Two types of virtual machine are currently (2010-12-28) supported by DataONE hardware: KVM (all three locations) and OpenVZ (UNM). KVM (Kernel-based Virtual Machine) is a complete virtualization system for Linux and enables creation of VMs which are completely isolated from the host operating system. OpenVZ is a container based virtualization solution where the equivalent of VMs (actually Virtual Private Servers or Virtual Environments) execute in an environment similar to FreeBSD jails. OpenVZ claims some performance enhancements over full virtualization solutions.
Actually creating a virtual machines (or “guests”) is generally a straight forward procedure. There are several post-creation steps that should be followed to ensure the created server is at a level of configuration that provides a base for customization, is secured, and allows authentication of DataONE LDAP account holders.
Note
When creating VMs, set the timezone to UTC (appears at the bottom of the timezone choice menu during installation). Alternatively, set the timezone afterwards as described in Timezone and NTP
The base KVM install will be configured with shell access through SSH with accounts authenticated against the NCEAS LDAP instance. UFW will be installed and locked down to only port 22. DenyHosts will be installed to block attempted logins that fail too many times.
The following command with appropriate values for the various variables will create a basic KVM VM ready for final configuration:
ubuntu-vm-builder kvm karmic \
--arch='amd64'  \
--cpus='<< NUM CPU >>'
--mem='<< RAM MB >>'  \
--rootsize='<< DISK SIZE MB >>'  \
--swapsize='<< SWAP MB >>'  \
--dest=/kvm/<< HOST NAME>>.dataone.org \
--kernel-flavour='server'  \
--hostname='<< HOST NAME >>'  \
--domain='<< HOST NAME >>.dataone.org'  \
--mirror='http://archive.ubuntu.com/ubuntu'  \
--components='main,universe,multiverse'  \
--addpkg dialog \
--addpkg ca-certificates \
--addpkg ufw \
--addpkg dnsutils \
--addpkg curl \
--addpkg wget \
--addpkg libnss-ldap \
--addpkg nscd \
--addpkg openssh-server \
--addpkg nano \
--addpkg man \
--addpkg acpid \
--addpkg ntp \
--addpkg denyhosts \
--addpkg logrotate \
--name='Administrator'  \
--user='localadmin'  \
--pass='<< PASSWORD >>'  \
--bridge=br0 \
--ip='<< IP ADDRESS >>'  \
--mask='<< MASK >>'  \
--net='<< NETWORK >>'  \
--bcast='<< BROADCAST >>'  \
--gw='<< GATEWAY >>'  \
--dns='<< DNS >>' \
--libvirt qemu:///system
Where:
| RAM MB: | Common choices = 512, 1024, 2048, 4096, 8192, 16384, 32768 | 
|---|---|
| NUM CPU: | Common choices = 1, 2, 4, 8 | 
| DISK SIZE MB: | e.g. “300000 MB” (300GB) | 
| SWAP MB: | Typically up to << RAM MB >> | 
| HOST NAME: | Machine specific, see DNS Management for DataONE Nodes for guidlines. | 
| PASSWORD: | Secure password for localadmin account. | 
| IP ADDRESS: | Machine specific | 
| MASK: | UNM=255.255.255.0, UCSB=255.255.255.0, ORC=255.255.240.0 | 
| NETWORK: | UNM=129.24.0.0, UCSB=128.111.220.0, ORC=160.36.134.64 | 
| BROADCAST: | UNM=129.24.0.255, UCSB=128.111.220.255, ORC=160.36.134.79 | 
| GATEWAY: | UNM=129.24.0.1, UCSB=128.111.220.1, ORC=160.36.134.65 | 
| DNS: | DNS Server to use. 8.8.8.8, 8.4.4.4, or 4.2.2.2 are good choices. | 
After the VM instance has been created and started, logon as localadmin and configure and enable the firewall as outlined below:
sudo apt-get update
sudo apt-get upgrade
sudo ufw allow ssh
sudo ufw enable
At this point, the VM is in a minimally configured state and installation should proceed with configuring LDAP Authentication, enabling Deny Hosts, configuring Monitoring Systems, and setting up Outgoing Email for sending administrative notices.
OpenVZ guests are easily created through the Proxmox-ve web administration interface.
After creating the new VM with appropriate specifications it is necessary to logon to the guest and perform some additional configuration and package installation.
Open console, update distro:
apt-get update
apt-get upgrade
apt-get install dialog ca-certificates dnsutils openssh-server
Create localadmin account:
adduser localadmin
usermod -a -G sudo localadmin
Now login through SSH and user terminal for remainder of configuration.
apt-get install nano man ntp acpid curl wget
At this point, the VM is in a minimally configured state and installation should proceed with configuring LDAP Authentication, enabling Deny Hosts, configuring Monitoring Systems, and setting up Outgoing Email for sending administrative notices.
KVM virtual machines can be managed using virsh on the host.
Basic operations include:
| list: | Show a listing of virtual machines | 
|---|---|
| shutdown: | Shutdown (controlled) a virtual machine | 
| startup: | Start a virtual machine | 
Example, list domains, stop and start “mule2”:
$ virsh list
 Id Name                 State
----------------------------------
  1 epad                 running
  5 fedoradev            running
 12 mule2                running
 13 cn-unm-1             running
$ virsh shutdown mule2
Domain mule2 is being shutdown
$ virsh list --all
 Id Name                 State
----------------------------------
  1 epad                 running
  5 fedoradev            running
 13 cn-unm-1             running
  - mule2                shut off
$ virsh start mule2
Domain mule2 started
Another tool that works well from an Ubuntu desktop environment is the Ubuntu “Virtual Machine Manager”. Install it on your Ubuntu desktop machine using:
sudo apt-get install virt-manager
The start it up:
virt-manager &
Add a new connection through File | Add Connection..., selecting QEMU/KVM as the Hypervisor, and “remote tunnel over SSH” as the Connection. For the Hostname, enter:
<<username>>@<<host>>
where:
| username: | user account that is a member of the libvirtdgroup on the host | 
|---|---|
| host: | The VM host machine | 
We are using Proxmox-ve for managing OpenVZ (and some KVM) virtual machines. All normal administrative procedures can be performed through the intuitive web interface presented by the respective virtualization hosts.