Agenda: lab-libvirt-cloning.en.htm

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <meta http-equiv="Content-Style-Type" content="text/css" />
  <meta name="generator" content="pandoc" />
  <title>Creating multiple VMs from a single VM</title>
  <style type="text/css">code{white-space: pre;}</style>
  <link rel="stylesheet" href="http://wsnoc.nsrc.org/css/style.css" type="text/css" />
</head>
<body>
<div id="header">
<h1 class="title">Creating multiple VMs from a single VM</h1>
</div>
<div id="TOC">
<ul>
<li><a href="#create-a-gold-image-with-your-public-key-included"><span class="toc-section-number">1</span> Create a &quot;Gold&quot; image with your public key included</a><ul>
<li><a href="#for-windows-users"><span class="toc-section-number">1.1</span> For Windows users</a></li>
<li><a href="#for-linux-unix-os-x-users"><span class="toc-section-number">1.2</span> For Linux / Unix / OS X users</a></li>
<li><a href="#use-vmbuilder-to-create-a-gold-image-for-workshop-student-vms"><span class="toc-section-number">1.3</span> Use vmbuilder to create a Gold image for workshop student vms</a></li>
</ul></li>
<li><a href="#updating-your-gold-vm"><span class="toc-section-number">2</span> Updating your Gold VM</a></li>
<li><a href="#manually-clone-your-gold-vm"><span class="toc-section-number">3</span> Manually clone your gold VM</a></li>
<li><a href="#clone-multiple-vms-with-a-single-command"><span class="toc-section-number">4</span> Clone multiple VMs with a single command</a></li>
<li><a href="#control-multiple-vms-from-the-command-line"><span class="toc-section-number">5</span> Control multiple VMs from the command line</a></li>
<li><a href="#optional-exercise---ssh-agent-forwarding"><span class="toc-section-number">6</span> Optional exercise - SSH Agent forwarding</a><ul>
<li><a href="#for-linux-unix-os-x"><span class="toc-section-number">6.1</span> For Linux / Unix / OS X</a></li>
<li><a href="#for-windows"><span class="toc-section-number">6.2</span> For Windows</a></li>
</ul></li>
<li><a href="#use-ssh-on-s1.ws.nsrc.org-to-run-a-command-across-multiple-vms"><span class="toc-section-number">7</span> Use SSH on s1.ws.nsrc.org to run a command across multiple VMs</a></li>
</ul>
</div>
<h1 id="create-a-gold-image-with-your-public-key-included"><a href="#create-a-gold-image-with-your-public-key-included"><span class="header-section-number">1</span> Create a &quot;Gold&quot; image with your public key included</a></h1>
<p>To get started Connect to your workshop server as the &quot;nsrc&quot; user. Don't become root except where indicated.</p>
<p>To do this we need to update the authorized_keys file that vmbuilder uses when building a new virtual machine. We will place your public key in a directory on the nsrc user account. When you create the directory please use your name so that you do not clash with other users doing this exercise:</p>
<pre><code>cd
mkdir &lt;YOURNAME&gt;</code></pre>
<p>Copy your public key to the /home/nsrc/<YOURNAME> directory. Use the instructions below for the platform on your laptop.</p>
<h2 id="for-windows-users"><a href="#for-windows-users"><span class="header-section-number">1.1</span> For Windows users</a></h2>
<p>Open the psftp.exe program</p>
<pre><code>psftp&gt; open s1.ws.nsrc.org
login as: nsrc
nsrc@s1.ws.nsrc.org&#39;s password: &lt;usual one&gt;
