Author Archive norbertk

Single Mode vs. Multimode Fiber Optic Cables

There are two main types of fiber optic cables: single mode and multimode. Although they can do the same job in some instances, the different construction methods make each of them better suited to certain tasks and budgets. That makes picking between single mode and multimode fiber optic cables an important consideration when it comes to setting up your network.

In a nutshell, single mode cables are better for long-distance cable runs and when signal integrity is of paramount importance. They are typically more expensive than multimode cables, though, and there are different types of single and multimode fiber optic cables to consider, making the single mode vs. multimode fiber head-to-head a little more complicated.

To help you decide on the type of cable you need for your project, here’s everything you need to know about single mode and multimode fiber optic cables.

What is Single Mode and What is Multimode?

Single mode and multimode fiber optic cables are two different types of fiber optic cable aimed at different use cases. Single mode cables are typically made with a single strand of glass at their core, leading to a narrower core of the cabling, and more robust signal integrity over greater distances. They can be further divided into OS1 and OS2 cables, which are designed for indoor and outdoor uses, respectively, with OS2 cables offering greater cable lengths and bandwidth.

Multimode cables have multiple glass strands in the core, making them larger and more versatile since they can handle multiple data streams at a time. However, that broader core means there’s more light refraction throughout the cable, weakening the signal faster, and making multimode cables less suitable for longer runs. They too are divided into more cable types: OM1, OM2, OM3OM4, and OM5.

OM1 and OM2 cables are the least expensive but offer the least performance of multimode fiber optic cables. OM3, OM4, and OM5 are progressively more capable, closing the gap between single mode and multimode fiber.

Single Mode vs. Multimode Fiber: Key Differences

The key physical difference when comparing single mode vs multimode fiber cables is the core. Where single mode cables have a single glass strand at their core, measuring around 9µm, the multiple strands used to craft a multimode cable’s core measure 62.5µm or 50µm. This physical disparity is what leads to the performance and use case differences for each cable type.

Thanks to the focused signal of single mode cables, they can deliver a signal over multiple miles without the need to repeat or amplify it. OS1 cables can carry a signal up to around a mile and a half, while OS2 cables can reach up to 125 miles. Since they’re designed with outdoor use in mind, and to ensure no problems arise over that expansive length, OS2 single mode fiber cables are also built with a unique spiral core design, with additional semi-rigid tubing around the core that lets the cable flex without putting any tension on the glass fibers at its core.

Single mode cables are typically rated for between 1 and 10 Gigabits per second over these incredible lengths. It’s theoretically possible that they can run at much higher bandwidths, but typical specifications limit them to 10 Gbps at the top end. Single mode cables, specifically OS1 cables, are commonly used in campus data networks, telecommunication networks, and TV transmission networks. OS2 cables are also used in these cases, as well as an overarching backhaul network.

In contrast, multimode cables can only manage much shorter runs of a single cable before amplification is necessary. Legacy OM1 cables are limited to just 100ft, while OM2 provides a higher quality connection and can stretch to 260ft. Their bandwidth is relatively comparable to single mode cables, delivering between 1Gbps and 10 Gbps depending on cable length.

OM3 multimode fiber optic cables can manage longer cable runs at up to 1,000ft, while OM4 and OM5 are capable of 1,300ft cable runs at up to 10 Gbps. All three are also capable of transmitting at a much higher bandwidth: up to 100 Gbps in some cases. However, offering such throughput requires a shorter cable run, with even the most capable OM4 and OM5 cables limited to just 500ft at the maximum bandwidth.

OM1 and OM2 multimode cables can, in some cases, be driven by LED light rather than lasers, which limits their range and performance, as well as their cost. However, OM2 cables are also available with laser optimizations which improve their range and available bandwidth.

To help differentiate between all of these similar, but quite distinct cable types, they are usually given a unique color band. OM1 multimode fiber cables are given orange or grey outer jackets. OM2 cables are orange, while OM3 are often given a cyan or aqua jacket. OM4 cables are given a purple or aqua outer jacket, while OM5 cables are typically lime green.

Both OS1 and OS2 single mode cables are given yellow jackets, which helps them stand out from their multimode contemporaries.

The final difference in the single mode vs. multimode fiber debate is cost. OS1 and OS2 single mode cables tend to be the most expensive, while multimode cables as a whole are cheaper. However, the pricing difference there is more distinct, with OM5 cables getting close to OS2 cable pricing, while OM1 is far more affordable.

Is Multimode Better?

In the single mode vs. multimode fiber debate, there is not one cable that’s the best, but there are some that are better suited to certain situations.

If you need to run fiber optic cable over a vast distance, there’s no argument that single mode OS2 fiber cables are by far the best tool for the job. But if you’re looking to run shorter cables that are just a few hundred feet in length, multimode cables have the potential to not only offer the same ultra-high bandwidth over shorter distances but do so for cheaper, too.

It’s important not to lump all multimode fiber cables together, though, as there are some stark differences between OM1 and OM5 cables, and subtler, but still present differences between the other multimode cable types. Only OM3, OM4, and OM5 cables can offer the same 40Gbps, and 100Gbps bandwidth as OS2 cables, even if it’s over much shorter distances.

With that in mind, it can often be better to use OM4 or OM5 cables instead of OS1 cables when running shorter cable lengths in indoor locations, if given the choice. In that case, multimode fiber cables could be considered “better”. However, there is no replacing the bandwidth and signal robustness of the OS2 single mode fiber optic cable type.

Choosing the Right Fiber Optic Cable

The main consideration when choosing a fiber optic cable is deciding which type you opt for. Single mode vs. multimode fiber cable is a debate you can answer by considering the cable length(s) required as well as the necessary bandwidth. If you are happy with a maximum of 10Gbps bandwidth at lengths under two miles, then you have the choice of OS1 or OM1 and OM2 fiber optic cables. For greater bandwidth over shorter distances, OM3, OM4, and OM5 are valid options, and will likely give you the most cost-effective solution to your networking problem.

