Category: linux

Setting up an OpenStack Cloud using Ansible

I use Ansible and OpenStack quite a bit on a daily basis, so I wanted to check out the work the community has done with the openstack-ansible project and get an OpenStack environment set up in my lab. I encourage you to read through the documentation as it is really detailed. Let’s do this!


My Lab Environment

My setup consists of:

4 x Dell PowerEdge R720s with 128GB of RAM
Quad 10G Intel NICs
Cisco Nexus 3k switches

I set aside one of the nodes for deployment and the other three were going to be used as targets. openstack-ansible currently supports Ubuntu 14.04 LTS (Trusty) so the first order of business was to install the OS to the servers. Future support for 16.04 LTS (xenial) and CentOS 7 may be coming down at some point as well.

Setting up Networking

Once the OS was installed, the first thing to do was to set up the initial networking config in /etc/network/interfaces. For my setup, I’ll be assigning networks to vlans for my setup.

Add some initial packages on the target host and enable some modules:

apt-get install bridge-utils debootstrap ifenslave ifenslave-2.6 \
lsof lvm2 ntp ntpdate openssh-server sudo tcpdump vlan
echo 'bonding' >> /etc/modules
echo '8021q' >> /etc/modules

Drop your interfaces file onto all of your hosts you’ll be deploying and reboot them to apply the changes so that they set up all of the bridges for your containers and instances. In my example this configuration sets up dual bonds, VLANs, and bridges that OpenStack Ansible will plug everything into.

Initial Bootstrap

You’ll want to use one server as the deployment host so log into that server, check out openstack-ansible, and run the initial Ansible bootstrap:

git clone /opt/openstack-ansible
cd /opt/openstack-ansible
git checkout stable/mitaka

The script will generate keys so make sure to copy the contents of the public key file on the deployment host to the /root/.ssh/authorized_keys file on each target host.

Copy the example openstack_deploy directory to /etc/:

cp -R /opt/openstack-ansible/etc/openstack_deploy /etc/openstack_deploy
cp /etc/openstack_deploy/openstack_user_config.yml.example /etc/openstack_deploy/openstack_user_config.yml

Modify the openstack_user_config.yml for the settings you want. You’ll need to specify which servers you want each role to do. The openstack_user_config.yml is pretty well commented and provides lots of docs to get started.

My config:

If you have enough memory and CPU on the hosts, you can also reuse the infrastructure nodes as compute_nodes to avoid having to set up dedicated nodes for compute.


cd /opt/openstack-ansible/scripts
python --file /etc/openstack_deploy/user_secrets.yml

User Variables

We’ll start with just the basics for now to get operational. Make sure to enable at least a few options in the /etc/openstack_deploy/user_variables.yml otherwise it will have a hard time assembling the variables (these haven’t made it into the mitaka stable branch yet):

## Debug and Verbose options.
debug: false
verbose: false

Run the playbooks

cd /opt/openstack-ansible/playbooks
openstack-ansible setup-hosts.yml
openstack-ansible haproxy-install.yml
openstack-ansible setup-infrastructure.yml
openstack-ansible setup-openstack.yml

If there are no errors, then the initial cluster should be setup. The playbooks are all idempotent so you can rerun them at anytime.

Using the Cluster

Once these playbooks complete, you should have a functional OpenStack Cluster. To get started, you can log into Horizon with either the external vip IP you set up in openstack_user_config.yml or by hitting the server directly.