Remote working directory is /home/nsrc
psftp&gt;cd &lt;YOURNAME&gt;
Remote working directory is /home/nsrc/&lt;YOURNAME&gt;
psftp&gt; put id_rsa.pub
local:id_rsa.pub =&gt; remote:/home/nsrc/&lt;YOURNAME&gt;id_rsa.pub
psftp&gt; quit</code></pre>
<p>Your public ssh key is now in the /home/nsrc/<YOURNAME> directory on your workshop server.</p>
<p>Now we need to fix the key's format as it is not compatible with the SSH server format on Linux and Unix.</p>
<p>Open putty.exe and make a connection to s1.ws.nsrc.org as the user nsrc. Once you have done this do:</p>
<pre><code>cd &lt;YOURNAME&gt;
ssh-keygen -i -f id_rsa.pub &gt;&gt; id_rsa.pub.new</code></pre>
<p>Note that we use a different name for the resultant public key.</p>
<p>Now that your public key is in the correct format you can add it to the authorized_keys file that vmbuilder uses to create a new virtual machine.</p>
<pre><code>sudo -s
cat id_rsa.pub.new &gt;&gt; /etc/vmbuilder/misc/authorized_keys
exit</code></pre>
<p>That's it. Your public key is now in the correct location for vmbuilder.</p>
<h2 id="for-linux-unix-os-x-users"><a href="#for-linux-unix-os-x-users"><span class="header-section-number">1.2</span> For Linux / Unix / OS X users</a></h2>
<p>Open a shell (sometimes called terminal) on your laptop. Inside the shell type the command:</p>
<pre><code>cd
cat .ssh/id_rsa.pub | ssh root@s1.ws.nsrc.org &#39; cat &gt;&gt; /etc/vmbuilder/misc/authorized_keys&#39;</code></pre>
<p>If you don't understand what this command is doing please ask one of your instructors.</p>
<h2 id="use-vmbuilder-to-create-a-gold-image-for-workshop-student-vms"><a href="#use-vmbuilder-to-create-a-gold-image-for-workshop-student-vms"><span class="header-section-number">1.3</span> Use vmbuilder to create a Gold image for workshop student vms</a></h2>
<p>Be sure you log back in to s1.ws.nsrc.org as user nsrc for these steps.</p>
<p>Now we will generate a single virtual machine that we will duplicate multiple times that can be used for students in a workshop. To do this we will use vmbuilder like you have done previously.</p>
<p>Everyone in your group will ssh into the server and build a VM; it's fine for you to do them at the same time. Use the following name for your initial VM:</p>
<ul>
<li>1st person in the group: gold.ws.nsrc.org</li>
<li>2nd person in the group: gold2.ws.nsrc.org</li>
<li>3rd person in the group: gold3.ws.nsrc.org</li>
<li>...etc</li>
</ul>
<p>To build your VM, run the following command. Agree amongst yourselves which image you will each build. If you are not the first person in the group then modify the two places where &quot;gold.ws.nsrc.org&quot; appears.</p>
<pre><code>sudo vmbuilder kvm ubuntu --hostname gold.ws.nsrc.org --mem 512 --debug \
    --rootsize 20480 --dest /var/lib/libvirt/images/gold.ws.nsrc.org</code></pre>
<p>This builds a VM which will initially have 512MB RAM allocated when it runs, and a root disk which can grow up to 20GB.</p>
<p>Check that no errors are shown at the end of the build. You should see something like:</p>
<pre><code>...
2013-11-11 10:30:21,390 DEBUG   : Calling deploy method in VMBuilder.plugins.ubuntu.distro plugin.
2013-11-11 10:30:21,391 DEBUG   : No such method
2013-11-11 10:30:21,391 DEBUG   : Calling deploy method in context plugin VMBuilder.plugins.kvm.vm.
