Milestone 10 ‐ OpenStack & Windows - jacobwilliams100/sys-350 GitHub Wiki

Builds off lab 8

Prerequisites

We must Enable IP Forwarding

use sysctl -w net.ipv4.ip_forward=1

{0976931E-B89B-461C-8527-D93275F29656}

Update the settings so it persists after a reboot, do nano /etc/sysctl.conf

and uncomment this line:

image

Dependencies and KVM

We must install KVM-based VM manager. Start by upgrading packages with sudo apt upgrade

{DAF6460A-42A5-4EE9-B9E5-E35B37430AD0}

Then run these commands to install dependencies:

sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virtinst virt-manager

sudo systemctl is-active libvirtd

{A4DFFF95-6766-4D16-8430-851E2B97E1F7}

{27C3E19A-1323-4670-A123-F9665FCBD2CC}

{58CA16AA-04A7-4C9F-AC9B-AD69F889F747}

Add your user to the libvirt group with sudo usermod -aG libvirt jake

{BDF2DFF4-278B-4153-AC53-12742C57E46A}

You will need to relog to activate the permissions.

Open the KVM Virtual Machine Manager with sudo virt-manager

{4025928C-FE83-4F5C-A647-DEBCBDBCD71D}

Deliverable 1. Provide a screenshot showing your running KVM. Show it with some proof you are on your super.

{CEDCC6C0-BE22-4B7C-B293-A902D08C4F21}

Image Creation

Downloading Necessary Files

Go to https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso and download virtio-win-0.1.262.iso

{B3A85BAD-A9C6-4E05-A28A-5091B96D36EA}

Then go to http://192.168.3.185/files and download en-us_windows_server_2019_x64_dvd_f9475476.iso

image

Move both files from /home/jake/Downlaods to /var/lib/libvirt/images/ (necessary for permission reasons)

{58BC3227-1B4C-4E50-A4A3-AF1EE7D62521}

Building the Base Image

Back in virt-manager, Click "Create New Virtual Machine"

{E1C9F62D-920F-4499-9590-C06D030F12FE}

choose local install media, and pick /var/lib/libvirt/images/en-us_windows_server_2019_x64_dvd_f9475476.iso

{A0A1B927-AEA2-409E-85F0-5B6ADB9DF0A3}

Bump up the RAM to 4096

{69A18F7F-7E4F-4ED7-9BE3-57DDEC9B6D2C}

Pick "Select or create Custom Storage" and Manage

{E332339E-56CC-48BB-BAC6-EA237C0C6FD3}

image

Then create a new volume

image

"raw" format, 25GB

image

You need to "Customize configuration before install"

image

Change the SATA Disk 1 Disk Bus to VirIO

image

Make sure SATA CDROM 1 points to The Server2019 iso

image

And add another "SATA CDROM 2" that points to virtio-win.iso

image

Set your NIC's device model to VirtIO

image

Now you may go ahead and start the installation

image

We want Standard (Desktop Experience)

image

When you get to the storage page, rescan, look for driver, and pick 2k19

image

Install on the 25GB drive we created earlier

image

This will take a few minutes.

image

If it resets properly, then it worked. Go ahead and set a password.

image

Install the VirIO drivers using CD Drive E

image

You should now be able to get online

image

Now open admin powershell and do sconfig

Set time to EST

image

Normally we would want to update the OS now but we will put this off til after the lab and run it overnight in case it takes forever.

Set updates to manual

image

Still in powershell, run Enable-NetFirewallRule -name RemoteDesktop-UserMode-In-TCP to configure RDP execution policy

and execution policy with Set-ExecutionPolicy Unrestricted

image

Now enable Remote Desktop by going to Control Panel->search "remote"->Allow remote access to your computer

select "Allow remote connections to this computer" and uncheck "Allow connections only from..."

image

Install virtio-win-guest-tools from Disc E

image

Now download and install Google Chrome (it is located on the fileserver at http://192.168.3.185/files)

image

Run CloudBase Init, downloading the installer from https://cloudbase.it/downloads/CloudbaseInitSetup_Stable_x64.msi

