Setting up of Eucalyptus Private Cloud on CentOS-5.

7 (32 bit)
I was bit tied down due lack of proper hardware support in setting up Eucalyptus on 64-bit Operating system. Due to same reason, I could not make much headway with OpenStack as well. But, I had to setup and get going with a Private Cloud Infrastructure. After some research and guidance from Eucalyptus technical support team, I could make my private cloud up and running on 32-Bit systems.

Here is How to set up and configure Eucalyptus Private Cloud on 32-bit CentOS-5.7 systems: Once you install CentOS-5.7, update the packages using YUM.

A. Node: My configuration was; 160 GB HDD, 4 GB RAM, dual core processor, CentOS-5.6 (32 bit) 1. Export the Eucalyptus version to be installed. I installed 2.0.3; export VERSION=2.0.3 2. Front-end, node(s), and client machine system clocks are synchronized (e.g., using NTP). yum install -y ntp ntpdate pool.ntp.org 3. Node has a fully installed and configured installation of Xen that allows controlling the hypervisor via HTTP from localhost. yum install -y xen sed --in-place 's/#(xend-http-server no)/(xend-http-server yes)/' /etc/xen/xendconfig.sxp sed --in-place 's/#(xend-address localhost)/(xendaddress localhost)/'/etc/xen/ xend-config.sxp /etc/init.d/xend restart 4. Yum option: Create '/etc/yum.repos.d/euca.repo' file with the following four lines: [euca] name=Eucalyptus baseurl=http://www.eucalyptussoftware.com/downloads/repo/eucalyptus/2.0

.3/

yum/centos/i386/
gpgcheck=0

5. yum install eucalyptus-nc 6. Post Installation Steps: The last step in the installation is to make sure that the user 'eucalyptus', which is created at RPM installation time, is configured to interact with the hypervisor through libvirt on all of your compute nodes.On each node, access the libvirtd configuration, /etc/libvirt/libvirtd.conf, and confirm that the following lines are uncommented: unix_sock_group = "libvirt" unix_sock_ro_perms = "0777" unix_sock_rw_perms = "0770" 7. Since XEN kernel has been installed (in step 3), make the appropriate changes in /etc/grub.conf to reflect system is booted using the XEN kernel; For example; default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-308.1.1.el5xen) root (hd0,0) kernel /xen.gz-2.6.18-308.1.1.el5 module /vmlinuz-2.6.18-308.1.1.el5xen ro root=/dev/Cloud/LogVol02 rhgb quiet module /initrd-2.6.18-308.1.1.el5xen.img title CentOS (2.6.18-238.el5PAE) root (hd0,0) kernel /vmlinuz-2.6.18-238.el5PAE ro root=/dev/Cloud/LogVol02 rhgb quiet initrd /initrd-2.6.18-238.el5PAE.img 8. Check loaded kernel; # uname -r 2.6.18-308.1.1.el5xen 9. To check that libvirt is configured and interacting properly with the hypervisor, run the following command on the node: # on XEN su eucalyptus -c "virsh list" The output of that command may include error messages (failed to connect to xend), but as long as it includes a listing of all domains (at least Domain-0), the configuration is in order. eg. /etc/init.d/xend restart restart xend: [ OK ] [root@eucalyptus ~]# su eucalyptus -c "virsh list" Id Name State ---------------------------------0 Domain-0 running 10. Now start up your Eucalyptus services. On the Node: /etc/init.d/eucalyptus-nc start

eg. /etc/init.d/eucalyptus-nc start

You should have at least 32 loop devices

Starting Eucalyptus services: Enabling IP forwarding for eucalyptus.

Enabling bridge netfiltering for eucalyptus.

done. (Warning of 32 loop devices can be fixed using http://j.mp/sleH4S; thus it should return you like the one below ) [root@eucalyptus ~]# /etc/init.d/eucalyptus-nc start Starting Eucalyptus services: done.

