr: fe80::fc71:faff:fe7e:cbaf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:30 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4625 (4.5 KiB)  TX bytes:1458 (1.4 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

[root@lxcora01 ~]# shutdown -h now

Configure LXC Container for OpenvSwitch Networking

Make a backup of the original install LXC config file as shown below.

gstanden@W520:~$ sudo su -
root@W520:~# cd /var/lib/lxc/lxcora01
root@W520:/var/lib/lxc/lxcora01# ls -lrt
total 8
-rw-r--r--  1 root root  663 Dec 28 14:48 config
dr-xr-xr-x 21 root root 4096 Dec 28 15:12 rootfs
root@W520:/var/lib/lxc/lxcora01# cp -p config config.original.install.bak

Edit LXC Container config File for OpenvSwitch

The original "/var/lib/lxc/lxcora01/config" file is shown below.  In the next step, the config is edited to put the container on the OpenvSwitch network., The lines shown in bold will be commented out in the next step to remove the LXC container from Linux Bridge networking, and the file will be rearranged slightly for clarity and readability.

root@W520:/var/lib/lxc/lxcora01# cat config.original.install.bak

# Template used to create this container: /usr/share/lxc/templates/lxc-oracle
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx

lxc.rootfs = /var/lib/lxc/lxcora01/rootfs
# Common configuration
lxc.include = /usr/share/lxc/config/oracle.common.conf
# Container configuration for Oracle Linux 6.5
lxc.arch = x86_64
lxc.utsname = lxcora01
lxc.cap.drop = sys_resource
lxc.cap.drop = setfcap setpcap
# Networking
lxc.network.name = eth0
lxc.network.mtu = 1500

lxc.network.hwaddr = fe:71:fa:7e:cb:af
root@W520:/var/lib/lxc/lxcora01#


The edited version of the "/var/lib/lxc/lxcora01/config" for use with OpenvSwitch networking is shown below.  TheLinux Bridge networking lines have been removed, and the file has also been rearranged into sections for better readability and clarity.

root@W520:/var/lib/lxc/lxcora01# cat config
# Template used to create this container: /usr/share/lxc/templates/lxc-oracle
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)

# Filesystem
lxc.rootfs = /var/lib/lxc/lxcora01/rootfs

# Common configuration
lxc.include = /usr/share/lxc/config/oracle.common.conf

# Container configuration for Oracle Linux 6.5
lxc.arch = x86_64
lxc.utsname = lxcora01
lxc.cap.drop = sys_resource
lxc.cap.drop = setfcap setpcap

# OpenvSwitch Networking                 <-- OpenvSwitch Networking is added.
lxc.network.type = veth
lxc.network.flags = up
lxc.network.script.up = /etc/network/if-up.d/lxc-ifup-sw1
lxc.network.script.down = /etc/network/if-down.d/lxc-ifdown-sw1
lxc.network.veth.pair = lxcora01-pub
lxc.network.name = eth0
lxc.network.mtu = 1500
lxc.network.hwaddr = fe:71:fa:7e:cb:af   <-- Same MAC address is reused from original config for eth0

# Linux Bridge Networking                <-- Linux Bridge Networking is commented out.
# lxc.network.type = veth
# lxc.network.link = lxcbr0
# lxc.network.flags = up
# lxc.network.hwaddr = 00:16:3e:xx:xx:xx
# lxc.network.name = eth1

# lxc.network.mtu = 1500

root@W520:/var/lib/lxc/lxcora01#

Create Additional Required Networking Files

Next the two files "lxc-ifup-sw1" and "lxc-ifdown-sw1" must be installed and configured as shown below.