You’ll use the user name “admin” and the password will be in your /etc/openstack_deploy/user_secrets.yml file that you generated earlier:

grep keystone_auth_admin_password /etc/openstack_deploy/user_secrets.yml
keystone_auth_admin_password: 4lkwtwtpmasldfqsdf

Each target node will have a utility container that you can ssh into to grab the openstack client credentials or run the client from the container. You can find it by doing an:

root@osa-node1:~# lxc-ls | grep -i util
root@osa-node1:~# ssh root@node1_utility_container-860a6cd9
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.13.0-85-generic x86_64)
root@node1-utility-container-860a6cd9:~# openstack server list
| ID                                   | Name        | Status | Networks             |
| 1b7f1a7f-db87-47fe-a884-c66875ceed00 | my-instance | ACTIVE | Public=|

Create and Setup Your Network

In Horizon under the System tab, select networks and then “+Create network”. The main thing to note is depending on the network you are setting up, make sure to specify that type in the Physical Network box as well. In my case, I set up a vlan network, so I made sure to set:

Name: Public
Project: admin
Provider Network Type: VLAN
Physical Network: vlan
Admin State: UP

Once the network is created, click on the Network Name and click “+Create Subnet”. Add your:

Subnet Name: VLAN_854
Network Address:
Gateway IP:
Allocation Pools: <Start Address>,<End Address>
DNS Name Servers: <DNS Servers>

Add Images to Glance

You’ll need to add some images to get up and running. You can find a list of supported images that include Cloud-Init here.

Name: Image Name
Image Source: Image Location
Image Location: Enter in URL of Cloud Image
Format: QCOW2, RAW, or whatever the image format may be
Architecture: x86_64 or whatever hardware you might be using
Public: Checked

Security Groups

By default security groups are enabled, so you’ll want to enable some ingress rules like SSH and ICMP by default so you can connect to your instance.

Start an Instance

Under the instances tab, click “Launch Instance”. Fill in your desired options, including boot from image, add any keypairs you might want, and make sure to select the Security Group you set up previously. You’ll also want to make sure you are plugged into the right network as well. Once all of those things are set up, you should be able to launch the instance and attempt to connect to it.

Things to Note

Cluster Recovery

The target hosts are in a DB cluster so if you need to reboot them, make sure to stagger them, so that the cluster doesn’t fail. If you find the DB is not coming up, you can run the galera-bootstrap playbook which should bring the cluster back up (docs):

openstack-ansible galera-install.yml --tags galera-bootstrap

If you run into any issues running through this, please let me know in the comments or ping me in #openstack-ansible on Freenode as antonym.

Stateless Hypervisors at Scale

Running a public cloud that provisions infrastructure has many challenges, especially when you start getting to very large scale. Today I’m going to touch on the hypervisor piece, the main part of a public cloud that contains the customers data running in their instances.

Hypervisors typically run on bare metal, have some sort of operating system, host configuration, the customer’s instance settings and then if using local storage, the virtual disks.

Traditionally, an operating system is installed and configuration management like Puppet, Chef, or Ansible is ran to bring the host machine up to deployed specification and then added to automation that ultimately provisions instances for a public cloud.

Over time, new features get implemented, bugs are fixed, and operational knowledge is gained so your deployed infrastructure will evolve over time. As your infrastructure grows, your older legacy style infrastructure can start looking a lot different and start becoming out of sync and inconsistent.

To break it down into a few points:

  • Hypervisors become inconsistent over time by ongoing maintenance, code releases, and manual troubleshooting by operations.
  • Optimizations, patches, and security fixes are pushed with newer builds but older builds in production never get caught up.
  • Critical kernel or hypervisor updates that require reboots are hard to do because of the uptime requirements of a public cloud.

So what if we got rid of the traditional methods of OS installation and configuration management and instead created a snapshot of your server build once and then deployed that to thousands of servers?

“We’ll Do It Live”

If you’ve ever installed Ubuntu, typically you’ll use what’s called a Live CD to install the OS. The CD loads an OS into RAM and brings up the GUI so that you can then run the install from there. Many distributions over the years have used Live CDs for installation, rescue, or to serve as a tool for recovering from data loss.

The same concept can be applied to a hypervisor or a server running a work load. If you think about it, the hypervisors typically have one purpose, to run instances virtually for a user. Why have thousands of independent installs?

