Comments (0)

By Adam, January 23, 2012 2:58 am

I’ve just started using kvm in earnest, and immediately ran into the challenge of how to access my guest via ssh. My first instinct was to configure the guest in bridged mode, but this doesn’t work well (or at all) with wireless interfaces.

So plan B was to set up port redirection from the host to the guest, e.g. so that ssh’ing to localhost port 2222 would redirect to the guest’s port 22.

After a quick google, some fiddling with iptables, and a glance at the libvirt Networking wiki page, I was still having no luck. Then it hit me – my guest was using user-mode networking, and rather than getting its DHCP-allocated IP from the libvirtd-launched dnsmasq instance on the host, was receiving a hardcoded allocation of 10.0.2.15 from the host which is on 10.0.2.2. This can be extremely puzzling at first, because no network commands run on the host (such as ifconfig, iptables, brctl, route) will reveal this magic address, yet the host is still accessible from the guest via it.

After a lot more googling, I stumbled across a technique for configuring host to guest port redirection on a running VM. This sounded very promising, but virt-manager refused to accept the magic Control-Alt-2 key combination to switch to QEMU monitor mode. It turns out that this is no accident. However, since libvirt 0.8.8, the QEMU monitor can be accessed via virsh.
Note that the --hmp option is required, otherwise the monitor expects the command in JSON format, so omitting it leads to errors like error: internal error cannot parse json ... lexical error: invalid char in json text.

The final hurdle was figuring out the correct monitor command. The host_net_redir command as mentioned in the above article is no longer recognized. Luckily the QEMU monitor interface helped me out here – I spotted an encouraging sounding command hostfwd_add:

# virsh qemu-monitor-command --hmp sles11 'help hostfwd_add'
hostfwd_add [vlan_id name] [tcp|udp]:[hostaddr]:hostport-[guestaddr]:guestport -- redirect TCP or UDP connections from host to guest (requires -net user)

and google confirmed that the latter had superceded the former.

So finally we have the complete solution:

# virsh qemu-monitor-command --hmp sles11 'hostfwd_add ::2222-:22'
# ssh -p 2222 localhost
Password:
Last login: Mon Jan 23 00:37:44 2012
linux-mnsh:~ #

Hooray!

UPDATE: just found another very simple solution – add a new NIC to the VM which doesn’t use user-mode networking. Then it will get a IP (on 192.168.100.0/24 by default) which is still NAT’d but also routable via virbr0 on the host, meaning no redirection is necessary; just ssh directly to the guest’s IP from the host. A minor disadvantage of this is that the guest won’t be directly reachable from outside the host, but that’s unlikely to be an issue in most scenarios.

Comments (3)

By Adam, August 12, 2011 5:18 am

I’m sitting on a plane from LA to Chicago. This is my fifth flight in the last two months, having already been to New York, Ohio, Florida, and California, and it’s probably about time I explain what the hell I’m doing, as I have friends and family who have seen various confusing status updates I’ve posted on Facebook and Twitter whom I owe the full story.

Just over two years ago, I blogged about taking a leap of faith and turning down two great jobs because they didn’t involve doing something I was truly passionate about. It was a gamble, but even after two months I could tell it was going to pay off. Sure enough, two years later, I found myself with a wealth of new experience and knowledge which I’d had a ton of fun acquiring, plus a healthy boost to my CV and set of friends and connections within the industry.

Then the stars aligned again, and I found myself with another life-changing dilemma: take an even more awesome job than the one I was in, or quit IT altogether and face an indefinite period of zero income. Pretty obvious what to do, right? I quit.

If that sounds crazy, it’s because it probably was – definitely another leap into the unknown. But I’ll try to explain my decision. Continue reading 'Rediscovering music'»

Comments (0)

By Adam, October 7, 2010 8:18 pm

In my recent work I have encountered Apache Maven, and I think the following snippet of real-world Maven code nicely sums up why Maven is not the idea replacement for the horror that is ant:

  <profiles>
    <profile>
      <id>unix</id>
      <activation>
        <os>
          <family>unix</family>
        </os>
      </activation>
      <build>
        <plugins>
          <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>exec-maven-plugin</artifactId>
            <executions>
              <execution>
                <id>set-run-file-perms</id>
                <phase>generate-resources</phase>
                <goals>
                  <goal>exec</goal>
                </goals>
                <configuration>
                  <executable>chmod</executable>
                  <arguments>
                    <argument>0755</argument>
                    <argument>${project.build.directory}/foo.sh</argument>
                  </arguments>
                </configuration>
              </execution>
            </executions>
          </plugin>
        </plugins>
      </build>
    </profile>
  </profiles>

Dear god. 34 lines and a plug-in, just to change the permissions on a file in a platform-specific way??

