Monday, 15 December 2014

Safari and OVM3.3.1

The release notes states:
On Windows using Safari to access Oracle VM Manager results in a blank page. This is due to a failure that occurs during the SSL handshake when the server has enabled two-way SSL. Since Oracle VM Manager uses two-way SSL for client certificate authentication, the Safari browser is not supported on Windows. Bug 18025985

If that is so, let's make it work, let's enable two-way-SSL for Safari!


Indeed, the server requests the browser to - optionally - send a browser certificate. If Safari has one, it sends it. But the one sent to the OVMM server, is not accepted by OVMM.

An infinite loop starts, as the server rejects the certificate, and the browser prompts the user to select a new certificate to send to the server.


OVM has a certificate for this purpose! The only thing we need to do is export it, and import it in Safari. Now we have the added problem that no passwords to the certificate stores are saved. Documentation explains:

In some scenarios, you may also want to configure Oracle WebLogic Server's SSL truststore to provide additional trusted CAs. To do this you may use the changepass command to change the truststore password, since the default password for the keystore is randomized and it would not be possible to modify the keystore without the correct password. Once you have reset the password, you can modify the keystore using the Java keytool, as required. 

Let's set the new password then!

su - oracle
cd /u01/app/oracle/ovm-manager-3/ovm_upgrade/bin
./ changepass

Specify the following input, most important NOT to use random passwords, and reset the ssl keystore:
  • Use random passwords? [yes] no
  • Change CA Keystore and Key passwords? [yes] no
  • Change SSL Keystore and Key passwords? [yes] 
  • SSL Keystore password: your_ovm_admin_password
  • Verify SSL Keystore password: your_ovm_admin_password
  • SSL Key password: your_ovm_admin_password
  • Verify SSL Key password: your_ovm_admin_password
  • Change SSL Trustore password? [yes] no
  • Oracle MiddleWare Home (MW_HOME): /u01/app/oracle/Middleware
  • WebLogic domain directory: [/u01/app/oracle/ovm-manager-3/domains/ovm_domain] 
  • WebLogic server name: [AdminServer] 
  • WebLogic username: [weblogic] 
  • WebLogic password: [********] your_ovm_admin_password
Create a certificate store for import into Safari:

cd /u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/
keytool -importkeystore \
    -srckeystore ovmssl.jks \
    -destkeystore ovmssl.p12 \
    -srcstoretype JKS \
    -deststoretype PKCS12 \
    -srcstorepass $my_ovm_admin_pass \
    -deststorepass $my_ovm3_trustcert_pass \
    -srcalias ovm3 \
    -destalias ovm3 \
    -srckeypass $my_ovm_admin_pass \
    -destkeypass $my_ovm3_trustcert_pass \

Copy the new ovmssl.p12 certificate to your Desktop/Laptop, and start keychain to import the certificate:

  • File > Import Items... >
  • Select file: ovmssl.p12
  • Destination keychain: Login
  • Specify password: Welcome1

In keychain, under certificates, we have the OVM3 certificate:

Let's start Safari, and redirect the browser to OVM3. Safari prompt us again to select a client certificate. Select the correct client certificate:

That's it. A record now gets associated with the ovm3 client certificate for this url. Safari will select this certificate automatically upon next time.

Wednesday, 22 October 2014

ZFS, OVM and the limitations using InfiniBand

The things they don't tell you...

What a pity, this combination comes with some shortfalls indeed. Oracle doesn't tell you, as strictly they do not use all those marvelous features combined. Here my experience shared to avoid other people painting themselves into a corner.

ZFS direct access from OVM over InfiniBand

The best of all world, but not for OVM; OVM is an Oracle flavor of Xen, and Xen works with bonding networking for its guest machines. A network bond is only possible using Ethernet (OSI layer 3). Having InfiniBand, there is Ethernet over InfiniBand (EoIB), but that is not supported by Xen. So, all network over InfiniBand is supported to the host (Oracle Virtual Server), but not to its guests.

Alternative 1 - IB access from the guest

We could work around by installing InfiniBand drivers into the guest. Those are supposed to be bridged (have not tried myself), but due to the implementation of InfiniBand over PCI-express, this cannot be "frozen" during a life-migration. Therefor, seriously crippling one of the best OVM features.

