QEMU and HVF

0 - setup

# Summary
A few notes I took to see if I could use MacOS as Hypevirsor in a similar fashion to Linux
I wanted to see how few addons were needed instead of using Parallels, Virtual Box, VM Fsion etc.
The idea is to use QEMU, Hypervisor Framework (https://developer.apple.com/documentation/hypervisor) and some custom host networking.

# Installations
brew install qemu (For controlling Hypervisor Framework)
brew install cdrtools (For making cloud init iso's)
http://tuntaposx.sourceforge.net/download.xhtml (For customer tap based networking)

# Helpful Links (Mostly for the networking stuff)
https://davidhamann.de/2017/04/19/sharing-vpn-on-macos/
https://github.com/ckujau/scripts/blob/master/qemu-tap.sh
https://superuser.com/questions/596095/how-do-i-bridge-a-connection-from-wi-fi-to-tap-on-mac-os-x-for-the-emulator-qe
https://blog.san-ss.com.ar/2016/04/setup-nat-network-for-qemu-macosx
https://linuxconfig.org/how-to-configure-static-ip-address-on-ubuntu-18-04-bionic-beaver-linux
https://www.techrepublic.com/article/how-to-configure-a-static-ip-address-in-ubuntu-server-18-04/
http://osxdaily.com/2015/06/24/load-unload-kernel-extensions-mac-os-x/

1 - qemu commands

#Static Builds
## Creata disk
qemu-img create -f qcow2 server1.img 10G

## Install the OS onto the disk
qemu-system-x86_64 -M accel=hvf --cpu host -hda server1.img -cdrom ubuntu-18.04.2-live-server-amd64.iso -boot d -m 2048      

## Boot the server
qemu-system-x86_64 -M accel=hvf --cpu host server1.img -m 2048

## Boot the server with some custom networking
## This requires some additional configuration on the host to make work.
sudo qemu-system-x86_64 -M accel=hvf --cpu host server1.img -m 2048 -netdev tap,id=tap0,script=no,downscript=no -device e1000,netdev=tap0
## This requires some scripts at /etc/qemu-ifup and /etc/qemu-ifdown
sudo qemu-system-x86_64 -M accel=hvf --cpu host server1.img -m 2048 -net nic,model=virtio -net tap,br=/dev/bridge1,id=tap0

# Cloud Based Images

## Create the meta-data and user-data files (samples are the other files in this gist)

## Create the init iso
mkisofs -output init.iso -volid cidata -joliet -rock {user-data,meta-data}

## Boot the cloud image
qemu-system-x86_64 -M accel=hvf --cpu host -hda ubuntu-18.04-server-cloudimg-amd64.img --cdrom init.iso -boot d -m 2048

## Working on making this work with custom networking this was a pain to do without having ssh access to login to the server and test stuff out.

## Once the network is all settled I can work on headless most and some automation to bring up and down the VM's via Ansible.

2 - meta-data

# sample cloud init meta-data file, everything below this line.
instance-id: k8sm1
local-hostname: k8sm1

3 - user-data

# sample cloud init user-data file, everything below this line.
#cloud-config
#obviously for demo purposes only, would want to inject ssh keys here.
#sets the ubuntu user password, root user password and allows password ssh vs key based ssh.
hostname: k8sm1
fqdn: k8sm1
ssh_pwauth: True
password: password
chpasswd:
  list: |
    root:password
  expire: False

how-to-clone-a-new-tr3.org

How to clone a new tr3

Backup tr3

TODAY=`date +%Y-%m-%d`
tar cvfz /tmp/all-in-one.tar.gz myfirewall database_backup.sh iptables-DROP-jp.zone .ssh/ /etc/php.ini /etc/php-fpm.d/www.conf /etc/nginx/default.d/php.conf /tmp/onlinetv4-2022-11-03.sql-${TODAY}.sql /tmp/onlinetv4-routines-${TODAY}.sql /usr/share/nginx/html/ /etc/nginx/nginx.conf
scp /tmp/all-in-one.tar.gz tr3m:/tmp/

yum list installed > /tmp/yum-installed-tr3.txt
scp /tmp/yum-installed-tr3.txt tr3m:/tmp/