If you’re looking for multiple miles of fiber optic cabling, or simply want the most robust networking solutions, then OS2 single mode fiber optic cables are probably your best bet.

That’s not all you should consider, though. There are single mode and multimode cables that come with different jacket ratings for running through walls, or between multiple floors. If you don’t need anything special, look for fiber cables with a standard Optical Fiber Non-conductive riser (OFNR) rating, which should work fine in most instances, including when transiting between floors.

For improved fire protection, plenum-rated fiber optic cables will come with a Low Smoke Zero Halogen (LSZH) jacket type, which means that even if it were to set fire, it would give off very little smoke or halogenic compounds. There are also both simplex and duplex fiber patch cables which have single or dual connectors on each end. If you’re unsure which you need, you can always just buy a duplex cable and use one of the connectors if that’s all you ultimately need.

You should also consider what type of connector your fiber optic cable needs. Unlike copper twisted pair patch cables which almost universally come with RJ45 plugs at the end, fiber optic patch cables can come with a range of headers. There are LC connectors which are the most common and are somewhat smaller than their comparable sibling, SC connectors, and are most commonly found on single mode fiber optic cables.

SC connectors are an older, larger design, but are otherwise comparable and have a locking mechanism, which can make them sturdier. That extra size does make them harder to fit in large numbers in data centers and patch panel cabinets, but they are cheaper and have a more established design.

Less commonly you’ll also find ST fiber optic connectors, which are a similar size to SC connectors but have a twist-bayonet-style mechanism. There’s also the MTP connector which is typically used in data centers and advanced home networks.

For more tips on choosing the right fiber optic cable for you, check out our complete guide to fiber optic cabling.

EthernetNetworkingFiber OpticCat6

Linux File System Table (/etc/fstab file) Explained

In this guide, we will learn what is fstab in Linux, and what is the usage of fstab file, the structure of /etc/fstab file and finally how to debug fstab issues. At the end, we will also discuss a brief introduction to mtab file, its usage and how mtab differs from fstab.

What is fstab?

As a server administrator or Linux desktop user or anyone who is new to Linux, understanding about /etc/fstab file in Linux and how to debug fstab issues are very important.

Fstab is a file system table used by the kernel during boot time to mount the file system. To put it in simple terms, you will create one or more partitions on your hard drive and you will make an entry for each partition in fstab which will be read by the kernel during boot time and the file system will be automatically mounted.

By default, any partitions you create during the OS installation will be automatically added to the fstab file. Let’s dive in and see how fstab is structured and how to use fstab.

NOTE : Before editing the fstab file, it is best practice to take a backup of the file. If in case something is messed up you can revert the backup copy.

Structure of /etc/fstab file

Fstab is located in the /etc/ directory and owned by the root user. So you should edit the file using sudo privilege or as the root user.

Display the fstab file by running the following command to understand its structure.

$ cat /etc/fstab
$ cat /etc/fstab | grep -i -v "^#" | column -t # Skip comments and format
Contents of fstab file
Contents of fstab file

Fstab file consists of six columns (sections).

  1. File system – Block device which is partitioned and created a file system on it.
  2. Mount Point – Where the file system is mounted in your system.
  3. Type – File system type (Ext4, Ext3, swap, Xfs, etc.)
  4. Options – This decides what mount parameters to be considered when mounting the file system
  5. Dump – This is for the backup purposes used by the dump utility. Setting it to zero means disabling the backup and one means enabling the backup to a given device/medium.
  6. Pass – File system check at boot time by the fsck utility. Zero will disable the file system check and for the root file system it should be set to 1 and for other partitions, it should be set to 2.

Each filesystem is described on a separate line. Fields on each line are separated by tabs or spaces.

Let’s see about these six parameters in detail.

1. File System

In the first column of fstab, you need to point to which partition you are going to mount. Either you can use a block device name like /dev/sda* or use the UUID.

When you create a file system on top of any partitioned drive using the mkfs command there will be a UUID created for that particular partition.

Let’s say you created a new partition and it is sdb1. In this case, your fstab will be as follows.

/dev/sdb1 /home ext4 defaults 0 0
Mount using names
Mount using names

To get the block id for any file system run the following command.

$ blkid                # Print info about all fs.
$ blkid /dev/sdb1      # Print info about given fs alone.

Now using this block id you can mount the file system as shown in the below image.

Mount using UUID
Mount using UUID

2. Mount Point

In the second column, you have to specify the mount point directory. Mount point refers to the directory in the file system where your partitioned drive will be mounted.

As you see in the below image, each partition is mounted under a different directory. For example, the partition /dev/sdb1 is dedicated to the home directory and mounted under /home.

Mount point
Mount point

Let’s say you created a new partition with 100GB size and with EXT4 as partition type. The fstab entry will be as follows. Here /mnt/data1 is the mount point.

UUID=xxxx-xxx-xxx /mnt/data1/ ext4 defaults 0 0

Or

/dev/sdb2 /mnt/data1/ ext4 defaults 0 0

3. Filesystem Type

Here you will mention the file system type(EXT2, EXT3, EXT4, XFS, VFAT, SWAP, etc.). If you want to know the file system type for a block device, use blkid or lsblk command.

$ lsblk -f /dev/sdb1
NAME FSTYPE LABEL UUID                                 MOUNTPOINT
sdb1 ext4         365c64d7-4d65-4cdf-8ce1-0def8bb41997 /home
$ blkid /dev/sdb1
/dev/sdb1: UUID="365c64d7-4d65-4cdf-8ce1-0def8bb41997" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="8f174339-01"
Filesystem type
Filesystem type

4. Mount Options

This is an important column where you will pass mount options for the file system. There are a lot of mount options that can be used. For normal usage using the default option is enough. The option default points to the combination of seven (rwsuiddevexecautonouser, and async) options.

Let’s see what the default option does.