root@W520:/etc/network/if-up.d# chmod 744 lxc-ifup-sw1
root@W520:/etc/network/if-up.d# cd ..
root@W520:/etc/network# cd if-down.d
root@W520:/etc/network/if-down.d# chmod 744 lxc-ifdown-sw1
root@W520:/etc/network/if-down.d#

root@W520:/etc/network/if-up.d# cat lxc-ifup-sw1

#!/bin/bash
ovsBr='sw1'
ovs-vsctl add-port ${ovsBr} $5
ovs-vsctl set port $5 tag=10


root@W520:/etc/network/if-up.d# cd ..
root@W520:/etc/network# cd if-down.d/

root@W520:/etc/network/if-down.d# cat lxc-ifdown-sw1

#!/bin/bash
ovsBr='sw1'
ovs-vsctl del-port ${ovsBr} $5

root@W520:/etc/network/if-down.d#

Configure dhclient.conf File

Next edit the "/var/lib/lxc/lxcora01/rootfs/etc/dhcp/dhclient.conf" file for the LXC container as shown below.  This file configures the "/etc/resolv.conf" file of the LXC Linux Container at boot time ensuring that it always has the correct set of nameserver values and domain name values added dynamically at boot.  Note that the "vmem.org" domain name is not included because it is added to the container /etc/resolv.conf by DHCP of the host. Optionally, it could be included here, but typically this would result in "vmem.org" appearing twice in the resolv.conf file of the LXC container.

root@W520:/var/lib/lxc/lxcora01# cat rootfs/etc/dhcp/dhclient.conf

append domain-name-servers 8.8.8.8, 10.207.39.3;
append domain-name " gns1.vmem.org";

root@W520:/var/lib/lxc/lxcora01#

The "/var/lib/lxc/lxcora01/rootfs/etc/sysconfig/network-scripts/ifcfg-eth0" file can be listed and checked as well as shown below just to verify it is correct.  It should be similar to the one shown below.

root@W520:/var/lib/lxc/lxcora01# cat rootfs/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
HOSTNAME=lxcora01
DHCP_HOSTNAME=lxcora01
NM_CONTROLLED=no
TYPE=Ethernet

root@W520:/var/lib/lxc/lxcora01#

Verify Container Operation on DHCP and DNS with OpenvSwitch

Start the container (or reboot if it is already running) as shown below.  IP assignment ot eth0 should be successful.

gstanden@W520:~$ sudo lxc-start -n lxcora01 -F

        Welcome to Oracle Linux Server
Setting hostname lxcora01:                                 [  OK  ]
Checking filesystems
                                                           [  OK  ]
Mounting local filesystems:                                [  OK  ]
Enabling /etc/fstab swaps:                                 [  OK  ]
Entering non-interactive startup
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0: 
Determining IP information for eth0... done.
                                                           [  OK  ]
Starting system logger:                                    [  OK  ]
Mounting filesystems:                                      [  OK  ]
Starting sshd:                                             [  OK  ]

Oracle Linux Server release 6.5
Kernel 3.16.0-28-generic on an x86_64

lxcora01 login:

Verify Container on OpenvSwitch Network

Login to the container and verify that the container is now on the OpenvSwitch network as shown below.  In this case the first container gets ".70" as it's IP because this was set as the lowest IP in the DHCP reserved range.  IP addresses below 70 are reserved for static assignment on the 10.207.39.x subnet.

[root@lxcora01 ~]# ifconfig

eth0      Link encap:Ethernet  HWaddr FE:71:FA:7E:CB:AF 
          inet addr:10.207.39.70  Bcast:10.207.39.255  Mask:255.255.255.0
          inet6 addr: fe80::fc71:faff:fe7e:cbaf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:124 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:24086 (23.5 KiB)  TX bytes:1074 (1.0 KiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

[root@lxcora01 ~]#

Verify Container /etc/resolv.conf Correct Dynamic Formatting

Check that the /etc/resolv.conf has the correct entries assigned at startup by dhclient.conf file as shown below.

[root@lxcora01 ~]# cat /etc/resolv.conf

; generated by /sbin/dhclient-script
search vmem.org gns1.vmem.org
nameserver 10.207.39.1
nameserver 8.8.8.8
nameserver 10.207.39.3


[root@lxcora01 ~]#

Install Package "bind-utils" into LXC Container

Install the "bind-utils" package inside the LXC container using "yum" as shown below, and check then check that "nslookup" can resolv "lxcora01" the hostname of the LXC container as shown below.  The bind-utils package is needed to obtain "nslookup".

