for keeping track of my digital experiments

I have been searching for a way to visualize an OpenVPN setup for some time now. I need it to be virtual because of my lack of physical machines. I have had OpenVPN running before using Ethernet bridging, but without the adequate hardware, it is time to go virtual and use routing methods instead of bridging.

With a little bit of google searching I found “Adding openvpn support to openvz VPS” on biogeogen.com. The post in question gets you started, but leaves out a few pointers.

1) Don’t use the /etc/modules.conf file, just throw up modprobe tun inside of /etc/rc.d/rc.local. So the command will be executed each boot time. This is of course if after using lsmod | grep tun, you discover that tun support is not automatically loaded.
2) You need to have the virtual node off before running the following command on it: vzctl set 101 --capability net_admin:on --save. Where 101 is the VEID.
3) To execute commands on said virtual node with vzctl exec, you then need it to be started.

So the revised pastie:

lsmod | grep tun
[no output, then -->] modprobe tun
[stop the container]
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save
[start the container]
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun

For setting up OpenVPN inside of the virtual node see: OpenVPN on Debian linux.

This install assumes a semi-clean Debian 5 install and some access to a root console. The node must have around 220MB ram +/- 20 MB (or a large swap partition and a fast hard drive). The initial installs of some of these services take a heavy toll on ram. Tweaking will be done to speed up the services. This is meant as a multi-user development server, not a production server. I will be working on getting this working on nginx, so the speed and performance will be much better. For ease of installation, apache2 will have to do.

To do this with <400MB of ram we need to keep the applications that apt-get installs from starting.

1) Create a file /usr/sbin/policy-rc.d containing:

#!/bin/sh
exit 101

2) chmod +x /usr/sbin/policy-rc.d

After that, packages will install correctly, but not start.

Once you’re done and ready to snapshot your pristine chroot/image, just delete that file. That will let the service start as normal on future boots.

http://ubuntuforums.org/showthread.php?t=856815

install everything we need in one big apt-get install command
apt-get install ssh mysql-server apache2 php5 phpmyadmin openssl vsftpd libapache2-mod-python libapache2-mod-ruby rubygems libapache2-mod-perl2 libapache2-mod-wsgi libapache2-reload-perl libapache2-request-perl libapache2-mod-fcgid libfcgi-ruby1.8 libmysql-ruby libapache2-mod-scgi ruby libzlib-ruby rdoc irb rubygems rails eruby

Once the installation is done, remove “/usr/sbin/policy-rc.d” – rm /usr/sbin/policy-rc.d – so that the various applications will be able to start.

I don’t know a whole lot about exim4, so I just start it without messing with the config files.
/etc/init.d/exim4 start

edit mysql config file – /etc/mysql/my.cnf
I like to comment out the bind-address line so that I can access the mysql database remotely in my other test environments.
start it when done: /etc/init.d/mysql start

edit vsftpd config file to your liking – /etc/vsftpd.conf
and start it: /etc/init.d/vsftpd start

edit apache2 main configuration file so that it takes up less ram
vi /etc/apache2/apache2.conf

—- Start File Excerpt —-
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 60

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to “Off” to deactivate.
#
KeepAlive Off

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15

##
## Server-Pool Size Regulation (MPM specific)
##

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers          1
MinSpareServers       1
MaxSpareServers       1
MaxClients            3
MaxRequestsPerChild  20
</IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers          1
MaxClients           20
MinSpareThreads      25
MaxSpareThreads      75
ThreadsPerChild      25
MaxRequestsPerChild  20
</IfModule>
—- End File Excerpt —-

enable various apache2 modules that we need
a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include

edit apache vhost configuration file [/etc/apache2/sites-available/default] or .htaccess file to enable perl, python, and ruby. php should already be setup and good to go.

—- Start File Excerpt —-
<VirtualHost *:80>
ServerAdmin jzerbe@lizardking.biz
DocumentRoot /home/jason/www/
<Directory /home/jason/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
AddHandler mod_python .py
PythonHandler mod_python.publisher
PythonDebug On
</Directory>
<Directory /home/jason/www/>
Options +ExecCGI
AddHandler cgi-script rb cgi pl
</Directory>
</VirtualHost>
—- End File Excerpt —-

finally start apache2
/etc/init.d/apache2 start

To test that this works, try the following test scripts: test.rb, test.pl, test.py, and test.php.

For more information about the ruby on rails installation see this howtoforge.com article.

On a side note: I was doing this on a vmware node and ran out of space, expanding a vmdisk is pretty easy to do: 1) cd into VMware Workstation/Server directory 2) vmware-vdiskmanager -x [500MB/5GB/etc.] "[path to vmdisk].vmdk" 3) program expands virtual disk.

I was curious to know how much IPv4 address space Facebook actually has. I assumed that they run a large server cluster on their own, but you can’t be too sure.

So I ran a whois on Facebook’s frontend IPv4 address for www.facebook.com:

OrgName:    Thefacebook.com
OrgID:      THEFA-3
Address:    156 University Ave, 3rd floor
City:       Palo Alto
StateProv:  CA
PostalCode: 94301
Country:    US

NetRange:   69.63.176.0 – 69.63.191.255
CIDR:       69.63.176.0/20
NetName:    TFBNET2
NetHandle:  NET-69-63-176-0-1
Parent:     NET-69-0-0-0-0
NetType:    Direct Assignment
NameServer: DNS1.SCTM.TFBNW.NET
NameServer: DNS2.SCTM.TFBNW.NET
NameServer: DNS04.SF2P.TFBNW.NET
NameServer: DNS05.SF2P.TFBNW.NET
[...]
# ARIN WHOIS database, last updated 2008-11-23 19:10

I then ran a scan of their entire IPv4 address block, 4096 IPv4 address in total, and only 421 are used. Even if you subtract 16 IPv4 address for the necessary broadcast addresses, then that’s still a pretty low usage percentage (421/4080 is about 10%).

I guess I really shouldn’t be surprised, most companies are like this. They grab up quite a few blocks and then blame other people for the lack of IPv4 addresses.  Although IANA did reserve quite a few addresses for internal networks (about 18 million) and multicast addresses (about 16 million which don’t even route properly most of the time). That still leaves 4, 260, 967, 296 addresses though (2^32 – 34 million). Enough for much of the developed world. Well whatever happens, I just hope the transition over to IPv6 makes public Internet Protocol addresses available to more people in the digital industries. Heck 2^128 addresses is more than enough for everyone to have quite a few of their own IPv6 addresses. The only problem with that though is the routability issues caused by dividing up the public Internet into so many pieces.

The interesting thing that I found out from running a scan of Facebook’s IPv4 block is that they created a group debt tracker application called MoochSpot.