  • rw – This tells the file system to be mounted in read-write mode. When an error occurs you can make the file system to be mounted in read-only mode by using the option errors=remount-ro.
  • suid – Any operation related to suid and sgid will be allowed through this option.
  • dev – It will interpret character and block devices on the file system. If you do not wish to interpret characters and block devices you can use nodev option explicitly.
  • exec – From the file system you can execute the binaries by setting the exec option. Opposite to this, you can use the noexec option to not execute binaries from the file system.
  • auto – This option is responsible for auto mounting the file system during the boot time or whenever you run the mount -a command from the terminal. Opposite to this, there is noauto option that will only allow to mount the file system individually.
  • nouser – Only a superuser can mount the file system. You can also use “user” and “users” options which can set the ordinary user to mount and unmount the file system.
  • async – All the IO operations should be done asynchronously. If you use the option “sync” the IO operation will be done synchronously.

Depending upon the requirement you may need to use different options. If you have any existing production server in your environment, I suggest you take a look at the fstab file which will give you a good idea about what are the mount options used.

Mount options
Mount options

5. Dump

This column is specific for backup purposes. When it is set to 1, the dump utility will take backups. This is an obsolete feature now as it was originally designed to take backups in tapes for older file systems.

It is recommended to set it to zero.

Dump column in fstab
Dump column in fstab

6. Pass

During boot time the fsck utility will do a file system check based on the value we provide in the sixth column. If you set the value to zero or leave it empty, the file system check will be disabled.

The root file system should always be specified to the value 1. For other file systems, you can set the value to 2. Since I am using VM for the demonstration, I have set all the values to zero.

Pass column in fstab
Pass column in fstab

If you made any mistake in the fstab file and when you reboot the machine it will go into emergency mode. In emergency mode, there will be no network interface so you have to debug directly in the console.

Emergency mode
Boot into Emergency mode

You have to type the root password to enter into the emergency mode. Run the following command and scroll slowly to see for error messages. In my case, I intentionally removed the separator (/) in /dev/sdb1.

Fix Boot problems related to Fstab file
Fix Boot problems related to Fstab file

In emergency mode, if the file system is mounted in read-only mode then you have to mount in rw mode and edit the fstab file to fix the problem. To remount the file system in rw mode run the following command.

$ mount -o rw,remount /

Now edit the fstab to fix the error and reboot the machine. Now your machine should be able to boot properly.

$ reboot

To avoid the issues during boot time, you can run the mount command after adding the fstab entries.

Take a look at the below image where I have added a new entry for /dev/sdb2. I have not specified the file system type so it will throw me an error when I run the mount command.

Filesystem type error
Filesystem type error
$ mount -a
mount: /mnt: unknown filesystem type 'defaults'.

What is a Mtab File?

When you run the mount command without passing any arguments it prints the list of mounted file systems.

$ mount

There is also a file called mtab in the /etc/ directory. When you look at /etc/mtab, it will be exactly the same as the output of the mount command.

Let’s see what the man page has to say about the mtab file.

What is mtab file
What is mtab file

The /etc/mtab file is symlinked to mounts in the proc file system. If you run the mount or umount command the result will be updated in mounts.

$ ls -ln /etc/mtab
lrwxrwxrwx 1 0 0 19 Jan 9 17:45 /etc/mtab -> ../proc/self/mounts

To summarize the difference between fstab and mtab, fstab is used to mount the file system during the boot time and mtab is used to display the list of file systems mounted.

If /etc/mtab file is corrupted or deleted by accident, you can regenerate it by using the following command.

$ sudo sh -c 'grep -v rootfs /proc/mounts > /etc/mtab'

Conclusion

In this article we have discussed what is fstab and mtab and how it is important for the system to store and read the partition information during boot time. We also discussed what happens when there is a mistake made in the fstab file.

How to Pass-through PCIe NICs with Proxmox VE on Intel and AMD

Proxmox VE Web GUI Pick NIC To Pass Through
Proxmox VE Web GUI Pick NIC To Pass Through

A quick one today is the super-simple tutorial for getting NICs passed through to virtual machines on Promxox VE. Passing-through NICs avoid the hypervisor overhead and also can help with compatibility issues using virtual NICs and some firewall appliances like pfSense and OPNsense. The downside is that unless the NICs support SR-IOV, they most likely will not be shared devices in this configuration.

Step 1: BIOS Setup

The first thing one needs to do is to turn on the IOMMU feature on your system. For this, the CPU and the platform need to support the feature. These days, most platforms will support IOMMU, but some older platforms do not. On Intel platforms, this is called “VT-d”. That stands for Intel Virtualization Technology for Directed I/O (VT-d.)

Enable Intel VT D To Get IOMMU Working
Enable Intel VT D To Get IOMMU Working

On AMD platforms you will likely see AMD-Vi as the option. Sometimes in different system firmware, you will see IOMMU. These are the options you want to enable.

Of course, since this is Proxmox VE, you will want to ensure your basic virtualization is on as well while you are in the BIOS. Also, since it is going to likely be a main focus for people using this guide, if you are making a firewall/ router on the machine, we usually suggest setting the On AC Power setting to “Always on” or “Last state” so that in the event of a power failure, your network comes up immediately.

Next, we need to determine if we are using GRUB or systemd as the bootloader.

Step 2: Determine if you are Using GRUB or systemd

This is a newer step, but if you install a recent version of Proxmox VE, and are using ZFS as the root (this may expand in the future) you likely are using systemd not GRUB. After installation, use this command to determine which you are using:

efibootmgr -v

If you see something like “File(\EFI\SYSTEMD\SYSTEMD-BOOTX64.EFI)” then you are using systemd, not GRUB.

Another giveaway is when you boot, if you see a blue screen with GRUB and a number of options just before going into the OS, then you are using GRUB. If you see something like this, you are using systemd:

Proxmox VE Systemd Boot Menu
Proxmox VE Systemd Boot Menu

This is important because many older guides are using GRUB, but if you are using systemd, and follow the GRUB instructions, you will not enable IOMMU needed for NIC pass-through.