Creating a Live Image

The process I’ve been using to create live images is relatively simple. I’ve detailed some very high level basics and will deep dive into each one of these at a later date:

  • Create an initial minimal chroot of the filesystem
  • Using Ansible, run configuration management one time within the chroot. This includes all additional packages needed, any customizations, and other additional things you’d normally do in your configuration run.
  • Install tools to allow for Live Booting to work
  • CentOS/Debian/Fedora/OpenSUSE/Ubuntu – dracut
  • Regenerate the initrd to inject the live boot tools into the initrd
  • Copy the kernel and initrd out
  • Create an image file and sync the filesystem into the image file.

From there you now the entire build of your OS represented by three files that can be used to boot the operating system over the network, from Grub, or via kexec.

To persist or not persist?

Now at this point you essentially will have an image that can boot into RAM using iPXE, Grub, or even kexec which is fully stateless. But what if you want to actually make the data persist? With a few scripts added to the boot time, you can very easily separate the actual operating system and applications which will need updating over time from the user’s data which will need to persist and be constant.

The scripts create symlinks from the filesystem in RAM to local storage on the server so that when the application tries to write to a directory, it gets redirected to a persistent storage on the local disk. The scripts to build the symlinks are part of the image so they are recreated every time the server boots the image.

In the example of an Openstack Nova Compute running Libvirt+KVM booting as a LiveOS, I have just a few locations on the filesystem that symlink to /data which is mounted on local storage on /dev/sda2:

  • /etc/libvirt – libvirt configurations
  • /etc/nova – Openstack Nova configuration
  • /etc/openvswitch – openvswitch settings and config
  • /etc/systemd/network – systemd networking configs
  • /var/lib/libvirt/ – libvirt files
  • /var/lib/nova/ – instance location
  • /var/lib/openvswitch/ – openvswitch database

Those locations and files within them make up the unique part of each hypervisor and keep them separate from the rest of the overall OS which will need to go through constant upgrading or changes.


I’ve been working on making some of the bits we’ve been working on available to the public. It’s a project called Squashible. The name came from mashing SquashFS with Ansible. We switched away from using SquashFS for the time being but the name stuck for now until I can come up with a better name.

You can play around with it here. It’s a constant work in progress so please use at your own risk. It currently runs through various roles to create an image with the minimal set of packages you need to run a hypervisor of a certain type. Many thanks to Major Hayden for working with me side by side on a lot of this project over the past year.


A video to my presentation and slides are below for Openstack Austin 2016 – Stateless Hypervisors at Scale.


Comments, concerns, ideas? Let me know!

Booting Linux ISOs with Memdisk and iPXE

There are a number of distributions out there that provide proper support for booting the distribution over the network. A lot of the more popular distributions usually provide a installer kernels that can be easily downloaded for use. You point at the vmlinuz and the initrd and can them immediately proceed with the install streaming down packages as needed. These distributions make it great for tools like to install using iPXE.

There are some distributions out there that don’t have this functionality and typically only produce the ISO without any repositories that provide installer kernels or the rootfs.

In those cases, occasionally you can use memdisk and iPXE to boot those ISOs but they don’t always work. In doing some research, I ran across one of the major issues as to why.

Syslinux – Memdisk

The following was taken from syslinux – memdisk.

The majority of Linux based CD images will also fail to work with MEMDISK ISO emulation. Linux distributions require kernel and initrd files to be specified, as soon as these files are loaded the protected mode kernel driver(s) take control and the virtual CD will no longer be accessible. If any other files are required from the CD/DVD they will be missing, resulting in boot error(s). Linux distributions that only require kernel and initrd files function fully via ISO emulation, as no other data needs accessing from the virtual CD/DVD drive once they have been loaded. The boot loader has read all necessary files to memory by using INT 13h, before booting the kernel.