Alternative 2 - No direct access

Why would you want to have direct access in the first place? Possibly because of a NFS mount on ZFS is handy and fast to implement. Go for a solution which is slightly more difficult to setup, but easier to maintain (let along easier security implementation): only allow the storage (ZFS) to be access as local disk to the guest machine. Then, the local disk may be virtual (a disk in the OVM repository), or a physical disk mounted to the guest. Those disks are coming from ZFS, either through NFS-over-IB, or iSCSI. Unfortunately, iSCSI-over-InfiniBand (iSER) is not supported by OVM. Having that said, despite the "IP" overhead of iSCSI over IP-over-Infiniband (IPoIB), the ZFS plugin for OVM makes it possible to do all required disk administration from within OVM.

Alternative 3 - No InfiniBand

Right, you want to stick to NFS mounts of ZFS, accessed in your guests. Then the only possibility is accessing the ZFS through a "bond-able" interface. That is either:
  • An ethernet interface directly on OVM, e.g. 10GB ethernet;
  • An ethernet interface exposed through Xsigo. E.g. this is an 10GB port on the Xsigo, routed over IB, and accessible over IPoIB.

Alternative 4 - Indirect NFS

Just have a "simple" guest machine running NFS. And in turn, use Alternative 2 to have the storage disk as a disk on ZFS.

Choosing OVM disks: physical or virtual

Virtual disks

All the benefit of all disks in one repository. Including possibilities of sparse-copy disks; the equivalent of the thin provisioning - only allocate the blocks used despite a bigger quota/disk.

Physical disks

With the drawback of more complex administration (even though most can be done from OVM through the plugin), the advantages of ZFS are here: snapshots. Ideal if you want to have snapshots capabilities of (groups of) disks, without enforcing it to your entire OVM repository.

Smart usage of snapshots in OVM

Say, before patching you want to snapshot your entire WebCenter deployment across multiple machines, by the click of one button. Just have all involved machines' in one ZFS project, that is all machines in a dedicated OVM repository.

Below an example of 4 machines, with a bunch of disks, in one dedicated OVM repo. That repo itself is on one LUN, in one ZFS project.

Wednesday, 7 May 2014

OVM server farm sandbox - configuration

Note: The console is accessible at

Discover the servers

Discover the servers

Create storage

Add iScsi storage

Add access information

Assign Servers

Add admin Servers

Add selected storage initiators

Verify the storage

Modify the storage;
  • Select IET (1) and rename it to storage and make it Sharable
  • Select storage, Display selected physical disk events, and Acknowledge All
  • Select IET (2) and rename it to cluster disk and make it Sharable
  • Select cluster disk, Display selected physical disk events, and Acknowledge All

Add VNIC's

Modify Network

Modify network

Add Virtual Machine and Storage to the same network

Review the network

Create Server Pool

Create Server Pool

Enter details

Add servers to the pool

Verify the pool

Add Repository

Add repository

Enter the details

Assign (present to) both servers

Verify the repo


OVM server farm sandbox - usage

OVM server farm sandbox - crash emulation

Let's observe the failover feature(s) of OVM, now we have marked our VM to be HA.

Disrupt the server

We disrupt the server where the VM is actively running on. We can do that by e.g.:
  • Kill the VM in OVM Manager
  • Disconnecting the network adapter in VMWare
  • Pauze the machine in VMWare.

Observe the console messages

On the remaining server(s), observe the failing heartbeat detection, and takeover the VM's of the failed server(s).

OVM server farm sandbox - usage

Add Assembly to the repo

Add assembly. Here, an an OEL65_x86_64 assembly has been downloaded from edelivery and put onto the VMware accessible share "Stage" as download

Review the Assembly

Create a template

Note: the template contains a disk of 12GB, which - at 50MB/s - takes 4 minutes to create.

Right click the assembly to create a template

Give it a name

Verify the template

Modify the template to correct the OS, to have 1 core and 1580M memory by default.

Assign the network to the machine

Create a machine from template

Create (Clone) a new VM from template, give it a name myTestMachine1

Verify then edit the new VM, and note the server it has been assign to.

Add HA to the machine

Start the machine

Power-on the machine and connect the console. The default (build-in) console may work with Java 6 only, which - by now - is pretty much outdated, especially if you are on a Mac. Alternatively, connect with TightVNC, which comes with an excellent Java Viewing client (Web Start application). Connect tunneled through ssh (to the server where the new guest wil run), to the display 59xx where xx is the first free display number, starting with 00.

