Goals: Provide a robust lab or work environment that allows students or staff to deploy and manage their own virtual machines & instructor/director distributed virtual machines. The virtual lab should be accessible to both local and remote clients. Users with Chromebooks or iPads should have access to the lab and virtual machines over html5
Challenge : Provide a responsive, easy to utilize, low-cost alternative to AWS or Azure deployments. Allow students or staff full management control of virtual machines, from OS Setup to decommission. Utilize legacy equipment and open source software for a zero cost proof of concept.
Software: XCP-NG & Xen Orchestra from the sources
Proof of concept equipment : Dell PowerEdge R710, 96gb Ram, 7 300gb 15k SAS drives.
Part 1 SERVER SETUP
Server Setup: Raid 1 Mirror for OS installation, RAID 5 w/ 5 300gb drives for VM storage
Step 1: Download XCP-NG iso :
https://xcp-ng.org/#easy-to-install
Step 2: Create USB flash drive w/ rufus
you can read about and download rufus here : https://rufus.ie/
Step 3: Install XCP-ng
https://xcp-ng.org/docs/install.html#iso-installation
Our installation of XCP-ng was very vanilla, i chose my 2 disk raid 1 for the OS installation, and i chose my 5 disk raid 5 for vm storage, other than that it was click through and done. For a detailed walkthourgh click here : https://xcp-ng.org/docs/install.html#iso-installation
Congrats your host is setup in probably under an hour!
You can use XCP-ng center on your client machine if you want GUI access to the host for now :
https://github.com/xcp-ng/xenadmin/releases
PART 2 Virtual Machine Setup
What is Xen Orchestra ?
Xen Orchestra is designed to give you the tools you need to administer your XenServer or XCP-NG pools
and enjoy a complete overview of your whole infrastructure. No agent to install on your hosts,
you can access everything from anywhere and from any devices.
You have the option to deploy XenOrchestra as it's own physical machine, as a vm on the host you
just deployed, or on a separate host. Pick what works for you.
Step 1: download ubuntu 20.04 iso
Step 2: add an iso labrary to xcp-ng and upload your iso images to it.
We simply added a smb share iso library, but you have lots of options here, nfs or smb shares seem to be the most popular choices.
if you're stuck, here's a great resource : https://github.com/xcp-ng/xcp/wiki/Create-a-local-ISO-repository
Step 3: Setup a ubuntu 20.04 virtual machine w/ 20gb hdd, 4gb ram and 2cpu, select a nic on your virtual host that is uplinked to a network with internet access.
Step 4: configure ubuntu
If your vm didn't get a dhcp or you want to statically assign an ip this is how we did it :
#################### CHANGE STATIC IP ################################
CHANGE IP To Static
cd /etc/netplan
ls
#look and see what your netplan yaml file name is :
# ours was 00-installer-config.yaml
vi /etc/netplan/00-installer-config.yaml
##### edit the .yaml to look something like this (note your adapter name 'ens160' may be different, and your IP address will probably be different as well ):
#################
network:
ethernets:
ens160:
dhcp4: no
dhcp6: no
addresses: [10.10.0.99/16]
gateway4: 10.10.0.254
nameservers:
addresses: [10.10.0.1, 10.20.0.1]
version: 2
### wq vi
sudo netplan apply
##########################################################################
Once your nic is setup, from terminal run the following commands
sudo apt update
sudo apt install xe-guest-utilities
sudo apt-get install vim
sudo apt install openssh-server
sudo apt install curl
## then run this curl command to download and install Xen Orchestra from the sources :
curl https://raw.githubusercontent.com/Jarli01/xenorchestra_installer/master/xo_install.sh | sudo bash
### you have the option to setup 443 for https connections :
#OPTION 1:
################Setup Local HTTPS Connection ############################
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/key.pem -out /etc/ssl/certs/certificate.pem
vi /opt/xen-orchestra/packages/xo-server/.xo-server.toml
#change port 80 to 443
port = 443
cert = '/etc/ssl/certs/certificate.pem'
key = '/etc/ssl/private/key.pem'
### wq vi
systemctl restart xo-server.service
#### if you're want to use a CA cert for public NATs
#OPTION 2:
################Setup Public HTTPS Connection ############################
sudo openssl req -new -key /etc/ssl/private/digicertkey.key -out /etc/ssl/certs/digicertcertificate.csr
#upload csr to public ca and download certificate chain as single PEM
#create PEM file
touch /etc/ssl/certs/wildcardchain.pem
#paste certificate into .pem file
sudo vi /etc/ssl/certs/wildcardchain.pem
###update xo to use the wildcard cert
###copy and paste what you downloaded into the wildcardchain.pem
### wq vi
vi /opt/xen-orchestra/packages/xo-server/.xo-server.toml
port = 443
cert = '/etc/ssl/certs/wildcardchain.pem'
key = '/etc/ssl/private/digicertkey.key'
### wq vi
#########################################
systemctl restart xo-server.service
Ok, so if everything went well that should have taken less than an hour and you should now have Xen-Orchestra installed, secured and running!
congrats....
Now all that's left to do is NAT your Xen-Orchestra deployment to your public IP or DNS and your lab will be accessible for your users.
The default admin login is admin@admin.net w/ password : admin so make sure to change that
In my deployment I utilize the xen-orchestra ldap for user authentication, you can manually setup users or connect to AD or LDAP as well.
We also setup a default virtual machine, and converted it to a template for quick lab deployments.
What makes this deployment work as a Lab solution is the Xen-Orchestra ACL rules, you'll have to figure out how locked down to make your deployment... your host and vms can all be on a vlan that your firewall doesn't allow outside access to or from (other than your connection from xen-orchestra... that's what we recommend). You can also setup multiple hosts and allow different groups access to different host resources.
you can read more about ACL's here : https://xen-orchestra.com/docs/acls.html
Comments
Post a Comment