Virtual Machines and Openstack

A virtual machine in openstack consists of an instance which is based on an image and attached to a volume, living in a tenant. All ACM virtual machines run through openstack live in the admin tenant and can be administered from gomes through command line tools.

VM Configuration

The gotchas discussed in the openstack user docs are, of course, still preseent.

RADOS Block Devices via virtio

Apparently the default virtio-block parameters result in some inefficiencies when backed with rbds; the former assumes 512KiB IOs as the largest while the latter prefers IOs which match the object size, which defaults to 4MiB. Fortunately, there is an easy way to automate fixing this on Linux using udev. In something like /etc/udev/rules.d/99-virtio-rbd-io-size.rules, place the following line:

KERNEL=="vd*[!0-9]", RUN+="/bin/sh -c 'echo 4096 > /sys%p/queue/max_sectors_kb'"

You can force this to happen on an existing VM without rebooting by running, for example:

udevadm trigger -s block

AFS on an OpenStack VM

Since our VMs are (usually) not backed by compute-node-local storage, there’s not a great deal of utility (I think) in providing an AFS disk cache.

  • Adjust /etc/openafs/afs.conf to have OPTIONS="${VERBOSE} -memcache" rather than OPTIONS=AUTOMATIC (or just add -memcache if you have something else)

  • Adjust /etc/openafs/cacheinfo to have a moderate cache size (you still need to name the directory, but that’s OK, it won’t be used)

  • If you’re making this change live on a machine, free up the space used by the old cache files

    /etc/init.d/openafs-client stop
rm -rf /var/cache/openafs/*
/etc/init.d/openafs-client start

Maintenance Tasks

Getting a shell on a VM with no floating IP

Log in to gomes. Identify the correct network namespace by running a variant on

for i in `ip netns list`; do echo $i;
  sudo ip netns exec $i ip addr show | grep 192.168.128;
done

(There will probably be two; either one should work.)

Then

sudo ip netns exec ${THAT_NAMESPACE} ssh -i $HOME/.ssh/id_rsa -v ${VM_USER}@${VM_IP_ADDRESS}

should get you a shell on that machine. Isn’t this exciting?