Setup tr3m

selinux

setenforce 0
getenforce
vim /etc/selinux/config  #disabled

ssh 22000

sshd port

• vi /etc/ssh/sshd_config

22->22000

firewall

iptables

#!/bin/bash
# ctalk2
# iptables 样例设置脚本
#
# 清除 iptables 内一切现存的规则
#
iptables -F
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

#
# 容让 SSH 连接到 tcp 端口 22
# 当通过 SSH 远程连接到服务器，你必须这样做才能群免被封锁于系统外
#
 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 iptables -A INPUT -p tcp --dport 22000 -j ACCEPT

 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
 iptables -A INPUT -p tcp --dport 8081 -j ACCEPT
 iptables -A INPUT -p tcp --dport 8443 -j ACCEPT

#
# 设置 INPUT、FORWARD、及 OUTPUT 链的缺省政策
#
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
#
# 设置 localhost 的访问权
#
 iptables -A INPUT -i lo -j ACCEPT
#
# 接纳属于现存及相关连接的封包
#
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# 存储设置
#
 /sbin/service iptables save
#
# 列出规则
#
 iptables -L -v

sh ~/myfirewall

client via ssh

Host tr3m # tr3 Mirror  222.186.10.219
     HostName 103.56.61.67
     User root
     Port 22000

packages

install

yum install epel-release
yum install git iptables-services memcached mlocate mariadb-server nginx ntp rsync wget
yum install php php-cli php-common php-fpm php-mbstring php-mysql php-pdo php-pear php-pecl-igbinary php-pecl-memcache php-pecl-memcached php-process php-xml php-gd

mariadb

/etc/my.cnf.d/server.cnf

[mariadb]
character-set-server = utf8mb4

/etc/my.cnf.d/client.cnf

[client-mariadb]
default-character-set = utf8mb4

sudo systemctl enable mariadb
sudo systemctl restart mariadb

mysql_secure_installation
# root / Ilovetv0127)!@&

create database and user

create database onlinetv4 CHARACTER SET = utf8mb4;
create user 'skytv'@'%' identified by 'Ilovetv0127)!@&';
GRANT ALL  ON onlinetv4.* TO 'skytv'@'%';
FLUSH PRIVILEGES;

restore

mysql -u skytv -p onlinetv4 < tmp/onlinetv4-2022-11-03.sql
mysql -u skytv -p onlinetv4 < tmp/onlinetv4-routines-2022-11-03.sql

php-fpm

log4php

pear channel-discover pear.apache.org/log4php
pear install log4php/Apache_log4php
## or ##
rsync --delete -avz --exclude '.svn' --exclude 'target' -e ssh /usr/share/pear/log4php tr3m:/usr/share/pear/

config

/etc/php.ini

cgi.fix_pathinfo=0

/etc/php-fpm.d/www.conf

listen = /var/run/php-fpm/php-fpm.sock
listen.owner = nginx
listen.group = nginx
user = nginx
group = nginx

systemctl enable php-fpm
systemctl restart php-fpm

chown -R nginx:nginx /var/lib/php/session

nginx

/etc/nginx/default.d/php.conf

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SCRIPT_NAME $fastcgi_script_name;

    include fastcgi_params;
}

/etc/nginx/nginx.conf

source

cd /tmp/
mv usr/share/nginx/html/config /usr/share/nginx/html/
mv usr/share/nginx/html/onlinesite_skytv365 /usr/share/nginx/html/
mv usr/share/nginx/html/sysadmin /usr/share/nginx/html/

systemctl enable nginx
systemctl restart nginx

memcached

systemctl enable memcached
systemctl restart memcached

ntpd

systemctl enable ntpd
systemctl restart ntpd

crond

systemctl enable crond
systemctl restart crond
15 5 * * * /root/database_backup.sh