Setup Eucalyptus Front-end and Register various Front-End components: B. Front-End:

My configuration was; 160 GB HDD, 2 GB RAM, DualCore processor, CentOS-5.6 (32 bit) Export the Eucalyptus version to be installed. I installed 2.0.3; (Same as node): export VERSION=2.0.3 Front-end, node(s), and client machine system clocks are synchronized (e.g., using NTP). yum install -y ntp ntpdate pool.ntp.org Front end needs java, command to manipulate a bridge, and the binaries for dhcp server (do not configure or run dhcp server on the CC): yum install -y java-1.6.0-openjdk ant ant-nodeps dhcp \ bridge-utils perl-Convert-ASN1.noarch \ scsi-target-utils httpd Set up a YUM repository which contains all the required packages for Front-End system eg. eucalyptus-cloud eucalyptuscc etc. Please note the version number is 2.0.3,distro is CenOS and architecture is 32 bit.

1.

2.

3.

4.

Create '/etc/yum.repos.d/euca.repo' file with the following four lines:

[euca] name=Eucalyptus baseurl=http://www.eucalyptussoftware.com/downloads/repo/eucalyptus/2.0.3 /yum/centos/i386/ gpgcheck=0 5. Once the repository has been created in the above step, intall

the packages using YUM;

yum install eucalyptus-cloud eucalyptus-cc eucalyptus-walrus eucalyptus-sc

6. Once all the packages are installed, start up your Eucalyptus services on the front-end: /etc/init.d/eucalyptus-cloud start /etc/init.d/eucalyptus-cc start

C.

Register various front end components: If everything goes well in the above steps, now is the time to Register various front end components: Here are the steps with actual implementation output (my Front-End systems IP was 172.16.20.234 and that of Node was 172.16.20.233);
1. Register Walrus: Syntax: $EUCALYPTUS/usr/sbin/euca_conf --register-walrus <front end IP address> [root@eucalyptus-front home]# /usr/sbin/euca_conf --register-walrus 172.16.20.234 Adding WALRUS host 172.16.20.234 Trying rsync to sync keys with "172.16.20.234"...The authenticity of host '172.16.20.234 (172.16.20.234)' can't be established. RSA key fingerprint is 6d:11:54:be:84:22:ab:7f:47:a4:0a:b3:22:17:ad:4e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.20.234' (RSA) to the list of known hosts. root@172.16.20.234's password: done. SUCCESS: new walrus on host '172.16.20.234' successfully registered. 2. Register Cluster: $EUCALYPTUS/usr/sbin/euca_conf --register-cluster <clustername> <front end IP address> [root@eucalyptus-front home]# /usr/sbin/euca_conf --register-cluster eucluster 172.16.20.234 Trying rsync to sync keys with "172.16.20.234"...root@172.16.20.234's password: done. SUCCESS: new cluster 'eucluster' on host '172.16.20.234' successfully registered. 3. Register SC: $EUCALYPTUS/usr/sbin/euca_conf --register-sc <clustername> <front end IP address> [root@eucalyptus-front home]# /usr/sbin/euca_conf --register-sc eucluster 172.16.20.234

Adding SC 172.16.20.234 to cluster eucluster Trying rsync to sync keys with "172.16.20.234"...root@172.16.20.234's password: done. SUCCESS: new SC for cluster 'eucluster' on host '172.16.20.234' successfully registered. 7. Finally, you need to register nodes with the front end. To do so, run the following command on the front end, Syntax:$EUCALYPTUS/usr/sbin/euca_conf --register-nodes "<Node 0 IP address> <Node 1 IP address>... <Node N IP address>" Since, I have only one Node with IP address 172.16.20.233, registration was done as follows; [root@eucalyptus-front home]# /usr/sbin/euca_conf --register-nodes 172.16.20.233 INFO: We expect all nodes to have eucalyptus installed in / for key synchronization. Trying rsync to sync keys with "172.16.20.233"...The authenticity of host '172.16.20.233 (172.16.20.233)' can't be established. RSA key fingerprint is 98:56:f1:ea:68:ed:4a:54:54:3d:2b:52:6f:f8:e7:a7. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.20.233' (RSA) to the list of known hosts. root@172.16.20.233's password: done.

