- Working With Templates
- Creating Templates: Overview
- Requirements for Templates
- Best Practices for Templates
- The Default Template
- Private and Public Templates
- Creating a Template from an Existing Virtual Machine
- Creating a Template from a Snapshot
- Uploading Templates from a remote HTTP server
- Bypassing Secondary Storage For KVM templates
- Uploading Templates and ISOs from a local computer
- Sharing templates and ISOs with other accounts/projects
- Exporting Templates
- Creating a Linux Template
- Creating a Windows Template
- Importing Amazon Machine Images
- Converting a Hyper-V VM to a Template
- Adding Password Management to Your Templates
- Deleting Templates
- Working with ISOs
Working With Templates
A template is a reusable configuration for virtual machines. When users launch VMs, they can choose from a list of templates in CloudStack.
Specifically, a template is a virtual disk image that includes one of a variety of operating systems, optional additional software such as office applications, and settings such as access control to determine who can use the template. Each template is associated with a particular type of hypervisor, which is specified when the template is added to CloudStack.
CloudStack ships with a default template. In order to present more choices to users, CloudStack administrators and users can create templates and add them to CloudStack.
Creating Templates: Overview
CloudStack ships with a default template for the CentOS operating system. There are a variety of ways to add more templates. Administrators and end users can add templates. The typical sequence of events is:
- Launch a VM instance that has the operating system you want. Make any other desired configuration changes to the VM.
- Stop the VM.
- Convert the volume into a template.
There are other ways to add templates to CloudStack. For example, you can take a snapshot of the VM’s volume and create a template from the snapshot, or import a VHD from another system into CloudStack.
The various techniques for creating templates are described in the next few sections.
Requirements for Templates
- For XenServer, install PV drivers / Xen tools on each template that you create. This will enable live migration and clean guest shutdown.
- For vSphere, install VMware Tools on each template that you create. This will enable console view to work properly.
Best Practices for Templates
If you plan to use large templates (100 GB or larger), be sure you have a 10-gigabit network to support the large templates. A slower network can lead to timeouts and other errors when large templates are used.
The Default Template
CloudStack includes a CentOS template. This template is downloaded by the Secondary Storage VM after the primary and secondary storage are configured. You can use this template in your production deployment or you can delete it and use custom templates.
The root password for the default template is “password”.
A default template is provided for each of XenServer, KVM, and vSphere. The templates that are downloaded depend on the hypervisor type that is available in your cloud. Each template is approximately 2.5 GB physical size.
The default template includes the standard iptables rules, which will block most access to the template excluding ssh.
# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-
Private and Public Templates
When a user creates a template, it can be designated private or public.
Private templates are only available to the user who created them. By default, an uploaded template is private.
When a user marks a template as “public,” the template becomes available to all users in all accounts in the user’s domain, as well as users in any other domains that have access to the Zone where the template is stored. This depends on whether the Zone, in turn, was defined as private or public. A private Zone is assigned to a single domain, and a public Zone is accessible to any domain. If a public template is created in a private Zone, it is available only to users in the domain assigned to that Zone. If a public template is created in a public Zone, it is available to all users in all domains.
Creating a Template from an Existing Virtual Machine
Once you have at least one VM set up in the way you want, you can use it as the prototype for other VMs.
Create and start a virtual machine using any of the techniques given in “Creating VMs”.
Make any desired configuration changes on the running VM, then click Stop.
Wait for the VM to stop. When the status shows Stopped, go to the next step.
Go into “View Volumes” and select the Volume having the type “ROOT”.
Click Create Template and provide the following:
Name and Display Text. These will be shown in the UI, so choose something descriptive.
OS Type. (Except for VMware). This helps CloudStack and the hypervisor perform certain operations and make assumptions that improve the performance of the guest. Select one of the following.
If the operating system of the stopped VM is listed, choose it.
If the OS type of the stopped VM is not listed, choose Other.
If you want to boot from this template in PV mode, choose Other PV (32-bit) or Other PV (64-bit). This choice is available only for XenServere:
Note
Generally you should not choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will in general not work. In those cases you should choose Other.
Note
Since version 4.15, VMware templates do not allow users or administrators selecting an OS Type when registering a template. The OS Type is obtained from the template after it is registered.
Public. Choose Yes to make this template accessible to all users of this CloudStack installation. The template will appear in the Community Templates list. See “Private and Public Templates”.
Password Enabled. Choose Yes if your template has the CloudStack password change script installed. See Adding Password Management to Your Templates.
Click Add.
The new template will be visible in the Templates section when the template creation process has been completed. The template is then available when creating a new VM.
Note
Since version 4.15, CloudStack obtains information from the VMware templates automatically at registration time. If a template contains different deployment options (or configurations) as in the case of virtual appliances, then CloudStack display the information required by the template, allowing users or administrators to configure their instances.
