Welcome to the launch of my blog here at communities.vmware.com and my first blog post! My name is Daniel Casota, I am living in Switzerland and excited to share with you more of what I'm doing in my homelab!
I have regained the joy of keep being curious in IT. How can curiosity be lost? I would answer my 20-year-old self, that one can predict events in life, good or bad, and that it is worth taking two steps to the side. Like many other IT system engineers, I do not have to set up my own company, rather stick to what I can take and give.
Being twenty-five years in IT I have finally realized all of the benefits that blogging can bring. Writing things down makes me feel more calm when an idea whirling around my head is ready to jump out, and in some sort happier when tinkering around with VMware software products. As a VMware enthusiast, server consolidations and maintaining datacenter infrastructure belonged to daily duties and still does. Defecting vSphere and Horizon workload anomalies, writing some code snippets and assisting to updates/upgrades of software components made my day.
Moving forward quickly, customers did not asked if it would be more affordable and more secure to let manage VMware's workloads by cloud providers. It just happened.
As this is a four-part blog about Photon OS on Azure, I apologize in advance to readers of this first, really long blog post.
I realized that I was quite late
A participation to the interregion public cloud provider Microsoft gained traction since the launch of the cloud-hosted versions of Office365 with its rolling release model. In addition, in Azure with the license mobility rights for Windows Server, small- and middle-sized companies focus more on their value proposition, and want to have less friction during their transition progresses from traditional IT applications to cloud-native IT applications.
Some colleagues already worked on configuring hybrid tenants using active directory federation services, with on a software as a service basis of Exchange and with Cisco spark collaboration suite for teams. I realized that I was quite late. Their customers' blueprint priority was on modernizing the c# apps, and, again, not on strategically keeping the lights on of their sme on-premise datacenter infrastructure.
Back in the homelab I became desillusionated. What are opportunities to go for? Rethinking that "99.6% of all Swiss companies have fewer than 250 employees and that these smes account two thirds of the employees in Switzerland", you cannot focus on VMware biased IT infrastructure hosting Microsoft windows servers only can you? Hence, a year ago I decided to learn more about Azure.
To gain hands-on experience in Azure infrastructure services, I decided to mix the from-the-scratch-learning-path with VMware Photon OS. Photon OS, a VMware operating system, is an open source Linux container host for cloud-native applications. Like most people I did not knew much about Photon. But that minimal resource footprint of OS, the built-in package-based lifecycle management systems and the growing automation&integration support for IoT environments caught my attention.
Photon OS
Photon OS is a native 64bit operating system, and supported on ARM64 architecture as well. Companies are looking towards new economic opportunities using IoT technology.
The full installation of Photon OS comes with a ready-to-go environment and a bunch of packages gcc, make, glibc-devel, linux-devel, etc. for developing programs, and for system engineering as well. Please be benevolent, I am still a Linux beginner and didn't have had in the last twenty-five years the opportunity to develop software drivers for compute hardware. The last compiling, assembling and linking in some sort was using VMware ThinApp components ten years ago.
How do system administrators maintain a fleet of computers with different packages, files and configuration installed in different order? Photon its so called RPM-OSTree provides the relevant magic sausage for an identical, predictable installed systems. It should be installed first. Developer teams building their OSTree host and client environment should use a lightwave directory service with a certificate authority. Lighwave directory is an open source LDAP v3 directory service developed by VMware. Facing all Project Lightwave components, in short, it has similarities with Microsoft domain controllers concepts, Microsoft's version of kerberos and domain name services.
As a windows developer activity, building an .msi upon a specific .NET base line with if-then-else-clauses for windows os flavours does not solve machine-machine-dependencies. It might be a tech highlight - Photon its open source yum-compatible package manager called tiny dandified yum (tdnf) with OSTree preserves the same package-management capabilities of yum meanwhile with added benefit of self-upgrade capability. For most classic Microsoft Windows package builders this is different.
Photon OS runs docker containers. And really performant! And persistent data in mind, yes you can reboot the machine into an existing image or into a newly created image build.
How to monitor container workloads? The guys at the company Opvizor know a lot about monitoring vSphere environments. In their blog post they describe a handy dandy monitoring solution for Photon OS hosted containers.
