Creating Virtual Machines

Two types of virtual machine are currently (2010-12-28) supported by DataONE hardware: KVM (all three locations) and OpenVZ (UNM). KVM (Kernel-based Virtual Machine) is a complete virtualization system for Linux and enables creation of VMs which are completely isolated from the host operating system. OpenVZ is a container based virtualization solution where the equivalent of VMs (actually Virtual Private Servers or Virtual Environments) execute in an environment similar to FreeBSD jails. OpenVZ claims some performance enhancements over full virtualization solutions.

Actually creating a virtual machines (or “guests”) is generally a straight forward procedure. There are several post-creation steps that should be followed to ensure the created server is at a level of configuration that provides a base for customization, is secured, and allows authentication of DataONE LDAP account holders.

Note

When creating VMs, set the timezone to UTC (appears at the bottom of the timezone choice menu during installation). Alternatively, set the timezone afterwards as described in Timezone and NTP

Create a KVM Guest

The base KVM install will be configured with shell access through SSH with accounts authenticated against the NCEAS LDAP instance. UFW will be installed and locked down to only port 22. DenyHosts will be installed to block attempted logins that fail too many times.

The following command with appropriate values for the various variables will create a basic KVM VM ready for final configuration:

ubuntu-vm-builder kvm karmic \
--arch='amd64'  \
--cpus='<< NUM CPU >>'
--mem='<< RAM MB >>'  \
--rootsize='<< DISK SIZE MB >>'  \
--swapsize='<< SWAP MB >>'  \
--dest=/kvm/<< HOST NAME>>.dataone.org \
--kernel-flavour='server'  \
--hostname='<< HOST NAME >>'  \
--domain='<< HOST NAME >>.dataone.org'  \
--mirror='http://archive.ubuntu.com/ubuntu'  \
--components='main,universe,multiverse'  \
--addpkg dialog \
--addpkg ca-certificates \
--addpkg ufw \
--addpkg dnsutils \
--addpkg curl \
--addpkg wget \
--addpkg libnss-ldap \
--addpkg nscd \
--addpkg openssh-server \
--addpkg nano \
--addpkg man \
--addpkg acpid \
--addpkg ntp \
--addpkg denyhosts \
--addpkg logrotate \
--name='Administrator'  \
--user='localadmin'  \
--pass='<< PASSWORD >>'  \
--bridge=br0 \
--ip='<< IP ADDRESS >>'  \
--mask='<< MASK >>'  \
--net='<< NETWORK >>'  \
--bcast='<< BROADCAST >>'  \
--gw='<< GATEWAY >>'  \
--dns='<< DNS >>' \
--libvirt qemu:///system

Where:

RAM MB:Common choices = 512, 1024, 2048, 4096, 8192, 16384, 32768
NUM CPU:Common choices = 1, 2, 4, 8
DISK SIZE MB:e.g. “300000 MB” (300GB)
SWAP MB:Typically up to << RAM MB >>
HOST NAME:Machine specific, see DNS Management for DataONE Nodes for guidlines.
PASSWORD:Secure password for localadmin account.
IP ADDRESS:Machine specific
MASK:UNM=255.255.255.0, UCSB=255.255.255.0, ORC=255.255.240.0
NETWORK:UNM=129.24.0.0, UCSB=128.111.220.0, ORC=160.36.134.64
BROADCAST:UNM=129.24.0.255, UCSB=128.111.220.255, ORC=160.36.134.79
GATEWAY:UNM=129.24.0.1, UCSB=128.111.220.1, ORC=160.36.134.65
DNS:DNS Server to use. 8.8.8.8, 8.4.4.4, or 4.2.2.2 are good choices.

After the VM instance has been created and started, logon as localadmin and configure and enable the firewall as outlined below:

sudo apt-get update
sudo apt-get upgrade
sudo ufw allow ssh
sudo ufw enable

At this point, the VM is in a minimally configured state and installation should proceed with configuring LDAP Authentication, enabling Deny Hosts, configuring Monitoring Systems, and setting up Outgoing Email for sending administrative notices.

Create an OpenVZ Guest

OpenVZ guests are easily created through the Proxmox-ve web administration interface.

After creating the new VM with appropriate specifications it is necessary to logon to the guest and perform some additional configuration and package installation.

Open console, update distro:

apt-get update
apt-get upgrade
apt-get install dialog ca-certificates dnsutils openssh-server

Create localadmin account:

adduser localadmin
usermod -a -G sudo localadmin

Now login through SSH and user terminal for remainder of configuration.

apt-get install nano man ntp acpid curl wget

At this point, the VM is in a minimally configured state and installation should proceed with configuring LDAP Authentication, enabling Deny Hosts, configuring Monitoring Systems, and setting up Outgoing Email for sending administrative notices.

Remote Administration of Virtual Machines

KVM Remote Management

KVM virtual machines can be managed using virsh on the host.

Basic operations include:

list:Show a listing of virtual machines
shutdown:Shutdown (controlled) a virtual machine
startup:Start a virtual machine

Example, list domains, stop and start “mule2”:

$ virsh list
 Id Name                 State
----------------------------------
  1 epad                 running
  5 fedoradev            running
 12 mule2                running
 13 cn-unm-1             running

$ virsh shutdown mule2
Domain mule2 is being shutdown

$ virsh list --all
 Id Name                 State
----------------------------------
  1 epad                 running
  5 fedoradev            running
 13 cn-unm-1             running
  - mule2                shut off

$ virsh start mule2
Domain mule2 started

Another tool that works well from an Ubuntu desktop environment is the Ubuntu “Virtual Machine Manager”. Install it on your Ubuntu desktop machine using:

sudo apt-get install virt-manager

The start it up:

virt-manager &

Add a new connection through File | Add Connection..., selecting QEMU/KVM as the Hypervisor, and “remote tunnel over SSH” as the Connection. For the Hostname, enter:

<<username>>@<<host>>

where:

username:user account that is a member of the libvirtd group on the host
host:The VM host machine

OpenVZ Remote Management

We are using Proxmox-ve for managing OpenVZ (and some KVM) virtual machines. All normal administrative procedures can be performed through the intuitive web interface presented by the respective virtualization hosts.