There is also another solution, which requires the phram and mtdblock kernel module and memdiskfind utility of the Syslinux package (utils/memdiskfind). memdiskfind will detect the MEMDISK mapped image and will print the start and length of the found MEMDISK mapped image in a format phram understands:

modprobe phram phram=memdisk,$(memdiskfind)
modprobe mtdblock

This will create a /dev/mtdblock0 device, which should be the .ISO image, and should be mountable.

If your image is bigger than 128MiB and you have a 32-bit OS, then you have to increase the maximum memory usage of vmalloc, by adding:


Example: vmalloc=256Mi to your kernel parameters.

memdiskfind can be compiled with the klibc instead of with the glibc C library to get a much smaller binary for use in the initramfs:

cd ./syslinux-4.04/utils/
make spotless
make CC=klcc memdiskfind

Implementations of phram and mtdblock

ArchLinux has implemented the above concept here and here.

Debian Live used it here.

It’s also been implemented in Clonezilla and GParted.

Antergos Linux based on Arch Linux works great with memdisk using the phram module.


I think it would be great for more distributions to attempt to implement something like this so that iPXE tools can be used to load the ISOs instead of actually having to burn or look for the location of the latest ISO every time.

Some of the distributions I’d love to see network support or better memdisk support are:

Linux Mint
Solus Project

There are also many other new distributions being released all the time. I typically use DistroWatch to determine the most popular distributions to attempt to add to I’d love to get a lot of these added to make it really easy to install anything on the fly.

I’d also love to see some of the hypervisors out there crack open the ISOs, pull them outside of their paywalls, and host the bits on their servers so that it’s much easier to immediately boot an install to test something out without having to jump through many hoops. I have working installs for VMware ESX and Citrix XenServer but I’d need to have them host the bits or allow permission to do so for a public facing installer menu.

My newest project on the side is If you’ve seen, this should look pretty familiar to you. I ran across cheap .xyz domains from Namecheap (one dollar at the time!), and figured the name space was much easier to remember and was more neutral to the goal I was trying to accomplish. I forked (still doing basic maintenance) and am now focusing my efforts on

My goal with the project is to make it easy as possible to boot many of the popular operating systems from bare metal, virtual machines, etc without the hassle of hunting down the latest ISO for the OS you want to download. Ideally it’s usable with any service provider or just someone who maintains their own servers.

I usually try and use operating systems that make their boot loaders available via mirrors, although there are occasionally some exceptions. I’m also experimenting with various new builds like WinPE, Live Booted OS, and I’d like to even pursue getting some hypervisors on there as well to make it as easy as possible to install everything.

It’s also a great place to just let people play around with new operating systems with just a menu and learn about the many many distributions out there.

Check it out when you get a chance and drop me some feedback or make a pull request if you see something I’m missing. I’ve added a really easy way to test your pull request from the utility menu, all you need to do is enter in your github username and branch or hash of the commit you want to test.

I’m still working on a bunch of documents for demonstrating how easy it is to plug the 1MB iPXE ISO into things like VMware Fusion, Virtual Box, Openstack, so bear with me while I try and get all of those available.


Creating Custom Security Updates In XenServer

Some of you may have heard about the latest vulnerability affecting QEMU codenamed VENOM.

Sometimes security vulnerabilities are released faster than the vendor can qualify a valid hot fix. In this post, I’ll walk you through how to generate your own XenServer hotfix in order to rapidly patch the issue.

How XenServer Patching Works

The sources for XenServer are provided each release, usually in a binpkg.iso. Here’s are some links for the latest version of XenServer 6.5:

XenServer Primary Download Page

XenServer 6.5 Hypervisor

XenServer 6.5 Sources

XenServer 6.5 DDK

Creating your Own Custom Patch

The first thing you’ll need to do is to download the DDK for the affected version. The DDKs are released for each version of XenServer and also released anytime the kernel revs within the major release. The DDK provides the same environment that the SRPMs were created under, so it makes it really easy to rebuild the RPMs. It comes packaged as an appliance, so you’ll want to import that appliance into a build of XenServer and boot it up

Determine What Needs to be Patched

If QEMU needs patching, more than likely it’s the qemu-dm binary (/usr/lib64/xen/bin/qemu-dm). To determine which packages sources you need to retrieve, run a rpm query on that binary:

[root@hostname /]# rpm -qf /usr/lib64/xen/bin/qemu-dm

Now we know that we need to make the changes to the xen-device-model.