Creating a Template from a Snapshot
If you do not want to stop the VM in order to use the Create Template menu item (as described in “Creating a Template from an Existing Virtual Machine”), you can create a template directly from any snapshot through the CloudStack UI.
Uploading Templates from a remote HTTP server
vSphere Templates and ISOs
Warning
If you are uploading a template that was created using vSphere Client, be sure the OVA file does not contain an ISO. If it does, the deployment of VMs from the template will fail
Templates are uploaded based on a URL. HTTP is the supported access protocol. Templates are frequently large files. You can optionally gzip them to decrease upload times.
To upload a template:
In the left navigation bar, click Templates.
Click Register Template.
Provide the following:
Name and Description. These will be shown in the UI, so choose something descriptive.
URL. The Management Server will download the file from the specified URL, such as
http://my.web.server/filename.vhd.gz
.Zone. Choose the zone where you want the template to be available, or All Zones to make it available throughout CloudStack.
OS Type: (Except for VMware). This helps CloudStack and the hypervisor perform certain operations and make assumptions that improve the performance of the guest. Select one of the following:
If the operating system of the stopped VM is listed, choose it.
If the OS type of the stopped VM is not listed, choose Other.
Note
You should not choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will in general not work. In those cases you should choose Other.
Note
Since version 4.15, VMware templates do not allow users or administrators selecting an OS Type when registering a template. The OS Type is obtained from the template after it is registered.
Hypervisor: The supported hypervisors are listed. Select the desired one.
Format. The format of the template upload file, such as VHD or OVA.
Password Enabled. Choose Yes if your template has the CloudStack password change script installed. See Adding Password Management to Your Templates.
Extractable. Choose Yes if the template is available for extraction. If this option is selected, end users can download a full image of a template.
Public. Choose Yes to make this template accessible to all users of this CloudStack installation. The template will appear in the Community Templates list. See “Private and Public Templates”.
Featured. Choose Yes if you would like this template to be more prominent for users to select. The template will appear in the Featured Templates list. Only an administrator can make a template Featured.
Note that uploading multi-disk templates is also supported.
Note
VMware only: If the selected template contains OVF properties, different deployment options or configurations, multiple NICs or end-user license agreements, then the wizard will display these properties.
See “Support for Virtual Appliances”.
Bypassing Secondary Storage For KVM templates
CloudStack provides an additional way to register and use templates on KVM.
Instead of registering a template and storing it on secondary storage, the user can opt to skip downloading the template to secondary storage for KVM at template registration. At deployment time, the template is downloaded directly to primary storage from the registered source, instead of being copied from secondary storage.
Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL.
To enable this option for a template:
In the left navigation bar, click Templates.
Click Register Template.
Select KVM as hypervisor:
- Direct Download. This option will be shown in the UI when KVM is selected as the hypervisor. Choose Yes to enable the bypassing secondary storage option.
- Checksum. Optional field. If this field is populated, the checksum is compared to the downloaded template checksum when the template is downloaded to primary storage at deployment time.
After the template is registered, it is automatically available for VM deployments.
From CloudStack 4.14.0, system VM templates also support direct download. An administrator can register a new system VM template as ROUTING or USER type with the direct download flag, and it can be changed to SYSTEM type during the upgrade or by out-of-band database changes. Type of newly registered template can be changed to SYSTEM in the database using a SQL query similar to:
UPDATE cloud.vm_template SET type=’SYSTEM’ WHERE uuid=’UUID_OF_NEW_TEMPLATE’;
For direct downloads over HTTPS, the KVM hosts must have valid certificates. These certificates can be either self-signed or signed and will allow the KVM hosts to access the templates/ISOs and download them.
CloudStack provides some APIs to handle certificates for direct downloads:
Upload a certificate to hosts in ‘Up’ state in a zone with id = ZONE_ID:
upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED
where:
- CERTIFICATE_FORMATTED is the string format of a X509 certificate
- CERTIFICATE_ALIAS is the alias which will be used to import the certificate on each KVM host
Note:. These certificates are imported into the /etc/cloudstack/agent/cloud.jks keystore on each KVM host.
Revoke a certificate from every host in ‘Up’ state in a zone with id = ZONE_ID:
revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID
It is also possible to revoke a certificate from a specific host within a zone:
revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID hostid=HOST_ID
After a certificate is revoked from a host within a zone, it can be re-uploaded to the host:
upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED hostid=HOST_ID
As new hosts may be added to a zone which do not include a certificate which was previously uploaded to pre-existing hosts.
