Starting ConVirt in Amazon EC2

 
 
 

Contents


Now you can also try ConVirt from Amazon EC2 and manage your enterprise environment. Here is a diagram of ConVirt deployment in Amazon EC2. Basically ConVirt in EC2 accesses all infrastructure via ConVirt-Connector. The Connector establishes secure vpn connectivity to the enterprise.


OSS Deployment EC2.jpg


Prerequisites : Amazon Account.

NOTE : You will be charged by amazon depending on the use of virtual machine.

There are two broad steps

  • Starting the ConVirt-Appliance in Amazon EC2.
  • Providing access to Infrastructure via ConVirt-Connector


Starting ConVirt Appliance in Amazon EC2

Locate and Launch AMI

  • Login to your Amazon account.
  • Click EC2 from AWS Console or Select EC2 from Services drop-down if you are in other console.
  • Select N. California (US-West) region by selecting drop down from top right.
  • Click AMIs under Images from the left navigator
  • Select Public AMI from drop down and search for "ConVirt-OSS" on Amazon EC2 in N.California (US-West) region. Pick the latest release and build.
  • If required,copy the AMI to region of your choice.
  • Launch the AMI image, with following choices in the wizard.
    • Select 't1.micro' instance type
    • Select appropriate details on 'Configure Instance Details' page. Defaults are ok.
    • Skip 'Add Storage' page
    • On the 'Tag Instance' page, put appropriate value for the Name tag.
    • On the 'Security group' page
      • Change the name and description of newly created security group shown on the page and make sure it had the following two rules.
        • SSH (TCP port 22) from Anywhere as source
        • Custom UDP Rule, UDP port 1194 from Anywhere as source (For secure vpn connectivity to the enterprise)
        • Custom TCP Rule, TCP port 8082 from Anywhere as source (For ConVirt management web application )
  • When you press 'Review and Launch' button, you will be prompted for generating or using an existing key. You will need this to access the ConVirt-Appliance so don't forget to download and save it.(e.g., ~/ec2_creds/keys/my-convirt-appliance-key.pem). We will refer to it as ConVirt-Appliance Key.
  • Go to Instances pane, and wait for the instance to initialized completely.
  • Now go to Elastic IPs option under Network and Security from the left navigator.
  • Allocate a new Elastic IP Address or select from existing list. Use the Associate button, and select the ConVirt-Appliance instance you just started.
  • Note down the Elastic IP, we will refer to it as ConVirt-Appliance IP.

Validate the ConVirt-Appliance instance

  • Use ssh (or Putty on windows) to Login to the ConVirt-Appliance
Syntax : ssh -i <Instance key> ubuntu@<ConVirt-Appliance IP>  
e.g. ssh -i ~/ec2_creds/keys/my-convirt-appliance-key.pem ubuntu@54.241.22.142
It will prompt you to accept the fingerprints. Say yes.
Execute the following commands.
service openvpn status
Expected result: The response should validate that openvpn is running.
ps -ef | grep paster
Expected result: You should see a process running with name paster

netstat -an | grep 8082 | grep LISTEN 
Expected Result: You should see one entry containing 8082
Logout from the the ConVirt-Appliance

If you see the expected results in all cases, your appliance is set and ready to go to the next step.

Login to ConVirt Management Server

Use a browser and point it to https://<ConVirt-Appliance IP>:8082/login . This should bring up the ConVirt application in the browser. You will be promoted for security warning, as the default ssl cerificate is self-signed. Follow your browser specific prompts to continue with the warning.

Login using 'admin' user and 'admin' password.

Change the default password

Use the 'Change Password' option from the top right to change the default password. NOTE : Treat this step as mandatory for security reasons.


Providing access to Infrastructure using ConVirt-Connector

For ConVirt to manage your virtualization infrastructure from ConVirt-Appliance in EC2, you need to have connectivity between the two. If you already have a VPC connected (using Virtual Private Gateway at EC2 and Hardware VPN at your premise) to your enterprise infrastructure and administrators, you can skip this section.

For those who does not have this setup, Convirture provides a Connector to establish secure connectivity to the ConVirt-Appliance.

Start Connector on management network within your Enterprise

Download the appliance here and follow instructions for your virtualization platform.

  • Xen
  • KVM
  • Existing ConVirt 2.x Environment


Xen

TBD

KVM

Use this section to start the Connector Appliance on your management network. Refer to next section for troubleshooting in case you run in to issue.


Login as root user
mkdir -p /var/run/kvm/monitors
mkdir -p /var/run/kvm/pids
mkdir -p /var/cache/convirt/vm_disks
cd /var/cache/convirt/vm_disks
tar -xzf connector-ref-disk.tar.gz  # point to full path of downloaded reference image.
The following will connect to the default network. (If only single network, otherwise use the next option) 

kvm -hda /var/cache/convirt/vm_disks/connector.disk.xm -net nic,vlan=0,macaddr=00:16:3e:1a:1c:3c -net tap,vlan=0 -usb -boot cd -m 512 -vnc 0.0.0.0:25 -name connector -usbdevice tablet -uuid 65d6c5c5-5851-f084-ec02-de9b642d9905 -smp 2 -monitor unix:/var/run/kvm/monitors/connector,server,nowait -pidfile /var/run/kvm/pids/connector -daemonize

