'PACC: Week IV'

Overview:

For this week, I have continued my work with libvirt manager. After getting the server running on one of the lab computers. I created several VMs for working on demo, which have been established on our meeting about virtualization.

I have looked up for 2 solution, to get VMs working on a side computers.

1) X11

X is an architecture-independent system for remote graphical user interfaces and rich input device capabilities which allows many people to share the processing power of a time-sharing computer and to collaborate with each other through client applications running on remote computers. Each person using a networked terminal has the ability to interact with the display with any type of user input device. Due to the ubiquity of support for X software on Unix, Linux and Mac OS X, X is commonly used to run client applications on personal computers even when there is no need for time-sharing.

2) TightVNC

TightVNC is a free remote control software package. With TightVNC, you can see the desktop of a remote machine and control it with your local mouse and keyboard, just like you would do it sitting in the front of that computer. TightVNC is:

  • free for both personal and commercial usage, with full source code available,

  • useful in administration, tech support, education, and for many other purposes,

  • cross-platform, available for Windows and Unix, with Java client included,

  • compatible with standard VNC software, conforming to RFB protocol specifications

Also can be used for monitoring the screen desktop, on your smart-phone, for this you can visit and download the program called

https://play.google.com/store/apps/details?id=com.glavsoft.rrviewer&feature=search_result#?t=W251bGwsMSwxLDEsImNvbS5nbGF2c29mdC5ycnZpZXdlciJd

If you establish a server you can access even from smart-phone.

To do:

I'm going to finish my work on a connection between host server and side computers, prepare a solution for virtualization project. Now I'm using TightVNC,  but it seems to be very slow.

Failures:

Left the m23 program, because of the issues with assimilation, and server not efficiently working

Got my server broken today, because of disappeared "default.xml" connection, and virtual bridge

Owncloud server and client installation

Week 1 report:

-created server for owncloud and several users -installed clients on Ubuntu, Windows and Android -test and evaluate it

Create server:

For xUbuntu 12.10 run the following as root:

sudo apt-get install apache2 php5 php5-common php5-gd
sudo apt-get install php5-sqlite curl libcurl3 libcurl4-openssl-dev php5-curl
echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.10/ /' >> /etc/apt/sources.list.d/owncloud.list
apt-get update
apt-get install owncloud
You can add the repository key to apt like this:
wget http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.10/Release.key
apt-key add - < Release.key
mkdir /home/data_owncloud/
sudo chown -R www-data:www-data /var/www/owncloud/
sudo chmod 750 /home/data_owncloud/
sudo chmod -R 777 /var/www/owncloud/config/
sudo chown -R www-data:www-data /home/data_owncloud/
nano /etc/apache2/sites-enabled/000-default

In section «Directory /var/www» change AllowOverride none to AllowOverride All

sudo service apache2 restart

In browser: localhost/owncloud/ Data folder:/home/data_owncloud/

Owncloud client installation

For xUbuntu 12.10 run the following as root:

echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:devel/xUbuntu_12.10/ /' >> /etc/apt/sources.list.d/owncloud-client.list
apt-get update
apt-get install owncloud-client
You can add the repository key to apt like this:
wget http://download.opensuse.org/repositories/isv:ownCloud:devel/xUbuntu_12.10/Release.key
apt-key add - < Release.key

Installation on Windows is pretty straightforward, going to the official website and downloading&then installing the client.

Problems occurred: - No access to the server from other locations (not NU) - Android client has almost no functionality and is also not free

To do: - Continue evaluation and testing - Try to add functionality to android app and think about possible prototype for another one

Developing Android Application 3

Weekly Review:

Last week I studied tutorials from http:/www.startandroid.ru/ru, which introduced me to basic theory(Activity, Intent and e.t.c) in simple language. By doing practice exercises and learning theory, I successfully reached to databases. Android can store data by:

1) Preference, which is another class option from android library. Despite it can be easily used, the storage of such method is short.

2) SQLite(mostly used), The problem which I met is complexity of learning it.

