ADIOS Project

Why would you want to use ADIOS UML virtual machines

If you cannot afford four (4) or more real machines with an appropriate network then you may decide that a virtual network is your best choice.  In addition real machines require real operators to coordinate and communicate their efforts in creating network configurations whereas one operator can reduce the risk of trivial errors.  The ADIOS Boot CD already has the UML virtual machine software built and customised for you to start a network of virtual hosts.  However if you have already installed Fedora Core or RedHat on your machine then you can use this software to run some virtual hosts.  It may also run on other flavors of Linux.  The advantages of using User Mode Linux (UML) are described at the home site http://user-mode-linux.sourceforge.net.   The configuration available from the ADIOS site automates the process of setting up a set of virtual hosts that can be used to emulate firewall configurations. 

Adding UML to an existing Fedora Core system

To setup the ADIOS UML at home first acquire a copy of the boot CD ADIOS ISO.  Boot the ADIOS CD and run the copyuml command.  This will copy the initial ramdisc initrd.gz filesystem, binary files in /opt/uml/bin and configuration file in /opt/uml/etc to your system.  lf you want to build a UML filesystem use the make_uml_root_fs command and then make_uml_files.

Follow the instructions to install the UML software.  The INSTALL software will add a desktop icon to KDE.  You can login as user "adios" or "root" with password "12qwaszx".  

If you have Internet access via eth0 on your system then you may find it useful to add the following rules to /etc/sysconfig/iptables to your parent system and then restart iptables with "service iptables restart".

*nat
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT

The UML users can access the parent system via directory /mnt/host which has already been mounted for you with the following commands. 

mount -t hostfs none /mnt/host
export PATH=$PATH:/mnt/host/bin:/mnt/host/usr/bin:/mnt/host/usr/X11R6/bin:/mnt/host/sbin:/mnt/host/usr/sbin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/mnt/host/lib:/mnt/host/usr/lib:/mnt/host/usr/X11R6/lib

Also examine the configuration file /etc/uml/rc.local, which sets up the network between UML virtual machines.

Summary user guide to ADIOS UML virtual machines

There are currently four ways in which UML virtual machines can be started using the X windows interface on the ADIOS boot CD image. 

• LIDS off - almost normal Linux
• LIDS on - see ADIOS with LIDS notes
• SELinux disabled - default
• SELinux enforcing - see ADIOS with SELinux notes
• SELinux permissive - allows you to configure SELinux

You can also start UML virtual machines using a command line interface.  After starting the UML virtual machine, login user adios or user root using the password 12qwaszx.  Remember to use the "halt" command to shutdown each of your UML virtual machines.  If you have closed windows containing UML virtual machines you may leave unwanted files and or processes running, resulting in the UML virtual machines not starting when next you try to start them.  The command uml --resetall will kill all processes and delete UML root fileystems and swap files.

The configuration file /etc/uml/uml.conf allows you change the amount of RAM and disk space that will be used by each UML virtual machine.  You can also change the maximum number of UML virtual machines, maximum number of virtual ethernet switches and virtual ethernet hubs.

When each UML virtual machine starts it is connected back to the parent system via network 192.168.0.0/16.  The configuration file /etc/uml/rc.local sets up each of the UML virtual machines to be connected to the previous and next virtual machines on their own subnetwork via network 10.0.0.0/8. 

Example Networks using UML virtual machines

The following is an example of using UML virtual machines to setup static routing.  Dynamic routing can then be configured using the quagga/zebra software.   See the quagga/zebra documentation /cgi-bin/doc.cgi?quagga/quagga.html.

Note the UML2 and UML3 machines can still be managed via the ethertap interface not shown in the above diagram.  This allows you to run software such as tcpdump on each virtual machine so that you can see what traffic is traversing the UML gateway.

An example firewall configuration using UML virtual machines follows.

The De-Militarised-Zone (DMZ) could be subdivided into two networks by using an extra switch and making the Bastion Host multi-homed.  Management of each of the firewall components can be displayed on the host console. Each virtual machine can also be connected to an ethernet HUB on eth5.

User instructions for configuring the ADIOS UML virtual machines

If you have limited memory you can run ADIOS UML at the command prompt.  On the ADIOS boot CD the /etc/uml/uml.conf file has been modified to only run a maximum of four virtual consoles for run level 3.  The uml script then uses the next four <ALT> Function Keys.

The ADIOS UML configuration file /etc/uml/uml.conf allows you to use real disk files for the root filesystem and swap space.  If you have limited RAM you could use 24 MBytes of RAM per virtual machine and create real SWAP files on a disk partition.  Also if you have limited RAM don't run startx within the UML virtual machine, instead use uml-xterm command to start additional xterms for your UML virtual machine. 

Each UML virtual machine reads configuration file rc.local if it exists from directory /etc/uml on the parent system.  Each virtual machine will also look for its own resource configuration file namely rc.uml1 through to rc.uml4 from /etc/uml.

If you create a filesystem for your UML virtual machine then the uml_unlink command removes symbolic links back to the parent and copies the files from the parent to the uml child.  You need to run make-uml_unlink command first.

Written by Neville Richter, n.richter@cqu.edu.au Copyright GNU Public Licence 2003-2006.