Tasks for this week

Last week was all about the very basics of administration: getting our first VM online, setting up SSH access, keeping the system up to date, etc. This week, we’ll clone our VM and start building a real-world (virtual) computer network.

Before you start, make sure you have everything from the previous week done. You’ll clone the VM, and any omissions will have to be fixed later anyway, but multiple times.

Also, perform a full system upgrade.

Cloning our first VM

Our first goal is to clone our first VM (gw) to obtain two new VMs, ns1 and ns2. These two new VMs will be—among other things—our name servers.

  • Hint: for now, let’s just start with ns1. You can clone ns2 later.
  • Take a look at the QEMU command you use to run your gw VM. If you wanted to run this commands twice at the same time (and on the same hypervisor), what would you need to change and why?
  • Try to run two instances of gw on the same hypervisor. (For example, you could run the same QEMU command in two Tmux windows.) What happens? Why?
    • Why cannot two VMs use the same drive at the same time? (More precisely, why cannot they each have a drive backed by the same file?)
  • Can we just copy the backing file to make a clone of the VM? Or should we install the two new VMs from scratch?
  • If we choose to clone the VM by copying the drive file, is there anything we should be careful about?
  • Take a look at --reflink and --sparse options of cp. Could they be useful? Could they be harmful? How does Btrfs fit into this? (This is tricky, and we’ll discuss it during the next lecture. But you should be aware of the fact that cp is smart. Or is it?)
  • Hint: before you copy the image, make sure no VM is currently using it (lsof(8)).

Network configuration

We are aiming for the following network configuration. The black parts were done last week, the blue parts are new:

Networking configuration
  • Hint: start with just ns1 connected to sw1 and gw connected to vde-backbone and sw1. You can set up sw2 and ns2 later.
  • Run two new VDE switches, sw1 and sw2
  • Place the VDE socket directories some place convenient, e.g. ~/vde/sw{1,2}
  • Take a look at lecture notes and vde_switch(1)
  • Connect the VMs as described in the diagram.
  • You’ll need to assign several MAC addresses. Use MAC addresses with the 52:54:00:36:H prefix, so that you cannot collide with others. Take care not to collide with yourself :-).
  • Reconfigure systemd-networkd in ns{1,2}. Assign IP addresses according to the diagram.
  • Configure gw according to Router#Connection sharing. Both manual and systemd-networkd approach should work, but the manual approach is much more transparent.
  • Make sure you can ping:
    • From ns1 to gw and vice-versa,
    • From ns1 to ns2,
    • From ns1 and ns2 to 10.0.0.1,
    • From ns1 and ns2 to the public Internet.

Clean-up

  • All the VMs are exactly the same, minus any changes you did in the previous step. For example, all three machines have the same hostname, which is not desirable. Make sure you fix that.
  • Please make sure that each VM uses its own OpenSSH key pair (you cloned those, too). Why is it a bad idea to use the same keys everywhere?

Homework

This homework has got a two-week deadline (strict):

  • Thursday 2022-11-10 9:00 Prague time for the Thursday group
  • Monday 2022-11-14 9:00 Prague time for the Monday group

Please try to get it done during the first week. As usual, if anything is unclear, don’t hesitate to ask.

Finish this week’s tasks

  • Finish all tasks from this week.
  • If you deviated from the requested setup in any way, or if you didn’t get something to work, or if you have any questions (and don’t want to ask directly), please write it to hw/04/00-setup in your repository. If you have nothing to say, please still create an empty file with this name. Push hw/04/00-setup to your repo once you want us to check your homework. Thanks!
  • Please make sure you VM is running (by the deadline at the latest) so that we can grade your homework. Run QEMU and vde_switch in tmux!
  • Bonus points to be awarded where appropriate, especially where it is obvious that you have taken extra care to configure something nicely (please mention this in 04/00-setup, otherwise we might not notice)
  • (100+30 points)

hw/04/01-ssh-fingerprints-ns1 + hw/04/02-ssh-fingerprints-ns2

  • Please provide the fingerprints of keys used by sshd running on ns1 in 04/01-ssh-fingerprint-ns1.
  • Please provide the fingerprints of keys used by sshd running on ns2 in 04/02-ssh-fingerprint-ns2.
  • (10 points)

hw/04/03-feedback

  • If you have any valuable feedback, please do provide it here.
  • Points are only awarded for feedback which is actionable and can be used to improve the quality of the course.
  • Any constructive criticism is appreciated (and won’t be weaponized).

In the end, there were no bonus assignments this week.

(Total = 110+30 points)

Don’t forget to git push all your changes! Also, make sure that VM still works by the deadline—otherwise we have no way of grading your work.