CloudStack provides a way to synchronize certificates across all the connected hosts in each zone. The global setting ‘direct.download.certificate.background.task.interval’ defines the interval in which the synchronization task will run. This task will:
- Iterate through each enabled zone
- Enumerate the connected hosts in a zone
- Check which hosts are missing the certificates which have been already uploaded to other hosts
- Upload missing certificates to hosts
With 4.14.0, ability to configure different timeout values for the direct downloading of templates has been added. Three new global settings have been added for this:
- direct.download.connect.timeout - Connection establishment timeout in milliseconds for direct download. Default value: 5000 milliseconds.
- direct.download.socket.timeout - Socket timeout (SO_TIMEOUT) in milliseconds for direct download. Default value: 5000 milliseconds.
- direct.download.connection.request.timeout - Requesting a connection from connection manager timeout in milliseconds for direct download. Default value: 5000 milliseconds. This setting is hidden and not visible in UI.
Uploading Templates and ISOs from a local computer
It’s also possible to upload an already prepared template or an ISO from your local computer. The steps are similar as when Uploading a template/ISO from a remote HTTP server, except that you need to choose a local template/ISO file from your PC. For this feature to work, your SSVMs must be supporting HTTPS (for more info please visit “Using a SSL Certificate for the Console Proxy”).
Note
Since version 4.15, VMware templates do not allow users or administrators selecting an OS Type when uploading a template. The OS Type is obtained from the template after it is uploaded.
Example GUI dialog of uploading Template/ISO from local (browser) is given below:
Note that uploading multi-disk templates is also supported.
Sharing templates and ISOs with other accounts/projects
When adding a template/ISO, the owner can choose to make template/ISO public or to keep it private. Once the template/ISO is created, the owner can choose to share this template/ISO so that other accounts/projects can also use the template/ISO.
Currently, the owner can share his template/ISO with:
- other accounts inside his own domain (i.e. can’t share the template/ISO with other accounts in the subdomain of his domain or any other domains)
- projects where he belongs to (i.e. projects where he is the owner/creator or other projects where he has been joined)
Template/ISO permissions can be changed via updateTemplatePermissions/updateIsoPermissions API call or via GUI. It is supported to add, remove or reset (remove all) template/ISO permissions.
When adding or removing permissions to/from a template/ISO, it is required to specify account/project name which is being added/removed from the template/ISO permissions.
Global setting “allow.user.view.all.domain.accounts” has a default value of “false”. This makes sure that when a regular user (of a “User” role) wants to share a template/ISO via GUI, he will not be shown the list of all accounts in his domain and he will need to know the name of the destination account with which he is sharing the template/ISO. This makes sense in public clouds where each account of a single domain is a different tenant/customer and privacy is imperative. In this case, the user will be presented with an input field to enter the account name, as on the images below:
Warning
The images displayed below refer to template permissions, but the same applies for ISO permissions.
Sharing the template with account “user2”
Revoking permissions from account “user2”
But in environments where privacy within a domain is not an issue, setting “allow.user.view.all.domain.accounts” setting to “true” will make sure that the user, who is sharing the template, will be presented a more user-friendly multi-select list, listing all the accounts in his domain. This is shown in the images below;
Sharing the template with just account “user8”
Sharing template with 2 specific projects
Revoking permissions from account “user8”
Revoking permissions from both projects previously added
Finally, template permissions can be reset:
Resetting (removing all) permissions
Warning
Project-owned templates are not supported to be shared outside of the Project, and if attempted to do so, a proper error message is shown.
Exporting Templates
End users and Administrators may export templates from the CloudStack. Navigate to the template in the UI and choose the Download function from the Actions menu.
Creating a Linux Template
Linux templates should be prepared using this documentation in order to prepare your linux VMs for template deployment. For ease of documentation, the VM which you are configuring the template on will be referred to as “Template Master”. This guide currently covers legacy setups which do not take advantage of UserData and cloud-init and assumes openssh-server is installed during installation.
An overview of the procedure is as follow:
Upload your Linux ISO.
For more information, see “Adding an ISO”.
Create a VM Instance with this ISO.
For more information, see “Creating VMs”.
Prepare the Linux VM
Create a template from the VM.
For more information, see “Creating a Template from an Existing Virtual Machine”.
The following steps will prepare a basic Linux installation for templating.
Installation
It is good practice to name your VM something generic during installation, this will ensure components such as LVM do not appear unique to a machine. It is recommended that the name of “localhost” is used for installation.
Warning
For CentOS, it is necessary to take unique identification out of the interface configuration file, for this edit /etc/sysconfig/network-scripts/ifcfg-eth0 and change the content to the following.
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=dhcp
ONBOOT=yes
The next steps updates the packages on the Template Master.
Ubuntu
sudo -i
apt-get update
apt-get upgrade -y
apt-get install -y acpid ntp
reboot
CentOS
ifup eth0
yum update -y
reboot
Password management
Note
If preferred, custom users (such as ones created during the Ubuntu installation) should be removed. First ensure the root user account is enabled by giving it a password and then login as root to continue.
sudo passwd root
logout
As root, remove any custom user accounts created during the installation process.
deluser myuser --remove-home
See Adding Password Management to Your Templates for instructions to setup the password management script, this will allow CloudStack to change your root password from the web interface.