2013-11-11 10:30:21,391 DEBUG   : [&#39;rm&#39;, &#39;-rf&#39;, &#39;--one-file-system&#39;, &#39;/tmp/tmpjC8QLO&#39;]</code></pre>
<p>If you have three people in your group, then you would end up with the following three new VM image files:</p>
<pre><code>/var/lib/libvirt/images/gold.ws.nsrc.org
/var/lib/libvirt/images/gold2.ws.nsrc.org
/var/lib/libvirt/images/gold3.ws.nsrc.org</code></pre>
<p>Verify your VM is available for use:</p>
<pre><code>virsh list --all</code></pre>
<p>You might see something like:</p>
<pre><code> Id Name                 State
----------------------------------
  - gold.ws.nsrc.org     shut off
  - gold2.ws.nsrc.org    shut off
  - gold3.ws.nsrc.org    shut off
  - noc.ws.nsrc.org      shut off</code></pre>
<h1 id="updating-your-gold-vm"><a href="#updating-your-gold-vm"><span class="header-section-number">2</span> Updating your Gold VM</a></h1>
<p>Start the VM that you built. Remember to change &quot;gold.ws.nsrc.org&quot; to the name of your VM.</p>
<pre><code>virsh start gold.ws.nsrc.org
virsh list         # show running VMs</code></pre>
<p>If you do not see your VM running you can ask for help to troubleshoot this.</p>
<p>Now we want to attach to our VM via the emulated serial console. We don't use ssh to connect at first as we do not know the IP address that has been assigned to your new gold VM. Remeber to use your VM's name below:</p>
<pre><code>virsh console gold.ws.nsrc.org</code></pre>
<p>Hit Enter a few times. You should get a login prompt. Log in using:</p>
<pre><code>user: sysadm
password: &lt;Given in Class&gt;</code></pre>
<p>View the VM's IP address and verify network connectivity is working:</p>
<pre><code>ifconfig -a
ping 8.8.8.8
ping nsrc.org</code></pre>
<p>Now let's add a package that was not included by the vmbuilder process. You may realize after building a Gold VM that you have some specific settings or items that you want all the duplicated VMs to have that will be created from your gold VM image.</p>
<p>In this case let's install nmap (Network MAPper). A useful network forensic tool and do an &quot;apt-get update&quot; to make sure our Ubuntu package database is up to date and an upgrade to make sure all packages are up to date:</p>
<pre><code>sudo apt-get update
sudo apt-get upgrade
sudo apt-get install nmap</code></pre>
<p>You can test that nmap is working:</p>
<pre><code>nmap localhost</code></pre>
<p>At this point your gold VM is in a state that we would like to freeze and use for multiple VMs that will be created from this image.</p>
<p>Exit from the gold image by typing:</p>
<pre><code>ctrl-]</code></pre>
<p>This drops you back to the s1.ws.nsrc.org prompt. Now do:</p>
<pre><code>virsh list --all</code></pre>
<p>You can see your gold image running. Let's shut it down via virsh (remember to use your VM's name):</p>
<pre><code>virsh shutdown gold.ws.nsrc.org</code></pre>
<p>Verify your VM has shut off:</p>
<pre><code>virsh list --all</code></pre>
<h1 id="manually-clone-your-gold-vm"><a href="#manually-clone-your-gold-vm"><span class="header-section-number">3</span> Manually clone your gold VM</a></h1>
<p>First, let's update our workshop-kit git repository on s1.ws.nsrc.org.</p>
<pre><code>cd
cd workshop-kit
git pull http://trainers@wsnoc.nsrc.org:8000/nsrc/workshop-kit.git</code></pre>
<p>When you installed the workshop-kit Git repository on s1.ws.nsrc.org one of the directories that was installed includes some useful scripts for cloning VMs.</p>
<pre><code>cd scripts
ls</code></pre>
<p>You should see the file clonevm.sh. This is a shell script to help simplify the process of duplicating a VM from an initial image (our gold image). Try running the script with no options:</p>
<pre><code>./clonevm.sh</code></pre>
<p>You should see:</p>
