Behind the Eyes

Tag: VMware

  • Building the VMware Workstation Modules on Ubuntu 24.04 with Secure Boot Enabled

    Hello everyone! I hope you have all been well and staying safe. Today’s blog is one that I hope you find helpful.

    So while I use KVM primarily for VM’s on my laptop and even on my servers, I still use VMware Workstation on my Laptop for quick testing. However, with the latest release (25H2 as of today), I was still running into issues where the vmmon and the vmnet modules would build, but not install properly. After looking through my logs, I found out that the reason they were not loading is because they were not signed. I use Secure Boot on my Laptop, and because of that, the kernel will not load unsigned modules into memory, thinking they are insecure. However, I have found a way to install the modules, and maintain security of the system. This blog will detail how to create a key, install the key, and sign the kernel modules after they have been compiled so that they will load properly.

    So I download and install VMware Workstation from Broadcom’s support site. It’s free now for personal use. Once you download it, I had to change the permissions so that it was executable, and then ran the installer from the terminal:

    chmod +x VMware-Workstation-Full-25H2-24995812.x86_64.bundle

sudo ./VMware-Workstation-Full-25H2-24995812.x86_64.bundle

    After the installation, the kernel modules will be build, but they will not install. When you try to run a VM, it will fail saying it couldn’t load the vmmon module. When I tried to install the modules from the CLI, I was presented with the following error:

    sudo modprobe vmmon

modprobe: ERROR: could not insert 'vmmon': Key was rejected by service

    After a little searching, I found this was becuase I am using Secure Boot and the kernel modules are not signed. So I had to do the following to sign the modules.

    First, I had to create a private key and a certificate to sign the modules. I had to create a Machine Owner Key (MOK). This also has to be added to the MOK database in Secure Boot to prove that the modules have been built and trusted by the system. I did the following to create the keys:

    openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=My Kernel Module Signing/"

    Now I had two files in my home directory, MOK.priv, the Private Key, and MOK.der, the DER formatted Certificate.

    I now had to use the mokutil command to install the keys into the database:

    sudo mokutil --import MOK.der

    I had to create a password to install the certificate. Remember this password because when you reboot the machine, it will ask for this password to install the certificate. Do that and then log back in to the machine.

    Once logged in, open a terminal and find the path for the modules:

    modinfo -n vmmon
modinfo -n vmnet

    They will be in the /lib/modules/$(uname -r)/misc directory, however we will be using this as a variable in the next command, which is what we will use to sign the modules:

    sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 MOK.priv MOK.der $(modinfo -n vmmon)

sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 MOK.priv MOK.der $(modinfo -n vmnet)

    You can then use the modprobe command to install the modules, but I normally just reboot my laptop to have everything start correctly, and then I can open VMware Workstation normally.

    I hope this helps you, and this process can be used to sign any module that you may need to.

  • Growing Ubuntu LVM After Install

    Hello everyone. I hope you have all been well.

    I have a new blog entry on something I just noticed today.

    So I typically don’t use LVM in my Linux Virtual Machines, mainly because I have had some issues in the past trying to migrate VM’s from one hypervisor type to another, for example, VMware to KVM or vice versa. I have found that if I use LVM, I have mapping issues and it takes some work to get the VM’s working again after converting the raw disk image from vmdk to qcow2 or vice versa.

    However, since I don’t plan on doing that anymore (I’m sticking with KVM/Qemu for the time being) I have looked at using LVM again since I like how easy it is to grow the volume if I have to in the future. While growing a disk image is fairly easy, trying to grow a /dev/vda or /dev/sda is a little cumbersome, usually requiring me to boot my VM with a tool like PMagic or even the Ubuntu install media and using gparted to manipulate the size and then rebooting back into the VM after successfully growing it.

    With LVM, this is much simpler. 3 commands and I’m done, and don’t need a reboot. Those commands:

    • pvdisplay
    • lvextend
    • resize2fs

    Now, One thing I have noticed after a fresh install of Ubuntu Server 22.04.2, using LVM, I don’t get all my hard drive partition used. I noticed this after I installed, I ran df -h and noticed that my / folder was at 32%. I built the VM with a 50G hard drive, yet df was only seeing 23GB. I then ran

    sudo pvdisplay

    Sure enough, the device was 46GB in size. I then ran

    sudo lvextend -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv

    This command extended my partition out to the remaining space. Next, I grew the file system to use the new space:

    sudo resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv

    I then ran df -h again, and low and behold, my / folder is now saying 46GB and 16% used instead of 32%.

    I hope this helps anyone else!

  • Converting and Resizing KVM Hard Drives

    Hello everyone! I have been rebuilding my network and servers due to a major outage that I had with my ISP, which we are still meddling with. However, during the outage, I had to rebuild my servers. So I lost a lot of my build machines. Luckily, I still had copies running on my Mac running VMware Fusion. However, I don’t run on there so my machines just sit powered down, but if I need to bring them up for anything, I can.

    Well, I have a build machine that was running out there before I brought it into my KVM environment, but it was out of hard drive space and under utilized. This blog post is going to show how I moved the hard drive to my kvm server and then how I resized it and got it up and running.

    First thing I did was scp the vmdk file from my Mac to my KVM server:

    scp ~/Documents/Virtual\ Machines.localized/Precise-build.vmwarevm/Virtual\ Disk.vmdk kvm2:/data/VMS/precise-build.vmdk

    After 40 minutes, the vmdk was copied. I then converted it to qcow2:

    qemu-img convert -O qcow2 precise-build.vmdk precise-build.qcow2

    After that finished, I was able to get info on it:

    qemu-img info precise-build.qcow2
image: precise-build.qcow2
file format: qcow2
virtual size: 80G (85899345920 bytes)
disk size: 73G
cluster_size: 65536
Format specific information:
    compat: 1.1
    lazy refcounts: false
    refcount bits: 16
    corrupt: false

    I wanted to grow it to 200GB in size:

    qemu-img resize precise-build.qcow2 +120G

    I then got info on it to verify that it grew:

    qemu-image info precise-build.qcow2
image: precise-build.qcow2
file format: qcow2
virtual size: 200G (214748364800 bytes)
disk size: 75G
cluster_size: 65536
Format specific information:
    compat: 1.1
    lazy refcounts: false
    refcount bits: 16
    corrupt: false

    I was now ready to build the VM, which I used Virtual-Manager to build. I told it to use an existing disk, and then set it up to use more memory and processors then previously so I could get better performance out of it. I then told it to boot from a CD image of Parted-Magic so I could grow the file system. Luckily, this server only had two partitions, the root partition at the swap partition. However, the swap was on an extended partition and at the end of the disk. So I had to delete it and the extended partition so I could used parted to extend the file system. I extended it to the end minus 6GB, and then created at extended partition at the end and added a swap partition back and then saved it and rebooted. The machine rebooted, ran fsck and started up normally.

    I was then able to delete the vmdk file from my server to reclaim the 73GB of space it was using:

    rm /data/VMS/precise-build.vmdk

    Thats it. I hope this guide helps you migrating VM’s and growing their file systems from VMware or even Virtual Box to KVM.

    Let me know in the comments.

    Thanks!

2Shares