2013. június 13., csütörtök

XenServer VM creation

As I promised earlier. If you want to create a new virtual machine in XenServer or XCP from an ISO file in the CLI and don't want to download it on-the-fly, here are the steps you should take.
Let's assume that you have only one 650megs cd image. Your 4 gigs size root fs will be enough to host that. If you have a dvd image or you want to store more then one cd image, it won't fit. Then, you have to create a new partition with LVM tools. So:
lvcreate -L15G -n /dev/VG_XenStorage-[PRESS_TAB_HERE]/MYISOS
mkfs.ext3 /dev/VG_XenStorage-[PRESS_TAB_HERE]/MYISOS
mkdir -p /myfiles/ && mount /dev/VG_XenStorage-[PRESS_TAB_HERE]/MYISOS /myfiles
Having done, here is the second step. Create a new Storage Repository.
xe sr-create name-label=MY-LITTLE-SR type=iso device-config:location=/myfiles/ device-config:legacy_mode=true content-type=iso
You'll see something like this cd0423d8-23db-5af4-bd70-43b60c901e17
That's the UUID of your newly created storage. Now, copy your install iso file, from example from an USB key:
cp /mnt/sdc1/CentOS-6.0-x86_64-LiveCD.iso /myfiles/
xe sr-scan uuid=cd0423d8-23db-5af4-bd70-43b60c901e17
xe cd-list 
(always use TAB!). The reply is:

 xe vm-install template=Other\ install\ media new-name-label=MY-LITTLE-VM sr-uuid=$(xe sr-list name-label="Local storage" --minimal)

That means you have succesfully created your VM on the disk storage named Local storage. (Default place to put VM's on.). Let's create a virtual interface for this machine and bind it to the physical interface eth0.
xe vif-create network-uuid=$(xe network-list name-label="Pool-wide network associated with eth0" --minimal) vm-uuid=$(xe vm-list name-label=MY-LITTLE-VM --minimal) device=0
It's time to create a new 25Gigs virtual disk and mount it to the VM as a Virtual Block Device.
xe vdi-create name-label=root-MY-VM sr-uuid=$(xe sr-list name-label="Local storage" --minimal) type=system virtual-size=25GiB sharable=false
xe vdb-create vdi-uuid=$(xe vdi-list name-label=root-MY-VM --minimal) vm-uuid=$(xe vm-list name-label=MY-LITTLE-VM --minimal) type=Disk bootable=true device=0
So far so good. Now, load the CD and set a new fixed RAM size, overwriting the template setting.
xe vm-cd-add vm=MY-LITTLE-VM cd-name=CentOS-6.0-x86_64-LiveCD.iso device=1
xe vm-memory-limits-set vm=MY-LITTLE-VM static-min=512MiB static-max=512MiB dynamic-min=512MiB dynamic-max=512MiB

To delegate a virtual quad-core vCPU to the VM: 
xe vm-param-set platform:cores-per-socket=4 uuid=$(xe vm-list name-label=MY-LITTLE-VM --minimal)
or set the max virtual CPUs number to 8. (That's the number that a physical quad-core can drive)
xe vm-param-set VCPUs-max=8 uuid=$(xe vm-list name-label=MY-LITTLE-VM --minimal)

Now, fire up the VM and switch to its console:
xe vm-start name-label=MY-LITTLE-VM
xe console vm=MY-LITTLE-VM
Exit the console with: CTRL+5

Sometimes it is useful to identify your virtual network cards VIFs in connection with your VMs. Remember this command:
xe vm-list is-control-domain=false params=dom-id,name-label,uuid
It will tell your VMs' domain IDs. Just watch your ifconfig output and match the VIFs' IDs (vifx.y) to your VM domains' IDs. (x is your VM, y is the device number.)
While investigating which damn vlan, bridge, vif or whatever interface bound to what and where, this is the MOST USEFUL command I've ever seen:
brctl show

2013. június 6., csütörtök

Hardening Hyper-V 2012 clusters, Deployment Bible

I've came across an awesome article, originally on http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/61e18aaf-de6a-42e7-aa41-3cee790a1236/. In case it disappers I'm taking an exact copy of it. I do hope it wont violate any law. :P Thanks Roger Osborne, anyway.

⎕ Use Server Core, or the Windows Minimal Interface, to reduce OS overhead, reduce the potential attack surface, and to minimize reboots (due to fewer software updates).
⎕ Ensure hosts are up-to-date with recommended Microsoft updates, to ensure critical patches and updates – addressing security concerns or fixes to the core OS – are applied.
⎕ Ensure all applicable Hyper-V hotfixes and Cluster hotfixes (if applicable) have been applied. Review the following sites and compare it to your environment, since not all hotfixes will be applicable:
⎕ Ensure hosts have the latest BIOS version, as well as other hardware devices (such as Synthetic Fibre Channel, NIC’s, etc.), to address any known issues/supportability
⎕ Host should be domain joined, unless security standards dictate otherwise. Doing so makes it possible to centralize the management of policies for identity, security, and auditing. Additionally, hosts must be domain joined before you can create a Hyper-V High-Availability Cluster.
⎕ RDP Printer Mapping should be disabled on hosts, to remove any chance of a printer driver causing instability issues on the host machine.
  • Preferred method: Use Group Policy with host servers in their own separate OU
    • Computer Configuration –> Policies –> Administrative Templates –> Windows Components –> Remote Desktop Services –> Remote Desktop Session Host –> Printer Redirection –> Do not allow client printer redirection –> Set to "Enabled
⎕ Do not install any other Roles on a host besides the Hyper-V role and the Remote Desktop Services roles (if VDI will be used on the host).
  • When the Hyper-V role is installed, the host OS becomes the "Parent Partition" (a quasi-virtual machine), and the Hypervisor partition is placed between the parent partition and the hardware. As a result, it is not recommended to install additional (non-Hyper-V and/or VDI related) roles.
⎕ The only Features that should be installed on the host are: Failover Cluster Manager (if host will become part of a cluster), Multipath I/O (if host will be connecting to an iSCSI SAN, Spaces and/or Fibre Channel), or Remote Desktop Services if VDI is being used. (See explanation above for reasons why installing additional features is not recommended.)

Read the rest from on Technet or from here.