Recommended reading: Citrix
XenServer 6.0 Administrator's Guide, Installation Guide, vSwitch
Controller User Guide
Contents
(subheadings):
1. Host Minimum System Requirements
2. Installation Methods
3. XenServer CLI Basics & PIF
4. Time and NTP
5. Updating XenServer Hosts and
Pools
6. Dynamic Memory Control (DMC)
7. HA (High Availability)
8. Configure HA Wizard (GUI)
9. Configuring Email Alerts
(XenServer Advanced Edition +)
10. Active Directory Integration
11. Role Based Access Control (RBAC)
12. Fast Clone
13. Export VM
14. XenConvert
15. CPU Masking
16. Creating Multiple Storage
Management Interfaces for iSCSI Multipathing
17. Storage Repository (SR) Types
18. IntelliCache
19. Storage Multipathing
20. PBD – Physical Block Device
21. Networking Types
22. vSwitch Controller – Access
Control List (ACL) Types
23. vSwitch Controller – QoS
24. Creating a NIC Bond: Bonding Two
NICs
25. Networking – Firewall CLI
26. XenServer Workload Balancing
Policy
27. Provisioning Services
28. Backup and Restore
29. Troubleshooting (Additional)
1. Host Minimum System
Requirements:
One
64-bit CPU @ 1.5 GHz
2 GB
RAM
16 GB
DISK
2. Installation Methods
i. From a CD
ii. Set up a network-accessible TFTP
server to boot using PXE
iii. Install XenServer to a remote disk
on a SAN to enable boot from SAN
(*requires BIOS configuration of primary HBA)
3. XenServer CLI Basics & PIF
# xsconsole
(To access management
console)
# xe help {optional
add command}
#
xe pool-list
(pool UUID, master
uuid, default-SR UUID)
#
xe host-list (host
UUID, name, description)
# xe vm-reboot
vm={vm_name}
# xe vm-reboot
uuid={vm_UUID}
# xe
pif-... (physical interface
commands)
# xe pif-list (pif UUID,
device, state, VLAN, network UUID)
# xe
pif-list host-uuid={host
UUID}
# xe
pif-list uuid={pif
UUID}
params=all (review
current pif settings)
# xe
pif-param-set uuid={pif
UUID}
other-config:ethtool-autoneg="off"
other-config:ethtool-speed="1000"
other-config-duplex="full"
(sets
the pif to 1000 & full duplex)
# xe pif-reconfigure-ip uuid={pif
UUID} mode=static
netmask=?.?.?.?
(reconfigures the subnet mask)
4.
Time and NTP
NTP server settings are contained in
/etc/ntp.conf
Selection of default NTP settings
(0/1/2/3.xenserver.pool.ntp.org)
is fine for most cases, and requires correct time zone to be
configured (i.e. via the xsconsole.)
Fig.
xsconsole – Configuration: Customize System options
# date
Tue
Jul 24 20:55:45 BST 2012
# time
real
0m0.000s
user
0m0.000s
sys
0m0.000s
# timeutil
Usage:
timeutil getLocalTime [timezone]
or
timeutil setLocalTime {time} [timezone]
# tzselect
Please
identify a location so that time zone rules can be set correctly.
5.
Updating XenServer Hosts and Pools
i. Download
the update
ii. Shutdown/suspend/migrate
guests running on the host
Note:
When updating a XenServer pool, to keep control of vm migration,
update each host individually starting with the pool master.
The rolling
pool upgrade wizard is appropriate for environments running
mission-critical applications that need to keep running. It can be
used when upgrading from XenServer
5.6 or later to version 6.0.
6.
Dynamic Memory Control (DMC)
Windows XP: Requires SP3
before DMC can be configured.
Increasing
DMC Max. Memory on a Win. Srv. 2008 VM with XenServer tools,
requires the VM to be restarted
in order for the change to take effect.
Note:
In a XenServer resource pool with several VMs, where new VMs will
NOT start, enabling DMC can get them started.
7.
HA (High Availability)
Enable
for when "applications and servers are accessed 24 hours a
day, 7 days a week."
Enable a vApp
to ensure that a group of critical virtual machines are restarted
automatically in the correct order, in the event of a host failure.
Preparing a XenServer host for maintenance in a
pool with HA enabled, either 1 or 2:
1. Place the host into maintenance
mode (disables it and then evacuates VMs to
another host in the pool)
2. Via the CLI
xe
host-disable
uuid={xenserver_host_uuid}
xe
host-evacuate
uuid={xenserver_host_uuid}
Note:
Placing the current pool master into maintenance mode will
ensure that another host will be assigned as pool master.
Note:
Placing
master host into maintenance mode results in loss
of last 24hrs of RRD
(Round Robin Database) updates for offline VMs, because backup
synchronization occurs every 24hrs.
