This page journals content related to SYS-350 milestone 10.

Table of contents:

• Setting up QEMU KVM

• Setting up Windows Image

  • Windows Preinstall

  • Windows Install

  • Windows Postinstall

• Debugging

• Reflection

Setting up QEMU KVM

First I installed the needed software:

sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virtinst virt-manager -y

And added myself to the libvirt group (logged in and out after running following commands!):

sudo usermod -aG libvirt poliver

After doing that I could start KVM with sudo virt-manager in the terminal:

Setting up Windows Image

Windows Preinstall

Then I grabbed a Windows ISO and the VirtIO ISO:

wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso
wget http://192.168.7.240/isos/SERVER_19_x64_FA23.iso

Then back in KVM I used "File" > "New Virtual Machine":

Selected to install a local install media, pressed forward:

Then I used "Browse..." in the next screen:

In the next screen I selected "Browse Local":

Then I selected my server ISO ("Open" button) after searching for it (used CTRL+F):

Pressed forward:

(Did correct the permissions issues, had to do first time around)

Then I setup the memory and CPU settings (pressed forward):

In the next screen I selected "Select or create custom storage" then clicked "Manage...":

Selected "default" in the left storage area, Then I selected the green arrow (on hovering over says "Create new volume"):

Filled it in like the following:

Then I pressed "Finish" > made sure my storage volume was selected then "Choose Volume"

Pressed forward > selected to "Customize configuration before install" and gave the VM a name > then finish:

Made sure cdrom 1 was pointed towards my windows server (had to press the cross to enable fullscreen to see the "Add Hardware" button):

Then I pressed "Add Hardware" > "Storage" > Set "Device type" to "CDROM device" via its dropdown, selected "Select or create custom storage" and then "Manage..."

Then I selected "Browse Local" > then my VirtIO ISO:

Then I pressed "Finish":

After set the NIC here by going to the NIC > set "Device model" to "virtio" via the dropdown > clicked "Apply":

Finally in the "SATA DISK" used the dropdown to select "VirtIO" > clicked "Apply":

After that was set I pressed "Begin Installation":

Windows Install

I pressed "Next" > "Install now". After this went through I selected the Desktop standard windows server:

Then next, accepted the license, next:

Chose custom install:

Then pressed "Load driver":

Pressed OK to scan:

Then chose the "2k19" drivers:

Then Next:

Loaded drivers set sent me back to the Windows setup screen - where I could see the unallocated space:

Then pressed Next

Which started the windows installation:

The end of the installation will boot to this menu:

(NOTE: AT THIS POINT NEEDED TO CHANGE TO NATIVE KVM INSTEAD OF USING VNC!)

I would enter a password for the Administrator, which sent me to login:

I would use the "Send Key" button on the top bar to send a CTRL+ALT+DELETE > then login:

Windows Postinstall

Once logged in I minimized server manager > used right-click on the desktop > "Display Settings" > Set the resolution to "800x600":

I then opened file explorer > navigated to the CD drive:

Then I scrolled down and double clicked "virtio-win-gt-x64" exe:

Next, then accepted licensing:

After I selected next again:

Finally pressed "Install", which started to install the drivers:

Pressed "Yes" at the popup:

Then selected finish on the installer.

After I went back to the virtio cd drive > selected and double clicked the "virtio-win-guest-tools":

Agree to license and Install:

(NOTE: had to reset the display back to 800x600)

After that I ran the following commands in an Admin powershell (did have to press enter in the Powershell session to get the prompt to appear) to install google chrome:

(New-Object System.Net.WebClient).DownloadFile('https://dl.google.com/dl/chrome/install/googlechromestandaloneenterprise64.msi','chrome.msi')
.\chrome.msi

I could use the searchbar and see I could access Google Chrome:

After I used the Admin Powershell session > used sconfig:

Then used option 5 to set updates to manual:

Used option 9 to set the date:

After that I used 15 to exit to the command line, then I set the needed firewall rules with:

Enable-NetFirewallRule -name RemoteDesktop-UserMode-In-TCP

Then in Powershell I set remote desktop to be enabled:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0

Finally I set the execution policy to unrestricted (selected "A" to say yes to all):

Set-ExecutionPolicy Unrestricted

Here I should have used the search bar to search for settings > gone to the first item on the left "System" > then on the sidebar go to "Remote Desktop" and hit the switch to enable it:

Did not originally which caused the image to not be able to be remote desktopable, so (seen in Debugging) I had to boot the image up > enable remote desktop > reinstall cloudbase to sysprep > move the image onto openstack...but better to do it here instead!

