Oracle VM: Administrator's Guide For Release 3.4
Oracle VM: Administrator's Guide For Release 3.4
Oracle VM: Administrator's Guide For Release 3.4
E64083-18
April 2021
Oracle Legal Notices
This software and related documentation are provided under a license agreement containing restrictions on use and
disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement
or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute,
exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or
decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find
any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of
the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any
programs embedded, installed or activated on delivered hardware, and modifications of such programs) and
Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are
"commercial computer software" or "commercial computer software documentation" pursuant to the applicable
Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction,
duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle
programs (including any operating system, integrated software, any programs embedded, installed or activated
on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other
Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The
terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract for such
services. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not
developed or intended for use in any inherently dangerous applications, including applications that may create a risk
of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to
take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation
and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous
applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their
respective owners.
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used
under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD
logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The
Open Group.
This software or hardware and documentation may provide access to or information about content, products, and
services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all
warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an
applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any
loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as
set forth in an applicable agreement between you and Oracle.
Abstract
iii
Oracle® VM
iv
Oracle® VM
v
vi
Preface
The Oracle VM Administrator's Guide explains how to manage Oracle VM and perform administrative
tasks, such as configuring the system configuration, using Oracle VM Guest Additions, backing up and
restoring components, troubleshooting common issues.
Audience
This document is intended for Oracle VM administrators with privileged access to the physical and virtual
resources of the Oracle VM environment. This guide assumes that you have a detailed knowledge of
Oracle VM and that you are familiar with Oracle Linux system administration and Linux command line
operation.
Related Documents
For more information, see the following documents in the Oracle VM documentation set:
You can also get the latest information on Oracle VM by going to the Oracle VM Web site:
http://www.oracle.com/us/technologies/virtualization/oraclevm
Note
Command Syntax
Oracle Linux command syntax appears in monospace font. The dollar character ($), number sign (#), or
percent character (%) are Oracle Linux command prompts. Do not enter them as part of the command.
The following command syntax conventions are used in this guide:
vii
Conventions
Convention Description
backslash \ A backslash is the Oracle Linux command continuation character. It is used in
command examples that are too long to fit on a single line. Enter the command
as displayed (with a backslash) or enter it on a single line without a backslash:
dd if=/dev/rdsk/c0t1d0s6 of=/dev/rst0 bs=10b \
count=10000
italics Italic type indicates a variable. Substitute a value for the variable:
library_name
forward slash / A forward slash is used to escape special characters within single or double
quotes in the Oracle VM Manager Command Line Interface, for example:
create Tag name=MyTag description="HR/'s VMs"
Conventions
The following text conventions are used in this document:
Convention Meaning
boldface Boldface type indicates graphical user interface elements associated with an
action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for which
you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, code in
examples, text that appears on the screen, or text that you enter.
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website
at
https://www.oracle.com/corporate/accessibility/.
viii
Diversity and Inclusion
ix
x
Chapter 1 Configuring Oracle VM Server After Installation
After you successfully install Oracle VM Server, you can perform configuration tasks to customize your
environment. These configuration tasks include installing vendor-specific Oracle VM Storage Connect plug-
ins, enabling multipathing, optionally installing and configuring diagnostics tools, and changing the memory
size of the management domain. If you are using Oracle VM Server for SPARC, you can also create local
ZFS volumes or configure a secondary service domain.
You can find more information about Oracle VM Storage Connect plug-ins at:
https://www.oracle.com/virtualization/storage-connect-partner-program.html
Oracle VM Storage Connect plug-ins are delivered as an RPM, usually a single RPM, but your storage
vendor may provide multiple RPMs. When you have the Oracle VM Storage Connect plug-in RPM from
your storage vendor, install the RPM on your Oracle VM Servers. You must install the RPM on all the
Oracle VM Servers that will use the particular storage.
To install the Oracle VM Storage Connect plug-in RPM, on the command line of the Oracle VM Server,
enter
# rpm -ivh filename.rpm
If you are upgrading an existing Oracle VM Storage Connect plug-in, use the RPM upgrade parameter:
# rpm -Uvh filename.rpm
If you are installing or upgrading an Oracle VM Storage Connect plug-in on an Oracle VM Server already
managed by Oracle VM Manager, rediscover the Oracle VM Server to update the database repository with
the latest configuration information about the Oracle VM Server.
Read the install and configuration documentation for the Oracle VM Storage Connect plug-in from
your storage vendor before you install and use it. There may be extra configuration required that is not
documented here.
1. Design and document the multipathing configuration you intend to apply to the SAN hardware used in
your Oracle VM environment.
1
Configuring Software RAID for Storage
2. Ensure that the drivers for your Host Bus Adapters (HBAs) are present. If not, install the drivers.
5. Configure path optimization features (ALUA or similar) on your disk subsystem, if so instructed by your
vendor's documentation.
6. Check the fabric information on each Oracle VM Server that has access to the SAN hardware. Use
multipath -ll and related commands.
7. Make the necessary changes to the file /etc/multipath.conf on the Oracle VM Servers.
Note
You must make the exact same changes to the multipath configuration file on all
Oracle VM Servers in your environment.
Important
Important
11. Reboot the Oracle VM Servers to verify that the SAN and multipathing configuration come up after a
restart.
For detailed information and instructions, consult the SAN hardware vendor documentation.
Note
Important
As a best practice, you should use software RAID devices as storage repositories in
a deployment environment before using them in a production environment.
In environments where you use software RAID devices as storage repositories for
server pools, unexpected behavior can occur with certain virtual machine migration
operations. For example, if you clone a virtual machine and then attempt to live
2
Configuring Software RAID for Storage
migrate it to an instance of Oracle VM Server in the same server pool, the migration
fails with an error that indicates the virtual machine disk does not exist. In this case,
you must stop the virtual machine and then move it to the appropriate instance of
Oracle VM Server.
2. Ensure the local disks or multipath LUNs you want to configure as software RAID devices are available
as mapped devices.
# ls /dev/mapper
3. Run the multipath -ll command to find the WWIDs for the devices, as follows:
# multipath -ll
Note
7. Specify each device to include in the software RAID configuration on separate DEVICE lines, as in the
following example:
DEVICE /dev/mapper/device1-WWID
DEVICE /dev/mapper/device2-WWID
9. Run the following command to scan for software RAID devices and include them in mdadm.conf:
# mdadm --detail --scan >> /etc/mdadm.conf
Note
3
Removing Software RAID Devices
If any software RAID devices already exist, this command creates duplicate
entries for them in mdadm.conf. In this case, you should use a different method
to include the new software RAID device, as in the following example:
# mdadm --detail --scan
# cp /etc/mdadm.conf /etc/mdadm.conf.backup
10. Confirm that the configuration includes the software RAID device.
# cat /etc/mdadm.conf
# For OVS, don't scan any devices
#DEVICE /no/device
DEVICE /dev/mapper/device1-WWID
DEVICE /dev/mapper/device2-WWID
Name : hostname:0
UUID : RAID_UUID
Events : 17
You can find more information about software RAID in the Oracle Linux documentation at:
http://docs.oracle.com/cd/E37670_01/E41138/html/ch18s04.html
4
Diagnostic Tools for Oracle VM Server
Note
After you remove the software RAID device, Oracle VM Manager displays an
event with a severity of warning. The event message is similar to the following:
Warning time_stamp storage.device.offline. Physical disk is Offline
No Description: OVMEVT_007005D_001 Rescan storage layer on server [hostname] did
not return physical disk [md-UUID] for storage array [Generic Local Storage Array
Obtaining a system memory dump, vmcore, can be very useful when attempting to diagnose and resolve
the root cause of an issue. To get a useful vmcore dump, a kdump service configuration is required. See
Section 1.4.2, “Manually Configuring kdump for Oracle VM Server” below for more information on this.
In addition, you can install netconsole, a utility allowing system console messages to be redirected across
the network to another server. See the Oracle Support Document, How to Configure "netconsole" for
Oracle VM Server 3.0, for information on how to install netconsole.
https://support.oracle.com/
Additional information on using diagnostic tools is provided in the Oracle Linux documentation. See the
chapter titled Support Diagnostic Tools in the Oracle Linux Administrator's Solutions Guide.
http://docs.oracle.com/cd/E37670_01/E37355/html/ol_diag.html
By default, OSWatcher is installed on Oracle VM Server and is enabled to run at boot. The following table
describes the OSWatcher program and main configuration file:
Name Description
/usr/sbin/OSWatcher The main OSWatcher program. If required, you can configure certain
parameters for statistics collection. However, you should do so only if Oracle
Support advises you to change the default configuration.
5
Manually Configuring kdump for Oracle VM Server
Name Description
/etc/sysconfig/ This file defines the directory where OSWatcher log files are saved, the interval
oswatcher between statistics collection, and the maximum amount of time to retain
archived statistics.
Important
To start, stop, and check the status of OSWatcher, use the following command:
# service oswatcher {start|stop|status|restart|reload|condrestart}
For detailed information on the data that OSWatcher collects and how to analyze the output, as well as
for instructions on sending the data to Oracle Support, see the OSWatcher User Guide in the following
directory on Oracle VM Server: /usr/share/doc/oswatcher-x.x.x/
A description of the actions required to manually configure Oracle VM Server so that the kdump service
is properly enabled and running is provided here, so that you are able to set up and enable this service
after an installation. The Oracle VM Server installer provides an option to enable kdump at installation
where many of these steps are performed automatically. See the Kdump Setting section of the Oracle VM
Manager Command Line Interface User's Guide for more information on this.
The crashkernel parameter specifies the amount of space used in memory to load the crash kernel that
is used to generate the dump file, and also specifies the offset which is the beginning of the crash kernel
6
Manually Configuring kdump for Oracle VM Server
region in memory. The minimum amount of RAM that may be specified for a crash kernel is 512 MB and
this should be offset by 64 MB. This would result in a configuration that looks similar to the following:
GRUB_CMDLINE_XEN="dom0_mem=max:6144M allowsuperpage dom0_vcpus_pin \
dom0_max_vcpus=20 crashkernel=512M@64M"
This setting is sufficient for the vast majority of systems, however on systems that make use of a significant
number of large drivers, the crash kernel may need to be allocated more space in memory. If you force a
dump and it fails to generate a core file, you may need to increase the amount of memory allocated to the
crash kernel.
Important
While UEK4 supports the crashkernel=auto option, the Xen hypervisor does
not. You must specify values for the RAM reservation and offset used for the crash
kernel or the kdump service is unable to run.
When you have finished modifying /etc/default/grub, you must rebuild the system GRUB2
configuration that is used at boot time. This is done by running:
# grub2-mkconfig -o /boot/grub2/grub.cfg
Since the installation of Oracle VM Server only uses as much disk space as is required, a 'spare' partition
is frequently available on a new installation. This partition is left available for use for hosting a local
repository or for alternate use such as for hosting vmcore files generated by kdump. If you opt to use it for
this purpose, you must first correctly identify and take note of the UUID of the partition and then format it
with a usable filesystem.
The following steps serve as an illustration of how you might prepare the local spare partition.
• Identify the partition that the installer left 'spare' after the installation. This is usually listed under /dev/
mapper with a filename that starts with OVM_SYS_REPO_PART. If you can identify this device, you can
format it with an ext4 filesystem:
# mkfs.ext4 /dev/mapper/OVM_SYS_REPO_PART_VBd64a21cf-db4a5ad5
If you don't have a partition mapped like this, you may need to use a utilities like blkls, parted, fdisk
or gdisk to identify any free partitions on your available disk devices.
• Obtain the UUID for the filesystem. You can do this by running the blkid command:
# blkid /dev/mapper/OVM_SYS_REPO_PART_VBd64a21cf-db4a5ad5
/dev/mapper/OVM_SYS_REPO_PART_VBd64a21cf-db4a5ad5:
UUID="51216552-2807-4f17-ab27-b8135f69896d" TYPE="ext4"
Take note of the UUID as you will need to use this later when you configure kdump.
7
Manually Configuring kdump for Oracle VM Server
be sufficient to run kdump initially without any problems. The following list identifies potential configuration
changes that you may wish to make:
• On systems with lots of memory (e.g. over 1 TB), it is advisable to disable the IO Memory
Management Unit within the crash kernel for performance and stability reasons. This is achieved
by editing /etc/sysconfig/kdump and appending the iommu=off kernel boot parameter to the
KDUMP_COMMANDLINE_APPEND variable:
KDUMP_COMMANDLINE_APPEND="irqpoll maxcpus=1 nr_cpus=1 reset_devices cgroup_disable=memory
mce=off selinux=0 iommu=off"
• If you intend to change the partition where the vmcore files are stored, using the spare partition on the
server after installation for instance, you must edit /etc/kdump.conf to provide the filesystem type
and device location of the partition. If you followed the instructions above, it is preferable that you do this
by specifying the UUID that you obtained for the partition using the blkid command. A line similar to the
following should appear in the configuration:
ext4 UUID=51216552-2807-4f17-ab27-b8135f69896d
• You may edit the default path where vmcore files are stored, but note that this path is relative to the
partition that kdump is configured to use to store vmcores. If you have configured kdump to store
vmcores on a separate filesystem, when you mount the filesystem, the vmcore files are located in the
path specified by this directive on the mounted filesystem:
path /var/crash
• If you are having issues obtaining a vmcore or you are finding that your vmcore files are particularly
large using the makedumpfile utility, you may reconfigure kdump to use the cp command to copy the
vmcore in sparse mode. To do this, edit /etc/kdump.conf to comment out the line containing setting
the core_collector to use the makedumpfile utility and uncomment the lines to enable the cp
command:
# core_collector makedumpfile -EXd 1 --message-level 1 --non-cyclic
core_collector cp --sparse=always
extra_bins /bin/cp
Your mileage with this may vary, and the makedumpfile utility is generally recommended instead.
You must restart the kdump service at this point to allow it to detect the changes that have been made to
the kdump configuration and to determine whether a kdump crash kernel has been generated and is up to
date. If the kernel image needs to be updated, kdump does this automatically, otherwise it restarts without
any attempt to rebuild the crash kernel image:
# service kdump restart
Stopping kdump: [ OK ]
Detected change(s) the following file(s):
/etc/kdump.conf
Rebuilding /boot/initrd-4.1.12-25.el6uek.x86_64kdump.img
Starting kdump: [ OK ]
8
Manually Configuring kdump for Oracle VM Server
# xl dmesg|grep -i crashkernel
(XEN) Command line: placeholder dom0_mem=max:6144M allowsuperpage dom0_vcpus_pin
dom0_max_vcpus=20 crashkernel=512M@64M
You can also check that the appropriate amount of memory is reserved for kdump by running the following:
# xl dmesg|grep -i kdump
(XEN) Kdump: 512MB (524288kB) at 0x4000000
or alternately:
# kexec --print-ckr-size
536870912
You can check that the kdump service is running by checking the service status:
# service kdump status
Kdump is operational
If there are no errors in /var/log/messages or on the console, you can assume that kdump is running
correctly.
To test that kdump is able to generate a vmcore and store it correctly, you can trigger a kernel panic by
issuing the following commands:
# echo 1 > /proc/sys/kernel/sysrq
# echo c > /proc/sysrq-trigger
Note
These commands cause the kernel on the Oracle VM Server to panic and crash.
If kdump is working correctly, the crash kernel should take over and generate the
vmcore file which is copied to the configured location before the server reboots
automatically. If kdump fails to load the crash kernel, the server may hang with the
kernel panic and requires a hard-reset to reboot.
After you have triggered a kernel panic and the system has successfully rebooted, you may check that the
vmcore file was properly generated:
• If you have not configured kdump to use an alternate partition, you should be able to locate the vmcore
file in /var/crash/127.0.0.1-date-time/vmcore, where date and time represent the date and
time when the vmcore was generated.
• If you configured kdump to use an alternate partition to store the vmcore file, you must mount it first. If
you used the spare partition generated by a fresh installation of Oracle VM Server, this can be done in
the following way:
# mount /dev/mapper/OVM_SYS_REPO_PART_VBd64a21cf-db4a5ad5 /mnt
Remember to unmount the partition after you have obtained the vmcore file for analysis, so that it is free
for use by kdump.
If you find that a vmcore file is not being created or that the system hangs without automatically rebooting,
you may need to adjust your configuration. The most common problem is that there is insufficient memory
9
Disabling Paravirtualized Guests on Oracle VM Server
allocated for the crash kernel to run and complete its operations. Your starting point to resolving issues
with kdump is always to try increasing the reserved memory that is specified in your GRUB2 configuration.
As of Release 3.4.5, the Xen hypervisor allows you to disable PVM guests through a configuration file
setting. After you upgrade your servers to Oracle VM Server Release 3.4.5, PVM guests are not disabled
by default, because that would cause a variety of problems in existing PVM guests. Oracle recommends
that you switch to PV-HVM guests and disable PVM guests as described in this section.
As of Release 3.4.6, support for PVM guests is removed. With the removal of PVM guest support, the
following new behavior restrictions exist:
• A new virtual machine cannot be created of the PVM doman type from the Oracle VM Manager Web
Interface, Oracle VM Manager Command Line Interface, or Oracle VM Web Services API.
• An existing virtual machine of the PVM domain type can be converted to a supported type from the
Oracle VM Manager Web Interface, Oracle VM Manager Command Line Interface, or Oracle VM Web
Services API.
• During server discovery, warnings are raised for each virtual machine of the PVM domain type. The
warnings appear of type "vm.unsupported.domain" on the Error Conditions subtab of the Health tab.
The error event cannot be acknowledged by the user.
Note
Existing virtual machines of the PVM domain type continue to work as before;
however, the error event that is raised goes away only after the PVM domain type
issue is resolved.
• After editing the domain type to a supported type, the event is then acknowledged.
Tip
If you have existing PVM guests, you should convert them to HVM with PV drivers
before you disable PVM on your Oracle VM Servers. For details about changing the
guest virtualization mode, please consult the Support Note with ID 2247664.1.
3. Uncomment the line by removing the "#" and set the parameter to "0" to disable PV guests. Save the
changes to the file.
10
Changing the Memory Size of the Management Domain
4. Stop and start the xend service on the Oracle VM Server for the new settings to take effect.
# service xend stop
# service xend status
xend daemon is stopped
Any attempt to start a PVM guest on an Oracle VM Server with PVM guests disabled, or to migrate a
PVM guest to it, results in a failure: "Error: PV guests disabled by xend".
Note
5. Repeat these steps for each of the remaining Oracle VM Servers to protect your entire virtualized
environment.
You can use this calculation to determine memory allocation for the Oracle VM Server installation.
However, you should not make the memory allocation for dom0 smaller than the calculated value. You
can encounter performance issues if the dom0 memory size is not set appropriately for your needs on the
Oracle VM Server.
11
Configuring Oracle VM Server for SPARC
To change the dom0 memory allocation, edit your grub configuration on the Oracle VM Server to adjust
the value for the dom0_mem parameter. If you are using UEFI boot, the grub configuration file is located
at /boot/efi/EFI/redhat/grub.cfg, otherwise the grub configuration file is located at /boot/
grub2/grub.cfg. Edit the line starting with multiboot2 /xen.mb.efi and append the required boot
parameters. For example, to change the memory allocation to 1440 MB, edit the file to contain:
multiboot2 /xen.mb.efi dom0_mem=max:1440M placeholder ${xen_rm_opts}
Note
Note
See Creating ZFS Volumes on NVMe Devices if you plan to create a ZFS volume
on an NVMe devices, such as an SSD.
In the control domain for the Oracle VM Server where you wish to create the ZFS volumes that you intend
to use, use the zfs create command to create a new ZFS volume:
# zfs create -p -V XG pool/OVS/volume
The size of the volume, represented by XG can be any size that you require as long as your hardware
supports it. The pool, that the volume belongs to can be any ZFS pool. Equally, the volume name can
be of your choosing. The only requirement is that the volume resides under OVS within the pool, so that
Oracle VM Manager is capable of detecting it. The following example shows the creation of two ZFS
volumes of 20 GB in size:
# zfs create -V 20G rpool/OVS/DATASET0
# zfs create -V 20G rpool/OVS/DATASET1
Once you have created the ZFS volumes that you wish to use, you must rediscover your server within
Oracle VM Manager. See the Discover Servers section of the Oracle VM Manager User's Guide for
more information on how to do this. Once the server has been rediscovered, the ZFS volumes appear as
physical disks attached to the server in the Physical Disks perspective within the Oracle VM Manager
12
Creating ZFS Volumes
Web Interface. See the Physical Disks Perspective section of the Oracle VM Manager User's Guide for
more information on this perspective.
As long as a ZFS volume is unused and Oracle VM Manager is able to detect it as a local physical disk
attached to the server, you can create a repository on the ZFS volume by selecting to use this disk when
you create the repository. See the Create New Repository section of the Oracle VM Manager User's Guide
on creating repositories.
Using this feature, you can use a single SPARC server to create virtual machines without any requirement
to use an NFS repository or any additional physical disks.
1. Determine the LUN of the NVMe device with the format command, as in the following example:
# format
....
5. c1t1d0 <INTEL-SSDPE2ME016T4S-8DV1-1.46TB>
/pci@306/pci@1/pci@0/pci@4/nvme@0/disk@1
/dev/chassis/SYS/DBP/NVME0/disk
...
In the preceding example, the NVMe device has the following LUN: c1t1d0.
Note
Where:
Where:
• size is an integer value that specifies the size of the ZFS volume in Gigabytes. Ensure that the size
of the ZFS pool is not greater than the size of the NVMe disk.
• pool_name is the name of the ZFS pool on which you are creating the volume.
Important
The first path element of the ZFS pool must be /OVS/ as in the preceding
example. This path element ensures that Oracle VM Manager discovers the
ZFS volume as a local physical disk.
13
Configuring a Secondary Service Domain
5. From Oracle VM Manager, discover, or re-discover, the instance of Oracle VM Server for SPARC that
has the NVMe device attached to it.
After the discovery process completes, the Oracle VM Manager Web Interface displays each ZFS
volume as a physical disk attached to Oracle VM Server for SPARC in the Physical Disks perspective.
See the Physical Disks Perspective section of the Oracle VM Manager User's Guide .
The primary domain is always the first service domain and this is the domain that is discovered by Oracle
VM Manager. The second service domain, named secondary, is a root domain that is configured with a
PCIe root complex.The secondary domain should be configured similarly to the primary domain; it must
use the same operating system version, same number of CPUs and same memory allocation. Unlike
the primary domain, the secondary service domain is not visible to Oracle VM Manager. The secondary
domain mimics the configuration of the primary service domain and is transparently managed by the
Oracle VM Agent. In the case where the primary service domain becomes unavailable, the secondary
service domain ensures that guest domains continue to have access to virtualized resources such as disks
and networks. When the primary service domain becomes available again, it resumes the role of managing
these resources.
From a high level, the following tasks should be performed to configure the Oracle VM Agent to use a
secondary service domain:
1. Install the Oracle VM Agent as described in the Installing Oracle VM Agent for SPARC section of the
Oracle VM Installation and Upgrade Guide .
Note
If you have a secondary service domain already configured and you have
successfully updated your system to Oracle Solaris 11.3 on the primary domain,
the secondary service domain can also be upgraded using the same Oracle Solaris
IPS repository as the primary domain. To upgrade the secondary service domain,
you should upgrade from the Oracle Solaris command line using the following
command:
# pkg update --accept
For detailed install and upgrade instructions for Oracle Solaris 11.3, see http://
docs.oracle.com/cd/E53394_01/.
14
Configuring a Secondary Service Domain
1.7.2.1 Requirements
To configure the Oracle VM Agent with a secondary service domain, your SPARC server must meet the
minimum requirements listed in this section, in addition to the standard installation requirements described
in the Installing Oracle VM Server on SPARC Hardware section of the Oracle VM Installation and Upgrade
Guide .
Hardware
Use a supported Oracle SPARC T-series server, M-series, or S-series server. See Supported Platforms
in the Oracle VM Server for SPARC Installation Guide. The SPARC server must have at least two PCIe
buses, so that you can configure a root domain in addition to the primary domain. For more information,
see I/O Domain Overview in the Oracle VM Server for SPARC Administration Guide.
Both domains must be configured with at least one PCIe bus. The PCIe buses that you assign to each
domain must be unique. You cannot assign the same PCIe bus to two different domains.
By default, after a fresh installation, all PCIe buses are assigned to the primary domain. When adding
a new service domain, some of these PCIe buses must be released from the primary domain and then
assigned to the secondary domain.
For example, a SPARC T5-2 server with two SPARC T5 processors has 4 PCIe buses. This server can be
configured with a primary domain and a secondary domain. You can assign two PCIe buses to the primary
domain, and two PCIe buses to the secondary domain.
Network
The network ports used by the primary domain must all be connected to the PCIe buses that are assigned
to the primary domain.
Similarly the network ports used by the secondary domain must all be connected to the PCIe buses that
are assigned to the secondary domain.
In addition, the primary and secondary domains must have the same number of network ports. Each
network port in the primary domain must have a corresponding network port in the secondary domain, and
they must be connected to the same physical network.
