Linux version extras

The linux version of the tools with plan9port integration is our primary form of use, and provides several additional utilities. The gridlord script provides a menu based interface for running a local grid - it can start the plan9port venti server, extract preconfigured VMs from it, and launch them for you. Gridlord uses some of the provided qemu command lines in the tools directory, which start qemu with port redirections setup for various purposes. You can use these scripts directly, and pass additional options by putting your target hard drive and other options enclosed in single quotes. For instance, from the gridtools directory,

tools/qemucpu 'g9.qcow2.img -nographic'

would start the g9.qcow2.img VM in nongraphics mode, but still using the redirections and options set in the script also.

Linux port bouncing and superuser privileges

In UNIX based OSes, ports numbered 1-1024 are reserved for the root user to control. You generally want to run your software as a regular user when possible - there is no need to run Qemu as root. However, many useful services such as the Plan 9 auth system use these ports by default. We recommend a simple trick to allow your VM to run as a regular user and still provide services on low ports. If all you care about is how to make it work, you do:

cd /path/to/gridtools

sudo tools/iptablescript

Then you can use the gridlord utility or the included qemu launcher scripts in tools freely. The iptablescript is simply a series of iptables commands that redirect low privileged ports to high, unprivileged ports. Then, as the second half of the trick, qemu takes those high ports and redirects them to the VMs low ports. So outside users dial into port 21, iptables redirects it to 22221, then qemu redirects it to port 21 of the VM. Qemu runs as a regular user.

The provided iptablescript executes the following:

iptables -t nat -A PREROUTING -p tcp --dport 567 -j REDIRECT --to-port 2567

iptables -t nat -A OUTPUT -o lo -p tcp --dport 567 -j REDIRECT --to-port 2567

iptables -t nat -A PREROUTING -p tcp --dport 564 -j REDIRECT --to-port 2564

iptables -t nat -A OUTPUT -o lo -p tcp --dport 564 -j REDIRECT --to-port 2564

iptables -t nat -A PREROUTING -p tcp --dport 21 -j REDIRECT --to-port 22221

iptables -t nat -A OUTPUT -o lo -p tcp --dport 21 -j REDIRECT --to-port 22221

iptables -t nat -A PREROUTING -p tcp --dport 23 -j REDIRECT --to-port 22223

iptables -t nat -A OUTPUT -o lo -p tcp --dport 23 -j REDIRECT --to-port 22223

As you can see this applies to ports 21, 23, 564, and 567 - ftp, telnet, 9fs, and plan9 auth. If you dont want your vm to do any ftp or telnet or 9fs, you can use only the port 567 redirection. You are free to create additional redirections, which will then need to be matched by the command line you feed qemu.