XenServer
CLI: Recovering an Unreachable Host
# xe host-emergency-ha-disable
--force
(Might
Be Necessary) Force the host to reboot as a pool master or
tell it where the new master is
#
xe pool-emergency-transition-to-master
uuid={host_uuid}
#
xe pool-emergency-reset-master
master-address={new_master_hostname}
When all hosts have successfully restarted,
re-enable HA:
# xe pool-ha-enable
heartbeat-sr-uuid={sr_uuid}
Note
1: The command above is also used to enable fault tolerance on
a XenServer pool.
Note
2: If storage repository disk space for heart-beat is
insufficient, XenServer will error when attempt to enable HA.
To
resolve intermittent host issues related to HA, try:
i. Change
storage repositories
ii. Change
management networks
8.
Configure HA Wizard (GUI)
Server failure limit: Failures
allowed – max = 0; solution is to add
a 2nd
identical XenServer host to the pool.
9.
Configuring Email Alerts (XenServer Advanced Edition +)
Edit:
/etc/xensource/scripts/mail-alarm
pool:other-config:mail-destination={joe.bloggs@domain.tld}
(Specify the recipient)
pool:other-config:ssmtp-mailhub={smtp.domain.tld:port}
(Specify the SMTP server)
pool:other-config:mail-min-priority={level}
(Specify minimum priority value message will be sent)
10.
Active Directory Integration
Fig.
For XenServer to access the DC, open following firewall outbound
ports
Enabling external authentication on a pool
using CLI:
# xe pool-enable-external-auth
auth-type=AD service-name={fully-qualified-domain}
config:user={username}
config:pass={password} (Joins
the XenServer pool to the domain)
Note:
Must use the same DNS server for both the AD server and XenServer
host
Note:
If users are NOT able to log into XenCenter using AD credentials,
check the XenServer host exists as a valid computer object in AD,
and check that the time is
synchronized between AD and the XenServer host.
11.
Role Based Access Control (RBAC)
To enable existing AD users to use RBAC, first
create a subject instance
within XenServer, and add
user/containing group:
#
xe subject-add subject-name={AD user/group}
Then assign
an RBAC role to a created
subject:
# xe subject-role-add uuid={subject
uuid} role-uuid={role_uuid}
(or)
# xe subject-role-add uuid={subject
uuid} role-name={role_name}
To change
a subject's RBAC role (must do a remove
and add):
# xe subject-role-remove uuid={subject
uuid} role-name={role_name_to_remove}
# xe subject-role-add uuid={subject
uuid} role-name={role_name_to_add}
12.
Fast Clone
When you create a VM from a template in
XenServer, it generates a FAST
CLONE of the disk. The VM created from a template (starts off
as a duplicate) will have
its disk linked to the template’s disk. If you have an operational
process that creates VMs from templates, over time this could create
a long linkage tree, and when done excessively, this may
impact disk performance (can complete a full copy off the
fast cloned machine to restore expected levels of disk performance.)
13.
Export VM
CLI from remote machine, to export a virtual
machine to an NFS share mounted on a XenServer host:
#
xe vm-export -h {hostname}
-u {root} -pw {password}
vm={vm_name} filename={pathname_of_file}
To move VMs from a test host resource pool into
the production host resource pool; export
the VMs as backups, and then import the VMs into the production
resource pool (similarly, export VMs from a stand-alone host when
need to transfer to another standalone host.)
14.
XenConvert
To prepare a physical Windows server for P2V
conversion using XenConvert, where the vDisk image is going to be
used by multiple target devices in Standard Image mode: i)
Disable Windows Autoplay.
ii) Enable Windows Automount.
To increase vDisk performance for a P2V
conversion; run "Optimize the
vDisk" during the conversion process.
15.
CPU Masking
CPU Masking (Heterogeneous resource pools) is
supported in XenServer for cases where new servers with different
CPU models need to be added to the pool. This is done via CLI –
for example:
# xe host-set-cpu-features
features=000ce3bd-bfebfbff-00000001-20000800
uuid={host_uuid}
Or pool-wide can be done via pool.other-config
and the cpuid_feature_mask
value.
Note:
Citrix defines a Homogeneous resource pool where each host has same
vendor and CPU type, and same
version of XenServer and installed hotfixes.
16.
Creating Multiple Storage Management Interfaces for iSCSI
Multipathing:
To connect a storage controller to a XenServer
NIC, the NIC must have an IP address. You can re-use the primary
management interface. Best practice
is to configure a separate NIC for storage. This NIC is known
as a management interface.
17.
