----------------------- Lab #06 for NET2003 due February 26, 2007 ----------------------- -Ian! D. Allen - idallen@idallen.ca Remember - knowing how to find out an answer is more important than memorizing the answer. Learn to fish! RTFM! (Read The Fine Manual) Global weight: 3% of your total mark this term. Due date: before 10h00 Monday February 26 The deliverables for this lab exercise are to be submitted online on the Course Linux Server using the "netsubmit" method described in the lab exercise description, below. No paper; no email; no FTP. Late-submission date: I will accept without penalty lab exercises that are submitted late but before 12h00 (noon) on Wednesday, February 28. After that late-submission date, the lab exercise is worth zero marks. Lab exercises submitted by the *due date* will be marked online and your marks will be sent to you by email after the late-submission date. Lab Synopsis ------------ (The initials "ALN" refer to your required course textbook - Advanced Linux Networking.) You will set up a VMware Virtual Network Sandbox environment. You will configure the NTP service. You will start three virtual servers and dump TCP traffic. Note that VNS runs entirely in memory, since it's Knoppix-based. If you shut down the VNS machine, all configuration you have done for that machine will be lost. Use the "suspend" features of VMplayer to suspend your work instead of shutting down. Part I - Set up VNS ------------------- 1) Go to the VMware site, register, download, and install the free VMware Player for your Windows or Linux disk-based system: http://www.vmware.com/products/free_virtualization.html http://www.vmware.com/download/player/ 2) Fetch the Virtual Network Sandbox virtual machine from the Course Linux Server: http://10.50.254.148/distributions/VMware/VNS-NET2003-07W.zip 3) Unzip VNS, run the VMplayer, and select: VNS-NET2003-07W.vmx 4) Push return at the VNS "boot:" prompt. You should see a Tux penguin and some Knoppix autoconfig boot messages on a black console screen. 5) When it asks for the "Xvesa Configuration" select a video mode that fits inside your real screen resolution. 6) Select the USB mouse or 3-button mouse. (Both work for me; if one doesn't work for you, restart VMplayer and select the other one.) 7) When the desktop boots, you will see a task bar at the bottom of a dark grey desktop. Right-click on the desktop and select Fluxbox | Configuration | Focus Model menu, set to sloppy focus. (Unless you prefer click-to type windows.) 8) Right-click on the desktop and select Fluxbox | Configuration menu, turn off workspace warping. (Unless you like moving windows to the edge of the screen and having them warp into other desktops.) 9) Right-click on the desktop and select Bash (or Shells | Bash). From the prompt '#' you know this is a super-user (root) shell. 10) Verify that your network is up and running using one of: $ ping 10.50.254.148 # if at Algonquin College or via VPN $ ping google.ca. # ping does not work at Algonquin College 11) Run "startsshd" to permit incoming ssh connections. (This is optional, but is useful if you want to connect to your VNS from another machine.) 12) Give the root account a password using "passwd", so that you can copy files into your system directly as root. (This is a security risk and is not recommended for production network servers; but, it's convenient for an academic system.) Note that VNS runs entirely in memory, since it's Knoppix-based. If you shut down the machine, all configuration you have done for that machine will be lost. Use the "suspend" features of VMplayer to suspend your work instead of shutting down. Part II - Set up a virtual disk ------------------------------- This new virtual disk will let you save information across reboots. You only have to set up this disk once. Once it has been set up, you can simply mount it and use it in future virtual machines. If you re-partition the disk or re-make the file system, any data saved on the disk will be erased - don't do that. WARNING: Your virtual machine may hang if it tries to boot from this virtual hard disk instead of from the virtual CDROM. To learn how to get your virtual machine to boot from the virtual CDROM, see Notes file virtual_network_sandbox.txt 13) Run "fdisk -l" and note the