Strategy to Mange Ovirt VMs Created from Templates
I want to be able to manage VMs using Ansible. As part of the template creation process it says to seal the VM. Can someone tell me what sealing does to a Linux VM? I understand it removes some of things that make the VM unique but no real specifics. So, if I want to manage a VM created from a template would this general process work?- Seal the VM Install CloudInit and keys, accounts, etc Shut off VM and create template from it. Create new VM using Ansbile & CloudInit CloudInit would have just enough info so that you could manage the VM with Ansible. Would that work? I am just starting to explore what CloudInit can do and what it is. I am brand new to it. I didn't find enough info on template sealing to help me devise a full cycle management strategy. Perhaps there are other/easier methods? Thanks for your advice and input.
Hello Jeremy, we did this kind of workflow: - create a standard base image, with all the required updates you want. We usually started from the previous template of the same RHEL release, but you can start from scratch every time if you want. - Install cloud-init that starts at boot and then, after the first successful execution, disables itself. - a ssh key for ansible to allow login as root without password. This key will be then removed after deployment is completed. - create this new template as new version of the existing RHEL template (RHEL 7 as example) At deploy time with ansible: - deploy a new vm starting from the latest template of RHEL7. Use run_once cloudinit details for setting ip address. The vm has to be connected to the right virtual network. - wait_for vm to be reachable via network - proceed with ansible to configure/install the remaining parts (authentication, monitoring agents, backup utilities). Luca On Mon, Dec 23, 2019 at 4:20 PM <jeremy_tourville@hotmail.com> wrote:
I want to be able to manage VMs using Ansible. As part of the template creation process it says to seal the VM. Can someone tell me what sealing does to a Linux VM? I understand it removes some of things that make the VM unique but no real specifics.
So, if I want to manage a VM created from a template would this general process work?-
Seal the VM Install CloudInit and keys, accounts, etc Shut off VM and create template from it.
Create new VM using Ansbile & CloudInit CloudInit would have just enough info so that you could manage the VM with Ansible.
Would that work?
I am just starting to explore what CloudInit can do and what it is. I am brand new to it. I didn't find enough info on template sealing to help me devise a full cycle management strategy. Perhaps there are other/easier methods? Thanks for your advice and input. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJ6OOPUT3KJEME...
-- "E' assurdo impiegare gli uomini di intelligenza eccellente per fare calcoli che potrebbero essere affidati a chiunque se si usassero delle macchine" Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716) "Internet è la più grande biblioteca del mondo. Ma il problema è che i libri sono tutti sparsi sul pavimento" John Allen Paulos, Matematico (1945-vivente) Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , <lorenzetto.luca@gmail.com>
Thank you for your reply Luca, In general your work flow is helpful and makes sense to me. I meant to say above- "As part of the template creation process ***the Ovirt docs*** say to seal the VM". So I think I understand that you need to use both processes (seal template + cloudinit) to get everything to work as desired. I'd still appreciate any more specifics about what sealing a VM does.
Hi Jeremy, I found an old blog post where the author seals the VM manually, see here: https://www.linuxtechi.com/create-vm-template-ovirt-environment/ Please, *do not follow this guide* since it seems to be a bit outdated. Nonetheless, it might give you a more specific idea about what sealing the template (which is done for you by oVirt) actually entails. Jan On Mon, Dec 23, 2019 at 5:48 PM <jeremy_tourville@hotmail.com> wrote:
Thank you for your reply Luca, In general your work flow is helpful and makes sense to me.
I meant to say above- "As part of the template creation process ***the Ovirt docs*** say to seal the VM".
So I think I understand that you need to use both processes (seal template + cloudinit) to get everything to work as desired. I'd still appreciate any more specifics about what sealing a VM does. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/BRLNWOQB6FM4BU...
-- Jan Zmeskal Quality Engineer, RHV Core System Red Hat <https://www.redhat.com> <https://www.redhat.com>
Hi Jeremy, Can someone tell me what sealing does to a Linux VM?
In short, "sealing is the process of removing all system-specific details from a virtual machine before creating a template based on that virtual machine". In entails actions such as removing SSH host keys, removing MAC address information from the system, changing the hostname to a generic etc. You could do all this manually, but as far as Linux VMs are concerned, you don't have to. oVirt can do this for you when you create a teamplate. So, if I want to manage a VM created from a template would this general
process work?-
Seal the VM Install CloudInit and keys, accounts, etc Shut off VM and create template from it.
