Sunday, October 11, 2015

Dev VM for AWS and Github on Mac with VMWare Fusion

Why?

Have you ever been working on a project and had something go so awry with your environment than you had to rebuild your machine?

Perhaps your dilemma was not so extreme, but something happened where you wished you could roll back your code and it was not just your code changes you wanted to roll back.

Although we cannot count 100% on a VM protecting our base machine, a VM does provide some level of protection when downloading 3rd party and open source software for testing.

Perhaps you want a different VM set up for different client projects.

If you don't want software going out to the Internet once installed, you can lock down your VM to only be accessible from your host, and restrict access to the Internet at large.

Do you want to give developers a VM that has all the tools they need pre-configured to save time getting people up and running?

Basically...a VM allows us to set up an environment and create clones of that environment as needed so we don't have to start over from scratch. You can also take snapshots as you develop so can roll back your entire VM as needed if you are playing around with changes to the VM configuration itself.


Why not?

Running in a VM may slow down your development to some degree vs. running directly on the host machine.

VMs may not always have access to the underlying resources for testing and profiling code accurately - however some settings can be changed. The solution here may be development on one machine, testing and code profiling on another.

There are probably other good reasons why you might not want a developer VM but overall they are pretty handy.


VMWare Fusion on a Mac running Fedora VM + Eclipse

For this example I'm going to set up a Fedora Linux VM on a Mac using VMWare Fusion with Eclipse. Below are the steps, some gotchas, and some security tips. VMWare Fusion is the Mac Version of VMWare's Windows products. You could follow similar steps if using Windows version and you could install other tools that you prefer using this same approach. 


Good to Know...

Terminal - To get to the terminal window in Fedora Linux click on “Activities” and type “Terminal” in the search box.

New terminal window - crtl-shift-t to get new terminal window in new tab

Browser - To get to a browser type on “Activities” then the Firefox/Mozilla icon.

sudo - For any commands below you may have to add “sudo” or execute them as root if that is not specified. By default the user I created was not in the sudoers file so I add that user below. 

Escaping the VM - The apple command button (with the flowery icon) and tab at the same time gets you out of the VM window if you seem to be stuck in it.

Customized hard disk & memory - I had problems changing VM settings (hard disk, memory) after the fact. Best to set them up front if possible.

Take snapshots! -  Take snapshots as you go so you can revert to a known good snapshot if needed or start over from a particular snapshot. If you revert to a snapshot, take another snapshot because you will lose the snapshot you revert to when you use it.

Networking -- The biggest difference using VMWare Fusion on Macs that I have found vs. Windows VMWare products has been networking, which seems to be temperamental.  I have to fiddle with the Network Adaptors at times as explained below. On Windows it is easier to select and basically hard code the network adaptor you want to use in bridged mode which usually resolves network problems.

Security -- A VM is just a file. VMS have been hacked by altering the VM file on a machine. If you are storing sensitive data on a VM protect it appropriately. Protect your VM files appropriately. Also make sure your networking is set up appropriately depending on your security rules. If you are on a VM your connections may or may not be going over your VPN, if you have one, depending on how you have things configured. Make sure you understand what's going on with your networking. Do a checksum on any files you download to ensure they are not corrupt or have been tampered with in transit.

Checksums - 

If you are on Windows you can do integrity checks for downloaded files as explained here:

To do an integrity check on linux you can use built in commands such as sha1sum, or if sha 512 use:

sha512sum [file to check]

The result will be a checksum that should match the checksum provided on the site where you downloaded the file. If it doesn't the file was corrupted in transit, or worse, altered by someone with likely evil intentions.

If you use yum to do updates or other package installers they likely have this checksum build into their install process.


Step 1: Create an ISO

An iso is a file that contains an image that can be used to create a new virtual machine. In our case we are creating an iso for Fedora Linux.

1. Go to FedoraProject.org
2. Click download
3. Click on Formats in sub menu
4. Click on 64bit DVD option
5. Download starts immediately
6. Check the integrity of the file you downloaded
7. Right click and burn to blank CD or your hard drive

You should now have a .iso file you can use to create a Linux VM


Step 2: Create a Fedora Linux VM, customized for Eclipse

1. Start Fusion. 
2. File, new, choose appropriate Linux options
3. On the top of vm screen click the icon with cd coming out of drive.*
4. Choose disk option and select the file burned to CD
5. Click on customize settings when going through the VM set up
6. Change the name of my VM
7. Click on hard disk. Change the size to the amount of storage you think you will need for this VM.
8. Hit the back arrow, apply.
9. Click on memory. I doubled mine to 2048. What number you use depends on how much memory you have on your machine and what else you are running outside the VM that will be using memory. When I didn’t increase the memory eclipse was going very slowly and using swap memory.
10. Close the settings.
11. Run your VM (big > arrow in the middle of the screen).
12. Wait…this will take a while…
13. Try to login. 

If you get an pam module error when logging in that says “system is booting up” and won’t seem to go away then restart the VM.


Step 3: Check Internet Connection

1. Make sure you can connect to internet - open a browser to test going to your favorite web site. 

2. If you have problems try changing the network adaptor settings as follows:
  • Shut down your VM [Menu: Virtual Machine > Shutdown]
  • Go to Menu: Virtual Machine > Network Adaptor > Network Adapter settings
  • Click the button that says: Add Device [Your VM must be stopped]
  • You’ll now see at the top of the dialog that it says “Network Adapter 2"
  • Click on the bridged option for Wi-Fi (or whatever your current network is that you are using) instead of “Share with my Mac”
  • Close the dialog box
  • Start your VM (click the > arrow in the middle of the VM screen or use the menu options
  • From menu choose: Virtual Machine > Network Adapter > Disconnect Network Adapter
  • Verify that Network Adapter 2 is connected on menu: Virtual Machine > Network Adapter > [you should see the option for Bridged (Wi-Fi) selected and the option to disconnect (leave it connected)
  • Restart your VM
3. You can try removing and adding Network Adapters or switching between Nat and Bridged mode. I have not experienced consistent behavior in these settings.


