Setting up the ConVirt 2.0 environment involves:
- Setting up ConVirt Management Server (CMS). There are two options.
- Installing CMS in your Enterprise.
- Directly starting ConVirt-Appliance image in Amazon AWS EC2.
- Preparing each Managed Server to be managed by ConVirt.
- Using Firefox browser to access ConVirt and start managing your infrastructure.
Note If you are upgrading an existing ConVirt Open Source deployment, please use Upgrade Guide
Table Of Contents
Pick one of the following options to setup ConVirt Management Server.
- Installing CMS in your enterprise.
- Directly starting ConVirt-Appliance image in Amazon AWS EC2. Start here.
Preparing Managed Servers
Install Virtualization Platform
Before you start managing a remote server using ConVirt, you need to ensure that it's properly configured. This can be done easily in a few quick steps.
NOTE: Each managed server needs to be prepared using the following procedure.
- Install (if necessary) and configure Xen (3.0.4 or higher) or KVM (kvm-70 or higher) on the managed server. Note: chances are your linux distribution already includes either Xen or KVM. Almost all modern distributions do.
- Here are some tips and pointers :
- For Xen on CentOS/RHEL : Select the Virtualization option at the time of installation.
- For Xen on SLES : Select Xen Virtual Machine Host Server option. Here is a good link. Novell Doc
- For KVM on Debian lenny/Ubuntu 8.10/9.04/10.04: sudo apt-get install ssh kvm socat dnsmasq uml-utilities lvm2 expect should do the trick.
- For KVM on SLES : Go to Yast and choose "Install Hypervisor and tools", select KVM
- For KVM on CentOS/RHEL 5.x :
- yum groupinstall KVM; modprobe kvm;
- Depending on your processor, modprobe kvm-amd or modprobe kvm-intel
- For KVM on CentOS/RHEL 6.x : Select "Virtual Host" at the time of installation.
- NOTE : RHEL 6 users, please visit RHEL 6 Networking section, before proceeding to next step.
The convirt-tool script helps you do necessary changes to the managed server, so it is easily managed by ConVirt (CMS).
- For the Xen platform, running this command configures the Xend Server to listen on port 8006 and opens port 8002 for migration. The command also detects the default bridge and writes a summary of its operations to the /var/cache/convirt/server_info file.
- For the KVM platform, the command creates appropriate public bridges, required scripts and writes a summary of its operations to the /var/cache/convirt/server_info file.
Please follow the steps.
- Login to CMS server as CMS user account. In case, CMS is running in to Amazon EC2, use the ConVirt-Appliance key to login to CMS.
- You would have already fetched the convirt-tool tarball as a part of the CMS setup, but if not, here is a link to download it.
wget --no-cache http://www.convirture.com/downloads/convirture-tools/2.5/convirture-tools-2.5.tar.gz
- Copy the convirt-tool tarball to managed server.
scp convirture-tools-2.5.tar.gz root@managed-server:/root
- As a CMS user, Login to the managed server as root. DO NOT SKIP THIS STEP.
ssh root@managed-server Note ConVirt requires ability to login remotely using root account. For certain distribution root password is not set by default. On such distribution, root password must be explicitly set.
- Extract the contents of the archive into a directory. For example:
tar -xzf convirture-tools-2.1.1.tar.gz
- Change to the <install_dir>/convirture-tools/install/managed_server/scripts directory, then use the convirt-tool command to check or configure the managed server. You will need to login as root user.
- To view the usage message, run:
- To validate the platform without making any changes, run:
./convirt-tool --detect_only setup
- Install required dependencies
- To have a virtual machine connect to a network, bridge setup is required. With virtualization platform installation, depending on the version, you would have either xenbr0 or eth0 or br0 setup. You can verify this using the brctl show command. If you do not have any bridge, convirt-tool can set up bridges for each network interface.
Warning : This might disconnect the server from the network, so please make sure you have an alternative way of getting to the server (Be on the server, iLO, DRAC etc). Also, in case the managed server is part of cluster, the server might reboot because of network connectivity loss resulting in node fencing.
If you have the bridge set up already done or want to handle bridge setup separately, run the following command. (er. ./convirt-tool --skip_bridge setup
NOTE : Make sure that you have atleast one bridge setup to which the virtual machines can connect.
For the Xen 4.0 /SLES 11/SLES 11 SP1 user, xen server should be listening on SSL option
./convirt-tool --xen_ssl --all setup
- If you are using a firewall on Debian/Ubuntu you should verify that following ports are open
- For Both: ssh port (usually 22)
- For Both:6900-6999 ports for VNC tunnels
- For Xen : TCP port 8002 to allow migration, 8006 to allow ConVirt to talk to Xend Server.
