Connecting to a Guest VM From Another Computer Without Using XenServer?

[Michael Cropper]

Hi, 

 

So, now I can manage to create VMs via XenCenter - I'm now looking at the next step which is to connect to those VMs via the usual SSH commands. 

 

I can connect to the VM via the 'Console' tab within XenCenter, but I'm looking to connect via standard SSH commands, say using PuTTy. 

 

I have a feeling that I need to do quite a bit of what I call 'networking magic' within XenCenter to set 'something' up so that I can do this. From all the documentation I've read to date, I'm not clear exactly what I need to do here. 

 

What are the fundamental things I need to configure to get this working?

 

Ultimately what I'm wanting to achieve is;

 

 - PC with XenCenter and PuTTy installed

 - XenServer with 1x VM

 - - VM1 with Apache installed and a /helloworld.html page created already

 

How do I go about configuring things so that within the web browser I can type in {server-ip-address / something else???}/helloworld.html

 

And likewise, the same basic question is what IP address do I need to type into PuTTy to SSH into the VM?

 

 

Regards,

Michael

[Alan Lantz]

Just do it ? If your VM has port 22 open you should be able to SSH to it.

 

--Alan--

 

[Tobias Kreidl]

Note that curl is installed natively on XenServer; from one XenServer you can say "curl http://mywebserver.whatever/helloworld.html" to another.

 

-=Tobias

[Michael Cropper]

With these answers, I feel I have missed something blindingly obvious...

 

The XenServer has a static IP address of 192.168.0.153 - but I can't just SSH into that IP address as that SSHs into the XenServer itself, rather than the VM within it. Likewise, if I enter 192.168.0.153/helloworld.html in the browser, this also doesn't work because the HostOS on dom0 doesn't have Apache installed, it is the VM that has Apache installed and that is where the html file lives. 

 

I'm trying to access this VM from another PC. 

 

Also, I assume that XenServer installs OpenSSH onto the VMs so that they always have SSH on by default? I assume that this is how the Console tab within XenCenter works? I may be wrong about that though. 

 

 

Regards,

Michael

[Tobias Kreidl]

Let's review. XenServer uses the primary network interface for communications via dom0 to and from the outside wor;d as wel as internally within the server pool. For VMs to talk to and from th eoutside world, they need a route set up to allow them external access and access from the outside world. Typically this is by using a separate netwoek configuraton, either a different NIC or a VLAN, and providing a gateway that gives such access. The VM's network addresses are also typically public, routed addresses otherwise the network won't be visible from most external locations.

I'd suggest going over this document, which does a really good job explaining XenServer network concepts: https://doc.yonyoucloud.com/doc/xen/xs-design-networkadvanced-131004052202-phpapp02.pdf

 

-=Tobias

[Michael Cropper]

Thanks, let me take a good read over that document and get up to speed with best practice and concepts. 

 

 

Regards,

Michael

[Alan Lantz]

You can use the same management interface for your VM and assign your VM an ip address on that network with your

XenServer and your management workstation with XenCenter (I assume it has a 192.168.x.x address), or you could have

a separate interface on another network that you could assign to your VM that is then routed to the same network as

your PC.  192.168.x.x addresses are private so that would be a local network (not routed on the Internet) networks. You

would then need something to provide NAT to get you to the Internet if that is needed. XenServer has a built in switch,

so consider XenServer and all of the VM's on a logical switch that share connectivity, yet have different IP addresses for

layer 3.

 

--Alan--

 

 

[Tobias Kreidl]

Yeah, I didn't want to get into NAT/PAT, VLANs, routing gateways, and the like right away and make things more complicated than they perhaps need be.

 

-=Tobias

[Alan Lantz]

I get my share of complicated. Sometimes I bring it on myself.  Sometimes I feel like I add 

VLAN's just because I can. 

 

--Alan--

 

[Tobias Kreidl]

Sure, but not everyone needs a complcated environment, especially when first lerning the ropes. Flexibility is great to have when you need it!

 

In our case, we have a bonded pair of 10 Gbit NICs on several pools that does it all (except in one case with still separate NICs for iSCSI, as mandated by the requirements).  Those bonds carry a bunch of different VLANs, including for NFS-mounted  SRs.

