Creating Windows images on ExoGENI

In this post, creation and configuration of a Windows image is described. Virtual Machines running Windows OS can be used on ExoGENI. As it is mentioned on this post ExoGENI does not host VM images. Windows images should be created by the users. This can be done on any platform. ExoGENI testbed baremetal servers can be used for image creation as well. In this post, steps for installing KVM to a baremetal server to use as a virtualization platform for image creation is described, too.

  • Activation of the OS should be managed by the user.
  • Dataplane interfaces can be created by ORCA, however configuration of interfaces is not supported yet.
  • Attaching iSCSI storage is not supported yet.
  • Upon creation of the VM, IP address assignment and other network configuration for dataplane interfaces should be done manually within inside the VM.

Steps to create and deploy an image are as below:

  1. Install virtualization platform for image creation
  2. Install and customize the OS
  3. Create and deploy the image

Virtualization Platform Installation

1. Create a slice with one baremetal server. Baremetal server will be used as the hypervisor to provision an instance. Image file of the instance will be converted and deployed on a web server or image registry to provision VMs on ExoGENI.

2. Install KVM and virtualization platform.

yum update -y
yum install qemu-kvm qemu-img -y
yum groupinstall virtualization-client virtualization-platform virtualization-tools -y
service libvirtd start
yum install vnc -y

3. Install RPMs for X11 Forwarding. We will need to launch VNC viewer to access the VM.

yum install -y xorg-x11-xauth xorg-x11-fonts-* xorg-x11-utils
touch /root/.Xauthority

4. On ExoGENI, baremetal servers are booted off “stateless images” and OS runs on ramdisk. Each server has two harddrives which can be partitioned and mounted after the server is provisioned. (Another option is attaching storage to the server during slice creation.) We will use the physical drives, partition and mount to provide storage for the hypervisor. (If there are already defined partitions, either re-use them or delete, re-partition and create filesystem)

[root@Node0 ~]# fdisk /dev/sda
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x77e3f885.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): p

Disk /dev/sda: 299.0 GB, 298999349248 bytes
255 heads, 63 sectors/track, 36351 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x77e3f885

   Device Boot      Start         End      Blocks   Id  System

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-36351, default 1): 
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-36351, default 36351): 
Using default value 36351

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

[root@Node0 ~]# fdisk  -l

Disk /dev/sda: 299.0 GB, 298999349248 bytes
255 heads, 63 sectors/track, 36351 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x77e3f885

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1       36351   291989376   83  Linux

[root@Node0 ~]# mkfs.ext4 /dev/sda1
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
18251776 inodes, 72997344 blocks
3649867 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
2228 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
4096000, 7962624, 11239424, 20480000, 23887872, 71663616

Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 35 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Create directories, mount hard drive:

[root@Node0 ~]# mkdir /opt/kvm
[root@Node0 ~]# mount /dev/sda1 /opt/kvm
[root@Node0 ~]# mkdir /opt/kvm/iso
[root@Node0 ~]# mv /var/lib/libvirt /opt/kvm/.
[root@Node0 ~]# ln -s /opt/kvm/libvirt /var/lib/libvirt

5. Create bridge interface which will be used by KVM. During this image creation process, we will not need to use network connection to the VM, but bridge interface can be used to access the VM, if needed. Public interface of the server will be bridged to access the VM, so we need to create and configure the bridge with the public interface. (This interface depends on the type of racks. On UCS-B series ExoGENI racks, this interface is eth0, whereas on IBM racks em1.)

Create a script, then execute:

### Configure br0 on the baremetal server
#!/bin/bash

PHYS_IF="eth0"
BR_IF="br0"
IPADDR=$(ifconfig $PHYS_IF | grep "inet addr" | awk '{print $2}' | cut -d: -f2)
NETMASK=$(ifconfig $PHYS_IF | grep "inet addr" | awk '{print $4}' | cut -d: -f2)
GATEWAY=$(ip route show | grep default | awk '{print $3}')

brctl addbr ${BR_IF}
ifconfig ${PHYS_IF} 0.0.0.0 down
brctl addif ${BR_IF} ${PHYS_IF}

ifconfig ${PHYS_IF} up
ifconfig ${BR_IF} ${IPADDR} netmask ${NETMASK} up
route add -net default gw ${GATEWAY}
[root@Node0 ~]# chmod +x  configure_bridge.sh 
[root@Node0 ~]# ./configure_bridge.sh
[root@Node0 ~]# ifconfig -a
br0       Link encap:Ethernet  HWaddr 00:25:B5:00:02:7F  
          inet addr:10.101.0.16  Bcast:10.101.0.255  Mask:255.255.255.0
          inet6 addr: fe80::225:b5ff:fe00:27f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1444 (1.4 KiB)  TX bytes:1750 (1.7 KiB)

eth0      Link encap:Ethernet  HWaddr 00:25:B5:00:02:7F  
          inet6 addr: fe80::225:b5ff:fe00:27f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:819589 errors:0 dropped:0 overruns:0 frame:0
          TX packets:187926 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1206755994 (1.1 GiB)  TX bytes:16406110 (15.6 MiB)

eth1      Link encap:Ethernet  HWaddr 00:25:B5:00:02:4F  
          inet6 addr: fe80::225:b5ff:fe00:24f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:888 (888.0 b)

eth2      Link encap:Ethernet  HWaddr 00:25:B5:00:02:5F  
          inet6 addr: fe80::225:b5ff:fe00:25f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:9000  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:888 (888.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

virbr0    Link encap:Ethernet  HWaddr 52:54:00:A1:FD:F2  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

virbr0-nic Link encap:Ethernet  HWaddr 52:54:00:A1:FD:F2  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