Step 3a: Enable IOMMU using GRUB

If you have GRUB, and most installations today will, then you will need to edit your configuration file:

nano /etc/default/grub

For Intel CPUs add quiet intel_iommu=on:

GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"

For AMD CPUs add quiet amd_iommu=on:

GRUB_CMDLINE_LINUX_DEFAULT="quiet amd_iommu=on"

Here is a screenshot with the intel line to show you where to put it:

Proxmox VE Nano Grub Quiet Intel Iommu On
Proxmox VE Nano Grub Quiet Intel Iommu On

Optionally, one can also add IOMMU PT mode. PT mode improves the performance of other PCIe devices in the system when passthrough is being used. This works on Intel and AMD CPUs and is iommu=pt. Here is the AMD version, of what would be added, and we will have an Intel screenshot following:

GRUB_CMDLINE_LINUX_DEFAULT="quiet amd_iommu=on iommu=pt"

Here is the screenshot of where this goes:

Proxmox VE Nano Grub Quiet Intel Iommu On Iommu Pt
Proxmox VE Nano Grub Quiet Intel Iommu On Iommu Pt

Remember to save and exit.

Now we need to update GRUB:

update-grub

Now to go Step 4.

Step 3a: Enable IOMMU using systemd

If in Step 2 you found you were using systemd, then adding bits to GRUB will not work. Instead, here is what to do:

nano /etc/kernel/cmdline

For Intel CPUs add:

quiet intel_iommu=on

For AMD CPUs add:

quiet amd_iommu=on

Here is a screenshot of where to add this using the Intel version:

Proxmox VE Systemd Quiet Intel_iommu=on
Proxmox VE Systemd Quiet Intel_iommu=on

Optionally, one can also add IOMMU PT mode. This works on Intel and AMD CPUs and is iommu=pt. Here is the AMD version, of what would be added, and we will have an Intel screenshot following:

quiet amd_iommu=on iommu=pt

Here is the Intel screenshot:

Proxmox VE Systemd Quiet Intel_iommu=on Iommu=pt
Proxmox VE Systemd Quiet Intel_iommu=on Iommu=pt

Now we need to refresh our boot tool.

proxmox-boot-tool refresh

Now go to Step 4.

Step 4: Add Modules

Many will immediately reboot after the above is done, and it is probably a good practice. Usually, I like to add modules just to save time. If you are more conservative, reboot, then do this step. Next, you will want to add modules by editing:

nano /etc/modules

In that file you will want to add:

vfio
vfio_iommu_type1
vfio_pci
vfio_virqfd

Here is what it should look like:

Proxmox VE NIC Pass Through Etc Modules Additions
Proxmox VE NIC Pass-Through Etc Modules Additions

Next, you can reboot.

Step 5: Reboot

This is a big enough change that you will want to reboot next. With PVE, a tip we have is to reboot often when setting up the base system. You do not want to spend hours building a configuration then find out it does not boot and you are unsure of why.

We will quickly note that we condensed the above a bit for more modern systems. If something fails in the verify step below, you may want to reboot before adding modules instead, and also not turn on PT mode before rebooting.

Step 7: Verify Everything is Working

This is the command you will want to use:

dmesg | grep -e DMAR -e IOMMU

Depending on the system, which options you have, and so forth, a lot of the output is going to change here. What you are looking for is the line highlighted in the screenshot DMAR: IOMMU enabled:

Proxmox VE IOMMU Enabled
Proxmox VE IOMMU Enabled

If you have that, you are likely in good shape.

Step 7: Configure Proxmox VE VMs to Use NICs

For this, we are using a little box very similar to the Inexpensive 4x 2.5GbE Fanless Router Firewall Box Review. It is essentially the same, just a different version of that box. One of the nice features is that each NIC is its own i225-V and we can pass through each individual NIC to a VM. Here is a screenshot from an upcoming video we have:

Proxmox VE Web GUI Pick NIC To Pass Through
Proxmox VE Web GUI Pick NIC To Pass-Through

In the old days, adding a pass-through NIC to a VM was done via CLI editing. Now, Proxmox pulls the PCIe device ID and then also the device vendor and name. This makes it very easy to pick NICs in a system. One point that is nice about many of the onboard NICs is that the physical ordering as the NICs are labeled on the system should mean that we have sequential MAC addresses and PCIe IDs. In the above 0000:01:00.0 is the first NIC (ETH0). The device 0000:02:00.0 is the second, and so forth.

Hunsn 4 Port 2.5GbE I225 Intel J4125 Firewall Box NIC Ports
Hunsn 4 Port 2.5GbE I225 Intel J4125 Firewall Box NIC Ports

At this point, you are already done. You can see we have this working on both OPNsense and pfSense and the process is very similar. The nice thing is that by doing this, pfSense/ OPNsense have direct access to the NICs instead of using a virtualized NIC device.

A Few Notes on IOMMU with pfSense and OPNsense

After these NICs are assigned there are a few key considerations that are important to keep in mind:

