The most important script necessary for this to work is my xen virtual machine manager bash script, which is essentially a bunch of Citrix $XE command line options wrapped into a bash getopts script. My suggestion would be to copy it to /usr/local/bin so that it can be executed without having the specify the path --- use whatever configuration management software you want (i.e. cfengine, puppet, chef, etc) or have it installed as part of your cobbler post-install from /var/www/cobbler/aux/citrix, as specified in Part One of this blog. Of course, you may also want to just copy it over manually.
The second most important thing is to configure a privileged user that can ssh to the Citrix XenServer and execute the xen virtual machine manager script as root. Originally, I had configured all the ssh commands to run as root@xenserver, but have since altered everything to utilize sudo and non-root ssh keypairs. We will not be discussing sudoers or authorized_keys in this blog, so if you do not know how to handle that, you should not continue reading. For the sake of the rest of this example, we will refer to this priviledged user as 'uber'.
Now, some people may just create a basic xen virtual machine and clone it as needed for future installations. That will not be covered here, though, the technique is similar and, if you understand all the steps, you should be able to make the cobbler and bash modifications to handle that as well. I prefer to kickstart everything from scratch and then apply configuration management upon post-install that will customize the process accordingly.
1. create Citrix XenServer and install xen virtual machine manager script
I did mention before that this was the MOST important step, so I am listing it again as Step 1. Build your own Citrix server or use the technique I described in Part One. Create your own script, or just use mine.
2. create and configure 'uber' user
On the cobbler host, you need to create and generate ssh keypairs (this example uses RSA) for ~uber/.ssh but on the Citrix host, you need to add the public key to authorized_keys. You will also have to make sure that 'uber' is allowed in sudoers to execute the xen virtual machine manager script.
3. create custom cobbler power template
You can manipulate almost anything in cobbler using cheetah templates. Create /etc/cobbler/power/power_citrix.template as follows:
# By default, cobbler builds the kickstart tree for all systems
# more reliably than the distro being attached to the interface
#set treelist=$mgmt_parameters['tree'].split('/')
#if $power_mode == 'on'
ssh -i ~$power_user/.ssh/id_rsa $power_user@$power_address sudo xenvm_mgr.sh \
-S "$server" -D "$treelist[-1]" \
-m "xenbr0=$interfaces['eth0']['mac_address'],xapi1=$interfaces['eth1']['mac_address']" \
-s "$virt_path" \
-V "$virt_file_size" \
-C "$virt_cpus" \
-M "$virt_ram" \
-c "$name"
#end if
# xenvm_mgr must exit 0 when VM exists, or poweroff will fail for new VMs
#if $power_mode == 'off'
ssh -i ~$power_user/.ssh/id_rsa $power_user@$power_address sudo xenvm_mgr.sh \
-d \
-x "$name"
#end if
All the $variables specified are specific to cobbler, but you may need to adjust "Local storage" according to how you configured the Citrix XenServer or modify xenbr0/xapi1 to different interface numbers, depending on your architecture. My xen virtual machine manager script has wildcard matching so you do not have to know the precise storage name (but you will have to be careful as it will take the first match listed). There are also tests that check that available cpu, memory and disk are available or the new virtual machine is destroyed and the xenvm_mgr will exit non-zero and cause the poweron to retry a few times before failing.
4. configure the cobbler profile
Assuming you imported a Redhat-based distribution, i.e. RHEL 5.5, it should have created two distinct profiles like:
rhel5-arch
rhel5-xen-arch
because the distribution contains the kernel and initrd for xen virtual instances. You will "cobbler system add" your new virtual instance using this profile.
5. configure the cobbler system (aka, the xen virtual instance)
Whether you utilize the following options when you do the "cobbler system add" or update them afterwards using "cobbler system edit" is of no consequence to me, I will illustrate using the edit method:
cobbler system edit --name vmname --power-user=uber --power-type=citrix --power-address=citrixdns
What you need to note here is that the power-type corresponds directly to the power_type.template create in Step 3 and the power-address is the dns name or the ip address of your Citrix XenServer. If you need to modify the VM settings, you can override them via cobbler as well:
cobbler system edit --name vmname --virt-cpu=2 --virt-file-size=100 --virt-ram=4096 --virt-path="Local storage"
That's all! The kickstart info is retrieved from the imported profile. The cheetah template now handles the following (so be careful how you use this):
create a new virtual machine using the xen virtual machine manager:
cobbler poweron --name vmname
destroys existing virtual machine using xen virtual machine manager:
cobbler poweroff --name vmname
If you do not want the poweroff to destroy, modify the cheetah template. If you want to add a reboot case in the cheetah template, go right ahead. This just about covers it, I think. Have fun extending the cobbler power templates to handle other virtualizations.
Going to check this out and probably automate this to be setup with all of our xenserver nodes. I like the options of xenserver, but it was a headache to loose all of the tools from libvert. This way, the cobble-ability of xenserver is redeemed. Yes, people do read your posts, but few are on the level you are at in admin work and hackery and willing to blog about it.
ReplyDeleteThanks for the good thoughts, Jonathan. As a python-lover, despite being older and no longer updated, I've always like the way cobbler handled things. Due to how RedHat/Fedora progresses, however, recently, I have come across many who prefer foreman to cobbler, but I have not had time to investigate foreman myself yet. Several months ago (maybe even a year ago?), I had rewritten the bash+sshkey method shown here into python-based API calls, but it may not be useful to you because it is wholly ingrained into the overall mothership project (http://mothership.sf.net). If you find that interesting, then download the open-source project and look at the /xen directory on how I manipulate it via the XenAPI instead of using libvert. For standalone, the bash-cli should probably still work fine, I just wanted to get away from depending on authorized_keys when provisioning and distributing.
ReplyDeleteHi really goo post, but can i see the content of xenvm_mgr.sh, really thx
ReplyDeleteThanks for the steps ... this works flawlessly!!!
ReplyDeletei just had to add one more line to the post ..., for some reason the mboot.32 file also need to be synced.
rsync -av $srcdir/ks_mirror/$name/{install.img,boot/vmlinuz,boot/xen.gz} $dstdir/images/$name/
rsync -av /usr/lib/syslinux/mboot.c32 $dstdir/images/$name/