For example, a SPARC T5-2 server with two SPARC T5 processors has 4 PCIe buses (pci_0, pci_1, pci_2,
and pci_3). The server also has 4 onboard network ports. Two network ports are connected to pci_0,
and the other two are connected to pci_3. You can assign 2 PCIe buses (pci_0 and pci_1) to the primary
domain, and 2 PCIe buses (pci_2 and pci_3) to the secondary domain. That way, both domains have two
ports configured. You must ensure that each port is connected to the same physical network as the port in
the corresponding domain.
Storage
Physical disks or LUNs used by the primary domain must all be accessible through one or several host
bus adapters (HBAs) connected to the PCIe buses that are assigned to the primary domain. The primary
domain requires at least one disk for booting and hosting the operating system. The primary domain
usually has access to all, or a subset of, local SAS disks present on the server through an onboard SAS
HBA connected to one of the PCIe buses of the server.
Similarly, physical disks or LUNs used by the secondary domain must all be accessible through one or
several HBAs connected to the PCIe buses assigned to the secondary domain. The secondary domain
15
Configuring a Secondary Service Domain
needs at least one disk for booting and hosting the operating system. Depending on the server used, the
secondary domain might not have access to any local SAS disks present on the server, or it might have
access to a subset of the local SAS disks. If the secondary domain does not have access to any of the
local SAS disks then it must have an HBA card on one of its PCIe buses and access to an external storage
array LUN that it can use for booting.
Warning
If the boot disk of the secondary domain is on a storage array shared between
multiple servers or multiple domains, make sure that the boot disk is accessible
by the secondary domain only. Otherwise the disk might be used by mistake by
another server or domain, which can corrupt the boot disk of the secondary domain.
Depending on the storage array and the storage area network, this can usually be
achieved using zoning or LUN masking.
In addition, if a Fibre Channel (FC) storage area network (SAN) is used, then the primary and the
secondary domains must have access to the same FC disks. So one or more FC HBAs must be connected
to the FC SAN and to the PCIe buses that are assigned to the primary domain. And, one or more FC HBAs
must be connected to the FC SAN and to the PCIe buses that are assigned to the secondary domain.
Note
The primary and the secondary domain do not need to have access to same SAS
or iSCSI disks. Only the SAS or iSCSI disks accessible from the primary domain are
visible to Oracle VM Manager. Oracle VM Manager does not have visibility of any
SAS or iSCSI disks accessible only from the secondary domain. If a virtual machine
is configured with SAS or iSCSI disks, then the corresponding virtual disks in the
virtual machine have a single access path, through the primary domain. If a virtual
machine is configured with FC disks, then the corresponding virtual disks in the
virtual machine have two access paths: one through the primary domain; and one
through the secondary domain.
For example, a SPARC T5-2 server with two SPARC T5 processors has 4 PCIe buses (pci_0, pci_1, pci_2,
pci_3). The server also has 2 onboard SAS HBAs to access the 6 internal SAS disks. One SAS HBA is
connected to PCIe bus pci_0 and accesses 4 internal disks. The other SAS HBA is connected to PCIe bus
pci_4 and accesses the 2 other internal SAS disks. You can assign 2 PCIe buses (pci_0 and pci_1) to the
primary domain, and 2 PCIe buses (pci_2 and pci_3) to the secondary domain. That way, both domains
have access to internal SAS disks that can be used for booting. The primary domain has access to four
SAS disks, and the secondary domain has access to two SAS disks.
If you want to connect the server to an FC SAN, then you can add an FC HBA to the primary domain (for
example on PCIe bus pci_1) and an FC HBA to the secondary domain (for example, on PCIe bus pci_2).
Then you should connect both FC HBAs to the same SAN.
1.7.2.2 Limitations
While using secondary service domains can improve the availability of guest virtual machines, there are
some limitations to using them with Oracle VM. The following list outlines each of these limitations:
• Clustering: Clustering cannot be used with a secondary service domain. If a server is configured with a
secondary service domain then that server cannot be part of a clustered server pool.
• Network Configuration: Network bonds/aggregation and VLANs are not automatically configured
on the secondary domain. If you configure bonds/aggregation or VLANs on the primary domain using
Oracle VM Manager, then corresponding bonds/aggregation or VLANs are not automatically configured
16
Configuring a Secondary Service Domain
on the secondary domain. To use any such bond/aggregation or VLANs with virtual machines, the
corresponding bonds/aggregation or VLANs must be manually configured on the secondary domain.
• Storage: NFS, SAS, iSCSI, and ZFS volumes accessible only from the secondary domain cannot be
used or managed using Oracle VM Manager.
Important
Secondary service domains cannot access NFS repositories. For this reason,
virtual machine I/O to virtual disks is served by the control domain only. If the
control domain stops or reboots, virtual machine I/O to virtual disks is suspended
until the control domain resumes operation. Use physical disks (LUNs) for virtual
machines that require continuous availability during a control domain reboot.
• Virtual Machine Disk Multipathing: When assigning a disk to a virtual machine, only fibre channel (FC)
disks are configured with disk multipathing through the primary and the secondary domains. NFS, SAS,
iSCSI or ZFS disks assigned to a virtual machine are configured with a single path through the primary
domain.
• Virtual Machine Network Port: When assigning a network port to a virtual machine, two network
ports are effectively configured on the virtual machine: one connected to the primary domain, and one
connected to the secondary domain. The network port connected to the primary domain is configured
with a MAC address that can be defined from within Oracle VM Manager. The MAC address must be
selected in the range [00:21:f6:00:00:00, 00:21:f6:0f:ff:ff]. The network port connected to the secondary
domain is configured with a MAC address derived from the MAC address of the network port connected
to the primary domain. This MAC address starts with 00:21:f6:8.
For example, if the MAC address defined in Oracle VM Manager is 00:21:f6:00:12:34 then this MAC
address is used on the network port connected to the primary domain. The derived MAC address is then
00:21:f6:80:12:34 and should be used on the network port connected to the secondary domain. Oracle
VM Manager uses a default dynamic MAC address range of [00:21:f6:00:00:00, 00:21:f6:ff:ff:ff]. When
using a secondary service domain, this range must be reduced to [00:21:f6:00:00:00, 00:21:f6:0f:ff:ff].
See the Virtual NICs section in the Oracle VM Manager Online Help for more information on changing
the default range of MAC addresses within the Oracle VM Manager Web Interface.
• Live Migration: A virtual machine cannot be live migrated to a server configured with a different number
of service domains. In other words, you cannot migrate a virtual machine running on a server with a
secondary service domain to a server without a secondary service domain; and you cannot migrate a
virtual machine running on a server without a secondary service domain to a server with a secondary
service domain.
• No domain, other than the primary domain, must exist before you start to set up a secondary domain.
You can see all existing domains in the output of the ldm list command.
• No virtual switch must exist before you start to set up a secondary domain. You can see all virtual
switches in the VSW section in the output of the ldm list-services command.
17
Configuring a Secondary Service Domain
• The secondary service domain should have virtual disk service (VDS) with the name secondary-vds0.
• The secondary service domain should be completely independent of any other domain, in particular of
the primary domain. For this reason, the secondary domain should have no virtual disks and no virtual
network interfaces, and use only physical disks and physical network interfaces.
For more information about creating a root domain, see Creating a Root Domain by Assigning PCIe Buses
in the Oracle VM Server for SPARC Administration Guide.
Use the ovs-agent-secondary command to make sure that you meet these requirements, and to
simplify the process of setting up and configuring the secondary service domain. See Section 1.7.2.6,
“Automatically Creating and Setting Up a Secondary Domain”.
The following instructions describe how to create a secondary service domain manually:
Manually Creating a Secondary Service Domain
1. Create the service domain and set the core CPU and memory requirements using the following
commands:
2. Assign the PCI buses that you wish the secondary service domain to use. For each bus, issue the
following command, substituting pci_2 with the correct bus identifier:
3. Add the secondary virtual disk service to the secondary domain, using the following command:
4. Remove any PCI buses that you added to the secondary service domain from the primary domain. To
begin reconfiguring the primary domain, enter the following command:
For each bus that you added to the secondary domain, enter the following command to remove it from
the primary domain, substituting pci_2 with the correct bus identifier:
5. When you have finished reconfiguring the primary domain, you must reboot it:
# reboot
Once the secondary service domain has been started, you can access its console by obtaining the console
port using the following command:
18
Configuring a Secondary Service Domain
Note that the console port is listed in the CONS column. You can open a telnet connection to this port as
follows:
# telnet 0 5000
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
{0} ok
Now you must install the Oracle Solaris 11 operating system into the secondary domain. This can be
achieved by following the instructions provided in the Oracle Solaris 11.3 documentation available at:
http://docs.oracle.com/cd/E53394_01/html/E54756/index.html
Do not attempt to install either the Oracle VM Agent or the Logical Domains Manager into the secondary
service domain. Only the Oracle Solaris 11 operating system is required.
Make sure that the secondary service domain is properly configured so that it can boot automatically. In
particular, the OpenBoot PROM (OBP) variables of the domain must be correctly set. For instance, the
auto-boot? parameter should be set to true, and boot-device parameter should contain the device
path of the boot disk that is configured for the secondary domain.
1.7.2.5 Manually Configuring the Oracle VM Agent to Support the Secondary Domain
You can use the ovs-agent-secondary command to assist you with the process of setting the Oracle
VM Agent to support the secondary domain, see Section 1.7.2.6, “Automatically Creating and Setting Up a
Secondary Domain”. The instructions that follow describe how to configure the Oracle VM Agent manually.
{
"enabled": true
}
Note
• Each network link in the primary domain should have a corresponding network link in the secondary
domain connected to the same physical network. By default, a network link in the primary domain is
associated with the network link with the same name in the secondary domain. If a network link in
the primary domain should be associated with a network link in the secondary domain with a different
name, then you need to define a network link mapping. To define a network mapping, you need to
add a 'nic-mapping' entry in /etc/ovs-agent/shadow.conf. Typically, entries of this sort look
similar to the following:
{
enabled": true,
19
Configuring a Secondary Service Domain
nic-mapping": [
["^net4$", "net2" ],
["^net5$", "net3" ]
]
}
In the above example, net4 is a network interface in the primary domain and is connected to the
same physical network as the network interface named net2 in the secondary domain. Equally,
net5 is a network interface in the primary domain and is connected to the same physical network as
the network interface named net3 in the secondary domain. Note that network interface names in
the primary domain are encapsulated with the regular expression characters caret (^) and dollar ($)
to ensure an exact match for the network interface name in the primary domain.
• Each Fibre Channel (FC) disk accessible from the primary domain domain should also be accessible
from the secondary domain. By default, a FC disk is accessed using the same device path in the
primary domain and in the secondary domain. In particular, each disk is accessed using the same
disk controller name. If a disk controller in the primary domain should be associated with a disk
controller in the secondary domain with a different name, then you need to define a disk controller
mapping.
It is recommended that Solaris I/O multipathing is enabled in the primary and in the secondary
domain on all multipath-capable controller ports, in particular on all FC ports. In that case, all FC
disks appear under a single disk controller (usually c0), and disk controller mapping is usually not
needed in that case.
In the preceding example, c0t is a disk controller in the primary domain that is connected to the
same FC disk as the disk controller named c1t in the secondary domain.
2. Save the logical domain configuration with the secondary service domain to the service processor.
Warning
Before saving the configuration, ensure that the secondary service domain
is active. If the configuration is saved while the secondary service domain is
not active, then the secondary service domain won't start automatically after a
power-cycle of the server
20
Configuring a Secondary Service Domain
3. To complete the configuration, reconfigure the Oracle VM Agent by running the following command:
# ovs-agent-setup configure
The configuration values that are used for this process map onto the values that you entered for the
configuration steps when you first configured Oracle VM Agent for your primary control domain, as
described in the Configuring Oracle VM Agent for SPARC section of the Oracle VM Installation and
Upgrade Guide
When the Oracle VM Agent configuration has completed, the secondary domain is running and Oracle VM
Agent is able to use it in the case that the primary domain becomes unavailable.
Note
A system reboot is not equivalent to powering off the system and restarting it.
Furthermore, you should ensure that the system does not power off until you
complete each step in the procedure to create a secondary service domain.
To create a secondary service domain, run the following command on the control domain:
# ovs-agent-secondary create
Important
The list of all PCIe buses present on the server is displayed, with information indicating whether or not they
are available for creating a secondary service domain. Example output from the ovs-agent-secondary
command, for this step, is displayed below:
21
Configuring a Secondary Service Domain
Choice (0-1): 1
Use this information to figure out which PCIe buses are available, and which buses you want to use for the
secondary service domain. You can display more or less information about the PCIe buses by entering "+"
or "-".
A PCIe bus is not available for creating a secondary service in the following cases:
• The PCIe bus is assigned to a domain other than the primary domain.
If you want to use such a PCIe bus for the secondary service domain then you must first remove it from
the domain it is currently assigned to.
• The PCIe bus is assigned to the primary domain and devices on that bus are used by the primary
domain.
If you want to use such a PCIe bus for the secondary service domain then you must reconfigure the
primary domain so that it stops using devices from that bus.
Warning
When a PCIe bus is assigned to the primary domain, the tool may not always
be able to figure out if devices from the bus are used by the primary domain.
Furthermore, the tool only identifies common devices (such as network interfaces
and disks) and the common usage of these devices (including link aggregation, IP
configuration or ZFS pool). If you want to create a secondary domain with a PCIe
bus that is currently assigned to the primary domain, make sure that this bus is
effectively not used by the primary domain at all.
The next step provided by the ovs-agent-secondary command allows you to actually select the PCIe
buses that are to be used for the secondary service domain. Typically, this step may appear as follows:
The following PCIe buses can be selected for creating a secondary
service domain.
Bus Selected Slot Devices Count
--- -------- ---- -------------
pci_1 no
/SYS/MB/PCIE5
/SYS/MB/PCIE6
/SYS/MB/PCIE7 ETH(2)
/SYS/MB/PCIE8 FC(2)
/SYS/MB/SASHBA1 DSK(2)
/SYS/MB/NET2 ETH(2)
Enter + or - to show or hide details about PCIe buses.
+) Show devices
-) Hide PCIe slots
Or enter the name of one or more buses that you want to add to the
selection of PCIe buses to create a secondary service domain.
Or select one of the following option.
0) Exit and do not create a secondary service domain
1) Add all PCIe buses to the selection
2) Remove all PCIe buses from the selection
Choice (0-2): pci_1
adding bus pci_1 to selection
Note that in addition to the menu options, which allow you to add all available PCIe buses to the secondary
service domain, you can also manually specify a space separated list of PCIe buses by bus name to
individually add particular buses to the secondary service domain.
22
Configuring a Secondary Service Domain
As soon as at least one PCIe bus is marked as selected, the menu options change to allow you to create
the secondary service domain with the selected PCIe buses:
Choice (0-3): 3
Confirming the Selection of PCIe Buses for the Secondary Service Domain
A final confirmation screen displays the buses selected for the secondary service domain, before you can
proceed to create the secondary service domain. This confirmation screen looks as follows:
You have selected the following buses and devices for the secondary
domain.
Bus Current Domain Slot Devices Count
--- -------------- ---- -------------
pci_1 primary
/SYS/MB/PCIE5
/SYS/MB/PCIE6
/SYS/MB/PCIE7 ETH(2)
/SYS/MB/PCIE8 FC(2)
/SYS/MB/SASHBA1 DSK(2)
/SYS/MB/NET2 ETH(2)
Verify that the selection is correct.
0) Exit and do not create a secondary service domain
1) The selection is correct, create a secondary domain with pci_1
2) Go back to selection menu and change the selection
Choice (0-2): 1
After the selection of PCIe buses for the secondary service domain has been confirmed, the secondary
domain is created and instructions for configuring the secondary service domain are displayed. The output
from the tool looks similar to the following:
----------------------------------------------------------------------
23
Configuring a Secondary Service Domain
The secondary service domain has been created. Next, you need to
install Solaris on that domain. Then you can configure the Oracle
VM Agent to run with the secondary domain.
# ovs-agent-secondary configure
If a reboot is required to complete the creation of the secondary service domain then a corresponding
menu is displayed, otherwise the tool terminates and the creation of secondary service domain is already
finished. The following menu is displayed if a reboot is required:
To complete the configuration of the Oracle VM Agent, the
system has to be rebooted.
Choice (1-2): 1
Server Reboot
Choice (1-2): 1
When you have finished creating the new service domain, you need to install it. Complete the instructions
in Section 1.7.2.4, “Installing the Secondary Service Domain”.
Once the secondary service domain is correctly installed, you must configure the Oracle VM Agent to use it
by running the ovs-agent-secondary command on the control domain, as follows:
# ovs-agent-secondary configure
The first step in the configuration process requires you to confirm that the secondary domain is installed
and running. This step is displayed as follows:
The secondary service domain exists and is active. It should be up
and running Solaris 11.3.
Confirm that the secondary service domain is up and running Solaris 11.3
24
Configuring a Secondary Service Domain
Choice (1-2): 1
You must remove any virtual switches defined in the secondary service domain before you can configure it,
as in the following example:
# ldm list-services
VCC
NAME LDOM PORT-RANGE
primary-vcc0 primary 5000-5127
VSW
NAME LDOM MAC NET-DEV ID DEVICE
0a010000 primary 00:14:4f:fb:53:0e net0 0 switch@0
Restart the configuration of the secondary service domain after you remove the virtual switch.
# ovs-agent-secondary configure
The secondary service domain exists and is active. It should be up
and running Solaris 11.3.
Confirm that the secondary service domain is up and running Solaris 11.3
1) Yes, the secondary service domain is up and running Solaris 11.3.
2) No, the secondary service domain is not running Solaris 11.3
Choice (1-2): 1
Mapping Network Interfaces Between the Primary and the Secondary Domain
Each network link in the primary domain should have a corresponding network link in the secondary
domain connected to the same physical network. By default, a network link in the primary domain is
associated with the network link with the same name in the secondary domain. If a network link in the
primary domain should be associated with a network link in the secondary domain with a different name,
then you need to define a network link mapping. This is achieved in the next step of the configuration
process, which is displayed as follows:
Each network link in the primary domain should have a corresponding
network link in the secondary domain connected to the same physical
network. By default, a network link in the primary domain will be
associated with the network link with the same name in the secondary
domain.
25
Configuring a Secondary Service Domain
Primary Secondary
------- ---------
net0 net0
net1 net1
net4 net4
net5 net5
net6 net6
net7 net7
Choice (1-2): 1
Ideally, you should be able to select option 2 here to continue. However, it is possible that network link
names may not correspond correctly. In this case, you should select option 1 and redefine the mapping as
follows:
Enter the mapping for net0 [net0]:
Enter the mapping for net1 [net1]:
Enter the mapping for net4 [net4]: net2
Enter the mapping for net5 [net5]: net3
Enter the mapping for net6 [net6]:
Enter the mapping for net7 [net7]:
Primary Secondary
------- ---------
net0 net0
net1 net1
net4 net2
net5 net3
net6 net6
net7 net7
Choice (1-2): 1
Note that you are prompted for the mapping for each network link in the primary domain. If you enter a
blank line, the existing default mapping is used. If you need to change a mapping, you must specify the
network link name in the secondary domain that is connected to the same physical network as the network
link listed in the primary domain.
When you have finished redefining the mappings, you should select option 1 to continue to the next step in
the configuration process.
Mapping Fibre Channel Disk Controllers Between the Primary and the Secondary Domain
Each Fibre Channel (FC) disk accessible from the primary domain should also be accessible from the
secondary domain. By default, a FC disk is accessed using the same device path in the primary domain
26
Configuring a Secondary Service Domain
and in the secondary domain. In particular, each disk is accessed using the same disk controller name. If
a disk controller in the primary domain should be associated with a disk controller in the secondary domain
with a different name, then you must define a disk controller mapping.
It is recommended that Solaris I/O multipathing is enabled in the primary and in the secondary domain on
all multipath-capable controller ports, in particular on all FC ports. In this case, all FC disks appear under a
single disk controller (usually c0), and disk controller mapping is usually not needed.
The following screen is displayed for this step in the configuration process:
Each Fibre Channel (FC) disk accessible from the primary domain
domain should also be accessible from the secondary domain. By
default, a FC disk will be access using the same device path in
the primary domain and in the secondary domain. In particular,
each disk will be accessed using the same disk controller name.
Primary Secondary
------- ---------
c0 c0
Choice (1-2): 1
Ideally, you should be able to select option 2 to continue. However, it is possible that disk controller names
might not correspond correctly. In this case, you should select option 1 and redefine the mapping as
follows:
Enter the mapping for c0 [c0]: c1
Primary Secondary
------- ---------
c0 c1
Choice (1-2): 1
Note that you are prompted for the mapping for each FC disk controller in the primary domain. If you enter
a blank line, the existing default mapping is used. If you need to change a mapping, you must specify
the FC disk controller name in the secondary domain that is connected to the same FC disk listed in the
primary domain.
When you have finished redefining the mappings, you should select option 1 to continue to the next step in
the configuration process.
27
Configuring a Secondary Service Domain
Saving the Oracle VM Agent Configuration for the Secondary Service Domain
The Oracle VM Agent uses a configuration file to access and configure itself for resources in the secondary
service domain. In this step of the configuration process, the configuration file is created and saved to disk
within the primary control domain:
Creating configuration file
Saving configuration ovm-shadow on the service processor
Choice (1-2): 1
Finally, the Oracle VM Agent is automatically reconfigured to use the secondary service domain and the
Oracle VM Agent is enabled:
Network Configuration
Network Configuration OK
Storage Configuration
Storage Configuration OK
OVS Agent Configuration
OVS Agent Configuration OK
Cluster Configuration
Cluster Configuration OK
LDoms Manager Configuration
LDoms Manager Configuration OK
Virtual I/O Services Configuration
Virtual I/O Services Configuration OK
LDoms Configuration
LDoms Configuration OK
The configuration values that are used for this process map onto the values that you entered for the
configuration steps when you first configured Oracle VM Agent for your primary control domain, as
described in the Oracle VM Installation and Upgrade Guide .
When the process is complete, the Oracle VM Agent is enabled and your environment is configured to use
both a primary and a secondary service domain.
28
Chapter 2 Configuring Oracle VM Manager After Installation
After you successfully install Oracle VM Manager, you can perform several configuration tasks to
customize your environment. These configuration tasks include setting the session timeout period for the
Oracle VM Manager Web Interface, and configuring SSL.
https://hostname:7002/console
3. Locate the Domain Structure pane on the left and then click Deployments.
4. Click Next in the list of deployed applications until you locate the ovm_console application.
5. Click "+" to expand the ovm_console application and then click ovm/console.
6. Click the Configuration tab and then click Lock and Edit in the Change Center pane to modify the
settings.
7. From the Configuration tab, locate the General subtab and then edit the value of the Session
Timeout field. The default setting is half an hour (1800 seconds).
Note
If you receive a permissions related error, you might need to change the
permissions or ownership on the file located at /u01/app/oracle/ovm-
manager-3/weblogic/deploy/ovm_console/plan/plan.xml. Use the
following command:
chown oracle:dba /u01/app/oracle/ovm-manager-3/weblogic/deploy/ovm_console/plan/plan.x
After you change permissions on the file, you must edit and save the value of
the Session Timeout field again.
8. Click Deployments in the Domain Structure pane on the left to return to the list of deployed
applications.
9. Locate and select the ovm_console check box and then click Update to redeploy the application.
10. Change the source and deployment plan paths as appropriate and then click Finish.
11. To activate the changes, click Activate Changes in the Change Center.
29
Setting Up SSL
Important
Due to the nature of some pages served within Oracle VM Manager, the client
browser auto-refreshes regularly to poll for changes. This is particularly apparent
on the Health page. Since the client is constantly refreshing, UI timeout may not
behave as expected. Therefore, a configuration parameter for ADF has been set to
timeout automatic polling after a default period of 20 minutes where there has been
no mouse or keyboard interaction within Oracle VM Manager. This means that for
these pages, the UI timeout value only becomes effective after the polling timeout
has been effected.
Changes to the polling timeout are not directly configurable. If you require this
facility to be modified contact Oracle Support.
• For the authentication of Oracle VM Manager to each Oracle VM Server that it has discovered and for
the encryption of communications between Oracle VM Manager and the Oracle VM Agent running on
each Oracle VM Server.
• For the authentication and encryption of some tools that make use of the Oracle VM Manager web-
services API.
• For the encryption of communications between a web-browser and the Oracle VM Manager web-based
user interface .
Certificates are generated automatically during the installation of Oracle VM Manager. To avoid SSL
validation issues in client web-browsers, you can obtain the internal CA certificate used by Oracle VM
Manager and install it into each web-browser that is used to access the Oracle VM Manager web user
interface. See Section 2.2.4, “Exporting the CA Certificate”.
Alternatively, if you already have an SSL certificate that is signed by an external CA, you can change the
SSL certificate that is used for the encryption of communications between the web-browser and the Oracle
VM Manager web-based user interface. See Section 2.2.6, “Changing the Default SSL Certificate”.
Finally, if you need to generate a new SSL key that is signed by the internal CA, you can follow the
instructions provided in Section 2.2.5, “Generating a New SSL Key”.
Important
If you plan to change the CA certificate, you should do so before you begin any
other Oracle VM Manager configuration to avoid authentication and communication
issues between components.