Hostname Management
CentOS configures the hostname by default on boot. Unfortunately Ubuntu does not have this functionality, for Ubuntu installations use the following steps.
Ubuntu
The hostname of a Templated VM is set by a custom script in /etc/dhcp/dhclient-exit-hooks.d, this script first checks if the current hostname is localhost, if true, it will get the host-name, domain-name and fixed-ip from the DHCP lease file and use those values to set the hostname and append the /etc/hosts file for local hostname resolution. Once this script, or a user has changed the hostname from localhost, it will no longer adjust system files regardless of its new hostname. The script also recreates openssh-server keys, which should have been deleted before templating (shown below). Save the following script to /etc/dhcp/dhclient-exit-hooks.d/sethostname, and adjust the permissions.
#!/bin/sh
# dhclient change hostname script for Ubuntu
oldhostname=$(hostname -s)
if [ $oldhostname = 'localhost' ]
then
sleep 10 # Wait for configuration to be written to disk
hostname=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /host-name/ { host = $3 } END { printf host } ' | sed 's/[";]//g' )
fqdn="$hostname.$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /domain-name/ { domain = $3 } END { printf domain } ' | sed 's/[";]//g')"
ip=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /fixed-address/ { lease = $2 } END { printf lease } ' | sed 's/[";]//g')
echo "cloudstack-hostname: Hostname _localhost_ detected. Changing hostname and adding hosts."
printf " Hostname: $hostname\n FQDN: $fqdn\n IP: $ip"
# Update /etc/hosts
awk -v i="$ip" -v f="$fqdn" -v h="$hostname" "/^127/{x=1} !/^127/ && x { x=0; print i,f,h; } { print $0; }" /etc/hosts > /etc/hosts.dhcp.tmp
mv /etc/hosts /etc/hosts.dhcp.bak
mv /etc/hosts.dhcp.tmp /etc/hosts
# Rename Host
echo $hostname > /etc/hostname
hostname -b -F /etc/hostname
echo $hostname > /proc/sys/kernel/hostname
# Recreate SSH2
export DEBIAN_FRONTEND=noninteractive
dpkg-reconfigure openssh-server
fi
### End of Script ###
chmod 774 /etc/dhcp/dhclient-exit-hooks.d/sethostname
Warning
The following steps should be run when you are ready to template your Template Master. If the Template Master is rebooted during these steps you will have to run all the steps again. At the end of this process the Template Master should be shutdown and the template created in order to create and deploy the final template.
Remove the udev persistent device rules
This step removes information unique to your Template Master such as network MAC addresses, lease files and CD block devices, the files are automatically generated on next boot.
Ubuntu
rm -f /etc/udev/rules.d/70*
rm -f /var/lib/dhcp/dhclient.*
CentOS
rm -f /etc/udev/rules.d/70*
rm -f /var/lib/dhclient/*
Remove SSH Keys
This step is to ensure all your Templated VMs do not have the same SSH keys, which would decrease the security of the machines dramatically.
rm -f /etc/ssh/*key*
Cleaning log files
It is good practice to remove old logs from the Template Master.
cat /dev/null > /var/log/audit/audit.log 2>/dev/null
cat /dev/null > /var/log/wtmp 2>/dev/null
logrotate -f /etc/logrotate.conf 2>/dev/null
rm -f /var/log/*-* /var/log/*.gz 2>/dev/null
Setting hostname
In order for the Ubuntu DHCP script to function and the CentOS dhclient to set the VM hostname they both require the Template Master’s hostname to be “localhost”, run the following commands to change the hostname.
hostname localhost
echo "localhost" > /etc/hostname
Set user password to expire
This step forces the user to change the password of the VM after the template has been deployed.
passwd --expire root
Clearing User History
The next step clears the bash commands you have just run.
history -c
unset HISTFILE
Shutdown the VM
Your now ready to shutdown your Template Master and create a template!
halt -p
Create the template!
You are now ready to create the template, for more information see “Creating a Template from an Existing Virtual Machine”.
Note
Templated VMs for both Ubuntu and CentOS may require a reboot after provisioning in order to pickup the hostname.
Creating a Windows Template
Windows templates must be prepared with Sysprep before they can be provisioned on multiple machines. Sysprep allows you to create a generic Windows template and avoid any possible SID conflicts.
Note
(XenServer) Windows VMs running on XenServer require PV drivers, which may be provided in the template or added after the VM is created. The PV drivers are necessary for essential management functions such as mounting additional volumes and ISO images, live migration, and graceful shutdown.
An overview of the procedure is as follows:
Upload your Windows ISO.
