Connect host and VM when using a MACVTAP interface

NB: The following is only of interest if you want to share the host network with your virtual machine. The most common way this gets implemented is by setting up a bridge which includes the physical interface. Using a [MACVTAP] inerface is suposed to be more efficient, since it avoids the additional bridge in the network setup.

In this gist, we extend the information provided in the documenation on linux virtual interfaces.

In the following, we assume you host interface is eth0. IP addresses used:

host: 198.51.100.50/24
virtual machine: 198.51.100.198/24
default gateway: 198.51.100.254

lukasnellen / README.md

Last active February 12, 2022 00:48

Enable singularity v3 container --fakeroot on debian

Singularity version 3 container `--fakeroot`

The --fakeroot option to some of the singularity 3 commands requires two things to work

Properly configured UID and GID mapping in /etc/sub[ug]id. This is done by default on debian stretch (9) and buster (10) and other recent distributions.
The aility to create a process in a user namespace. On debian, this requires setting kernel.unprivileged_userns_clone = 1 in /etc/sysctl.conf.

lukasnellen / 00-centos-cloud-image-fix.md

Last active October 13, 2020 00:15

How to fix Centos 7 cloud images

Centos 7 cloud image fix

The cloud images from https://cloud.centos.org/centos/7/images/ contain a /etc/resolv.conf with a spurious nameserver 10.0.2.3 entry. According to the anaconda log, this was set by DHCP during the building of the image. For most users, this entry doesn't corresponed to an existing nameserver and will slow down ssh connections, since inverse name lookups have to time out on the spurious server.

This can be fixed using virt-sysprep from libguestfs, e.g.:

virt-sysprep -a CentOS-7-x86_64-GenericCloud-1809.qcow2 --delete '/etc/resolv.conf'

You probably also want to disable the GSSAPI authentication in ssh connections, as this is another item that can cause delays opening ssh connections. The full command for that is

lukasnellen / 00-ssh-tmux-iterm.md

Last active September 20, 2024 07:06

Summary of my remote tmux and ssh configuration to benefit from the iterm2-tmux integration, with ssh authentication socket refreshing

Configuration to use remote tmux over ssh in iterm

This is a compilation of information I found in different postings on the net.

All manual invocation

Basic remote tmux session

tmux can be invoked in command mode using tmux -CC. The simplest way to get a remote tmux session into a window of iterm is to invoke it on the remote host

lukasnellen / 00-serial-console.md

Last active September 11, 2024 06:08

kvm serial console for virtual machine

Serial console for KVM based VM and IPMI serial channel

grub and kernel console

Set in /etc/default/grub:

...
###GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 console=tty1"
GRUB_CMDLINE_LINUX=""

lukasnellen / 00-docker-shorewall.md

Last active September 23, 2024 04:19

setup shorewall for docker networking beyond the default bridge network, e.g., for docker-compose

Docker(-compose) with shorewall

The shorewall documentation explains in http://shorewall.org/Docker.html how to configure shorewall for use with docker. The problem with the configuration is that it only allows connections from the host to the main bridge docker0. Connections to other networks on dynamically created bridges, with names starting by default with br-, is blocked. Instead of the recommended contents of /etc/shorewall/interfaces, use wild-card interface names as follows:

#ZONE	INTERFACE	OPTIONS
#dock	docker0		bridge     # disabled default recommendation
dock 	docker0		physical=docker+,routeback=1
dock 	br		physical=br-+,routeback=1

Lukas Nellen lukasnellen