Red Hat provide RHEL KVM guest and cloud images. At time of writing, the last one was built in Feb 2015, and so undoubtedly contains packages which are out of date or insecure.
You can use virt-customize to update the packages in the cloud image. This requires the libguestfs subscription-manager feature which will only be available in RHEL 7.3, but see here for RHEL 7.3 preview packages. Alternatively you can use Fedora ≥ 22.
$ virt-customize \
-a rhel-guest-image-7.1-20150224.0.x86_64.qcow2 \
--sm-credentials 'USERNAME:password:PASSWORD' \
--sm-register --sm-attach auto \
[ 0.0] Examining the guest ...
[ 17.2] Setting a random seed
[ 17.2] Registering with subscription-manager
[ 28.8] Attaching to compatible subscriptions
[ 61.3] Updating core packages
[ 976.8] Finishing off
- You should probably use
--sm-credentials USERNAME:file:FILENAME to specify your password using a file, rather than having it exposed on the command line.
- The command above will leave the image template registered to RHN. To unregister it, add
--sm-unregister at the end.
Last year I wrote and rewrote a little command line tool for managing my virtualization cluster.
Of course I could use OpenStack RDO but OpenStack is a vast box of somewhat working bits and pieces. I think for a small cluster like mine you can get the essential functionality of OpenStack a lot more simply — in 1300 lines of code as it turns out.
The first thing that small cluster management software doesn’t need is any permanent daemon running on the nodes. The reason is that we already have sshd (for secure management access) and libvirtd (to manage the guests) out of the box. That’s quite sufficient to manage all the state we care about. My Mini Cloud/Cluster software just goes out and queries each node for that information whenever it needs it (in parallel of course). Nodes that are switched off are handled by ignoring them.
The second thing is that for a small cloud we can toss features that aren’t needed at all: multi-user/multi-tenant, failover, VLANs, a nice GUI.
The old mclu (Mini Cluster) v1.0 was written in Python and used Ansible to query nodes. If you’re not familiar with Ansible, it’s basically parallel ssh on steroids. This was convenient to get the implementation working, but I ended up rewriting this essential feature of Ansible in ~ 60 lines of code.
The huge down-side of Python is that even such a small program has loads of hidden bugs, because there’s no safety at all. The rewrite (in OCaml) is 1,300 lines of code, so a fraction larger, but I have a far higher confidence that it is mostly bug free.
I also changed around the way the software works to make it more “cloud like” (and hence the name change from “Mini Cluster” to “Mini Cloud”). Guests are now created from templates using virt-builder, and are stateless “cattle” (although you can mix in “pets” and mclu will manage those perfectly well because all it’s doing is remote libvirt-over-ssh commands).
$ mclu status
total: 8pcpus 15.2G
used: 8vcpus 8.0G by 2 guest(s)
total: 8pcpus 15.2G
total: 8pcpus 30.9G
You can grab mclu v2.0 from the git repository.