Setting up euca2tools, Register, Bundle and Upload a Machine Image

A. On the front-end system install "euca2ools". This would be required to Bundle, Upload and Register image. Steps to install "euca2ools"; 1. Export the architecture for which "euca2ools" would be installed; export ARCH=i386 2. Add the "euca2ools" specific lines in the /etc/yum.repos.d/euca.repo, so that it looks like the following; [root@eucalyptus-front euca-centos-5.3-i386]# cat /etc/yum.repos.d/euca.repo [euca]

name=Eucalyptus baseurl=http://www.eucalyptussoftware.com/downloads/repo/eucalyptus/2. 0.3/yum/centos/i38 6/ gpgcheck=0 [euca2ools] name=Euca2ools baseurl=http://www.eucalyptussoftware.com/downloads/repo/euca2ools/1.3 .1/yum/centos/ enabled=1 gpgcheck=0 3. Now install "euca2ools" yum install euca2ools.$ARCH B. Download, bundle, upload and Register an image: 1. On the Front-End system, download an image from the list of Eucalyptus-certified Images as displayed https://172.16.20.234:8443/#extras Download it under a directory; eg. /home/cloud/Downloads wget http://eucalyptussoftware.com/downloads/eucalyptusimages/euca-centos-5.3-i386.tar.gz .

2.

Uncompress the file; [root@eucalyptus-front Downloads]# tar -xvzf euca-centos-5.3i386.tar.gz 3. Move to the uncompressed directory; [root@eucalyptus-front Downloads]# cd euca-centos-5.3-i386

Now Bundle, upload and register (repeat the process for kernel, initrd and img files; 4. Bundle, upload and register kernel (Since, we are using XEN so we would be working with xen-kernel) I. Eucalyptus Kernel Image: a. Bundle kernel image: [root@eucalyptus-front euca-centos-5.3-i386]# euca-bundle-image -i xen-kernel/vmlinuz2.6.24-19-xen--kernel true --arch i386 i386 Checking image Tarring image Encrypting image Splitting image... Part: vmlinuz-2.6.24-19-xen.part.0 Generating manifest /tmp/vmlinuz-2.6.24-19-xen.manifest.xml b. Upload: [root@eucalyptus-front euca-centos-5.3-i386]# euca-upload-bundle -b kernel-bucket -m /tmp/vmlinuz-2.6.24-19-xen.manifest.xml Checking bucket: kernel-bucket Creating bucket: kernel-bucket Uploading manifest file Uploading part: vmlinuz-2.6.24-19-xen.part.0 Uploaded image as kernel-bucket/vmlinuz-2.6.24-19-xen.manifest.xml c. Register: [root@eucalyptus-front euca-centos-5.3-i386]# euca-register kernelbucket/vmlinuz-2.6.2419-xen.manifest.xml IMAGE eki-90461383 d. You may want to check the image which you have registered by; [root@eucalyptus-front euca-centos-5.3-i386]# euca-describe-images IMAGE eki-90461383 kernel-bucket/vmlinuz-2.6.24-19-xen.manifest.xml admin available public i386 kernel instance-store II. Eucalyptus Ramdisk Image: a. Bundle:

[root@eucalyptus-front euca-centos-5.3-i386]# euca-bundle-image -i xen-kernel/initrd.img2.6.24-19-xen --ramdisk true --arch i386 i386 Checking image Tarring image Encrypting image Splitting image... Part: initrd.img-2.6.24-19-xen.part.0 Generating manifest /tmp/initrd.img-2.6.24-19-xen.manifest.xml b. Upload: [root@eucalyptus-front euca-centos-5.3-i386]# euca-upload-bundle -b ramdisk-bucket -m /tmp/initrd.img-2.6.24-19-xen.manifest.xml Checking bucket: ramdisk-bucket Creating bucket: ramdisk-bucket Uploading manifest file Uploading part: initrd.img-2.6.24-19-xen.part.0 Uploaded image as ramdisk-bucket/initrd.img-2.6.24-19xen.manifest.xml c. Register: [root@eucalyptus-front euca-centos-5.3-i386]# euca-register ramdiskbucket/initrd.img2.6.24-19-xen.manifest.xml IMAGE eri-E83A14C7 d. You may want to check the image which you have registered by; [root@eucalyptus-front euca-centos-5.3-i386]# euca-describe-images IMAGE eri-E83A14C7 ramdisk-bucket/initrd.img-2.6.24-19xen.manifest.xml admin available public i386 ramdisk instance-store IMAGE eki-90461383 kernel-bucket/vmlinuz-2.6.24-19-xen.manifest.xml admin available public i386 kernel instance-store III. Eucalyptus Machine Image: a. Bundle: [root@eucalyptus-front euca-centos-5.3-i386]# euca-bundle-image -i centos.5-3.x86.img -kernel eki-90461383 --ramdisk eri-E83A14C7 Checking image