For more information, see “Adding an ISO”.
Create a VM Instance with this ISO.
For more information, see “Creating VMs”.
Follow the steps in Sysprep for Windows Server 2008 R2 (below) or Sysprep for Windows Server 2003 R2, depending on your version of Windows Server
The preparation steps are complete. Now you can actually create the template as described in Creating the Windows Template.
For Windows 2008 R2, you run Windows System Image Manager to create a custom sysprep response XML file. Windows System Image Manager is installed as part of the Windows Automated Installation Kit (AIK). Windows AIK can be downloaded from Microsoft Download Center.
Use the following steps to run sysprep for Windows 2008 R2:
Note
The steps outlined here are derived from the excellent guide by Charity Shelbourne, originally published at Windows Server 2008 Sysprep Mini-Setup.
Download and install the Windows AIK
Note
Windows AIK should not be installed on the Windows 2008 R2 VM you just created. Windows AIK should not be part of the template you create. It is only used to create the sysprep answer file.
Copy the install.wim file in the \sources directory of the Windows 2008 R2 installation DVD to the hard disk. This is a very large file and may take a long time to copy. Windows AIK requires the WIM file to be writable.
Start the Windows System Image Manager, which is part of the Windows AIK.
In the Windows Image pane, right click the Select a Windows image or catalog file option to load the install.wim file you just copied.
Select the Windows 2008 R2 Edition.
You may be prompted with a warning that the catalog file cannot be opened. Click Yes to create a new catalog file.
In the Answer File pane, right click to create a new answer file.
Generate the answer file from the Windows System Image Manager using the following steps:
The first page you need to automate is the Language and Country or Region Selection page. To automate this, expand Components in your Windows Image pane, right-click and add the Microsoft-Windows-International-Core setting to Pass 7 oobeSystem. In your Answer File pane, configure the InputLocale, SystemLocale, UILanguage, and UserLocale with the appropriate settings for your language and country or region. Should you have a question about any of these settings, you can right-click on the specific setting and select Help. This will open the appropriate CHM help file with more information, including examples on the setting you are attempting to configure.
You need to automate the Software License Terms Selection page, otherwise known as the End-User License Agreement (EULA). To do this, expand the Microsoft-Windows-Shell-Setup component. High-light the OOBE setting, and add the setting to the Pass 7 oobeSystem. In Settings, set HideEULAPage true.
Make sure the license key is properly set. If you use MAK key, you can just enter the MAK key on the Windows 2008 R2 VM. You need not input the MAK into the Windows System Image Manager. If you use KMS host for activation you need not enter the Product Key. Details of Windows Volume Activation can be found at http://technet.microsoft.com/en-us/library/bb892849.aspx
You need to automate is the Change Administrator Password page. Expand the Microsoft-Windows-Shell-Setup component (if it is not still expanded), expand UserAccounts, right-click on AdministratorPassword, and add the setting to the Pass 7 oobeSystem configuration pass of your answer file. Under Settings, specify a password next to Value.
You may read the AIK documentation and set many more options that suit your deployment. The steps above are the minimum needed to make Windows unattended setup work.
Save the answer file as unattend.xml. You can ignore the warning messages that appear in the validation window.
Copy the unattend.xml file into the c:\windows\system32\sysprep directory of the Windows 2008 R2 Virtual Machine
Once you place the unattend.xml file in c:\windows\system32\sysprep directory, you run the sysprep tool as follows:
cd c:\Windows\System32\sysprep
sysprep.exe /oobe /generalize /shutdown
The Windows 2008 R2 VM will automatically shut down after sysprep is complete.
Earlier versions of Windows have a different sysprep tool. Follow these steps for Windows Server 2003 R2.
Extract the content of \support\tools\deploy.cab on the Windows installation CD into a directory called c:\sysprep on the Windows 2003 R2 VM.
Run c:\sysprep\setupmgr.exe to create the sysprep.inf file.
- Select Create New to create a new Answer File.
- Enter “Sysprep setup” for the Type of Setup.
- Select the appropriate OS version and edition.
- On the License Agreement screen, select “Yes fully automate the installation”.
- Provide your name and organization.
- Leave display settings at default.
- Set the appropriate time zone.
- Provide your product key.
- Select an appropriate license mode for your deployment
- Select “Automatically generate computer name”.
- Type a default administrator password. If you enable the password reset feature, the users will not actually use this password. This password will be reset by the instance manager after the guest boots up.
- Leave Network Components at “Typical Settings”.
- Select the “WORKGROUP” option.
- Leave Telephony options at default.
- Select appropriate Regional Settings.
- Select appropriate language settings.
- Do not install printers.
- Do not specify “Run Once commands”.
- You need not specify an identification string.
- Save the Answer File as c:\sysprep\sysprep.inf.