Oracle VM Manager uses the following 2048-bit keystores instead of the default Oracle WebLogic Server
keystore:
30
Oracle VM Key Tool
• /u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/ovmca.jks
• /u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/ovmclient.jks
• /u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/ovmssl.jks
• /u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/ovmtrust.jks
The passwords for these keystores are randomized at installation. If you need to update a keystore, such
as the CA keystore, to add mutually trusted CAs to the keystore, you may need to change the keystore
password using the Oracle VM Key Tool. For instructions on changing the keystore password, see
Section 2.2.7, “Changing the Keystore Password”.
Important
Syntax
ovmkeytool.sh [ --help ] [ --overwrite ] [ --quiet ] [ --verbose ] [ --propertyFile
filename ] [ -D property=value ] [ --noWebLogic ] { [{ show } | { check } | { setup } | {
setupWebLogic } | { gencakey } | { setcakey } | { gensslkey } | { setsslkey } | { changepass } | {
exportca }] }
Options
The following table shows the available options for this tool.
Option Description
--help Display the ovmkeytool.sh command parameters and
options.
--overwrite Allow existing keystores to be overwritten if user interaction is
disabled.
--quiet Run with no user interaction using property values exclusively.
--verbose Output extra information while running.
--propertyFile filename The specified file can be used to provide properties to the tool.
-D property=value Sets a property to a given value.
--noWebLogic Do not attempt to configure Oracle WebLogic Server or verify
Oracle WebLogic Server settings.
31
Oracle VM Key Tool
Commands
The following table shows the available commands for this tool. Only one command can be run at a time.
Option Description
show Displays SSL configuration details such as the CA and SSL
keystore files, certificate key aliases, and certificate details.
check Validates the current SSL configuration and provides
information if any errors exist.
setup Sets up all of the keystore files and configures Oracle
WebLogic Server.
setupWebLogic Configures existing keystore settings in Oracle WebLogic
Server.
gencakey Generates a new certificate authority (CA) key and puts the
key into the trust store.
Command Prompts
Depending on the command you run, the Oracle VM Key Tool prompts you for the following information:
You can set the MW_HOME environment variable to point to the location of the Oracle WebLogic Server
Middleware directory. Otherwise you must specify the default directory each time you run the Oracle
VM key tool. The default directory is /u01/app/oracle/Middleware.
32
Showing the Certificate Configuration
Use the default weblogic username and the one-time password that you set during Oracle VM
Manager installation.
33
Validating the Certificate Configuration
34
Exporting the CA Certificate
35
Changing the Default SSL Certificate
Note that the command prompts you to provide the values for various steps through the procedure as
the new SSL certificate is generated. Notably, you must enter a valid fully qualified domain name for the
server. This value is used for the hostname in the SSL certificate and must match the hostname that is
used to access the Oracle VM Manager web-based user interface.
This section describes how to use the Java keytool and the Oracle VM Key Tool to change the default SSL
certificate.
Note
You should modify the example commands for the Java keytool to suit your
business needs. Refer to the appropriate Java keytool documentation for more
information.
36
Changing the Default SSL Certificate
6. Use the setsslkey command to configure Oracle VM Manager to use the new keystore.
# ./ovmkeytool.sh setsslkey
Path for SSL keystore: [/u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/ovmssl.jks]
/path/to/keystore.jks
Keystore password:
Alias of key to use as SSL key: alias
Key password:
Updating keystore information in WebLogic
Oracle MiddleWare Home (MW_HOME): [/u01/app/oracle/Middleware]
WebLogic domain directory: [/u01/app/oracle/ovm-manager-3/domains/ovm_domain]
Oracle WebLogic Server name: [AdminServer]
WebLogic username: [weblogic]
WebLogic password: [********]
WLST session logged at: /tmp/wlst-session5820685079094897641.log
# su -c "/u01/app/oracle/ovm-manager-3/bin/configure_client_cert_login.sh /path/to/cacert"
Where /path/to/cacert is the absolute path to the CA certificate. You must provide the path to
the CA certificate if you used a CA other than the default Oracle VM Manager CA to sign the SSL
certificate.
2. Use the setsslkey command to configure Oracle VM Manager to use the new keystore.
# ./ovmkeytool.sh setsslkey
Path for SSL keystore: [/u01/app/oracle/ovm-manager-3/domains/ovm_domain/security/ovmssl.jks]
/path/to/keystore.jks
Keystore password:
Alias of key to use as SSL key: alias
Key password:
Updating keystore information in WebLogic
Oracle MiddleWare Home (MW_HOME): [/u01/app/oracle/Middleware]
WebLogic domain directory: [/u01/app/oracle/ovm-manager-3/domains/ovm_domain]
Oracle WebLogic Server name: [AdminServer]
WebLogic username: [weblogic]
WebLogic password: [********]
WLST session logged at: /tmp/wlst-session5820685079094897641.log
# su -c "/u01/app/oracle/ovm-manager-3/bin/configure_client_cert_login.sh /path/to/cacert"
Where /path/to/cacert is the absolute path to the CA certificate. You must provide the path to
the CA certificate if you used a CA other than the default Oracle VM Manager CA to sign the SSL
certificate.
37
Changing the Keystore Password
An example of setting the keystore password and then accessing trust information using the Java keytool
command is shown below:
# ./ovmkeytool.sh changepass
You may either specify passwords or use random passwords.
If you choose to use a random password, only WebLogic, the Oracle VM Manager,
and this application will have access to the information stored in this
keystore.
Use random passwords? [yes] no
Change CA Keystore and Key passwords? [yes] no
38
Chapter 3 Administering Oracle VM Manager
Administering Oracle VM Manager involves creating, deleting, and working with user accounts, modifying
database schema, rotating log files, and capturing diagnostic information for troubleshooting.
The Oracle VM Manager Administrator Tool provides you with the ability to perform various user
management functions directly from the command line. By default, the Oracle VM Manager installation
process only creates and configures a single Oracle VM Manager administrative user. While this is often
sufficient for many customers, creating separate administrative user accounts may be useful for security
and auditing purposes.
The Oracle VM Manager Administrator Tool is installed as part of the default Oracle VM Manager
installation process. The full path to the Oracle VM Manager Administrator Tool is:
/u01/app/oracle/ovm-manager-3/bin/ovm_admin
Syntax
ovm_admin [ --help ] [ --createuser ] [ --deleteuser admin ] [ --listusers ] [ --
modifyuser ] [ --modifyds ] [ --listds ] [ --lockusers tries ] [ --unlockuser
admin ] [ --listconfig ] [ --rotatelogsdaily HH:MM ] [ --rotatelogsbysize KB ] [ --
updatemysqlroot ]
Options
The following table shows the available options for this command.
Option Description
--help Display the ovm_admin command parameters and options.
--listconfig Displays Oracle VM Manager configuration details.
--listusers List the Oracle VM Manager users.
39
Listing Users
Option Description
For an example of how to change a user's password, see
Section 3.1.4, “Changing User Passwords”.
--lockusers tries Set the maximum login tries before locking accounts. This
setting is global.
The tool prompts you for the Oracle WebLogic Server password and returns output similar to the following:
40
Creating Users
/u01/app/oracle/ovm-manager-3/ovm_wlst
Location changed to serverRuntime tree. This is a read-only tree with DomainMBean as the root.
For more help, use help('domainConfig')
Some users stored within Oracle WebLogic Server are critical to your Oracle VM Manager environment,
such as the following:
• OracleSystemUser: Used by Oracle Web Services Manager (OWSM). OWSM is part of the standard
Oracle Fusion Middleware (FMW) Infrastructure, that includes ADF.
The default admin user account is also typically listed. Any other user accounts listed, such as the
ovmuser account, have been added to the system after installation.
For more information about default user accounts, see Section 4.1, “Default Oracle VM Manager Users”.
/u01/app/oracle/ovm-manager-3/ovm_wlst
At this point you must enter the password for the Oracle WebLogic Server. If you have not changed the
Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM
Manager admin user's password.
Please enter the username: ovmuser
Please enter a new password for ovmuser, this password
must be at least 8 characters long and must contain at least one non-alphabetic character:
Please re-enter the password:
41
Deleting Users
Location changed to serverRuntime tree. This is a read-only tree with DomainMBean as the root.
For more help, use help('domainConfig')
Note
You are prompted for the Oracle WebLogic Server password. This is the password for the Oracle
WebLogic Server as it was set up during installation. If you have not changed the Oracle VM Manager
admin user's password, this password is usually the same as your default Oracle VM Manager admin
user's password. Typical output is presented below:
Oracle VM Manager Release version Admin tool
/u01/app/oracle/ovm-manager-3/ovm_wlst
Location changed to serverRuntime tree. This is a read-only tree with DomainMBean as the root.
For more help, use help('domainConfig')
Important
Some users stored within Oracle WebLogic Server are critical to your Oracle VM
Manager environment. Do not attempt to delete either of the following users:
• OracleSystemUser
• weblogic
You should also keep the default admin user account so that there is always at
least one administrative account that can access Oracle VM Manager.
42
Configure Account Locking
/u01/app/oracle/ovm-manager-3/ovm_wlst
At this point you must enter the password for the Oracle WebLogic Server. If you have not changed the
Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM
Manager admin user's password.
Note
You must provide the user's current password to modify the user account.
If you need to reset an account due to a lost password, you should first delete the
user account and then create a new account.
Note
Location changed to serverRuntime tree. This is a read-only tree with DomainMBean as the root.
For more help, use help('domainConfig')
Note
To change the lock period, you must edit the Oracle WebLogic Server configuration.
For more information on configuring the Oracle WebLogic Server lockout
parameters, refer to the appropriate Oracle WebLogic Server documentation.
43
Unlocking User Accounts
Important
This is a global parameter that applies to all users. Setting this parameter on an
instance of Oracle VM Manager that makes use of a single administrator account
can result in this account being locked for 30 minutes before anybody can use it
again. To recover from this is it is possible to unlock the account. See Section 3.1.6,
“Unlocking User Accounts”.
You are prompted to enter the Oracle WebLogic Server password in order to apply this setting. Typical
output from the command follows:
/u01/app/oracle/ovm-manager-3/ovm_wlst
Activation completed
You must restart Oracle VM Manager for the changes to the account locking facility to take effect, as
follows:
44
Listing Data Sources
You can override the 30 minute lock on an account with the following command:
You are prompted for the Oracle WebLogic Server account password in order to complete the operation.
Obtain a list of data sources that Oracle VM Manager uses with the following command:
# ./ovm_admin --listds
//u01/app/oracle/ovm-manager-3/ovm_wlst
At this point you must enter the password for the Oracle WebLogic Server. If you have not changed the
Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM
Manager admin user's password.
The tool prompts you to enter the MySQL user that should be used to query the database and then
provides output similar to the following:
45
Modifying the Oracle VM Manager Database Schema
has been changed directly within MySQL, without using any of the tools provided with Oracle VM. An
alternative use case would be where the Oracle VM Manager database has been renamed within MySQL.
The --modifyds option is used to update Oracle VM Manager for changes made directly to the MySQL
database:
# ./ovm_admin --modifyds
The tool prompts you for the Oracle VM Manager database schema password and the Oracle WebLogic
Server password, and returns output similar to the following:
Oracle VM Manager Release version Admin tool
/u01/app/oracle/ovm-manager-3/ovm_wlst
At this point you must enter the password for the Oracle WebLogic Server. If you have not changed the
Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM
Manager admin user's password.
Please enter the name of a MySQL user: [appfw, ovs] ovs
Please enter the password for MySQL user ovs:
Please enter the new password for ovs user:
Please re-enter the password:
Location changed to edit tree. This is a writable tree with
DomainMBean as the root. To make changes you will need to start
an edit session via startEdit().
......
The following non-dynamic attribute(s) have been changed on MBeans
that require server re-start:
MBean Changed : com.bea:Name=ovm-odof-ds,
Type=weblogic.j2ee.descriptor.wl.JDBCDriverParamsBean,Parent=[ovm_domain]
/JDBCSystemResources[ovm-odof-ds],Path=JDBCResource[ovm-odof-ds]/JDBCDriverParams
Attributes changed : PasswordEncrypted
Activation completed
Note that there is a second database schema, usually named appfw, that is also used by Oracle VM
Manager. If the password for this database has also been changed, then the same command must be run
again, as follows:
Oracle VM Manager Release version Admin tool
/u01/app/oracle/ovm-manager-3/ovm_wlst
46
Rotating Log Files
At this point you must enter the password for the Oracle WebLogic Server. If you have not changed the
Oracle VM Manager admin user's password, this password is usually the same as your default Oracle VM
Manager admin user's password.
Please enter the name of a MySQL user: [appfw, ovs] appfw
Please enter the password for MySQL user appfw:
Please enter the new password for appfw user:
Please re-enter the password:
Location changed to edit tree. This is a writable tree with
DomainMBean as the root. To make changes you will need to start
an edit session via startEdit().
......
The following non-dynamic attribute(s) have been changed on MBeans
that require server re-start:
MBean Changed : com.bea:Name=ovm-qrtz-ds,
Type=weblogic.j2ee.descriptor.wl.JDBCDriverParamsBean,Parent=[ovm_domain]
/JDBCSystemResources[ovm-qrtz-ds],Path=JDBCResource[ovm-qrtz-ds]/JDBCDriverParams
Attributes changed : PasswordEncrypted
Activation completed
When you have finished running this command, you must restart Oracle VM Manager as follows:
# service ovmm restart
# service ovmcli restart
• --rotatelogsbysize: Set the logs to be rotated when they reach a specified size.
In both cases, you are prompted for the Oracle WebLogic Server password to update the configuration.
47
Changing the Password for the MySQL Root User
Connected ...
Configure log rotation setting to rotate daily at [00:30] ...
Modified log rotation setting successfully ...
Exiting...
The size provided is specified according to the number of kilobytes before rotation.
Connected ...
Configure log rotation setting to rotate the logs based on size ([1024] KB) ...
Modified log rotation setting successfully ...
Exiting...
Important
48
Changing the Password for the MySQL Root User
VM Manager Administrator Tool and then manually change the password in the
database.
1. Run the Oracle VM Manager Administrator Tool with the --updatemysqlroot option.
# ./ovm_admin --updatemysqlroot
2. Enter the password for the Oracle WebLogic Server. If you have not changed the Oracle VM Manager
admin user's password, this password is usually the same as your default Oracle VM Manager admin
user's password.
The Oracle VM Manager Administrator Tool prompts you with the following:
Please enter the current password for MySQL user root:
The Oracle VM Manager Administrator Tool prompts you with the following:
Please enter the new password for MySQL user root:
Please re-enter the password:
4. Enter the new password for the MySQL root user and then confirm the password.
6. Manually change the password in the database so that it matches the password that you set with the
Oracle VM Manager Administrator Tool, as follows:
b. When prompted, enter the previous password for the root user, not the new password that you set
with the Oracle VM Manager Administrator Tool.
49
Working with the MySQL Instance
e. Flush privileges.
$ mysql> flush privileges;
To start, stop, restart and obtain the status of the MySQL server, you can use the /etc/init.d/
ovmm_mysql init script as follows:
# /etc/init.d/ovmm_mysql restart
Warning
Editing the configuration file might break your Oracle VM Manager installation. Do
not edit the configuration file unless an Oracle Support representative instructs you
to do so.
50
Chapter 4 Managing Oracle VM Manager Authentication
Managing Oracle VM Manager authentication includes changing the password for the administration user,
restricting user authentication to specific groups, and configuring LDAP and Active Directory authentication
providers.
User Description
admin Oracle VM Manager user
This user is created with a randomly generated 128 character password that
consists of mixed case letters, digits, and special characters. The password is
used only once to register an SSL client certificate that the Oracle VM Manager
Web Interface uses to connect to the Oracle VM Web Services API.
To change the password for this user account, use the Oracle WebLogic
Server Administration Console.
Note
51
Changing the Oracle VM Manager User Password
User Description
• You must not delete this user account. Deleting the
user account breaks the internal connection between
the Oracle VM Manager Web Interface and the
Oracle VM Web Services API and requires you to re-
install Oracle VM Manager.
Related Information.
• For details about the Oracle VM Manager Administrator Tool, see Section 3.1, “Oracle VM Manager
Administrator Tool (ovm_admin)”.
• For an example of how to change passwords with the Oracle VM Manager Administrator Tool, see
Section 3.1.4, “Changing User Passwords”.
• For instructions on changing the Oracle VM Manager user password, see Section 3.1.4, “Changing User
Passwords”.
• For details about changing user passwords in the Oracle WebLogic Server Administration Console,
navigate to the Modify users topic in the Oracle WebLogic Server online help.
To change the password for the Oracle VM Manager user, do the following:
1. Start an ssh session to the Oracle VM Manager host computer as the root user.
This procedure involves using the Oracle VM Manager Administrator Tool to modify the user password.
Refer to Section 3.1, “Oracle VM Manager Administrator Tool (ovm_admin)” for more information about
the Administrator Tool. For an example of changing user passwords, see Section 3.1.4, “Changing User
Passwords”.
52
Enabling LDAP and Active Directory Authentication
3. Specify the Oracle WebLogic Server user group that can authenticate to Oracle VM Manager as the
value for the AUTHORIZED_GROUPS entry.
Enclose the value in double quotes and use a comma to separate multiple values, for example:
AUTHORIZED_GROUPS="group1,group2,group3"
Only users who belong to the groups that you specify can authenticate to Oracle VM Manager. If the
AUTHORIZED_GROUPS entry does not exist, or has no value, then all Oracle WebLogic Server users can
authenticate to Oracle VM Manager.
For more information about working with users and groups, navigate to the Manage users and groups topic
in the Oracle WebLogic Server online help.
To configure Oracle VM Manager to authenticate against an LDAP or Active Directory service, you must
add the directory service as an authentication provider in Oracle WebLogic Server, as follows:
Note
The Oracle VM Manager upgrade process does not save and restore any
configurations you create for external authentication providers. If you enable LDAP
or Active Directory authentication and then upgrade Oracle VM Manager, you must
complete the following steps after the upgrade to re-enable authentication.
https://hostname:7002/console
4. From the Domain Structure pane, select Security Realms, and then select myrealm.
5. Select the Providers tab and locate the Authentication Providers table.
7. Specify a name for the authentication provider, select LDAPAuthenticator as the type of
authentication provider, and then click OK.
8. Change the authentication sequence so that the LDAP authentication provider takes priority over other
authentication providers.
53
Enabling LDAP and Active Directory Authentication
b. Move the LDAP authentication provider to the top of the list and then click OK.
9. Select the LDAP authentication provider you created from the Authentication Providers table.
10. On the Common tab, select SUFFICIENT as the value for Control Flag and then click Save.
11. Select the Provider Specific tab, configure the authentication provider as appropriate, and then click
Save.
Verify that the LDAP authenticator is configured and that the LDAP users and groups are populated in
Oracle WebLogic Server, as follows:
2. From the Domain Structure pane, select Security Realms, and then select myrealm.
4. Verify that the LDAP users and groups are populated as appropriate.
54
Chapter 5 Monitoring Oracle VM Server with SNMP
Oracle VM Server provides support for Simple Network Management Protocol (SNMP) monitoring. Find out
what SNMP applications are installed by default and learn how to get started with SNMP.
Package Description
net-snmp SNMP agent daemon and documentation.
net-snmp-libs Runtime libraries and management information bases (MIBs).
net-snmp-utils Network management utilities such as snmpget and snmpwalk.
ovs-snmp SNMP shared object module that lets you monitor Oracle VM Server.
Note
55
Enabling the SNMP Service
Note
From a high level, the steps to add the ovs-snmp shared object module to snmpd.conf are as follows:
Tip
To enable the SNMP service, you can start it manually by issuing the following command:
# service snmpd start
To enable the SNMP service permanently, you can issue the following command:
# chkconfig --level 2345 snmpd on
Note
The Oracle VM Server MIB does not define any SNMP traps. You should start the
snmptrapd service only if you require it for other purposes.
56
How to Retrieve MIB Objects
This section provides examples for demonstration purposes only. You should refer to the manpages for
NET-SNMP applications or the appropriate documentation for your NMS to determine how you should
retrieve MIB objects to suit your business needs.
Note
• Assume that you have configured the public community for read access.
• Use a lower security level, SNMP v2c, for access. You should configure SNMP
v3 to ensure that you restrict access control to authorized users. Refer to the
appropriate documentation for information on access control and security levels
as well as instructions on configuring SNMP v3.
Tip
If the last line of the output contains No more variables left in this MIB
View (It is past the end of the MIB tree), then you might not have
read access rights in snmpd.conf. To resolve this issue, you can temporarily add
rocommunity public to the start of /etc/snmp/snmpd.conf to allow read
access from all computers on the network.
The following example uses the snmpwalk application to return values for all objects in the MIB tree:
# snmpwalk -v2c -c public localhost
SNMPv2-MIB::sysDescr.0 = STRING: Linux FQDN 3.8.13-68.2.2.el6uek.x86_64
#2 SMP time_stamp x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2654) 0:00:26.54
SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost>
(configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: FQDN
SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (18) 0:00:00.18
SNMPv2-MIB::sysORID.1 = OID: SNMP-MPD-MIB::snmpMPDMIBObjects.3.1.1
SNMPv2-MIB::sysORID.2 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORDescr.1 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.3 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.8 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (17) 0:00:00.17
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (17) 0:00:00.17
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (17) 0:00:00.17
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (17) 0:00:00.17
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (18) 0:00:00.18
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (18) 0:00:00.18
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (18) 0:00:00.18
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (18) 0:00:00.18
....
The following example uses the snmpwalk application to load ORACLE-OVS-MIB and return values for
objects in the Oracle VM Server MIB tree:
57
How to Retrieve MIB Objects
The following example uses the snmptable application to retrieve the running virtual machines on Oracle
VM Server from the ORACLE-OVS-MIB::vmTable SNMP table:
Note
vmIndex vmType
0 0004fb00000600002eb4165c672efe28
1 0004fb0000060000959d078c46ec4268
2 Domain-0
58
Chapter 6 Updating Oracle VM Server with Oracle Ksplice
Oracle VM Premier Support customers can use Oracle Ksplice to update Oracle VM Server with kernel,
Xen, and user space patches. Oracle Ksplice allows you to apply security updates and bug fixes for your
systems' kernel, the hypervisor, and certain user space libraries without having to schedule downtime and
reboot machines.
Ksplice is freely available for Oracle customers who subscribe to Oracle Linux Premier Support, and to
Oracle Cloud Infrastructure services. If you are an Oracle Linux Basic, Basic Limited, or Network Support
subscriber, contact your sales representatives to discuss a potential upgrade of your subscription to a
Premier Support plan.
Regular updates to the Oracle VM Servers are performed through Oracle VM Manager. However, the
execution of Ksplice operations has not been integrated into Oracle VM Manager. Part of the Ksplice
setup, such as configuring Server Update Repositories, does occur through Oracle VM Manager. Please
review and understand the steps below before proceeding.
This chapter explains how to access the appropriate channels on ULN (Unbreakable Linux Network), set
up the Ksplice client, and install Ksplice updates and patches on your Oracle VM Servers.
With Oracle Ksplice, however, systems can be updated without rebooting. As a result, access to services
and applications is not interrupted, and your systems remain secure and up to date. Oracle Ksplice
downloads patch updates from Oracle and applies these patches directly to running processes in memory.
This provides an update to the running process without requiring it to restart. After this has been done, the
package containing the binary update can be updated using the Unbreakable Linux Network (ULN) so that
if the process is restarted later, the update is already applied.
Oracle Ksplice is available to customers with an Oracle Premier Support account, who have registered
their systems with ULN. For additional information, refer to the Oracle Linux Ksplice User's Guide.
Warning
Use the Oracle Linux Ksplice User's Guide only as a reference for comprehensive
background information about what Ksplice is and how it works. The instructions
apply to generic Oracle Linux installations, while the procedures described in this
Oracle VM Administrator's Guide contain different steps specific to Oracle VM
Server. Use only the procedures in this Oracle VM Administrator's Guide to install
and configure Ksplice for Oracle VM Server."
Ksplice updates are applied using a client application. Because Oracle VM Server takes advantage of
user space updates as well as kernel updates, it requires the Ksplice Enhanced Client. Do not use the
Ksplice Uptrack Client on Oracle VM Server. For additional information, refer to Working With the Ksplice
Enhanced Client in the Oracle Linux Ksplice User's Guide.
59
Prerequisites for Ksplice on Oracle VM Server
Ksplice is available for Oracle Premier Support customers. You require a valid
Customer Support Identifier (CSI) to be able to install and use Ksplice for Oracle
VM Server.
Starting with release 3.4.5 (build 1919), Oracle VM Server can use Ksplice to update the Xen hypervisor,
the kernel and any user space packages. If your servers are running an earlier version of Oracle VM
Server, you must upgrade and reboot first. To qualify for hypervisor patching, the servers must be running
Xen 4.4.4-196 or newer.
To make sure that your servers meet the prerequisites for Ksplice, run the following checks:
2. From the Oracle Linux command line, check the current version of Oracle VM Server. It must be
release 3.4.5 build 1919 or newer.