If you start deploying Photon on vSphere, you definitely should read the posts from Powershell&PowerCLI expert Luc Dekens Deploy Photon 2.0 - Part 1 - LucD notes, Cloud-init - Part 3 - Photon OS - LucD notesand the VMware Technology Network (VMTN) forum posts vmware Photon OS 3.0 Customization of the users vin01 (Vineeth Kondapally) and LucD (Luc Dekens). I need to thank them for providing valuable information about creating Photon OS templates, and for pointing me to the right direction in why it is important the rolling release model aka SDDC way!
When I discussed the first blog post draft with Michael Rebmann, Senior Solution Architect at VMware, Michael (thanks mate!) advised me to learn more about Kubernetes as this is a main topic in the future. And back on Photon, he pointed out that Photon shares the same OS security patches quite with some more VMware virtual appliances first I thought of. Here's the list (not complete!)
- vCenter Server, see release notes vCenter Server Appliance 6.7 Photon OS Security Patches
- Site Recovery Manager, see release notesSRM 8.2
- vRealize Automation, see What's new in vRealize Automation 8
- vRealize LogInsight, see release notes vRealize LogInsight 8
- Unified Access Gateway, see UAG 3.8 Deploying and Configuring
- VMware application proxy, see WAP - VMware Solution Exchange
The VMware Photon team does listen to submitted bug reports and feature requests.There is no commercial support for Photon OS as a standalone operating system, but simply use their Github Issues page or, if you wish to contribute code, make sure that you can build Photon OS and sign the VMware Open Source Software (OSS) Contributor License Agreement (CLA).
When it comes to the Photon OS minimal installation, my lessons learned is to keep in mind the SDDC way. Photon is a managed operating system for IoT gateway hardware (see Photon OS and VMware Pulse IoT Center 2.0 on Dell Edge Gateway 5000). And as an enthusiast, seeing niche options like the support of PowerCLI core on Photon OS and a fully working Powershell Gallery provider fascinates me.
Outside of a baremetal or of a vSphere environment, provisioning Photon OS is supported as Amazon AMI machine, as Google Compute machine, on Raspberry Pi3 and as an Azure virtual machine. You can find the download bits at https://github.com/vmware/photon/wiki/Downloading-Photon-OS.
Azure basics
For Azure I had to learn the bunch of basics from the scratch. I think it still was a good decision. The decision was definitely the replacement of normal routine with something fresh and even a little uncomfortable. Where to begin?
I accomplished the Azure fundamentals path in Microsoft learn. The Microsoft learn path holds a mix of functionalities I knew from the VMware Education Services training portal as well as from the VMware Hands-on Labs Platform.
To allocate some homelab resources, Microsoft Azure webportal offers a student or free Azure subscription. An Azure subscription is a logical container used to provision resources in Microsoft Azure. It holds the details of all your stored objects like virtual networks, storage accounts and much more. Azure offers free and paid subscription options. The most commonly used subscriptions are:
• Free
• Pay-As-You-Go
• Enterprise Agreement
• Student
This is to remember when paid Azure support plans are to be expected.
The following figure depicts windows Azure hypervisor biased virtual servers defined within a single group on the same virtual network. Afaik Hyper-V is still the only supported Azure type-1 hypervisor. Virtual servers can be Windows OS and Linux OS (see Linux integration services for Hyper-V and Azure), and no Mac OS.
Figure 1 Azure resource manager model
This Azure Resource Manager (ARM) model is used as resources can be deployed, managed, monitored as a group. The resource group contains virtual machines and virtual machines defined in the Availability Set. Assigning virtual machines to an Availability Set causes them to be hosted on different fault domains and upgrade domains in the encapsuled data center. A storage account provides shared storage for virtual machines.
Azure provides three classic administration tools to control resource groups:
- Azure portal (web interface)
- Azure CLI (console)
- Azure Powershell (console)
They all offer the same amount of control; any task that you can do with one of the tools, you can likely do with the other two. All three are to be considered as cross-platform-aware, running on Windows, Mac OS, and Linux. They differ in syntax, setup requirements, and whether they support automation.
Az is the formal name for the Azure CLI commands containing arguments to work with Azure features. It contains hundreds of arguments that let you control an Azure resource. Azure Powershell or Az CLI can work with resource groups, storage, virtual machines, Azure active directory, containers, and so on.
