UbuntuHelp:Eucalyptus-Jaunty
来自Ubuntu中文
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
目录
Getting Started with Ubuntu Enterprise Cloud powered by Eucalyptus in 9.04
Overview
The Eucalyptus Cloud Computing system is highly configurable, allowing it to be customized to fit a wide variety of environments. This installation tutorial serves as a technology preview on setting up a Eucalyptus private cloud.
Objective
From this Tutorial you will learn how to install, configure, register and perform several operations on a basic Eucalyptus setup that results in a cloud with a one controller "front-end" and one node for running Virtual Machine (VM) instances (steps 1, 2, and 3). You will also use examples to help get you started using your own private compute cloud and, optionally, how to register your private cloud with the RightScale Cloud Management Platform (steps 4, 5, and 6).
- Prerequisites
- Installation and Configuration
- Registering Eucalyptus components
- Initial Login and optional Cloud Registration
- Creating a Virtual Machine (VM) image
- Running your image
STEP 1: Prerequisites
A Eucalyptus system includes three high level packages:
- eucalyptus-cloud - includes the front-end services (Cloud Controller) as well as the Walrus storage system.
- eucalyptus-cc - includes the Cluster Controller that provides support for the virtual network overlay
- eucalyptus-nc - includes the Node Controller that interacts with KVM (Kernel-based Virtual Machine) to manage individual VMs
In a basic Eucalyptus setup, the system is composed of two machines (a front-end and a node). The front end runs both eucalyptus-cloud and eucalyptus-cc in this configuration, even though they communicate via network messages, making it possible to separate them in a more complex multi-host setting. The following diagram depicts a simple setup: 模板:Http://pompone.cs.ucsb.edu/~nurmi/images/euca-topo-nonet.png Before you install the packages (or shortly thereafter), there are some prerequisites that should be satisfied to end up with a fully functioning Eucalyptus system. First, the front-end system should have the ability to send mail. The Eucalyptus administrator tools will use email to send verification requests to the cloud administrator when users request credentials. The simplest way to enable these tools to send mail is to install the 'postfix' package and make sure that the host 'mailhost' resolves to 'localhost' (e.g. by adding an entry to /etc/hosts). On the node where Eucalyptus will run user VMs, configure the system's primary ethernet interface as a bridge. (See the Ubuntu Server Guide Bridging for details.) Eucalyptus will attach virtual network interfaces to this bridge for each VM before it starts to enable network connectivity. Note: the name of your node's bridge device (we assume the name of your bridge device is "br0" for the rest of this document). Next, the default Eucalyptus configuration assumes that there is a DHCP server in your environment that is handing out dynamic IP addresses. Since VMs will be bridged to your local network, they can run a DHCP client to get an IP address. Finally, from any host that you wish to use as a Eucalyptus client, the Amazon Elastic Compute Cloud (EC2) API and AMI tools should be installed. Eucalyptus supports the following tools:
You will also need to install the packages ruby, libopenssl-ruby and curl for the ec2-ami-tools installed manually to work properly. Note: The version of the ec2-ami tools that is provided by Jaunty will not work properly against the current version of Eucalyptus. Please use the links provided above to download the version of the tools that are supported. In order to use any ec2-ami tools that require access to instance meta-data (e.g. ec2-bundle-vol) where CC_IP is the IP address of the machine running eucalyptus-cc:
vi ec2ami/lib/ec2/amitools/instance-data.rb (set META_DATA_URL="http://<CC_IP>:8773/latest/meta-data")
Also other tools that can interact with the EC2 and S3 APIs should work with Eucalyptus.
Ports
If you wish to access Eucalyptus from behind a firewall (i.e. the EC2 and AMI tools and the cloud will be on different sides of a firewall) then port 8773 must be open. Additionally, if you plan to register your Eucalyptus installation with a cloud management platform, 8773 and 8443 must be open.