Run the following command to sysprep the image:
c:\sysprep\sysprep.exe -reseal -mini -activated
After this step the machine will automatically shut down
Importing Amazon Machine Images
The following procedures describe how to import an Amazon Machine Image (AMI) into CloudStack when using the XenServer hypervisor.
Assume you have an AMI file and this file is called CentOS_6.2_x64. Assume further that you are working on a CentOS host. If the AMI is a Fedora image, you need to be working on a Fedora host initially.
You need to have a XenServer host with a file-based storage repository (either a local ext3 SR or an NFS SR) to convert to a VHD once the image file has been customized on the Centos/Fedora host.
Note
When copying and pasting a command, be sure the command has pasted as a single line before executing. Some document viewers may introduce unwanted line breaks in copied text.
To import an AMI:
Set up loopback on image file:
# mkdir -p /mnt/loop/centos62
# mount -o loop CentOS_6.2_x64 /mnt/loop/centos54
Install the kernel-xen package into the image. This downloads the PV kernel and ramdisk to the image.
# yum -c /mnt/loop/centos54/etc/yum.conf --installroot=/mnt/loop/centos62/ -y install kernel-xen
Create a grub entry in /boot/grub/grub.conf.
# mkdir -p /mnt/loop/centos62/boot/grub
# touch /mnt/loop/centos62/boot/grub/grub.conf
# echo "" > /mnt/loop/centos62/boot/grub/grub.conf
Determine the name of the PV kernel that has been installed into the image.
# cd /mnt/loop/centos62
# ls lib/modules/
2.6.16.33-xenU 2.6.16-xenU 2.6.18-164.15.1.el5xen 2.6.18-164.6.1.el5.centos.plus 2.6.18-xenU-ec2-v1.0 2.6.21.7-2.fc8xen 2.6.31-302-ec2
# ls boot/initrd*
boot/initrd-2.6.18-164.6.1.el5.centos.plus.img boot/initrd-2.6.18-164.15.1.el5xen.img
# ls boot/vmlinuz*
boot/vmlinuz-2.6.18-164.15.1.el5xen boot/vmlinuz-2.6.18-164.6.1.el5.centos.plus boot/vmlinuz-2.6.18-xenU-ec2-v1.0 boot/vmlinuz-2.6.21-2952.fc8xen
Xen kernels/ramdisk always end with “xen”. For the kernel version you choose, there has to be an entry for that version under lib/modules, there has to be an initrd and vmlinuz corresponding to that. Above, the only kernel that satisfies this condition is 2.6.18-164.15.1.el5xen.
Based on your findings, create an entry in the grub.conf file. Below is an example entry.
default=0
timeout=5
hiddenmenu
title CentOS (2.6.18-164.15.1.el5xen)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-164.15.1.el5xen ro root=/dev/xvda
initrd /boot/initrd-2.6.18-164.15.1.el5xen.img
Edit etc/fstab, changing “sda1” to “xvda” and changing “sdb” to “xvdb”.
# cat etc/fstab
/dev/xvda / ext3 defaults 1 1
/dev/xvdb /mnt ext3 defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /sys sysfs defaults 0 0
Enable login via the console. The default console device in a XenServer system is xvc0. Ensure that etc/inittab and etc/securetty have the following lines respectively:
# grep xvc0 etc/inittab
co:2345:respawn:/sbin/agetty xvc0 9600 vt100-nav
# grep xvc0 etc/securetty
xvc0
Ensure the ramdisk supports PV disk and PV network. Customize this for the kernel version you have determined above.
# chroot /mnt/loop/centos54
# cd /boot/
# mv initrd-2.6.18-164.15.1.el5xen.img initrd-2.6.18-164.15.1.el5xen.img.bak
# mkinitrd -f /boot/initrd-2.6.18-164.15.1.el5xen.img --with=xennet --preload=xenblk --omit-scsi-modules 2.6.18-164.15.1.el5xen
Change the password.
# passwd
Changing password for user root.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
Exit out of chroot.
# exit
Check etc/ssh/sshd_config for lines allowing ssh login using a password.
# egrep "PermitRootLogin|PasswordAuthentication" /mnt/loop/centos54/etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
If you need the template to be enabled to reset passwords from the CloudStack UI or API, install the password change script into the image at this point. See Adding Password Management to Your Templates.
Unmount and delete loopback mount.
# umount /mnt/loop/centos54
# losetup -d /dev/loop0
Copy the image file to your XenServer host’s file-based storage repository. In the example below, the Xenserver is “xenhost”. This XenServer has an NFS repository whose uuid is a9c5b8c8-536b-a193-a6dc-51af3e5ff799.
# scp CentOS_6.2_x64 xenhost:/var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799/
Log in to the Xenserver and create a VDI the same size as the image.