In Wednesday meeting we decided with our basic knowledge we should proceed on developing group project. On the of ideas is playing volleyball via two or more phones where by using phone's camera we can detect ball. Another idea is to make more functional OwnCloud applicaiton on android. The open source project GitHub provides only main code without some elements and folders. By using instructions we installed adb and wrote path to android in .bash_profile:

~ANDROID_HOME=$HOME/android/sdk

~PATH=$(ANDROID_HOME)/tools:$(ANDROID_HOME)/platform-tools:$(PATH)'

~export PATH

After we should launch setup_env.sh in terminal, however there was problem that command line was not found.

Also there is another way to setup by using eclipse where we didn't succeeded as well.

Transparent Proxy Week 1 Report

The problem was that at some point server was not responding and internet was down, so you needed to restart redsocks manually. As it seems when number of open connections exceeds 2000 server cannot open any more web pages, so internet was unavailable. This problem was solved by firstly raising the file limit and then starting redsocks. Here is the code:

#!/bin/sh

# raising file limits

echo "Raising the file limit."

ulimit -Hn 32768

ulimit -Sn 32768

echo Filelimit set to $(ulimit -n).

echo killing redsocks, flushing firewall

pkill redsocks

sleep 2

/usr/local/sbin/iptables-clear

sleep 2

echo Starting redsocks =========

redsocks -c /usr/local/etc/redsocks-nu.conf

sleep 10

echo Setting up firewall ======

# Where to find iptables

IPTABLES="/sbin/iptables"

# Port that is redsocks listening on

REDSOCKS_PORT="12345"

## Location of our not local proxy-server

EXTERNAL_PROXY_HOST="192.168.20.254"

EXTERNAL_PROXY_PORT="3128"

# clean up

$IPTABLES -t nat -D PREROUTING -p tcp -j REDSOCKS_FILTER

$IPTABLES -t nat -D OUTPUT -p tcp -j REDSOCKS_FILTER

$IPTABLES -t nat -F REDSOCKS_FILTER

$IPTABLES -t nat -X REDSOCKS_FILTER

$IPTABLES -t nat -F REDSOCKS

$IPTABLES -t nat -X REDSOCKS

# Create our own chain

$IPTABLES -t nat -N REDSOCKS

$IPTABLES -t nat -N REDSOCKS_FILTER

# Do not try to redirect local traffic

$IPTABLES -t nat -I REDSOCKS_FILTER -o lo -j RETURN

## Do not redirect LAN traffic and some other reserved addresses. (blacklist option)

$IPTABLES -t nat -A REDSOCKS_FILTER -d [10.1.1.50/32](http://10.1.1.50/32) -j RETURN # wins server

$IPTABLES -t nat -A REDSOCKS_FILTER -d [10.1.1.51/32](http://10.1.1.51/32) -j RETURN # wins server

$IPTABLES -t nat -A REDSOCKS_FILTER -d [10.1.1.52/32](http://10.1.1.52/32) -j RETURN # wins server

$IPTABLES -t nat -A REDSOCKS_FILTER -d [10.1.70.0/23](http://10.1.70.0/23) -j RETURN # block 7

$IPTABLES -t nat -A REDSOCKS_FILTER -d [10.1.1.10/32](http://10.1.1.10/32) -j RETURN # only server

$IPTABLES -t nat -A REDSOCKS_FILTER -d [127.0.0.0/8](http://127.0.0.0/8) -j RETURN

$IPTABLES -t nat -A REDSOCKS_FILTER -d [169.254.0.0/16](http://169.254.0.0/16) -j RETURN

$IPTABLES -t nat -A REDSOCKS_FILTER -d [172.16.0.0/12](http://172.16.0.0/12) -j RETURN

### enable next line to also have transparent socks in your local network

$IPTABLES -t nat -A REDSOCKS_FILTER -d [192.168.0.0/16](http://192.168.0.0/16) -j RETURN

$IPTABLES -t nat -A REDSOCKS_FILTER -j REDSOCKS # necessary

## Do not redirect traffic for the SOCKS-Server

## Not needed if server is not on a whitelist or is already blacklisted.

$IPTABLES -t nat -I REDSOCKS -p tcp -d $EXTERNAL_PROXY_HOST --dport $EXTERNAL_PROXY_PORT -j RETURN