Azure Powershell module is an open source component available on GitHub. You can install the module onto your local machine through the Install-Module command. You need an elevated Powershell shell (run as administrator) to install modules from the Powershell Gallery. To install the latest Azure Powershell module, type the following command:
Install-Module -Name Az -AllowClobber
Working with a local install of Azure Powershell, you will need to authenticate before you can execute Azure commands. The connect-azaccount cmdlet prompts for your Azure credentials and then connects to your Azure subscription. It has many optional parameters, but if all you need is an interactive prompt, no parameters are needed:
connect-azaccount
How in powershell do we know that we are connected to the Azure environment? You can use the module command get-azcontext. It will display subscription and account information.
Let's create some resources on Azure:
- Resource group
- Storage account
- Virtual network
- Virtual machines
Figure 2 Create a resource group
Some findings:
- Most cmdlets like new-azresourcegroup are processed in sync.
- Hence, the ProvisioningState directly returns "succeeded" (or throws an error). Most cmdlets with prefix "new-" know the two params resourcegroupname and location.
- The binding to the geolocation of a resource group is important for the resource provider functions requested. Not all locations always have the same set of provider services.
Figure 3 Azure locations listing
In nowadays you can virtually traverse through Azure regions and allocate resources, and you should get the same user experience.
Allocating and using storage to store files, virtual machines and images needs an account to be created. As there are different types of storage, redundancy purposes and geolocation replication options, the inner layer programmatically is provided by storage resource providers. It helped me thinking of it as a rolling release model for its published SKU types.
Figure 4 Create a storage account
Using New-AzStorageAccount, beside the context of resourcegroup with location and the name of the storage account, you need to specify the type of storage and sku. A default storage account key is created automatically.
Let's create a virtual network. A simple Azure virtual network consists of a single subnet. The subnet ip range must belong to the vnet ip range. In the following example the subnet ip range is 192.168.1.0/24, and the virtual network subnet is 192.168.0.0/16. You must use the CIDR notation ("/") when using new-azvirtualnetworksubnetconfig and new-azvirtualnetwork.
Figure 5 Create a virtual network
Now that resource group, storage account and a virtual network has been created, for sure you want to create a virtual machine.
In comparison with an ESXi virtual machine or a Hyper-V virtual machine, in Azure actually, you cannot bind the vm boot medium to a bootable ISO image.
One option is to make use of already uploaded Azure images of the Azure marketplace. To traverse all public offerings, have a look to the following code snippet:
get-azvmimagepublisher -location switzerlandnorth | % {get-azvmimageoffer -location switzerlandnorth -publishername $_.Publishername | select Offer,Publishername}
Be aware as it takes a while, and the listing is huge.
Afaik there are no Photon OS images Azure offers, neither from bitnami, a VMware company, nor from VMware. From docker hub you may use bitnamis Photon OS image.
On https://github.com/vmware/photon/wiki/Downloading-Photon-OS you find the release binaries as .vhd for Photon OS 3.0 Rev2 for Azure. It contains the minimal installation.
Azure does not support virtual machine file formats .vmdk, .vdi, or .img. An on-premises Hyper-V hypervisor supports the newer Hyper-V format .vhdx, but this is not the case for Azure virtual machines. The '.tar.gz'ified vhd file size is 195 MB. The extracted .vhd file size is 16GB. This fixed size, non-thinprovisioned file is compatible to upload it to a storage container. For this purpose we need to create a storage container inside of the storage account. Before doing so, let's recapitulate the steps:
- Resource group
- Storage account
- Virtual network
- create a storage container when uploading files
As alternative to the Azure Powershell cmdlet new-azstoragecontainer the next example uses the Az CLI argument az storage container create.
Figure 6 Create a storage container when uploading files
Now we upload the Photon OS vhd file, using the Az CLI command
az storage blob upload
The argument --type page for the storage provider signalizes a so called page blob which are for random read/write storage such as .vhd files. az storage blob upload has some similarities to the copy command, but, you need to specify the source file, see the argument --file $vhdfile , as well as the target file, see --name ${BlobName}.
Figure 7 Uploading file
The upload may take a while.
Figure 8 Uploaded file
Let's have a break here. A good additional resource to get familiar with Azure fundamentals and manage resources in Azure courses is the getting starting guide.
In Part2 we will discuss some findings about latest Azure virtual hardware generation and premium disk support, and we will take a closer look into powershell code to create a first Photon OS image.