IT, Cloud, Windows Etc

To content | To menu | To search

Tuesday 17 May 2016

Running Linux on Hyper-v

With Windows 2008, running Linux as guest OS on hyper-v was sometime difficult. If you wanted to install old version of Ubuntu or a Network Virtual Appliance like pfsense you had to use Emulated device and/or to manually load hyper-v driver. Performance was sometime poor.

It’s now part of History. In July 2009, Microsoft released Hyper-v drivers for Linux under GPLv2 license. There was 7 drivers vmbus, storvsc, blkvsc, netvsc,utils and timesource in Hyper-v 2008 R2, much more in Windows 2012 R2 and Windows 2016. Modern Linux version can now run in the same way as Windows Guest and offer performance near bare metal version.

Now most feature available in windows 2012 R2 as guest are available in the latest version of major linux distribution and some of FreeBds/Linux based network virtual appliance.

Secure boot, the anti-rootkit in generation 2 VM, work with Ubuntu 16 on Windows 2016 (you have to choose “MicrosoftUEFICertificateAuthority” as secure boot template).

Here the functions available in Linux and FreeBsd: https://technet.microsoft.com/fr-fr/library/dn531031.aspx

You can find more information about feature and Ubuntu: https://technet.microsoft.com/fr-fr/library/dn531029.aspx

Installing modern Linux OS on Hyper-V 2012 R2/2016 is as simple as installing Windows Server OS.

But there are some best practices to follows.

When using dynamic disk with windows, you may need to create the VHDX file in Powershell. You can use a 1 MB block size for the VHDX file (not the logical or physical sector size).

PS> New-VHD –Path x:\localion\VMLinux.vhdx –SizeBytes 80GB –Dynamic –BlockSizeBytes 1MB

Doing so will prevent the growing of the VHDX file because of the free space used in some Linux Filesystem. Inside a VM you should always use ext4 You should also change de way how Linux schedule I/O to first in first out to pass the schedule choice to the hypervisor.

$sudo nano /etc/default/grub
/// 

Change the line 

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

to 

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash elevator=noop"
Than 

 

$sudo update-grub

And restart 

You will need to modify the GRUB menu too if the VM has more 8 vcpu or more or more than 30 GB


> 

$sudo nano /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="quiet splash elevator=noop numa=off" /// Than /// $sudo update-grub ///

Also if you find that the resolution in the vconnect is too small for your need you can add this to the GRUB video=hyperv_fb:XXXxXXX

Don’t forget to update the GRUB and restart the server

If you had Linux VM into a hyper-v Cluster, you may need to use static MAC address. During fail over the new mac address can trigger network restart on the guest.

If you use Ubuntu LTS 14.04, 16.04 or 12.04 you can in update the kernel with the latest Hardware Enablement.

16.04 $sudo apt-get update $sudo apt-get install --install-recommends linux-virtual-lts-xenial

14.04 $sudo apt-get update $sudo apt-get install --install-recommends linux-virtual-lts-wily

12.04 $sudo apt-get update $sudo apt-get install --install-recommends linux-generic-lts-trusty

Then you need to add hyper-v daemons

16.04 $sudo apt-get install --install-recommends linux-tools-virtual-lts-xenial linux-cloud-tools-virtual-lts-xenial

14.04 $sudo apt-get install --install-recommends hv-kvp-daemon-init linux-tools-virtual-lts-wily linux-cloud-tools-virtual-lts-wily

12.04 $sudo apt-get install --install-recommends hv-kvp-daemon-init linux-tools-lts-trusty linux-cloud-tools-generic-lts-trusty

Rarely kernel update can do more arms than good. Last year in September, the Kernel 3.16.0.48 triggered network and I/O problems.

hv_netvsc vmbus_0_12 eth0: unable to send receive completion pkt (tid XXXX)...retrying 4

https://bugs.launchpad.net/ubuntu/+source/linux-lts-utopic/+bug/1491957

Automation There are no sysprep equivalent in the linux world, so how it’s possible to spawn a VM without installing it from the DVDRom. There is a solution, most Linux distribution provides cloud image, OS image optimized for cloud hosting.

from Ubuntu http://cloud-images.ubuntu.com/xenial/

It’s possible to use this version with Hyper-V. Then you have cloud-init, a tool used in Open-Stack to enable cloud automation. In Hyper-v we can’t not use cloudinit as it’s used in Open-Stack. We need to relay on CDRom to enter information.