Create new VM using Ansbile & CloudInit CloudInit would have just enough info so that you could manage the VM with Ansible.
I think the better order would be: - Upload a disk <https://www.ovirt.org/documentation/admin-guide/chap-Virtual_Machine_Disks.html#uploading-a-disk-image-to-a-storage-domain> that you want to use as a basis for your template (RHEL, CentOS, whatever you use) - Create a VM with that disk attached - Start the VM - Do all the necessary configuration that you want to be part of your future template. That means for example enabling repositories, updating packages etc. If you want to start your future VMs using cloud-init, you need to install (and enable it!) here. - Stop the VM - Create template out of this VM (Don't forget to check the *Seal Template* option during template creation) - Create a new VM out of that template (using Ansible if you wish so) Sample Ansible playbook creating a single VM would look like this: --- - name: Create VM using Ansible role hosts: localhost connection: local gather_facts: false vars: engine_fqdn: my_enging.my_domain.com engine_user: admin@internal engine_password: mypass my_vm_profile: template: cloud_init_enabled_template ssh_key: "your_public_ssh_key" vms: - name: test_vm cluster: my_cluster profile: "{{ my_vm_profile }}" state: running cloud_init: host_name: sandbox root_password: sandbox custom_script: | packages: - vim-enhanced - screen roles: - ovirt.vm-infra All the variables that may be provided to ovirt.vm-infra role can be found here <https://github.com/oVirt/ovirt-ansible-vm-infra/blob/master/README.md>. Pay special attention to the *cloud_init *key in the test_vm dictionary. This dictionary is used to control cloud-init setup on VM. It natively supports many of the cloud-init parameters and you can find them all in the previous link. Should this not be sufficient for you, *cloud_init* dictionary may also contain *custom_script *key. To that key, you simply provide a string which holds raw cloud-init script. Examples of raw cloud-init scripts can be found in cloud-init's doc page <https://cloudinit.readthedocs.io/en/latest/topics/examples.html>. Hope this was helpful. Best regards! Jan On Mon, Dec 23, 2019 at 4:30 PM Luca 'remix_tj' Lorenzetto < lorenzetto.luca@gmail.com> wrote:
Hello Jeremy,
we did this kind of workflow:
- create a standard base image, with all the required updates you want. We usually started from the previous template of the same RHEL release, but you can start from scratch every time if you want. - Install cloud-init that starts at boot and then, after the first successful execution, disables itself. - a ssh key for ansible to allow login as root without password. This key will be then removed after deployment is completed. - create this new template as new version of the existing RHEL template (RHEL 7 as example)
At deploy time with ansible: - deploy a new vm starting from the latest template of RHEL7. Use run_once cloudinit details for setting ip address. The vm has to be connected to the right virtual network. - wait_for vm to be reachable via network - proceed with ansible to configure/install the remaining parts (authentication, monitoring agents, backup utilities).
Luca
On Mon, Dec 23, 2019 at 4:20 PM <jeremy_tourville@hotmail.com> wrote:
I want to be able to manage VMs using Ansible. As part of the template
creation process it says to seal the VM. Can someone tell me what sealing does to a Linux VM? I understand it removes some of things that make the VM unique but no real specifics.
So, if I want to manage a VM created from a template would this general
process work?-
Seal the VM Install CloudInit and keys, accounts, etc Shut off VM and create template from it.
Create new VM using Ansbile & CloudInit CloudInit would have just enough info so that you could manage the VM
with Ansible.
Would that work?
I am just starting to explore what CloudInit can do and what it is. I
am brand new to it. I didn't find enough info on template sealing to help me devise a full cycle management strategy. Perhaps there are other/easier methods? Thanks for your advice and input.
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJ6OOPUT3KJEME...
-- "E' assurdo impiegare gli uomini di intelligenza eccellente per fare calcoli che potrebbero essere affidati a chiunque se si usassero delle macchine" Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)
"Internet è la più grande biblioteca del mondo. Ma il problema è che i libri sono tutti sparsi sul pavimento" John Allen Paulos, Matematico (1945-vivente)
Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , < lorenzetto.luca@gmail.com> _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VSPOODV5O3PPTA...
-- Jan Zmeskal Quality Engineer, RHV Core System Red Hat <https://www.redhat.com> <https://www.redhat.com>
participants (3)
-
Jan Zmeskal -
jeremy_tourville@hotmail.com -
Luca 'remix_tj' Lorenzetto