Modify the guest.
  • We start sending the guest through VM messages. The OVM guest drivers (shipped default with OVM templates) will pick up the task.
  • Invoke the VM messages through the OVM Management machine, using the OVM tools.
  • Download the script from just below, and call it Ovm_configure_vm.bash. Modify the script where necessary, and place it into the Stage shared folder.


export VM_NAME="myTestMachine1"
export VM_IP=""
export VM_HOSTNAME="mytestmachine1"
export VM_ORACLE_PASS="Welcome1"
export VM_ROOT_PASS="Welcome1"
# Below line is the "admin" password for the OVM Management access
export OVMUTIL_PASS="Welcome1"
export OVM_VMM="/u01/app/oracle/ovm-manager-3/ovm_utils/ovm_vmmessage"

paramSet () {
   echo "[$VM_NAME] setting [$1] to [$2]" 
   $OVM_VMM -u admin -E -h localhost -v "$VM_NAME" -k "$1" -V "$2" 

# selinux
paramSet permissive

# firewall
paramSet False

# date/time/timezone
paramSet "Europe/Amsterdam"
paramSet True
paramSet True
paramSet False

# network
paramSet "$VM_HOSTNAME"
paramSet eth0
paramSet yes
paramSet static
paramSet $VM_IP

# group oinstall
paramSet oinstall
paramSet add
paramSet 54321

# group dba
paramSet dba
paramSet add
paramSet 54322

# user
paramSet oracle
paramSet add
paramSet 54321
paramSet oinstall
paramSet dba
paramSet "$VM_ORACLE_PASS"

# ssh keys
paramSet root

# root password
paramSet "$VM_ROOT_PASS"

Invoke the modify script from the Management machine.

ssh root@

sh /mnt/hgfs/Stage/Ovm_configure_vm.bash

Observe the machine to continue on console


OVM server farm sandbox - crash emulation

Tuesday, 6 May 2014

OVM server farm sandbox - deployment

Prepare OVM Manager machine

Prep OVM Manager machine; default install so the machine doesn't need much resources. We install OEL6.5_64.

We give it the name Manager1 and assign 1 core, 2048MB, and set Hypervisor enabled.

We change the HD 1, to not split in 2G chunks.

The network we leave at the default shared.

* We add a shared folder Stage, Read-Only

Install OEL65

Boot the machine

Accept all defaults. For Networing set Hostname manager1, Set Connect automatically Enabled

We set the IPv4 Settings, Method Manual, IP, Netmask, Gateway, DNS server

We install a default Basic Server

At the end of the install, allow the server to reboot

Prep machine 'manager1'

Ssh to the machine
ssh root@

# change SELinux from enforcing to permissive
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config

# change the boot kernel, from kernel UEK to Compatible
sed -i 's/default=0/default=1/g' /boot/grub/grub.conf

# Verify eth0 
cat /etc/sysconfig/network-scripts/ifcfg-eth0 
NAME="System eth0"

# Verify DNS resolving
cat /etc/resolv.conf 
; generated by /sbin/dhclient-script
search localdomain

# Verify network
cat /etc/sysconfig/network

# Verify routing
netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         UG        0 0          0 eth0
link-local      *          U         0 0          0 eth0     *        U         0 0          0 eth0

# Set the hosts file
echo -e "\tmanager1" >> /etc/hosts
echo -e "\tserver1" >> /etc/hosts
echo -e "\tserver2" >> /etc/hosts

# Set the yum repo
cd /etc/yum.repos.d/
yum install kernel-headers gcc -y

Install vmware drivers

Install Vmware Tools (through menu)

mount -t iso9660 -o ro /dev/sr0 /media/
cd /tmp
tar xvfz /media/VMwareTools-9.6.2-1688356.tar.gz
umount /media/
cd vmware-tools-distrib
./ -d
cd ..
rm -fR vmware-tools-distrib

Change to vmxnet3 networking

On the host, change the network card from "e1000" to "vmxnet3" in file Manager1.vmwarevm/Manager1.vmx.

sed -i'' -e 's/e1000/vmxnet3/g' Manager1.vmwarevm/Manager1.vmx

Boot the manager1 server

Verify the eth0 to run at 10GBit

ethtool eth0
# Observe
# .... Speed: 10000Mb/s

# Poweroff

Add second harddisk

We add a second HD which we can later configure as OVM repository. Make it big enough to host the ISO, VirtualDisk, etc.