After I downloaded and started the cloubaseinit setup in a Admin powershell session:

(New-Object System.Net.WebClient).DownloadFile('https://cloudbase.it/downloads/CloudbaseInitSetup_Stable_x64.msi','cloud.msi')
.\cloud.msi

Hit next > accepted the license and next > clicked next for the default settings:

Used the dropdown for serial port to select COM1 and checked "Run Cloudbase-init server as LocalSystem" and pressed next:

(NOTE: I did when reconfiguring the image (seen in Debugging) not check the "Run Cloudbase-init service as LocalSystem" but from my research that would not have affected my ability to remote desktop in! Final cloudbase init configuration options can be seen below:)

Then install:

After installer was finished I selected both checkboxes and pressed finish:

Then from a terminal that has sourced both my python virtual environment and oadmin credentials like the following:

source ~/openstack/bin/activate
source ~/Downloads/oliverdomain_oadmin.sh

I copied my created Windows VM image to my home directory:

sudo cp /var/lib/libvirt/images/oliverserver2019.raw ~/ && sudo chown poliver:poliver ~/oliverserver2019.raw

Then I allocated another floating IP from external:

openstack --insecure floating ip create external

Created a security policy to allow SSH and RDP

openstack --insecure security group create rdpallow
openstack --insecure security group rule create --remote-ip 0.0.0.0/0 --dst-port 22:22 --protocol tcp --ingress rdpallow
openstack --insecure security group rule create --remote-ip 0.0.0.0/0 --dst-port 3389:3389 --protocol tcp --ingress rdpallow

Created a keypair,

openstack --insecure keypair create --private-key ./oadminkeypair.pem --type ssh oadminkeypair
chmod 0400 oadminkeypair.pem

Then I imported the image into openstack, and created an instance of my image:

openstack --insecure image create --disk-format raw --min-disk 20 --min-ram 4 --file ~/oliverserver2019.raw --private oliver-windowsserver2019-image
openstack --insecure server create --flavor m1.medium --image oliver-windowsserver2019-image --network olivernetwork --key-name oadminkeypair --min 1 --max 1 --config-drive true oliver-windowsserver2019-vm

(NOTE: write down the "adminPass")

Waited for the VM to full build - also needed additional time as because of the config drive windows needs to fully start:

Finally I associated the floating IP and the security group:

IP=10.20.20.137
openstack --insecure server add floating ip oliver-windowsserver2019-vm $IP
openstack --insecure server add security group oliver-windowsserver2019-vm rdpallow

Then I went to the web gui > "Project" > "Compute" > "Instances" > "oliver-windowsserver2019-vm" > "Log" where I would keep refreshing the page until I got log indication that the config drive was found:

Then I went to the "Console" > "Click here to show only console":

Pressed "Cancel" > pressed the "Send Ctrl-Alt-Delete" (can take a few tries with reloading the page):

Then clicked on "Admin" > entered the adminPass (may have to press the send ctl+alt+delete button to get it to register keys) > entered a new password when prompted:

Could then remmina in (do from the KVM console not VNC as it's keys are messed up)

(**NOTE:**I also enabled password retrieve via openstack)

Debugging

Restarted image, enabled remote desktop:

Uninstall and reinstall cloudbase-init:

D-checked firewall, looks good to me:

No LocalSystem this time:

Reuploaded the image > went to the console in "Project" > "Computer" > "Instances" > "oliver-windowsserver2019-vm":

Then I clicked "Click here to show only console" > after awhile and pressing the

Pressed "Sign in" > changed the password:

Found what seems to be the overall issue, metadata service is not working:

Double checking, is 100% at least one of the problems:

Tried a new image after a complete microstack restart - same errors.

Tried now with "--config-drive true":

Had to go through the console again to change the Admin password

Remmina works through the KVM BUT NOT THROUGH VNC!

Instance takes a second to bootup, must go through config drive since the metadata service is messed up, believe it is related to:

• https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1995735

• https://bugs.launchpad.net/ubuntu/+source/pyroute2/+bug/1995469

since my logs show the same thing:

Looking at my docs pretty good chance that a version that is bugged was installed (at the very least I dont believe the microstack we installed was outside of when the bug was released):

Checked the microstack python site-packages - we are using a pyroute2 that would affect us:

And I am pretty sure we are using a kernel that has commit that would have messed up certain versions of pyroute2:

Reflection

Compared to the image prep and deployment with vcenter I found openstack to be quite a bit harder. Firstly I couldn't create the image all in openstack, where I had to use QEMU/KVM to make the image then upload it to openstack, which was probably what took the most time out of the entire milestone. I also faced a openstack bug in the neutron metadata service that definitly degraded my experience as it meant the image wasn't very quickly deployed. I did enjoy that the provisioning and actually starting the image could be done with simple terminal commands in openstack and that was a much better experience compared to vcenter (not counting Powercli!)