Creating Virtual Machines ========================= Two types of virtual machine are currently (2010-12-28) supported by DataONE hardware: KVM_ (all three locations) and OpenVZ_ (UNM). KVM (Kernel-based Virtual Machine) is a complete virtualization system for Linux and enables creation of VMs which are completely isolated from the host operating system. OpenVZ is a container based virtualization solution where the equivalent of VMs (actually Virtual Private Servers or Virtual Environments) execute in an environment similar to FreeBSD jails. OpenVZ claims some performance enhancements over full virtualization solutions. Actually creating a virtual machines (or "guests") is generally a straight forward procedure. There are several post-creation steps that should be followed to ensure the created server is at a level of configuration that provides a base for customization, is secured, and allows authentication of DataONE LDAP account holders. .. Note:: When creating VMs, set the timezone to UTC (appears at the bottom of the timezone choice menu during installation). Alternatively, set the timezone afterwards as described in :doc:`timezone` Create a KVM Guest ------------------ The base KVM install will be configured with shell access through SSH with accounts authenticated against the NCEAS LDAP instance. UFW will be installed and locked down to only port 22. DenyHosts will be installed to block attempted logins that fail too many times. The following command with appropriate values for the various variables will create a basic KVM VM ready for final configuration:: ubuntu-vm-builder kvm karmic \ --arch='amd64' \ --cpus='<< NUM CPU >>' --mem='<< RAM MB >>' \ --rootsize='<< DISK SIZE MB >>' \ --swapsize='<< SWAP MB >>' \ --dest=/kvm/<< HOST NAME>>.dataone.org \ --kernel-flavour='server' \ --hostname='<< HOST NAME >>' \ --domain='<< HOST NAME >>.dataone.org' \ --mirror='http://archive.ubuntu.com/ubuntu' \ --components='main,universe,multiverse' \ --addpkg dialog \ --addpkg ca-certificates \ --addpkg ufw \ --addpkg dnsutils \ --addpkg curl \ --addpkg wget \ --addpkg libnss-ldap \ --addpkg nscd \ --addpkg openssh-server \ --addpkg nano \ --addpkg man \ --addpkg acpid \ --addpkg ntp \ --addpkg denyhosts \ --addpkg logrotate \ --name='Administrator' \ --user='localadmin' \ --pass='<< PASSWORD >>' \ --bridge=br0 \ --ip='<< IP ADDRESS >>' \ --mask='<< MASK >>' \ --net='<< NETWORK >>' \ --bcast='<< BROADCAST >>' \ --gw='<< GATEWAY >>' \ --dns='<< DNS >>' \ --libvirt qemu:///system Where: :RAM MB: Common choices = 512, 1024, 2048, 4096, 8192, 16384, 32768 :NUM CPU: Common choices = 1, 2, 4, 8 :DISK SIZE MB: e.g. "300000 MB" (300GB) :SWAP MB: Typically up to << RAM MB >> :HOST NAME: Machine specific, see :doc:`DNS-management` for guidlines. :PASSWORD: Secure password for localadmin account. :IP ADDRESS: Machine specific :MASK: UNM=255.255.255.0, UCSB=255.255.255.0, ORC=255.255.240.0 :NETWORK: UNM=129.24.0.0, UCSB=128.111.220.0, ORC=160.36.134.64 :BROADCAST: UNM=129.24.0.255, UCSB=128.111.220.255, ORC=160.36.134.79 :GATEWAY: UNM=129.24.0.1, UCSB=128.111.220.1, ORC=160.36.134.65 :DNS: DNS Server to use. 8.8.8.8, 8.4.4.4, or 4.2.2.2 are good choices. After the VM instance has been created and started, logon as *localadmin* and configure and enable the firewall as outlined below:: sudo apt-get update sudo apt-get upgrade sudo ufw allow ssh sudo ufw enable At this point, the VM is in a minimally configured state and installation should proceed with configuring :doc:`ldap_authentication`, enabling :doc:`denyhosts`, configuring :doc:`monitoring`, and setting up :doc:`outgoing_email` for sending administrative notices. Create an OpenVZ Guest ---------------------- OpenVZ guests are easily created through the Proxmox-ve_ web administration interface. After creating the new VM with appropriate specifications it is necessary to logon to the guest and perform some additional configuration and package installation. Open console, update distro:: apt-get update apt-get upgrade apt-get install dialog ca-certificates dnsutils openssh-server Create localadmin account:: adduser localadmin usermod -a -G sudo localadmin Now login through SSH and user terminal for remainder of configuration. apt-get install nano man ntp acpid curl wget At this point, the VM is in a minimally configured state and installation should proceed with configuring :doc:`ldap_authentication`, enabling :doc:`denyhosts`, configuring :doc:`monitoring`, and setting up :doc:`outgoing_email` for sending administrative notices. Remote Administration of Virtual Machines ----------------------------------------- KVM Remote Management ~~~~~~~~~~~~~~~~~~~~~ KVM virtual machines can be managed using virsh_ on the host. Basic operations include: :list: Show a listing of virtual machines :shutdown: Shutdown (controlled) a virtual machine :startup: Start a virtual machine Example, list domains, stop and start "mule2":: $ virsh list Id Name State ---------------------------------- 1 epad running 5 fedoradev running 12 mule2 running 13 cn-unm-1 running $ virsh shutdown mule2 Domain mule2 is being shutdown $ virsh list --all Id Name State ---------------------------------- 1 epad running 5 fedoradev running 13 cn-unm-1 running - mule2 shut off $ virsh start mule2 Domain mule2 started .. _virsh: https://help.ubuntu.com/community/KVM/Managing Another tool that works well from an Ubuntu desktop environment is the Ubuntu "Virtual Machine Manager". Install it on your Ubuntu desktop machine using:: sudo apt-get install virt-manager The start it up:: virt-manager & Add a new connection through File | Add Connection..., selecting QEMU/KVM as the Hypervisor, and "remote tunnel over SSH" as the Connection. For the Hostname, enter:: <>@<> where: :username: user account that is a member of the ``libvirtd`` group on the host :host: The VM host machine OpenVZ Remote Management ~~~~~~~~~~~~~~~~~~~~~~~~ We are using Proxmox-ve_ for managing OpenVZ (and some KVM) virtual machines. All normal administrative procedures can be performed through the intuitive web interface presented by the respective virtualization hosts. .. _KVM: http://www.linux-kvm.org/page/Main_Page .. _OpenVZ: http://wiki.openvz.org/Main_Page .. _Proxmox-ve: http://www.proxmox.com/products/proxmox-ve