[root@xenhost ~]# cd /var/run/sr-mount/a9c5b8c8-536b-a193-a6dc-51af3e5ff799
[root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# ls -lh CentOS_6.2_x64
-rw-r--r-- 1 root root 10G Mar 16 16:49 CentOS_6.2_x64
[root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# xe vdi-create virtual-size=10GiB sr-uuid=a9c5b8c8-536b-a193-a6dc-51af3e5ff799 type=user name-label="Centos 6.2 x86_64"
cad7317c-258b-4ef7-b207-cdf0283a7923
Import the image file into the VDI. This may take 10–20 minutes.
[root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# xe vdi-import filename=CentOS_6.2_x64 uuid=cad7317c-258b-4ef7-b207-cdf0283a7923
Locate a the VHD file. This is the file with the VDI’s UUID as its name. Compress it and upload it to your web server.
[root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# bzip2 -c cad7317c-258b-4ef7-b207-cdf0283a7923.vhd > CentOS_6.2_x64.vhd.bz2
[root@xenhost a9c5b8c8-536b-a193-a6dc-51af3e5ff799]# scp CentOS_6.2_x64.vhd.bz2 webserver:/var/www/html/templates/
Converting a Hyper-V VM to a Template
To convert a Hyper-V VM to a XenServer-compatible CloudStack template, you will need a standalone XenServer host with an attached NFS VHD SR. Use whatever XenServer version you are using with CloudStack, but use XenCenter 5.6 FP1 or SP2 (it is backwards compatible to 5.6). Additionally, it may help to have an attached NFS ISO SR.
For Linux VMs, you may need to do some preparation in Hyper-V before trying to get the VM to work in XenServer. Clone the VM and work on the clone if you still want to use the VM in Hyper-V. Uninstall Hyper-V Integration Components and check for any references to device names in /etc/fstab:
- From the linux_ic/drivers/dist directory, run make uninstall (where “linux_ic” is the path to the copied Hyper-V Integration Components files).
- Restore the original initrd from backup in /boot/ (the backup is named *.backup0).
- Remove the “hdX=noprobe” entries from /boot/grub/menu.lst.
- Check /etc/fstab for any partitions mounted by device name. Change those entries (if any) to mount by LABEL or UUID. You can get that information with the blkid command.
The next step is make sure the VM is not running in Hyper-V, then get the VHD into XenServer. There are two options for doing this.
Option one:
- Import the VHD using XenCenter. In XenCenter, go to Tools>Virtual Appliance Tools>Disk Image Import.
- Choose the VHD, then click Next.
- Name the VM, choose the NFS VHD SR under Storage, enable “Run Operating System Fixups” and choose the NFS ISO SR.
- Click Next, then Finish. A VM should be created.
Option two:
- Run XenConvert, under From choose VHD, under To choose XenServer. Click Next.
- Choose the VHD, then click Next.
- Input the XenServer host info, then click Next.
- Name the VM, then click Next, then Convert. A VM should be created.
Once you have a VM created from the Hyper-V VHD, prepare it using the following steps:
- Boot the VM, uninstall Hyper-V Integration Services, and reboot.
- Install XenServer Tools, then reboot.
- Prepare the VM as desired. For example, run sysprep on Windows VMs. See “Creating a Windows Template”.
Either option above will create a VM in HVM mode. This is fine for Windows VMs, but Linux VMs may not perform optimally. Converting a Linux VM to PV mode will require additional steps and will vary by distribution.
- Shut down the VM and copy the VHD from the NFS storage to a web server; for example, mount the NFS share on the web server and copy it, or from the XenServer host use sftp or scp to upload it to the web server.
- In CloudStack, create a new template using the following values:
- URL. Give the URL for the VHD
- OS Type. Use the appropriate OS. For PV mode on CentOS, choose Other PV (32-bit) or Other PV (64-bit). This choice is available only for XenServer.
- Hypervisor. XenServer
- Format. VHD
The template will be created, and you can create instances from it.
Adding Password Management to Your Templates
CloudStack provides an optional password reset feature that allows users to set a temporary admin or root password as well as reset the existing admin or root password from the CloudStack UI.
To enable the Reset Password feature, you will need to download an additional script to patch your template. When you later upload the template into CloudStack, you can specify whether reset admin/root password feature should be enabled for this template.
The password management feature works always resets the account password on instance boot. The script does an HTTP call to the virtual router to retrieve the account password that should be set. As long as the virtual router is accessible the guest will have access to the account password that should be used. When the user requests a password reset the management server generates and sends a new password to the virtual router for the account. Thus an instance reboot is necessary to effect any password changes.
If the script is unable to contact the virtual router during instance boot it will not set the password but boot will continue normally.
Use the following steps to begin the Linux OS installation:
Download the latest version of the cloud-set-guest-password script from the repository:
Rename the file:
mv cloud-set-guest-password.in cloud-set-guest-password
Copy this file to /etc/init.d.