Step 4: Add Your User to Sudoers

1. Add user to sudoers file using visudo so you don’t have to keep logging in as root with su.

su root 
[enter password]

visudo  

uncomment this line if not already uncommented

%wheel  ALL=(ALL)       ALL

Exit and save changes or just exit if nothing to change

:wq! 

Add the users to the wheel group you want to allow to run sudo

usermod -aG wheel [username here]

su back to your user name
su [your user name]
[enter psassword]

test that you can sudo with that user now
ls /root
(you should get permissions denied)

sudo ls /root
[enter password]

should not give any error.

More: 


Step 5: Run Security Updates



Security updates will patch known CVEs (security flaws):



sudo yum update —security

Then y and enter to install.

Note: if you have problems running this because it says PackageKit is running, here’s what I did. I don’t know if this is bad but it solved the problem:

ctrl-shift-t to open a new terminal window in new tab

ps -ax | grep Package

Got the process id, say 112233

Then kill that process which in this case would be:

sudo kill 112233

Did same for RSS

Then my security update would run.

The next problem I had during the update was report of two conflicting packages. There were two conflicting package names in the error message. I just updated the latter package stand alone:

sudo yum update abrt-java-connector-1.0.6-1.fc20.x86_64

Now run the security update again

sudo yum update --security


Step 6: This is a Good Time to Take a Snapshot

Menu: Virtual Machine > Snapshots > Take Snapshot

You can view your snapshot 

Menu: Virtual Machine > Snapshots 

You might want to right click on Get Info and add a comment like “security updates applied"


Step 7a: Install Eclipse with Yum -- READ CAVEAT FIRST

I just typed:

sudo yum install eclipse

It proceeded to install a gazillion libraries…well really it was only 100.

Then I just typed eclipse at the command line. I checked the version and it installed the “Kepler” version of eclipse, however the latest version of Eclipse (at time of this writing) is Mars. If you want to get the latest version you’ll want to download and install from web site.

So scratch that and roll back to the secure VM snapshot (and take a new snapshot)


Step 7b: Install Eclipse From Eclipse Web Site

1. Search for "eclipse" in Google
2. Click eclipse downloads in Google results
3. Click on SHA-512 to get the hash which looks like this currently:

b5fe908c9ae4ec2c1e050bca1846b07f0474d3c6abb77ec71ebbc2d71ab89ce3934b6019cb4d700386a2236f28a2ab04ca1976a48b82220ba8563cd9b672b840 eclipse-inst-linux64.tar.gz

4. Choose a mirror close to you or from a name you trust
5. Download box pops up - click OK or choose Save File
6. The file eclipse-inst-linux64.tar.gz is downloaded.
7. The file went to /var/tmp if you just clicked ok or to your downloads folder if you chose Save File. If you can't find it run this command:

sudo find / eclipse-inst-linux64.tar.gz | grep eclipse-inst-linux64.tar.gz

8. cd to the directory where the file is located

cd /var/tmp [or wherever the file is saved if not /var/tmp]

9. Run the checksum integrity check:

sha512sum eclipse-inst-linux64.tar.gz

If the file is OK the output matches the above. This of course assumes the above was not tampered with but better than doing no integrity check at all.

b5fe908c9ae4ec2c1e050bca1846b07f0474d3c6abb77ec71ebbc2d71ab89ce3934b6019cb4d700386a2236f28a2ab04ca1976a48b82220ba8563cd9b672b840  eclipse-inst-linux64.tar.gz

Since we have a match my download seems to be OK.

10. If you just hit ok the archive manager should be open. If not just double click on the downloaded file to open it.
11. Click Extract
12. The next screen gives option to create a new folder, which I did. 
13. Extract files to folder of choice.
14. I scanned the readme file for any trouble shooting tips and saw a particular version of Java is required.
15. Check your java version to make sure it is ok:

java -version

16. If java is not ok you can update manually or run:

sudo yum update java

17. Double click on the eclipse installer file (eclipse-inst) in the root directory of extracted files
18. Choose the version of Eclipse you want - I just chose the first option for basic Java IDE
19. Click install and follow the prompts.
20. Go get a cup of coffee or do some jumping jacks while you wait.
21. Click launch.
22. Change the workspace if you want - it's just the location where Eclipse stores your preferred settings. You can have multiple workspaces with different settings. I generally store settings and projects in different folders not in the same hierarchy.
23. If you get an error Eclipse is not responding, click "Wait".
24. Yay. Eclipse is running. Check the version under Help menu and make sure it is the latest.


Step 8: Take a Snapshot!

This would be a most excellent time to take a snapshot.


Step 9: Install Git

If you are using GitHub you might want to install GIT and/or any Eclipse tools for Git. You'll want to back up your source and version as frequently as possible so as not to lose your work! This allows rollback of only your code vs. rolling back your entire environment with a VM snapshot.

https://eclipse.github.io


Step 10: Install AWS Goodies

Install your favorite AWS tools from this web page:


Perhaps you have different VMs and configurations for different projects or customers, or perhaps you have a single VM that supports them all...the choice is yours!