6. Copy Windows installer ISO and VirtIO drivers for Windows to the server. (Windows installer needs to be provided by the user.)

wget http://geni-images.renci.org/images/windows/virtio-win-0.1-22.iso

7. Create the instance:

[root@Node0 ~]# qemu-img create -f qcow2 /var/lib/libvirt/images/win7.qcow 20G
Formatting '/var/lib/libvirt/images/win7.qcow', fmt=qcow2 size=21474836480 encryption=off cluster_size=65536 

[root@Node0 ~]# /usr/libexec/qemu-kvm -m 2048 -cdrom /opt/kvm/iso/Win7Enterprise-64bit.iso -drive file=/var/lib/libvirt/images/win7.qcow,if=virtio -drive file=/opt/kvm/iso/virtio-win-0.1-22.iso,index=3,media=cdrom -net nic,model=virtio -net user -nographic -usbdevice tablet -vnc :9 -enable-kvm 

On another terminal login with X11 forwarding:

ssh -Y -i ~/.ssh/id_geni_ssh_mcevik_rsa root@139.62.242.122

Add iptables rule for VNC connection (port 5109):

iptables -A INPUT -p tcp --dport 5909 -j ACCEPT

Connect to the instance via VNC:

[root@Node0 ~]# vncviewer 127.0.0.1:9

Windows OS Installation and Customization

Install the OS by selecting VirtIO driver from the ISO image attached to the instance:

 Screen Shot 2017-06-05 at 23.40.43
 Screen Shot 2017-06-05 at 23.41.18
Screen Shot 2017-06-05 at 23.41.23
Screen Shot 2017-06-05 at 23.41.28
Screen Shot 2017-06-05 at 23.41.41
Screen Shot 2017-06-05 at 23.43.30
Screen Shot 2017-06-05 at 23.44.03
Screen Shot 2017-06-05 at 23.44.17
Screen Shot 2017-06-06 at 00.35.05
Screen Shot 2017-06-06 at 00.37.34

Switch to audit mode by CTRL+SHIFT+F3:

Screen Shot 2017-06-06 at 00.38.00 Screen Shot 2017-06-06 at 00.38.39

Install virtio network driver:

Screen Shot 2017-06-06 at 01.55.32 Screen Shot 2017-06-06 at 01.56.02 Screen Shot 2017-06-06 at 01.56.10 Screen Shot 2017-06-06 at 00.39.56

Select “Work Network”:

Screen Shot 2017-06-06 at 00.40.51

Download and install Firefox:

 Screen Shot 2017-06-06 at 00.43.13

Download and install Cloudbase-Init:

Screen Shot 2017-06-06 at 00.46.14
Screen Shot 2017-06-06 at 00.46.21 Screen Shot 2017-06-06 at 00.46.46 Screen Shot 2017-06-06 at 00.50.29

Run System Preparation Tool with the settings below:

Screen Shot 2017-06-06 at 02.01.55

Reboot the instance:

 Screen Shot 2017-06-06 at 02.03.56

Login in audit mode:

Create a user account “exogeni” (Administrator).

Configure the user account to log on automatically:
– Run netplwiz
– User Accounts dialog box: Clear “Users must enter a user name and password to use this computer” check box. Enter the user’s password.

Reboot and see automatic login:

Enable Remote Desktop, disable Remote Assistance:

 Screen Shot 2017-06-06 at 02.17.33

Configure Windows Firewall:

Advanced settings: Disable “Network Discovery” rules:

Screen Shot 2017-06-06 at 02.15.23

Create new rule to allow incoming and outgoing ICMP traffic for pinging:
– Rule Type: Custom
– Program: All programs
– Protocols and ports: ICMPv4 – All ports
– Scope: Any IP address for both local and remote IP addresses
– Action: Allow connection
– Profile: Domain, private, public selected
– Name: PING

Configure “restarts” after automatic updates: To complete installation of the network drivers when the VM is launched, enable automatic restart after updates.
– Run gpedit.msc
– Local Group Policy Editor: Local Computer Policy, Computer Configuration, Administrative Templates, Windows Components, Windows Update

Screen Shot 2017-06-06 at 02.45.58
Screen Shot 2017-06-06 at 03.16.37

Shut down the instance. All customizations are saved to the qcow image.

Image creation and deployment

After customizations, qcow2 image needs to be converted to raw image:

qemu-img convert -O raw win7.qcow win7.raw.img
gzip win7.raw.img

Generate the metadata file:

<images>
    <image>
        <type>ZFILESYSTEM</type>
        <signature>3d4013f0ce337fb619747ebed282de374de464e3</signature>
        <url>http://WEBSERVER/image-windows/win7.img.gz</url>
    </image>
</images>

After slice is created, you can connect to the VM by Remote Desktop and assign IP addresses to the dataplane interfaces. Also, activation of the OS needs to be done with a valid licence key.

Screen Shot 2017-06-06 at 10.05.43

Screen Shot 2017-06-06 at 08.42.50 Screen Shot 2017-06-06 at 08.43.12

Have something to add?

Loading Facebook Comments ...