check / test

• curl http://localhost:8080/sysadmin/test.php
• curl http://103.56.61.67:8080/sysadmin/test.php

how to tracing

includes/share.php

error_reporting(0); //E_ALL
ini_set('display_errors', '0'); //On

tr3-mirror.org

Tr3 Mirror

Backup tr3

TODAY=`date +%Y-%m-%d`
tar cvfz /tmp/all-in-one.tar.gz myfirewall database_backup.sh  iptables-DROP-jp.zone .ssh/ /etc/php.ini  /etc/php-fpm.d/www.conf /etc/nginx/default.d/php.conf  /tmp/onlinetv4-2022-11-03.sql-${TODAY}.sql  /tmp/onlinetv4-routines-${TODAY}.sql /usr/share/nginx/html/  /etc/nginx/nginx.conf
scp /tmp/all-in-one.tar.gz tr3m:/tmp/

yum list installed > /tmp/yum-installed-tr3.txt
scp /tmp/yum-installed-tr3.txt tr3m:/tmp/

Setup tr3m

selinux

setenforce 0
getenforce
 vim /etc/selinux/config  #disabled

ssh 22000

sshd port

vi /etc/ssh/sshd_config 22->22000

firewall

iptables

sh myfirewall

client via ssh

Host tr3m # tr3 Mirror  222.186.10.219
     HostName 103.56.61.67
     User root
     Port 22000

packages

compare

vimdiff

lists

yum install epel-release yum install git iptables-services memcached mlocate mariadb-server nginx ntp rsync wget yum install php php-cli php-common php-fpm php-mbstring php-mysql php-pdo php-pear php-pecl-igbinary php-pecl-memcache php-pecl-memcached php-process php-xml php-gd -y

mariadb

/etc/my.cnf.d/server.cnf

[mariadb]
character-set-server = utf8mb4

/etc/my.cnf.d/client.cnf

[client-mariadb]
default-character-set = utf8mb4

sudo systemctl enable mariadb
sudo systemctl restart mariadb

mysql_secure_installation
# root / Ilovetv0127)!@&

create database

create database onlinetv4 CHARACTER SET = utf8mb4;
create user 'skytv'@'%' identified by 'Ilovetv0127)!@&';
GRANT ALL  ON onlinetv4.* TO 'skytv'@'%';
FLUSH PRIVILEGES;

restore

mysql -u skytv -p onlinetv4 < tmp/onlinetv4-2022-11-03.sql
mysql -u skytv -p onlinetv4 < tmp/onlinetv4-routines-2022-11-03.sql

php-fpm

pear channel-discover pear.apache.org/log4php pear install log4php/Apache_log4php rsync –delete -avz –exclude ‘.svn’ –exclude ‘target’ -e ssh usr/share/pear/log4php tr3m:/usr/share/pear

/etc/php.ini cgi.fix_pathinfo=0

/etc/php-fpm.d/www.conf listen = /var/run/php-fpm/php-fpm.sock listen.owner = nginx listen.group = nginx user = nginx group = nginx

systemctl enable php-fpm
systemctl restart php-fpm


chown -R nginx:nginx /var/lib/php/session

nginx

/etc/nginx/default.d/php.conf location ~ .php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name;

include fastcgi_params; } vim /etc/nginx/nginx.conf

mv usr/share/nginx/html/config usr/share/nginx/html mv usr/share/nginx/html/onlinesite_skytv365 usr/share/nginx/html mv usr/share/nginx/html/sysadmin usr/share/nginx/html

systemctl enable nginx systemctl restart nginx

systemctl enable memcached systemctl restart memcached

ntpd

systemctl enable ntpd systemctl restart ntpd

cron

systemctl enable crond systemctl restart crond 15 5 * * * /root/database_backup.sh

check / test

curl http://localhost:8080/sysadmin/test.php curl http://103.56.61.67:8080/sysadmin/test.php

tracing

share.php

error_reporting(0); //E_ALL
ini_set('display_errors', '0'); //On