![image](https://github.com/user-attachments/assets/c27e6f04-dc18-45f4-8a13-ea803dacc217

image

Make sure to set the Serial Port to COM1 and enable run cloudbase-init services as localsystem

image

Then go ahead and install

When it's done, check both boxes and click "Finish"

image

Image Import into Openstack

When the VM shuts down, we must make some changes in OpenStack

Log in, go to Networks, create a new network called sys350

image

Create a subnet with the same name, and pick a range of IP addresses and a gateway

image

Enable DHCP

image

Assign the sys350 subnet to test-router

image

Go to Compute->Key Pairs and Create Key Pair, call it sys350 and download the .pem file

image

image

Go to Network->Security Groups and Create Security Group, name it sys350securitygroup

image

Add Rules for SSH, RDP, ICMP

image

Create new floating IPs via the command line for our new system to use with microstack.openstack --insecure floating ip create external

image

Copy /var/lib/libvirt/images/win2k19.img to /home/jake/Desktop, then remove protections from it with sudo chmod 777 win2k19.img

image

Import the image into openstack with:

sudo microstack.openstack --insecure image create --disk-format raw --min-disk 0 --min-ram 0 win2k19.img --public winsrv2019

image

Create new flavor "mediumbigsys350" matching specs from earlier with microstack.openstack --insecure flavor create --ram 4096 --disk 30 --vcpus 2 mediumbigsys350

image

Now launch a new instance using the winsrv2019 image and mediumbigsys350 flavor with the following command:

microstack.openstack --insecure server create --flavor mediumbigsys350 --image winsrv2019 --network sys350 --key-name sys350 sys350-serverinstance

image

The new instance should now be available in the web UI under "Instances"

Now add the instance to the security group with:

microstack.openstack --insecure server add security group sys350-serverinstance sys350securitygroup

image

And as we can see in the Web UI, sys350securitygroup has been assigned to sys350-serverinstance

Add the floating IP from earlier to sys350-serverinstance with microstack.openstack --insecure server add floating ip sys350-serverinstance 10.20.20.214

image

As we can see, it is now attached in the Instances screen of the web UI

image

We can now open the instance in the web GUI-

I had a lot of trouble with getting this page to load. I kept getting "The connection was reset". To solve this, I restarted the spiceworks service with sudo snap restart microstack.nova-spicehtml5proxy

ctrl+alt+delete, set a new password if asked

image

Now for Testing...

Deliverable 2: Provide a screenshot that shows:

  • Instance page with sys350 Server 19 instance Active
  • Instance created with your customized flavor and keypair
  • Fixed and floating IP address allocated to the instance
  • Terminal open to show you are on your Ubuntu with your name & super’s unique IP

image

Deliverable 3: Provide a screenshot that shows your instance and floating IP along with successful ping to the floating IP

image

NOTE: you will need to enable response to ping in sconfig if you didn't before. Not difficult.

Now install Remmina RDP client with sudo apt install remmina

start up remmina by simply typing remmina

We add the Administrator user with password from earlier, floating IP, port 3389

image

It works!

image

Deliverable 4. Provide a big happy screenshot similar to the one below that shows:

  • All Instance details
  • security groups, the two ip addresses
  • A remmina session to your instance
  • Show the remmina connections ip address
  • A ping from your Windows Server to your Ubuntu host (superX)
  • A ping from your Windows Server to the internet
  • A terminal window on your Ubuntu host (superX) showing: ** your Freeman IP address ** a ping to the floating IP of your Server19 instance
  • and a partridge in a pear tree (doesn’t count towards grade)

image

Description of Networking

In this lab, we used Microstack to create a virtual network for the windows server VM to connect to the host machine and the outside internet. We can get an idea of this by looking at the Network Topology Page on Openstack's web UI.

image

We can ignore the test network, it's unrelated to this lab. The sys350 virtual network connects the VM sys350-serverinstance to the test-router virtual router. test-router, in turn, connects to another virtual network "internal". sys350-serverinstances possesses a floating IP (10.20.20.214) on "external" as a type of virtual IP for hosts outside of the sys350 virtual network to reach it. The "external" network uses the ESXi host (running Ubuntu) as its gateway, which is why we can ping the virtual IP from it. Since the ESXi host is connected to the internet via the room gateway, the external and sys350 networks within it may use it to reach the internet.

Reflection

Overall, I enjoyed this lab. Windows on Openstack feels like a bit of a workaround compared to the relatively painless process of creating a Windows VM on VCenter. It relies on so much middleware to get going, and even then, not everything worked as expected (for example, CloudBase did not initialize properly so I had to create a new password on login). However, unlike VCenter, once it got going, it did so reliably, without disconnecting every couple of minutes. I like that it is perfectly viable to use OpenStack from both the CLI and web UI interfaces. Sometimes when I struggled to get a CLI command to work, I would do the task using the web UI (and vice versa).

I encountered two major issues during this lab but I was able to troubleshoot both of them relatively easily. The first came when I was unable to load the Spice JavaScript Client from the OpenStack web UI. I do not know what was causing the issue, but simply restarting the microstack.nova-spicehtml5proxy service seemed to solve it. The other issue was that I could not ping the Server2019 VM from my ESXi host. This is an issue that I learned about in SYS-265; Windows Server does not automatically respond to pings, you need to enable it under remote settings in sconfig.