# cat /etc/ovs-info | head -n 4
OVS summary
release: 3.4.5
date: 201805301526
build: 1919
3. From the Oracle Linux command line, check the current version of Xen. It must be version 4.4.4-196 or
newer.
# rpm -qa | grep "xen.*4.4.4"
xen-4.4.4-196.el6.x86_64
xen-tools-4.4.4-196.el6.x86_64
4. If the current versions of Oracle VM Server or Xen do not meet the minimum requirements, upgrade to
the latest version of Oracle VM 3.4 before proceeding.
5. Repeat these steps on all Oracle VM Servers with which you intend to use Ksplice.
The packages that are required to use Ksplice are hosted on ULN. However, because Oracle VM Server
does not provide the tools that are required for ULN registration, it cannot connect to ULN by using Internet
access. To install the required packages you must set up a local ULN Mirror that Oracle VM Servers can
use to obtain the packages.
Note
Because Ksplice updates are cumulative, you can configure your local ULN mirror
to store only the latest packages, which can improve synchronization time and
storage requirements dramatically. To ensure that your local ULN mirror stores only
the latest packages, edit the /etc/sysconfig/uln-yum-mirror file and set
the ALL_PKGS parameter to 0 (ALL_PKGS=0). For more information, refer to ULN
Mirror Configuration in the Oracle Linux Ksplice User's Guide.
The ULN Mirror can also be used to provide access to the most recent package updates so that patches
can also be applied to on-disk binaries, as well as the processes that are patched in-memory by Ksplice.
60
Configuring Yum for Oracle Ksplice
The system hosting the mirrored ULN channels requires ULN registration and should be installed on a
standard Oracle Linux 6 or Oracle Linux 7 host. You can install the ULN mirror on the same host as Oracle
VM Manager.
Generic instructions to set up a local ULN mirror, and also configure it as a Ksplice mirror, are available in
the following documentation resources:
When registering the system to be configured as ULN mirror, you must subscribe to the channels listed
below, and make sure that the mirror provides the Oracle VM Servers access to those mirrored channels.
• Ksplice client and user space updates for Oracle VM (x86_64): ovm34_x86_64_ksplice
The instructions in this section are based on the Oracle VM Manager Command Line Interface. For
background information, usage instructions, and the command reference, consult the Oracle VM Manager
Command Line Interface User's Guide.
2. Verify that you are running Oracle VM Manager release 3.4.5 (build 1919) or newer.
OVM> showversion
3.4.5.1919
3. Discover any Oracle VM Servers that have not yet been discovered with which you intend to use
Ksplice, and take ownership of them.
The example shows the CLI command and output using ovmsvr01. Execute this command for each of
your servers, using either the fully qualified domain name or IP address.
Note
61
Configuring Yum for Oracle Ksplice
JobId: 1528080367491
• uln_mirror_ovm34_x86_64_latest
• uln_mirror_ovm34_x86_64_ksplice
• uln_mirror_ol6_x86_64_ksplice
Note
62
Installing the Ksplice Enhanced Client
b. From the Oracle Linux command line, check the content of the directory /etc/yum.repos.d.
# cat /etc/yum.repos.d/ovm.repo
[uln_mirror_ovm34_x86_64_latest]
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck = 1
baseurl = http://ulnmirror.example.com/yum/OracleVM/OVM34/latest/$basearch/
name = uln_mirror_ovm34_x86_64_latest
enabled = 1
[uln_mirror_ovm34_x86_64_ksplice]
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck = 1
baseurl = http://ulnmirror.example.com/yum/OracleVM/OVM34/ksplice/$basearch/
name = uln_mirror_ovm34_x86_64_ksplice
enabled = 1
[uln_mirror_ol6_x86_64_ksplice]
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck = 1
baseurl = http://ulnmirror.example.com/yum/OracleLinux/OL6/ksplice/x86_64/
name = uln_mirror_ol6_x86_64_ksplice
enabled = 1
c. Run this check on all Oracle VM Servers with which you intend to use Ksplice.
The Ksplice Enhanced Client requires a direct connection to the Internet, so that it is able to connect to the
Oracle Ksplice update server at https://updates-ksplice.oracle.com/uptrack. If your Oracle VM Servers are
unable to connect directly to the Internet or your security policy restricts access, you can consider using an
offline version of the client to apply updates from your locally configured ULN mirror. See Using the Ksplice
Offline Enhanced Client for more information.
Since the Ksplice Enhanced Client package and its dependencies are only available on ULN and ULN
registration is not possible on current versions of Oracle VM Server, the Oracle VM Servers on which you
install the Ksplice Enhanced Client must have access to a host that is running a local ULN mirror, and to
the ULN channels residing on that mirror. See Section 6.3, “Accessing ULN Channels” and Section 6.4,
“Configuring Yum for Oracle Ksplice” for more information.
If you have configured a ULN Mirror and set up your yum configuration within Oracle VM Manager
according to the instructions provided at Section 6.4, “Configuring Yum for Oracle Ksplice”, the Ksplice
Enhanced Client and Ksplice-aware user space packages for Oracle VM Server are available in the ULN
channel uln_mirror_ovm34_x86_64_ksplice.
2. Revert all prelinked binaries and dependent libraries to their original state, then use the yum command
to remove the prelink package.
63
Installing the Ksplice Enhanced Client
# prelink -au
# yum remove -y prelink
===========================================================================================================
Package Arch Version Repository S
===========================================================================================================
Installing:
ksplice x86_64 1.0.32-1.el6 uln_mirror_ovm34_x86_64_ksplice 5.
Installing for dependencies:
boost-filesystem x86_64 1.41.0-28.el6 uln_mirror_ovm34_x86_64_latest 4
boost-python x86_64 1.41.0-28.el6 uln_mirror_ovm34_x86_64_latest 12
boost-regex x86_64 1.41.0-28.el6 uln_mirror_ovm34_x86_64_latest 47
ksplice-core0 x86_64 1.0.32-1.el6 uln_mirror_ovm34_x86_64_ksplice 25
ksplice-tools x86_64 1.0.32-1.el6 uln_mirror_ovm34_x86_64_ksplice 10
uptrack noarch 1.2.47-0.el6 uln_mirror_ovm34_x86_64_ksplice 50
uptrack-PyYAML x86_64 3.08-4.el6 uln_mirror_ovm34_x86_64_ksplice 14
uptrack-libyaml x86_64 0.1.3-1.el6 uln_mirror_ovm34_x86_64_ksplice 4
Transaction Summary
===========================================================================================================
Install 9 Package(s)
Dependency Installed:
boost-filesystem.x86_64 0:1.41.0-28.el6 boost-python.x86_64 0:1.41.0-28.el6
boost-regex.x86_64 0:1.41.0-28.el6 ksplice-core0.x86_64 0:1.0.32-1.el6
ksplice-tools.x86_64 0:1.0.30-1.el6 uptrack.noarch 0:1.2.47-0.el6
uptrack-PyYAML.x86_64 0:3.08-4.el6 uptrack-libyaml.x86_64 0:0.1.3-1.el6
Complete!
4. Edit /etc/uptrack/uptrack.conf to provide the client with the label of the local user space
channel. If you followed the instructions in Section 6.4, “Configuring Yum for Oracle Ksplice” the
channel should have the label uln_mirror_ovm34_x86_64_ksplice. Edit the file to include the
lines:
[User]
64
Using the Ksplice Offline Enhanced Client
yum_userspace_ksplice_repo_name = uln_mirror_ovm34_x86_64_ksplice
Also edit to add any other required configuration options. For example, to enable automatic installation
updates, change the autoinstall option from no to yes:
autoinstall = yes
For more information on these options, see Configuring a Ksplice Client in the Oracle Linux Ksplice
User's Guide at https://docs.oracle.com/cd/E37670_01/E39380/html/ol_ksplice_config.html.
Note that some options, such as upgrade_on_reboot may not apply to user space packages.
5. Update the system to install the Ksplice-aware versions of user space libraries. For example:
# yum update
6. Reboot the system so that it uses the new user space libraries.
# reboot
At regular intervals, you download the latest Ksplice update packages for your systems, and update your
local ULN mirror. Once the Ksplice Offline Enhanced Client is installed on your Oracle VM Servers, they
can connect to the local ULN mirror to retrieve updates.
The disadvantages of using the offline client include the delay after a patch becomes available and the
requirement to manage and refresh the ULN mirror. However, since the ULN mirror must be maintained to
apply on-disk binary updates for the Ksplice packages and other patch updates, this may be the preferred
approach. Although there is a delay in patching, this delay also offers some further assurance of stability
and further testing.
For installation, configuration, and usage instructions, refer to Installing and Configuring the Ksplice Offline
Enhanced Client in the Oracle Linux Ksplice User's Guide. Note that the instructions provided in the Oracle
Linux Ksplice User's Guide are generic Oracle Linux instructions.
Caution
If you want to switch between the online and offline version of the Ksplice Enhanced
Client, you must first remove the installed Ksplice client software, and then install
the new Ksplice client version. For example, to switch from the online client to the
offline client, run the following commands:
# yum remove ksplice
# yum install ksplice-offline
1. Configure the ULN mirror as described in Section 6.3, “Accessing ULN Channels”
2. Configure the required yum repositories within Oracle VM Manager, as described in Section 6.4,
“Configuring Yum for Oracle Ksplice”.
65
Installing Oracle Ksplice Updates on Oracle VM Server
5. On each Oracle VM Server, edit the /etc/uptrack/uptrack.conf file to provide the client with the
label of the local user space channel. If you followed the instructions in Section 6.4, “Configuring Yum
for Oracle Ksplice” the channel should have the label uln_mirror_ovm34_x86_64_ksplice. Edit
the file to include the lines:
[User]
yum_userspace_ksplice_repo_name = uln_mirror_ovm34_x86_64_ksplice
Also edit to add any other required configuration options. For example, to enable automatic installation
updates, change the autoinstall option from no to yes:
autoinstall = yes
For more information on these options, see Configuring a Ksplice Client in the Oracle Linux Ksplice
User's Guide at https://docs.oracle.com/cd/E37670_01/E39380/html/ol_ksplice_config.html.
Note that some options, such as upgrade_on_reboot may not apply to user space packages.
6. To install offline update packages, you must install the relevant packages for your system. When
installing offline update packages you must specify the release in the command. For example, if you
are installing the offline updates package for the Xen hypervisor, specify the release in the command as
follows.
# yum install ksplice-updates-xen-$RELEASE
where $RELEASE is the update package that corresponds to the version of the hypervisor that is
currently running, as shown in this example:
# yum install ksplice-updates-xen-4.4.4-196.0.10.el6
7. From this point, the Ksplice Offline Enhanced Client behaves similarly to the standard online version of
the Ksplice Enhanced Client.
To display the running user space, kernel and xen processes that the client can patch, use the ksplice
all list-targets command. For each Ksplice-aware library, the command reports the running
processes that would be affected by an update.
# ksplice all list-targets
User-space targets:
glibc-libpthread-2.12.1.209.0.3.ksplice1.el6_9.2:
- multipathd (1582)
- auditd (2077)
- rsyslogd (2111)
66
Installing Oracle Ksplice Updates on Oracle VM Server
- rpcbind (2155)
[...]
glibc-libutil-2.12.1.209.0.3.ksplice1.el6_9.2:
- sshd (2447)
- xenconsoled (2533)
- qemu-system-i38 (2537)
- xend (2844)
[...]
xen-tools-tools_xenstore_xenstored-4.4.4.155.0.27.ksplice1.el6:
- xenstored (2526)
xen-tools-tools_console_xenconsoled-4.4.4.155.0.27.ksplice1.el6:
- xenconsoled (2533)
glibc-libm-2.12.1.209.0.3.ksplice1.el6_9.2:
- multipathd (1582)
- auditd (2077)
- irqbalance (2126)
- cupsd (2323)
- ntpd (2460)
[...]
glibc-libnss_dns-2.12.1.209.0.3.ksplice1.el6_9.2:
- ntpd (2460)
- sshd (3975)
- sshd (11292)
xen-tools-tools_libxc_libxenctrl.so.4.4.0-4.4.4.155.0.27.ksplice1.el6:
- xenstored (2526)
- xenconsoled (2533)
- qemu-system-i38 (2537)
- xend (2844)
[...]
openssl-libssl-1.0.1e.57.0.1.ksplice1.el6:
- qemu-system-i38 (2537)
- master (2706)
- pickup (2736)
- qmgr (2737)
- xend (2844)
[...]
xen-tools-tools_xenstore_libxenstore.so.3.0.3-4.4.4.155.0.27.ksplice1.el6:
- xenconsoled (2533)
- qemu-system-i38 (2537)
- xend (2844)
[...]
To display the updates that are available for installation, use the ksplice all show --available
command. If you want to restrict the scope of the command to a particular category, use these alternatives
instead:
67
Installing Oracle Ksplice Updates on Oracle VM Server
To install the available Ksplice updates, use the ksplice -y all upgrade command. If you want to
restrict the scope of the command to a particular category, use these alternatives instead:
==============================================================================================================
Package Arch Version Repository S
==============================================================================================================
Updating:
glibc i686 2:2.12-1.209.0.3.ksplice1.el6_9.2 uln_mirror_ovm34_x86_64_ksplice 4
glibc x86_64 2:2.12-1.209.0.3.ksplice1.el6_9.2 uln_mirror_ovm34_x86_64_ksplice 3
glibc-common x86_64 2:2.12-1.209.0.3.ksplice1.el6_9.2 uln_mirror_ovm34_x86_64_ksplice
glibc-devel x86_64 2:2.12-1.209.0.3.ksplice1.el6_9.2 uln_mirror_ovm34_x86_64_ksplice 9
glibc-headers x86_64 2:2.12-1.209.0.3.ksplice1.el6_9.2 uln_mirror_ovm34_x86_64_ksplice 6
nscd x86_64 2:2.12-1.209.0.3.ksplice1.el6_9.2 uln_mirror_ovm34_x86_64_ksplice 2
openssl x86_64 2:1.0.1e-57.0.1.ksplice1.el6 uln_mirror_ovm34_x86_64_ksplice 1
xen-tools x86_64 2:4.4.4-155.0.27.ksplice1.el6 uln_mirror_ovm34_x86_64_ksplice 8
Installing for dependencies:
ksplice-helper x86_64 1.0.32-1.el6 uln_mirror_ovm34_x86_64_ksplice
Transaction Summary
==============================================================================================================
Install 1 Package(s)
Upgrade 8 Package(s)
68
Installing Oracle Ksplice Updates on Oracle VM Server
To display the updates that have been applied to the system, use the ksplice all show command.
If you want to restrict the scope of the command to a particular category, specify user, kernel or xen
instead of all.
# ksplice all show
Note
After Ksplice has applied updates to a running kernel, the kernel has an effective
version that is different from the original boot version displayed by the uname -
a command. Use the ksplice kernel uname -r command to display the
effective version of the kernel.
To remove Ksplice updates from the system, use the remove subcommand. You can choose to remove
Ksplice updates for the category user, kernel or xen.
# ksplice -y xen remove --all
The following steps will be taken:
Remove [d71xqwov]: update.
Remove [ion5usqz]: update 3.
Remove [0323dejx]: update 2.
100% |############################################################################################|
Done!
For more information about using the ksplice command, see the ksplice(8) manual page.
69
70
Chapter 7 Provisioning ISO Files for PVM Guest Installations
Important
As of Oracle VM Release 3.4.6, support for PVM guests is removed. For more
information, Section 1.5, “Disabling Paravirtualized Guests on Oracle VM Server”.
When you create a PVM guest from an ISO file, you cannot use an ISO file from a repository to install the
operating system. Oracle VM requires that the ISO file is mounted so that its internal file system contents
are available during the installation of the operating system for a PVM guest. The mounted ISO file can
be made available via an NFS, HTTP or FTP server. The following examples show how to create and use
mounted ISO files on an NFS share, and on an HTTP server.
This example creates an installation tree for paravirtualized guest by mounting an ISO file. The installation
tree is made available via an NFS share. On the NFS server, enter
# mkdir -p /isos/EL5u6-x86_64
# mount -o ro,loop /path/Enterprise-R5-U6-Server-x86_64-dvd.iso /isos/EL5u6-x86_64
# exportfs *:/isos/EL5u6-x86_64/
When you create the virtual machine using the Oracle VM Manager Web Interface, enter the installation
location in the Network Boot Path field in the Create Virtual Machine wizard as:
nfs:example.com:/isos/EL5u6-x86_64
This example creates an installation tree from an ISO file that can be accessed via HTTP. On the HTTP
server, enter
# cd /var/www/html
# mkdir EL5u6-x86_64
# mount -o ro,loop /path/Enterprise-R5-U6-Server-x86_64-dvd.iso EL5u6-x86_64
When you create the virtual machine using the Oracle VM Manager Web Interface, enter the installation
location in the Network Boot Path field in the Create Virtual Machine wizard as:
http://example.com/EL5u6-x86_64
Tip
If you have multiple ISO files, you can mount each ISO file and copy the contents
into a single directory. All the ISO files are then available from the same location.
71
72
Chapter 8 Installing and Using the Oracle VM Guest Additions
The Oracle VM Guest Additions allow bi-directional communication between Oracle VM Manager and the
guest operating system of a virtual machine running in the Oracle VM environment. The Oracle VM Guest
Additions provide fine-grained control over the configuration and behavior of components running within
the virtual machine directly from Oracle VM Manager.
• Send key-value pairs to a virtual machine, or guest, and to retrieve messages from the guest.
• More easily get information about virtual machines within Oracle VM Manager, such as reporting on IP
addressing.
• Use the template configuration facility to automatically configure virtual machines as they are first
started.
• Trigger programmed events by sending messages directly to a virtual machine from Oracle VM
Manager.
The following table lists the packages for the Oracle VM Guest Additions:
73
Microsoft Windows Guests
• ovmsvc: the service that receives and sends events and messages
vmapi.dll
The vmapi.dll exposes interfaces to functions for communication between Windows applications and
the xenpci driver in the Windows guest operating system. Applications load this library and call the
exported functions to access xenpci. Normally device I/O controls (IOCTLs) are used to communicate
with the xenpci driver. The following table shows function names and their descriptions:
Function Description
OVMAPI_Register initializes OVMAPI and optionally registers a callback
OVMAPI_ParamGetValue retrieves name-value pairs stored within the OVMAPI engine
OVMAPI_ParamSetValue creates or modifies a name-value pair
OVMAPI_Subscribe receives particular events in the application registered event handler
74
Microsoft Windows Guests
Function Description
OVMAPI_UnSubscribe blocks particular events in the application registered event handler
OVMAPI_EventComplete completes the event with a finalizing status code at a later time
OVMAPI_ParamGetValueSize retrieves the size, in bytes, of a parameter value
OVMAPI_GetSessionFileDescriptors retrieves the internal file descriptor for use in making special calls to
the driver
OVMAPI_UserEventPublish sends application-specific events to the management server and to
other OVMAPI-enabled applications running on the same VM
OVMAPI_ParamGetAllNames browses for existing parameters that may be of interest to the
application
OVMAPI_ParamGetCount retrieves the number of existing parameters
OVMAPI_UnRegister terminates OVMAPI usage
ovmsvc
The ovmsvc service starts automatically by default when the Windows VM is booted. The command to
install or uninstall this service is ovmsvc install or ovmsvc uninstall respectively. The ovmsvc
service monitors messages sent from Oracle VM Manager, and sends Windows VM specific information,
such as the operating system version and the VM's IP address. It uses the vmapi.dll to implement
communication between the Windows guest and Oracle VM Manager. The following figure shows ovmsvc
running inside a Windows VM.
When ovmsvc is started, it opens the xenpci device and registers a callback function where messages
are processed. A thread is created to monitor events corresponding with vmapi messages. The current
callback function of ovmsvc processes VM shutdown messages; other messages, for example "snapshot",
could be implemented as additional features.
xenpci
Applications exchanging messages with Oracle VM Manager use the xenpci driver, which implements
several IOCTLs to process messages. The xenpci driver directly accesses xenstore, a memory area
shared by Xen domains. The ovmsvc calls API functions to send or read VM messages to or from
xenstore.
The xenpci driver uses the xenbus_watch function to monitor incoming messages. The xenpci driver
initialization registers a watch function on the xenstore key "control/oracle-vmapi/to-guest/
last-write". Messages sent by Oracle VM Manager are set in this xenstore key. The watch function of
xenpci is triggered when this xenstore key changes. The watch function checks and sends out events, a
monitor thread acknowledges events, and a callback function processes API messages.
75
Oracle Solaris
The ovmsvc sends Windows VM messages during its startup process, and uses an IOCTL in xenpci
to write the xenstore key "control/oracle-vmapi/from-guest/%d/%s". The ovmsvc updates the
message periodically to synchronize the information, such as guest IP address, from the guest to Oracle
VM Manager.
Oracle Solaris
The Oracle VM Guest Additions are also available for Oracle Solaris, both on SPARC and x86. They can
be optionally installed from a Solaris IPS repository: pkg://solaris/system/management/ovm-
guest-additions.
Alternatively, you can create a yum server that acts as a local mirror of the ULN addons channel.
For Oracle Linux Release 8, see the Oracle Linux documentation for more information at Registering With
the Unbreakable Linux Network
For Oracle Linux Release 7: or Oracle Linux Release 6, see the following Oracle Linux documentation for
more information:
To download the Oracle VM Guest Additions packages from the public yum repository, you need to enable
the addons channel in the yum configuration file.
76
Microsoft Windows Guests
For Oracle Linux Release 8, see the Oracle Linux documentation for more information at Obtaining Errata
and Updates From the Oracle Linux Yum Server
For Oracle Linux Release 7: or Oracle Linux Release 6, see the following Oracle Linux documentation for
more information:
Oracle Solaris
For Oracle Solaris, both on SPARC and x86, the Oracle VM Guest Additions can be downloaded
from a Solaris IPS repository at http://pkg.oracle.com/solaris/release/en/index.shtml or through https://
support.oracle.com/portal/ with your support contract access.
2. Run the yum install command to install the packages; for example,
# yum install libovmapi xenstoreprovider ovmd python-simplejson xenstoreprovider
Oracle Solaris
To install the Oracle VM Guest Additions on Oracle Solaris, do the following:
77
Microsoft Windows Guests
1. Ensure your virtual machine is connected to a yum repository that contains the packages for the Oracle
VM Guest Additions.
2. Run the yum update command to install the packages; for example,
# yum update libovmapi xenstoreprovider ovmd python-simplejson xenstoreprovider
Oracle Solaris
To upgrade the Oracle VM Guest Additions on Oracle Solaris, do the following:
In previous releases you could use the ovmd utility to send key/value messages to a virtual machine.
This feature is now included directly in Oracle VM Manager. Although this section mentions the options
available to send messages to a virtual machine using ovmd, you should instead use the Oracle VM
Manager Web Interface or Oracle VM Manager Command Line Interface to send key/value messages.
The virtual machine must have the Oracle VM Guest Additions daemon installed and running. See
sendVmMessage in the Oracle VM Manager Command Line Interface User's Guide , or the Send VM
Messages section in the Oracle VM Manager User's Guide for more information.
Used in conjunction with the ovm-template-config script, the ovmd utility can be used to remotely
configure system and application configuration parameters within a virtual machine as it boots. See
Section 8.8, “The Oracle VM Template Configuration Script and Modules” for more information on this
facility.
Oracle VM Manager makes use of ovmd in order to obtain IP addressing information from the guest to
include in the Oracle VM Manager Web Interface when displaying detailed virtual machine information. See
Virtual Machine IP Address.
You can run ovmd directly from the command line to perform actions outside of ovmd's function as a
daemon or system service. Running ovmd using the --help parameter provides you with a breakdown of
the options supported when run directly from the command line.
Note
On Oracle Solaris, the command options and script names may differ from those
presented for Oracle Linux. For details, please refer to the ovmd(1M) man page,
78
Syntax
Syntax
ovmd [ { -p | --set-param= } param ] [ { -g | --get-param= } key ] [ { -r | --delete-param= } key ]
[ { -x | --delete-params } ] [ { -l | --list-params } ] [ { -e | --event= } event ] [ { -s | --script=
} script ] [ { -d | --debug= } { 0 | 1 | 2 } ] [ { -f | --pid-file= } filename ] [ { -t | --time-period=
} seconds ] [ { -v | --version } ] [ { -h | --help } ]
Options
The following table shows the available options for this command:
Option Description
{ -p | --set-param= } param Set a parameter in the format of key=value.
{ -g | --get-param= } key Get the value of the parameter by key name.
{ -r | --delete-param= } key Delete the parameter by key name.
{ -x | --delete-params } Delete all parameters.
{ -l | --list-params } List all parameters.
{ -e | --event= } event Inject an event.
{ -s | --script= } script Run a script on the virtual machine.
{ -d | --debug= } { 0 | 1 | 2 } Set the debug level. 0 is DEBUG_OFF, 1 is DEBUG_STDERR,
and 2 is DEBUG_SYSLOG. The default is 2.
{ -f | --pid-file= } filename Set the path name of the process ID (PID) file.
{ -t | --time-period= } seconds Set the period for daemon mode. The default is 10 seconds.
