[ovirt-users] Re: Strategy to Mange Ovirt VMs Created from Templates

2019-12-23 Thread Strahil
Sealing the VM is not something specific to oVirt, and is also valid for KVM.
Actually sealing the VM is to run virt-sysprep against the VM/disk.

You can check http://libguestfs.org/virt-sysprep.1.html and especially the 
--list-operations which can help you understand what ia being cleaned up.

So you can:
1. Update the VM
2. Install and enable cloudinit service
3. Maybe try to create your ansible user and allow ssh keys (Using ansible over 
root is not good and is a bad practice)
4. Power off and seal the machine as a template (details at 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Administration_Guide/sect-Sealing_Virtual_Machines_in_Preparation_for_Deployment_as_Templates.html
 )
5. Create VM from the template and power it up manually.
6. Verify that the new VM matches your needs and remove.

About cloud  init - you should know that is used  extensively in OpenStack and 
VmWare has it's own solution similar to CloudInit.

Some examples can be found at: 
https://cloudinit.readthedocs.io/en/latest/topics/examples.html
So you can change passwords, configure network, create your ansible user with 
necessary permissions and way more.


Best Regards,
Strahil NikolovOn Dec 23, 2019 18:46, jeremy_tourvi...@hotmail.com wrote:
>
> Thank you for your reply Luca, 
> In general your work flow is helpful and makes sense to me.  
>
> I meant to say above- "As part of the template creation process ***the Ovirt 
> docs*** say to seal the VM".  
>
> So I think I understand that you need to use both processes (seal template + 
> cloudinit) to get everything to work as desired.  I'd still appreciate any 
> more specifics about what sealing a VM does.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BRLNWOQB6FM4BUOW5JDG2RGKDSLWCFOV/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CQ6SB7WHZK4XRNLQ4TA3A63QADY5FJEX/


[ovirt-users] Re: Strategy to Mange Ovirt VMs Created from Templates

2019-12-23 Thread Jan Zmeskal
Hi Jeremy,

I found an old blog post where the author seals the VM manually, see here:
https://www.linuxtechi.com/create-vm-template-ovirt-environment/
Please, *do not follow this guide* since it seems to be a bit outdated.
Nonetheless, it might give you a more specific idea about what sealing the
template (which is done for you by oVirt) actually entails.

Jan

On Mon, Dec 23, 2019 at 5:48 PM  wrote:

> Thank you for your reply Luca,
> In general your work flow is helpful and makes sense to me.
>
> I meant to say above- "As part of the template creation process ***the
> Ovirt docs*** say to seal the VM".
>
> So I think I understand that you need to use both processes (seal template
> + cloudinit) to get everything to work as desired.  I'd still appreciate
> any more specifics about what sealing a VM does.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BRLNWOQB6FM4BUOW5JDG2RGKDSLWCFOV/
>


-- 

Jan Zmeskal

Quality Engineer, RHV Core System

Red Hat 

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IIRJ3VIOVKUCYY6RRJAYVTMU63M7SIOA/


[ovirt-users] Re: Strategy to Mange Ovirt VMs Created from Templates

2019-12-23 Thread Jan Zmeskal
Hi Jeremy,

Can someone tell me what sealing does to a Linux VM?
>

In short, "sealing is the process of removing all system-specific details
from a virtual machine before creating a template based on that virtual
machine". In entails actions such as removing SSH host keys, removing MAC
address information from the system, changing the hostname to a generic
etc. You could do all this manually, but as far as Linux VMs are concerned,
you don't have to. oVirt can do this for you when you create a teamplate.

So, if I want to manage a VM created from a template would this general
> process work?-
>
> Seal the VM
> Install CloudInit and keys, accounts, etc
> Shut off VM and create template from it.
>
> Create new VM using Ansbile & CloudInit
> CloudInit would have just enough info so that you could manage the VM with
> Ansible.
>

I think the better order would be:

   - Upload a disk
   

   that you want to use as a basis for your template (RHEL, CentOS, whatever
   you use)
   - Create a VM with that disk attached
   - Start the VM
   - Do all the necessary configuration that you want to be part of your
   future template. That means for example enabling repositories, updating
   packages etc. If you want to start your future VMs using cloud-init, you
   need to install (and enable it!) here.
   - Stop the VM
   - Create template out of this VM (Don't forget to check the *Seal
   Template* option during template creation)
   - Create a new VM out of that template (using Ansible if you wish so)

Sample Ansible playbook creating a single VM would look like this:

---
- name: Create VM using Ansible role
  hosts: localhost
  connection: local
  gather_facts: false

  vars:
engine_fqdn: my_enging.my_domain.com
engine_user: admin@internal
engine_password: mypass

my_vm_profile:
  template: cloud_init_enabled_template
  ssh_key: "your_public_ssh_key"

vms:
  - name: test_vm
cluster: my_cluster
profile: "{{ my_vm_profile }}"
state: running
cloud_init:
  host_name: sandbox
  root_password: sandbox
  custom_script: |
packages:
  - vim-enhanced
  - screen

  roles:
- ovirt.vm-infra

All the variables that may be provided to ovirt.vm-infra role can be found
here .
Pay special attention to the *cloud_init *key in the test_vm dictionary.
This dictionary is used to control cloud-init setup on VM. It natively
supports many of the cloud-init parameters and you can find them all in the
previous link. Should this not be sufficient for you, *cloud_init*
dictionary may also contain *custom_script *key. To that key, you simply
provide a string which holds raw cloud-init script. Examples of raw
cloud-init scripts can be found in cloud-init's doc page
.