If we needed to patch Xen:

[root@hostname boot]# rpm -qf xen-4.4.1-xs100346.gz

And so on. Once you know what the package is, then we can go about finding the source rpm.

Obtaining the Source RPM

Assuming the version of XenServer you’re using is up to date on patches, you’ll want to grab either the latest deployed patch to your environment, or grab the latest patch that contained the version you want to update. Each xsupdate contains updated RPMs, so you might need to run through all of the latest patches to find the right one.

Anytime a hotfix is released, the hotfix will include the sources that were changed as part of the update release. For example, within the zip of a hotfixed release, 6.5SP1 in this case, you’ll have two files:

  • the xsupdate that is used to apply to the server, XS65ESP1.xsupdate
  • the sources package, XS65ESP1-src-pkgs.tar.bz2

The sources package includes all of the SRPMs that were used to create the latest xsupdate.

Extracting the Sources

We’ll want to take the latest available sources, grab the Source RPM, and install it to the DDK server. We’ll use the one out of this hotfix to simulate updating QEMU for VENOM:

bunzip2 XS62ESP1021-src-pkgs.tar.bz2
tar xvf XS62ESP1021-src-pkgs.tar 

Create .rpmmacros so that the sources extract to a known location:

# ~/.rpmmacros
%packager %(echo "$USER")
%_topdir %(echo "$HOME")/rpmbuild

Make directories:

mkdir ~/rpmbuild ~/rpmbuild/SOURCES ~/rpmbuild/RPMS ~/rpmbuild/BUILD ~/rpmbuild/SRPMS ~/rpmbuild/SPECS 

Install the sources:

rpm -i xen-device-model-1.8.0-105.7582.i686.src.rpm

Copy the patch file to ~/rpmbuild/SOURCES/:

cp xsa133-qemut.patch ~/rpmbuild/SOURCES/

Update the SPEC file to include the new patch and bump the release from 105.7582 to 105.7582.1custom. We do this so we can prevent conflicts from future versions but still differentiate which version we’re on:

[root@localhost]# diff -u xen-device-model.spec xen-device-model.spec.mod
--- xen-device-model.spec   2015-03-17 12:02:05.000000000 -0400
+++ xen-device-model.spec.mod   2015-05-12 19:35:53.000000000 -0400
@@ -1,11 +1,12 @@ 
 Summary: qemu-dm device model
 Name: xen-device-model
 Version: 1.8.0
-Release: 105.7582
+Release: 105.7582.1custom
 License: GPL
 Group: System/Hypervisor 
 Source0: xen-device-model-%{version}.tar.bz2
 Patch0: xen-device-model-development.patch
+Patch1: xsa133-qemut.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires: SDL-devel, zlib-devel, xen-devel, ncurses-devel, pciutils-devel
@@ -14,6 +15,7 @@
 %setup -q
 %patch0 -p1
+%patch1 -p1
 ./xen-setup --disable-opengl --disable-vnc-tls --disable-blobs
@@ -37,6 +39,9 @@
 %dir /var/xen/qemu
+* Tue Mar 17 2015 MyPatch <> [1.8.0 105.7582.1custom]
+- xsa133-qemu
 * Tue Mar 17 2015 Citrix Systems, Inc. <> [1.8.0 105.7582]
 - Build ioemu.