[Michael Cropper]

 

The simple solution you've mentioned there Alan sounds like what I'm after. As Tobias has correctly assumed, this is not a complex setup I'm working with while I learn the ropes with Xen. Related to Xen I've literally got 1x Router which connects to the internet, 1x PC with a static IP address which is where XenCenter is installed, and 1x XenServer setup with it's own static IP. 

 

Am I correct in thinking that when you say I just need to add a static IP address to the VM - Are you saying that I need to 1) Give the VM a static IP address (how exactly do you do this within XenCenter? ) 2) Configure the static IP address on the main Router?

 

What I am confused with the above 2 points is that;

 - Surely any static IP address that you assign on the VM needs to be managed via XenCenter and some kind of virtual network in there (not sure if that is overkill for a 'helloworld' VM...)

 - Surely on the Router you can only see the MAC addresses of the PC + XenServer, and not the MAC addresses of the VM that sits inside the XenServer, and hence you wouldn't be able to configure a static IP address on the router?

 

(.....hmm, there's a thought....off to check.....)

 

** mindblown **

 

I can actually see the auto assigned MAC address for the VM along with the DHCP IP address. From here I can SSH into the VM directly as usual using PuTTY. Nice! I'm starting to join the dots together. This must be Xen's dom0 working it's magic here to pass through the VMs MAC address as it was an independent machine. 

 

So... now I'm starting to understand this. Why;

 

 - When I'm SSH'd into the VM, and I run the command: wget 127.0.0.1/helloworld.html, would this work

 - Yet when I'm on the PC and type into the browser http://192.168.0.102/helloworld.html, this doesn't work (that's the DHCP IP address (I'll configure things as static once I've figured everything out...)

 

I've just done an nmap scan on the VM and it's saying the only open ports are 22 for SSH. Do I need to configure somewhere via XenCenter the ports that are open on the VM (or the network that the VM is connected to) ? I couldn't see anything obvious when clicking through XenCenter. 

 

 

Regards,

Michael

 

PS. I still need to read through that large PDF document. I've had a skim and that needs a fair bit of concentration to get through from the looks of things. 

[Alan Lantz]

Okay, I think the example for hello world was just Tobias giving a programming example. Thats not going to 

exist by default. Instead use wget  127.0.0.1/index.html and you should see that file transferred. From your

PC if you just go to the IP Address of XenServer in a browser you should see the a page with the ability to

download XenCenter. NMAP to the VM is going to see what is open from the perspective of the VM. There

would be no configuration on XenCenter for ports.  

 

--Aaln--

 

 

 

[Tobias Kreidl]

Whether a VM's IP address is static or dynamic isn't so much of a concern, but rather that it should have a DNS record, and even more importantly, it should be able to route both in and out of the XS environment. That generally means you need a gateway defined that will allow for packets to make it from the VM to the outside world as well as from the outside in. That's the job of the gateway which should be properly configured also on your network switch.  As to the VM's IP address, you can set that fromXenCenter by just cliicking on the VM and on the Network tab to set the MAC address. For more details, see: https://docs.citrix.com/en-us/xencenter/7-1/vms-network.html

for VMs and for adding networks to the server or pool, see: https://docs.citrix.com/en-us/xencenter/7-1/hosts-network-add.html

 

-=Tobias

[SCOTT FARWELL]

I think the obvious step you are missing is to configure your networking in the guest VM just as you would if it were a standalone machine.  Static IP/mask/gateway if you don't have a DHCP server which I'm guessing you don't or your guest OS would have probably picked up it's own IP info already.

 

Xenserver hosts the Guest OS to allow it to run, you still have to configure everything yourself on each guest OS as you would as if it were a standalone machine.

[Michael Cropper]

Hi all, 

 

Thanks for the help with everything so far. I've finally got around to having a full read over all the links/documentation provided (the Xmas break always helps!) which has helped a lot to get me onto the next stage and I can finally type into the browser on my laptop: {ip address of GuestOS VM}/helloworld.html, which opens successfully. 

 

Found out that there is a default service that comes bundled with CentOS 7 called 'firewalld' which by default is configured to only allow SSH connections into the box so I had to open up Port 80 on that firewall and then it magically just worked. 

 

Now time for some more heavy testing before moving onto plugging this box into a DMZ.... :-)