Virtualizing complex Linux systems

It's Complicated

© Lead Image © Shawn Hempel, 123RF.com

© Lead Image © Shawn Hempel, 123RF.com

Article from Issue 168/2014
Author(s): , Author(s):

If you are ready to migrate your hardware RAID system to the virtual world, standard virtualization and forensics tools are ready for the task.

Ever since the virtualization epidemic hit the datacenter, server filesystems have increasingly taken the form of images, and conventional partitions have been on the decline. The benefit for the admin is that the filesystem images are easier to move or manipulate.However, if you want to use physical disks – typically block devices named /dev/sd<x> or the like – in your own cloud, you need to convert them to suitable virtual disk image formats, such as .vdi or .vmdk.

Popular conversion programs, such as qemu-img --convert (for KVM), can convert your physical partition to a virtual form, but these tools are not designed to address complex situations. For instance, if you want to build a RAID system from multiple disks, you need to master a few tricks, and this article will help you do so. Incidentally, the approach described here relies on forensic tools, because I developed this technique while investigating a crime case. For virtualization, I will rely on VirtualBox [1] version 4.

Problems with RAID Controllers

Physical systems are not always easy to virtualize. For example, you can experience driver problems if the hard disks come from machines in which the RAID systems are managed by hardware controllers. Some tools do exist for simple scenarios. KVM offers a number of options for smoothing out the process. If you rely on VirtualBox, you can easily convert a hard disk /dev/sdb by using:

VBoxManage convertdd /dev/sdb test.vdi --format VDI

This command converts the currently mounted disk, which you might have removed from another host, to a virtual hard disk named test.vdi using VirtualBox's own Virtual Disk Image (VDI) format [2].

Images like this can almost always be integrated easily into any new guest system, but other hypervisors can also handle them. Once this (fairly time-consuming) process is complete, you can export the entire system as an appliance in Open Virtualization Archive (OVA) format [3].

Complex Servers

Unfortunately, a typical server system rarely uses just a single hard disk. You are more likely to find a setup in which one hard disk stores the system, and the data resides on a RAID array. If the original  host consists of three hard disks (e.g., a 40GB SATA and two 80GB SATA disks on a RAID controller), you can expect the conversion to be more complex.

If you can bring the legacy host back to life, you have many options. But if you don't have access to the original system (e.g., when the hard disks were part of the evidence in a crime case), the following approach can help. To read alien hard disks, administrators often resort to the RAW format, because it is the simplest possible standard and practically any version of Linux has suitable tools for it.

However, forensics experts tend to prefer the Expert Witness Format (EWF), which was introduced in an article in a previous issue of Linux Pro Magazine [4]. EWF offers a variety of benefits that help admins manage complex tasks. The ewfacquire program creates images in EWF; you need to install the ewf-tools package from your distribution's repository to access the tool.

Striped Set: RAID 0 – A Tough Nut

The use of a striped set (RAID 0) is not recommended from an administrative point of view, but you still see it on older servers. Because it causes the biggest problems and was used on the original system, I will be using it as an example here. Given a working controller, fdisk will show the disks that belonged to the striped RAID set (Figure  1). The forensic counterpart to fdisk from The Sleuth Kit is mmls (Figure  2).

Figure 1: The first hard disk is 40GB, the second disk on the RAID controller is 160GB, but this is actually a RAID 0 made up of two 80GB disks.
Figure 2: The Sleuth Kit mmls tool can look behind the scenes of the second hard disk.

If you take the hard disks out of the legacy system and mount them on another machine without a RAID controller, things change. Although nothing changes for the first hard disk, you will see, as in Figure 3, that disks 2 and 3 (the two 80GB storage media) are no longer a system; in fact, they do not even contain a partition table, according to fdisk.

Figure 3: Without a RAID controller, the two 80GB hard disks are useless.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Desktop RAID

    Linux offers several options for fulfilling the RAID promise of fast hard disk access and data security.

  • Virtualizing complex Linux systems

    A correction to the Migrating RAID article in issue 168 (November 2014).

  • ASK KLAUS!

    Klaus Knopper is the creator of Knoppix and co-founder of the LinuxTag expo. He currently works as a teacher, programmer, and consultant. If you have a configuration problem, or if you just want to learn more about how Linux works, send your questions to: klaus@linux-magazine. com

  • Ask Klaus!

    Klaus Knopper is the creator of Knoppix and co-founder of the LinuxTag expo. He currently works as a teacher, programmer, and consultant. If you have a configuration problem, or if you just want to learn more about how Linux works, send your questions to: klaus@linux-magazine.com

  • RAID Performance

    You can improve performance up to 20% by using the right parameters when you configure the filesystems on your RAID devices.

comments powered by Disqus