-
Notifications
You must be signed in to change notification settings - Fork 1
Creating a maintenance OOD application
Running your VM read-only is part of the core functionality of 7lbd, but there are situations where the VM must be brought up read-write to do maintenance. For such situations, use the following methodology:
- Copy the 7lbd_ood code from your production web server to your own sandbox.
- Copy the read-only VM file from your /apps area to your own home or group space and make the qcow2 file read-write
- Modify the script.sh.erb to no longer create an overlay file (comment it out)
- Modify the qemu-kvm command to include your personal read-write copy of the VM
This might look something like this:
echo "Starting VM..."
#qemu-img create -f qcow2 -b /apps/.vd/w11_001.qcow2 -F qcow2 /tmp/${job_uuid}_win11_overlay_image.qcow2
/usr/libexec/qemu-kvm \
-name guest=${USER}_${job_uuid}_win11,debug-threads=on \
-machine pc-q35-rhel9.4.0 \
-drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/ovmf/OVMF_CODE.fd \
-device ich9-ahci,id=sata_controller \
-drive file=/home/joeadmin/win11/win11test.qcow2,format=qcow2,if=none,id=drive0 \
-device ide-hd,drive=drive0,bus=sata_controller.0 \
-m 8G \
-cpu max \
-smp 5 \
-device virtio-net-pci,netdev=net0 \
-netdev user,id=net0 \
-boot c \
-drive file=/home/joeadmin/win11/virtio-win-0.1.262.iso,media=cdrom,id=cdrom,if=none \
-device ide-cd,bus=sata_controller.1,drive=cdrom \
-vga virtio \
-vnc unix:/tmp/${job_uuid}_vnc.sock,lossy=on,non-adaptive=on \
-rtc base=localtime \
-usb -device usb-tabletNote there are a few differences here from the production code for regular users.
- The line where the overlay image is now commented out because it is no longer necessary. The line where we normally would mount the overlay file has now been replaced with a read-write qcow2 file in a home directory.
- I also mounted a CDROM so I could install software. Mounting a CDROM is optional. The VM will still be running in a network namespace and will still have access to samba shares for copying files, scripts, etc.
- We have also removed the smbios line. The Powershell script, win_userconfig.ps1 looks for the the username and password fields in the bios when the machine boots. If it find the username and password fields, it changes the password to the temporary password. If it does not find the username and password fields, it does not change the password. We do not want to change the password of the VM on the new read-write copy of the VM to a temporary password, so remove the SMBIOS line from the qemu command.
Be sure to use symbolic links for your read-only images as described in the Windows-Image-Management article.
There are a couple of ways that maintenance tasks can be performed on a VM with internet. The first option is to use the spank_iso_netns outbound proxy if that option is adequate. For instance you could add proxy connections to the 20 or so Windows Update servers, or to a KMS server to check-in with a Windows activation license server. It may also be necessary to add the Microsoft update servers to the Windows VM's hosts file since there is no DNS available to the VM. Do realize that the proxy connector can only give the VM access to network connections available to the host since the proxy connector will be running on the host.
If more broad temporary internet access is needed, then it may be easiest to launch the VM elsewhere outside of Open OnDemand and outside of a namespace and perform the needed tasks. For instance, you could copy the VM back to the workstation it was created on.