On some Linux distributions, copy the file to
/etc/rc.d/init.d
.Run the following command to make the script executable:
chmod +x /etc/init.d/cloud-set-guest-password
Depending on the Linux distribution, continue with the appropriate step.
On Fedora, CentOS/RHEL, and Debian, run:
chkconfig --add cloud-set-guest-password
Download the installer, CloudInstanceManager.msi, from the Download page and run the installer in the newly created Windows VM.
Deleting Templates
Templates may be deleted. In general, when a template spans multiple Zones, only the copy that is selected for deletion will be deleted; the same template in other Zones will not be deleted. The provided CentOS template is an exception to this. If the provided CentOS template is deleted, it will be deleted from all Zones.
When templates are deleted, the VMs instantiated from them will continue to run. However, new VMs cannot be created based on the deleted template.
Working with ISOs
CloudStack supports ISOs and their attachment to guest VMs. An ISO is a read-only file that has an ISO/CD-ROM style file system. Users can upload their own ISOs and mount them on their guest VMs.
ISOs are uploaded based on a URL. HTTP is the supported protocol. Once the ISO is available via HTTP specify an upload URL such as http://my.web.server/filename.iso.
ISOs may be public or private, like templates.ISOs are not hypervisor-specific. That is, a guest on vSphere can mount the exact same image that a guest on KVM can mount.
ISO images may be stored in the system and made available with a privacy level similar to templates. ISO images are classified as either bootable or not bootable. A bootable ISO image is one that contains an OS image. CloudStack allows a user to boot a guest VM off of an ISO image. Users can also attach ISO images to guest VMs. For example, this enables installing PV drivers into Windows. ISO images are not hypervisor-specific.
Adding an ISO
To make additional operating system or other software available for use with guest VMs, you can add an ISO. The ISO is typically thought of as an operating system image, but you can also add ISOs for other types of software, such as desktop applications that you want to be installed as part of a template.
Log in to the CloudStack UI as an administrator or end user.
In the left navigation bar, click Templates.
In Select View, choose ISOs.
Click Add ISO.
In the Add ISO screen, provide the following:
Name: Short name for the ISO image. For example, CentOS 6.2 64-bit.
Description: Display test for the ISO image. For example, CentOS 6.2 64-bit.
URL: The URL that hosts the ISO image. The Management Server must be able to access this location via HTTP. If needed you can place the ISO image directly on the Management Server
Zone: Choose the zone where you want the ISO to be available, or All Zones to make it available throughout CloudStack.
Bootable: Whether or not a guest could boot off this ISO image. For example, a CentOS ISO is bootable, a Microsoft Office ISO is not bootable.
OS Type: This helps CloudStack and the hypervisor perform certain operations and make assumptions that improve the performance of the guest. Select one of the following.
- If the operating system of your desired ISO image is listed, choose it.
- If the OS Type of the ISO is not listed or if the ISO is not bootable, choose Other.
- (XenServer only) If you want to boot from this ISO in PV mode, choose Other PV (32-bit) or Other PV (64-bit)
- (KVM only) If you choose an OS that is PV-enabled, the VMs created from this ISO will have a SCSI (virtio) root disk. If the OS is not PV-enabled, the VMs will have an IDE root disk. The PV-enabled types are:
- Fedora 13
- Fedora 12
- Fedora 11
- Fedora 10
- Fedora 9
- Other PV
- Debian GNU/Linux
- CentOS 5.3
- CentOS 5.4
- CentOS 5.5
- Red Hat Enterprise Linux 5.3
- Red Hat Enterprise Linux 5.4
- Red Hat Enterprise Linux 5.5
- Red Hat Enterprise Linux 6
Note
It is not recommended to choose an older version of the OS than the version in the image. For example, choosing CentOS 5.4 to support a CentOS 6.2 image will usually not work. In these cases, choose Other.
Extractable: Choose Yes if the ISO should be available for extraction.
Public: Choose Yes if this ISO should be available to other users.
Featured: Choose Yes if you would like this ISO to be more prominent for users to select. The ISO will appear in the Featured ISOs list. Only an administrator can make an ISO Featured.
Click OK.
The Management Server will download the ISO. Depending on the size of the ISO, this may take a long time. The ISO status column will display Ready once it has been successfully downloaded into secondary storage. Clicking Refresh updates the download percentage.
Important: Wait for the ISO to finish downloading. If you move on to the next task and try to use the ISO right away, it will appear to fail. The entire ISO must be available before CloudStack can work with it.
Attaching an ISO to a VM
- In the left navigation, click Instances.
- Choose the virtual machine you want to work with.
- Click the Attach ISO button. |iso.png|
- In the Attach ISO dialog box, select the desired ISO.
- Click OK.