- Author
Mark Biggers <mbiggers@ine.com
- Description
Install & configuration of OpenNebula (ONE) 4.x on openSUSE 12.3
- Ref
SDB:Cloud OpenNebula: <http://en.opensuse.org/SDB:Cloud_OpenNebula>
- Ref
ONE Installing the Software: <http://opennebula.org/documentation:rel4.2:ignc#opensuse_platform_notes>
- Ref
KVM driver, KVM configuration: <http://opennebula.org/documentation:archives:rel4.0:kvmg#kvm_configuration>
- Ref
ONE Rel 4.2 packages, for openSUSE: <http://download.opensuse.org/repositories/Cloud:/OpenNebula:/Testing/openSUSE_12.3/>
- Ref
- Ref
OCCI Server Configuration: <http://opennebula.org/documentation:rel4.2:occicg>
- Ref
xyzzy: <>
- Revision
1.0
- To View
restview README.rst
- Metainfo
restview, Restructured Text Viewer: <https://pypi.python.org/pypi/nrestview>
- Metainfo
- Organization
Internetwork Experts, http://www.INE.com
- Date
25 October 2013
Table of Contents
For the purpose of installing ONE, read all of these docs (see Refs, above), in addition to following this guide.
SDB:Cloud OpenNebula
ONE Installing the Software
It's not enough to just install the ONE software on a given Linux platform. There is extensive documentation for planning a ONE Cloud deployment.
OpenNebula 4.2 Guides http://opennebula.org/documentation:rel4.2
The foci of this deployment is KVM technology for virtual machines, VM resources management, and to a degree, the VM "networks" management.
For a ONE Cloud-node
The decision to use Linux KVM
VM technology, will require the libvirtd
service, virsh
and related KVM
command-line tools. OpenNebula supports KVM, Xen and VMWare VM technologies. :
zypper install libvirt
# for KVM tools, development
zypper install libvirt-client libvirt-python libvirt-devel kvm
Install & enable the Repository info, for the openSUSE ONE packages. :
sudo zypper ar -n OpenNebula -f http://download.opensuse.org/repositories/Cloud:/OpenNebula:/Testing/openSUSE_12.3 on
Install the following package, to get going: :
sudo zypper install opennebula
For the Sunstone management Web UI for ONE, install: :
sudo zypper install opennebula-sunstone
The Secure Shell service must be up on each ONE Cloud-host, and on the Cloud-master! The oneadmin
user has a ssh
public-key login, for password-less logins to the ONE hosts. :
for op in enable start status; do
sudo systemctl $op sshd
done
Custom Ruby packages for ONE, the Web framework sinatra, and all required openSUSE Ruby language support, needs to be installed. (Done, by latest openSUSE ONE packages!)
This installation of openVSwitch is for configuration of a basic ONE network definition. The install of OVS provides the ovs
service, and the command-lineovs-commands
. :
zypper ar http://download.opensuse.org/repositories/Cloud:/OpenStack:/Master/openSUSE_12.3/Cloud:OpenStack:Master.repo
zypper install -y openvswitch-switch openvswitch-kmp-default tcpdump ethtool
tcpdump
and ethtool
will be very useful for CRAFT networking configurations and debugging!
NOTE: The configuration of a set of openVSwitches - within & outside of a set of client VMs - will be covered in another document.
NOTE: dropped this for now - must get basic VM deployment to work!