{ -v | --version } Show the ovmd script version number and exit.
{ -h | --help } Show help on the ovmd command options.
Examples
Example 8.1 Showing the ovmd script version
# ovmd -v
See Section 8.6.2, “Sending Messages to Virtual Machines” for more information on sending and receiving
messages using the ovmd script.
Example 8.4 Listing messages sent from Oracle VM Manager on a virtual machine
# ovmd -\-list
{"key1":"value1"}
79
Using the Oracle VM Guest Additions Daemon to Enable First-Boot Configuration
{"key2":"value2"}
If you have configured ovmd to run as a service, you can configure it remotely using the messaging facility
and the ovm-template-config script.
See the example Section 8.6.2, “Sending Messages to Virtual Machines” for more information on using the
messaging channel. Also see Section 8.8, “The Oracle VM Template Configuration Script and Modules” for
information about the ovm-template-config script.
Using ovmd, you send information from within the virtual machine to your Oracle VM Manager using the
following syntax:
# ovmd -p key1=value1
The message appears in the Oracle VM Manager user interface, as a Virtual Machine API Incoming
Message event for the virtual machine in question. When you expand the event, the description shows the
key-value pair and the date and time when the information exchange took place.
Using ovmd from within the guest, you can retrieve the message sent from Oracle VM Manager using the
following syntax:
# ovmd -\-list
{"key1":"value1"}
{"key2":"value2"}
The ovmd -\-list command retrieves all messages, both sent and received. You can identify the
specific message you are looking for by its key. To remove obsolete messages, use the following syntax:
# ovmd -r key1
80
Configuring the Oracle VM Guest Additions Daemon to Run as a Service
# ovmd -\-list
{"key2":"value2"}
When configured as a service, ovmd listens for message requests sent from Oracle VM Manager.
The Shell
The executable binary file ovmcmd is used with 32-bit Windows, while ovmcmd_64 is used with 64-bit
Windows. You can run ovmcmd directly by using the Windows command line. The ovmcmd command
provides its own shell mode, which is convenient for setting multiple variables. Enter ovmcmd without any
parameter to display the list of supported interfaces.
The Commands
In shell mode, ovmcmd sets up a session and connects an event handler. The user can enter commands
at the OVMAPIShell shell prompt without having to re-issue ovmcmd. This is optional, as individual
commands can be specified on the Windows command line executing ovmcmd. Shell mode can be used
to send and receive messages containing parameter values, or to display the contents of the xenstore.
81
Conversation Between Guest and Oracle VM Manager
Commands for sending and receiving messages are illustrated under Conversation Between Guest and
Oracle VM Manager. Command names in ovmcmd are not case sensitive.
The Xenstore commands should only be used by people with substantial knowledge of the internals of
Xen. Those commands are:
• XenstoreRead: reads the value of a xenstore key. The parameter following the subcommand is the
xenstore key to read.
OVMAPIShell>XenstoreRead /local/domain/708/device/vif/0/state
4
OVMAPIShell>
• XenstoreWrite: writes a value to a xenstore key or creates a new xenstore key. The parameters are
the xenstore key and the value to be written. If the xenstore key is read-only, an error message appears.
OVMAPIShell>XenstoreWrite /local/domain/708/control/test 1
Operation Succeeded
OVMAPIShell>XenstoreWrite /local/domain/708/test 2
Operation Failed
OVMAPIShell>
• XenstoreDir: lists a xenstore directory. The parameter is the xenstore directory to display.
OVMAPIShell>XenstoreDir /local/domain/0
vm
device
control
error
memory
guest
hvmpv
data
cpu
1
availability
2
availability
[...]
OVMAPIShell>
The SendMessage command is used to send messages. However, messages sent this way are not saved.
OVMAPIShell>SendMessage value 1
Operation Succeeded
OVMAPIShell>
To send a message and at the same time save the parameter key/value pair, use the ParamSetValue
command.
OVMAPIShell>ParamSetValue guestparam1 guestval 1
ParamSetValue returned 0
OVMAPIShell>OVMCmdEventHandler: Received Event type 64, size 12, ID 6
ParamSetValue returned 0
82
The Oracle VM Template Configuration Script and Modules
From the Windows VM side of the conversation: use the ovmcmd command ParamSetValue to set a
parameter and send a message from the guest VM to Oracle VM Manager. For example ParamSetValue
mykey myval sets the value of key "mykey" to "myval", and sends a message to Oracle VM Manager.
C:\Program Files (x86)\Oracle Corporation\Oracle VM Windows PV Drivers>OVMCmd_64 ParamSetValue mykey myval
ParamSetValue returned 0
Use the ReadParameter command as shown below to read messages from Oracle VM Manager. Output
can optionally be piped to a file for later processing.
C:\Program Files (x86)\Oracle Corporation\Oracle VM Windows PV Drivers>OVMCmd_64 ReadParameter sesame
Success: sesame = street (7)
For the Oracle VM Manager side of the conversation: to display the message from the Oracle VM Manager
user interface, select the VM in the Servers and VMs tab, right click, and select Display Events.
Alternatively, send a message to the guest with the Oracle VM CLI sendVmMessage command.
OVM> sendvmmessage vm name=VMNAME key=managerparam message=managerval log=no
See sendVmMessage in the Oracle VM Manager Command Line Interface User's Guide for more
information.
The ovm-template-config script is the master script that is used to control all enabled modules.
Running ovm-template-config with the --help parameter provides a usage breakdown.
Important
83
Template Configuration Script (ovm-template-config)
root user password. See Section 8.8.2, “Enabling and Disabling Configuration
Modules (ovm-chkconfig)” for more information on this module.
See Section 8.8.4, “Triggering Configuration Changes” for more information on calling this script directly.
Syntax
ovm-template-config [ -e | --enumerate ] [ --human-readable ] [ { -i | --input= } input ] [ {
-o | --output= } output ] [ --stdin ] [ --console-input ] [ --ovf-transport-iso ] [ { -s | --
script= } script ] [ --logfile= logfile ] [ --loglevel= loglevel ] [ --version ] [ { -h | --
help } ] target
Options
The following table shows the available options for this command.
Option Description
[ -e | --enumerate ] Enumerate the parameters for target.
--human-readable Print in human readable format when enumerate parameters.
{ -i | --input= } input Input parameters from this file descriptor.
{ -o | --output= } output Output parameters to this file descriptor.
--stdin Build parameters from stdin.
--console-input Build parameters from the console input.
--ovf-transport-iso Build parameters from the OVF transport ISO.
{ -s | --script= } script Specify a script.
--logfile= logfile Set the name of the log file.
--loglevel= loglevel Set the logging level.
--version Show the ovm-template-config script version number and
exit.
{ -h | --help } Show help on the ovm-template-config command options.
Examples
Example 8.8 Listing the key pairs in configuration modules
# ovm-template-config --enumerate configure
Example 8.9 Listing the key pairs specific to the network configuration module
# ovm-template-config --enumerate --script network configure
Example 8.11 Passing configuration information from the command line prompt (prompting for
values)
# ovm-template-config --console-input configure
84
Enabling and Disabling Configuration Modules (ovm-chkconfig)
Example 8.12 Passing configuration information from an OVF transport mounted on a CDROM
device
# ovm-template-config --ovf-transport-iso configure
Enabling and disabling targets for any module is handled using the ovm-chkconfig script. Usage of this
command is outlined using the --help parameter.
Syntax
ovm-chkconfig [ --list [ name ] ] [ --add name ] [ --del name ] [ --target= target ... name { on |
off } ] [ --version ] [ { -h | --help } ]
Options
The following table shows the available options for this command.
Option Description
[ --list [ name ] ] Lists the status of the script name.
[ --add name ] Add a new script name.
[ --del name ] Delete a script name.
[ --target= target ... name { on | off Specify the targets in a comma separated list, for example:
}]
--target="configure,unconfigure"
--version Show the ovm-chkconfig script version number and exit.
{ -h | --help } Show help on the ovm-chkconfig command options.
Examples
Example 8.13 Listing available modules and their target runtime status
# ovm-chkconfig --list
name configure unconfigure reconfigure cleanup suspend resume migrate shutdown
authentication on:90 off off off off off off off
datetime on:50 off off off off off off off
firewall on:41 off off off off off off off
network off off off off off off off off
selinux off off off off off off off off
ssh off off off off off off off off
system off off off off off off off off
user off off off off off off off off
85
Key-Value Pairs Used By Available Configuration Modules
The output from this command is printed as a Python data structure, that is easy to parse and understand.
Content can be limited to the information specific to a configuration module by using the --script
parameter as presented below:
# ovm-template-config --human-readable --enumerate configure --script datetime
[('50',
'datetime',
[{u'description': u'System date and time in format year-month-day-hour-minute-second,
e.g., "2011-4-7-9-2-42".',
u'hidden': True,
u'key': u'com.oracle.linux.datetime.datetime'},
{u'description': u'System time zone, e.g., "America/New_York".',
u'hidden': True,
u'key': u'com.oracle.linux.datetime.timezone'},
{u'description': u'Whether to keep hardware clock in UTC: True or False.',
u'hidden': True,
u'key': u'com.oracle.linux.datetime.utc'},
{u'description': u'Whether to enable NTP service: True or False.',
u'hidden': True,
u'key': u'com.oracle.linux.datetime.ntp'},
{u'description': u'NTP servers separated by comma, e.g.,
"time.example.com,0.example.pool.ntp.org".',
u'hidden': True,
u'key': u'com.oracle.linux.datetime.ntp-servers'},
{u'description': u'Whether to enable NTP local time source: True or False.',
u'hidden': True,
u'key': u'com.oracle.linux.datetime.ntp-local-time-source'}])]
From the output, it becomes clear as to which configuration modules are triggered at which runlevel and
what keys and values they accept. Note that all key names are structured so that they are prefixed with
com.oracle, to avoid conflicts with any custom modules that you may intend to develop for your own
purposes.
86
Developing Oracle VM Template Configuration Modules
To manually force ovmd to pass messages to the ovm-template-config script, simply run ovmd with
the --script parameter set to point to one of the ovm-template-config targets:
# ovmd --list
{"com.oracle.linux.datetime.ntp":"True"}
{"com.oracle.linux.datetime.ntp-servers":"0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org"}
{"com.oracle.linux.root-password":"password"}
# ovmd -s configure
Note
When running ovmd like this, ovmd prepares two pipes (infd and outfd) and calls the ovm-template-
config script transparently in the background in the following way:
# ovm-template-config --input <infd> --output <outfd> configure
During testing, it may be useful to simply pass configuration information directly to the script from STDIN
on the command line. This can be achieved by calling the script directly with the --stdin parameter:
# ovm-template-config --stdin configure <<EOF
> {"com.oracle.linux.selinux.mode": "disabled"}
> {"com.oracle.linux.root-password": "ovsroot"}
> EOF
Configuration can also be achieved directly from the console by running the script using the --console-
input option. Doing this will prompt you for values for each of the keys that need to be defined for any
enabled modules:
# ovm-template-config --console-input configure
1. The script header, which contains information like script name, targets, priorities and description.
For examples of functional module scripts, refer to the existing modules in the /etc/template.d/
scripts directory.
87
Developing Oracle VM Template Configuration Modules
When developing your own module script, you must include a header following the exact same format.
Provide your own script name, which will be used when calling ovm-chkconfig, the targets that your
script will support, and the priority for your script. The priority will specify in what order the script gets
executed. You do not have to implement all targets. If you have a configure target but no cleanup target,
this is still acceptable. The configure target gets called when a first boot/initial start of the virtual machine
happens. The cleanup target happens when you manually initiate a cleanup in your virtual machine or
when you want to restore the virtual machine to its original state. An example of the network module script
header is provided below:
### BEGIN PLUGIN INFO
# name: network
# configure: 50
# cleanup: 50
# description: Script to configure template network.
### END PLUGIN INFO
• configure
• unconfigure
• reconfigure
• cleanup
• suspend
• resume
• migrate
• shutdown
Your script can handle any other arguments that you require. There is one optional parameter which is
useful to implement and this is -e or --enumerate. ovm-template-config uses this to be able to
enumerate or list the parameters for a target supported by your script.
def do_enumerate(target):
param = []
if target == 'configure':
param += []
elif target == 'cleanup':
param += []
return json.dumps(param)
88
Developing Oracle VM Template Configuration Modules
def do_configure(param):
param = json.loads(param)
return json.dumps(param)
def do_cleanup(param):
param = json.loads(param)
return json.dumps(param)
if __name__ == '__main__':
main(do_enumerate, {'configure': do_configure, 'cleanup': do_cleanup})
You can fill out the script with your own code. For instance, for the do_enumerate function, you would
populate the parameters that are supported for each target in the script. An example from the firewall
module is presented below:
def do_enumerate(target):
param = []
if target == 'configure':
param += [{'key': 'com.oracle.linux.network.firewall',
'description': 'Whether to enable network firewall: True or False.',
'hidden': True}]
return json.dumps(param)
Each target function begins by reading the JSON parameters passed to the script, using the param =
json.loads(param) statement. From this point, code can be written to perform actions based on the
values of the keys that the script expects to receive. Once again, the example provided below is from the
firewall module:
def do_configure(param):
param = json.loads(param)
firewall = param.get('com.oracle.linux.network.firewall')
if firewall == 'True':
shell_cmd('service iptables start')
shell_cmd('service ip6tables start')
shell_cmd('chkconfig --level 2345 iptables on')
shell_cmd('chkconfig --level 2345 ip6tables on')
elif firewall == 'False':
shell_cmd('service iptables stop')
shell_cmd('service ip6tables stop')
shell_cmd('chkconfig --level 2345 iptables off')
shell_cmd('chkconfig --level 2345 ip6tables off')
return json.dumps(param)
89
Developing Oracle VM Template Configuration Modules
Group: Applications/System
License: GPL
URL: http://www.oracle.com/virtualization
Source0: %{name}-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildArch: noarch
Requires: ovm-template-config
%description
Oracle VM template example configuration script.
%prep
%setup -q
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
%clean
rm -rf $RPM_BUILD_ROOT
%post
if [ $1 = 1 ]; then
/usr/sbin/ovm-chkconfig --add example
fi
%preun
if [ $1 = 0 ]; then
/usr/sbin/ovm-chkconfig --del example
fi
%files
%defattr(-,root,root,-)
%{_sysconfdir}/template.d/scripts/example
%changelog
* Tue Mar 22 2011 John Smith - 3.0-1
- Initial build.
Edit the example spec file to reference your own script name.
The following is an example Makefile that you might assist in automating the build process:
help:
@echo 'Commonly used make targets:'
@echo ' install - install program'
@echo ' dist - create a source tarball'
@echo ' rpm - build RPM packages'
@echo ' clean - remove files created by other targets'
dist: clean
mkdir $(PACKAGE)-$(VERSION)
tar -cSp --to-stdout --exclude .svn --exclude .hg --exclude .hgignore \
--exclude $(PACKAGE)-$(VERSION) * | tar -x -C $(PACKAGE)-$(VERSION)
tar -czSpf $(PACKAGE)-$(VERSION).tar.gz $(PACKAGE)-$(VERSION)
rm -rf $(PACKAGE)-$(VERSION)
90
Developing Oracle VM Template Configuration Modules
install:
install -D example $(DESTDIR)/etc/template.d/scripts/example
rpm: dist
rpmbuild -ta $(PACKAGE)-$(VERSION).tar.gz
clean:
rm -fr $(PACKAGE)-$(VERSION)
find . -name '*.py[cdo]' -exec rm -f '{}' ';'
rm -f *.tar.gz
Create a working directory, copy over your script, the spec file and the Makefile. Run the following
command to create a src tarball of your code:
# make dist
The preceding command generates an RPM in the RPMS/noarch directory within your working directory,
for example: RPMS/noarch/ovm-template-config-test-3.0-1.el6.noarch.rpm.
91
92
Chapter 9 Using the Oracle VM Utilities
The Oracle VM Utilities are a collection of command line scripts that allow you to perform certain tasks in
an Oracle VM environment, such as collecting metrics about the Oracle VM Server host on which virtual
machines run and configuring CPU pinning, which is also referred to as hard partitioning.
The Oracle VM Utilities communicate directly with Oracle VM Manager using a Oracle VM API. The Oracle
VM Utilities connect to the Oracle VM API with an Oracle VM Manager administrative user name and
password. Oracle VM Manager listens for the Oracle VM Utilities on port 7002 (HTTPS).
Note
• The Oracle VM Utilities version 2.1 and later work with Oracle VM Manager
Release 3.4. Additionally, only the ovm_vmdisks, ovm_vmhostd,
vm_dump_metrics, and ovm_vmcontrol scripts are intended for use with
Oracle VM Manager Release 3.4. All other scripts are either obsolete or
deprecated by the Oracle VM Manager Command Line Interface. See the Oracle
VM Manager Command Line Interface User's Guide for details on how you can
perform management tasks in an Oracle VM environment.
• The Oracle VM Utilities are provided as-is and are not supported by Oracle.
However, Oracle provides support for the Oracle VM Utilities in the following
cases:
1. Download the Oracle VM Utilities as a .zip file from the Oracle VM downloads page:
http://www.oracle.com/technetwork/server-storage/vm/downloads/index.html
2. Extract the contents of the .zip file to the system. Refer to the readme file for specific instructions.
Note
• The ovm_vmcontrol script supports CPU pinning for virtual machines running
on x86-based Oracle VM Servers only. You cannot configure CPU pinning for
virtual machines running on Oracle VM Server for SPARC.
• If you are using Oracle VM Release 3.4.1 or Release 3.4.2, after you configure
CPU pinning for a virtual machine, you must stop and then start the virtual
93
Syntax
machine for the configuration to take effect. Restarting the virtual machine does
not load the configuration changes for CPU pinning.
Syntax
ovm_vmcontrol { -u username } [ -p password | -E ] { -h hostname } { -c command } { -v
vm_name | -U vm_uuid } [ -s cpu_thread_list ... ]
Options
The following table shows the available options for this command.
Option Description
-u username Username of an Oracle VM Manager admin user. This option
is required.
[ -p password | -E ] Corresponding password for the Oracle VM Manager admin
user. You can specify the password as follows:
94
Examples
Option Description
-v vm_name Virtual machine name.
-U vm_uuid Virtual machine UUID. If you do not specify the virtual machine
name with the -v vm_name option, you must specify the UUID
of the virtual machine.
-s cpu_thread_list ... List of physical thread numbers to which you can bind virtual
CPUs. You can set the value as follows:
Note
-c setvcpu
Examples
Example 9.1 Setting CPU pinning for a virtual machine
This example binds the virtual CPUs of the virtual machine to threads 0, 1, 3, 5, and 7.
# ./ovm_vmcontrol -u admin -h localhost -v MyVM01 -c setvcpu -s 0-3,^2,5-7,^6
Oracle VM VM Control utility 2.1.
Connecting to OVM Manager using Web Service.
Connected.
OVM Manager version: version
Command : setvcpu
Pinning vCPU '0-3,^2,5-7,^6' to VM 'MyVM01'
Pin vCPU succeed.
This example shows the virtual CPUs of the virtual machine are bound to threads 0, 1, 3, 5, and 7.
# ./ovm_vmcontrol -u admin -h localhost -v MyVM01 -c getvcpu
Oracle VM VM Control utility 2.1.
Connecting to OVM Manager using Web Service.
Connected.
OVM Manager version: version
Command : getvcpu
95
Oracle VM Retrieve Disk (ovm_vmdisks)
Syntax
ovm_vmdisks { -u username } { -p password | -E } { -h hostname } { -v vm_name | -U vm_uuid
}
Options
The following table shows the available options for this command.
Option Description
-u username Username of an Oracle VM Manager admin user. This option
is required.
[ -p password | -E ] Corresponding password for the Oracle VM Manager admin
user. You can specify the password as follows:
Examples
Example 9.3 Listing virtual disks for a virtual machine
# ./ovm_vmdisks -u admin -p Welcome1 -h localhost -v MyVM01
96
Oracle VM Hostd For Metrics Messaging (ovm_vmhostd)
The virtual machine message that the ovm_vmhostd script sends has a key of vmhost. The metrics about
the Oracle VM Server host are defined as the value of the virtual machine message.
To retrieve the host metrics from the virtual machine, you can use either the Oracle VM Guest Additions
daemon, ovmd, or the vm-dump-metrics script. See Section 9.4, “Retrieving Host Metrics from Virtual
Machines (vm-dump-metrics)”.
Note
The ovm_vmhostd script uses the Oracle VM Guest Additions to send and receive
the metrics as virtual machine messages. For this reason, the guest virtual machine
must be running Oracle Linux with the Oracle VM Guest Additions installed. See
Chapter 8, Installing and Using the Oracle VM Guest Additions.
Syntax
ovm_vmhostd { -u username } [ -p password | -E ] { -h hostname } { -v vm_name | -U vm_uuid
}
Options
The following table shows the available options for this command.
Option Description
-u username Username of an Oracle VM Manager admin user. This option
is required.
[ -p password | -E ] Corresponding password for the Oracle VM Manager admin
user. You can specify the password as follows:
97
Examples
Option Description
• Set the password as an environment variable and then use
the -E option. It is best practice to remove the environment
variable when it is no longer required.
Examples
Example 9.4 Sending Oracle VM Server details to a virtual machine
# ./ovm_vmhostd -u admin -h localhost -v MyVM01
Oracle VM Hostd 2.1.
Connecting to OVM Manager using Web Service.
Connected.
Processing VM : 'MyVM01'
1. Run the ovm_vmhostd script to send metrics about the Oracle VM Server host as a virtual machine
message.
2. Copy the vm-dump-metrics script to the guest virtual machine that received the virtual machine
message.
3. Run the vm-dump-metrics script. The vm-dump-metrics script does not take any commands or
options.
The vm-dump-metrics script queries ovmd to retrieve a message with the vmhost key. The script then
does one of the following:
98
Retrieving Host Metrics from Virtual Machines (vm-dump-metrics)
• Parses the message and outputs the XML to standard output (stdout).
• Exits with status 1 if a message with the vmhost key does not exist.
99
Querying the Oracle VM Guest Additions Daemon Directly
For more information about the Oracle VM Guest Additions daemon, ovmd, see Chapter 8, Installing and
Using the Oracle VM Guest Additions.
100
Chapter 10 Converting Physical Hosts to Virtual Machines
Converting hosts involves creating hardware virtualized guest images from existing physical computers.
This chapter explains how to use the Physical to Virtual (P2V) conversion utility to convert hosts.
• The host computer must have a CPU that supports PAE (Physical Address Extension).
• The P2V utility included with Oracle VM Release 3.4 applies to 64-bit operating systems only.
To use the P2V utility, you boot from the Oracle VM Server ISO on the physical computer you want to
convert to a hardware virtualized guest. The P2V utility then creates a virtual machine configuration file
(vm.cfg) and creates raw virtual disk images from the disks on the computer.
The first four virtual disk images are created as IDE disks (hda, hdb, hdc, and hdd) on the guest, using the
original disk names. Up to seven additional disks are created as SCSI devices (sda, sdb, sdc, and so on).
Note
Oracle VM Manager limits virtual machines with the HVM domain type to a
maximum of four virtual disks. In this case, if the vm.cfg file has more than four
disk entries, then Oracle VM Manager imports only the first four virtual disks.
At the end of the conversion process, the P2V utility starts a web server that hosts the vm.cfg file and
virtual disk file(s). You can then import the hardware virtualized guest into Oracle VM Manager as a virtual
machine template.
101
Converting the Host with the P2V Utility
1. Insert the Oracle VM Server installation media into the optical disc drive of the computer you want to
image.
2. Change the boot order to start from the optical disc drive in the BIOS or UEFI settings.
The Oracle VM Server installer initializes. The first step in the conversion process is for the network
manager to configure the network interface.
• If the host has one network interface, the network manager automatically configures it.
• If the host has two or more network interfaces, the network manager prompts you to select one
network interface and then automatically configures it.
• If the network manager cannot successfully configure the network interface, you are prompted to
configure TCP/IP settings.
Setting Description
Enable IPv4 support Enables Internet Protocol Version 4 (IPv4) in the network interface.
Dynamic IP configuration Uses the Dynamic Host Configuration Protocol (DHCP) network service
(DHCP) to automatically assign an IPv4 address to the hardware virtualized
guest and retrieve DNS settings.
Manual configuration Lets you specify the following:
102
Converting the Host with the P2V Utility
Setting Description
• IP address of the gateway server for your network.
6. After the network interface is configured, you are prompted to test the media for errors. Do one of the
following:
• Select OK and then press Enter to test the bootable media for errors.
Note
• Select Skip and press Enter to continue without testing the bootable media.
7. Select the disk partition(s) on the computer to include in the guest image.
103
Converting Hosts Silently with a Kickstart File
Parameter Description
VM name Specifies a name for the virtual machine.
VM Memory (in MB) Specifies the amount of RAM, in megabytes, to allocate to the virtual
machine when it is running. The amount of RAM that you specify will
be requested from the host operating system. For this reason, it must
be available or made available as free memory on the host when
attempting to start the virtual machine and will not be available to the
host while the virtual machine is running.
Virtual CPUs Specifies the number of CPU cores to allocate to the virtual machine.