Add third harddisk

We add a third HD which we can later configure as OVM pool (cluster) disk. It must be at least 12GB.

Install OVM Manager

We install OVM Manager 3.2.8.

# Mount media
mount -t iso9660 /dev/scd0 /media/
cd /media

# create user Oracle

# install

OVM manager is now exposed at

Add OVM Utils

From download patch 13602094 and place in in the Stage directory. Then on the Server1:

cd /tmp
unzip /mnt/hgfs/Stage/ 
cd /u01/app/oracle/ovm-manager-3
unzip /tmp/
rm -f /tmp/

Disable iptables

chkconfig iptables off
chkconfig ip6tables off

Setup httpd

We expose the stage of VMware shared folders, through httpd; convenient as you can save the sources on your host without putting it on a guest.

yum install httpd -y
chkconfig httpd on

# enable directory listing
sed -i '/^#/! s/^/#/' /etc/httpd/conf.d/welcome.conf

# change DocumentRoot to "/data/www"
sed -i 's/\/var\/www\/html/\/mnt\/hgfs\/Stage/g' /etc/httpd/conf/httpd.conf
service https start

Content of share Stage is now exposed at

Setup iScsi

We expose the storage for the servers (repository, cluster disk) through iScsi, which we host on server manager1. Performance should be reasonable OK, but if you have 'real' storage exposed over iScsi or NAS, that may be preferable. Note that exposing NAS through OSX to the guests is no good idea, as NAS server on OSX doesn't deliver good performance.

# Install iscsi 
yum install iscsi-initiator-utils  scsi-target-utils -y

# Start iscsi server
service tgtd start

# Define new target
tgtadm --lld iscsi --mode target --op new --tid 101 --targetname server1:data

# Add disk2 to the target
tgtadm --lld iscsi --op new --mode logicalunit --tid 101 --lun 1 -b /dev/sdb

# Add disk3 to the target
tgtadm --lld iscsi --op new --mode logicalunit --tid 101 --lun 2 -b /dev/sdc

# Verify the target
tgt-admin -s
mv /etc/tgt/targets.conf /etc/tgt/
tgt-admin --dump > /etc/tgt/targets.conf

# Restart iscsi server
service tgtd restart

# Set to start by default
chkconfig tgtd on

Both disks are now exposed over iScsi at server1:data

Create machine 'Server1'

Create Server, we install OVM Server 3.2.8.

Assign 2 cores, 4G of ram, Enable hypervisor

Modify the Disk to not-split in 2GB files

Boot the machine and install with defaults. Set network IP and Netmask

Set DNS and Gateway

Set Hostname

Create machine 'Server2'

Identical to Server1, but with different network settings.

Set network IP and Netmask

Set DNS and Gateway

Set Hostname

(Re)boot 'Server1'

ssh root@

# add no-bootscrub and vmxnet3 kernel module to the boot loader
sed -i 's/dom0_mem/no-bootscrub vmxnet3 dom0_mem/' /boot/grub/grub.conf

# Set the hosts file
echo -e "\t\tmanager1" >> /etc/hosts
echo -e "\t\tserver2" >> /etc/hosts

# poweroff

Change to vmxnet3 networking

On the host, change the network card from "e1000" to "vmxnet3" in file Server1.vmwarevm/Server1.vmx.

sed -i'' -e 's/e1000/vmxnet3/g' Server1.vmwarevm/Server1.vmx

(Re)boot 'Server2'

ssh root@
# add no-bootscrub and vmxnet3 kernel module to the boot loader
sed -i 's/dom0_mem/no-bootscrub vmxnet3 dom0_mem/' /boot/grub/grub.conf

# Set the hosts file
echo -e "\t\tmanager1" >> /etc/hosts
echo -e "\\ttserver1" >> /etc/hosts

# poweroff

Change to vmxnet3 networking

On the host, change the network card from "e1000" to "vmxnet3" in file Server2.vmwarevm/Server2.vmx.
sed -i'' -e 's/e1000/vmxnet3/g' Server2.vmwarevm/Server2.vmx


OVM server farm sandbox - configuration

Monday, 15 December 2014

Safari and OVM3.3.1

The release notes states:
On Windows using Safari to access Oracle VM Manager results in a blank page. This is due to a failure that occurs during the SSL handshake when the server has enabled two-way SSL. Since Oracle VM Manager uses two-way SSL for client certificate authentication, the Safari browser is not supported on Windows. Bug 18025985

If that is so, let's make it work, let's enable two-way-SSL for Safari!


