Creating Virtual Machines
=========================
Two types of virtual machine are currently (2010-12-28) supported by DataONE
hardware: KVM_ (all three locations) and OpenVZ_ (UNM). KVM (Kernel-based
Virtual Machine) is a complete virtualization system for Linux and enables
creation of VMs which are completely isolated from the host operating system.
OpenVZ is a container based virtualization solution where the equivalent of
VMs (actually Virtual Private Servers or Virtual Environments) execute in an
environment similar to FreeBSD jails. OpenVZ claims some performance
enhancements over full virtualization solutions.
Actually creating a virtual machines (or "guests") is generally a straight
forward procedure. There are several post-creation steps that should be
followed to ensure the created server is at a level of configuration that
provides a base for customization, is secured, and allows authentication of
DataONE LDAP account holders.
.. Note::
When creating VMs, set the timezone to UTC (appears at the bottom of the
timezone choice menu during installation). Alternatively, set the timezone
afterwards as described in :doc:`timezone`
Create a KVM Guest
------------------
The base KVM install will be configured with shell access through SSH with
accounts authenticated against the NCEAS LDAP instance. UFW will be installed
and locked down to only port 22. DenyHosts will be installed to block
attempted logins that fail too many times.
The following command with appropriate values for the various variables will
create a basic KVM VM ready for final configuration::
ubuntu-vm-builder kvm karmic \
--arch='amd64' \
--cpus='<< NUM CPU >>'
--mem='<< RAM MB >>' \
--rootsize='<< DISK SIZE MB >>' \
--swapsize='<< SWAP MB >>' \
--dest=/kvm/<< HOST NAME>>.dataone.org \
--kernel-flavour='server' \
--hostname='<< HOST NAME >>' \
--domain='<< HOST NAME >>.dataone.org' \
--mirror='http://archive.ubuntu.com/ubuntu' \
--components='main,universe,multiverse' \
--addpkg dialog \
--addpkg ca-certificates \
--addpkg ufw \
--addpkg dnsutils \
--addpkg curl \
--addpkg wget \
--addpkg libnss-ldap \
--addpkg nscd \
--addpkg openssh-server \
--addpkg nano \
--addpkg man \
--addpkg acpid \
--addpkg ntp \
--addpkg denyhosts \
--addpkg logrotate \
--name='Administrator' \
--user='localadmin' \
--pass='<< PASSWORD >>' \
--bridge=br0 \
--ip='<< IP ADDRESS >>' \
--mask='<< MASK >>' \
--net='<< NETWORK >>' \
--bcast='<< BROADCAST >>' \
--gw='<< GATEWAY >>' \
--dns='<< DNS >>' \
--libvirt qemu:///system
Where:
:RAM MB: Common choices = 512, 1024, 2048, 4096, 8192, 16384, 32768
:NUM CPU: Common choices = 1, 2, 4, 8
:DISK SIZE MB: e.g. "300000 MB" (300GB)
:SWAP MB: Typically up to << RAM MB >>
:HOST NAME: Machine specific, see :doc:`DNS-management` for guidlines.
:PASSWORD: Secure password for localadmin account.
:IP ADDRESS: Machine specific
:MASK: UNM=255.255.255.0, UCSB=255.255.255.0, ORC=255.255.240.0
:NETWORK: UNM=129.24.0.0, UCSB=128.111.220.0, ORC=160.36.134.64
:BROADCAST: UNM=129.24.0.255, UCSB=128.111.220.255, ORC=160.36.134.79
:GATEWAY: UNM=129.24.0.1, UCSB=128.111.220.1, ORC=160.36.134.65
:DNS: DNS Server to use. 8.8.8.8, 8.4.4.4, or 4.2.2.2 are good choices.
After the VM instance has been created and started, logon as *localadmin* and
configure and enable the firewall as outlined below::
sudo apt-get update
sudo apt-get upgrade
sudo ufw allow ssh
sudo ufw enable
At this point, the VM is in a minimally configured state and installation should
proceed with configuring :doc:`ldap_authentication`, enabling :doc:`denyhosts`,
configuring :doc:`monitoring`, and setting up :doc:`outgoing_email` for sending
administrative notices.
Create an OpenVZ Guest
----------------------
OpenVZ guests are easily created through the Proxmox-ve_ web administration
interface.
After creating the new VM with appropriate specifications it is necessary to
logon to the guest and perform some additional configuration and package
installation.
Open console, update distro::
apt-get update
apt-get upgrade
apt-get install dialog ca-certificates dnsutils openssh-server
Create localadmin account::
adduser localadmin
usermod -a -G sudo localadmin
Now login through SSH and user terminal for remainder of configuration.
apt-get install nano man ntp acpid curl wget
At this point, the VM is in a minimally configured state and installation should
proceed with configuring :doc:`ldap_authentication`, enabling :doc:`denyhosts`,
configuring :doc:`monitoring`, and setting up :doc:`outgoing_email` for sending
administrative notices.
Remote Administration of Virtual Machines
-----------------------------------------
KVM Remote Management
~~~~~~~~~~~~~~~~~~~~~
KVM virtual machines can be managed using virsh_ on the host.
Basic operations include:
:list: Show a listing of virtual machines
:shutdown: Shutdown (controlled) a virtual machine
:startup: Start a virtual machine
Example, list domains, stop and start "mule2"::
$ virsh list
Id Name State
----------------------------------
1 epad running
5 fedoradev running
12 mule2 running
13 cn-unm-1 running
$ virsh shutdown mule2
Domain mule2 is being shutdown
$ virsh list --all
Id Name State
----------------------------------
1 epad running
5 fedoradev running
13 cn-unm-1 running
- mule2 shut off
$ virsh start mule2
Domain mule2 started
.. _virsh: https://help.ubuntu.com/community/KVM/Managing
Another tool that works well from an Ubuntu desktop environment is the Ubuntu
"Virtual Machine Manager". Install it on your Ubuntu desktop machine using::
sudo apt-get install virt-manager
The start it up::
virt-manager &
Add a new connection through File | Add Connection..., selecting QEMU/KVM as
the Hypervisor, and "remote tunnel over SSH" as the Connection. For the
Hostname, enter::
<<username>>@<<host>>
where:
:username: user account that is a member of the ``libvirtd`` group on the host
:host: The VM host machine
OpenVZ Remote Management
~~~~~~~~~~~~~~~~~~~~~~~~
We are using Proxmox-ve_ for managing OpenVZ (and some KVM) virtual machines.
All normal administrative procedures can be performed through the intuitive
web interface presented by the respective virtualization hosts.
.. _KVM: http://www.linux-kvm.org/page/Main_Page
.. _OpenVZ: http://wiki.openvz.org/Main_Page
.. _Proxmox-ve: http://www.proxmox.com/products/proxmox-ve