Console Password Specifies a password for the virtual machine console.
Confirm console password Verifies the console password.
A secure web server (HTTPS) starts. The IP address of the computer and port number where the web
server is available displays.
You can now access the vm.cfg and virtual disk(s) that the P2V utility created on the web server. Proceed
to Section 10.4, “Importing Guests as Virtual Machine Templates to Oracle VM Manager”.
104
Considerations for Using a Kickstart File
The following steps provide a high-level overview of how to convert hosts silently:
2. Insert the Oracle VM Server installation media into the optical disc drive of the computer you want to
image.
3. Change the boot order to start from the optical disc drive in the BIOS or UEFI settings.
Where:
The P2V utility begins the conversion process. If there are any missing parameters in the kickstart file, you
are prompted to enter them.
When the conversion process completes, you can import the hardware virtualized guest into Oracle VM
Manager as a virtual machine template. See Section 10.4, “Importing Guests as Virtual Machine Templates
to Oracle VM Manager”.
• The P2V utility converts disks on the computer to virtual disk images. The virtual disk images are created
as IDE disks (hda, hdb, hdc, hdd, and so on) on the guest, using the original disk names. When you
use a P2V kickstart file, up to four disks are automatically deployed in the guest. Any extra disks are
converted and added to the guest configuration file (vm.cfg) but are not deployed in the guest.
To deploy the additional disks in the guest, edit the guest configuration file to remove the comments from
the disk entries and map the additional disks to SCSI device names; for example, sda, sdb, and sdc. The
boot disk must always be mapped to device hda. Any files on the guest that contain references to these
devices must also be changed; for example, the /etc/fstab file might contain references to /dev/
hda1, /dev/sda1, and so on.
• At least one network interface must use DHCP so that the computer on which the P2V utility is running
can read the kickstart file over the network.
• If you want the P2V utility web server to listen using a network interface other than the one that initiates
the kickstart session, specify the network configuration for that network interface in the kickstart file.
105
P2V Kickstart Parameters
Boot Parameters
Option Description
p2v Loads the P2V conversion utility.
ks=ksfile Specifies the name and location of a P2V kickstart file.
ksdevice=value Specifies the network interface to use. You can set one of the
following values:
Option Description
p2v Indicates the kickstart file is intended to automate a P2V
conversion. It accepts no parameters.
target --ovmmanager Sets the end destination for the guest image. Sets the P2V
utility to operate in HTTPS server mode to transfer the guest
image to a running instance of Oracle VM Manager.
diskimage option ... Denotes a disk to be included in the guest image. The P2V
utility uses device mapper-based snapshotting to copy the disk
as a system-*.img file on the target computer. There may
be multiple diskimage directives in a P2V kickstart file, each
resulting in a disk image in the guest image. The --device
parameter must always be used with the diskimage directive
to indicate which device should be imaged.
--device path
The device to image. path must be the full path to the device.
For example:
diskimage --device /dev/sda
106
P2V Kickstart Parameters
Option Description
logical volume should be LVM. Devices /dev/md[a-zz] should
be MDRAID. For example:
diskimage --device /dev/hda --type IDE
--ip ipaddress
--gateway ipaddress
--nameserver ipaddress
--netmask netmask
107
P2V Kickstart File Example
Option Description
--name name
--mem size
--vcpus number
--consolepasswd password
For example:
vm_options --name MyVM --mem 2048 --vcpus 2
--consolepasswd mypassword
You must ensure that the vm.cfg file and virtual disk(s) reside at a location where you can import them
before you attempt to import the hardware virtualized guest as a virtual machine template,
The web server that hosts the vm.cfg and virtual disk(s) uses port 443. You can import the files directly
into a Oracle VM repository with Oracle VM Manager. However, you must ensure that the Oracle VM
Server that is designated as the administration server for that repository can access the web server on port
443. Alternatively, you can download the vm.cfg and virtual disk(s) from the web server and then host
them at a location that Oracle VM Server can access.
Note
The web server provides a serial HTTP connection. For this reason, multiple
requests to import guests as virtual machine templates are issued sequentially. For
example, if you start a second download while another download is in progress, the
second download does not start until the first download is complete.
1. Open a browser and navigate to the location of the web server that is hosting the vm.cfg and virtual
disk(s); for example,
108
Importing Guests as Virtual Machine Templates to Oracle VM Manager
https://192.168.1.13/
The browser displays a directory listing of the files that the P2V utility created.
2. Copy the URLs for the vm.cfg file and *.img file(s).
b. Click the Repositories tab and then select the repository in which to store the template.
e. Specify the URLs for the vm.cfg file and *.img file(s) as separate lines in the VM Template URLs
pane.
Refer to the Oracle VM Manager Online Help for more information about importing virtual machine
templates.
The hardware virtualized guest is available in the repository as a virtual machine template.
The hardware virtualized guest must have a unique network configuration. For this reason, you should
configure a new network device and ensure that it is detected before you start the virtual machine that you
109
Importing Guests as Virtual Machine Templates to Oracle VM Manager
created with the P2V utility. If you use the same network configuration as the original computer, a network
clash might occur because two computers on the network have the same IP and MAC addresses.
After you successfully import the hardware virtualized guest as a virtual machine template, press
Control+C to interrupt the P2V utility on the host computer. You can then remove the Oracle VM Server
bootable media from the drive and restart the computer.
110
Chapter 11 Installing and Configuring the Oracle VM Exporter
Appliance
The Oracle VM Exporter Appliance is a special type of virtual machine used to export another virtual
machine from the Oracle VM environment to a tenancy account in Oracle Cloud Infrastructure. Before you
can use the Oracle VM Exporter Appliance, in addition to a valid Oracle VM account, you need an active
tenancy and user account in Oracle Cloud Infrastructure.
Note
SSH is disabled on the Oracle VM Exporter Appliance for security reasons. To log
on to the Oracle VM Exporter Appliance, you have to use the console.
The Oracle VM Exporter Appliance uses Oracle Cloud Infrastructure APIs to perform the export. You need
to upload the Oracle VM Exporter Appliance public key to Oracle Cloud Infrastructure to export a virtual
machine.
For more information about uploading keys to Oracle Cloud Infrastructure, see https://
docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#three.
Additionally, before using the Oracle VM Exporter Appliance, you need to know Oracle Cloud
Infrastructure:
• Region
• Compartment
• Availability Domain
For more information about finding the above values, see https://docs.cloud.oracle.com/en-us/iaas/
Content/API/Concepts/apisigningkey.htm.
For more information about exporting virtual machines and the parameters needed see the Exporting
Virtual Machines section of the Oracle VM Concepts Guide .
11.1 Considerations
This section contains useful information to consider when using the Oracle VM Exporter Appliance.
Oracle VM Considerations
• You can export hardware virtual machines (HVMs) or paravirtual hardware virtual machines (PVHVM).
• An Oracle VM usually has Storage Networks defined for storage like NFS, iSCSI, and so on. If virtual
machines that are to be exported to Oracle Cloud Infrastructure have virtual disks accessed through
Storage Networks (or other types of networks), the Oracle VM Storage Network's configuration must be
modified to add virtual machine use.
• VNICs tied to Storage Networks are needed for accessing resources that can be accessed via one or
more Storage Networks.
111
Installing the Oracle VM Exporter Appliance
• If you need to access resources that can only be reached through one or more Storage Networks, then
you must also attach a VNIC to each Storage Network in Oracle VM Exporter Appliance.
• If Oracle VM Exporter Appliance requires static IP address configuration, then you must configure these
IP addresses on all VNICs for the virtual machines and storage networks.
• Once all of these parameters have been set successfully in the Oracle VM Exporter Appliance virtual
machine, configuration is complete. For information on using the Oracle VM Exporter Appliance, see see
the Export a Virtual Machines section of the Oracle VM Manager User's Guide .
• You cannot export a Windows virtual machine to Oracle Cloud Infrastructure unless it has the latest
VirtIO drivers. These drivers can be downloaded from the Oracle Software Delivery Cloud (OSDC) at
https://edelivery.oracle.com.
• The Oracle VM Exporter Appliance needs read-only access to NFS shares of repositories that contain
virtual machine resources. Modify the NFS export on the NFS server to export these resources to the
Oracle VM Exporter Appliance IP address on the appropriate Storage Network.
• The Oracle VM Exporter Appliance needs an NFS Share with read-write permission to hold temporary,
converted disk images. Create an NFS share on the NFS server and export it to the Oracle VM Exporter
Appliance IP address on the appropriate Storage Network
• For repositories on LUN or local storage physical disks, check the firewall for NFS export from the Oracle
VM Server host.
• Add "Repository Export" on one of the Oracle VM Server hosts on which the LUN or Local Disk exists.
The repository must be presented to the Oracle VM Server host in order to export the repository to an IP
address that reaches the Oracle VM Server host.
• If you have a Repository on a LUN or Local Storage (physical disk), the Oracle VM Exporter Appliance
must have export access to that LUIN or Local Storage on the hosts or servers in the server pool that
is presented to that LUN or Local Storage repository. To add export access in Oracle VM, highlight the
host or server and change the Perspective to Repository Exports. Click on the + symbol to add the IP
address of the Oracle VM Exporter Appliance virtual machine to the LUN or Local Storage Repository.
You can download the Oracle VM Exporter Appliance from the following location:
112
Creating the Oracle VM Exporter Appliance Virtual Machine
You have to agree to the same terms and conditions as the Oracle VM software.
Note
You can only use the Oracle VM Exporter Appliance in a valid Oracle VM
environment and with Oracle Cloud Infrastructure parameters listed above.
Follow these steps to create the Oracle VM Exporter Appliance virtual machine:
1. Create the Oracle VM Exporter Appliance virtual machine from the Oracle VM Exporter Appliance OVA.
Important
Using a different name means that other information such as hostname and IP
address have to be entered manually when the Oracle VM Exporter Appliance is
used.
3. Configure the Oracle VM Exporter Appliance virtual machine's network. For information on creating,
editing and removing VNICs on virtual machines, please refer to the Edit Virtual Machine and Create
Virtual Machine sections of the Oracle VM Manager User's Guide .
• The Oracle VM Manager needs to communicate with the Oracle VM Exporter Appliance virtual
machine. We recommend tying the virtual machine's Virtual Network Interface Card (VNIC) in slot
0 (eth0 in the virtual machine) to the virtual machine network. The IP address associated with this
VNIC is what the user interface for the Oracle VM Exporter Appliance wizard finds.
• (Optional) You can add an additional VNIC to enable the Oracle VM Exporter Appliance virtual
machine to access the Network File System (NFS) repository or the repositories where the virtual
machines to be exported have their disks.
Note
The Oracle VM networks used above must have the "Virtual Machine" role to
tie the VNICs to these networks.
• (Optional)You can add an additional VNIC to enable the Oracle VM Exporter Appliance virtual
machines to access Oracle Cloud Infrastructure.
113
Configuring the Oracle VM Exporter Appliance Virtual Machine
• Network device
The network parameters used by Oracle VM Exporter Appliance can be configured manually (static
addressing). You can also use DHCP to supply these parameters.
If you choose static configuration for the network parameters, then you must also configure the following
for Oracle VM Exporter Appliance:
• IP address
There are also sharing and security parameters to configure for Oracle VM Exporter Appliance:
• CA certificate
• Root password
Parameters are sent as VM Messages to the automated virtual machine provisioning process. For more
information on sending VM Messages, see the the Send VM Messages section of the Oracle VM Manager
User's Guide .
In the parameter configuration listing, replace the parameter.n ending with parameter.0 to configure the
eth0 interface, and replace the parameter.n ending with parameter.1 to configure the eth1 interface. You
can have more than two interfaces.
The parameters and values used to configure the Oracle VM Exporter Appliance virtual machine are
114
Configuring the Oracle VM Exporter Appliance Virtual Machine
where n is the interface number and host-name-info is the host name, such as 127.0.0.1
example-hostname.domain example-hostname.
where n is the interface number and network-device is the local network information, such as eth0.
where n is the interface number and yes or no determines if the interface is active or not.
where n is the interface and dhcp or static determines if the interface uses DHCP or has a static IP
address.
where n is the interface and n.n.n.n is the IPv4 address in dotted decimal notation.
where n is the interface and n.n.n.n is the IPv4 netmask in dotted decimal notation.
where n is the interface and n.n.n.n is the IPv4 address in dotted decimal notation.
9. To configure the IP addresses of the Domain Name System (DNS) servers, separated by commas:
com.oracle.linux.network.dns-servers.n n.n.n.n,n.n.n.n,...
where n is the interface and n.n.n.n is the IPv4 address of one or more DNS servers in dotted
decimal notation.
10. To configure the NFS share (path) to hold temporary converted disk images:
com.oracle.ovm.vmexporter.nfs_share path
where certificate is the value of the certificate, passed as a string with carriage returns in the
certificate replaced with new lines (\n). For more invformation on obtaining and exporting the CA
certificate, see Section 2.2.4, “Exporting the CA Certificate” and related sections.
115
Configuring the Oracle VM Exporter Appliance Virtual Machine
Note
You set these parameters in the Oracle VM Exporter Appliance by sending messages to the virtual
machine. If you have named the virtual machine "Exporter Appliance" then you can pass these parameters
as shown in this example:
sendVmMessage Vm name="Exporter Appliance" key=com.oracle.linux.hostname message=
example-hostname.domain log=no
sendVmMessage Vm name="Exporter Appliance" key=com.oracle.linux.network.host.0 message=
127.0.0.1 example-hostname.domain example-hostname log=no
sendVmMessage vm name="Exporter Appliance" key=com.oracle.linux.network.device.0 message=
eth0 log=no
sendVmMessage vm name="Exporter Appliance" key=com.oracle.linux.network.onboot.0
message=yes log=no
sendVmMessage vm name="Exporter Appliance" key=com.oracle.linux.network.bootproto.0
message=dhcp log=no
sendVmMessage Vm name="Exporter Appliance" key=com.oracle.ovm.vmexporter.nfs_share
message="ca-ovmstor101://export//<user-id>//converteddisks" log=no
sendVmMessage Vm name="Exporter Appliance" key=com.oracle.ovm.vmexporter.ca_certificate
message="-----BEGIN CERTIFICATE-----/\nMIID+zCCAuOgAwIBAgIUZwL8sCLKIaknyZMNFmPtcc
Vc86MwDQYJKoZIhvcNAQEL/\nBQAwgaQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUw
EwYDVQQH/\nEwxSZWR3b29kIENpdHkxGzAZBgNVBAoTEk9yYWNsZSBDb3Jwb3JhdGlvbjEaMBgG/\nA1U
ECxMRT3JhY2xlIFZNIE1hbmFnZXIxMDAuBgNVBAMTJ09WTSBDQSAwMDA0ZmIw/\nMDAwMDEwMDAwMDgwN
mM5OGJiMWRiMDRkYzAeFw0yMDA0MjMwMDUwMDhaFw0zMDA0/\nMjQwMDUwMDhaMIGkMQswCQYDVQQGEwJ
VUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEV/\nMBMGA1UEBxMMUmVkd29vZCBDaXR5MRswGQYDVQQKExJPc
mFjbGUgQ29ycG9yYXRp/\nb24xGjAYBgNVBAsTEU9yYWNsZSBWTSBNYW5hZ2VyMTAwLgVDVQQDEydPVk0
gQ0Eg/\nMDAwNGZiMDAwMDAxMDAwMDA4MDZjOThiYjFkYjA0ZGMwggEiMA0GCSqGSIb3DQEB/\nAQUAA4
IBDwAwggEKAoIBAQCSma4RrVJ5//TR7Iz2j0zq3e3cmGL82kFbqhVtG2ufz/\nqbeOkYD2cpObpP0KUAF
pQ9UHQxVbkWSKKTAhn2UPAPdA6mMjKZ17PMIpBiEmnD/\n0N1zE3a9IBp7wMd3X2zdpBQadVVD3v7P9k+
rFhprlbqXG4BZxUnc//SYsgBdrDkOj/\nn6RrGJoufpIc5TADOOcpu3HaDaZ4DUj3tASzMesXRPnj45d/
/F8axJnxxRzC2+L3b/\nJIVPdzyBK5ZSqU2rGPesQixC56yW//iywgj2i1n0+O60Uv2ypBZ4GAjYSGY5A
I+qE/\ne//DRsrE6FtI+cmoUHckoWRtu0f8QdNBiYzmQzDYqOs+5AgMBAAGjIzAhMA8GA1Ud/\nEwEB//
wQFMAMBAf8wDgYDVR0PAQH//BAQDAgAFMA0GCSqGSIb3DQEBCwUAA4IBAQBY/\niZosYxc35hIEYbUqxz
qBes9Bg3fdxZXNIFs1mdxQJUNSd1QSd526lna4kN1hpc70/\nnoAVn8AF3Ct7t8qltc710E8xI9mUO2Us
ISZtdVvWhUUbeZaLiH0x4SEIZT9BwrxW/\n7ZB//BjCuENCRjTCsZpjj8X9c//nZyB+LqHS7W6VznsDry
UYhJ6hiHe9//dcnBLlXPH/\nWnqvCiZLHFeletI6c1ahMA6R7+arx9EPp5MjZfXU8slLmzSCrZaYwFd0z
F//Gy8Xz/\nfEYbjAkO6T3T//OnLBC1Q4fs80jD5n2y13YKpTPSaFgO0An//YgbWecd7JjJE//5BVQ/\n
g37A8ZcQkMxBZyELRv1C/\n-----END CERTIFICATE-----/\n" log=no
sendVmMessage Vm name="Exporter Appliance" key=com.oracle.linux.root-password
message=<root-pw> log=no
Note
You must also set the date and time correctly. See Section 8.8.2, “Enabling and
Disabling Configuration Modules (ovm-chkconfig)” for more information on setting
the date and time and related parameters.
116
Configuring the Oracle VM Exporter Appliance Virtual Machine
117
118
Chapter 12 Backing up and Restoring Oracle VM Components
This chapter gives you the basic information required to back up and restore Oracle VM Manager, the
database repository, and virtual machines.
Oracle does not recommend backing up Oracle VM Servers as no critical data is contained on them.
Instead of backing up and recovering an Oracle VM Server, in the event of a failure, simply delete it from
Oracle VM Manager, reinstall the Oracle VM Server software if required, and rediscover it.
For a more thorough discussion on backing up and restoring the various entities that comprise Oracle VM,
see the Oracle VM 3: Backup and Recovery Best Practices Guide at:
http://www.oracle.com/technetwork/server-storage/vm/overview/index.html
From a high level, the steps to manually backup Oracle VM Manager are as follows:
See Section 12.1.1, “Backing up the Oracle VM Manager Configuration File” for more information on
backing up the Oracle VM Manager configuration file.
Note that the Oracle VM Manager database is backed up automatically every 24 hours using the
MySQL Enterprise Backup utility, but it is also possible to perform a manual backup.
See Section 12.1.2, “Backing up the MySQL Database Repository” for more information on Oracle VM
Manager MySQL database backup and restore facilities.
/u01/app/oracle/ovm-manager-3/.config
This configuration file contains database connection information, ports, and the Oracle VM Manager UUID.
The following is an example of the configuration file structure:
DBTYPE=MySQL
DBHOST=localhost
SID=ovs
LSNR=46500
OVSSCHEMA=ovs
APEX=None
WLSADMIN=weblogic
OVSADMIN=admin
COREPORT=54321
UUID=uuid
BUILDID=x.x.x.xxx
119
Backing up the MySQL Database Repository
The following table describes the properties and values in the configuration file:
Name Description
DBTYPE Database type. This is a legacy configuration property. The value is always
MySQL.
DBHOST Hostname of database server. This is a legacy configuration property. The
value is always localhost.
SID Oracle System ID (SID). The default value is ovs.
LSNR Database listener port number. The default value is 49500.
OVSSCHEMA Oracle VM Manager database name. The default value is ovs.
APEX This is a legacy configuration property. The default value is None.
WLSADMIN Oracle WebLogic Server administrator username. The default value is
weblogic.
OVSADMIN Oracle VM Manager administrator username. The default value is admin.
COREPORT Oracle VM Manager core port number. The default value is 54321.
UUID Oracle VM Manager universally unique identifier (UUID).
BUILDID Oracle VM Manager version and build number.
As of Oracle VM Manager Release 3.2.1, backups of the local MySQL database are performed
automatically. Backups are stored within /u01/app/oracle/mysql/dbbackup by default, and are
rotated regularly so that only the most recent backups are stored at any point in time. Backups make use
of the MySQL Commercial Backup utility. See http://www.mysql.com/products/enterprise/backup.html for
more information on the MySQL Enterprise Backup utility.
The MySQL Enterprise Backup package is installed as a dependency during the installation of
Oracle VM Manager. On Oracle Linux systems this is handled by installing mysql-commercial-
backup-version_number.x86_64.rpm.
On x86 systems, backup configuration options are defined in /etc/sysconfig/ovmm on the Oracle VM
Manager host.
To configure the default path used to store MySQL database backup files, locate the following line:
DBBACKUP=/u01/app/oracle/mysql/dbbackup
Note
This path can be changed to an alternate location if you need to cater to disk space
requirements.
The default path for the mysqlbackup binary is specified in the following line:
DBBACKUP_CMD=/opt/mysql/meb-x.x/bin/mysqlbackup
Warning
This path is made explicit for the purposes of handling future updates to the MySQL
Enterprise Backup package. It should not be changed.
120
Backing up the MySQL Database Repository
Configuration options such as how frequently the automated database backup facility should run and how
many backups should be kept through rotations, are stored within the database itself. These parameters
can be set using either the Oracle VM Manager Web Interface or the Oracle VM Manager Command Line
Interface. For more information on how to set these parameters, please refer to Prefenences section in
the Oracle VM Manager Online Help and the setDbBackupConfig command in the Oracle VM Manager
Command Line Interface User's Guide .
• AutoBackup.log, which contains information about the events that took place during the backup
process.
• datadir directory that contains the binary log for the database.
• meta directory that contains files specific to the MySQL Enterprise Backup process.
Note
It is important that MySQL root user password is the same on both the Oracle VM
Manager and MySQL database. Otherwise, database backups fail.
By default, the backup script stores the backup as a manual backup, to avoid the rotation that takes place
for automatic backups.
121
Oracle VM Manager Backup and Restore Troubleshooting
The preceding example uses the -w command-line switch to force the backup script to wait until the
backup job is complete. This option is useful if you need to capture potential error messages, but it also
causes the script to wait until the job either completes or exits due to an error. If you do not use the -w
command-line switch, you should check the status of the backup job within the Oracle VM Manager Web
Interface or Oracle VM Manager Command Line Interface to determine whether or not the job completes
successfully. You can get a full list of supported options for this command with the -h command-line
switch.
Note
The backup script assumes that you are using a CA-signed SSL certificate within
a production environment. Using a self-signed certificate is not recommended
and may result in an error when you run the script. It is possible to override SSL
verification by using the --insecure command-line parameter, however this
may compromise the security of the operation and is not recommended. A better
approach to resolving any SSL verification error, is to install an SSL certificate
signed by a recognized CA, as described in Section 2.2.6, “Changing the Default
SSL Certificate”.
1. Perform a database restore. See Section 12.1.4, “Restoring Oracle VM Manager” for more information.
Provided that you have a good backup in your archive, you should be able to revert back to it. To check
for a recent database backup, on the Oracle VM Manager host, run the following command:
ls -ltr /u01/app/oracle/mysql/dbbackup/
If a backup exists, you can proceed with the steps documented in Section 12.1.4, “Restoring Oracle VM
Manager”.
Note
You can also refer to Doc ID 2405023.1 in the Oracle Support Knowledge Base
for information about restoring the Oracle VM Manager database.
There is a check completed before each backup is run to determine if the database can be backed
up. If the database consistency check fails, automatic backups are no longer generated. For more
information, see Doc ID 2060953.1 in the Oracle Support Knowledge Base.
2. If you do not have a good backup of the database or if you have other database corruption issues,
rebuild the database. See Section 12.1.5, “Restoring Oracle VM Manager If You Have No Database
Backup”
Also, see Doc ID 2038168.1 in the Oracle Support Knowledge Base for additional information about
regenerating the Oracle VM Manager database.
122
Restoring Oracle VM Manager
1. First, if you need to reinstall or upgrade Oracle VM Manager, use the Oracle VM Manager installation
media to perform an install or upgrade of the software on your server. See the Installation and Upgrade
Guide.
You should perform the install using the runInstaller.sh --uuid uuid command and provide
the UUID from the previous manager installation you created a backup from. The UUID can be found in
the Oracle VM Manager configuration file.
Note
• The --uuid option on Oracle Linux overrides this existing UUID. Oracle
Solaris users must use the shortened form of this option: -u.
An example install command syntax for Oracle Linux is as shown in this example:
# ./runInstaller.sh --uuid 0004FB000000100002CB7F2DFFA8D8
When the Oracle VM Manager installer prompts for installation information, reuse the same usernames
for the database schema, Oracle WebLogic Server and Oracle VM Manager administration user, as set
out in the backup of the Oracle VM Manager configuration file.