Indeed, the server requests the browser to - optionally - send a browser certificate. If Safari has one, it sends it. But the one sent to the OVMM server, is not accepted by OVMM.

An infinite loop starts, as the server rejects the certificate, and the browser prompts the user to select a new certificate to send to the server.


OVM has a certificate for this purpose! The only thing we need to do is export it, and import it in Safari. Now we have the added problem that no passwords to the certificate stores are saved. Documentation explains:

In some scenarios, you may also want to configure Oracle WebLogic Server's SSL truststore to provide additional trusted CAs. To do this you may use the changepass command to change the truststore password, since the default password for the keystore is randomized and it would not be possible to modify the keystore without the correct password. Once you have reset the password, you can modify the keystore using the Java keytool, as required. 

Let's set the new password then!

su - oracle
cd /u01/app/oracle/ovm-manager-3/ovm_upgrade/bin
./ changepass

Specify the following input, most important NOT to use random passwords, and reset the ssl keystore:
  • Use random passwords? [yes] no
  • Change CA Keystore and Key passwords? [yes] no
  • Change SSL Keystore and Key passwords? [yes] 
  • SSL Keystore password: your_ovm_admin_password
  • Verify SSL Keystore password: your_ovm_admin_password
  • SSL Key password: your_ovm_admin_password
  • Verify SSL Key password: your_ovm_admin_password
  • Change SSL Trustore password? [yes] no
  • Oracle MiddleWare Home (MW_HOME): /u01/app/oracle/Middleware
  • WebLogic domain directory: [/u01/app/oracle/ovm-manager-3/domains/ovm_domain] 
  • WebLogic server name: [AdminServer] 
  • WebLogic username: [weblogic] 
  • WebLogic password: [********] your_ovm_admin_password
Create a certificate store for import into Safari:

cd /u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/
keytool -importkeystore \
    -srckeystore ovmssl.jks \
    -destkeystore ovmssl.p12 \
    -srcstoretype JKS \
    -deststoretype PKCS12 \
    -srcstorepass $my_ovm_admin_pass \
    -deststorepass $my_ovm3_trustcert_pass \
    -srcalias ovm3 \
    -destalias ovm3 \
    -srckeypass $my_ovm_admin_pass \
    -destkeypass $my_ovm3_trustcert_pass \

Copy the new ovmssl.p12 certificate to your Desktop/Laptop, and start keychain to import the certificate:

  • File > Import Items... >
  • Select file: ovmssl.p12
  • Destination keychain: Login
  • Specify password: Welcome1

In keychain, under certificates, we have the OVM3 certificate:

Let's start Safari, and redirect the browser to OVM3. Safari prompt us again to select a client certificate. Select the correct client certificate:

That's it. A record now gets associated with the ovm3 client certificate for this url. Safari will select this certificate automatically upon next time.

Wednesday, 22 October 2014

ZFS, OVM and the limitations using InfiniBand

The things they don't tell you...

What a pity, this combination comes with some shortfalls indeed. Oracle doesn't tell you, as strictly they do not use all those marvelous features combined. Here my experience shared to avoid other people painting themselves into a corner.

ZFS direct access from OVM over InfiniBand

The best of all world, but not for OVM; OVM is an Oracle flavor of Xen, and Xen works with bonding networking for its guest machines. A network bond is only possible using Ethernet (OSI layer 3). Having InfiniBand, there is Ethernet over InfiniBand (EoIB), but that is not supported by Xen. So, all network over InfiniBand is supported to the host (Oracle Virtual Server), but not to its guests.

Alternative 1 - IB access from the guest

We could work around by installing InfiniBand drivers into the guest. Those are supposed to be bridged (have not tried myself), but due to the implementation of InfiniBand over PCI-express, this cannot be "frozen" during a life-migration. Therefor, seriously crippling one of the best OVM features.