spare virtual disk available: # fdisk -l Disk /dev/hdb doesn't contain a valid partition table Disk /dev/hdb: 536 MB, 536870912 bytes 16 heads, 63 sectors/track, 1040 cylinders Units = cylinders of 1008 * 512 = 516096 bytes 14) Create a new primary partition that is the full disk: (Input lines on which you type are flagged with "*" in the left margin.) * # fdisk /dev/hdb Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel Building a new DOS disklabel. Changes will remain in memory only, until you decide to write them. After that, of course, the previous content won't be recoverable. The number of cylinders for this disk is set to 1040. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) software that runs at boot time (e.g., old versions of LILO) 2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite) * Command (m for help): n Command action e extended p primary partition (1-4) * p * Partition number (1-4): 1 * First cylinder (1-1040, default 1): Using default value 1 * Last cylinder or +size or +sizeM or +sizeK (1-1040, default 1040): Using default value 1040 * Command (m for help): p Disk /dev/hdb: 536 MB, 536870912 bytes 16 heads, 63 sectors/track, 1040 cylinders Units = cylinders of 1008 * 512 = 516096 bytes Device Boot Start End Blocks Id System /dev/hdb1 1 1040 524128+ 83 Linux * Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks. * # fdisk -l Disk /dev/hdb: 536 MB, 536870912 bytes 16 heads, 63 sectors/track, 1040 cylinders Units = cylinders of 1008 * 512 = 516096 bytes Device Boot Start End Blocks Id System /dev/hdb1 1 1040 524128+ 83 Linux 15) Create an ext3 (journalling) file system on /dev/hdb1: # mkfs -t ext3 /dev/hdb1 mke2fs 1.37 (21-Mar-2005) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 131072 inodes, 524128 blocks 26206 blocks (5.00%) reserved for the super user First data block=1 64 block groups 8192 blocks per group, 8192 fragments per group 2048 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409 Writing inode tables: done4 Creating journal (8192 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 34 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. 16) Create a mount point for the new file system: # mkdir -p /mnt/hdb1 17) Mount the new file system on the mount point: # mount /dev/hdb1 /mnt/hdb1 # df /mnt/hdb1 Filesystem 1K-blocks Used Available Use% Mounted on /UNIONFS/dev/hdb1 507588 8239 473143 2% /mnt/hdb1 # ls -l /mnt/hdb1 total 12 drwx------ 2 root root 12288 Feb 15 03:16 lost+found 18) Verify the mount and file system type: # mount | grep hdb1 /UNIONFS/dev/hdb1 on /mnt/hdb1 type ext3 (rw) Note that VNS runs entirely in memory, since it's Knoppix-based. If you shut down the machine, all VNS configuration you have done will be lost. Only the information saved to the virtual disk will be saved. Use the "suspend" features of VMplayer to suspend your work instead of logging out or shutting down the VNS system. Only things saved to the virtual disk will survive a shutdown/reboot. You will need to re-mount the disk after any restart/reboot (but not after a suspend/resume). WARNING: Your virtual machine may hang if it tries to boot from this virtual hard disk instead of from the virtual CDROM. To learn how to get your virtual machine to boot from the virtual CDROM, see Notes file virtual_network_sandbox.txt Part III - Set up a system time server -------------------------------------- NTP: "Network Time Protocol" - Reference ALN Chapter 10 Your system may not come up with time synchronized correctly, especially if you suspend/resume the virtual machine. Time synchronization may be done in many ways under Linux. We choose to use a system daemon that uses the standard Internet NTP "Network Time Protocol". 