VM infrastructure setup help needed.

Hello, everyone.
as subj. says I need a bit help with setting up my home lab.

here what I have:
I have a AMD FX8320 8 core with 16GB ram server setup with 1TB system drive as /sda
3 NICs

Partitions are
/sda
– /sda1 => /boot - 1GB
– /sda2 => swap - 100GB
– /sda3 => / - 200GB as btrfs
– /sda4 => /home 600GB as btrfs

running OpenSuse 13.1 LXDE setup + Xen.
all updated current. (had installed all just yesterday and run all updates “zypper up” and /Yast/Updates)

I have a second 1TB drive that I initially wanted to use for /home partition but gave up on that at the moment so it is seating there free and clear.

I have 1 x2TB drive(LABEL: DATASTORE1) with BTRFS partition and 4 subvolumes(@fileDump/@torrentActive/@UserFiles/@someOtherStuff) with data on it.

I have 2x3TB drives (LABEL: MEDIA1) configured as a BTRFS Raid1 also with data on it.

the data drives where setup and configured and filled with data several month before and survived 3 system re-installs so far.
I just pop them out during initial setup (thanks god for hot swap bays) and pop them back in after setup.

what I want is in order of importance and as I plan to progress :
#1 . setup a File Server in VM to share all this data with any machine on network
#2. setup a VM for downloading and processing things via deluge/tranmision/ subNZB / sick beard /coach potato

#3. setup am owncloud VM to share this data on network and internet

my initial plan was to:
setup the HOST (done)
configure the data drives and share them via NFS/SAMBA to be accessible anywhere on the network
this solves the internal network sharing.
setup VM with owncloud and attach the existing shares as drives to it for sharing over the internet.
setup VM with all downloading stuff and attache the appropriate shares to it as drives.

my issue(s) and questions are as folows:

what and how many users I might need to use for all this data sharing. as in
do I create a special user for attach to host shares from VM
do I create a single user and use it in all VMs
how do I setup the shares? NFS or SAMBA
do I use NFS on Host(the server itself) to do all the internal sharing and use VM file server with SAMBA to allow sharing to windows PC.

how do I attach the Host shares to VM(s) for that matter?

I am some what new to the Linux in general but I can follow directions.
I have played with OpenSuse 13.1 setup for a while now and Xen setup as well so I can create VM in there and with the new hardware I even should be able to pass-through some stuff if needs be.

also I plan to setup Sophos UTM for internet sharing but not sure when it will come to life yet so internet stuff can wait.

PS>> I have managed to setup an x11vnc server on this server to desktop sharing so I can do all remotely from my main PC.
also all PC in the house are currently mix Linux distros like OpenSuse KDE and Linux Mint and Xubuntu or Mint HTPC with XBMC , but a windows PC can and will be added as I ahve several guests and in-laws coming now and than with their laptops so it needs to be accounted for as well.

the main goal for all this to have a descent file server and also a Media server for HTPC front end.
all data shares will be accessed for simple data stores and Media streaming.

thanks.

  • Do you have a special reason to want to run Xen? I suspect not since you’re asking fairly basic questions regarding setup. If you search these forums, you’ll find that Xen has a number of issues. KVM is probably the other major option which generally has had fewer issues. If your existing data are VMs using Xen, then that is a good reason to continue to use Xen.

  • For a true “server” I would generally not configure a separate “home” partition. Practically everything will be installed and stored elsewhere, so this partition will be a big, empty and unused partition. Recommend re-installing and <unchecking> the box that proposes a layout with a separate home partition unless you intend to do a lot of Desktop apps as well.

Your questions:

  1. Setup your File Server using Bridged Networking. In general, you need to configure any Server with an unchanging IP address, but that does not necessarily mean a Static IP address. If you are running DHCP on your physical network, I recommend Reserved Leases instead of Static IP address configurations so that all your network configurations are centralized (Is more important as you have more machines, but is already useful for a 3 machine network). When you install your File Server as a Guest, just follow normal procedures for a physical machine.

  2. If you setup a VM for peer-peer, I recommend you implement the modifications I wrote about here to improve performance
    https://sites.google.com/site/4techsecrets/optimize-and-fix-your-network-connection
    In any case, the modifications should be implemented for <any> openSUSE Server(including your Host) that is used in the following way:

  • Large number of simultaneous connections
  • Large file transfers (>3mb or so)
  • Any physical network connection which isn’t 10/100 (which is practically all of today’s networks)
  • more (I describe fully in the above link)
  1. Owncloud in a VM is no different than Owncloud on a physical machine. Of course, if it’s to be used on the Internet the VM will need to be addressable on the Internet.

Your questions about Users are addressed by your choice of Security. Typically, you do not want to grant Users system access to your machine (virtual or physical). The proper choice will depend on your requirements, especially the type of client access. There are a number of ways to configure… eg

  • Network Users (eg LDAP), network users do not have the same permissions exactly as local User accounts.
  • Application Gateway (eg webserver application). The webserver app maintains its own database of Users and upon successful logon allows access to resources in a variety of forms (shares, folders, pages, database objects, etc)
  • Network Apps - There are a variety of choices beyond your NFS. There are also HTTP(s), FTP(S), SAMBA, more. You can even implement a private torrent network by running your own tracker and creating custom torrent files.
  • Distributed file systems - For some scenarios, you can create a file system that automatically replicates and clones data across many nodes, even across the Internet.