I should add that the above was written by an extremely smart guy who is a top-notch programmer; no, I don’t think the author is at fault here. Even if there’s a more concise/portable way of achieving the same result in Maven (and there might well be – I admit I’m still a Maven newbie), there’s still the undeniable fact that XML is horrendously verbose, and any code written in it is by nature unnecessarily difficult to maintain. To this end I applaud the ongoing efforts supporting the use of YAML to implement the Maven POM.

It’s worth seeing what the above would look like if we wrote it in rake:

require 'pathname'

desc "Make binary executable"
task :chmod do
  File.new(Pathname.new(build_dir) + "foo.sh").chmod(0755)
end

I don’t think I need to make a case for which is more legible or maintainable. Oh, and the Ruby version is cross-platform.

To continue an anti-XML rant which has been made countless times already: what the ant and Maven people don’t seem to realise is that XML is not a real programming language and is therefore not expressive enough to deal with many cases that a build system needs. The clue’s in the name, guys! “M” is for “markup” not “Turing-complete“. That’s why every time you need to do something vaguely unusual for which there isn’t an ant taskdef or Maven plugin, you have to write hundreds of lines more Java/XML just to cope with that case. That’s why Maven needs so many damn plugins.

The accidental silver lining to this is that because it takes so much effort to accomplish simple tasks, Maven developers find themselves compelled to reuse and share plugins, and to be fair, Maven has some good ideas on how to do this, even if the implementation isn’t always the best. For example, the built-in plug-in repository management and plug-in dependency management seem to work nicely, but unfortunately for some reason it has a propensity to download plug-ins on most runs, far more frequently than any sensible caching layer should.

DSL issues aside, I’m not convinced by the fixed lifecycle philosophy behind Maven either. I wonder if it was borne out of frustration with the lack of proper dependency checking in ant.

That said, I do like how Maven encourages standardization of the build lifecycle and phase namespace thereof, since newcomers to a project immediately know some familiar entry points. But the same could be said of 99% of projects which use Make and use standard rule target names such as install and clean. And I suspect that many developers suffer when they try to shoe-horn their own project’s build requirements into Maven’s standard lifecycle.

My concern with this phased approach is that it is too linear.  The expectation is that a build process is a one-dimensional sequence of steps, and you get to choose your starting point but not much else.  This seems fundamentally wrong to me.  A build dependency tree is well understood to be a DAG, and any build system which doesn’t model this properly seems to me to be burying its head in the sand.  On the other hand, if it does model it properly, which includes implementing proper dependency resolution, the required build lifecycle should emerge naturally without having to dictate that generate-sources comes before compile which comes before test and so on.

I’ve had some ideas of what the ideal build system looks like, and how to get there from the conventional Java world. More on that soon.

Comments (0)

By Adam, May 20, 2010 10:54 pm

Back in August 2009, I announced the release of a simple script called rypper which I wrote to wrap around zypper and provide the ability to make batch operations on repositories. Here are some example usages:

# list all disabled repos
rypper -d

# list all enabled repos with autorefresh off
rypper -e -R

# list all repos which have anything to do with KDE
rypper -x kde

# list priority and URIs for all repos whose alias contains 'home:'
rypper -a home: l -pu

# enable autorefresh on all OpenSUSE Build Service repos
rypper -u download.opensuse.org -R mr -r

# remove all repos on external USB HDD mounted on /media/disk
rypper -u /media/disk rr

I only got one response so I assumed it wasn’t that useful to other people.

However here I am at BrainShare EMEA in Amsterdam surrounded by like-minded geeks, and in a fit of enthusiasm / procrastination, I have finally got round to learning how to build openSUSE Build Service packages, and so proudly (?) present my first OBS package release: the 1-click install version of rypper. Enjoy!

UPDATE 21 March 2011: based on feedback from SLE Product Management, I have submitted a formal request to have zypper extended to include this kind of functionality.

Comments (0)

By Adam, January 5, 2010 2:28 am

Oh wow, that’s four hours of my life I won’t get back.

Four hours trying to figure out why the hell my changes to .java source files weren’t showing up in the compiled binaries, debugging an unholy mess of ant XML files, before I finally realised how badly ant’s dependency checking sucks … Then 5 minutes of googling for ‘ant sucks’ and I find two excellently written rants which confirm my discovery (you might need to consult google’s cache for the latter).

I shouldn’t have been surprised.  Anything which uses XML as a domain-specific language should have already set the alarm bells ringing, but my excitement at learning something new initially blotted out the dull headache caused by hacking in XML.  Bah!