If possible, you should reuse the same passwords that existed for Oracle VM Manager prior to
reinstallation, to avoid problems restarting the Oracle VM Manager service after Oracle VM Manager
has been restored from backup. If you intend to change these passwords, do so after you have
completed the restore operation.
Should you use a new password during reinstallation, you are unable to start the Oracle VM Manager
service after the database has been restored. To rectify this situation, you must manually reset the
passwords for the ovs and appfw users in the MySQL database. This can be achieved using the
mysqladmin tool.
2. After installation, reinstallation or upgrade, stop the Oracle VM Manager Command Line Interface,
Oracle VM Manager, and the database before you restore the backup. On Linux:
# /sbin/service ovmcli stop
# /sbin/service ovmm stop
# /sbin/service ovmm_mysql stop
3. To initiate the database restore, as the oracle user, use the RestoreDatabase command located in /
u01/app/oracle/ovm-manager-3/ovm_tools/bin, for example:
# su - oracle
$ bash /u01/app/oracle/ovm-manager-3/ovm_tools/bin/RestoreDatabase.sh \
ManualBackup-time_stamp_ID
The RestoreDatabase script expects the name of the directory for a particular backup directory as
described in the Installation and Upgrade Guide. You do not need to specify the full path to the backup
directory as this is already specified in the DBBACKUP variable.
123
Restoring Oracle VM Manager
The RestoreDatabase script prompts you to remove existing database directories and their contents
so that the database restore operation can complete successfully. You must confirm that it is safe
to delete this data before the script can proceed. If you opt not to delete this data, the script cannot
continue until the data has been removed. It is recommended that you allow the script to perform this
action rather than attempting to do this manually:
IMPORTANT:
As 'root', please start the OVM Manager database and application using:
service ovmm_mysql start; service ovmm start; service ovmcli start
Important
For example, database backups from an earlier 3.4.x release cannot be used in
an Oracle VM Manager deployment at release 3.4.5 or later, due to database
schema changes.
4. Restart the database and Oracle VM Manager, and the Oracle VM Manager Command Line Interface.
On Oracle Linux:
5. Because the certificates required to authenticate various components, such as the Oracle VM Manager
Web Interface and Oracle VM Manager Command Line Interface, are regenerated during the new
124
Restoring Oracle VM Manager If You Have No Database Backup
installation and the mappings for these are overwritten by the database restore, it is necessary to
reconfigure the certificates used to authenticate these components.
For more information on the ovmkeytool.sh script, see Section 2.2.1, “Oracle VM Key Tool”.
6. If you moved Oracle VM Manager to a new host, you must generate a new SSL key as follows:
# /u01/app/oracle/ovm-manager-3/ovm_upgrade/bin/ovmkeytool.sh gensslkey
For more information on generating a new SSL key, see Section 2.2.5, “Generating a New SSL Key”.
7. Restart Oracle VM Manager and then run the client certificate configuration script, as follows:
# /sbin/service ovmm restart
# /u01/app/oracle/ovm-manager-3/bin/configure_client_cert_login.sh /path/to/cacert
Where /path/to/cacert is the absolute path to the CA certificate. You must provide the path to
the CA certificate if you used a CA other than the default Oracle VM Manager CA to sign the SSL
certificate.
The script requires that Oracle VM Manager is running, and prompts you for the administrator
username and password that should be used to access Oracle VM Manager. The script makes
changes that may require Oracle VM Manager to be restarted:
# /sbin/service ovmm restart
8. Within Oracle VM Manager go to the Servers and VMs tab and perform a Refresh All on your existing
server pools. Refer to the Oracle VM Manager Online Help for more information on these options.
The instructions provided here should be used as a last resort. You really must
ensure that your backup strategy is adequate and that the database backups are
available on storage that is suitable for this purpose. Typically, these backups
should be stored on some form of network attached storage, preferably with a RAID
that provides some form of mirroring. To change the backup path to a suitable
location, see Section 12.1.2, “Backing up the MySQL Database Repository”.
If you have reinstalled Oracle VM Manager from scratch, using the runInstaller.sh --uuid uuid
command and have provided the UUID from the previous manager installation, but you do not have a
database backup, a certain level of recovery is possible based on the information stored on the Oracle VM
Servers and in your attached storage. It is important that you follow a set order of actions to ensure that the
server pools that your Oracle VM Servers are members of are able to be properly recovered. These steps
are outlined as follows:
2. Discover the storage that contains the server pool file system. Present it to the newly discovered Oracle
VM Server. Refresh the storage.
3. Refresh the file system or physical disks that contain the server pool file system.
125
Oracle WebLogic Server Backup and Restore
4. Refresh the file systems or physical disks that contain the repositories used by server pool. If you get
an error, when refreshing a physical disk, similar to the following:
OVMAPI_7281E Cannot perform operation on file system...
then take ownership of the repositories and try to perform the physical disk refresh again.
8. Refresh all Oracle VM Servers in the server pool to discover the virtual machines.
Full documentation describing the Oracle WebLogic Server LDAP backup process and how to configure
Oracle WebLogic Server LDAP backups can be found at:
http://docs.oracle.com/middleware/1221/wls/START/failures.htm#START162
In the Oracle VM context, LDAP data for Oracle WebLogic Server is stored in:
/u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/AdminServer/data/ldap
Based on the information provided in the Oracle WebLogic Server documentation, you can perform a full
backup of this directory on your own schedule, or you can rely on Oracle WebLogic Server's automated
backups located in:
/u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/AdminServer/data/ldap/
backup
If you choose to use the Oracle WebLogic Server backup service, you can change default backup
parameters. See the Configure backups for embedded LDAP servers topic in the Oracle WebLogic Server
online help.
One of the main points that should be considered when backing up a virtual machine, is whether you
can shut down the virtual machine during the back up. Backing up a running virtual machine allows the
machine to be available for use, but does not allow for a back up that is consistent or easy to restore.
Creating a back up of a running virtual machine is similar to taking a back up of a running database without
putting the tablespaces in back up or read-only mode. The first couple of blocks you back up from a the
virtual machine are likely to be out of sync with the last blocks of your back up. If and when you try to
126
Backing up Virtual Machines
restore a back up taken from a running virtual machine, you may not be able to rebuild the machine due to
disk errors.
You can install back up software in the virtual machine, for example Oracle Secure Backup. This allows
you to safely back up a running virtual machine. The ease by which you can restore the virtual machine
from the back up depends on the software used.
The following table discusses some virtual machine back up options, with some high level benefits and
disadvantages of each method. This is not an exhaustive list of all the options that may be available.
Only available on
OCFS2-based file
systems (iSCSI or fibre
channel-based storage).
The two recommended strategies for backing up a virtual machine are to:
• Shut down the virtual machine and create a cold clone, then back up the clone files from the storage
repository.
127
Backing up Virtual Machines
• Shut down the virtual machine and back up the virtual machine files from the storage repository.
These two options create a safe back up, with the virtual disks in a stable and consistent state. To restore
the virtual machine, import the virtual machine into the storage repository (see the Import Virtual Machine
section of the Server Pools Folder in the User Guide).
128
Chapter 13 Troubleshooting Oracle VM
This chapter describes how to troubleshoot common issues with Oracle VM.
For more information and support, see the following Oracle sites:
• For additional information on best practices regarding Oracle VM deployments, contact Oracle Support
and refer to Document ID 1940756.1.
/u01/app/oracle/ovm-manager-3/ovm_tools/support/vmpinfo3.sh
Syntax
./vmpinfo3.sh { --username=admin } [ listservers | servers=server1,server2,server3 ]
Options
Option Description
{ --username=admin } Specifies the user that runs the script. You should not specify a user other than
the default Oracle VM Manager user, admin.
[ listservers ] Lists all servers for which the script can collect diagnostic information. If you
specify this option, the script displays the list of servers that the Oracle VM
Manager owns and then exits. You must then run the script again to collect
diagnostic information.
[ Specifies at least one instance of Oracle VM Server for which you want to
servers=server_list collect diagnostic information. Use this option to exclude servers in your
] environment or limit the diagnostic collection to certain servers only.
Tip
Examples
To collect diagnostic information for your Oracle VM environment, including Oracle VM Manager and all of
the owned Oracle VM Servers in the model, run:
129
Output
# ./vmpinfo3.sh --username=admin
To list the servers for which you can collect diagnostic information, run:
# ./vmpinfo3.sh --username=admin listservers
Output
The script creates a tarball in the /tmp directory that contains log files, sosreports, and other diagnostic
information such as details about the Oracle VM model.
When the script completes successfully, it displays the filename of the tarball, as in the following example:
=======================================================================================
Please send /tmp/vmpinfo3-3.x.y.z-time_stamp.tar.gz to Oracle OVM support
=======================================================================================
If you need to contact Oracle Support Services, you will be asked to supply the log files mentioned in this
section. You may also be required to provide the exact version of each Oracle VM component. To find the
version of Oracle VM Manager, click the Help menu, then About. To find the version of Oracle VM Server
and Oracle VM Agent, see the Control Domain Perspective section of the Oracle VM Manager User's
Guide .
Directory Purpose
/etc/xen Contains Oracle VM Server configuration files for the Oracle VM Server
daemon and virtualized guests.
/etc/xen/scripts Contains networking related scripts.
/var/log Contains the following files: .
130
Oracle VM Server Debugging Tools
Directory Purpose
• ovm-consoled.log, logs remote VNC console access, and all
communication with Oracle VM Manager.
Note
These command line tools are included as part of the Xen environment. You should
refer to the appropriate Xen documentation for more information on using them.
131
Using DHCP on Oracle VM Servers
If you are using the Windows PuTTY SSH client, you can press Alt + the right arrow key and Alt + the left
arrow key to toggle the login screen, instead of the printed Alt-F2.
• For Fibre Channel storage, reboot the Oracle VM Server. The new storage array LUN IDs are used.
• For iSCSI storage, restart the iscsi daemon on the Oracle VM Server to delete and restore all iSCSI
target connections, for example:
# service iscsi restart
Alternatively, on the Oracle VM Server, log out and log in again to the target for which the LUN IDs have
changed, for example:
# iscsiadm --mode node --logout ip_address iqn.xyz:1535.uuid
# iscsiadm --mode node --login ip_address iqn.xyz:1535.uuid
Typically this is required when you experience an IO lock on a LUN and an unexpected change in the
kernel workload on the Oracle VM Server. You may also notice a dramatic increase in network traffic
between the Oracle VM Server and the storage array. This particular case has been noted to occur on
some ZFS appliances running Oracle Solaris 11 and is related to the Sun iSCSI COMSTAR port provider.
The problem can usually be resolved by updating package versions, however if this is not an option you
may tune your ISCSI settings on each Oracle VM Server that communicates with a SUN.COMSTAR target
to enable flow control.
132
Troubleshooting Clustered Server Pools Oracle VM Server for x86
• Change the value of the entry node.session.iscsi.InitialR2T to yes, and the value of the entry
node.session.iscsi.ImmediateData to no.
Note
• Make sure that there are no repositories presented to the server when you attempt to remove it from the
server pool. If this is the cause of the problem, the error that is displayed usually indicates that there are
still OCFS2 file systems present. See the Repositories Perspective section in the Oracle VM Manager
Online Help for more information.
• If a pool file system is causing the remove operation to fail, other processes might be working on the
pool file system during the unmount. Try removing the Oracle VM Server at a later time.
• In a case where you try to remove a server from a clustered server pool on a newly installed instance of
Oracle VM Manager, it is possible that the file server has not been refreshed since the server pool was
discovered in your environment. Try refreshing all storage and all file systems on your storage before
attempting to remove the Oracle VM Server.
• In the situation where the Oracle VM Server cannot be removed from the server pool because the server
has lost network connectivity with the rest of the server pool, or the storage where the server pool file
system is located, a critical event is usually generated for the server in question. Try acknowledging
any critical events that have been generated for the Oracle VM Server in question. See the Events
Perspective section in the Oracle VM Manager Online Help for more information. Once these events
have been acknowledged you can try to remove the server from the server pool again. In most cases,
the removal of the server from the server pool succeeds after critical events have been acknowledged,
although some warnings may be generated during the removal process. Once the server has been
removed from the server pool, you should resolve any networking or storage access issues that the
server may be experiencing.
• If the server is still experiencing trouble accessing storage and all critical events have been
acknowledged and you are still unable to remove it from the server pool, try to reboot the server to allow
it to rejoin the cluster properly before attempting to remove it again.
133
Allocating Memory for Multiple Infiniband HCAs
• If the server pool file system has become corrupt for some reason, or a server still contains remnants
of an old stale cluster, it may be necessary to completely erase the server pool and reconstruct it from
scratch. This usually involves performing a series of manual steps on each Oracle VM Server in the
cluster and should be attempted with the assistance of Oracle Support.
To resolve the out of memory errors, you should increase the dom0 memory allocation for Oracle VM
Server. See Section 1.6, “Changing the Memory Size of the Management Domain”.
13.2.8 Resolving Issue Where NIC Fails to Get IP Address if Configured for
DHCP
In some cases, when you configure a network interface for Oracle VM Server to retrieve IP addresses via
DHCP, and then bring up that interface, it cannot retrieve an IP address and the following error occurs:
Determining IP information for interface_name...
failed; no link present. Check cable?
This issue can be caused when the time it takes the network interface to come up is greater than the time
set for the LINKDELAY environment variable.
To resolve this issue, set the value of the LINKDELAY to a value of 10 or higher in the /etc/sysconfig/
network-scripts/ifcfg-eth* file, as in the following example:
DEVICE=eth3
BOOTPROTO=dhcp
HWADDR=00:00:00:00:00:00
ONBOOT=yes
LINKDELAY=10
/u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/AdminServer/logs
Oracle VM Manager that you can use for troubleshooting are as follows:
134
Oracle VM Manager Log Files
Because log file format is determined by Oracle WebLogic Server, many of these files may be difficult to
read. A log parsing tool is included with Oracle VM Manager to help extract useful information from the
actual log files. The log parsing tool is named OvmLogTool.py and is located at:
/u01/app/oracle/ovm-manager-3/ovm_tools/bin
• Convert and combine all the AdminServer log files into one easier-to-read file.
Usually analysis of the logs starts by generating an error summary log. The summary file can act as an
index into the filtered file to investigate and analyze errors, providing you with time stamps an a shortened
summary of each error that may need further investigation. To generate a summary log file, do the
following:
# python OvmLogTool.py -s -o summary
processing input file: /u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/
AdminServer/logs/AdminServer.log00001
processing input file: /u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/
AdminServer/logs/AdminServer.log
This generates a file named summary in the local directory. You can use this to look for errors that
occurred within Oracle VM Manager.
To get a full log of all events and errors within Oracle VM Manager you can do the following:
# python OvmLogTool.py -o filteredlog
processing input file: /u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/
AdminServer/logs/AdminServer.log00001
processing input file: /u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/
AdminServer/logs/AdminServer.log
This generates a file named filteredlog in the local directory. You can use this to look for all events
that occurred within Oracle VM Manager.
135
Oracle VM Manager Web Interface Database Synchronization
Finally, you can use OvmLogTool.py to filter results on the fly while tailing the log:
# python OvmLogTool.py -t
tailing log file: /u01/app/oracle/ovm-manager-3/domains/ovm_domain/servers/
AdminServer/logs/AdminServer.log
Use Ctrl+C to exit the program when you have finished tailing the log file.
It is possible, in specific cases, for the representation of the data model to become out of sync with the
actual data model. As a result, some objects in the Oracle VM Manager Web Interface do not reflect
the actual environment. A typical scenario where this may happen is during a virtual machine clone
operation that fails. During this process, the virtual machine is actually created within the data model and
the database used by the user interface layer. If a part of the whole operation fails, Oracle VM Manager
attempts to clean up and roll back, resulting in the virtual machine being removed from the data model.
However, in this case, an event is not generated to notify that the clean up has succeeded, and the virtual
machine information remains in the user interface database. The result is that the cloned virtual machine is
still shown in the Oracle VM Manager Web Interface and the Oracle VM Manager Command Line Interface
even though it does not actually exist in the environment.
The user interface database is not resynchronized automatically when the service is restarted, as this can
take a long time for large environments. To force database resynchronization, you must create a file on
the Oracle VM Manager host before restarting the service. The following instructions explain how to force
resynchronization.
Steps to resynchronize the Oracle VM Manager Web Interface database
• You must access the shell of the Oracle VM Manager host, either directly or over SSH.
If you are unable to do this as the oracle user, then touch the file as any other user but ensure that its
permissions are such that any other user can delete the file:
# touch /tmp/.resyncUI
# chmod 666 /tmp/.resyncUI
136
No File Systems Found When Searching a Storage Server
performance degradation occurs. To resolve these performance issues, you can increase the amount of
memory that is allocated to Oracle WebLogic Server.
Note
You should not increase the memory allocation to the maximum limit that is
available to the host server. As a guideline, you should leave at least 2GB available
memory for the host operating system and other services.
1. Start an ssh session to the Oracle VM Manager host computer as the root user.
3. Specify the amount of memory allocated to Oracle WebLogic Server as the value for the
JVM_MEMORY_MAX property.
Note
See the Preferences section in the Oracle VM Manager Online Help for more information on Oracle VM
Manager UI preferences.
In most instances, this is not a problem, since servers are automatically configured to use the Oracle
VM Manager as an NTP server as soon as ownership is taken. However, during server discovery the
Oracle VM Manager uses a password to perform its initial authentication against a server and to provide its
certificate for ongoing communication. During this phase of discovery, a check is performed to ensure that
the system time on the Oracle VM Server is within the bounds required for certificate authentication to take
place. If this is not the case, discovery fails and an error message is returned:
OVMAPI_4024E: Cannot take ownership of server myserver5.virtlab.info because the date
and time on the server are outside the valid range for the manager's SSL certificate.
The certificate is valid from 10/24/13 7:37 PM to 10/25/23 7:37 PM, but server's timestamp
137
Cannot Create a Clustered Server Pool on a Disk that already has an OCFS2 File System
is 9/28/13 8:14 PM. Please verify the server's NTP and time settings.
In this situation, it is necessary that you access the affected Oracle VM Server directly and update its
system time manually before attempting to rediscover the server using Oracle VM Manager. Once Oracle
VM Manager has completed discovery and is able to take ownership of the server, its NTP configuration is
updated automatically and it remains synchronized with the Oracle VM Manager host.
13.3.6 Cannot Create a Clustered Server Pool on a Disk that already has an
OCFS2 File System
If you attempt to create a clustered server pool using a disk located on a storage device that already
contains an OCFS2 file system, the Oracle VM Agent on the server detects the file system and refuses to
overwrite it. This is normal behavior and protects you from accidentally setting up two OCFS2 file systems
with matching UUIDs on the same disk, leading to instability and unexpected behavior.
If you are certain that the existing OCFS2 file system that is already present on the disk is no longer in use
by any other server pool or repository, you can clean the disk by connecting to the Oracle VM Server and
issuing the following command:
dd if=/dev/zero of=/dev/mapper/360a98000433468704234786f36394763 bs=1M count=256
Warning
Using dd is data destructive. Make sure you are certain about the disk device
name and that the OCFS2 file system that you are deleting is no longer in use.
It is advisable to make backups of any data that exists on the disk that you are
editing before proceeding. This operation should be performed by a skilled systems
administrator.
138
Removing Oracle VM Template Configuration Packages on Oracle Linux 5 Hosts
Warning
Using fdisk is data destructive. Make sure you are certain about the disk device
name and partitions that you are deleting. It is advisable to make backups of any
data that exists on the disk that you are editing before proceeding. This operation
should be performed by a skilled systems administrator.
Usually, restarting the affected Oracle VM Server after performing these operations is advisable. In the
case of an iSCSI disk, connections to targets need to be re-initiated. In all cases, the storage needs to be
refreshed. Simply restarting the Oracle VM Server ensures that all necessary actions are performed.
Once the Oracle VM Server has restarted, you may attempt to recreate the repository.
To resolve this, you must use two yum erase operations and ensure that ovm-template-config is
removed last, as follows:
#yum erase ovm-template-config-authentication \
ovm-template-config-datetime \
ovm-template-config-firewall \
ovm-template-config-network \
ovm-template-config-selinux \
ovm-template-config-ssh \
ovm-template-config-system \
ovm-template-config-user
13.3.9 Unable to Manage Oracle VM Server for x86 at Release 3.2.10 or 3.2.11,
and Oracle VM Agent for SPARC at Release 3.3.1
As of Oracle VM Release 3.4.5, Oracle VM Manager uses the TLS version 1.2 (TLSv1.2) protocol for all
connections for security reasons. As a result, management of Oracle VM Server for x86 at Release 3.2.10
or 3.2.11, and Oracle VM Agent for SPARC at Release 3.3.1, is not possible by default. As a workaround,
you must enable the TLSv1 protocol, which is less secure.
For instructions on how to do this, see Enabling the TLS Version 1 Protocol in the Oracle VM Installation
and Upgrade Guide .
139
Wallclock Time Skew Problems
PVM guests may perform their own system clock management, for example, using the NTPD (Network
Time Protocol daemon), or the hypervisor may perform system clock management for all guests.
You can set paravirtualized guests to manage their own system clocks by setting the
xen.independent_wallclock parameter to 1 in the /etc/sysctl.conf file. For example:
"xen.independent_wallclock = 1"
If you want to set the hypervisor to manage paravirtualized guest system clocks, set
xen.independent_wallclock to 0. Any attempts to set or modify the time in a guest will fail.
You can temporarily override the setting in the /proc file. For example:
"echo 1 > /proc/sys/xen/independent_wallclock"
Note
Proper maintenance of virtual time can be tricky. The various parameters provide tuning for virtual time
management and supplement, but do not replace, the need for an ntp time service running within guest.
Ensure that the ntpd service is running and that the /etc/ntp.conf configuration file is pointing to valid
time servers.
Restart the Oracle VM Server for the changes to take effect. You may need to do this for each Oracle VM
Server in the server pool.
13.4.4 Cloning Virtual Machine from Oracle VM 2.x Template Stuck in Pending
When creating a virtual machine from an Oracle VM 2.x template, the clone job fails with the error:
OVMAPI_9039E Cannot place clone VM: template_name.tgz, in Server Pool: server-pool-uuid.
That server pool has no servers that can run the VM.
This is caused by a network configuration inconsistency with the vif = ['bridge=xenbr0'] entry in
the virtual machine's configuration file.
To resolve this issue, remove any existing networks in the virtual machine template, and replace them with
valid networks which have the Virtual Machine role. Start the clone job again and the virtual machine clone
is created. Alternatively, remove any existing networks in the template, restart the clone job, and add in any
networks after the clone job is complete.
140
Hardware Virtualized Guest Stops
Virtual machines can be live migrated between instances of Oracle VM Server that are at the same release
or later. For virtual machines running on an x86 platform, a rule exception is generated if you attempt to
live migrate a virtual machine to an Oracle VM Server with an earlier release than the Oracle VM Server
where the virtual machine is running.
Before the cleanup operation is triggered, an event is created within Oracle VM Manager to indicate that
the migration job has failed or been aborted and to track the rollback process. When the event is generated
within Oracle VM Manager, it is set with a 'WARNING' status. The rollback process is generated as a set
of up to three different jobs that are each given a timeout period of 15 minutes, and which are triggered to
attempt to run every 10 seconds. If these jobs succeed, Oracle VM Manager acknowledges the event. If
the jobs all timeout, Oracle VM Manager still acknowledges the event, but a second user-acknowledgeable
event is created with 'WARNING' status to indicate that the rollback failed. Depending on the cause of
the rollback failure, Oracle VM Manager might also create user-acknowledgeable events with 'CRITICAL'
status.
Because jobs are usually performed sequentially, it may take a total of 45 minutes before the entire
rollback process times out and the new event indicating rollback failure is generated. The rollback failure
event is also logged in the the log file /u01/app/oracle/ovm-manager-3/domains/ovm_domain/
servers/AdminServer/logs/AdminServer.log on the Oracle VM Manager host.
The information in the rollback failure event contains the rollback plan that Oracle VM Manager
attempted to follow to cleanup a failed virtual machine migration. This event can be viewed using the
getEventsForObject command with the Oracle VM Manager Command Line Interface, by viewing the
events associated with the virtual machine within the Oracle VM Manager Web Interface or via the Oracle
VM Web Services API.
The following content represents the typical output displayed within the description field for a rollback
failure event:
Live VM Migration With Storage, started at 2015-11-04 09:51:13,205
141
Recovering From A Failed Local Virtual Machine Migration
Note that the description of the event provides detailed information about the migration process and
indicates that the migration job has failed. The message explains that the virtual machine is set back to
run on the source server and that the source virtual disks have been retained. This means that the virtual
machine may either be running or stopped on the source server, but from the perspective of Oracle VM
Manager, the location of the virtual machine has been reverted. Most significantly, the output contains a
'post-migration completion plan'. This plan provides a full breakdown of the steps that must be performed
to roll the environment back to its original state.
If an event like this appears for a failed migration of a locally hosted virtual machine, you must manually
perform the rollback steps on the target server when it next becomes available. It is very important that you
ensure that the rollback steps are performed on the systems indicated in the post-migration completion
plan. Performing any of these steps on another server could have detrimental effects and could result in
virtual machine corruption.