As for Home Media, there are several options. Currently I’m looking at Plex due to its incredibly simple setup and operation but there are a number of other more commonly used choices (Recommend searching the Multimedia Forum).

Many of the options I listed will require more advanced skills but a number do not, your choices will probably depend on who you intend to grant access to your system, how much effort you are willing to learn more than you currently know and how much time you are willing to setup (and maintain).

IMO,
TSU

[quote="“tsu2,post:2,topic:100988”]

  • Do you have a special reason to want to run Xen? I suspect not since you’re asking fairly basic questions regarding setup. If you search these forums, you’ll find that Xen has a number of issues. KVM is probably the other major option which generally has had fewer issues. If your existing data are VMs using Xen, then that is a good reason to continue to use Xen.
    \quote]

not really, no . I have used Xen before and find a lot off support for it. also there might be a need for a PCI- pass-through
in the future , and I think Xen have better support for it.

[QUOTE=tsu2,post:2,topic:100988"]

  • For a true “server” I would generally not configure a separate “home” partition. Practically everything will be installed and stored elsewhere, so this partition will be a big, empty and unused partition. Recommend re-installing and <unchecking> the box that proposes a layout with a separate home partition unless you intend to do a lot of Desktop apps as well.
    \quote]

not even sure why I did that my self. I am actually thinking of moving the whole thing to a smaller drive as soon as I figure out how to move the VM storage default to an outside drive. this setup does not really need a 1TB system Drive as it will only be used as a vm server host. all other data is on the data drives.

[QUOTE=tsu2;2648486]
Your questions:

  1. Setup your File Server using Bridged Networking. In general, you need to configure any Server with an unchanging IP address, but that does not necessarily mean a Static IP address. If you are running DHCP on your physical network, I recommend Reserved Leases instead of Static IP address configurations so that all your network configurations are centralized (Is more important as you have more machines, but is already useful for a 3 machine network). When you install your File Server as a Guest, just follow normal procedures for a physical machine.
    \quote]
    I am running DHCP. this is a home network so I have a FiOs router that runs DHCP. my goal is to move all this functions into SophosUTM VM for better manageability but not sure when it would happen.
    I do not have problems setting up the VMs so much as not enough knowledge for how to share the data drives from the HOST system to any and all clients be it a VM or a real PC. I am switching from being windows user to Linux users and the knowledge is simply not there yet.

[QUOTE=tsu2;2648486]
2. If you setup a VM for peer-peer, I recommend you implement the modifications I wrote about here to improve performance

In any case, the modifications should be implemented for <any> openSUSE Server(including your Host) that is used in the following way:

  • Large number of simultaneous connections
  • Large file transfers (>3mb or so)
  • Any physical network connection which isn’t 10/100 (which is practically all of today’s networks)
  • more (I describe fully in the above link)
    \quote]
    this is not an issue so far.

this is where I need more help really, I am currently set all with a single user + root.
I have moved my main PC to LinuxMint and moving my HTPC to eithier Xubuntu/MythBuntu or Mint + XBMC not really sure yet

the server runs OpenSuse 13.1 LXDE which will host
Ubuntu server with all the downloading apps like (subNzb etc.)
not sure if it wise but I will again either install the plex server and mythTvbackend onto the same Ubuntu server above
or create another VM for it, I am leaning more to use the same server. I also look into the FLOWLES setup but think it is overkill as it has the full GUI where all of the above apps are webGUI controlled and could be installed and managed on minimal server install.

right now I do everything on the main server with my user login dropping to root as needed.
but for NFS and Samba should I create and use specific user /group and use that user on my VMs?
like if I am sharing “filedump” and userfiles folder on the network with NFS do I need to create a NFSUser user and add it to all machines that want to access this shares?
same with my multimedia stuff, do I create a multimedia user and use it on all VMs and PC accessing the shares.

I mean with windows network you can create domain controller and manage all users from there, how do I do that in Linux?

thanks

[quote="“vl1969,post:3,topic:100988”]

not really, no . I have used Xen before and find a lot off support for it. also there might be a need for a PCI- pass-through
in the future , and I think Xen have better support for it.

not even sure why I did that my self. I am actually thinking of moving the whole thing to a smaller drive as soon as I figure out how to move the VM storage default to an outside drive. this setup does not really need a 1TB system Drive as it will only be used as a vm server host. all other data is on the data drives.