# Redirect all traffic that gets to the end of our chain

$IPTABLES -t nat -A REDSOCKS -p tcp -j REDIRECT --to-port $REDSOCKS_PORT

## Filter all traffic from the own host

$IPTABLES -t nat -A OUTPUT -p tcp -j REDSOCKS_FILTER

## Filter all traffic that is routed over this host

$IPTABLES -t nat -A PREROUTING -p tcp -j REDSOCKS_FILTER

echo IPtables reconfigured.

echo Starting dns server and masquerading.

sleep 1

/usr/local/sbin/masq_server

Things to do:

  • Create virtual machines (server, client)

  • Test Squid on this machines

'PACC: Week 4'

At the beginning of the week, I introduced Epoptes and Italc to my new peers and we all agreed that Epoptes would be the best choice.

I tested wake-on-lan by powerwake, when computers are completely powered off, hibernated or suspended. It worked fine besides suspend. I think the problem is not in WOL since, after suspend, computer doesn't normally wake up on its own.

Played a little bit with gmvault. Found it very easy to set up and use. However, it might be a bit slow for a large amount of emails.

The majority of time I spent on LDAP (Lightweight Directory Access Protocol) and LDAP based authentication. I created an LDAP server and set up an LDAP client on the two computers. I used phpLDAPadmin to manage LDAP. phpLDAPadmin is a pretty convenient tool to manage LDAP since you wouldn't have to remember all the criteria and abbreviations which you need when using a terminal.

For example, I created a user Alexandra Kim who has the following properties:

Alexandra Kim, people, test.local

dn: cn=Alexandra Kim,ou=people,dc=test,dc=local cn: Alexandra Kim givenName: Alexandra gidNumber: 500 homeDirectory: /home/users/alkim sn: Kim objectClass: inetOrgPerson objectClass: posixAccount objectClass: top uidNumber: 1000 uid: alkim

Terminal can be used to log in as alkim however the user does not have a home directory and cannot be used to log in when login screen appears after booting up.

I tried to configure PAM files in a way so that alkim could be accessed as a normal user. Unfortunately, I failed at that point and destroyed the authentication mechanism of the server computer. I am planning to restore the /etc/pam.d folder and continue working on integrating LDAP and PAM.

Awesome bike!

Thanks to the warm weather I am starting to love my bicycle again. However, how awesome are these (discoverd on gizmodo):

Maybe even my parents in law would approve of this one:

And the making off:

My personal favorite is this:

Starting PACC Internship

Hello everyone,

My name is Yerkanat and will work with you at NU PACC project.

I plan to work about 9 hours a day, mostly in the lab.

My research topics:

  • Test and Evaluation of: OpenStack(UbuntuCloud) and OpenNebula

  • Cybersecurity

  • Develop backup-startegy for system services, users, and user's vms

  • Develop and set up easy remote access to lab (tunnel port over web connection, simulate web-based vpn via ssh-port)

  • And maybe something else if I will finish in time.

Since I started to look for OpenStack before I want to give some information about it.

OpenStack is complete cloud infrastructure that:

  • Allows to manage of VMs, supports following VM images: Raw, AMI, VHD (Hyper-V), VDI (VirtualBox), qcow2 (Qemu/KVM), VMDK (VMWare) и OVF (VMWare)

  • It provides a fully distributed, API-accessible storage platform that can be integrated directly into applications or used for backup, archiving and data retention.

  • It provides a pluggable, scalable and API-driven system for managing networks and IP addresses.

  • It has dashboard is an extensible web app that allows cloud administrators and users to control their compute, storage and networking resources.

You can watch the video of Dashboard(Web Interface) on vimeo:

http://vimeo.com/39762306

First Post

Hello everyone! This is my first week of internship and my work is developing android applications. As you know, Damir has already some progress in it, so he explained me much stuff about it. According to his previews blogs I found several useful tutorials, however Damir noticed that some of them could be complicated for beginners. In the first day he also taught me about everything he has been knowing so far. For example, the difference between various layouts, how to write strings, how to read an initial code. Eventually, I have learnt a lot of material from Damir. Thanks to him!=) Then, I continue to learn by myself. From the site startandroid.ru you can find 128 lessons for android developers. Now I am reading it and trying the programs in android developer tools eclipse. My first program was a counter. When you click the button it starts to count from 30 to 0. It is pretty simple one, but it seemed to me hard few day ago. Now, I will try to launch my own application. Now, I have some ideas what kind of program to create. But, I am not sure yet. If you have some ideas about it please share. Hope to finish MyFirstApp till the end of this week.