Storage Repository (SR) Types
Local EXT3 SR
Local LVM SR
NFS SR
ISO SR (CIFS ISO for Windows /
NFS ISO for Linux)
Hardware HBA SR (Fibre Channel shared
storage)
Software iSCSI SR (iSCSI shared storage)
Citrix StorageLink SR
To create a
shared NFS SR on
192.168.1.10:/export1
use the following command.
# xe sr-create
host-uuid={host_uuid}
content-type=user name-label={"Example
shared NFS SR"} shared=true
device-config:server={192.168.1.10}
device-config:serverpath={/export1}
type=nfs
Configure an Advanced
StorageLink type storage repository to:
a) NetApp SAN
where thin-provisioning and data-deduplication are
requirements.
b) EqualLogic
SAN to offload intensive tasks such as LUN
provisioning, snapshot and cloning of data to the
SAN.
If new hosts are not able to connect to
existing FC storage repositories:
i. Check log files.
ii. Verify LUNs are mapped and zoned
correctly.
To force an SR scan (e.g. if all SRs in
XenCenter show as using 0 bytes of space) to sync the XAPI
database with VDIs present in the underlying storage substrate.
# xe sr-scan
uuid={sr_uuid}
18.
IntelliCache
This
feature is only supported when using XenServer with XenDesktop.
A thin
provisioned local SR is an IntelliCache prerequisite.
Thin provisioning changes the default local
storage type of the host from LVM to EXT3.
19.
Storage Multipathing
Before
attempting to enable multipathing, the host must be in maintenance
mode.
20.
PBD – Physical Block Device
# xe pbd-plug
Description:
Attempt to plug in the PBD to the host. If this succeeds then the
referenced SR (and the VDIs contained within) should be visible to
the host.
21.
Networking Types
External
networks (use for VLANs)
Single-server
private (Standlone Server Network – no connection to
outside world)
Cross-server
private (requires XenServer Advanced editions or higher,
with the DVS controller XenServer component)
Bonded
networks (a two NIC bond to create a single,
high-performing channel)
22.
vSwitch Controller – Access Control List (ACL) Types
Global ACL
Resource Pool
ACL (e.g. for a group of hosts)
Network ACL
VM ACL
(e.g. disable a port on a VM)
VIF ACL
Fig.
Distributed Virtual Switch Controller
23.
vSwitch Controller – QoS
You
can configure QoS and
Traffic Mirroring port policies at the global
> resource pool >
network > VM
> VIF levels.
Note:
You can 'Disable inherited QoS policy' for a VM
24.
Creating a NIC Bond: Bonding Two NICs
# xe network-create name-label={bond0}
# xe pif-list
For the default active/active
# xe bond-create
network-uuid={network_uuid}
pif-uuids={pif_uuid_1},{pif_uuid_2}
Or for active/passive
# xe bond-create network-uuid={network_uuid}
pif-uuids={pif_uuid_1},{pif_uuid_2}
mode={balance-slb | active-backup}
Note
1: Whenever possible, create NIC bonds as part of initial resource
pool creation prior to joining additional hosts, this allows the bond
configuration to be automatically replicated to hosts as they
are joined to the pool (using # xe
pool-join)
Note
2: If after configuring link aggregation on two switch ports
connected to a XenServer NIC bond, no network flow is possible,
resolve be removing link aggregation from the switch ports.
25.
Networking - Firewall CLI
To find out if any ports are blocked
# iptables
-nL
# tcpdump
-t
eth0
26.
XenServer Workload Balancing Policy
Policy
modes for a XenServer
workload balancing policy to reduce
power consumption
and energy costs
during off peak hours:
i. Maximize
Density
ii. Scheduled
Optimization
Policy
modes for a XenServer
workload balancing policy to reduce
power consumption
and energy costs
during ALL hours:
i. Maximize
Density
ii. Fixed
Optimization
27.
Provisioning Services
During installation of Provisioning Services on
a new server; if DHCP and PXE are already configured, then use the
"The service that runs on another computer" option:
Fig.
Provisioning Services Configuration Wizard
If a new provisioning server is added to an
existing farm, and the store is on a separate file server;
configure the "Bootstrap
Options" to have existing virtual machines use the Stream
Service from the new provisioning server.
The IP address of each provisioning server
for use with the DHCP/PXE boot process, needs to be added to
the ARDBP32.BIN file.
If you cannot use the PXE boot method
with Provisioning Services due to network limitations, create a
bootstrap disk with Boot Device
Manager.
Manage Boot Devices Utility: Bootstrap File –
use the "Interrupt Safe Mode"
option when creating the bootstrap file to correct any issues
with target devices using drivers which may have timing or startup
issues.
TFTP
component is required for the PXE environment (includes DHCP) to
start a virtual machine.
