Skip to content

Service VM

Jump to bottom
MC68 edited this page Oct 6, 2020 · 4 revisions

Installation of Service VM

NOTE: We recommend you use the Service VM prepared and provided by us found here.

The recommended OS for setting up the service VM is a minimal install of debian 10. Since the service VM will ideally be running constantly, using only the most necessary of resources is preferred. Since this VM will most likely have no graphical interface, you will need to access it using SSH.

$ virt-install
--name service_vm
--ram 512
--disk path=/var/lib/libvirt/images/service_vm.qcow2,bus=virtio,size=10,format=qcow2
--cdrom <iso-file-of-linux-distribution>
--network bridge=br0
--network bridge=br1
--graphics vnc,listen=0.0.0.0
--noautoconsole -v

If you have decided to use the service VM image we provide, you will need to perform a few steps to enable all functionalities. First, you will need to add your public and private networks manually. This can be done using virt-manager. Next, start the VM and log in as root with the password hystck. Run the commands dhclient and dnsmasq, then systemctl stop cups. Finally, run the Print Service installation seen below. If you reboot the service VM you will need to perform these steps again (with the exception of adding the networks and potentially dnsmasq).

Once you have performed these steps, run ip addr to display the service VM's ip address. This is important since the generator needs the address to perform various services. The IP address will look like this: 192.168.103.xxx with 103 indicating that it is an IP address of the public network. Naturally, this will change if you decide to configure your networks differently.

Login data for provided service VM: root - hystck service - hystck

Print Service

To install the virtual printer, only a few steps are necessary. First, clone the ippsample tool repository:

$ git clone https://github.com/istopwg/ippsample.git

Navigate into the downloaded folder:

$ cd ippsample

Build the container:

$ docker build -t ippsample .

You may need an updated version of docker to install the print service. Find a guide on how to install the correct docker version here.

Before starting the service, you need to disable encryption. To do so, a few configuration need to be changed.

$ docker run --name ippserver -d --rm -it -p 631:631 ippsample /bin/hash

$ docker exec -it ippserver bash -c "mkdir -p config/print && echo Encryption Never > config/system.conf && touch config/print/name.conf"

After completing the steps above you have to simple start the service.

$ docker exec -it ippserver bash -c "ippserver -v -p 631 -C /config"

When you restart the Service VM, you need to execute above commands again, but before you do, you need to reassign the IP addresses (make sure your public and private networks are assigned in the virt-manager overlay) and stop the Cups service still running and listening on port 631.

$ systemctl stop cups
$ dnsmasq
$ dhclient

SMB Service

To install the SMB server, two steps need to be followed:

  1. Install samba packet.

    $ apt-get install samba

  2. Create a samba user.

    comment = samba path = /home/samba_share read only = no browsable = yes

Make sure to adjust any of the above parameters to your preferences.

Mail Server

First we will start with the SMTP server which is primarily responsible for forwarding and storing of mails.

$ sudo apt-get update
$ sudo apt-get install install postfix

Next, edit the Postfix config files. Edit /etc/postfix/main.cf:

$ myhostname = localhost
$
$ mydomain = hystck.local
$
$ myorigin = $mydomain
$
$ inet_interfaces = all
$
$ inet_protocols = all
$
$ mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
$
$ mynetworks = 192.168.1.0/24, 127.0.0.0/8
$
$ home_mailbox = Maildir/

Restart postfix to apply the changes:

$ systemctl restart postfix

Now, create a test user called "hystck":

$ /usr/sbin/adduser hystck
$ passwd <type_a_password_of_your_choice>

Next we will install the IMAP/POP3 server:

$ sudo apt-get install dovecot

Similarly to the SMTP installation, we will need to edit the dovecot config files.

First /etc/dovecot/dovecot.conf:

$ protocols = imap pop3 lmtp

Next, edit /etc/dovecot/conf.d/10-mail.conf:

$ mail_location = maildir:~/Maildir

Finally, add the following lines to the unix_listener auth-userdb bracket in /etc/dovecot/conf.d/10-master.conf:

$ user = postfix
$ group = postfix

Restart the service.

$ systemctl restart postfix

You can also set up an NFS-server.

Host side installation:

$ sudo apt-get install nfs-kernel-server
$ sudo systemctl start nfs-server

Then add the following line to /etc/exports/:

$ <path_to_your_nfs_directory> *(rw,sync,no_root_squash,subtree_check,nohide)

Apply changes and restart service:

$ sudo exportfs -a
$ sudo systemctl restart nfs-server

Client side installation:

Mount the directory on Windows client:

C:\ mount -o nolock <ip_host_vm>:/<mnt_path_host_vm> z:

(Optional) Enable write permission on windows client:

  • Open "regedit".
  • Browse to "HKEY_LOCAL_MACHINESOFTWAREMicrosoftClientForNFSCurrentVersionDefault".
  • Create a new "New DWORD (32-bit) Value" inside the "Default" folder named "AnonymousUid" and assign the value 0.
  • Create a new "New DWORD (32-bit) Value" inside the "Default" folder named "AnonymousGid" and assign the value 0.
  • Reboot the machine.

Auto startup on windows:

  • Press Windows+R, then type "shell:startup"

  • Create a .bat file containing following commands:

    @echo off net use z: \<ip_host_vm><mnt_path_host_vm>

Mount directory on Linux client:

$ sudo mount -t nfs4 -o proto=tcp,port=2049 <ip_host_vm>:/<mnt_path_host_vm> <mnt_path_guest_machine>

Installing NFS server

To install an NFS server, a few steps need to be taken.

First, run the following commands:

$ sudo apt update
$ sudo apt install nfs-kernel-server
$ sudo apt install portmap

You can lock the access to the NFS services by adding the following line to /etc/hosts.deny:

rpcbind mountd nfsd statd lockd rquotad : ALL

Then you can modify /etc/hosts.allow to allow certain IP addresses to access the NFS server.

rpcbind mountd nfsd statd lockd rquotad : example_IP : allow
rpcbind mountd nfsd statd rquotad : ALL : deny

You can skip these two steps since the guest VM ip addresses are currently given random within a range.

Next, create the folder NFS will use and modify the ownership attributes:

$ sudo mkdir /var/nfsroot
$ sudo chown nobody:nogroup /var/nfsroot

The penultimate step is modifying the /etc/exports file by adding an entry with the service VM's ip address.

/var/nfsroot     192.168.103.[xxx]/17(rw,root_squash,subtree_check)

Next, update the exported file systems:

$ sudo exportfs -ra

Lastly, restart the NFS service.

$ sudo systemctl restart nfs-kernel-server

Note: If you want to use the generator's current functions that use a NFS server to maintain file transfer data, we recommend installing an NFS server on your host machine or at least connecting your host to the NFS server as a client.

Clone this wiki locally