| |
@@ -15,13 +15,13 @@
|
| |
|
| |
== How it works
|
| |
|
| |
- The Cloud image is used directly as ready to use (virtual) system disk in a virtual machine to be created. The first barrier is to perform the necessary initial basic configuration (network connection, root account, etc) so that the VM can start at all and you can log in. In a default installation this is part of the distribution-specific installer, Anaconda in case of Fedora. In case of a Cloud image there is nothing to install and therefore no installer. Instead, a more or less standardized cloud-specific initialization procedure is used, cloud-init. In the absence of cloud, the system administrator must provide a replacement. The developers of cloud-init fortunately had some foresight and provided a 'nocloud' procedure of that said standardized cloud-specific initialization procedure. As you may guess, in a cloud centric development a nocloud option has a tough time. It remains somewhat of a challenge.
|
| |
+ The Cloud image is used directly as ready to use (virtual) system disk in a virtual machine to be created. The first barrier is to perform the necessary initial basic configuration (network connection, root account, etc) so that the VM can start at all and you can log in. In a standard installation this is part of the distribution-specific installer, Anaconda in case of Fedora. In case of a Cloud image there is nothing to install and therefore no installer. Instead, a more or less standardized cloud-specific initialization procedure is used, cloud-init. In the absence of cloud, the system administrator must provide a replacement. The developers of cloud-init fortunately had some foresight and provided a 'nocloud' procedure of that said standardized cloud-specific initialization procedure. As you may guess, in a cloud centric development a nocloud option has a tough time. It remains somewhat of a challenge.
|
| |
|
| |
- For an autonomous Fedora server, i.e. not integrated in a cloud or in a development environment such as Vagrant, we use virt-install, the libvirt standard installer. With version 3, as included in Fedora since 33, it provides an easy to use emulation of the cloud-init noCloud procedure. It allows both a very simple installation in a default configuration using a single parameter and a very elaborate configuration using two simple configuration files. Before version 3 this was relatively laborious, since a special iso image had to be crafted for the transfer of configuration data.
|
| |
+ For an autonomous Fedora server, i.e. not integrated into a cloud or into a development environment such as Vagrant, we use virt-install, the libvirt standard installer. With version 3, as included in Fedora since 33, it provides an easy to use emulation of the cloud-init 'noCloud' procedure. It allows both a very simple installation in a default configuration using a single parameter and a very elaborate configuration using two quite simple configuration files. Before version 3 this was relatively laborious, since a special iso image had to be crafted to inject configuration data.
|
| |
|
| |
== What you get
|
| |
|
| |
- In particular, you get time. The workload is significantly lower and correspondingly faster. But by Cloud Base Image you (currently) don’t get an alternatively built but otherwise identical build of Fedora Server Edition. There are some subtle differences. For example, Fedora Server Edition uses xfs as its file system, Cloud Base Image still uses the older ext4. Fedora Server Edition now persists the network configuration completely and stringently in NetworkManager, Cloud Base Image still uses the old ifcfg plugin. Other differences are conceptual. For example, Cloud Image does not install a firewall by default. This function is usually managed by the cloud system. The use concept for the persistent storage is also different due to technical differences. But overall, the functionality is so far identical and the advantages noticeable that it is worthwhile and makes sense to use it.
|
| |
+ In particular, you get time. The workload is significantly lower and correspondingly faster. But by Cloud Base Image you (currently) don’t get an alternatively built but otherwise identical build of Fedora Server Edition. There are some subtle differences. For example, Fedora Server Edition uses xfs as its file system, Cloud Base Image still uses the older ext4. Fedora Server Edition now persists the network configuration completely and stringently in NetworkManager, Cloud Base Image still uses the old ifcfg plugin. Other differences are conceptual. For example, Cloud Image does not install a firewall. This function is usually managed by the cloud system. The use concept for the persistent storage is also different due to technical differences. But overall, the functionality is so far identical and the advantages noticeable that it is worthwhile and makes sense to use it.
|
| |
|
| |
== How to proceed
|
| |
|
| |
@@ -63,7 +63,6 @@
|
| |
[source,]
|
| |
----
|
| |
[…]# vim /etc/sysctl.d/50-enable-forwarding.conf
|
| |
-
|
| |
# local customizations
|
| |
#
|
| |
# enable forwarding for dual stack
|
| |
@@ -78,7 +77,7 @@
|
| |
.Virt-install Parameters
|
| |
[width="100%"]
|
| |
|====================
|
| |
- | --name VM_NAME | Name of the VM to install as shown e.g.in VM list
|
| |
+ | --name VM_NAME | Unique name of the VM to install as shown e.g.in VM list
|
| |
| --memory 3074 | Amount of memory to allocate
|
| |
| --cpu host --vcpus 3 | same cpu type as host, adjust numbers as appropriate
|
| |
| --os-type linux | Fix here, used by virt-install to determine defaults
|
| |
@@ -229,13 +228,13 @@
|
| |
|
| |
Everything is working fine now, nearly out of the box. You would now start configuring the VM in detail according to its intended use. Just as it would be required after a standard installation.
