You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Introduction

Add config drive support to the cloudstack VM. When config drive is selected all the user VM related data is placed in ISO disk and attached to VM.

 

Purpose

Support attaching config drive to cloudstack VM.  When dhcp service is used external to the cloudstack, config drive provides way for accessing vm data inside the user vm.

JIRA Tickets

Unable to render Jira issues macro, execution error.

Use cases

  1. Password, userdata, metadata and ssh keys got placed in user VM. So accessing these will be with new scripts provided.

Functional requirements

  1. Support deploying a VM in a network whose network offering does not provide any service
    In this case network doesn't have VR.
  2. Support deploying VM in network with only 'config drive' as userdata service.
  3. In the absence of VR userdata/password/ssh key access should be provided from ConfigDrive.

Work Flow

CS Admin

  1. Admin has to create a network offering with 'config drive' as user data provider
  2. Admin also has to create network using the network offering created in step # 1.
  3. Create required templates for the user Vm (with required tools, password, userdata and ssh key scripts)

CS User/Admin

Template creation

  1. Create templates for the UserVMs.

  2. If user data and password services are needed, then the templates needs to be configured with UserData and password scripts.
    TODO: Scripts locations will be updated similar to the existing password scripts

VM deploy

  1. Deploy VM in the network.
  2. For this network, router won't be created if there are no services offered by the router.
  3. UserVm is deployed and running. 

 

Config drive

Config drive is an ISO attached to VM with files containing data includes userdata, metadata, password and ssh key.

On vm starting cloudstack creates an ISO with the vm data files and attach this iso to the VM in read only.

Once the VM boot up the iso can be mounted inside the VM. Using scripts the data inside the VM will be accessed.

For each VM an ISO will be created. One user VM can't have access to other user VM config drive ISO.

 

Config drive ISO device is created by-label. So the device and device number can be attached as below.

The default label is 'config' and it can be updated from the global settings "vm.configdrive.label".

Note:  If "vm.configdrive.label" updated, make sure the same name is used in the user vm config drive scripts.

Device:

/dev/disk/by-label/config

DeviceId: Device can be found using blkid command

#blkid -t LABEL='config'
/dev/xvdb: LABEL="config" TYPE="iso9660"

Note: 

If your guest operating system does not use udev, the /dev/disk/by-label directory is not present.

You can use the blkid command to identify the block device that corresponds to the configuration drive.

 

#mount /dev/disk/by-label/config /mnt/
mount: block device /dev/disk/by-label/config is write-protected, mounting read-only
[root@localhost ~]# cd /mnt/
[root@localhost mnt]# ls
cloudstack

 

Config drive contents:

[root@localhost mnt]# ls -lR
.:
total 1474
dr-xr-xr-x 1 root root 2048 Mar 10 07:13 cloudstack
./cloudstack:

total 4
dr-xr-xr-x 1 root root 2048 Mar 10 07:13 metadata
dr-xr-xr-x 1 root root 2048 Mar 10 07:13 password

./cloudstack/metadata:
total 3
-r-xr-xr-x 1 root root 5 Mar 10 10:23 availability_zone.txt
-r-xr-xr-x 1 root root 49 Mar 10 10:23 cloud_identifier.txt
-r-xr-xr-x 1 root root 9 Mar 10 10:23 instance_id.txt
-r-xr-xr-x 1 root root 9 Mar 10 10:23 local_hostname.txt
-r-xr-xr-x 1 root root 14 Mar 10 10:23 service_offering.txt
-r-xr-xr-x 1 root root 2 Mar 10 10:23 vm_id.txt

./cloudstack/password:
total 1
-r-xr-xr-x 1 root root 14 Mar 10 10:23 vm_password.txt
[root@localhost mnt]#

Reading UserData Inside the VM

       CS bundles UserData, metadata,ssh key and password into an ISO. This ISO is attached to the user VM during VM deployment process as a ConfigDrive.
Linux VM
CS provides the script which needs to be placed in the user VM template. 
This script mounts the ISO inside the user Vm. Script can read UserData file contents from the mount path.
 
Windows VM

Once the windows VM is up and running ISO is mounted automatically. User can browse attached ISO inside the VM.

From this drive, user can access the UserData.

Setting VM password

Linux/Windows VM

The password enabled template with the script inside the template, will automatically sets the VM password.

Note: The public location of the scripts for userdata/password are provided for download.

 

Troubleshooting

  1. VM password not set for password enabled template.
    Make sure the required tools for config drive got installed in the VM template.
    Check the CS logs wether MS sent the userdata details to VM config drive.
    There can be issue with password script inside the VM, Check the vm logs and run it in the debug mode to see failures.

  2. Failed to read VM userdata in the VM. 
     Check the support matrix for the hypervisor/vm support for userdata
     Make sure the required tools for config drive got installed in the VM  template.
     Check the CS logs wether MS sent the password details to VM config drive.
    There can be issue with userdata script inside the VM if it is linux vm, Check the vm logs and run it in the debug mode to see failures.

 

 

Design

In network offering a new config drive provider get added. Config drive provider is for differentiating with VR for user data service.

When config driver provider is selected for user data in network offering, config drive is created for the user data.

 

As part of the VM deployment network creation process router won't be created for this network, if there are no services provided by the network.

ConfigDrive

     Config drive contains the user VM related userdata, metadata, ssh key and password files. These files are packed in an ISO file.
     Only ISO format config drive is supported.
     During VM deployment CS creates the config drive ISO and places in the primay storage where VM root disk is present.
     During the VM start this  ISO is attached to VM as CD disk. The device is created by label, so the device id not always same.
   
    Config drive get deleted when VM got stopped/destroyed. On vm start config drive ISO is generated and placed in primary storage to attach it to VM.
    When VM migrates, CS will take care of attaching config drive ISO in destination host.
Xenserver:
   In xenserver a new config drive ISO SR get created in the primary storage where root volume of the VR is preset.
   All the VMs config drive ISOs are placed in this SR.
   

ConfigDrive across the VM life cycle

  1. When VM is destroyed, ISO from the hypervisor get deleted.
  2. When user VM password is reset, updated, On VM start ISO with new password get attached to VM.
  3. On vm migration the config drive ISO get attached to VM on destination host.

ISO creation:

      ISO will be created in the MS with the userdata and password files.

      mkisofs binaries should be available in the MS

 

 mkisofs -iso-level 3 -V "config" -o <vmInternalName>.iso <isopath>;


 

DB Changes

No DB changes.

Hypervisors supported

  1. XenServer
  2. KVM
  3. VmWare

UI Flow

Network offering creation page will be updated to select 'config drive' for user data.

 

Upgrade

There are no upgrade changes. This feature works with fresh deployments.

 

  • No labels