Hope this was helpful. Best regards!

Jan

On Mon, Dec 23, 2019 at 4:30 PM Luca 'remix_tj' Lorenzetto <
lorenzetto.l...@gmail.com> wrote:

> Hello Jeremy,
>
> we did this kind of workflow:
>
> - create a standard base image, with all the required updates you
> want. We usually started from the previous template of the same RHEL
> release, but you can start from scratch every time if you want.
> - Install cloud-init that starts at boot and then, after the first
> successful execution, disables itself.
> - a ssh key for ansible to allow login as root without password. This
> key will be then removed after deployment is completed.
> - create this new template as new version of the existing RHEL
> template (RHEL 7 as example)
>
> At deploy time with ansible:
> - deploy a new vm starting from the latest template of RHEL7. Use
> run_once cloudinit details for setting ip address. The vm has to be
> connected to the right virtual network.
> - wait_for vm to be reachable via network
> - proceed with ansible to configure/install the remaining parts
> (authentication, monitoring agents, backup utilities).
>
> Luca
>
> On Mon, Dec 23, 2019 at 4:20 PM  wrote:
> >
> > I want to be able to manage VMs using Ansible.  As part of the template
> creation process it says to seal the VM.  Can someone tell me what sealing
> does to a Linux VM?  I understand it removes some of things that make the
> VM unique but no real specifics.
> >
> > So, if I want to manage a VM created from a template would this general
> process work?-
> >
> > Seal the VM
> > Install CloudInit and keys, accounts, etc
> > Shut off VM and create template from it.
> >
> > Create new VM using Ansbile & CloudInit
> > CloudInit would have just enough info so that you could manage the VM
> with Ansible.
> >
> > Would that work?
> >
> > I am just starting to explore what CloudInit can do and what it is.  I
> am brand new to it.  I didn't find enough info 

[ovirt-users] Re: Strategy to Mange Ovirt VMs Created from Templates

2019-12-23 Thread jeremy_tourville
Thank you for your reply Luca, 
In general your work flow is helpful and makes sense to me.  

I meant to say above- "As part of the template creation process ***the Ovirt 
docs*** say to seal the VM".  

So I think I understand that you need to use both processes (seal template + 
cloudinit) to get everything to work as desired.  I'd still appreciate any more 
specifics about what sealing a VM does.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BRLNWOQB6FM4BUOW5JDG2RGKDSLWCFOV/


[ovirt-users] Re: Strategy to Mange Ovirt VMs Created from Templates

2019-12-23 Thread Luca 'remix_tj' Lorenzetto
Hello Jeremy,

we did this kind of workflow:

- create a standard base image, with all the required updates you
want. We usually started from the previous template of the same RHEL
release, but you can start from scratch every time if you want.
- Install cloud-init that starts at boot and then, after the first
successful execution, disables itself.
- a ssh key for ansible to allow login as root without password. This
key will be then removed after deployment is completed.
- create this new template as new version of the existing RHEL
template (RHEL 7 as example)

At deploy time with ansible:
- deploy a new vm starting from the latest template of RHEL7. Use
run_once cloudinit details for setting ip address. The vm has to be
connected to the right virtual network.
- wait_for vm to be reachable via network
- proceed with ansible to configure/install the remaining parts
(authentication, monitoring agents, backup utilities).

Luca

On Mon, Dec 23, 2019 at 4:20 PM  wrote:
>
> I want to be able to manage VMs using Ansible.  As part of the template 
> creation process it says to seal the VM.  Can someone tell me what sealing 
> does to a Linux VM?  I understand it removes some of things that make the VM 
> unique but no real specifics.
>
> So, if I want to manage a VM created from a template would this general 
> process work?-
>
> Seal the VM
> Install CloudInit and keys, accounts, etc
> Shut off VM and create template from it.
>
> Create new VM using Ansbile & CloudInit
> CloudInit would have just enough info so that you could manage the VM with 
> Ansible.
>
> Would that work?
>
> I am just starting to explore what CloudInit can do and what it is.  I am 
> brand new to it.  I didn't find enough info on template sealing to help me 
> devise a full cycle management strategy.  Perhaps there are other/easier 
> methods?  Thanks for your advice and input.
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJ6OOPUT3KJEME6PEZJIX4FN4YA7BB6K/



-- 
"E' assurdo impiegare gli uomini di intelligenza eccellente per fare
calcoli che potrebbero essere affidati a chiunque se si usassero delle
macchine"
Gottfried Wilhelm von Leibnitz, Filosofo e Matematico (1646-1716)

"Internet è la più grande biblioteca del mondo.
Ma il problema è che i libri sono tutti sparsi sul pavimento"
John Allen Paulos, Matematico (1945-vivente)

Luca 'remix_tj' Lorenzetto, http://www.remixtj.net , 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VSPOODV5O3PPTAKVRNMTAKDL435XCDHZ/