HyperV Hosts

Hardware Requirements

Software Requirements

  • Winodws Server 2019 Datacenter with GUI.

Hyper-V Pre-Configuration

  1. Boot server into IPMI configuration:

    • Assign the OOB IP address (10.<pod_number>.0.x/16, x!= 0,1,2,3,4,5,6,254,253 and make sure x is not used already)

    • Set user root password

    • Enable virtualisation

    • Set LED screen to hyperv(x).{regionname}

  2. Boot server into RAID configuration and create RAID volume(s):

    • RAID1 - OS (at least 500GB)

    • RAID10(Preferably) - VMIMAGES (The rest available storage)

  3. Start Operating System installation:

    • Install on OS volume

  4. After installation is completed update the server. Once updated set updates policy to “Allow Local admin to chose setting”:

    win + R
    gpedit.msc
    

    Computer Configuration > Administrative templates > Windows Components > Windows Update > Configure Automatic Updates > “5. Allow Local admin to chose setting”

  5. Set host name to:

    hyperv(x).{regionname}
    

    (where x is the number of a Hyper-V server number in the region)

  6. Initialize DATA Volume, assign letter D:and create a folder “HyperV”. Then run diskmgmt.msc, then create a new partition for disk letter D: and set a name DATA. Then create a folder with name HyperV.

  7. Enable RDP Access

  8. Run Server manager, choose Manage in top-right corner, then Add Roles and Features, choose “Role-based or feature-based installation”, then choose “Select a server from the server pool”, enable “Hyper-V” Role, on next screen enable “Client for NFS” feature. CLick install.

  9. Configure Virtual Switch with the following

    • Name: Virtual Switch

    • Connection type: External Network

    • Adapter - Private Network Interface of the host

  10. Open powershell as administrator and run the following to enable scripts execution:

    Set-ExecutionPolicy Bypass and click “A” to confirm

    and enable PS-Remoting:

    Enable-PSRemoting -Force

  11. While in powersell as administator run the following to add a static route telling the host to route traffic for Robot’s docker network through the Region Appliance and enable a firewall rule for the robot containers access via WinRM on port 5985

    route -p ADD {p}:d0c6::/64 {p}::6000:1
    
    New-NetFirewallRule -DisplayName 'Allow-Robot-WinRM' -RemoteAddress {p}:d0c6::/64 -Profile @('Public') - Direction Inbound -Action Allow -Protocol TCP -LocalPort @('5985')
    
  12. Open CMD as administrator and type the following:

    winrm set winrm/config/service/auth @{Basic="true"}
    winrm set winrm/config/service @{AllowUnencrypted="true"}
    
  13. Setup DNS records so the hostnames can be resolved from a public DNS server.

  14. Add NTP Pool Settings and sync time on the host. Open CMD as administrator and type the following (change NTP pool servers as required, but make sure servers are IPv6 capable)

    w32tm /config /manualpeerlist:"2.ie.pool.ntp.org" /syncfromflags:manual /update
    
  15. Add data about the server into the IaaS via the Franchisee App following the steps here. This is so Robot can find out where it can build infrastructure.

OpenSSH-Server Configuration(Supporting soon)

  1. Check and Install OpenSSH-Server if not exists (In powershell)

    Get-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

    Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

  2. Enable Public Key authentication in SSHD config, Open “C:\ProgramData\ssh\sshd_config” file and uncomment the following and save the changes and close the file.

    PubkeyAuthentication yes

  3. Mount the Robot network drive to access the Robot’s SSH public key file (In CMD)

    mount -o nolock \\robot.<pod_name>.<oraganization_url>\etc\cloudcix\robot Z:
    
  4. Add the Robot’s SSH public key to the Windows server (In Powershell)

    $authorizedKey = Get-Content -Path Z:\id_rsa_<pod_number>.pub

    Add-Content -Force -Path $env:ProgramData\ssh\administrators_authorized_keys -Value $authorizedKey;icacls.exe ""$env:ProgramData\ssh\administrators_authorized_keys"" /inheritance:r /grant ""Administrators:F"" /grant ""SYSTEM:F""

  5. Change the default shell in Windows OpenSSH (the official Microsoft builds) from CMD to powershell(In powershell)

    New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

  6. Start SSHD service (In Powershell)

    Start-Service -Name sshd

  7. While in powersell as administator run the following to add a static route telling the host to route traffic for Robot’s docker network through the Region Appliance and enable a firewall rule for the robot containers access via Paramiko on port 22

    New-NetFirewallRule -DisplayName 'Allow-Robot-SSH' -RemoteAddress {p}:d0c6::/64 -Profile @('Public') -Direction Inbound -Action Allow -Protocol TCP -LocalPort @('22')