Alternative 2 - No direct access

Why would you want to have direct access in the first place? Possibly because of a NFS mount on ZFS is handy and fast to implement. Go for a solution which is slightly more difficult to setup, but easier to maintain (let along easier security implementation): only allow the storage (ZFS) to be access as local disk to the guest machine. Then, the local disk may be virtual (a disk in the OVM repository), or a physical disk mounted to the guest. Those disks are coming from ZFS, either through NFS-over-IB, or iSCSI. Unfortunately, iSCSI-over-InfiniBand (iSER) is not supported by OVM. Having that said, despite the "IP" overhead of iSCSI over IP-over-Infiniband (IPoIB), the ZFS plugin for OVM makes it possible to do all required disk administration from within OVM.

Alternative 3 - No InfiniBand

Right, you want to stick to NFS mounts of ZFS, accessed in your guests. Then the only possibility is accessing the ZFS through a "bond-able" interface. That is either:
  • An ethernet interface directly on OVM, e.g. 10GB ethernet;
  • An ethernet interface exposed through Xsigo. E.g. this is an 10GB port on the Xsigo, routed over IB, and accessible over IPoIB.

Alternative 4 - Indirect NFS

Just have a "simple" guest machine running NFS. And in turn, use Alternative 2 to have the storage disk as a disk on ZFS.

Choosing OVM disks: physical or virtual

Virtual disks

All the benefit of all disks in one repository. Including possibilities of sparse-copy disks; the equivalent of the thin provisioning - only allocate the blocks used despite a bigger quota/disk.

Physical disks

With the drawback of more complex administration (even though most can be done from OVM through the plugin), the advantages of ZFS are here: snapshots. Ideal if you want to have snapshots capabilities of (groups of) disks, without enforcing it to your entire OVM repository.

Smart usage of snapshots in OVM

Say, before patching you want to snapshot your entire WebCenter deployment across multiple machines, by the click of one button. Just have all involved machines' in one ZFS project, that is all machines in a dedicated OVM repository.

Below an example of 4 machines, with a bunch of disks, in one dedicated OVM repo. That repo itself is on one LUN, in one ZFS project.

Wednesday, 7 May 2014

OVM server farm sandbox - configuration

Note: The console is accessible at

Discover the servers

Discover the servers

Create storage

Add iScsi storage

Add access information

Assign Servers

Add admin Servers

Add selected storage initiators

Verify the storage

Modify the storage;
  • Select IET (1) and rename it to storage and make it Sharable
  • Select storage, Display selected physical disk events, and Acknowledge All
  • Select IET (2) and rename it to cluster disk and make it Sharable
  • Select cluster disk, Display selected physical disk events, and Acknowledge All

Add VNIC's

Modify Network

Modify network

Add Virtual Machine and Storage to the same network

Review the network

Create Server Pool

Create Server Pool

Enter details

Add servers to the pool

Verify the pool

Add Repository

Add repository

Enter the details

Assign (present to) both servers

Verify the repo


OVM server farm sandbox - usage

OVM server farm sandbox - crash emulation

Let's observe the failover feature(s) of OVM, now we have marked our VM to be HA.

Disrupt the server

We disrupt the server where the VM is actively running on. We can do that by e.g.:
  • Kill the VM in OVM Manager
  • Disconnecting the network adapter in VMWare
  • Pauze the machine in VMWare.

Observe the console messages

On the remaining server(s), observe the failing heartbeat detection, and takeover the VM's of the failed server(s).

OVM server farm sandbox - usage

Add Assembly to the repo

Add assembly. Here, an an OEL65_x86_64 assembly has been downloaded from edelivery and put onto the VMware accessible share "Stage" as download

Review the Assembly

Create a template

Note: the template contains a disk of 12GB, which - at 50MB/s - takes 4 minutes to create.

Right click the assembly to create a template

Give it a name

Verify the template

Modify the template to correct the OS, to have 1 core and 1580M memory by default.

Assign the network to the machine

Create a machine from template

Create (Clone) a new VM from template, give it a name myTestMachine1

Verify then edit the new VM, and note the server it has been assign to.

Add HA to the machine

Start the machine

Power-on the machine and connect the console. The default (build-in) console may work with Java 6 only, which - by now - is pretty much outdated, especially if you are on a Mac. Alternatively, connect with TightVNC, which comes with an excellent Java Viewing client (Web Start application). Connect tunneled through ssh (to the server where the new guest wil run), to the display 59xx where xx is the first free display number, starting with 00.

