Good read to understand relation of Virtualization - Hypervisor - KVM -QEMU

- KVM is linux kernel modul. No gui. Only provide CPU and RAM, not hd, network etc.

- Qemu is an emulator of varied cpu. It also has features to use KVM which will boost performance compare to other emulated cpu type.

-Libvirt as wrapper to start QEMU with the right options.

For more, refer this good explanation:

 https://superuser.com/questions/1490188/what-is-the-difference-and-relationship-between-kvm-virt-manager-qemu-and-libv

Qemu/kvm/virsh Snapshot

 create snapshot:

sudo virsh snapshot-create-as <domain> <snapshot-name>

This will create xml file in /var/lib/libvirt/qemu/snapshot/<domain>/<snapshot-name>.xml

Normally for snapshot, will have Copy-On-Write. Means anything changes will be save somewhere else instead of main disk image.

But for qcow2, little bit different. The changes still will be store on the main disk image.

To list snapshot:

# qemu-img snapshot -l /var/lib/libvirt/qemu/centos7-server.qcow2
Snapshot list:
ID        TAG                 VM SIZE                DATE       VM CLOCK
1         live_snapshot1         2.3G 2020-08-25 12:44:09   00:32:40.190

https://unix.stackexchange.com/questions/570414/understanding-how-libvirt-snapshots-are-stored

Proxmox Nested Virtualization

 How to install qemu in a proxmox guest.

(Baremetal has proxmox, guest will has qemu(to install another guest on top of qemu)

Qemu/KVM is a hypervisor, same also as proxmox.

1) Enable Nested virtualization on proxmox

a)- check is nested enabled:

cat /sys/module/kvm_intel/parameters/nested

Y  - yes

N - not enabled

b)- if not enable, 

# echo "options kvm-intel nested=Y" > /etc/modprobe.d/kvm-intel.conf

c)- then reboot and reload

modprobe -r kvm_intel
modprobe kvm_intel

then check again if nested succesfully enable (a)

2)- Create a guest(of proxmox) with 'CPU Type': host

a) to verify guest support hardware virtualization:

egrep '(vmx|svm)' --color=always /proc/cpuinfo

ref:  https://pve.proxmox.com/wiki/Nested_Virtualization

KVM Qemu virsh

-list storage(pool)

 virsh pool-list

-list volume

virsh vol-list __poolName__

-list vm

# virsh list --all

ref:   https://docs.deistercloud.com/content/Tutorials.100/Linux.80/KVM%20virtualization.40/KVM%20VirSH%20Command.xml?embedded=true

good one: https://serverfault.com/questions/434064/correct-way-to-move-kvm-vm/434070#434070

pip install package on previous version

 1- to list available package:

   pip install thepackage==randomwords

(attemp to install unexist package, will return error, and pip will display available package)

2- install certain version of package

   pip install libvirt-python==5.10.0

Laravel - Redis - Que - Failed Job

 Laravel has capability to send task/job to worker. Means when the request coming from client/browser, certain task/code can be pass to be process later by worker. This will enable laravel to complete the http response faster, without need to wait for that certain code to finish process.

In laravel, this can be done by creating a class that implements ShoudQueue.

class ProcessPodcast implements ShouldQueue

ProcessPodcast::dispatch()   will tell Laravel to queue the job in redis(this is one of the option), then worker will retrieve the job from redis.

If there is error during the job execution, it will be put in table failed_jobs.

We can request Laravel to resubmit this fail jobs to redis again by:

php artisan queue:retry all

To check jobs list in redis:

$ redis-cli

127.0.0.1:6379> keys *

From figure above, we can tell the pending jobs in redis is 131,093.

To check failed jobs:

mysql> select (*) from failed_jobs;

ref: https://laravel.com/docs/7.x/queues#retrying-failed-jobs

Domain Fronting Attack

As want to connect to www.google.co.uk, instead connect to www.google.com.au

$ curl -H "host: www.google.com.au" www.google.co.uk

Fakely connect to baik.com, but actually connect to jahat.com, This can be done if baik.com use same CDN as jahat.com

$ curl -H "host: jahat.com" https://baik.com

ref:   https://digi.ninja/blog/domain_fronting.php

Using custom CA in python virtual environment

 You have installed your custom CA in your client machine. Using curl, everthing is fine(refer here).

But since your python script  use  virtenv, your script cannot see the custom CA.

This is because python virtualenv looking the certifcates in different place than the normal python 

$ python -c "import requests; print ( requests.certs.where() )"
/etc/ssl/certs/ca-certificates.crt

$ (.venv) python -c "import requests; print (requests.certs.where())" 
.../.venv/lib/python3.6/site-packages/certifi-2020.6.20-py3.6.egg/certifi/cacert.pem

Solution, is to import the custom CA to the virtual Environtment.

openssl x509 -in $specific_ca.crt -text >> $virtualenv/lib/python3.6/site-packages/certifi-2020.6.20-py3.6.egg/certifi/cacert.pem

ref:

https://stackoverflow.com/questions/34931378/certificate-verification-when-using-virtual-environments

Add custom CA to ubuntu

tested with ubuntu 18:04


1) sudo apt-get install ca-certificates



2) copy CA certificate to local:

      sudo cp CERTIFICATE.crt /usr/local/share/ca-certificates/

If your certificate in PEM format, need to convert to .crt using this command:

openssl x509 -outform der -in CERTIFICATE.pem -out CERTIFICATE.crt

3) update certificate

  sudo update-ca-certificates

ref:  

1) https://www.techrepublic.com/article/how-to-install-ca-certificates-in-ubuntu-server/

2) https://www.wikihow.com/Be-Your-Own-Certificate-Authority