I am running DHCP. this is a home network so I have a FiOs router that runs DHCP. my goal is to move all this functions into SophosUTM VM for better manageability but not sure when it would happen.
I do not have problems setting up the VMs so much as not enough knowledge for how to share the data drives from the HOST system to any and all clients be it a VM or a real PC. I am switching from being windows user to Linux users and the knowledge is simply not there yet.

this is not an issue so far.

this is where I need more help really, I am currently set all with a single user + root.
I have moved my main PC to LinuxMint and moving my HTPC to eithier Xubuntu/MythBuntu or Mint + XBMC not really sure yet

the server runs OpenSuse 13.1 LXDE which will host
Ubuntu server with all the downloading apps like (subNzb etc.)
not sure if it wise but I will again either install the plex server and mythTvbackend onto the same Ubuntu server above
or create another VM for it, I am leaning more to use the same server. I also look into the FLOWLES setup but think it is overkill as it has the full GUI where all of the above apps are webGUI controlled and could be installed and managed on minimal server install.

right now I do everything on the main server with my user login dropping to root as needed.
but for NFS and Samba should I create and use specific user /group and use that user on my VMs?
like if I am sharing “filedump” and userfiles folder on the network with NFS do I need to create a NFSUser user and add it to all machines that want to access this shares?
same with my multimedia stuff, do I create a multimedia user and use it on all VMs and PC accessing the shares.

I mean with windows network you can create domain controller and manage all users from there, how do I do that in Linux?

thanks[/QUOTE]

So, one issue is what Verizon permits on your Internet connection, and whether you own enough public IP addresses to support your many machines (physical and virtual). If you don’t, then you will need to either consolidate machines (run multiple services on same machines) or map out a NAT or PAT strategy. Of course, any NAT or PAT will need to support forwarding while using some method like Headers to enable inbound connections. And, this would be in addition to the usual Public DNS configurations. You may want to consolidate anyway, each additional Guest requires some additional overhead compared to deploying the app on an existing machine (unless you implemented something like LXC where the overhead is nearly insignificant).

You still don’t describe who your Users will be, if they are private and trusted or public and possibly even anonymous. That figures heavily into what type of User security you want to implement which in turn suggests which tools and methods for file “sharing” you might choose. Examples of considerations are…

  • It’s not as easy to configure NFS clients on Windows machines
  • SAMBA and NFS can be implemented over an insecure network like the Internet, but with extra work and caveats… So they are generally seen mostly in <internal> networks behind firewalls and NAT. You should be familiar with common Internet methods and protocols like HTTP(s) and FTP(s), both can even be configured to be accessed by a web browser using the Network Share metaphor (even drag n drop).

Again, depending on who your Users are, a fundamental concept of “better security” is that <no one> should share the same credentials, else your logs cannot identify specifically who was responsible for what. If you hand out the same username/password to a dozen people and someone using the account hacks your systems, who do you chase? Might it even be someone you don’t know besides the dozen you know should have the password? If only one user = one account, then it’s either that person or that person mis-managed use of his account (or you allowed the system to be hacked through bad maintenance).

If you dive into security a bit further you might find that some security systems use impersonation and proxies to manage common and easy access to resources so at some lower level it might not be possible to identify specific users, but no good security system will permit this at a higher level, a User must always be accountable for his actions.

That said, if you have something which you really don’t care about the identify of the person accessing, it’s common to configure an “Anonymous” or otherwise shared public account but for those situations that account typically has Read Only access so cannot upload or modify any files… only read and download.

If you’re asking about Windows AD, then you can implement SAMBA 4 which also implements the same structure but is “only” about 99% compatible (last I read, there was a DC replication bug but if you deploy a single DC that would be insignificant). Note that this type of Network Security is generally good only for a relatively small or limited group of Users (by “small” it might still mean a few hundred Users but it still has a definite limit). But, because of the Kerberos security implemented and required User setup and Registration, it’s not practical across the Internet and is mainly used only on private networks. Unless you literally want to deploy a corporate network, you’d do better deploying something like a simple Web Application Gateway which can provide similar benefits like

  • support for multiple applications
  • support for resources located across multiple machines
  • manage users and resources by groups
  • you don’t intend to manage the client machines in depth (like patching, policies, etc)

TSU

got it.

well my users are me, my wife and several other family members.
the only way I will expose anything on the internet is via Verizon router and/or my SophosUTM VM firewall/router setup.
for now, no outside connections are permited unless I figure out a VPN tunnel for myself only, mostly for FTP stuff in as I do need to move some data in/out form outside (I am at friends and need to get some setup ISO to help with PC refresh or put some pics on my storage.)

ideally I will setup ownCloud VM and add ports to UTM/Router to point to it as needed.

I do not have any static public IPs. I am in US and most/all providers give you DHCP services unless you pay extra for Static IP. I will be using something like no-ip service to reach the network, hence me wanting to move to UTM VM as it capable to update the no-ip service when my public ip changes, not sure yet if Verizon router supports that.

this is not business, I just setting up some things for internal use and also want to get access to some things from outside.
so like owncloud will let me have something like dropbox but my own. so if I am at a friend and want to share some files or him to share some files for me all I need is to log in and I am there. better than FTP some times.
or if I want to watch a movie from my lib I can log in and get it. so traffic is not an issue. security is, but if I limit my exposure to one or two VMs with limited rites as it is I do not see it as a big issue. but adding /removing a user easily is always a plus :slight_smile: