split templates.rst to multiple files
Project: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/commit/04505cae Tree: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/tree/04505cae Diff: http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/diff/04505cae Branch: refs/heads/master Commit: 04505cae4391c9509d8ae777f52cf8064e775bf7 Parents: 9b36171 Author: Pierre-Luc Dion <pdion...@apache.org> Authored: Sun Mar 8 10:25:11 2015 -0400 Committer: Pierre-Luc Dion <pdion...@apache.org> Committed: Sun Mar 8 10:25:11 2015 -0400 ---------------------------------------------------------------------- source/templates/_create_linux.rst | 261 ++++++++++++++++++++++++++++++ source/templates/_create_windows.rst | 220 +++++++++++++++++++++++++ 2 files changed, 481 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/04505cae/source/templates/_create_linux.rst ---------------------------------------------------------------------- diff --git a/source/templates/_create_linux.rst b/source/templates/_create_linux.rst new file mode 100644 index 0000000..24a9061 --- /dev/null +++ b/source/templates/_create_linux.rst @@ -0,0 +1,261 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +Creating a Linux Template +------------------------- + +Linux templates should be prepared using this documentation in order to +prepare your linux VMs for template deployment. For ease of +documentation, the VM which you are configuring the template on will be +referred to as "Template Master". This guide currently covers legacy +setups which do not take advantage of UserData and cloud-init and +assumes openssh-server is installed during installation. + +An overview of the procedure is as follow: + +#. Upload your Linux ISO. + + For more information, see `âAdding an + ISOâ <virtual_machines.html#adding-an-iso>`_. + +#. Create a VM Instance with this ISO. + + For more information, see `âCreating + VMsâ <virtual_machines.html#creating-vms>`_. + +#. Prepare the Linux VM + +#. Create a template from the VM. + + For more information, see `âCreating a Template from an Existing + Virtual Machineâ <#creating-a-template-from-an-existing-virtual-machine>`_. + + +System preparation for Linux +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following steps will prepare a basic Linux installation for +templating. + +#. **Installation** + + It is good practice to name your VM something generic during + installation, this will ensure components such as LVM do not appear + unique to a machine. It is recommended that the name of "localhost" + is used for installation. + + .. warning:: + For CentOS, it is necessary to take unique identification out of the + interface configuration file, for this edit + /etc/sysconfig/network-scripts/ifcfg-eth0 and change the content to + the following. + + .. code:: bash + + DEVICE=eth0 + TYPE=Ethernet + BOOTPROTO=dhcp + ONBOOT=yes + + The next steps updates the packages on the Template Master. + + - Ubuntu + + .. code:: bash + + sudo -i + apt-get update + apt-get upgrade -y + apt-get install -y acpid ntp + reboot + + - CentOS + + .. code:: bash + + ifup eth0 + yum update -y + reboot + +#. **Password management** + + .. note:: + If preferred, custom users (such as ones created during the Ubuntu + installation) should be removed. First ensure the root user account + is enabled by giving it a password and then login as root to continue. + + .. code:: bash + + sudo passwd root + logout + + As root, remove any custom user accounts created during the + installation process. + + .. code:: bash + + deluser myuser --remove-home + + See :ref:`adding-password-management-to-templates` for + instructions to setup the password management script, this will allow + CloudStack to change your root password from the web interface. + +#. **Hostname Management** + + CentOS configures the hostname by default on boot. Unfortunately + Ubuntu does not have this functionality, for Ubuntu installations use + the following steps. + + - Ubuntu + + The hostname of a Templated VM is set by a custom script in + `/etc/dhcp/dhclient-exit-hooks.d`, this script first checks if the + current hostname is localhost, if true, it will get the host-name, + domain-name and fixed-ip from the DHCP lease file and use those + values to set the hostname and append the `/etc/hosts` file for + local hostname resolution. Once this script, or a user has changed + the hostname from localhost, it will no longer adjust system files + regardless of its new hostname. The script also recreates + openssh-server keys, which should have been deleted before + templating (shown below). Save the following script to + `/etc/dhcp/dhclient-exit-hooks.d/sethostname`, and adjust the + permissions. + + .. code:: bash + + #!/bin/sh + # dhclient change hostname script for Ubuntu + oldhostname=$(hostname -s) + if [ $oldhostname = 'localhost' ] + then + sleep 10 # Wait for configuration to be written to disk + hostname=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /host-name/ { host = $3 } END { printf host } ' | sed 's/[";]//g' ) + fqdn="$hostname.$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /domain-name/ { domain = $3 } END { printf domain } ' | sed 's/[";]//g')" + ip=$(cat /var/lib/dhcp/dhclient.eth0.leases | awk ' /fixed-address/ { lease = $2 } END { printf lease } ' | sed 's/[";]//g') + echo "cloudstack-hostname: Hostname _localhost_ detected. Changing hostname and adding hosts." + printf " Hostname: $hostname\n FQDN: $fqdn\n IP: $ip" + # Update /etc/hosts + awk -v i="$ip" -v f="$fqdn" -v h="$hostname" "/^127/{x=1} !/^127/ && x { x=0; print i,f,h; } { print $0; }" /etc/hosts > /etc/hosts.dhcp.tmp + mv /etc/hosts /etc/hosts.dhcp.bak + mv /etc/hosts.dhcp.tmp /etc/hosts + # Rename Host + echo $hostname > /etc/hostname + hostname -b -F /etc/hostname + echo $hostname > /proc/sys/kernel/hostname + # Recreate SSH2 + export DEBIAN_FRONTEND=noninteractive + dpkg-reconfigure openssh-server + fi + ### End of Script ### + + chmod 774 /etc/dhcp/dhclient-exit-hooks.d/sethostname + + .. warning:: + The following steps should be run when you are ready to template + your Template Master. If the Template Master is rebooted during + these steps you will have to run all the steps again. At the end + of this process the Template Master should be shutdown and the + template created in order to create and deploy the final template. + +#. **Remove the udev persistent device rules** + + This step removes information unique to your Template Master such as + network MAC addresses, lease files and CD block devices, the files + are automatically generated on next boot. + + - Ubuntu + + .. code:: bash + + rm -f /etc/udev/rules.d/70* + rm -f /var/lib/dhcp/dhclient.* + + - CentOS + + .. code:: bash + + rm -f /etc/udev/rules.d/70* + rm -f /var/lib/dhclient/* + +#. **Remove SSH Keys** + + This step is to ensure all your Templated VMs do not have the same + SSH keys, which would decrease the security of the machines + dramatically. + + .. code:: bash + + rm -f /etc/ssh/*key* + +#. **Cleaning log files** + + It is good practice to remove old logs from the Template Master. + + .. code:: bash + + cat /dev/null > /var/log/audit/audit.log 2>/dev/null + cat /dev/null > /var/log/wtmp 2>/dev/null + logrotate -f /etc/logrotate.conf 2>/dev/null + rm -f /var/log/*-* /var/log/*.gz 2>/dev/null + +#. **Setting hostname** + + In order for the Ubuntu DHCP script to function and the CentOS + dhclient to set the VM hostname they both require the Template + Master's hostname to be "localhost", run the following commands to + change the hostname. + + .. code:: bash + + hostname localhost + echo "localhost" > /etc/hostname + +#. **Set user password to expire** + + This step forces the user to change the password of the VM after the + template has been deployed. + + .. code:: bash + + passwd --expire root + +#. **Clearing User History** + + The next step clears the bash commands you have just run. + + .. code:: bash + + history -c + unset HISTFILE + +#. **Shutdown the VM** + + Your now ready to shutdown your Template Master and create a + template! + + .. code:: bash + + halt -p + +#. **Create the template!** + + You are now ready to create the template, for more information see + `âCreating a Template from an Existing Virtual + Machineâ <#creating-a-template-from-an-existing-virtual-machine>`_. + +.. note:: + Templated VMs for both Ubuntu and CentOS may require a reboot after + provisioning in order to pickup the hostname. http://git-wip-us.apache.org/repos/asf/cloudstack-docs-admin/blob/04505cae/source/templates/_create_windows.rst ---------------------------------------------------------------------- diff --git a/source/templates/_create_windows.rst b/source/templates/_create_windows.rst new file mode 100644 index 0000000..cb1d554 --- /dev/null +++ b/source/templates/_create_windows.rst @@ -0,0 +1,220 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +Creating a Windows Template +--------------------------- + +Windows templates must be prepared with Sysprep before they can be +provisioned on multiple machines. Sysprep allows you to create a generic +Windows template and avoid any possible SID conflicts. + +.. note:: + (XenServer) Windows VMs running on XenServer require PV drivers, which + may be provided in the template or added after the VM is created. The + PV drivers are necessary for essential management functions such as + mounting additional volumes and ISO images, live migration, and + graceful shutdown. + +An overview of the procedure is as follows: + +#. Upload your Windows ISO. + + For more information, see `âAdding an + ISOâ <virtual_machines.html#adding-an-iso>`_. + +#. Create a VM Instance with this ISO. + + For more information, see `âCreating + VMsâ <virtual_machines.html#creating-vms>`_. + +#. Follow the steps in Sysprep for Windows Server 2008 R2 (below) or + Sysprep for Windows Server 2003 R2, depending on your version of + Windows Server + +#. The preparation steps are complete. Now you can actually create the + template as described in Creating the Windows Template. + + +System Preparation for Windows Server 2008 R2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For Windows 2008 R2, you run Windows System Image Manager to create a +custom sysprep response XML file. Windows System Image Manager is +installed as part of the Windows Automated Installation Kit (AIK). +Windows AIK can be downloaded from `Microsoft Download +Center <http://www.microsoft.com/en-us/download/details.aspx?id=9085>`_. + +Use the following steps to run sysprep for Windows 2008 R2: + +.. note:: + The steps outlined here are derived from the excellent guide by + Charity Shelbourne, originally published at `Windows Server 2008 + Sysprep Mini-Setup. + <http://blogs.technet.com/askcore/archive/2008/10/31/automating-the-oobe-process-during-windows-server-2008-sysprep-mini-setup.aspx>`_ + +#. Download and install the Windows AIK + + .. note:: + Windows AIK should not be installed on the Windows 2008 R2 VM you + just created. Windows AIK should not be part of the template you + create. It is only used to create the sysprep answer file. + +#. Copy the install.wim file in the \\sources directory of the Windows + 2008 R2 installation DVD to the hard disk. This is a very large file + and may take a long time to copy. Windows AIK requires the WIM file + to be writable. + +#. Start the Windows System Image Manager, which is part of the Windows + AIK. + +#. In the Windows Image pane, right click the Select a Windows image or + catalog file option to load the install.wim file you just copied. + +#. Select the Windows 2008 R2 Edition. + + You may be prompted with a warning that the catalog file cannot be + opened. Click Yes to create a new catalog file. + +#. In the Answer File pane, right click to create a new answer file. + +#. Generate the answer file from the Windows System Image Manager using + the following steps: + + #. The first page you need to automate is the Language and Country or + Region Selection page. To automate this, expand Components in your + Windows Image pane, right-click and add the + Microsoft-Windows-International-Core setting to Pass 7 oobeSystem. + In your Answer File pane, configure the InputLocale, SystemLocale, + UILanguage, and UserLocale with the appropriate settings for your + language and country or region. Should you have a question about + any of these settings, you can right-click on the specific setting + and select Help. This will open the appropriate CHM help file with + more information, including examples on the setting you are + attempting to configure. + + |sysmanager.png| + + #. You need to automate the Software License Terms Selection page, + otherwise known as the End-User License Agreement (EULA). To do + this, expand the Microsoft-Windows-Shell-Setup component. + High-light the OOBE setting, and add the setting to the Pass 7 + oobeSystem. In Settings, set HideEULAPage true. + + |software-license.png| + + #. Make sure the license key is properly set. If you use MAK key, you + can just enter the MAK key on the Windows 2008 R2 VM. You need not + input the MAK into the Windows System Image Manager. If you use + KMS host for activation you need not enter the Product Key. + Details of Windows Volume Activation can be found at + `http://technet.microsoft.com/en-us/library/bb892849.aspx + <http://technet.microsoft.com/en-us/library/bb892849.aspx>`_ + + #. You need to automate is the Change Administrator Password page. + Expand the Microsoft-Windows-Shell-Setup component (if it is not + still expanded), expand UserAccounts, right-click on + AdministratorPassword, and add the setting to the Pass 7 + oobeSystem configuration pass of your answer file. Under Settings, + specify a password next to Value. + + |change-admin-password.png| + + You may read the AIK documentation and set many more options that + suit your deployment. The steps above are the minimum needed to + make Windows unattended setup work. + +#. Save the answer file as unattend.xml. You can ignore the warning + messages that appear in the validation window. + +#. Copy the unattend.xml file into the c:\\windows\\system32\\sysprep + directory of the Windows 2008 R2 Virtual Machine + +#. Once you place the unattend.xml file in + c:\\windows\\system32\\sysprep directory, you run the sysprep tool as + follows: + + .. code:: bash + + cd c:\Windows\System32\sysprep + sysprep.exe /oobe /generalize /shutdown + + The Windows 2008 R2 VM will automatically shut down after sysprep is + complete. + + +System Preparation for Windows Server 2003 R2 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Earlier versions of Windows have a different sysprep tool. Follow these +steps for Windows Server 2003 R2. + +#. Extract the content of \\support\\tools\\deploy.cab on the Windows + installation CD into a directory called c:\\sysprep on the Windows + 2003 R2 VM. + +#. Run c:\\sysprep\\setupmgr.exe to create the sysprep.inf file. + + #. Select Create New to create a new Answer File. + + #. Enter âSysprep setupâ for the Type of Setup. + + #. Select the appropriate OS version and edition. + + #. On the License Agreement screen, select âYes fully automate the + installationâ. + + #. Provide your name and organization. + + #. Leave display settings at default. + + #. Set the appropriate time zone. + + #. Provide your product key. + + #. Select an appropriate license mode for your deployment + + #. Select âAutomatically generate computer nameâ. + + #. Type a default administrator password. If you enable the password + reset feature, the users will not actually use this password. This + password will be reset by the instance manager after the guest + boots up. + + #. Leave Network Components at âTypical Settingsâ. + + #. Select the âWORKGROUPâ option. + + #. Leave Telephony options at default. + + #. Select appropriate Regional Settings. + + #. Select appropriate language settings. + + #. Do not install printers. + + #. Do not specify âRun Once commandsâ. + + #. You need not specify an identification string. + + #. Save the Answer File as c:\\sysprep\\sysprep.inf. + +#. Run the following command to sysprep the image: + + .. code:: bash + + c:\sysprep\sysprep.exe -reseal -mini -activated + + After this step the machine will automatically shut down