Modify the guest.
  • We start sending the guest through VM messages. The OVM guest drivers (shipped default with OVM templates) will pick up the task.
  • Invoke the VM messages through the OVM Management machine, using the OVM tools.
  • Download the script from just below, and call it Ovm_configure_vm.bash. Modify the script where necessary, and place it into the Stage shared folder.


export VM_NAME="myTestMachine1"
export VM_IP=""
export VM_HOSTNAME="mytestmachine1"
export VM_ORACLE_PASS="Welcome1"
export VM_ROOT_PASS="Welcome1"
# Below line is the "admin" password for the OVM Management access
export OVMUTIL_PASS="Welcome1"
export OVM_VMM="/u01/app/oracle/ovm-manager-3/ovm_utils/ovm_vmmessage"

paramSet () {
   echo "[$VM_NAME] setting [$1] to [$2]" 
   $OVM_VMM -u admin -E -h localhost -v "$VM_NAME" -k "$1" -V "$2" 

# selinux
paramSet permissive

# firewall
paramSet False

# date/time/timezone
paramSet "Europe/Amsterdam"
paramSet True
paramSet True
paramSet False

# network
paramSet "$VM_HOSTNAME"
paramSet eth0
paramSet yes
paramSet static
paramSet $VM_IP

# group oinstall
paramSet oinstall
paramSet add
paramSet 54321

# group dba
paramSet dba
paramSet add
paramSet 54322

# user
paramSet oracle
paramSet add
paramSet 54321
paramSet oinstall
paramSet dba
paramSet "$VM_ORACLE_PASS"

# ssh keys
paramSet root

# root password
paramSet "$VM_ROOT_PASS"

Invoke the modify script from the Management machine.

ssh root@

sh /mnt/hgfs/Stage/Ovm_configure_vm.bash

Observe the machine to continue on console


OVM server farm sandbox - crash emulation

Tuesday, 6 May 2014

OVM server farm sandbox - deployment

Prepare OVM Manager machine

Prep OVM Manager machine; default install so the machine doesn't need much resources. We install OEL6.5_64.

We give it the name Manager1 and assign 1 core, 2048MB, and set Hypervisor enabled.

We change the HD 1, to not split in 2G chunks.

The network we leave at the default shared.

* We add a shared folder Stage, Read-Only

Install OEL65

Boot the machine

Accept all defaults. For Networing set Hostname manager1, Set Connect automatically Enabled

We set the IPv4 Settings, Method Manual, IP, Netmask, Gateway, DNS server

We install a default Basic Server

At the end of the install, allow the server to reboot

Prep machine 'manager1'

Ssh to the machine
ssh root@

# change SELinux from enforcing to permissive
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/sysconfig/selinux
sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config

# change the boot kernel, from kernel UEK to Compatible
sed -i 's/default=0/default=1/g' /boot/grub/grub.conf

# Verify eth0 
cat /etc/sysconfig/network-scripts/ifcfg-eth0 
NAME="System eth0"

# Verify DNS resolving
cat /etc/resolv.conf 
; generated by /sbin/dhclient-script
search localdomain

# Verify network
cat /etc/sysconfig/network

# Verify routing
netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         UG        0 0          0 eth0
link-local      *          U         0 0          0 eth0     *        U         0 0          0 eth0

# Set the hosts file
echo -e "\tmanager1" >> /etc/hosts
echo -e "\tserver1" >> /etc/hosts
echo -e "\tserver2" >> /etc/hosts

# Set the yum repo
cd /etc/yum.repos.d/
yum install kernel-headers gcc -y

Install vmware drivers

Install Vmware Tools (through menu)

mount -t iso9660 -o ro /dev/sr0 /media/
cd /tmp
tar xvfz /media/VMwareTools-9.6.2-1688356.tar.gz
umount /media/
cd vmware-tools-distrib
./ -d
cd ..
rm -fR vmware-tools-distrib

Change to vmxnet3 networking

On the host, change the network card from "e1000" to "vmxnet3" in file Manager1.vmwarevm/Manager1.vmx.

sed -i'' -e 's/e1000/vmxnet3/g' Manager1.vmwarevm/Manager1.vmx

Boot the manager1 server

Verify the eth0 to run at 10GBit

ethtool eth0
# Observe
# .... Speed: 10000Mb/s

# Poweroff

Add second harddisk

We add a second HD which we can later configure as OVM repository. Make it big enough to host the ISO, VirtualDisk, etc.