19) Update the Debian package list and install the NTP Internet Time daemon: # apt-get update ...many lines here... # apt-get install ntp ntp-server ntpdate ...many lines here... The package is installed; but, the server is not started automatically. We will configure it and then start it, below. *** Answer some Questions into /mnt/hdb1/lab06answers.txt *** To answer most questions in this section, refer to ALN (Advanced Linux Networking) Chapter 10. Make sure your hdb1 virtual disk is mounted. Create a file using VI on the virtual disk named /mnt/hdb1/lab06answers.txt. Copy all the numbered questions labelled "ANSWER:" below into the lab06answers.txt file and, below each question, give your command line and answer to the question in the file. Warning: Do your work on your mounted hdb1 virtual disk; not in Knoppix memory! You can use wget to fetch a copy of this exercise into your virtual VNS machine for editing: # cd /mnt/hdb1 # wget http://teaching.idallen.com/net2003/07w/notes/lab06.txt # cp lab06.txt lab06answers.txt # vi lab06answers.txt You can also use scp to copy files to/from the VNS virtual machine. You can use your mouse to cut-paste command output into your answer file; or, you can run commands and redirect the output into a file for later use. (This is why we do the editing on VNS - so that we can save command output for inclusion into /mnt/hdb1/lab06answers.txt.) 20) True/False - the NTP program will refuse to set the time on a system if the time is more than 1000 seconds wrong. (ALN p.244) ANSWER: 21) What is the name of the program that you can use to manually set the system clock before calling the NTP program? (ALN p.244) Your Debian system does this using a separate start-up script on each reboot. ANSWER: 22) Find the option to the above manual program that causes it to execute, go through all the steps, but not actually set the time (for debugging). (RTFM) Give an example debugging command line for the program, using the time server pool.ntp.org as the target. Include the output of the command line. ANSWER: 23) The Debian command "dpkg -L ntp-server" lists all the files in the installed "ntp-server" package. By looking in the names of the files installed by the NTP package, give a command pipeline and its output that shows the pathname of the NTP start-up script that resides under the init.d directory. (Hint: Produce a list of all the names in the installed NTP package and pipe that into a command that searches for the "init.d/" string. The resulting absolute pathname is the name of the NTP start-up script.) ANSWER: 24) ALN says (p.244) that in some distributions ntpdate is called in the NTP start-up script. Does the Debian/Knoppix/VNS NTP start up script call the ntpdate program? Give a command line that searches for the string "ntpdate" in the ntp-server start-up file. ANSWER: 25) Give a command pipeline (and its output) that shows the absolute path of the ntpdate (not ntp-server) package start-up script. (Use a pipeline similar to the one you did above.) ANSWER: 26) Examine the ntpdate start-up script: What absolute pathname does the ntpdate program use to get its list of time servers at boot time? Show a long listing of this absolute pathname (including the size and modify time). ANSWER: 27) Edit the file and add "time.chu.nrc.ca" to the list of NTP servers used by ntpdate (not by ntp-server) at boot time. Keep it as one line, and add the new entry as the first server in the list, ahead of the existing server pool. Give the changed line with the new server added. ANSWER: 28) Start your NTP service: 1) do the big change with ntpdate: # /etc/init.d/ntpdate start 2) maintain the time using ntp-server: # /etc/init.d/ntp-server start Is your server date and time now correct? ANSWER: 28b) The NTP daemon will not reset your system clock if the time difference is "too big", as is the case after a VMware suspend/resume. (Your VNS has no way of knowing it was suspended.) You have to shut down NTP and use ntpdate to fix a large time change: # /etc/init.d/ntp-server stop # stop NTP (to allow ntpdate to work) # /etc/init.d/ntpdate restart # fix the large time difference # /etc/init.d/ntp-server start # restart NTP to keep the time Part IV - Play with virtual machines ------------------------------------ 29) Create these three virtual machines, either by using the right-click UserModeLinux menu or via the bash command line: # ( uml red & ) # ( uml green & ) # ( uml yellow & ) 30) Login as root on all three virtual machines and set up a toy network: On red: ifconfig eth1 1.2.3.1 On green: ifconfig eth1 1.2.3.2 On yellow: ifconfig eth1 1.2.3.3 Verify that you can ping from red to all machines: red~# ping -c 2 1.2.3.1 red~# ping -c 2 1.2.3.2 red~# ping -c 2 1.2.3.3 The directory /host is shared among all virtual machines in the sandbox. You can put things there that you need to copy between