klog

oh my!

We bought a rack server for the office, to help replace our aging systems with something a little more civilised. I spent a lot of time this week trying to figure out how to configure it best.

I wanted to install services and servers on the machine in such a way that I could easily move them onto a new machine if things get too busy. For this, I chose to use the QEMU virtual machine emulator. Some people might think that VMWare would be a better choice, but I did some research on it and couldn’t find any compelling reason why I should choose VMWare over QEMU.

To have the system networked properly in the LAN, I wanted to be able to address each vm using a separate IP number. To do this, I had to set up QEMU to use eth0 as a bridge. So, I had this in the host’s /etc/rc.local.

echo 1024 > /proc/sys/dev/rtc/max-user-freq
modprobe kqemu
modprobe tun
/etc/init/iptables down

/sbin/ifdown eth0
/sbin/ifconfig eth0 0.0.0.0 up
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
/usr/sbin/brctl stp br0 off
/sbin/ifconfig br0 192.168.2.1 netmask 255.255.0.0 up
/sbin/route add default gw 192.168.1.254

and this was in /etc/qemu-ifup

#!/bin/sh
/sbin/ifdown eth0
/sbin/ifconfig eth0 0.0.0.0 up
/sbin/ifconfig $1 0.0.0.0 promisc up
/usr/sbin/brctl addif br0 $1
/sbin/route del default
/sbin/route add default gw 192.168.1.254

Note that I’ve used $1 instead of tap0 (which is shown in some examples) - this is because when you start up your QEMU instances, each one should use a different tap device.

When loading the QEMU instance, be sure to give each one a different MAC address. Otherwise strange stuff will happen.

xhost +local:root
su -c "qemu -boot c -hda vmServices.img -localtime -net nic,macaddr=52:54:00:00:00:01 -net tap -m 192 -usb -soundhw sb16 &"

In the above case, I’m loading a QEMU instance saved as “vmServices.img”, and have given it a MAC address 52:54:00:00:00:01. The default address is 52:54:00:12:34:56. Be sure to override that.

You’ll have noticed that I turned off iptables in the host’s /etc/rc.local. I’m not an expert at that stuff so that was the simplest solution to enable networking without problems. Be sure to also do it in the client’s /etc/rc.local files as well - otherwise you may have problems accessing hosted web servers, for example.

When the client is loaded up, assign a static IP address to it. I choose static IPs for these servers because they’re not client machines, and I need to be able to consistently access the right one from an external request.

Now you have your network up and running properly, with separate IP addresses for each vm.

The next step is to route incoming web traffic to the right machines.

Let’s say that you want a worker outside the office to access dotproject.youroffice.com, and you want a client to see his test server using blah.com.test.youroffice.com. The problem is that you are using a standard DSL connection, only have one static IP, and the dotproject and test web servers are held in separate VMs on the machine.

In this case, the solution is to use mod_proxy to route to the right machine.

So, you set up a rudimentary virtual hosted webserver on the host machine. The first virtual host should be something generic which perhaps just reports the status of the host. After that, we add the magic:

<VirtualHost *>
  ServerName dotproject.youroffice.com
  ProxyPreserveHost On
  ProxyPass / http://192.168.2.2/
  ProxyPassReverse / http://192.168.2.2/
</VirtualHost>
<VirtualHost *>
  ServerName test.youroffice.com
  ServerAlias *.test.youroffice.com
  ProxyPreserveHost On
  ProxyPass / http://192.168.2.3/
  ProxyPassReverse / http://192.168.2.3/
</VirtualHost>

From an external browser’s perspective, both web servers are running on the same machine, but internally, we can see that there are three involved - a proxy router, and the two separate virtual machines’ web servers.

There may be more-correct ways of doing the above, but this works for me.

…is now available to download and test.

According to the blog entry, IE8 is going to be very exciting for web developers. We can finally start ditching the old hacks built for IE7 and other lesser browsers.

It is not mentioned in that post, but IE8 will render in web standards mode by default. This means that IE8 will read your CSS and display it using as close as possible a rendering model based on W3C rules. This is in contrast to IE7 and below, where the standard was to display in “quirks” mode (using the MS version of the CSS model) and you had to jump through hoops to make it use standards mode.

IE8 aims to have full CSS 2.1 support. This is fantastic, as up to this point, there has been a great specification available, but designers could not use it to its full potential because IE simply wasn’t good enough for it. Microsoft is aiming to fix this deficiency …finally!

Some HTML5 elements will be available. I have not yet seen the list, but this again is a great new trick. HTML5 allows a designer to do some pretty funky things like this: <input name="email" type="email" required="required" />. That is something which at present would require a lot of supporting JavaScript.

I’m looking forward to this. It’s about time that IE grew up and joined the adult browsers such as Firefox and Opera.

Gary Gygax, who engineered a large part of my teenage years, is dead.

I started playing Dungeons & Dragons when I was perhaps 13 or 14, when my parents surprised me one christmas with a box-set of the Basic edition. Almost immediately, this became a hit, and a troupe of players was formed in school.

I’ve lost contact with the players over the years, but their names were Neil, Sean, Brian, Tiarnan, Anto and Gavin.

What D&D gave to me was an imagination and companionship. Once a week, I was able to escape from the drudgery of being an outcast and transform into someone else.

After a while, I transferred to AD&D (Advanced Dungeons And Dragons - an entirely new set of rules) 2nd edition. This was pivotal - the rules were more complex, but that didn’t matter, as the accompanying stories were so much more fascinating. I would buy (and in some cases, steal, to the amusement of the police - they expected young criminals in Tallaght to be stealing cars or mugging, not stealing books to feed a voracious imagination) manuals, read the rules, but study the accompanying short-stories and excerpts.

The goal of AD&D is not to beat up orcs, steal their treasures and amass a huge value in XP. As a dungeon master, I tried to reward the players for playing their roles passionately more than I’d reward them for the various atrocities they committed on the rapidly endangered bad-guy species in our make-believe world.

Through the game, I came across wonderful gems such as Margaret Weis and Tracy Hickman’s Dragonlance books - which would go on to be hugely popular. I always fancied myself to be a little like Raistlin/Fistandantilus - a weakling outcast who had big potential inside. Unfortunately, Raistlin was also a little, well, evil, but no-one’s perfect! His brother Caramon was a bit of a dweeb. Sorry if I mangle names a little - it’s been twenty years since I read the books!

The antics of Tasslehoff Burrfoot were sometimes annoying - the Jar-Jar Binks of the Dragonlance world. But it was fun to read the events of Fizban The Fabulous - an addle-brained sorcerer who would turn out to be very very important (and also turned up in another unrelated series by the same authors, as “Zifnab”).

Eventually we would go on to play other games such as Vampire: The Masquerade and the over-complicated but realistic Warhammer Fantasy Roleplay. We would always go back to A&D, though; nothing could beat it.

Gary, if there’s a heaven for gamers and dungeon masters, I hope you’re in it, enjoying a pipe with the great sage Elminster.