You can check this sample on GitHub

https://github.com/Microsoft/Virtualization-Documentation/blob/master/hyperv-samples/benarm-powershell/Ubuntu-VM-Build/BaseUbuntuBuild.ps1

You just need to remember that the user in: password: $($GuestAdminPassword) is Ubuntu

You can setup the IP address for the server

instance-id: iid-abcdefg network-interfaces: | auto lo iface lo inet loopback

iface eth0 inet static address 192.168.10.10 network 192.168.10.0 netmask 255.255.255.0 broadcast 192.168.10.255 gateway 192.168.1O.1 hostname: MyServer

Monday 9 May 2016

Measure Vm

Hyper-v 2012 introduced a set of PowerShell cmdlet that allow you to measure VM resource consumption: CPU, memory, network, and storage. Measure data is stored inside the VM, so data move with the VM. The main purpose of VM resource metering is not to monitor VM host, but to provide information on resources (Cpu, Network, Memory, …) for reporting and billing, for or to balance VM in regards of resource capacity. By default, Hyper-v collect data every one hour. It can be changed only at the host level. You can use value between 1 hour and 24 hours.

/// PS>set-vmhost –computername HyperVHostName -ResourceMeteringSaveInterval 24:00:00 ///


If you try to use less than one hour, PowerShell will not throw an error, instead the interval will be set to one hour. Each host in your environment should be set with the same interval. Remember Metering data are store within the VM. Data will move with the VM.

/// PS>set-vmhost –computername host01,host02,…,host03 -ResourceMeteringSaveInterval 24:00:00 ///


Now we must enable metering for each VM, again metering data are stored within the VM. We don’t want to re-enable each VM only the new one.

/// PS> get-vm -computername host01,host02,…,host03 | ? ResourceMeteringEnabled -eq $false | Enable-VMResourceMetering ///

Now we can start collecting data.

/// PS>get-vm | Measure-VM ///

MeasureVM-part1.png

AvgCpu Measure the average CPU usage in Mhz per hour. Why in Mhz and not a percent, because VM can move and they can move between host with different CPU clock speeds. Metering data are stored in the VM so a 10 % CPU usage do not reflect the situation if the VM move from a 2.5 Ghz Cpu server to a 2 Ghz CPU server percent make no sense.

Ram We have 3 measures, Average, Maximum and Minimum memory used during the interval. If you don’t use dynamic memory, the 3 values are the same. TotalDisk is the disk allocation, it includes all snapshot. When using dynamic disk, it reports not the disk space used but the final disk size.

Network External traffic is reported in MB, only external traffics are reported by default. The system uses an ACL list to measure traffic from and to 0.0.0.0/0.


Using

/// PS>get-vm | Measure-VM | fl ///

You will get more data
MeasureVM-part2.png

Since Windows 2012 R2 you can get some new metrics. AggregatedAverageNormalizedIOPS. This is an average of IOPS during 20s, not the actual measure. AggregatedAverageLatency This the cumulated Latency during a 20 s sample. AggregatedDiskDataRead and AggregatedDiskDataWritten The total data read of written during the metering duration In windows 2016 only AggregatedNormalizedIOCount

The total IO of written during the metering duration

Note that you also have a detailed network and hard drive report

Now that we have all the data needed for billing and reporting how to use it. If you only have a single Hyper-v Server with few Vm you can simply use get-vm | Measure-VM | fl and phone the billing department. But if you only have Hyper-v host there are some chance that you don’t have a billing department. You could use ConvertTo-Json, it work well if you use it with only one Metering object :

/// PS> measure-vm -Name xRPVM | ConvertTo-Json ///

But if you use more than one report in your object, you will not have the NetworkMeteredTrafficReport or the HardDiskMetrics. Instead you will have this : "Microsoft.HyperV.PowerShell.VMNetworkAdapterPortAclMeteringReport",

You can find in my github a sample to convert data in a more readable format

https://github.com/omiossec/Hyper-V-report/blob/master/measure.ps1

Sunday 6 March 2016

Nat in Windows 2016 Hyper-v

Windows Server 2016 TP 4 include a NAT mode for VmSwitch. Even if this feature is built for container, you can use it for all VM. The NAT engine is part of the Windows core routing engine. Nat VmSwitch will have the save limit.

The process is very simple, create a vmSwtich in NAT mode and Create NAT Policy in windows

$Subnet = "192.168.100.0/23"

New-VmSwitch –name SwNat -SwitchType NAT -NatSubnetAddress $Subnet
New-NetNat -Name NatPolicy -InternalIPInterfaceAddressPrefix $Subnet

The NatSubnetAdress and InternalIPInterfaceAddressPrefix must be the Same.