DHCP
option 60 = PXE
Client*
*for
use with non-Microsoft DHCP server on Provisioning services server
running the PXE Service
DHCP option 66
= Boot Server Host Name
DHCP option 67
= Bootfile Name
Configure DHCP options 66
& 67 for a target
device to start up without PXE and using a bootstrap file.
To add a machine account from Active Directory,
use Target Device > Import Devices...
Fig.
Provisioning Server Console > Target Device
Enable
streaming on a newly created vDisk, for a target device to be
able to start off it.
Configure the vDisk properties for a
Provisioning services environment using Microsoft
volume license management.
Cache Mode: Cache
on Device Hard Drive Persisted – useful to reduce the
impact on Provisioning services disk consumption as well as
maintain user operating system modifications.
If users CANNOT access any printers via
their streamed desktops, this could be caused by Printer
Management being enabled in the vDisk properties.
Before updating a shared disk image used
by multiple VMs, change the vDisk
access mode. Use Private
Image Mode on the vDisk in order to modify an application that
is currently being used by multiple target devices.
Note
1: If vDisk access mode is
incorrectly set, this could cause failure of all but one of a
collection of target devices to start.
Note
2: In an environment with private VM images, where snapshots are
not being used, and VMs have been customized
by users; to update the images will require updating each of the
vDisks individually!
Preparing a single
vDisk to be delivered to multiple
target devices, allowing OS
to save user changes to applications – 2 options to
select while preparing the vDisk: Standard
Image Mode & Cache on
Hard Drive Persistent.
Use Device
Collection when adding a new group of similar computers
to an existing Provisioning Services farm.
Use Sites
to ensure hosts only access their assigned storage (for
example in a multi-datacenter environment.)
Sysprep
before converting an existing Windows Server 2008 VM into a
template.
Enabling
Offline Database Support
(allows Provisioning Servers to use a snapshot of the Provisioning
Services database in the event that connection is lost; useful in a
distributed Provisioning Services farm, with the SQL DB in a main
datacenter):
1. In the Console tree, right-click on the
Farm, then select Properties. The Farm Properties dialog appears.
2. On the Options tab, check the checkbox next
to Offline Database Support.
3. Restart
Stream services.
Note
1: If you notice target devices are randomly failing to start and
shut down, check all network switch ports have spanning tree
protocol disabled.
Note
2: Power Rating will have an influence on load balancing
in a Provisioning Services farm of otherwise identical servers.
Note
3: If a restored a Provisioning Services VM is unable to start
up from the vDisk, reconfigure the target device MAC
address.
28.
Backup and Restore
To backup VM
configuration on a regular basis:
i. Schedule virtual machine metadata backup.
ii. Access the backup, restore and update
option.
Note:
via CLI, to backup VM metadata only run the command
#
xe vm-export vm={vm_uuid}
filename={backup}
metadata=true
To backup pool metadata, run the command:
# xe pool-dump-database
file-name={backup}
Note
1: with an existing host running the master role, to
recover the backup pool information to a new
XenServer host, simply add the new host to the existing
pool (it will be highly available with the existing XenServer
master.)
Note
2: After restoring XenServer pool database to a rebuilt host, to
unsuspend virtual machines registered as suspended
#
xe vm-reset-powerstate
vm={vm_name} -force
Note
3: To backup pool metadata on a scheduled basis, can be done via the
XenServer console and 'Backup, Restore and Update.'
In preparation for disaster recovery when there
is a backup XenServer implementation in a DR site, but NO replication
available; run:
# xe vm-export
vm={vm_uuid} filename={backup}
Note:
This requires the VM to be offline!
Taking a snapshot
of a VM can be used as an online
backup whilst updating a server or doing other maintenance, to
preserve its current state in case something goes wrong!
Note:
You can create a new VM from a previous snapshot,
and run parallel to the current state of the VM
Restoring
a VM to its previous state:
1. Run the snapshot-list command to find the
UUID of the snapshot or checkpoint that you want to revert to:
# xe snapshot-list
2. Note the uuid of the snapshot, and then run
the following command to revert:
# xe snapshot-revert
snapshot-uuid={snapshot uuid}
Note:
Or you can restore the virtual machine using the XenCenter
snapshot module.
29.
Troubleshooting (Additional)
If Dom0 is
out of space, this would cause a XenServer host to be unable
to communicate properly with XAPI, which causes the host to be
unmanageable by XenCenter.
If the XAPI
service is stopped, XenCenter will not be able to connect to a
XenServer host.
Host fencing
occurs if:
i: The shared SR was disconnected.
ii: There was a XenServer management network
outage.
Unable
to start a VM on an NFS storage repository with "This
virtual machine needs storage that cannot be seen from the
server", then run a Repair
on the NFS SR.
To make XenServer
live migration available, must install XenServer
Tools in the VM.
Comments
Post a Comment