'PACC: meeting 4 notes'

Good news! Air-conditioning will be installed!

Prof.Norbisrath: Brainstorming scenarios about the PACC project From next week new research assistant, help in organization of Mobile Computing Class. Android Netbeams is too problematic for development in Android(won't be used)

Alexandra: iTALC vs Epoptes. Epoptes will be used as solution for our lab Worked with Powerwake, no problems was encountered "Authentication Key System" research

To do Write a script for wake-on-lan, to reduce power consumption(sleep mode) Figure out how to establish different levels of sleep Possible integration of biometrics

Il'ya and Saule: Tutorials on Android Studio Problems with installing Android Studio(on Windows)

Using Eclipse is beneficial Damir and Raushan:* The graphics is better Presence of tutorials Eclipse is more common, than Android studio

Damir: Created a prototype of application Figure out that the using of emulator is not efficient, than the actual device. Possibility of integration in cloud development project

Raushan Continue work on tutorials (Managing of buttons and menu)

To do Reach Damir on tutorials Create document for "Ideas of Interesting Projects"

From next week start to work on new project

Erkanat: Install LiveUSB, for OpenStack (in UbuntuCloud) Divided disk for partitioning, installed Xubuntu Evaluating the possibility of using UbuntuCloud(posibility it won't be enough for our project)

Direction: Finish evaluating. Reach existing goals, about authorization, remote access.

Alexander: Establish m23 network using TUN/TAP Alternative Bridging and IPtables(or VDE)

To do Establish connection for m23

Dana: Interested Areas: start with working on Cloud Computing Project

Prof.Lewis: Establish milestones(goals) Include outside collaborators Create a document for Successes/Failures

Kamila: Worked on 'owncloud', with services like calendar, mail, documents(Dropbox replacement, which is less secure, key issues) Research for other ways owncloud resembling. Encountered some problems with permission for client computers.

To do Further research on owncloud Create a virtual client of Windows

Asset: Researched for RedSocks programm, for transparent proxy Find alternative programs

To do Creates test scripts (on python) to take down the system

Temirlan:

Worked on m23, tried to assimilate the VMs from WebVirtMgr Establish the connection between the VMs on 23m server.

To do

Prepare a prototype with authentication of guest session General Blog commenting

PACC: Week III

For this week, I started to work with program called m23. It is an alternative to the WebVirtMgr, but have much more capabilities.

Prof. Norbisrath showed us how we could connect the VMs on the server to the host (without DHCP), and assigned us to work further trying to establish connection. Alexander is going to work on connection between host with VM inside server. Meanwhile, I am trying to establish the connection between VMs themselves.

What have been done

I have created the similar server based on Linux Debian, also added some clients and VMs to the server in order to establish the connection using ssh. I tried to create the virtual network bridge between VMs, but unfortunately faced some problems with connection (probably because of the network protocols) of VMs.

Further actions:

Try to look at the programs called TAP/TUN and VMware, in order to use them for solving my problems with connection. Probably create the switch for network interfaces. Find the way of pulling the server to the outside network of the lab, because now server is working only on localhost.

TAP and TUN

Virtualization has been implemented in networking stacks for quite some time to permit VM guest networking stacks access to the host networking stack. Two of the schemes are TAP and TUN. TAP is a virtual network kernel driver that implements an Ethernet device and as such, operates at the Ethernet frame level. The TAP driver provides the Ethernet "tap" by which guest Ethernet frames can be communicated. TUN (or network "tunnel") simulates a network layer device and communicates at the higher level of IP packets, which provides a bit of an optimization, as the underlying Ethernet device can manage the layer-2 framing of the TUN's IP packets.

Useful links

http://www.vmware.com/support/ws55/doc/ws_net.html

http://www.ibm.com/developerworks/library/l-virtual-networking/