  • Using a pass-through NIC will make it so the VM will not live migrate. If a VM expects a physical NIC at a PCIe location, and it does not get it, that will be an issue.
  • Conceptually, there is a more advanced feature called SR-IOV that allows you to pass through a NIC to multiple devices. For lower-end i210 and i225-V NICs that we commonly see in pfSense and OPNsense appliances, you will be conceptually dedicating the NIC to the VM. That means, another VM cannot use the NIC. Here is an example where we have the pfSense VM (600) using a NIC that is also assigned to the OPNsense NIC. We get an error trying to start OPNsense. The Proxmox VE GUI will allow you to configure pass-through on both VMs if they are off, but only one can be on and active with the dedicated NIC at a time.
Proxmox VE Web GUI NIC Being Assigned To A Second VM
Proxmox VE Web GUI NIC Being Assigned To A Second VM for OPNsense when it is already assigned to pfSense
  • Older hardware may not have IOMMU capabilities. Newer hardware has both IOMMU and ACS, so most newer platforms make it easy to separate PCIe devices and dedicate them to VMs. On older hardware, sometimes how PCIe devices are grouped causes issues if you want to, as in this example, pass-through NICs separately to different VMs.
  • You can utilize both virtual NICs on bridges along with dedicated pass-through NICs in the same VM.
  • At 1GbE speeds, pass-through is not as big of a difference compared to using virtualized NICs. At 25GbE/ 100GbE speeds, it becomes a very large difference.
  • When we discuss DPUs, one of the key differences is that the DPU can handle features like bridging virtual network ports to physical high-speed ports and that happens all on the DPU rather than the host CPU.
  • This is an area where it takes longer to setup than a bare-metal installation, and it adds complexity to a pfSense or OPNsense installation. The benefit one gets is that doing things like reboots is usually much faster in the virtual machine. One can also snapshot the pfSense or OPNsense image in the event one makes a breaking change.
  • We suggest having at least one more NIC in the system for Proxmox VE management and other VM features. If one uses pass-through for all NICs to firewall VMs, then there will not be a system NIC.

How To Create Proxmox Containers From Proxmox Web UI Dashboard

Create And Manage Linux Containers From Proxmox VE Web Dashboard

In this tutorial, we will discuss a brief overview about Linux containers and its use cases. Then we will move on to see how to list available container templates from Proxmox web dashboard, download a container template and finally create Proxmox containers using the downloaded container template from Proxmox dashboard.

If you haven’t installed Proxmox VE yet, refer the following guides.

What Is A Linux Container?

Linux Container (shortly LXC) is an OS-level virtualization method for running multiple isolated applications sharing an underlying Linux kernel. To put this in other words, Containers will use the same kernel of host system that they run on.

A container consists of one or more processes (generally running with reduced privileges) having shared visibility into kernel objects and a common share of host resources.

Shared visibility into kernel objects is governed by namespaces, which prevent processes in one container from interacting with kernel objects, such as files or processes, in an other container.

Resource allocation is governed by cgroups (control groups), provided by the kernel to limit and prioritize resource usage. An LXC container is a set of processes sharing the same collection of namespaces and cgroups.

Containers are very useful to develop, deploy, and test modern distributed apps and microservices that can operate in isolated execution environments on same host systems.

Containers are in high demand because they are lightweight alternatives to fully virtualized machines (VMs). The operating and running costs of containers are very low when compared to VMs.

Create Proxmox Containers From Proxmox Web Dashboard

Proxmox uses Linux Containers (LXC) as its underlying container technology.

We can create and containers from Proxmox VE graphical web user interface (GUI) or from commandline using Proxmox Container Toolkit (pct).

In this tutorial, we will see how to create and manage Proxmox containers from Proxmox web dashboard.

Step 1 – Login To Proxmox Web User Interface

Open the web browser and navigate to https://proxmox-IP-address:8006/ URL. You will be pleased with the Proxmox login page. Enter the username (root) and its password.

Login To Proxmox Web Dashboard
Login To Proxmox Web Dashboard

Step 2 – Download Container Images

Container images (also known as templates, or appliances) is a tar archive that is bundled with everything to run a container.

Proxmox provides various templates for popular Linux distributions. As of writing this guide, you can download the Container templates for the following Linux distributions from Proxmox VE official repositories.

  • Alpine Linux
  • Arch Linux
  • CentOS / CentOS Stream / AlmaLinux / Rocky Linux
  • Debian
  • Devuan
  • Fedora
  • Gentoo
  • openSUSE
  • Ubuntu

You can also download various ready-made appliances from Turnkey Linux website.

Turnkey Linux is an open source project that developing a free virtual appliance library that features the very best server-oriented open source software. Each virtual appliance is optimized for ease of use and can be deployed in just a few minutes on bare metal, a virtual machine and in the cloud.

For the purpose of this guide, i am going to use Debian 11 standard template.

Click on the small arrow button besides your Proxmox host name to expand it. And click on the storage named ‘local‘. You will see the following screen.

Click On Storage 'local' On Proxmox  System
Click On Storage ‘local’ On Proxmox System

Click on ‘CT Templates’ option and then click ‘templates’ button.

Click On CT Templates Option
Click On CT Templates Option

You can also click ‘Upload’ button to upload an already downloaded template or choose ‘Download from URL’ button to download the template from a specific URL. I don’t have any templates on my local disk, so I chose ‘Templates’ button.

Choose the Container template of your choice and hit Download button.

Download Debian Container Template
Download Debian Container Template

Now the selected the template will be downloaded and saved on /var/lib/vz/template/cache/ directory in your Proxmox host.

Once the template is downloaded, click the close button.

Debian Template Downloaded
Debian Template Downloaded

You will now see the list of downloaded templates under ‘CT Templates’ section.

Available Container Templates In Proxmox
Available Container Templates In Proxmox

Now it is time to create the containers using a downloaded template.

Step 3 – Create Proxmox Container

Right click on the Proxmox node and click “Create CT“. In my case, pvedebian is the name of my Proxmox host.

Create Proxmox Container
Create New Proxmox Container

Enter the name of the container and password for the ‘root’ user. You should not use underscore or space or any special characters for the hostname. Click Next to continue.

Enter Container Hostname And Root Password
Enter Container Hostname And Root Password

Choose the Container template from the ‘Template’ drop-down box and click Next.

Choose Container Template
Choose Container Template

Enter the disk size for the new container and click Next.

Enter Disk Size For Container
Enter Disk Size For Container

Choose the number of cores and click Next.

Enter Number Of Cores For Container
Enter Number Of Cores For Container

Enter the RAM size for your Container and click Next.

Enter RAM Size For Container
Enter RAM Size For Container

Enter the IP address and gateway for your container and click Next. Here, the gateway is optional. You can can enter gateway if you want to let the Container to talk to other Containers in the network.