Tarring image Encrypting image Splitting image... Part: centos.5-3.x86.img.part.0 Part: centos.5-3.x86.img.part.1 Part: centos.5-3.x86.img.part.2 Part: centos.5-3.x86.img.part.3 Part: centos.5-3.x86.img.part.4 Part: centos.5-3.x86.img.part.5 Part: centos.5-3.x86.img.part.6 Part: centos.5-3.x86.img.part.7 Part: centos.5-3.x86.img.part.8 Part: centos.5-3.x86.img.part.9 Part: centos.5-3.x86.img.part.10 Part: centos.5-3.x86.img.part.11 Part: centos.5-3.x86.img.part.12 Part: centos.5-3.x86.img.part.13 Part: centos.5-3.x86.img.part.14 Part: centos.5-3.x86.img.part.15 Part: centos.5-3.x86.img.part.16 Part: centos.5-3.x86.img.part.17 Part: centos.5-3.x86.img.part.18 Part: centos.5-3.x86.img.part.19 Part: centos.5-3.x86.img.part.20 Part: centos.5-3.x86.img.part.21 Part: centos.5-3.x86.img.part.22 Generating manifest /tmp/centos.5-3.x86.img.manifest.xml b. Upload: [root@eucalyptus-front euca-centos-5.3-i386]# euca-upload-bundle -b image-bucket -m /tmp/centos.5-3.x86.img.manifest.xml Checking bucket: image-bucket Creating bucket: image-bucket Uploading manifest file Uploading part: centos.5-3.x86.img.part.0 Uploading part: centos.5-3.x86.img.part.1 Uploading part: centos.5-3.x86.img.part.2 Uploading part: centos.5-3.x86.img.part.3 Uploading part: centos.5-3.x86.img.part.4 Uploading part: centos.5-3.x86.img.part.5 Uploading part: centos.5-3.x86.img.part.6 Uploading part: centos.5-3.x86.img.part.7 Uploading part: centos.5-3.x86.img.part.8

Uploading part: centos.5-3.x86.img.part.9 Uploading part: centos.5-3.x86.img.part.10 Uploading part: centos.5-3.x86.img.part.11 Uploading part: centos.5-3.x86.img.part.12 Uploading part: centos.5-3.x86.img.part.13 Uploading part: centos.5-3.x86.img.part.14 Uploading part: centos.5-3.x86.img.part.15 Uploading part: centos.5-3.x86.img.part.16 Uploading part: centos.5-3.x86.img.part.17 Uploading part: centos.5-3.x86.img.part.18 Uploading part: centos.5-3.x86.img.part.19 Uploading part: centos.5-3.x86.img.part.20 Uploading part: centos.5-3.x86.img.part.21 Uploading part: centos.5-3.x86.img.part.22 Uploaded image as image-bucket/centos.5-3.x86.img.manifest.xml c. Register: [root@eucalyptus-front euca-centos-5.3-i386]# euca-register imagebucket/centos.53.x86.img.manifest.xml IMAGE emi-3EE71249 d. You may want to check the image which you have registered by; [root@eucalyptus-front euca-centos-5.3-i386]# euca-describe-images IMAGE eri-E83A14C7 ramdisk-bucket/initrd.img-2.6.24-19xen.manifest.xml admin available public i386 ramdisk instance-store IMAGE emi-3EE71249 image-bucket/centos.5-3.x86.img.manifest.xml admin available public x86_64 machine eki-90461383 eri-E83A14C7 instance-store IMAGE eki-90461383 kernel-bucket/vmlinuz-2.6.24-19-xen.manifest.xml admin available public i386 kernel instance-store

C. Configuring DHCP server on the Front-End: On the Front-End system, configure DHCP server so that IP's could be assigned automatically when an instance is run;