STEP 2: System Installation and Configuration
Install the eucalyptus-cloud and eucalyptus-cc packages on the front-end machine:
sudo apt-get install eucalyptus-cloud eucalyptus-cc
Next, install the eucalyptus-nc package on each node:
sudo apt-get install eucalyptus-nc
Finally, on the node, bring down the eucalyptus-nc service and modify /etc/eucalyptus/eucalyptus.conf with the name of the bridge that you set up as the node's primary interface. Note that there are several ways to configure a node to have a bridge as its primary interface, depending on the configuration of your machine. We show an example set of steps here but you will need to take care to ensure that this example configuration does not conflict with your local configuration if you wish to use it. However you have arranged for the bridge to be configured, you now need to specify that bridge name ("br0" in our examples) in the node controller's configuration. To do so, type
sudo /etc/init.d/eucalyptus-nc stop sudo vi /etc/eucalyptus/eucalyptus.conf (set VNET_BRIDGE="br0") sudo /etc/init.d/eucalyptus-nc start
The following diagram depicts what your setup should now resemble: 模板:Http://pompone.cs.ucsb.edu/~nurmi/images/euca-topo.png You will also need to change your networking configuration to make it so that IPv4 traffic is passed to IPv6 ports since the Eucalyptus web frontend runs by default only on IPv6. To do so, type
sudo vi /etc/sysctl.conf (uncomment net.ipv4.ip_forward=1) sudo sysctl -p
STEP 3: Registering Eucalyptus Components
Eucalyptus assumes that each node in the system belongs to a cluster and that each cluster belongs to a cloud. Each node (there is only one node in this example) runs a copy of eucalyptus-nc. Similarly, each cluster (again, there is only one cluster in this example) must run a copy of eucalytpus-cc. For simplicity, the eucalyptus-cc in this example runs on the same machine as the cloud controller (eucalyptus-clc). These components must be registered with each other before the system starts. To register a cluster, execute the following on the front-end:
sudo euca_conf -addcluster <clustername> localhost
where <clustername> is the name that you would like this cluster to appear as to your users. Note that this name is logical and local only to Eucalyptus. It will correspond to an availability zone in the output of the client tools. Next, register your node with the cluster by running the following command on the front-end:
sudo euca_conf -addnode <node_hostname>
Later, you can add more nodes by repeating the above command for each node running a copy of eucalyptus-nc. At this point, your Eucalyptus system should be up and running, ready for first time use.
STEP 4: Initial Login
The first time Eucalyptus boots, you are required to go through some configuration steps that set up the administrative environment for the cloud. From your web browser (either remotely or on your Ubuntu server) access the following URL:
https://<front-end-ip-address>:8443/
Use username 'admin' and password 'admin' for the first time login (you will be prompted to change your password). You can use "localhost" instead of your front-end's IP address if you are on that server. Now follow the on-screen instructions. When you finish the first time configuration process, click the 'credentials' tab located in the top-left portion of the screen. Click the 'Download Certificate' button to get your credentials. 模板:Http://pompone.cs.ucsb.edu/~nurmi/images/euca-admin-cred.png Important! You must use a secure connection, so make sure you use "https" not "http" in your URL. You will get a security certificate warning. You will have to add an exception to view the page. If you do not accept it you will not be able to view the Eucalyptus configuration page. Now you will need to setup EC2 API and AMI tools on your server using X.509 certificates. Unzip the downloaded zipfile into a safe location (~/.euca), and source the included "eucarc" file to set up your Eucalyptus environment. You may additionally wish to add this command to your ~/.bashrc file so that your Eucalyptus environment is set up automatically when you log in. Eucalyptus treats this set of credentials as 'administrator' credentials that allow the holder global privileges across the cloud. As such, they should be protected in the same way that other elevated-priority access is protected (e.g. should not be made visible to the general user population). Alternatively, you can script the installation using these instructions.
Optional Registration With RightScale
!RightScale offers a Cloud Management Platform for use with Eucalyptus, both as a free services and through paid subscriptions. This cloud management software runs as a service within Amazon's AWS so it must be able to communicate with the Eucalyptus cloud controller (eucalyptus-clc) through any firewalls that separate the public Internet from where eucalyptus-clc is running. Thus ports 8443 and 8773 must be open to the public Internet for !RightScale to be able to communicate with your Eucalyptus cloud. To register your Eucalyptus cloud with !RightScale's service, follow these directions:
STEP 5: Creating a Virtual Machine (VM) Image
You can use the vmbuilder utility to create an image that will run in Eucalyptus. First, create a partition description file called 'part'. The contents describe the size, types, and mount points of your VM disk partitions:
root 400 /mnt/ephemeral 0 /dev/sda2 swap 1 /dev/sda3
Next, create a simple script called 'firstboot' that will be executed the first time your image boots inside Eucalyptus to install an ssh daemon. In a file called 'firstboot' create the shell script:
#!/bin/sh apt-get -y install openssh-server
Then, create the image with vmbuilder passing the name of the script file as an argument so that it can be installed. Note that even though we are asking vmbuilder to create a 'xen' image (this simply just means that the output format of the image is a disk partition), the resulting image will boot in Eucalyptus using KVM.