|
| |
|
| |
- *In the end it takes only a good 5 minutes to set up a fully functional system with minimal effort.* It is ideal to quickly create a virtual machine for an ad-hoc solution or as an interim solution for a test.
|
| |
+ *In the end it takes only some 5 minutes to set up a fully functional system with minimal effort.* It is ideal to quickly create a virtual machine for an ad-hoc solution or as an interim solution for a test.
|
| |
|
| |
And it is the ideal way to install a __Cloud Base Image of another distribution__, which may differ in detail from Fedora Cloud Base Image and its elaborate configuration as below. This sets the *stage for tailoring an elaborate configuration of another guest distribution* as described below for Fedora.
|
| |
|
| |
=== Installation alternative 2: elaborate configuration effort
|
| |
|
| |
- Usually, a VM is more complex and there are several issues to deal with. There is a public facing interface that requires a firewall that is not included in the Fedora Base image. You have either to configure the host to protect the VM or install a firewall. Furthermore it is a peculiarity of the cloud-init process that the second, internal interface is not configured persistently. Instead, it is set up anew each time the system is booted. This makes it impossible to assign a firewall zone to this interface. The public interface also provides ssh access. So a root key file is needed to secure the login.
|
| |
+ Usually, a VM is more complex and there are several issues to deal with. There is a public facing interface that requires a firewall that is not included in the Fedora Cloud Base image. You have either to configure the host to protect the VM or install a firewall. Furthermore it is a peculiarity of the cloud-init process that the second, internal interface is not configured persistently. Instead, it is set up anew each time the system is booted. This makes it impossible to assign a firewall zone to this interface. The public interface also provides ssh access. So a root key file is needed to secure the login.
|
| |
|
| |
As soon as multiple VMs are to be installed, the above installation alternative 1 gets quite repetitive and requires a considerable amount of time. Instead, the cloud-init procedure can get detailed configuration information by 2 configuration files, meta-data and user-data. These files can be passed by reference via 2 subparameters of --cloud-init.
|
| |
|
| |
@@ -250,7 +249,7 @@
|
| |
[…]# vim /var/lib/libvirt/boot/cloud-init/meta-data
|
| |
instance-id: myapp
|
| |
----
|
| |
- According to specifications a static network connection is configured in meta-data. Basically it works. But some – obviously long standing – bugs require manual intervention in any case. So it is easier to make an adjustment manually on the basis of the default initialization in the other, custom specific file user-data.
|
| |
+ According to specifications a static network connection may get configured in meta-data. Basically it works. But some – obviously long standing – bugs require manual intervention in any case. So it is easier to configure a static network by adjusting the default initialization in the other, custom specific file user-data.
|
| |
|
| |
==== Preparing user-data
|
| |
|
| |
@@ -258,13 +257,13 @@
|
| |
Configuration includes several steps.
|
| |
|
| |
1. Setting the hostname
|
| |
- 2. Set up the user root, the public RSA key is copied into the file as well as set up the fallback account "hostmin" (or alike) which should also be able to log in by password. It will be assigned to the group wheel and his public key will be copied into the file
|
| |
+ 2. Set up the user root, the public SSH key is copied into the file as well as set up the fallback account "hostmin" (or alike) which should also be able to log in by password. It will be assigned to the group wheel and his public key will be copied into the file
|
| |
3. Set up a first-time password for both users for initial login and to be changed immediately
|
| |
4. Install required additional packages, e.g. the firewall, fail2ban, postfix (needed by fail2ban) and custom specific software, maybe a webserver
|
| |
5. Some packages need additional configuration files
|
| |
6. The VM needs an update of all packages
|
| |
7. Several configuration commands are required
|
| |
- a. Optional: convert interface eth0 as static
|
| |
+ a. Optional: convert interface eth0 to static
|
| |
b. Assign zone trusted to the interface eth1 (2nd position in the dbus path, so the order of the network parameters when calling libvirt is crucial!) and rename it according to naming convention. The modification also persists to a configuration file (still in /etc/sysconfig/network-scripts/ )
|
| |
c. Start the firewall and add required services
|
| |
d. If the size of the virtual disk has been changed, the file system must be updated.
|
| |
@@ -335,7 +334,7 @@
|
| |
# BEFORE internal eth1 in virt-instal option list
|
| |
# comment in and modify as required
|
| |
##- nmcli con mod path 1 ipv4.method static ipv4.addresses '<IPv4>/24'
|
| |
- ##- nmcli con mod path 1 ipv4.gateway '<IPv4>' ipv4.dns 'IPv4
|
| |
+ ##- nmcli con mod path 1 ipv4.gateway '<IPv4>' ipv4.dns '<IPv4>'
|
| |
##- nmcli con mod path 1 ipv6.method static ipv6.addresses '<IPv6>/64'
|
| |
##- nmcli con mod path 1 ipv6.gateway '<IPv6>' ipv6.dns '<IPv6>'
|
| |
##- nmcli con up path 1
|
| |