<pre><code>Usage: [BRIDGE=brX] ./clonevm.sh &lt;source&gt; &lt;clone-as&gt; [target-dir]
Then use &#39;virsh start &lt;clone-as&gt;&#39; to run it</code></pre>
<p>Let's use this script to create a new VM cloned from the gold image you just created. For this exercise we are going to split in to three groups per workshop server. This is important to ensure you do not overwrite your neighbor's work. Here are the groups:</p>
<pre><code>gold  ==&gt; vm1-vm10
gold2 ==&gt; vm11-vm20
gold3 ==&gt; vm21-vm30</code></pre>
<p>To start you are going to manually create two new VMs using the clonevm.sh script, like this:</p>
<pre><code>gold creates vm1.ws.nsrc.org and vm2.ws.nsrc.org
gold2 creates vm11.ws.nsrc.org and vm12.ws.nsrc.org
gold3 creates vm21.ws.nsrc.org and vm22.ws.nsrc.org</code></pre>
<p>Here is what each person should now do:</p>
<p>For the gold VM:</p>
<pre><code>./clonevm.sh gold.ws.nsrc.org vm1.ws.nsrc.org
./clonevm.sh gold.ws.nsrc.org vm2.ws.nsrc.org</code></pre>
<p>For the gold2 VM:</p>
<pre><code>./clonevm.sh gold2.ws.nsrc.org vm11.ws.nsrc.org
./clonevm.sh gold2.ws.nsrc.org vm12.ws.nsrc.org</code></pre>
<p>For the gold3 VM:</p>
<pre><code>./clonevm.sh gold3.ws.nsrc.org vm21.ws.nsrc.org
./clonevm.sh gold3.ws.nsrc.org vm22.ws.nsrc.org</code></pre>
<p>What you might notice is how fast this is. Each of you now have two new VMs that are duplicate images of your initial gold VM. View what VMs are available:</p>
<pre><code>virsh list --all</code></pre>
<p>You should see something like:</p>
<pre><code> Id Name                 State
----------------------------------
  - gold.ws.nsrc.org     shut off
  - gold2.ws.nsrc.org    shut off
  - gold3.ws.nsrc.org    shut off
  - noc.ws.nsrc.org      shut off
  - vm1.ws.nsrc.org      shut off
  - vm11.ws.nsrc.org     shut off
  - vm12.ws.nsrc.org     shut off
  - vm2.ws.nsrc.org      shut off
  - vm21.ws.nsrc.org     shut off
  - vm22.ws.nsrc.org     shut off</code></pre>
<p>Start your two new VMs now using the &quot;virsh start&quot; command. Hint, for the gold VM user &quot;virst start vm1.ws.nsrc.org&quot; and so on. Once you are all done you should see something like:</p>
<pre><code> Id Name                 State
----------------------------------
  5 vm1.ws.nsrc.org      running
  6 vm2.ws.nsrc.org      running
  7 vm11.ws.nsrc.org     running
  8 vm12.ws.nsrc.org     running
  9 vm21.ws.nsrc.org     running
 10 vm22.ws.nsrc.org     running
  - gold.ws.nsrc.org     shut off
  - gold2.ws.nsrc.org    shut off
  - gold3.ws.nsrc.org    shut off
  - noc.ws.nsrc.org      shut off</code></pre>
<p>Now try pinging some of the new VMs:</p>
<pre><code>ping vm1.ws.nsrc.org
ping vm11.ws.nsrc.org
ping vm21.ws.nsrc.org</code></pre>
<p>(If you don't have three members in your group, then just ping what is available).</p>
<p>Do you notice something? The DNS already has entries for each of these VMs. This is on purpose. Furthermore, the VMs all have reasonable IP addresses. How did we do this? We will explain the details at the end of this exercise.</p>
<p>Use ssh to connect to your two new VM images and to verify that things look OK. You can ssh directly from your laptop to the vm, or you can use the command line ssh logged in as the nsrc user on s1.ws.nsrc.org.</p>
<p>Once you are logged in on your new VMs let's do this:</p>
<pre><code>ifconfig -a
ping 8.8.8.8
ping nsrc.org
ping s1.ws.nsrc.org
ping vm1.ws.nsrc.org
nmap s1.ws.nsrc.org</code></pre>
<p>Remember we installed nmap on the gold image? That's why nmap is now installed on your VMs.</p>
<p>Now log out of this vm and be sure you are logged in to s1.ws.nsrc.org as the nsrc user:</p>
<h1 id="clone-multiple-vms-with-a-single-command"><a href="#clone-multiple-vms-with-a-single-command"><span class="header-section-number">4</span> Clone multiple VMs with a single command</a></h1>