[root@lxcora01 ~]# yum install bind-utils
Loaded plugins: lxc-patch
ol6_u5_base                                                                                                                                        | 1.4 kB     00:00    
ol6_u5_base/primary                                                                                                                                | 3.2 MB     00:01    
ol6_u5_base                                                                                                                                                     8573/8573
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-utils.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.6 will be installed
--> Processing Dependency: bind-libs = 32:9.8.2-0.17.rc1.0.2.el6_4.6 for package: 32:bind-utils-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64
--> Processing Dependency: libdns.so.81()(64bit) for package: 32:bind-utils-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64
--> Processing Dependency: libbind9.so.80()(64bit) for package: 32:bind-utils-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64
--> Processing Dependency: libisc.so.83()(64bit) for package: 32:bind-utils-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64
--> Processing Dependency: libisccc.so.80()(64bit) for package: 32:bind-utils-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64
--> Processing Dependency: liblwres.so.80()(64bit) for package: 32:bind-utils-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64
--> Processing Dependency: libisccfg.so.82()(64bit) for package: 32:bind-utils-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64
--> Running transaction check
---> Package bind-libs.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================================================
 Package                             Arch                            Version                                                   Repository                            Size
==========================================================================================================================================================================
Installing:
 bind-utils                          x86_64                          32:9.8.2-0.17.rc1.0.2.el6_4.6                             ol6_u5_base                          182 k
Installing for dependencies:
 bind-libs                           x86_64                          32:9.8.2-0.17.rc1.0.2.el6_4.6                             ol6_u5_base                          878 k

Transaction Summary
==========================================================================================================================================================================
Install       2 Package(s)

Total download size: 1.0 M
Installed size: 2.6 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): bind-libs-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64.rpm                                                                                             | 878 kB     00:30    
(2/2): bind-utils-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64.rpm                                                                                            | 182 kB     00:02    
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                      29 kB/s | 1.0 MB     00:36    
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
Importing GPG key 0xEC551F03:
 Userid : Oracle OSS group (Open Source Software group) <build@oss.oracle.com>
 Package: 6:oraclelinux-release-6Server-5.0.2.x86_64 (@ol6_u5_base/$releasever)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 32:bind-libs-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64                                                                                                         1/2
  Installing : 32:bind-utils-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64                                                                                                        2/2
lxc-patch: checking if updated pkgs need patching...
  Verifying  : 32:bind-libs-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64                                                                                                         1/2
  Verifying  : 32:bind-utils-9.8.2-0.17.rc1.0.2.el6_4.6.x86_64                                                                                                        2/2

Installed:
  bind-utils.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.6                                                                                                                        

Dependency Installed:
  bind-libs.x86_64 32:9.8.2-0.17.rc1.0.2.el6_4.6                                                                                                                         

Complete!
[root@lxcora01 ~]#

Run nslookup Tests in LXC Container to Verify DNS Resolutions

Now run nslookup as shown below to verify automatic DNS registration of DHCP-issued IP addresses and to test that various configured dynamic and static forward and reverse lookups are working correctly from the LXC container.


[root@lxcora01 ~]# nslookup lxcora01
Server:        10.207.39.1
Address:    10.207.39.1#53

Name:    lxcora01.vmem.org
Address: 10.207.39.70

[root@lxcora01 ~]# nslookup 10.207.39.70
Server:        10.207.39.1
Address:    10.207.39.1#53

70.39.207.10.in-addr.arpa    name = lxcora01.vmem.org.

[root@lxcora01 ~]# nslookup w520
Server:        10.207.39.1
Address:    10.207.39.1#53

Name:    W520.vmem.org
Address: 10.207.39.1

[root@lxcora01 ~]# nslookup 10.207.39.1
Server:        10.207.39.1
Address:    10.207.39.1#53

1.39.207.10.in-addr.arpa    name = W520.vmem.org.