Also, keep in mind that the gateway must be your network bridge’s (vmbr0) IP address and the IP address of the Container should be within the same subnet. For instance, if the IP address of the network bridge is 192.168.1.101, the IP address of the Container should be 192.168.1.x/24. Also you must mention the subnet mask along with the IP address (E.g. 192.168.1.15/24) as well.

Enter IP Address And Gateway For Container
Enter IP Address And Gateway For Container

Enter the public DNS server (E.g. 8.8.8.8) if you want to let your container to connect to Internet. Make sure you have typed the DNS in the correct field.

Enter DNS Server IP For Container
Enter DNS Server IP For Container

Review the settings/options and if you’re OK with it, click Finish button to create the Proxmox Container.

Review Container Settings
Review Container Settings

Upon successful container creation, you will the ‘TASK OK’ message in the output.

Proxmox Container Is Created Successfully
Proxmox Container Is Created Successfully

Close the dialog box and the newly created Proxmox container is listed under your Proxmox node on the left pane.

In the following screenshot, you see the container named ‘debian11ct’ with container ID ‘100’ under ‘pvedebian’ node.

Click on the Container to view the summary of it.

Container Summary
Container Summary

In the Summary section, you can view the Container’s uptime, cpu usage, memory usage, network traffic, and disk I/O etc.

You can also configure or change the various parameters (E.g. Access Console, Network, DNS, Firewall, Snapshot, Backup etc.) from the center pane.

Configure Container Parameters
Configure Container Parameters

Step 4 – Start Containers

To start a Container, just click on its name and then click ‘Start’ button on the top right corner.

Start A Proxmox Container
Start A Proxmox Container

Step 5 – Access Console Of Containers

To access the console screen of a running Container, click the ‘Console’ action button on the top right corner.

Access Proxmox Console
Access Proxmox Console

The console of the running Container will open in a separate browser window. Enter the user name (i.e. root) and its password to login to the Container’s console.

Proxmox Container Console
Proxmox Container Console

Even if you close this browser window, the Container remains running in the background.

Did you notice the output of uname command in the above screenshot? It shows the same Kernel version of the Proxmox host, because Containers user the same underlying Kernel of the Proxmox hosts.

Step 6 – Shutdown/Reboot/Stop Containers

You can shutdown or reboot or pause/resume a running container using the respective action buttons on the top.

Shutdown, Reboot, Stop Container
Shutdown, Reboot, Stop Container

Step 7 – Clone Containers

Shutdown the Container if it is running. Click on the ‘More’ drop-down action button on the top and then choose ‘Clone’ option to clone the Container.

Clone Container
Clone Container

Enter the name to the clone, choose the target storage location. Leave as is if you want to save it in the default location. Click Clone button to start cloning.

Enter Cloned Container Details
Enter Cloned Container Details

Step 8 – Remove Containers

First, make sure the container is powered off. Click on the ‘More’ drop-down button and choose ‘Remove’ option to delete the Container.

Remove Container
Remove Container

Conclusion

In this comprehensive guide, we have discussed how to create Proxmox containers from Proxmox Web user interface. We also looked at how to do basic container management actions such as starting, stopping, deleting and cloning Containers.

Reverting Thin-LVM to “old” Behavior of /var/lib/vz (Proxmox 4.2 and later)

If you installed Proxmox 4.2 (or later), you see yourself confronted with a changed layout of your data. There is no mounted /var/lib/vz LVM volume anymore, instead you find a thin-provisioned volume. This is technically the right choice, but one sometimes want to get the old behavior back, which is described here. This section describes the steps to revert to the “old” layout on a freshly installed Proxmox 4.2:

  • After the Installation your storage configuration in /etc/pve/storage.cfg will look like this:
dir: local
        path /var/lib/vz
        content iso,vztmpl,backup

lvmthin: local-lvm
        thinpool data
        vgname pve
        content rootdir,images
  • You can delete the thin-volume via GUI or manually and have to set the local directory to store images and container aswell. You should have such a config in the end:
dir: local
        path /var/lib/vz
        maxfiles 0
        content backup,iso,vztmpl,rootdir,images
  • Now you need to recreate /var/lib/vz
root@pve-42 ~ > lvs
  LV   VG   Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  data pve  twi-a-tz-- 16.38g             0.00   0.49
  root pve  -wi-ao----  7.75g
  swap pve  -wi-ao----  3.88g

root@pve-42 ~ > lvremove pve/data
Do you really want to remove active logical volume data? [y/n]: y
  Logical volume "data" successfully removed

root@pve-42 ~ > lvcreate --name data -l +100%FREE pve
  Logical volume "data" created.

root@pve-42 ~ > mkfs.ext4 /dev/pve/data
mke2fs 1.42.12 (29-Aug-2014)
Discarding device blocks: done
Creating filesystem with 5307392 4k blocks and 1327104 inodes
Filesystem UUID: 310d346a-de4e-48ae-83d0-4119088af2e3
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
  • Then add the new volume in your /etc/fstab:
/dev/pve/data /var/lib/vz ext4 defaults 0 1
  • Restart to check if everything survives a reboot.

You should end up with a working “old-style” configuration where you “see” your files as it was before Proxmox 4.2

Enable Proxmox No-subscription Repository

You don’t need a license key to use the Proxmox No-subscription repository. It is suitable for home labs users, testing purpose and non-production use.

To enable Proxmox No-subscription repository, edit /etc/apt/sources.list file:

# nano /etc/apt/sources.list

And add the following lines:

deb http://ftp.debian.org/debian bullseye main contrib

deb http://ftp.debian.org/debian bullseye-updates main contrib

# security updates
deb http://security.debian.org bullseye-security main contrib

# PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription

Finally, update the repository list:

$ sudo apt update

$ apt full-upgrade

Samba & Bonjour with Avahi

Okay, so you have a shiny new Linux box, and it’s running Samba, all nice and configured to share your files.  You have a Mac, and you want to use it with your nifty new Windows shares.  You can connect with Command-K in the finder, but it doesn’t show up in Finder under the Shared section.