During the migration, the virtual machine enters into a paused state as it is copied from the source Oracle
VM Server to the target Oracle VM Server. Once the copy is complete, the virtual machine on the target
142
Recovering From A Failed Local Virtual Machine Migration
Oracle VM Server is not indicated within Oracle VM Manager in any way, as this would conflict with the
virtual machine with the identical UUID that is located on the original source Oracle VM Server. This
transition is performed within Oracle VM Manager when the migration is complete. As a result two virtual
machines with identical UUIDs may exist within the environment for the period of the migration. If the target
server goes offline at any point during the migration, it is frequently the case that at least one of these
virtual machines must be killed off to prevent conflict. Since the representation of the virtual machine within
Oracle VM Manager is not reliable until the rollback has been completed, it is necessary that you must
perform the kill operation directly on the indicated Oracle VM Server. This is usually done over SSH as the
root user, using the following command:
ovs-agent-rpc stop_vm "''" "'0004fb0000060000c71d489702c240b3'" "True"
Note that 0004fb0000060000c71d489702c240b3 should match the UUID of the virtual machine that
you were originally migrating. Also pay attention to the quotes in each of the arguments presented here.
The first argument for this command is empty, so a pair of single quotes are enclosed in a pair of double-
quotes. The second argument is the UUID of the virtual machine that you intend to kill and is represented
as enclosed in a pair of single quotes within a pair of double-quotes. Finally, the last argument is used to
force the action and contains the text True enclosed in a pair of double-quotes.
Note that you should use this command to stop the virtual machine because it helps to identify the correct
virtual machine domain to destroy, it maintains the integrity of your environment and logs any actions
carried out on the virtual machine. Do not attempt to use Xen hypervisor tools to perform any actions on
the virtual machine directly without explicit instruction from an Oracle Support representative.
Remove any Virtual Disks from the Repository on the Target Oracle VM Server
A live migration of a virtual machine that is hosted on local storage also requires that any virtual disks
are copied from the repository hosted on the source server across to the repository of the target server.
Therefore, it is necessary that you manually delete any of these files from the repository hosted on the
target Oracle VM Server to clean the environment. To do this, you must SSH to the target Oracle VM
Server and delete the files listed in the plan returned in the event description. For example:
rm -f /OVS/Repositories/0004fb0000030000f9ba13d5063e330a/VirtualDisks/
0004fb000012000005213553a5bba24f.img
rm -f /OVS/Repositories/0004fb0000030000f9ba13d5063e330a/VirtualDisks/
tmp_dest.0004fb000012000005213553a5bba24f.img
Remove the Virtual Machine Configuration from the Repository on the Target Oracle VM
Server
The virtual machine configuration for the virtual machine is also copied from the repository hosted on the
source server across to the repository of the target server during the migration. Therefore, it is necessary
that you manually delete any of these files and directories from the repository hosted on the target Oracle
VM Server to clean the environment. To do this, you must SSH to the target Oracle VM Server and delete
the files listed in the plan returned in the event description. For example:
rm -f /OVS/Repositories/0004fb0000030000f9ba13d5063e330a/VirtualMachines/
0004fb0000060000c71d489702c240b3/vm.cfg
rm -rf /OVS/Repositories/0004fb0000030000f9ba13d5063e330a/VirtualMachines/
0004fb0000060000c71d489702c240b3
rm -f /OVS/Repositories/0004fb0000030000f9ba13d5063e330a/VirtualMachines/
tmp_dest.0004fb0000060000c71d489702c240b3
143
Migrating Large Hardware Virtualized Guest Results in CPU Soft Lock
and you have performed manual steps to revert your environment to its original state, you must also
refresh the repository within Oracle VM Manager so that the model accurately reflects the state of the
repository. You can either do this using the Oracle VM Manager Web Interface or you can use the Oracle
VM Manager Command Line Interface directly. For example:
ssh -l admin localhost -p 10000 refresh repository name="r216"
13.4.8 Migrating Large Hardware Virtualized Guest Results in CPU Soft Lock
On some hardware, such as the SUN FIRE X4170 M2 Server, migration of very large virtual machines
using hardware virtualization can result in a soft lockup causing the virtual machine to become
unresponsive. This lock is caused when the migration causes the virtual machine kernel to lose the clock
source. Access to the console for the virtual machine shows a series of error messages similar to the
following:
BUG: soft lockup - CPU#0 stuck for 315s! [kstop/0:2131]
To resolve this, the virtual machine must be restarted and the clocksource=jiffies option should be
added to the HVM guest kernel command line, before rebooting the virtual machine again.
Important
This option should only be used on HVM guest systems that have actually resulted
in a CPU soft lock.
Hardware virtualized guest operating systems expect to be loaded in memory starting somewhere around
address 0 and upwards. This is only possible for the first hardware virtualized guest loaded. Oracle VM
Server virtualizes the memory address to be 0 to the size of allocated memory, but the guest operating
system is actually loaded at another memory location. The difference is fixed up in the shadow page table,
but the operating system is unaware of this.
For example, a sound is loaded into memory in a hardware virtualized guest running Microsoft Windows™
at an address of 100 MB may produce garbage through the sound card, instead of the intended audio. This
is because the sound is actually loaded at 100 MB plus 256 MB. The sound card receives the address of
100 MB, but it is actually at 256 MB.
An IOMMU (Input/Output Memory Management Unit) in the computer's memory management unit would
remove this problem as it would take care of mapping virtual addresses to physical addresses, and enable
hardware virtualized guests direct access to the hardware.
144
Cannot Create a Virtual Machine from Installation Media
# vi /OVS/Repositories/UUID/vm.cfg
Locate each disk entry that contains a hardware device such as hda, hdb, or hdc and replace with an
xvd mapping, such as xvda, xvdb, xvdc etc.
Restart the virtual machine with the new configuration, to check that it is able to discover the disk or virtual
cdrom device.
To resolve this issue, make sure the Oracle VM Server supports hardware virtualization. Follow these
steps to check:
a. Run the following command to check if hardware virtualization is supported by the CPU:
# cat /proc/cpuinfo |grep -E 'vmx|smx'
If any information that contains vmx or smx is displayed, it means that the CPU supports hardware
virtualization. Here is an example of the returned message:
flags : fpu tsc msr pae mce cx8 apic mtrr mca cmov pat pse36 clflush dts acpi mmx fxsr
sse sse2 ss ht tm pbe nx lm constant_tsc pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
Note
c. Run the following command to check if the operating system supports hardware virtualization:
# xm info |grep hvm
If the CPU does not support hardware virtualization, use the paravirtualized method to create the virtual
machine. See the Servers and VMs Tab section in the Oracle VM Manager Online Help for information on
creating a paravirtualized virtual machine.
145
Generating Guest Dump Files on Oracle VM Server (x86)
By default, this facility is disable at a system-wide level. It is possible to change this behavior by editing /
etc/xen/xend-config.sxp directly and changing the lines:
# Whether to enable core-dumps when domains crash.
#(enable-dump no)
to:
# Whether to enable core-dumps when domains crash.
(enable-dump yes)
After making this change, you must reboot the Oracle VM Server for the change to take effect. Manually
editing the global Xen configuration parameters on an Oracle VM Server is not supported by Oracle.
It is possible to override the system-wide behavior by setting this parameter directly in the vm.cfg for
each individual virtual machine. This is the preferred approach to generating dump files, as it allows you
to limit core dumps to only those virtual machines that you are interested in debugging. Therefore, this
configuration option can be controlled for each virtual machine from within Oracle VM Manager. You
can set this option by configuring the Restart Action On Crash option for a virtual machine. See
the Servers and VMs Tab section in the Oracle VM Manager Online Help for more information on this
parameter.
If you change the Restart Action On Crash option for a virtual machine, you must stop the virtual
machine and then start it again before the change takes effect. This is different to restarting the virtual
machine, as the vm.cfg configuration file for the virtual machine is only read by the Xen hypervisor when
the virtual machine is started. If you have made the configuration change but have not properly restarted
the virtual machine, a crash and reboot does not automatically cause the configuration option to take
effect.
To test whether or not the core dump facility is working properly for a virtual machine, you may be able to
directly trigger a crash by logging into the virtual machine and obtaining root privileges before issuing the
following command:
# echo c >/proc/sysrq-trigger
This command assumes that the operating system on the virtual machine is Linux-based and that the
System Request trigger is enabled within the kernel. After you have triggered the crash, check /var/xen/
dump on the Oracle VM Server where the virtual machine was running to view the dump file.
146
Tuning a Linux-based Virtual Machine for Handling Storage Migration
that are running a Linux operating system by tuning virtual memory caching parameters within the guest
kernel and by reducing the ext4 journaling commit frequency on any guests that may be running file sytems
that are formatted with ext4.
Tuning virtual memory caching. On the guest command line, as the root user, you can tune the cache
by using the sysctl command to set a number of kernel parameters. Oracle recommends that you reduce
the cache size to 5% of the system memory (the default value is 10) and reduce the time that a memory
page can remain dirty until it is flushed to around 20 seconds (the default is 30 seconds). You can do this
temporarily by running the following commands:
# sysctl -w vm.dirty_background_ratio=5
# sysctl -w vm.dirty_expire_centisecs=2000
When you have done this, you can load these values into the kernel by running sysctl -p.
Tuning ext4 journaling. If the guest is using any filesystems that are formatted to use ext4, the
journaling commit process may be affected by a migration. To protect against this, decrease the amount
of time between journal commits and ensure that commits are performed asynchronously. To do this, you
should tune your mount parameters for any ext4 filesystem that you have mounted within the guest. For
example when mounting an ext4 formatted filesystem you might use the following options:
# mount -o commit=5,journal_async_commit /dev/xvdd /vdisk3
To perform this effectively for all ext4 mounts, you may need to edit your /etc/fstab.
147
148
Glossary
C
clone
The action or result of making an exact copy of an object. The object may be a virtual machine, virtual machine
template, ISO file, or virtual disk. Cloning is similar to copying and maintains the integrity of the original object,
while creating a new object based on the original. A clone customizer may be used to define cloning options to
specify details of where the object components may reside when cloned, such as in a different storage repository.
D
dom0
An abbreviation for domain zero. The management domain with privileged access to the hardware and device
drivers. Dom0 is the first domain started at boot time. Dom0 has more privileges than domU. It can access the
hardware directly and can manage the device drivers for other domains. It can also start new domains.
domU
An unprivileged domain with no direct access to the hardware or device drivers. Each domU is started by dom0.
E
events
Events are used to register status information of "objects" within Oracle VM Manager for future reference or to
make problems easier to trace back. Events are often, though not always, related to jobs that are initiated within
Oracle VM Manager. For instance, when a job fails, an event is generated. Events can also be triggered through
changes in the environment such as server crashes or storage disconnects. Therefore, events are used to alert
you to potential problems that may need your attention.
Events are categorized by severity. Most events will be informational, but they can also be warnings or errors. If
an event has an error level severity, you need to acknowledge the error event to clear the error and to perform
further operations on the object that generated the error.
G
guest
A guest operating system that runs within a domain in Oracle VM Server. A guest may be paravirtualized or
hardware virtualized. Multiple guests can run on the same Oracle VM Server.
H
hard partitioning
Hard partition, or CPU pinning, is the act of binding a virtual machine to one or more physical CPUs or cores.
This prevents software within the virtual machine from running on any cores other than those specified for the
virtual machine. By default, Oracle VM takes advantage of distributed resource scheduling, which allows a virtual
machine to use all cores on an Oracle VM Server as required. In some situations, such as the requirement
to conform with Oracle licensing policies for partitioned environments, it may be desirable to implement hard
partitioning.
149
Hard partitioning can result in restrictions on live migration, DRS and DPM.
host computer
The physical computer on which the software is installed. Typically used to refer to either the computer on which
Oracle VM Server or Oracle VM Manager is running.
hypervisor
A hypervisor, also called a monitor or Virtual Machine Manager (VMM), is a layer which abstracts the virtual
hardware from the real hardware. As such it is the only privileged entity in the system which has full access to real
hardware resources. It controls only the most basic resources of the system, including CPU and memory usage,
privilege checks, and hardware interrupts.
Hosted hypervisors are designed to run within a traditional operating system. In other words, a hosted hypervisor
adds a distinct software layer to the host operating system, and the guest operating system becomes a third
software level above the hardware and the host-based hypervisor. A well-known example of a hosted hypervisor
is Oracle VM VirtualBox. Others include VMware Server and Workstation, Microsoft Virtual PC, KVM, QEMU, and
Parallels.
Native hypervisors are software systems that run directly on the host's hardware to control the hardware, and to
monitor the guest operating systems. The guest operating system runs on a separate level above the hypervisor.
Examples of this type of virtualization architecture are Oracle VM, Microsoft Hyper-V, VMware ESX, and Xen.
M
messaging
Oracle VM supports a messaging system that enables communication between the Oracle VM Manager and a
guest running within a virtual machine on any Oracle VM Server, as long as the guest has the Oracle VM Guest
Additions installed. This messaging system works by sending key/value pairs between the guest and Oracle VM
Manager via a secured connection. Messaging allows greater administrative control over virtual machines and
facilitates remote and automated configuration of virtual machines as they are started.
migrate
The act of moving a virtual machine from one Oracle VM Server to another, or to the Unassigned Virtual
Machines folder. Technically, a migration can only be performed on a running virtual machine, however the
Oracle VM Manager Web Interface and Oracle VM Manager Command Line Interface may combine multiple
operations to make it appear that you can perform a migration on either a running or a stopped virtual machine.
multipath
The technique of creating more than one physical path between the server CPU and its storage devices. It results
in better fault tolerance and performance enhancement. Oracle VM supports multipath I/O out of the box. Oracle
VM Servers are installed with multipathing enabled because it is a requirement for SAN disks to be discovered by
Oracle VM Manager
O
OCFS2
Oracle Cluster File System (OCFS2) is a general-purpose shared-disk cluster file system for Linux capable of
providing both high performance and high availability. OCFS2 is developed by Oracle and is integrated within the
mainstream Linux kernel. OCFS2 is used within Oracle VM to facilitate clustered server pools, storage of virtual
machine images and for the purpose of allowing guests to share the same file system.
A clustered server pool always uses an OCFS2 file system to store the cluster configuration and to take
advantage of OCFS2's heartbeat facility. There are two types of heartbeats used in OCFS2 to ensure high
availability:
150
• The disk heartbeat: all Oracle VM Servers in the cluster write a time stamp to the server pool file system device.
• The network heartbeat: all Oracle VM Servers communicate through the network to signal to each other that
every cluster member is alive.
These heartbeat functions exist directly within the kernel and are fundamental to the clustering functionality that
Oracle VM offers for server pools. The server pool file system should be stored on a separate NFS server or on a
small LUN if possible, as OCFS2's heartbeat facility can be disturbed by intensive I/O operations taking place on
the same physical storage.
A storage repository configured on a LUN-based repository must be linked to a clustered server pool due to the
nature of the OCFS2 file system. As a result, LUN-based repositories cannot be shared between multiple server
pools, although it is possible to move an OCFS2 repository from one server pool to another.
Oracle VM Agent
An application installed with Oracle VM Server. The Oracle VM Agent receives and processes management
requests, and provides event notifications and configuration data to the Oracle VM Manager. Oracle VM Manager
manages the virtual machines running on Oracle VM Server by communicating with Oracle VM Agent. It contains
three components: master Oracle VM Server, Utility Server, and Virtual Machine Server.
Oracle VM Manager
Oracle VM Manager is the management platform, which offers an easy-to-use, web-browser interface as well as
a command-line interface (CLI). Oracle VM Manager tracks and manages the resources available in your virtual
environment and allows you to easily manage Oracle VM Server pools. Oracle VM Manager lets you manage the
virtual machine life cycle, including creating virtual machines from templates or from installation media, deleting,
powering off, uploading, deployment and live migration of virtual machines. Oracle VM Manager also lets you
manage resources including ISO files, templates and shared virtual disks.
Oracle VM Server
A self-contained virtualization environment designed to provide a lightweight, secure, server-based platform for
running virtual machines. The Oracle VM Server comprises a hypervisor and a privileged domain (called dom0)
that allow multiple domains or guest operation systems (such as Linux, Solaris, and Windows) to run on one
physical machine. Includes Oracle VM Agent to enable communication with Oracle VM Manager.
The Oracle VM Server for x86 incorporates an open source Xen hypervisor component, which has been
customized and optimized to integrate into the larger, Oracle - developed virtualization server. The Oracle
VM Server for x86 is also responsible for access and security management and generally acts as the server
administrative entity, because the hypervisor’s role is limited.
On Oracle VM Server for SPARC systems, the SPARC hypervisor is built into the SPARC firmware and is
generally referred to as the Logical Domains Manager. As with the Xen hypervisor, each virtual machine is
securely executed on a single computer and runs its own guest Oracle Solaris operating system
P
paravirtualized machine (PVM)
A virtual machine with a kernel that is recompiled to be made aware of the virtual environment. Runs at near
native speed, with memory, disk and network access optimized for maximum performance.
Paravirtualized guests use generic, idealized device drivers, which are part of the guest’s OS. The I/O operations
using these generic device drivers are mapped to the real device drivers in dom0. The generic, abstracted drivers
in the guest seldom change and provide excellent guest stability. The dom0 domain, alternatively, can use the
native hardware vendor drivers, and the guests can safely migrate to another dom0 with slightly different drivers.
151
For other resources such as CPU and memory, paravirtualized kernels make special “hypercalls” to the Xen
hypervisor. These hypercalls provide better performance by reducing the number of instructions and context
switches required to handle an incoming request. By contrast, on an emulated (hardware virtualized) guest, driver
requests engage the guest’s interrupt handler, increasing the I/O operation overhead.
Q
QEMU
Also referred to as qemu-dm, which is the process name. The virtualization process which allows full virtualization
of a PC system within another PC system.
S
server pool
Server pools logically organize one or more Oracle VM Servers into groups where virtual machines can run.
Each server pool can have up to 32 physical servers. Each Oracle VM Server can be a member of only one
server pool. The server pool is the operational unit of Oracle VM. Policies are configured and enforced at the
server pool level.
A minimum cluster of three Oracle VM Server nodes in each server pool is strongly recommended for high
availability. If one node in the cluster experiences a hardware failure or is shut down for maintenance, failover
redundancy is preserved with the other two nodes. Having a third node in the cluster also provides reserve
capacity for production load requirements.
V
virtual disk
A file or set of files, usually on the host file system although it may also be a remote file system, that appears as a
physical disk drive to the guest operating system.
W
WebLogic
Oracle WebLogic Server is a platform that includes an application server that can run java applications within
a web-based framework. Oracle VM Manager runs as an application within Oracle WebLogic Server, taking
advantage of many of Oracle WebLogic Server's many features to deliver a robust web UI through which Oracle
VM can be fully managed.
The installation process behind Oracle VM Manager automatically installs and configures Oracle WebLogic
Server on the system where Oracle VM Manager is installed. During this process, a weblogic user is set up within
Oracle WebLogic Server to manage Oracle WebLogic Server configuration and to administer the underlying
system. An admin user is also set up within Oracle WebLogic Server and is given permission to access the
152
Oracle VM Manager application. A typical setup uses the same password for both of these users, although
this is not always the case and it is possible to configure a different password for each user depending on your
requirements.
In general, users of the Oracle VM Manager application should avoid attempting to access the underlying Oracle
WebLogic Server, or to change any configuration parameters here without guidance from Oracle Support.
153
154
dom0
Index memory, 11, 134
driver
A psif, 134
Active Directory authentication
Oracle VM Manager, 53 F
admin file systems unavailable (timeout)
delete user, 42 Oracle VM Manager, 137
lock Oracle VM Manager account, 43
Oracle VM Manager administration tool, 39
unlock Oracle VM Manager account, 44 G
admin user guest clock
change password, 52 set, 139
authentication
limit, 52 H
Oracle VM Manager, 51 hardware virtualization
Oracle WebLogic Server, 52 setting in BIOS, 145
restrict, 52
I
B installing
backup Oracle VM Utilities, 93
MySQL, 120 ISCSI
Oracle VM Manager, 119 tuning, 132
Oracle WebLogic Server LDAP, 126
BIOS
setting hardware virtualization, 145 J
JVM memory setting
Oracle WebLogic Server, 136
C
CA certificate, 30
CD K
change in virtual machine, 145 kdump, 5, 6
certificate installation, 30 keystore, 30
clock, 140 Ksplice
set, 139 Oracle VM Server, 59
command line tools Xen update, 59
Oracle VM Server, 131
configuration L
MySQL, 50 LDAP authentication
Oracle VM Manager, 29 Oracle VM Manager, 53
Oracle VM Server, 1 limit
configuration file authentication, 52
Oracle VM Manager, 119 Linux host
convert convert, 101
Linux hosts, 101 list
VMWare virtual machine, 101 Oracle VM Manager data sources, 45
Oracle VM Manager users, 40
D lock
data sources Oracle VM Manager user account, 43
list Oracle VM Manager users, 45 log
delete Oracle VM Agent, 131
Oracle VM Manager user, 42 Oracle VM Manager, 134
DHCP, 132 Oracle VM Server, 131
diagnostic tools, 5, 5, 6 Oracle WebLogic Server, 134
155
logs list data sources, 45
MySQL, 50 list users, 40
Oracle VM Manager, 47 lock user, 43
rotate, 47 log, 134
LUN remapping, 132 logs, 47
MySQL root password, 48
M restore, 122
memory server discovery failed, 137
dom0, 11, 134 synchronization, 136
memory allocation unlock user, 44
Oracle WebLogic Server, 136 Oracle VM Manager database
monitoring tools password, 45
SNMP, 55 Oracle VM Server
mouse command line tools, 131
tracking problems, 140 configuration, 1
multipath, 1 disable PVM guests, 10
MySQL Ksplice update, 59
backup, 120 log, 131
configuration, 50 SNMP monitoring tools, 55
logs, 50 SNMP service, 55
password, 45 Oracle VM Server for SPARC, 12
start, 50 Oracle VM Utilities, 93
stop, 50 installing, 93
MySQL root password Oracle WebLogic Server
Oracle VM Manager, 48 authentication, 52
update, 48 change admin password, 52
change password, 42
create user, 41
N delete user, 42
netconsole, 5 JVM memory setting, 136
NTP list data source, 45
Oracle VM Manager, 137 list users, 40
lock user, 43
O log, 134
Oracle VM Agent memory allocation, 136
log, 131 unlock user, 44
Oracle VM Guest Additions, 73 Oracle WebLogic Server LDAP
installing, 77 backup, 126
ovmcmd, 81 OS Watcher, 5, 5
ovmd, 78 osc.log, 131
packages, 73 OSWbb, 5, 5
upgrading, 77 ovm-consoled.log, 131
Oracle VM Manager ovmcmd
Active Directory authentication, 53 Oracle VM Guest Additions, 81
administration tool ovm_admin, 39 Windows guest, 81
authentication, 51 ovmd
backup, 119 Oracle VM Guest Additions, 78
change user password, 42 syntax, 78
configuration, 29 ovmwatch.log, 131
configuration file, 119 ovm_admin
create user, 41 Oracle VM Manager administration tool, 39
database schema, 45 syntax, 39
file systems unavailable (timeout), 137 ovm_vmcontrol
LDAP authentication, 53 syntax, 93
156
ovm_vmdisks stop
syntax, 96 MySQL, 50
ovm_vmhostd, 97 storage
ovs-agent.log, 131 software RAID, 2
Storage Connect
P plug-in installation, 1
P2V, 101 syntax
paravirtualization ovmd, 78
disabling, 10 ovm_admin, 39
password ovm_vmcontrol, 93
change admin password, 52 ovm_vmdisks, 96
change Oracle VM Manager user password, 42 system clock
password reset set, 139
Oracle VM Manager database, 45
psif T
driver, 134 timeout
PVM UI session, 29
disabling, 10 troubleshooting
ISCSI, 132
Q
QEMU, 141 U
qemu-dm.pid.log, 131 UI
timeout, 29
R UI synchronization
restore Oracle VM Manager, 136
Oracle VM Manager, 122 unlock
restrict Oracle VM Manager user account, 44
authentication, 52 update
rotate MySQL root password, 48
logs, 47 user
change Oracle VM Manager user password, 42
S create Oracle VM Manager user, 41
delete, 42
SAP support, 97
list Oracle VM Manager users, 40
security, 30
lock Oracle VM Manager account, 43
service domains
unlock Oracle VM Manager account, 44
SPARC, 14
session
timeout, 29 V
shadow domain virtual machine
SPARC, 14 change CD, 145
Simple Network Management Protocol disable PVM, 10
monitoring tools, 55 dump files, 146
SNMP virtual machine dump files, 146
monitoring tools, 55 vm-dump-metrics, 97
SNMP service vmcore, 5
Oracle VM Server, 55 VMware virtual machine
software RAID convert, 101
storage, 2
SPARC W
service domains, 14 Wallclock Time Skew, 140
SSL encryption, 30 Windows guest
start Oracle VM Guest Additions, 81
MySQL, 50 ovmcmd, 81
157
X
xen-hotplug.log, 131
xen.independent_wallclock
set, 139
xend-debug.log, 131
xend.log, 131
Z
ZFS, 12
158