If you have multiple networks, then it is assumed that you have the corresponding bridge script to connect to it. e.g. /etc/kvm/qemu-ifup-br0 

kvm -hda /var/cache/convirt/vm_disks/connector.disk.xm -net nic,vlan=0,macaddr=00:16:3e:1a:1c:3c -net tap,vlan=0,script=/etc/kvm/qemu-ifup-br0 -usb -boot cd -m 512 -vnc 0.0.0.0:25 -name connector -usbdevice tablet -uuid 65d6c5c5-5851-f084-ec02-de9b642d9905 -smp 2 -monitor unix:/var/run/kvm/monitors/connector,server,nowait -pidfile /var/run/kvm/pids/connector -daemonize
  • Troubleshooting

KVM Binary name : On few of the platforms you might need to give full path of the binary. Here are couple of common places. Replace this with 'kvm' in the commands above.

/usr/libexec/qemu-kvm
/usr/local/kvm/bin/qemu-system-x86_64


If you see, the following message, change 0.0.0.0:25 to some other port, to avoild conflict with existing vnc ports in use.

net_listen_opts: bind(ipv4,0.0.0.0,5925): Address already in use
inet_listen_opts: FAILED

If you see, the following message, empty out content of etc/xen/scripts/vif-bridge and try again.

device tap0 is already a member of a bridge; can't enslave it to bridge br0.
  • Connect using vncviewer. In the above command port :25 is used.
 vncviewer :25
  
 Give ifconfig eth0 and take a note of the ip address of the Connector. This ip address will be in the management network address space. (e.g. 192.168.X.X)

Existing ConVirt 2.x Environment

Use this method, if you have an existing ConVirt deployment and are trying out ConVirt in Amazon EC2. You can use the following method to install/start Connector appliance.

  • Create a new template from Linux_CD_Install under Common Template group. Name is Connector-Template
  • Select the newly created template and select Edit from the right context menu.
  • Select Linux, Ubuntu and 12.04 as Guest OS Flavor, Guest OS Name and Guest OS Version.
  • On the Storage tab
    • Select the cdrom entry and select remove.
    • Select the hda disk entry and choose Edit.
      • On the 'Options' drop down, select Clone Reference Disk
      • In the 'Ref Disk Type' drop down, select 'Disk Image'
      • In the 'Ref Format' drop down, select tar.gz
      • In the reference location, select the absolute path of the downloaded connector appliance. Note this path should be valid path on the managed server.
      • Press Save to save the disk changes
    • Press ok to save the template.
  • Select the template and provision the virtual machine as usual.

Configuring the Connector in your Enterprise

  • Get to your virtual machine Console and find out the Connector IP Address.
  • Login to the Connector, using connector as username and convirt as password.
  • Use scp/ftp or some other mechanism to get the ConVirt-Appliance key in to the appliance. Save it in ~/ec2_creds/keys/my-convirt-appliance-key.pem
  • Check the connectivity as follows.
 ssh -i ~/ec2_creds/keys/my-convirt-appliance-key.pem ubuntu@<ConVirt-Appliance IP> ls
 e.g. ssh -i ~/ec2_creds/keys/my-convirt-appliance-key.pem ubuntu@54.241.22.142 ls
  • Initialize the Connector
    cd ~/bin
    sudo ./init-connector <ConVirt-Appliance-IP> <PATH to ConVirt-Appliance Key> <Location ID> <Local network address space> < Local network netmask>
    
    ConVirt-Appliance-IP : IP for ConVirt-Appliance instance running in EC2
    ConVirt-Appliance-Key: Path to ConVirt-Appliance key to access ConVirt-Appliance.
    Location ID : A short identifier (no-spaces or special characters) e.g HQ  
    Local network address space: This is the network on which the appliance is running (Typically management network). e.g. 192.168.12.0 
    Local network netmask : netmask for the local network. e.g. 255.255.255.0
  e.g. cd ~/bin; sudo ./init-connector 184.169.175.120 ~/ec2_creds/keys/my-convirt-appliance-key.pem HQ 192.168.12.0 255.255.255.0
 NOTE : No user name before the ConVirt-Appliance IP.

Test the connector

  Execute a command on the appliance using secure vpn 
  ssh -i ~/ec2_creds/keys/my-convirt-appliance-key.pem ubuntu@10.8.0.1 ls
   

Additional Configuration

Now that Connector is configures successfully, we need to ensure that we can communicate between ConVirt-Appliance and rest of the infrastructure.

Here are two options

OPTION I

Add a static route to the router to allow connectivity/return path to the ConVirt appliance network. The steps to do this will be route specific, we need to establish the Connector (local ip/ip on management network) as gateway to the ConVirt-Appliance network.

 The linux equivalent is 
 route add 10.8.0.0 netmask 255.255.255.0 gw <Connector-ip-on-management-network> dev <ethernet device connected to management network>

Now, if the you do not have permission to change router settings, and the network administrators are not reachable, you can use the second option to achieve the same.

OPTION II

In this option, we set up the connectivity for each managed server individually.

This is covered in Preparing Managed servers here. You will get to it as a part of upcoming installation steps.

Continue with Preparing Managed servers

To continue follow link here.

 
他にご質問がございましたら、リクエストを送信してください

コメント

 
Adding comment, please wait....

Provide Feedback on Article:

Subject:
Comments:*
Powered by Zendesk