You need Avahi.

I won’t bother going into the details of configuring Samba.  If you’ve not gotten that far, there are some pretty good resources out on the ‘net that will tell you how.  Where interacting with Bonjour is concerned, however, most of the references I found were flat wrong with modern OS X and Samba.

To make this work, the steps are simple (I’m running Ubuntu 12.04, so you may have to adjust accordingly for your Linux distro of choice).  The first step is to install Avahi:

root@core:/# apt-get install avahi-daemon avahi-utils

When this command completes, you’ll essentially have Bonjour running on your Linux box.  This has a number of advantages, most notably that you can now log into the thing by hostname (eg. core.local for my machine) without having to configure DNS.  But it still won’t allow you to browse shares in Finder; for that, you need a bit of configuration.

And so we move to step 2: create a file in /etc/avahi/services called smb.service, and place the following content in it:

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
 <name replace-wildcards="yes">%h</name>
 <service>
   <type>_smb._tcp</type>
   <port>445</port>
 </service>
 <service>
   <type>_device-info._tcp</type>
   <port>0</port>
   <txt-record>model=RackMac</txt-record>
 </service>
</service-group>

Upon saving it, your new Linux box will happily appear in the Finder sidebar, and should all work.  You don’t even need to restart Avahi; it’ll pick up the new service file automagically.

There are other references out there for how to do this, but they all use port 139 – which doesn’t work.  I haven’t a clue when Microsoft changed the port number, but whatever; I don’t really care.  I have finder browsing goodness, so I’m happy.

How to Check Open Ports in Linux?

Which ports are occupied by which service? How many open ports are there? Learn to scan for open ports on your Linux system or any remote system.Table of Contents

  1. Method 1: Checking open ports in the currently logged in Linux system using lsof command
  2. Method 2: Checking ports on any remote Linux server using the netcat command
  3. Conclusion

Whether you are using Linux as a server or desktop, knowing open ports or ports in use can be helpful in a variety of situations.

For example, if you are running an Apache or Ngnix based web server, the port in use should be 80 or 443. Checking the ports will confirm that. Similarly, you can check which port is being used by SMTP or SSH or some other services. Knowing which ports are in use can be helpful while allocating the ports to a new service.

You may also check if there are open ports for intrusion detection.

There are various ways for checking ports in Linux. I’ll share two of my favorite methods in this quick tip.

Method 1: Checking open ports in the currently logged in Linux system using lsof command

If you are logged into a system, either directly or via SSH, you can use the lsof command to check its ports.

sudo lsof -i -P -n

This lsof command is used to find the files and processes used by a user. The options user here are:

  • -i: If no IP address is specified, this option selects the listing of all network files
  • -P: inhibits the conversion of port numbers to port names for network files
  • -n: inhibits the conversion of network numbers to host names for network files
Checking open ports in Linux

But, this also shows us a lot of extra ports that the computer does not actually listen to.

You can just pipe this output to the grep command and match the pattern “LISTEN”, like this:

sudo lsof -i -P -n | grep LISTEN

This will only show the ports that our computer is actively listening to and also which service is using said open port.

Method 2: Checking ports on any remote Linux server using the netcat command

nc (Netcat) is a command line utility that read and writes data between computers over network using the TCP and UDP protocols.

Given below is the syntax for nc command:

nc [options] host port

This utility has a nifty -z flag. When used, it will make nc scan for listening daemons without actually sending any data to the port.

Combine this with the -v flag, enabling verbosity, you can get a detailed output.

Below is the command you can use to scan for open ports using the nc command:

nc -z -v <IP-ADDRESS> 1-65535 2>&1 | grep -v 'Connection refused'

Replace IP-ADDRESS with the IP address of the Linux system you are checking the ports for.

As for why I selected values 1 to 65535, that is because the port range starts from 1 and ends at 65535.

Finally, pipe the output to the grep command. Using the -v option, it excludes any line that has “Connection refused” as a matched pattern.

This will show all the ports that are open on the computer which are accessible by another machine on the network.

Conclusion

Of the two methods, I prefer the lsof command. It’s quicker than nc command. However, you need to be logged into the system and have sudo access for that. In other words, lsof is more suitable a choice if you are managing a system.

The nc command has the flexibility of scanning ports without being logged in.

Both commands can be used for checking open ports in Linux based on the scenario you are in. Enjoy.TipsSHARE

Setting Up Your Local Web Server on macOS Big Sur 11.0.1 (2020)| MAMP Setup on mac | macOS, Apache, MySQL, PHP

Apple released its 2020 newest macOS Big Sur on November 12, 2020. It is a time of the year again that you might need to reconfigure your macOS if you are upgrading from the macOS Catalina. Or if you have a new macOS, follow the below steps to enable your local web server on macOS Big Sur (version 11.0.1)

NOTE: For macOS 12 Monterey, please check out the How to Setup MAMP (MacOS, Apache, MySQL, PHP) on macOS12 Monterey (2021)

Table of Contents

Start the Apache Server

macOS comes with Apache Server by default. To start the built-in Apache server, open the Terminal app from your Application folder or type Terminal in the Spotlight Search (shortcut: Command + Space Bar)

Type sudo apachectl start and press enter

Open any of your favorite browser (e.g. Safari, Chrome)

Type localhost or 127.0.0.1 in the address bar

If Apache Server is started, you should see the below:

Create Sites Directory

It is recommended to create a Sites directory under username folder (username is your mac login name) This directory will be your document root for any web-related stuff.

  1. Go to Mac HDD > Users > [your account folder]
  2. Create a folder with the name Sites. When the folder is created, it will generate a folder with a compass image on the folder as you can see from the below screenshot.