Add third harddisk

We add a third HD which we can later configure as OVM pool (cluster) disk. It must be at least 12GB.

Install OVM Manager

We install OVM Manager 3.2.8.

# Mount media
mount -t iso9660 /dev/scd0 /media/
cd /media

# create user Oracle

# install

OVM manager is now exposed at

Add OVM Utils

From download patch 13602094 and place in in the Stage directory. Then on the Server1:

cd /tmp
unzip /mnt/hgfs/Stage/ 
cd /u01/app/oracle/ovm-manager-3
unzip /tmp/
rm -f /tmp/

Disable iptables

chkconfig iptables off
chkconfig ip6tables off

Setup httpd

We expose the stage of VMware shared folders, through httpd; convenient as you can save the sources on your host without putting it on a guest.

yum install httpd -y
chkconfig httpd on

# enable directory listing
sed -i '/^#/! s/^/#/' /etc/httpd/conf.d/welcome.conf

# change DocumentRoot to "/data/www"
sed -i 's/\/var\/www\/html/\/mnt\/hgfs\/Stage/g' /etc/httpd/conf/httpd.conf
service https start

Content of share Stage is now exposed at

Setup iScsi

We expose the storage for the servers (repository, cluster disk) through iScsi, which we host on server manager1. Performance should be reasonable OK, but if you have 'real' storage exposed over iScsi or NAS, that may be preferable. Note that exposing NAS through OSX to the guests is no good idea, as NAS server on OSX doesn't deliver good performance.

# Install iscsi 
yum install iscsi-initiator-utils  scsi-target-utils -y

# Start iscsi server
service tgtd start

# Define new target
tgtadm --lld iscsi --mode target --op new --tid 101 --targetname server1:data

# Add disk2 to the target
tgtadm --lld iscsi --op new --mode logicalunit --tid 101 --lun 1 -b /dev/sdb

# Add disk3 to the target
tgtadm --lld iscsi --op new --mode logicalunit --tid 101 --lun 2 -b /dev/sdc

# Verify the target
tgt-admin -s
mv /etc/tgt/targets.conf /etc/tgt/
tgt-admin --dump > /etc/tgt/targets.conf

# Restart iscsi server
service tgtd restart

# Set to start by default
chkconfig tgtd on

Both disks are now exposed over iScsi at server1:data

Create machine 'Server1'

Create Server, we install OVM Server 3.2.8.

Assign 2 cores, 4G of ram, Enable hypervisor

Modify the Disk to not-split in 2GB files

Boot the machine and install with defaults. Set network IP and Netmask

Set DNS and Gateway

Set Hostname

Create machine 'Server2'

Identical to Server1, but with different network settings.

Set network IP and Netmask

Set DNS and Gateway

Set Hostname

(Re)boot 'Server1'

ssh root@

# add no-bootscrub and vmxnet3 kernel module to the boot loader
sed -i 's/dom0_mem/no-bootscrub vmxnet3 dom0_mem/' /boot/grub/grub.conf

# Set the hosts file
echo -e "\t\tmanager1" >> /etc/hosts
echo -e "\t\tserver2" >> /etc/hosts

# poweroff

Change to vmxnet3 networking

On the host, change the network card from "e1000" to "vmxnet3" in file Server1.vmwarevm/Server1.vmx.

sed -i'' -e 's/e1000/vmxnet3/g' Server1.vmwarevm/Server1.vmx

(Re)boot 'Server2'

ssh root@
# add no-bootscrub and vmxnet3 kernel module to the boot loader
sed -i 's/dom0_mem/no-bootscrub vmxnet3 dom0_mem/' /boot/grub/grub.conf

# Set the hosts file
echo -e "\t\tmanager1" >> /etc/hosts
echo -e "\\ttserver1" >> /etc/hosts

# poweroff

Change to vmxnet3 networking

On the host, change the network card from "e1000" to "vmxnet3" in file Server2.vmwarevm/Server2.vmx.
sed -i'' -e 's/e1000/vmxnet3/g' Server2.vmwarevm/Server2.vmx


OVM server farm sandbox - configuration