- Fox KVM : TCP ports 8002 to 8012 for migration.
- For Xen, you should also specify the default memory for dom0. (new since version 2.0.1)
./convirt-tool --dom0_mem 1024 setup
This will set the dom0_mem using xm command as well as change the grub.conf file to have dom0_mem parameter added to the kernel line.
Additional steps for configurations with ConVirt-Connector
This section is required only for setup using ConVirt-Appliance in Amazon EC2.
NOTEYou can skip this section, if during the ConVirt-Connector setup, you were able to add static route your router
- Add appliance connectivity to the managed server.
convirt-tool add_appliance_network appliance_network appliance_netmask connector_ip adapter This is to be used to setup access to remote ConVirt-Appliance management network via ConVirt-Connector. Adds a static route to the appliance network. appliance_netwok : Typically 10.8.0.0 unless defaults in ConVirt-Appliance changed. appliance_netmask : Typically 255.255.255.0, unless defaults in ConVirt-Appliance changed. connector_ip : IP of the connector appliance, this should be on the same network as the managed server. adapter : The ethernet adapter which via which the connector_ip is reachable. Typically br0 or eth0.
e.g convirt-tool add_appliance_network 10.8.0.0 255.255.255.0 192.168.12.243 br0
In case, you want to revert changes, you can use the remove_appliance_network as follows.
e.g convirt-tool remove_appliance_network 10.8.0.0 255.255.255.0 192.168.12.243 br0
Using ConVirt to manage your environment
Once the CMS and the managed servers are prepared,
- Typical CMS startup
- * Start the CMS
cd ~/convirt ./convirt-ctl start
- NOTE You would be prompted for passphrase if you have done ssh key based setup. By default the ~/.ssh/cms_id_rsa identity is used, if not found, it would use ~/.ssh/id_rsa. If neither of these are found, ConVirt would use passwords.
- Point the browser to CMS http://ip-address:8081/
- Login using credentials (default admin/admin)
- Select the Server Pool to which you'd like to add the new managed server. For example : QA Pool
- Right mouse click to get to the context menu and select 'Add Server'.
- Select the virtualization platform.
- Provide the IP address or hostname of the managed server prepared in the previous section. Also provide ssh credentials and check the "Use Keys" option in the advanced section. Press ok to add the server.
The new managed server would show up under the Server Pool. Now you can use ConVirt to create and manage complete life cycle of Virtual Machines on this server. Refer to documentation for more details.
You may want to do additional steps to further customize/setup your environment.
- To see the Graphic console of a Virtual Machine from the browser, you need to do some extra steps.
- Install Java Plugin in to the browser. This is required to run the VNC applet.
- ConVirt allows you to designate a host as VNC proxy, i.e. all VNC connections would be forwarded to this host and made accessible to the browser. The default VNC proxy is same host as the CMS. We will assume this for rest of the setup procedure.
- * Login to the CMS host as the linux user that starts the CMS ( ./convirt-ctl start)
- * As a part of the CMS setup, a ~/.ssh/cms_id_rsa and cms_id_rsa.pub files are already generated.
- * Now from the CMS host, try logging in to management server using the key setup. Enter the passphrase that was used at the time of CMS installation. (typically none)
eval `ssh-agent -s` ssh-add ~/.ssh/cms_id_rsa
- * Now you should be able to login to any managed server for which the keys were setup without requiring password.
- This should work most of the time, if you entered credentials as well as checked the "Use Keys" options while adding the managed server. ConVirt automatically adds a cms_id_rsa to authorized host of the managed server. If for some reason, this does not work, you need to copy ~/.ssh/cms_id_rsa.pub on to EACH managed server and append it to ~/.ssh/authorized_keys file.
scp ~/.ssh/cms_id_rsa.pub root@managed-server:/root/.ssh/vnc_proxy_id_rsa.pub ssh root@managed-server cat ~/.ssh/vnc_proxy_id_rsa.pub >> ~/.ssh/authorized_keys
- Change the Firewall to allow TCP traffic on port range 6900-6999. This port range is used by the ConVirt to allow VNC applet to access Virtual machine consoles. Login as root on the CMS server and run the following command.
iptables -I INPUT -m state --state NEW -p tcp --dport 6900:6999 -j ACCEPT
- Please checkout this page that explains how VNC setup works. This might help troubleshoot VNC problems.
Setting up SSL for CMS
To setup SSL for CMS follow the links here.
NOTE : There is a known issues of login and logout redirects going to the non-http url causing error.