Create username.conf file

To be able to recognize the files putting into Sites directory, username.conf needed to be setup.

1. Type whoami and press enter. (Note down the name. this is your account name / username) For example, if your username is developer, we will be making a .conf file with the name of developer.conf under /etc/apache2/users

2. Type cd /etc/apache2/users and press enter.

3. Type ls and press enter. Check if there is an existing username.conf file (username is your account name)

4. If there is an existing username.conf, make a backup copy by typing sudo cp username.conf username.conf.bak

5. Type sudo nano username.conf and press enter (note: username will be your account name e.g. developer.conf)

6. Copy and paste the following configuration.

<Directory "/Users/developer/Sites/">
AllowOverride All
Options Indexes MultiViews FollowSymLinks
Require all granted
</Directory>

7. Press Control + o and press enter to save the file.

8. Press Control + x to exit the nano editor.

Configure the httpd.conf file

1. Open the Terminal app from your Application folder or type Terminal in the Spotlight Search (shortcut: Command + Space Bar)

2. Type cd /etc/apache2 and press enter.

3. Type sudo cp httpd.conf httpd.conf.bak and press enter. (This step is optional if you want to keep the copy of the original config file but I would recommend keeping one just in case.)

4. Type sudo nano /etc/apache2/httpd.conf and press enter.

5. Press control + w and type LoadModule authz_core_module and press enter. (control + w will activate the search and it will look for a line with the keyword you put in)

Uncomment the following modules. The # you see in front of each line means that line is commented out. That means that a specific line or module on that line will be ignored. What we want to do is, uncomment this so the module is enabled.

6. Use control + w to find each of the modules below.

LoadModule authn_core_module libexec/apache2/mod_authn_core.so
LoadModule authz_host_module libexec/apache2/mod_authz_host.so
LoadModule userdir_module libexec/apache2/mod_userdir.so
LoadModule include_module libexec/apache2/mod_include.so
LoadModule rewrite_module libexec/apache2/mod_rewrite.so

7. Uncomment the following line for the User home directories.

Include /private/etc/apache2/extra/httpd-userdir.conf

8. Replace the below two lines with your username document root. (You can comment on those two lines by putting # in front of them.

DocumentRoot "/Library/WebServer/Documents"
<Directory "/Library/WebServer/Documents">

9. Replace with the following:

Note: USERNAME needs be replaced with your username (e.g. developer)

DocumentRoot "/Users/USERNAME/Sites/"
<Directory "/Users/USERNAME/Sites/">

10. Press control + w and type AllowOverride None then enter

Replace AllowOverride None to AllowOverride All

Your DocumentRoot configuration in httpd.conf will look like below:

DocumentRoot "/Users/developer/Sites/"
<Directory "/Users/developer/Sites/">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options FollowSymLinks Multiviews
    MultiviewsMatch Any

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

11. Press control + o and press enter to save the file.

12. Press control + x to exit the nano editor.

Configure the httpd-userdir.conf file

1. Type cd /etc/apache2/extra and press enter.

2. Type sudo cp httpd-userdir.conf httpd-userdir.conf.bak and press enter. (this step is optional if you want to keep the copy of original file.)

3. Type sudo nano httpd-userdir.conf and press enter.

Uncomment the following line.

Include /private/etc/apache2/users/*.conf

4. Press control + o and press enter to save the file.

5. Press control + x to exit the nano editor.

6. Type sudo apachectl restart (this step will restart the Apache server to take effect of the changes made in the config file)

Enable the PHP

macOS has built-in PHP (at least in Big Sur and prior versions) You just need to enable the PHP from the Apache’s config file. Follow the below steps to do so.

1. Open the Terminal app from your Application folder or type Terminal in the Spotlight Search (shortcut: Command + Space Bar)

2. Type cd /etc/apache2 and press enter.

3. Type sudo nano /etc/apache2/httpd.conf and press enter.

4. Press control + w and type php (this will search for a line with keyword php in Apache’s config file.)

You should be seeing the following line. Uncomment the LoadModule php7_module libexec/apache2/libphp7.so by removing the # in the front of that line of code.

5. Press control + o and press enter to save the file.

6. Press control + x to exit the nano editor.

7. Type sudo apachectl restart (this step will restart the Apache server to take effect of the changes made in the config file)

Create a phpinfo() page

To try out the PHP is working on your local mac web server, create a phpinfo() file and load it on the browser.

1. Open the Terminal app from your Application folder or type Terminal in the Spotlight Search (shortcut: Command + Space Bar)

2. Type cd ~/Sites/ and press enter.

3. Type sudo nano phpinfo.php and press enter. (this will bring up the nano editor with blank screen since the phpinfo.php is newly created file and has no code at this point)

4. Put the following code.

<?php phpinfo(); ?>

5. Press control + o and press enter to save the file.

6. Press control + x to exit the nano editor.

7. Open a browser and type the following in the address bar.

http://localhost/~developer/phpinfo.php

You should be seeing a page something like below. This means, the PHP is working on your local mac server.

Setting Up the MySQL Server

To be able to use a local database, you need to install a database server. In this case, we will be installing the MySQL Server. Follow the below steps to setup your MySQL Server on your local macOS.

  1. Go to https://dev.mysql.com/downloads/mysql/

2. Download the installer with DMG file.

3. Double click the MySQL server installer.

Follow the instructions on the Installer.

If above message shows up, click Allow.

Select Use Strong Password Encryption

Setup a password for “root” user and click Finish to complete the setup.

Once the installation is complete, you can move the installer to the trash.

Now, if you go to System Preferences, you should be seeing MySQL.

If you check, it should have the green indicator showing it is up and running.

If you need to setup a MySQL Workbench, you can refer to Using MySQL Workbench on macOS Catalina (2019)

If you are using macOS Catalina, check out Setting Up Your Local Server on macOS Catalina (2019) – MAMP – macOS, Apache, MySQL, PHP to setup your mac local web server.

Latest Post

Feel free to share this post!