For now, it’s seem that you can only have one Nat Policy with an internal Ip interface. You will have an error If you already have a Nat Policy. It is the case if you test the container on the same host.

If so you can remove the nat policy if you don’t want to use

Get-netnat | remove-netnat 

Or you can simply use it. In this case, the subnet is 172.16.0.0/12

If you want more detail about NetNat you can use

PS>get-command –module NetNat

get-command.png

Get-netnat give you more detail about the netnat object
get-netnat.png

Get-NetNatExternalAddress will give you all external address used in the Nat instance.

Now you can setup a VM and plug it on the Nat Switch You will need to use an IP address in the subnet 192.168.100.0/23. The default gateway is 192.168.100.1.

Check that you can access to internet. Now you can map a service to your VM, a destination NAT.

Add-NetNatStaticMapping -NatName NatPolicy  -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 192.168.100.25 -InternalPort 80 -ExternalPort 80

This will create destination map from everywhere to the VM with 192.168.100.25 IP using standard http port.

Nat feature is a good solution for a containers host or a lab environment. With all this limitation you should use a more robust tool. You can choose Sophos UTM in VM or a windows 2012 R2/2016 with RAS or any other firewall/network virtual appliance.

Friday 4 March 2016

Something important about LBFO

If you use LBFO nic teaming with a converged fabric on Windows 2012 R2 please read this

Windows Supportability Team Blog, from Kaushik Ainapure

Change the load balancing mode to Hyper-v Port or Hash

There is Patch https://support.microsoft.com/en-us/kb/3137691

Tuesday 23 February 2016

Playing with VM-NetworkAdapter

Changing Vlan seeting for one adapter in a VM is simple. All you have to do is to type something like this:

 Set-VMNetworkAdapterVlan –VMName MySimpleVM –Access –VlanId 10

or

Get-VMNetworkAdapter -VMName MySimpleVM | Set-VMNetworkAdapterVlan  –Access –VlanId 10

It’s the same with VmNetworkAdapterIsolation, VMNetworkAdapterRoutingDomainMapping, VMNetworkAdapterFailoverConfiguration.

But what happen if you have more than one adapter?

You will need to supply a VMNetworkAdapterName. If you have setup your VM from Hyper-vm manager, all adapters have the same name, “Network Adapter”. If you have VMM, it’s not a problem, you can rename you adapter in VMM.

If not, you will have to rename your adapter yourself.

First you will need to get the adapter mac address

get-vmnetworkadapter -vmname MySimpleVM | select switchname, macaddress

Here I use the switchname to identify the adapter, but you can also check the mac address in Hyper-v Manager.

Then you can modify the adapter name

get-vmnetworkadapter -vmname MySimpleVM | ?{$_.macaddress -eq "00155DXXXX11"} | Rename-VMNetworkAdapter -NewName MyNicPort

And know you can do whatever you want with your adapter

Set-VMNetworkAdapterVlan –VMName MySimpleVM –VMNetworkAdapterName MyNicPort –Access –VlanId 10

Sunday 31 January 2016

Converged Fabric, Hyper-v Server and Mac confusion

Installing Hyper-v Server 2012 R2 is easy, Creating a converged fabric too. A converged fabric (or hyper-converged fabric) is a single external vSwitch connected to a team or a net adapter, with multiple vmnet adapters to server multiple roles (Management, live migration). It’s a good approach when using 10 Gbps adapters or for a lab.

Imagine the situation if you install your server via IPMI, create your converged fabric and add the management network adapter. But there is a problem. Hyper-v uses the first IPv4 on the server to build the range of MAC addresses for the virtual machine.

  • 00:15:5D for the Microsoft IEEE identifier
  • XX:XX corresponding of the 2 last octets from the first IPv4 of the server
  • The last byte, from 00 to FF for each virtual adapter

But what happen if you don’t have any IP Address. Hyper-v will assign 00:15:5D:00:00:00. Hyper-v Server wasn’t able to create a valid range. It’s not a problem for a single server, but if you have multiple servers connected to the same network, you are in trouble, and if you use a converged fabric all your servers can have the same MAC for the management adapter.

You can change that by creating the mac address range before your converged network.

PS>Set-VMHost -MacAddressMinimum 00155D020600 -MacAddressMaximum 00155D0206FF

And it’s not a bad idea to change the default Range by using something like server ID or Serial number.

Using VMM Bare Metal deployment prevent this problem