Regenerate the RPM from the sources, and watch for errors.

rpmbuild -ba xen-device-model.spec

Make sure your patches apply cleanly and if they do, after the compile has completed, the fresh RPMs will be present in ~/RPMS:

ls ~/rpmbuild/RPMS/i386/xen-device-model* 

Deploying the RPMs to XenServer

You’ll want to take the new RPM and deploy it using:

rpm -Uvh xen-device-model-1.8.0-105.7582.1custom.i386 

If you need to revert to the original version, you can run

rpm --force -Uvh xen-device-model-1.8.0-105.7582.i386

Depending on the type of patching you’re doing, you’ll need to determine your reload strategy. If it’s Xen or a kernel for instance, you’ll know you’ll have to reboot. If it QEMU, you know that you’ll have to detach the disks and reload them so that they get the newly patched process.

Configuring bonding with systemd

With release of systemd version 216, a number of bugs were corrected and configurations options added related to bonding support in systemd-networkd.

Here’s a basic example on setting up bonding in systemd:




You can also specify the interfaces like enp1s0f[01] if you need to be more specific.







Enable and start systemd-networkd:

systemctl enable systemd-networkd
systemctl start systemd-networkd

For more options, make sure to check out the and systemd.netdev man pages.

Building and Booting Debian Live Over the Network

If you’ve ever downloaded a LiveCD, you know it’s a self contained distribution that can run in memory and usually serves some sort of purpose. It can act as the front end for an installer, run a series of tools like Kali Linux, or be used to access the internet anonymously. But lets face it, who uses CDs today? Today, I’m going to run through what Debian Live is, how to build it, and how you can potentially use it an appliance you can boot over the network with having to worry about local storage.

You’ll typically want to run the live-build utility on Debian. Live-build has active development currently so there are newer builds in testing (Jessie) but they can be unstable. The version in stable (wheezy) is currently 3.0.5-1 whereas the one in testing is 4.0~alpha36-1. You might want to start out with the stable version first as the testing one is in active development.

What is Debian Live

Debian Live is a Debian operating system that does not require a classical installer to use it. It comes on various media, including CD-ROM, USB sticks, or via netboot. Because it’s ephemeral, it configures itself every time on boot. There are several phases it goes through on boot before init is started:

  • live-boot handles the initial start up and retrieval of the squashfs image. This runs within the initramfs.
  • live-config which handles all the configuration of how the image will be booted, including the initial setup of networking. This is ran from within the squashfs image.
  • Custom hooks are ran near the end of live-config which allow you to manipulate the filesystem and take care of any custom setup.  You can also key off custom kernel command line key values pairs that you’ve put in place to do different actions.

Once those phases are completed init is started and the image will boot as normal into the appropriate runlevel.

Building the Debian Live Image

To install live-build, run:

apt-get install live-build

This will install the lb binary used to generate the live image. Create and change into a directory that will hold your image.

mkdir debian-live
cd debian-live
lb init
lb config \
--distribution wheezy \
--architectures amd64 \
--binary-images netboot \
--debconf-frontend dialog \
--chroot-filesystem squashfs \
--parent-mirror-bootstrap \
--parent-mirror-chroot-security \
--parent-mirror-binary \
--parent-mirror-binary-security \
--mirror-bootstrap \
--mirror-chroot-security \
--mirror-binary \
--mirror-binary-security \
--archive-areas "main non-free contrib" \
--apt-options "--force-yes --yes" \
--bootappend-live "keyboard-layouts=en"

This will create a default directory structure to generate your live build. Most of those options are optional, but they will give you a good head start. With that base configuration, you should be able to run the following to start generating the build:

lb build

This will take a while, but once completed you’ll have generated some files that you can use for your netbooted image. The files you’ll need are here:


Those three files are all you need to netboot a Debian Live image. The vmlinuz and initrd.img are called first and then the filesystem.squashfs is retrieved during initrd.img bootup.