[root@lxcora01 ~]# nslookup lxc1-gns-vip
Server:        10.207.39.1
Address:    10.207.39.1#53

Name:    lxc1-gns-vip.vmem.org
Address: 10.207.39.3

[root@lxcora01 ~]# nslookup 10.207.39.3
Server:        10.207.39.1
Address:    10.207.39.1#53

3.39.207.10.in-addr.arpa    name = lxc1-gns-vip.vmem.org.

[root@lxcora01 ~]#

Run Various Status Commands on Container

The LXC container is now on the OpenvSwitch network and ready for configuration of pre-requisites for Oracle Enterprise Database product installations. Various checks on the running container can be run as shown below.

gstanden@w520:~$ sudo lxc-info -n lxcora01
[sudo] password for gstanden:
Name:           lxcora01
State:          RUNNING
PID:            5288
IP:             10.207.39.70
CPU use:        4.99 seconds
BlkIO use:      2.23 MiB
Memory use:     33.65 MiB
KMem use:       0 bytes
Link:           lxcora01-pub
 TX bytes:      107.54 KiB
 RX bytes:      4.54 MiB
 Total bytes:   4.65 MiB
gstanden@w520:~$ sudo lxc-ls -f
NAME      STATE    IPV4          IPV6  GROUPS  AUTOSTART 
--------------------------------------------------------
lxcora01  RUNNING  10.207.39.70  -     -       NO        
gstanden@w520:~$

Create File Management Links

Several files located in various directories are used to configure and manage this environment.  It is useful to build links off of the "/home/username" directory to act as pointers to various required files for centralized managment and control. Use the "ln -s" command to create links as shown below.  Note that links to files inside the rootfs of the LXC container will show as red due to access permissions when connected as non-root account, but are useful nevertheless for reminding location of these files.

root@vmem1:/home/gstanden/Networking# cat crt_links.sh

ln -s /etc/dhcp/dhcpd.conf .
ln -s /etc/dhcp/dhclient.conf .
ln -s /etc/init/my-network-up.sh .
ln -s /var/lib/bind/fwd.vmem.org .
ln -s /var/lib/bind/rev.vmem.org .
ln -s /var/lib/bind/fwd.mccc.org .
ln -s /var/lib/bind/rev.mccc.org .
ln -s /etc/network/if-up.d/lxc-ifup-sw1 .
ln -s /etc/network/if-down.d/lxc-ifdown-sw1 .
ln -s /etc/bind/named.conf.options .
ln -s /etc/bind/named.conf.local .
ln -s /etc/bind/rndc.key .
ln -s /var/lib/lxc/lxcora02/config lxcora02-config
ln -s /var/lib/lxc/lxcora03/config lxcora03-config
ln -s /etc/NetworkManager/dnsmasq.d/local .

root@vmem1:/home/gstanden/Networking#


Contents of the /home/gstanden/OpenvSwitch directory shown below.
gstanden@w520:~$ cd OpenvSwitch
gstanden@w520:~/OpenvSwitch$ ls -lrt
total 48
-rwxr-xr-x 1 gstanden gstanden 2153 Dec 30 19:34 crt_ovs_sw1.sh
-rwxr-xr-x 1 gstanden gstanden 1016 Dec 30 19:34 crt_ovs_sw2.sh
-rwxr-xr-x 1 gstanden gstanden 1019 Dec 30 19:34 crt_ovs_sw3.sh
-rwxr-xr-x 1 gstanden gstanden  704 Dec 30 19:34 crt_ovs_sw4.sh
-rwxr-xr-x 1 gstanden gstanden  704 Dec 30 19:34 crt_ovs_sw5.sh
-rwxr-xr-x 1 gstanden gstanden  704 Dec 30 19:34 crt_ovs_sw6.sh
-rwxr-xr-x 1 gstanden gstanden  704 Dec 30 19:34 crt_ovs_sw7.sh
-rwxr-xr-x 1 gstanden gstanden  704 Dec 30 19:34 crt_ovs_sw8.sh
-rwxr-xr-x 1 gstanden gstanden  704 Dec 30 19:34 crt_ovs_sw9.sh
lrwxrwxrwx 1 gstanden gstanden   28 Dec 30 19:38 my-network-up.conf -> /etc/init/my-network-up.conf
-rw-r--r-- 1 gstanden gstanden  414 Dec 30 20:50 crt_ovs_sw1.log
-rw-r--r-- 1 gstanden gstanden  195 Dec 30 20:50 crt_ovs_sw2.log
-rw-r--r-- 1 gstanden gstanden  195 Dec 30 20:50 crt_ovs_sw3.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 30 20:50 crt_ovs_sw4.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 30 20:50 crt_ovs_sw5.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 30 20:50 crt_ovs_sw6.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 30 20:50 crt_ovs_sw7.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 30 20:50 crt_ovs_sw8.log
-rw-r--r-- 1 gstanden gstanden    0 Dec 30 20:50 crt_ovs_sw9.log
gstanden@w520:~/OpenvSwitch$ cd ..
gstanden@w520:~$ cd Networking
root@vmem1:/home/gstanden/Networking# ls -lrt