sudo vmbuilder xen ubuntu --part ./part --firstboot ./firstboot
Next, you will need to bundle, upload and register a kernel, ramdisk and finally your image. Using the EC2 API tools, perform the following steps:
mkdir kernel
ec2-bundle-image -i /boot/vmlinuz-2.6.28-11-generic -d ./kernel --kernel true
ec2-upload-bundle -b kernel -m ./kernel/vmlinuz-2.6.28-11-generic.manifest.xml
EKI=`ec2-register kernel/vmlinuz-2.6.28-11-generic.manifest.xml | awk '{print $2}'`
echo $EKI
mkdir ramdisk
ec2-bundle-image -i /boot/initrd.img-2.6.28-11-generic -d ./ramdisk --ramdisk true
ec2-upload-bundle -b ramdisk -m ramdisk/initrd.img-2.6.28-11-generic.manifest.xml
ERI=`ec2-register ramdisk/initrd.img-2.6.28-11-generic.manifest.xml | awk '{print $2}'`
echo $ERI
mkdir image
ec2-bundle-image -i ubuntu-xen/root.img -d ./image --kernel $EKI --ramdisk $ERI
ec2-upload-bundle -b image -m ./image/root.img.manifest.xml
EMI=`ec2-register image/root.img.manifest.xml | awk '{print $2}'`
echo $EMI
Note: the shell variables that have been set in the above code snippets. They will be used to test the installation in the steps below. Now your kernel, ramdisk and image will have been uploaded into Eucalyptus and should be ready to run. To confirm, run the following command:
ec2-describe-images
You should see a registered kernel, ramdisk and image and they should be marked as 'available'.
| Please note: if you are preparing the bundle on a machine that uses encrypted filesystems be aware that you cannot bundle the machine ramdisk for your AMI. This is because your local ramdisk includes routines to decrypt your local encrypted filesystem and these will make the instance crash at boot (as the encrypted filesystem does not exist). |
STEP 6: Running an Image
Before running an instance of your image, you should first create a keypair (ssh key) that you can use to log into your instance as root, once it boots. The key is stored, so you will only have to do this once. Run the following command:
ec2-add-keypair mykey > ~/.euca/mykey.priv chmod 0600 ~/.euca/mykey.priv
Note: that you can call your key whatever you like (in this example, the key is called 'mykey'), but remember what it is called. If you forget, you can always run 'ec2-describe-keypairs' to get a list of created keys stored in the system. Next, you can create instances of your registered image:
ec2-run-instances $EMI -k mykey
The first time you run an instance, the system will be setting up caches for the image from which it will be created. This can often take some time the first time an instance is run given that VM images are usually quite large. To monitor the state of your instance, run:
ec2-describe-instances
In the output, you should see information about the instance, including its state. While first-time caching is being performed, the instance's state will be 'pending'. As soon as the instance is started, the state will become 'running'. As soon as the instance acquires an IP address from DHCP, you will see the public and private address fields change from '0.0.0.0' to a usable IP. When this happens, you can log into your new instance using the previously generated ssh key:
ssh -i ~/.euca/mykey.priv root@<ip_of_instance>
Your Eucalyptus cloud should now look similar to the following logical diagram: 模板:Http://pompone.cs.ucsb.edu/~nurmi/images/euca-topo-withinst.png
More Information
- Log files: /var/log/eucalyptus
- Configuration files: /etc/eucalyptus
- Init Scripts: /etc/init.d/eucalyptus-cc, /etc/init.d/eucalytpus-cloud and /etc/init.d/eucalytpus-nc
- Database: /var/lib/eucalyptus/db
- Reboot note: If you reboot your machine Eucalyptus may not start up and function automatically. You may need to restart the services manually.
- Environment note: Don't forget to source your ~/.euca/eucarc before running the client tools.