<p>Now we want you to create the following VMs depending on your gold VM image. Here are the machine you need to create:</p>
<pre><code>gold.ws.nsrc.org ==&gt; vm3-vm10
gold2.ws.nsrc.org ==&gt; vm13-vm20
gold3.ws.nsrc.org ==&gt; vm23-vm30</code></pre>
<p>Note we are not creating the first two VMs in each range as we've already done this manually.</p>
<p>We can use the power of the command line and a for statement to create a programmatic loop with variables to create these VMs. For example, to create sample1.ws.nsrc.org to sample30.ws.nsrc.org from a sample.ws.nsrc.org image you could do (DON'T DO THIS!) on the command line:</p>
<pre><code>for i in $(seq 1 1 30); do ./clonevm.sh sample.ws.nsrc.org sample$i.ws.nsrc.org; done</code></pre>
<p>This assumes clonevm.sh is in the directory from where you are running this command. Below are the commands each user should run for each gold image to duplicate the remaining 8 VMs we would like you to create:</p>
<p>For the gold VM:</p>
<pre><code>cd
cd workshop-kit/scripts
for i in $(seq 3 1 10); do ./clonevm.sh gold.ws.nsrc.org vm$i.ws.nsrc.org; done</code></pre>
<p>For the gold2 VM:</p>
<pre><code>cd
cd workshop-kit/scripts
for i in $(seq 13 1 20); do ./clonevm.sh gold2.ws.nsrc.org vm$i.ws.nsrc.org; done</code></pre>
<p>For the gold3 VM:</p>
<pre><code>cd
cd workshop-kit/scripts
for i in $(seq 23 1 30); do ./clonevm.sh gold3.ws.nsrc.org vm$i.ws.nsrc.org; done</code></pre>
<p>Now let's see what VMs are available to run:</p>
<pre><code>virsh list --all</code></pre>
<p>Wow! You've just created multiple and fully functioning Linux servers using a single command.</p>
<h1 id="control-multiple-vms-from-the-command-line"><a href="#control-multiple-vms-from-the-command-line"><span class="header-section-number">5</span> Control multiple VMs from the command line</a></h1>
<p>At this point starting each VM manually using &quot;virsh start&quot; will quickly become tedious. Let's use the same concept and do this with a single command. We'll include the first two VMs you created in case one of them is not running. It is fine to do virsh start for a machine that's already started:</p>
<p>For the gold VM:</p>
<pre><code>for i in $(seq 1 1 10); do virsh start vm$i.ws.nsrc.org; done</code></pre>
<p>For the gold2 VM:</p>
<pre><code>for i in $(seq 11 1 20); do virsh start vm$i.ws.nsrc.org; done</code></pre>
<p>For the gold3 VM:</p>
<pre><code>for i in $(seq 21 1 30); do virsh start vm$i.ws.nsrc.org; done</code></pre>
<p>Once you have all the VMs up and running do:</p>
<pre><code>virsh list --all</code></pre>
<p>What IP addresses do these VMs have?</p>
<pre><code>for i in $(seq 1 1 30); do dig +short vm$i.ws.nsrc.org; done</code></pre>
<p>Are you beginng to see how &quot;for&quot; works?</p>
<p>Try pinging each of these addresses to see if your VMs are up and running. If you don't have all 30 VMs see ify can adjust the sample command below to just ping the VMs you are using:</p>
<pre><code>for i in $(seq 1 1 30); do ping -c 1 -W 1 vm$i.ws.nsrc.org; done</code></pre>
<p>Remember you can scroll back in your terminal windows to see results that scroll off the visible screen.</p>
<p>Can you figure out how to write a single command that would shutdown each of your running VMs using the &quot;virsh shutdown&quot; command? Of so, do this now.</p>
<h1 id="optional-exercise---ssh-agent-forwarding"><a href="#optional-exercise---ssh-agent-forwarding"><span class="header-section-number">6</span> Optional exercise - SSH Agent forwarding</a></h1>
<p>When you connect as the user nsrc to your workshop server (s1.ws.nsrc.org) you connect using your private key / public key authentication. To be able to connect to the VMs running on s1.ws.nsrc.org using your public/private key pair you need to enable SSH Agent forwarding so that your key is available for use in your session as user nsrc (or root) on s1.ws.nsrc.org.</p>