total 4
lrwxrwxrwx 1 root     root      20 May 16 17:38 dhcpd.conf -> /etc/dhcp/dhcpd.conf
lrwxrwxrwx 1 root     root      23 May 16 17:38 dhclient.conf -> /etc/dhcp/dhclient.conf
lrwxrwxrwx 1 root     root      26 May 16 17:38 rev.vmem.org -> /var/lib/bind/rev.vmem.org
lrwxrwxrwx 1 root     root      26 May 16 17:38 fwd.vmem.org -> /var/lib/bind/fwd.vmem.org
lrwxrwxrwx 1 root     root      26 May 16 17:38 rev.mccc.org -> /var/lib/bind/rev.mccc.org
lrwxrwxrwx 1 root     root      26 May 16 17:38 fwd.mccc.org -> /var/lib/bind/fwd.mccc.org
lrwxrwxrwx 1 root     root      33 May 16 17:38 lxc-ifup-sw1 -> /etc/network/if-up.d/lxc-ifup-sw1
lrwxrwxrwx 1 root     root      37 May 16 17:38 lxc-ifdown-sw1 -> /etc/network/if-down.d/lxc-ifdown-sw1
lrwxrwxrwx 1 root     root      18 May 16 17:38 rndc.key -> /etc/bind/rndc.key
lrwxrwxrwx 1 root     root      28 May 16 17:38 named.conf.options -> /etc/bind/named.conf.options
lrwxrwxrwx 1 root     root      26 May 16 17:38 named.conf.local -> /etc/bind/named.conf.local
lrwxrwxrwx 1 root     root      35 May 16 17:38 local -> /etc/NetworkManager/dnsmasq.d/local
lrwxrwxrwx 1 root     root      28 May 16 17:39 lxcora02-config -> /var/lib/lxc/lxcora02/config
lrwxrwxrwx 1 root     root      28 May 16 17:39 lxcora03-config -> /var/lib/lxc/lxcora03/config
-rwxr-xr-x 1 gstanden gstanden 569 May 16 17:40 crt_links.sh
lrwxrwxrwx 1 root     root      26 May 16 17:40 my-network-up.sh -> /etc/init/my-network-up.sh

root@vmem1:/home/gstanden/Networking#

gstanden@w520:~/Networking$ cd ..
gstanden@w520:~$ cd Templates
gstanden@w520:~/Templates$ ls -lrt
total 0

lrwxrwxrwx 1 gstanden gstanden 24 Dec 30 21:18 templates -> /usr/share/lxc/templates

gstanden@w520:~/Templates$


















ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
fwd.mccc.org
(0k)
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
fwd.vmem.org
(0k)
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
interfaces
(0k)
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
local
(0k)
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
lxcora01.log
(64k)
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
named.conf.local
(0k)
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
named.conf.options
(0k)
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
rev.mccc.org
(0k)
Gilbert Standen,
May 16, 2015, 6:26 PM
ċ
rev.vmem.org
(0k)
Gilbert Standen,
May 16, 2015, 6:26 PM
Comments