Regenerating a New Image

If you need to regenerate the image again, you’ll need to clean the previous build up first:

To reset the directory but leave the package cache:

lb clean

To reset the directory and clear the cache:

lb clean --cache

To clean everything and just leave the config directory:

lb clean --all

Setting up iPXE

Using iPXE is probably the easiest way to load up the new image. With the files hosted via HTTP, you can set up your iPXE config like this, add it to your iPXE menu and then use it to load your new image.

imgargs vmlinuz boot=live config hooks=filesystem ${conkern} username=live noeject fetch=

It will create a default user of live with the password of live.

In a future article, I’ll talk about how you can further customize the live distribution. For now, make sure to check out the Debian Live manual that gives a great run down on customization.


When I started down the path of building, I started realizing that it could be really useful for others, especially in a cloud environment. Since my main focus has been working on Rackspace Cloud Servers for a number of years, I decided to see how feasible it would be to put together a menu driven installer for any Operating System working in a Infrastructure as a Service type of environment. I figured there’s probably a number of power users who might not want to start out with the default images provided, but possibly would want the opportunity to create their own custom image from scratch.

Will it even work?

I started testing out the XenServer boot from ISO code in Openstack to see if someone might have already gotten that working for another use case. To my delight, the boot from ISO code worked out pretty well. I was able to upload the iPXE 1MB iso into Glance and boot from that image type.

The next problem to solve was the fact that Rackspace Cloud Servers assigns static IP addresses and does not currently run a DHCP service to assign out the networking. iPXE usually works best when DHCP is used as the network stack gets set up automatically. Because of this, a customer launching a cloud server could boot the iPXE image but would have to specify the networking manually of the instance in order to chain load

We started thinking about how to automate this, and with the help of a few developers came up with a solution. The solution retrieves an iPXE image on boot, brings it down to the hypervisor, extracts the iPXE kernel, and regenerates the ISO with a new iPXE startup script that contains the networking information of the instance. Then when the instance is started, iPXE is able to get on the network and load up automatically. Once iPXE has those values, they can then be passed to kernel command line for distributions that support network options. This allows for the user to not have to worry about any networking input during installation.

Hosting the Menu

Because is just a bunch of iPXE scripts, they are hosted on Cloud Files in a container. The domain is a CNAME to the containers URL and then hosted on the Akamai CDN. The source is deployed from Github to the Cloud Files container when new commits are checked in via a Jenkins job. This makes it very lightweight and very scalable to run. The next thing I’m probably going to look at is seeing if I can remove the Jenkins server completely and just run the deploy out of Github. I was also able to enable CDN logs within the container and I’m using a service called Qloudstat to parse those logs and provide metrics on the usage of the scripts.

Delete those old ISOs
Having a small 1MB image is really nice for those times when you need to deploy an OS onto a remote server, or just need to install something into Virtual Box or VMware. There’s really no point in storing tons of ISOs on your machine if you can just stream the packages you need.

What’s Next?
I have a few ideas about some new features that I’d like to add. I’d like to add a menu of experimental items and I’d also like to have the ability to generate a new version of the menu from a pull request so that new changes can be quickly validated before being merged into the main code base. If you haven’t tried out yet, I encourage you to check it out. You can get a quick overview from my Rackspace blog post.

Citrix XenServer 6.1 Automated Installer for Openstack

I’ve put my Openstack XenServer 6.1 (Tampa) installer onto Github here:

It has all of the modifications to get it running with the XenAPI Openstack Nova code and also includes the latest hotfixes. All you need to do is snag the latest CD and drop it in. I’ll continue to publish repos for new versions as they come out (Clearwater should be released soon). You can also boot it from as well.

Deploying XenServer with Puppet Razor

If you’ve never heard of Puppet Razor, it’s a useful tool for provisioning bare metal servers. The servers netboot a microkernel that allows the server to be inventoried and remotely controlled by the Razor server so that the servers can be provisioned automatically. You can follow the instructions on how to install it here:

If you’re looking to install XenServer via Razor here’s a quick guide on doing so. After setting up your Razor server, you’ll want to snag the latest Citrix XenServer ISO. They have a free download that provides full functionality.