<h2 id="for-linux-unix-os-x"><a href="#for-linux-unix-os-x"><span class="header-section-number">6.1</span> For Linux / Unix / OS X</a></h2>
<p>From the command line:</p>
<pre><code>ssh -o ForwardAgent=yes nsrc@s1.ws.nsrc.org</code></pre>
<p>To make this permanent:</p>
<pre><code>cd
editor .ssh/config</code></pre>
<p>and add these lines to the file:</p>
<pre><code>Host *
    ForwardAgent=yes</code></pre>
<p>But, be careful as this will forward your key to every host you connect to. You could do:</p>
<pre><code>Host s1.ws.nsrc.org
    ForwardAgent=yes</code></pre>
<p>If you do this, then when you are logged in on s1.ws.nsrc.org you can use keys to connect to the VMs. From a Linux / Unix / OS X laptop, however, you can just connect directly to the VMs if you wish.</p>
<h2 id="for-windows"><a href="#for-windows"><span class="header-section-number">6.2</span> For Windows</a></h2>
<ul>
<li>Open putty.exe</li>
<li>If you have a saved session for connection to s1.ws.nsrc.org Load this (if you don't create one now)</li>
<li>In the left-hand column go down to SSH, click on the &quot;+&quot; symbol and select Auth</li>
<li>Check the box that says &quot;Allow agent forwarding&quot;</li>
<li>In the left-hand column scroll back to the top and click on Session</li>
<li>Be sure to click &quot;Save&quot; to save these settings for the next time.</li>
<li>Now click on Open</li>
</ul>
<p>From now on SSH Agent forwarding is enabled for future SSH connection.</p>
<h1 id="use-ssh-on-s1.ws.nsrc.org-to-run-a-command-across-multiple-vms"><a href="#use-ssh-on-s1.ws.nsrc.org-to-run-a-command-across-multiple-vms"><span class="header-section-number">7</span> Use SSH on s1.ws.nsrc.org to run a command across multiple VMs</a></h1>
<p>Log in on s1.ws.nsrc.org the user nsrc. Be sure you do this with SSH Agent forwarding enabled.</p>
<p>Now start your VMs.</p>
<p>For the gold VM:</p>
<pre><code>for i in $(seq 1 1 10); do virsh start vm$i.ws.nsrc.org; done</code></pre>
<p>For the gold2 VM:</p>
<pre><code>for i in $(seq 11 1 20); do virsh start vm$i.ws.nsrc.org; done</code></pre>
<p>For the gold3 VM:</p>
<pre><code>for i in $(seq 21 1 30); do virsh start vm$i.ws.nsrc.org; done</code></pre>
<p>Since your SSH key is available you should be able to ssh to each VM using your private key's passphrase. But, we don't want to type this each time so we'll enable the ssh agent on s1.ws.nsrc.org:</p>
<pre><code>ssh-add </code></pre>
<p>Now try running a command on your VMs using SSH. Note, you <em>do not</em> need to log in on each VM. You can issue a command via SSH by using SSH in this form:</p>
<pre><code>ssh user@remote-host command</code></pre>
<p>So, to issue the command hostname on vm1.ws.nsrc.org without having to log in and log back out you can do:</p>
<pre><code>ssh sysadm@vm1.ws.nsrc.org hostname</code></pre>
<p>Give that a try.</p>
<p>Now let's do this across all 10 of your VMs for each gold group. Can you figure out how to do this without looking at the example below?</p>
<p>The first time you connect you'll have to accept each VM's public key, so this will not be all that impressive. Run the command twice. The second time will be much faster and give you an idea of how useful this could be when administering multiple VMs:</p>
<p>For the gold VM:</p>
<pre><code>for i in $(seq 1 1 10); do ssh sysadm@vm$i.ws.nsrc.org hostname; done</code></pre>
<p>For the gold2 VM:</p>
<pre><code>for i in $(seq 11 1 20); do ssh sysadm@vm$i.ws.nsrc.org hostname; done</code></pre>
<p>For the gold3 VM:</p>
<pre><code>for i in $(seq 21 1 30); do ssh sysadm@vm$i.ws.nsrc.org hostname; done</code></pre>
<p>Now we'll explain some of the details behind how things were built.</p>
</body>
</html>