Nano Server is a Windows OS created for the cloud age. It has been announced by Microsoft this April and is going to be shipped with Windows Server 2016.
What makes Nano Server special?
- A very small disk footprint compared to traditional Windows Server deployments (a few hundred MB instead of multiple GB).
- A very limited attack surface.
- A very limited number of components, which means fewer updates and fewer reboots
- Much faster virtual and bare-metal deployment times due to the reduced footprint.
How is this possible?
In short, the OS has been stripped from everything that is not needed in a cloud environment, in particular the GUI stack, the x86 subsystem (WOW64), MSI installer support and unnecessary API.
What about OpenStack support?
Nano Server and OpenStack are a perfect match in multiple scenarios, including:
- Compute instances (virtual and bare-metal)
- Heat orchestration
- Hyper-V Nova compute nodes with native and OVS networking support
- Cinder storage server, including Scale-out File Server clusters
- Windows Containers host (Nova-Docker and soon Magnum)
- Manila SMB3 file servers
Nano Server compute instances on OpenStack
Nano can be deployed on OpenStack like any other Windows or Linux guest OS. Currently it supports Hyper-V compute nodes, with KVM and other hypervisors as soon as drivers become available. Bare metal deployments using Ironic or MaaS are also supported.
Like in any other Linux or Windows instance case, a guest boot agent is required to take advantage of the OpenStack infrastructure.
I’m glad to announce that Cloudbase-Init is now fully supported on Nano Server!
How to create a Nano Server image for OpenStack?
Creating a Nano OpenStack image is easy and as usual we open sourced the scripts required to do that.
Disclaimer: please consider that Nano Server is still in technical preview, so things can change before the final release.
At the time of this writing the latest public available Nano Server install image can be obtained as part of the Windows Server 2016 TP3 ISO, available for download here.
The following steps need to be executed using PowerShell on Windows, we tested them on Windows 10, Windows Server 2016 TP3 and Hyper-V Server 2012 R2.
Let’s start by cloning our git scripts repository, checking out the nano-server-support branch:
|
1 2 |
git clone https://github.com/cloudbase/cloudbase-init-offline-install.git -b nano-server-support cd cloudbase-init-offline-install |
The following variables need to match your environment, in particular the folder where you’d like to put the generated Nano VHDX image, the location of your Windows Server 2016 technical preview ISO and the password to assign to the Administrator user. Please note that this password is only meant for troubleshooting and not for OpenStack tenants (more on this later).
|
1 2 3 |
$targetPath = "C:\VHDs\Nano" $isoPath = "C:\ISO\Windows_Server_2016_Technical_Preview_3.ISO" $password = ConvertTo-SecureString -AsPlaintext -Force "P@ssw0rd" |
We can now build our Nano Server image:
|
1 2 |
.\NewNanoServerVHD.ps1 -IsoPath $isoPath -TargetPath $targetPath ` -AdministratorPassword $password |
Download Cloudbase-Init:
|
1 2 3 |
$cloudbaseInitZipPath = Join-Path $pwd CloudbaseInitSetup_x64.zip Start-BitsTransfer -Source "https://www.cloudbase.it/downloads/CloudbaseInitSetup_x64.zip" ` -Destination $cloudbaseInitZipPath |
Install Cloudbase-Init and prepare the image for OpenStack:
|
1 2 |
$vhdxPath = "C:\VHDs\Nano\Nano.vhdx" .\CloudbaseInitOfflineSetup.ps1 -VhdPath $vhdxPath -CloudbaseInitZipPath $cloudbaseInitZipPath |
Done!
We’re ready to upload our freshly built image in Glance:
|
1 2 |
glance image-create --property hypervisor_type=hyperv --name "Nano Server" ` --container-format bare --disk-format vhd --file $vhdxPath |
Booting your first Nano Server OpenStack instance
If you don’t have Hyper-V nodes in your OpenStack environment, adding one is very easy. If you also don’t have an OpenStack deployment at hand, you can have one installed on your Windows server or laptop in a matter of minutes using v-magine.
Nano instances can be booted on OpenStack like any other OS, with one exception: Nano does not currently support DVDRom drives, so if you plan to use ConfigDrive, Nova compute on Hyper-V must be set to use RAW disks (ISO or VFAT).
Here’s a simple nova boot example, where $netId is the id of your private network. Make sure to pass a keypair if you want to obtain the password required to login!
|
1 |
nova boot --flavor m1.standard --image "Nano Server" --key-name key1 --nic net-id=$netId nano1 |
Once the system is booted, you can retrieve and decrypt the instance password using nova get-password, passing the path to the keypair’s private key:
|
1 |
nova get-password nano1 "\path\to\key1_rsa" |
By the way, all the above steps can be performed in Horizon as well, here’s how a Nano instance console looks like:
Nano Horizon Console
Connecting to Nano Server instances
Nano does not support RDP, since there’s no GUI stack, but it supports WinRM and PowerShell remoting. If you’re not familiar with WinRM, you can think of it as the rough equivalent of SSH for Windows.
In your security groups, you need to allow port 5986 used for WinRM HTTPS connections. Cloudbase-Init took care of configuring the instance’s WinRM HTTPS listener.
|
1 |
nova secgroup-add-rule default tcp 5986 5986 "0.0.0.0/0" |
To enter a remote PowerShell session:
|
1 2 3 4 5 6 7 8 9 10 11 |
# Get your instance address, possibly by associating a floating IP: $ComputerName = "yourserveraddress" # Your password obtained from "nova get-password" is used here $password = ConvertTo-SecureString -asPlainText -Force "your_password" $c = New-Object System.Management.Automation.PSCredential("Admin", $password) $opt = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck $session = New-PSSession -ComputerName $ComputerName -UseSSL -SessionOption $opt ` -Authentication Basic -Credential $c Enter-PSSession $session |
Done! You’re connected to Nano server!
Nano Server PSSession
Can I avoid passwords?
Windows supports password-less authentication using X509 certificates in a way conceptually similar to SSH public key authentication on Linux, here’s a blog posts that we wrote on this topic.
Customizing Nano with userdata scripts and Heat templates
Cloudbase-Init supports PowerShell and Windows batch userdata scripts on any Windows version, including Nano Server. Heat templates are supported as well, in the limits of the features available on Nano of course, so trying to deploy an Active Directory controller won’t work on the current technical preview!
Here’s a very simple example PowerShell userdata script that can be provided to Nova when spawning an instance:
|
1 2 |
#ps1 echo "Hello OpenStack!" > C:\hello.txt |
What’s next?
Cloudbase-Init integration was just the first step in getting Nano Server supported in OpenStack.
Coming next: Nova compute for Hyper-V, Open vSwitch and Cinder Windows storage support!