machines that don't have networking set up yet. 31) In yellow, run a script session saved into the shared /host/ directory that is common to all virtual machines: yellow~# cd /host yellow~# pwd /host yellow~# script dump.txt Script started, file is dump.txt yellow~# pwd /host yellow~# Anything that appears on your screen while running under "script" will be captured into the script file "dump.txt" when you exit the script shell. Let's capture some tcpdump output: yellow~# tcpdump -i eth1 ...tcp dump output will appear here... 32) On green, start the apache web server: green~# /etc/init.d/apache start 33) On red, fetch a web page using the "netcat" tool, and enter two newlines after the GET command: red~# nc -v 1.2.3.2 80 GET / HTTP/1.0 ...many lines print here, including "The penguins are coming"... 34) In yellow, you will see the tcpdump output that is being captured by the script command. When the output is finished, interrupt tcpdump to get back to the shell prompt, then exit the script shell to return to your login shell: ^C ...summary output from tcpdump appears here after you interrupt it... yellow~# exit Script done, file is dump.txt yellow~# pwd /host yellow~# wc /host/dump.txt ...your script session dump.txt file size lists here... 35) Add the tcpdump script contents of dump.txt to the end of your /mnt/hdb1/lab06answers.txt file. ANSWER: 36) When you type "uml", exactly what file name is found and executed? Give the command that finds which "uml" file will be executed by your shell, and the output of that command. ANSWER: 37) Type umlHalt to halt all your coloured virtual machines. 38) Type umlBackup to open a menu to save the disk images of your three coloured virtual machines. In the backup menu, navigate to /mnt/hdb1 and give it a save file name of "three". (You can also use the right-click menu: UserModeLinux | Backup.) This isn't very useful at the moment, since we haven't made any changes to the machines. 39) Make sure you can see the backup file saved on the virtual disk: # ls -l /mnt/hdb1/three.tar.bz2 # tar tjvf /mnt/hdb1/three.tar.bz2 ...see three 15MB files list here... Add the output of the above commands to the lab06answers.txt file. ANSWER: 40) Make sure you can see your answers file on the virtual disk: # ls -l /mnt/hdb1/lab06answers.txt 41) Copy your assignment file lab06answers.txt to the Course Linux server. If on campus, you can use "scp", e.g. scp lab06answers.txt abcd0001@10.50.254.148:lab06answers.txt If you are off-campus, depending on how VMplayer interacts with the VPN software, you may have to first copy the file to your host machine and then copy it from the host over the VPN. You can get "scp" and "sftp" for Windows from the same place that you got "PuTTY". 42) Tell VMplayer to suspend your VNS machine. (Don't shut it down or exit it or you will lose your NTP configuration - tell VMplayer to suspend the machine.) Note that you can copy all the files that make up a suspended machine to different hardware and resume it there. 43) Put your assignment label on your lab06answers.txt file and submit it. Part V - Taking your VNS home ----------------------------- You can copy your suspended VNS to any machine that will run the free VMplayer program. See Notes file virtual_network_sandbox.txt Submission ---------- Submission Standards: See Lab #1 for details. A. Make sure all files contain an Exterior Assignment Submission label. For full marks, where possible, lines that you type must be shorter than 80 columns. The VIM editor will automatically wrap most lines as you type them if you enter "set wrapmargin=5" in your $HOME/.vimrc file. (Don't use autowrap for script files!) You only need to limit the length of the lines *you* type, not the length of the lines output by various commands. You don't have to shorten or alter command output. B. Submit your files for marking as Lab 06 using the following *single* netsubmit command line exactly as given here: $ netsubmit 06 lab06answers.txt Always submit *all* files at the same time for every submission. Files submitted under the wrong names are worth zero marks. P.S. Did you spell all the assignment label fields and file names correctly? The VMplayer lets you try out various virtual machines, see: http://www.vmware.com/vmtn/appliances/index-r.html