The oneadmin
user needs login authorization; provide a password here. :
ONE_AUTH=/var/lib/one/.one/one_auth
sudo tee $ONE_AUTH <<EOF
oneadmin:passWurd
EOF
sudo chown oneadmin:cloud $ONE_AUTH
Ensure the configuration of all the Linux groups that ONE seems to need, for the oneadmin
user! :
sudo groupadd -g 1000 oneadmin ## use the _same_ GID as 'cloud'
sudo usermod -a -G libvirt,qemu,kvm,oneadmin,cloud
Ensure that oneadmin
has "clean" ssh access, across all ONE Cloud nodes. :
sudo -u oneadmin tee ~oneadmin/.ssh/config <<EOF
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
There is a need for restrictedsudo
privileges for the oneadmin
user. Create this file as root
. :
tee /etc/sudoers.d/oneadmin-sudo <<EOF
# 'oneadmin' management sudo rights -- openSUSE paths
Cmnd_Alias ONEADMIN_NETW = /usr/bin/ovs-vsctl, /usr/sbin/ebtables
Cmnd_Alias ONEADMIN_LVM = /sbin/lvs, /sbin/lvcreate, /sbin/lvremove, /sbin/vgdisplay, /usr/bin/dd
%cloud ALL = NOPASSWD: ONEADMIN_NETW
%oneadmin ALL = NOPASSWD: ONEADMIN_NETW
EOF
Add to the "allowed" folder access, for ONE data (optional). :
sudo mkdir -p /etc/one/image/
tee /etc/one/image/fs.conf <<EOF
## IMAGE_REPOSITORY_PATH=/var/lib/one/images
## RESTRICTED_DIRS="/var/lib/one/ /etc/one/"
SAFE_DIRS="/var/lib/one/downloads"
EOF
For a ONE Cloud-node
This config-file for PolicyKit permits oneadmin
(in cloud
group) to manage libvirtd
controlled resources. Run this as user root
. :
tee /etc/polkit-1/rules.d/50-org.libvirt.unix.manage.rules <<EOF
# on Cloud "nodes" -- so 'polkitd' permits 'oneadmin' user
# to do 'libvirtd' ops
#
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" &&
subject.isInGroup("cloud")) {
return polkit.Result.YES;
}
});
EOF
sudo systemctl restart polkit.service
Now, enable the oneadmin:cloud
user to do qemu-kvm
KVM operations, and stop libvirtd
from changing ownership of KVM images, etc from the oneadmin
user. :
# this patch may need regen...
sudo patch -b -p0 -d /etc/libvirt < ine_craft_service/doc/etc-libvirt/qemu.conf.patch
Next, enable libvirtd
to listen as a service on its standard TCP port, and turn on SASL support. :
sudo patch -b -p0 -d /etc/libvirt < ine_craft_service/doc/etc-libvirt/libvirtd.conf.patch
# the 'patch' should include:
listen_tls = 0
listen_tcp = 1
mdns_adv = 0
unix_sock_group = “cloud”
unix_sock_rw_perms = “0777″
auth_unix_ro = “none”
auth_unix_rw = “none”
sudo systemctl restart libvirtd
sudo systemctl status libvirtd
qemu-kvm
cannot be run by the oneadmin
(non-root) user, without this new udev
rule. :
sudo tee /etc/udev/rules.d/60-qemu-kvm.rules <<!EOF
KERNEL=="kvm", GROUP="cloud", MODE="0660"
EOF
sudo udevadm control --reload-rule ## *must* reload udev rules!
Doing some due diligence... :
mkdir /var/run/libvirt/network ## silence libvirtd complaints in 'messages'
Dump the Cloud-node configuration, as known to libvirtd
(via a Ruby app). :
# this script is a "virsh" wrapper ... !
sudo -u oneadmin /var/lib/one/remotes/im/kvm.d/kvm.rb
There is a one-time initialization for the ONE service oned
, that must happen. :
sudo -u oneadmin env ONE_AUTH=/var/lib/one/.one/one_auth /usr/sbin/onedsetup
Next, enable all OpenNebula services, start them and then get their status. :
OP=enable
for svc in one.service one_scheduler.service sunstone.service; do
sudo systemctl $OP $svc
done
OP=restart
# paste above for-loop, here
OP=status
# paste above for-loop, here
Run some "tests" as oneadmin
, to see if access and configurations may work. :
sudo su - oneadmin # become the oneadmin user
onehost list
onehost show 0 -x # should dump the #0 Host info & resources, as XML
Next, start the OCCI remote-API service. :
sudo -u oneadmin occi-server start
To stop this service: :
sudo kill $(cat /var/run/one/occi-server.pid)
NOTE: OCCI-service - start, stop, etc - needs to be in a "host local" service script - using systemd?
To test this service at any time - as oneadmin
user: :
occi-storage list
occi-instance-type list --verbose # -U oneadmin -P passWurd