First we’ll add the iso to the image library:

[root@razor ~]# razor image add -t xenserver -p /root/XenServer-6.1-install-cd.iso -n xenserver_tampa -v 6.1.0
Attempting to add, please wait…
New image added successfully
Added Image:
UUID => 1xE9oYTH0Zc9FqgPBItVuO
Type => XenServer Hypervisor Install
ISO Filename => XenServer-6.1-install-cd.iso
Path => /opt/razor/image/xenserver/1xE9oYTH0Zc9FqgPBItVuO
Status => Valid
Version => 6.1.0

Then we’ll create a model that will hold all of the generic settings we’ll want to set for each node. It also lets us define the range of IPs that we want to assign to all servers that are being provisioned.

[root@razor ~]# razor model add -t xenserver_tampa -l xenserver_tampa_example -i 1xE9oYTH0Zc9FqgPBItVuO
--- Building Model (xenserver_tampa):
Please enter IP Subnet (example:
(QUIT to cancel)
Please enter NTP server for node (example: ntp.razor.example.local)
(QUIT to cancel)
Please enter Gateway for node (example:
(QUIT to cancel)
Value ( is invalid
Please enter Gateway for node (example:
(QUIT to cancel)
Please enter IP Network for hosts (example: 192.168.10)
(QUIT to cancel)
 > 12.168.1
Please enter root password (> 8 characters) (example: P@ssword!)
default: test1234
(QUIT to cancel)
 > test1234
Please enter Starting IP address (1-254) (example: 1)
(QUIT to cancel)
 > 5
Please enter Nameserver for node (example:
(QUIT to cancel)
Please enter Ending IP address (2-255) (example: 50)
(QUIT to cancel)
 > 20
Please enter Prefix for naming node (example: xs-node)
(QUIT to cancel)
 > xs-node
Model created
 Label =>  xenserver_tampa_example
 Template =>  xenserver_hypervisor
 Description =>  Citrix XenServer 6.1 (tampa) Deployment
 UUID =>  3BYDqVasC4g0GFikNJYCdA
 Image UUID =>  1xE9oYTH0Zc9FqgPBItVuO

Once the model has been created, now would be a good time to boot up your node into the microkernel and have it discover the hardware if you haven’t already. If you type:

[root@razor ~]# razor node
Discovered Nodes
         UUID           Last Checkin  Status                 Tags
6z2AodeElhhYdd3yR7juE0  33 sec        A       [nics_3,HP,cpus_4,memsize_32GiB]

you can see the servers that have booted up and reported into Razor. If you want to further look at the attributes of the server, you can run:

razor node get 6z2AodeElhhYdd3yR7juE0 -f attrib

which will show you all of the facter attributes of that node. Now you’ll want to add that node to a policy so that we can start provisioning the node. Using the tags above, you can utilize those to apply the policy to nodes of that type.

[root@razor ~]# razor policy add --template xenserver_hypervisor --label tampa --model-uuid 3BYDqVasC4g0GFikNJYCdA --tags nics_3,HP,cpus_4,memsize_32GiB --enabled true
Policy created
 UUID =>  5luw9q3cPYhruPgCILRFOe
 Line Number =>  3
 Label =>  tampa
 Enabled =>  true
 Template =>  xenserver_hypervisor
 Description =>  Policy for deploying a XenServer hypervisor.
 Tags =>  [nics_3, HP, cpus_4, memsize_32GiB]
 Model Label =>  xenserver_tampa_example
 Broker Target =>  none
 Currently Bound =>  0
 Maximum Bound =>  0
 Bound Counter =>  0

Once you’ve added the policy and enabled it, any server that’s reported in should pick up the new policy and start the provisioning process. Razor will tell the microkernel to reboot and start provisioning on the next netboot. If you need to make additional changes to the installation, you can modify this file for the first phase of the install:


and this file for any changes you want to occur on the second phase of the installation, or firstboot:


Note: This applies to Citrix XenServer 6.1 (Tampa)