1. Copy the sample configuration file of DHCP under /etc/ [root@eucalyptus-front /]# cp /usr/share/doc/dhcp*/dhcpd.conf /etc/dhcpd.conf 2. Make the required changes; eg. I made the following entries (you may configure it to your need); /etc/dhcpd.conf ddns-update-style interim; ignore client-updates; subnet 172.16.20.0 netmask 255.255.255.0 { # --- default gateway # option routers 172.16.20.1; option subnet-mask 255.255.255.0; # option nis-domain "domain.org"; # option domain-name "domain.org"; option domain-name-servers 172.16.20.234; # option time-offset -18000; # Eastern Standard Time # option ntp-servers 192.168.1.1; # option netbios-name-servers 192.168.1.1; # --- Selects point-to-point node (default is hybrid). Don't change this unless # -- you understand Netbios very well # option netbios-node-type 2; range dynamic-bootp 172.16.20.236 172.16.20.240; default-lease-time 21600; max-lease-time 43200; # # # # # # } # we want the nameserver to appear at a fixed address host ns { next-server marvin.redhat.com; hardware ethernet 12:34:56:78:AB:CD; fixed-address 207.175.42.254; }

3. Start the DHCP service as; [root@eucalyptus-front /]# service dhcpd configtest

[root@eucalyptus-front /]# service dhcpd start

Running a Machine Image:

Once everything has been done, its time now to run an image. Register youself with the Eucalyptus Private cloud using the Front-End GUI form (eg. https://172.16.20.234:8443/#apply). Once applied, you would see a message like the one below; "Thank you for signing up! Your request has been forwarded to the cloud administrator. If your application is approved, you will receive an email message (at the address you specified) with instructions for activating your account." The administrator on the other hand upon receiving the request may either "Approve" or "Reject" your request. On approval, you would receive an email containing the "link" to access Eucalyptus Front-End GUI.

To use the system with client tools, you need to obtain user credentials. Upon login, from the 'Credentials' tab, users can obtain two types of credentials: x509 certificates and query interface credentials. Use the 'Download Credentials' button to download a zip-file with both or click on the 'Show Keys' to see the query interface credentials. You will be able to use your credentials with Euca2ools, Amazon EC2 tools and third-party tools like rightscale.com. Create a directory to store your credentials, unpack the zipfile into it, and source the included 'eucarc'. 1. Assuming that your request has been approved. Login to GUI, click on the "Download Credentials" button to download the x509 certificates. Now on your system; do the following; unpack the zip-file into it, and source the included 'eucarc'.
mkdir ~/.euca

cd ~/.euca unzip euca2-test-x509.zip/euca2-test-x509.zip chmod 0700 ~/.euca

chmod 0600 *

2. [root@localhost .euca]# source eucarc 3. Create a private/public key pair;

[root@localhost .euca]# euca-add-keypair my_key > my_key.private

4. chmod 0600 my_key.private 5. View the key pair that has been created;

[root@localhost .euca]# euca-describe-keypairs KEYPAIR my_key ae:fc:15:bc:70:e0:31:e1:46:d5:66:0e:86:0c:89:80:7f:38:94:d8

6. Enter euca-authorize, followed by the name of the security group, and the options of the network rules you want to apply.

euca-authorize <security_group> I have allowed the security group default with unlimited network access using SSH (TCP, port 22) and remote desktop (TCP, port 3389):
[root@localhost .euca]# euca-authorize -P tcp -p 22 -s 0.0.0.0/0 default

default None None tcp 22 22 0.0.0.0/0 GROUP default

PERMISSION default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 [root@localhost .euca]# euca-authorize -P tcp -p 3389 -s 0.0.0.0/0 default default None None tcp 3389 3389 0.0.0.0/0 GROUP default PERMISSION default ALLOWS tcp 3389 3389 FROM CIDR 0.0.0.0/0 7. Now, check the available images; [root@localhost .euca]# euca-describe-images IMAGE eri-E83A14C7 ramdisk-bucket/initrd.img-2.6.24-19xen.manifest.xml admin available

public i386 ramdisk instance-store IMAGE emi-3EE71249 image-bucket/centos.5-3.x86.img.manifest.xml admin available public x86_64 machine eki-90461383 eri-E83A14C7 instance-store IMAGE eki-90461383 kernel-bucket/vmlinuz-2.6.24-19-xen.manifest.xml admin available public i386 kernel instance-store (The value at the second column in the second row is your machine image ID, you would use this ID to get into the cloud) 8. Now run the machine image with the private key you have created; [root@localhost .euca]# euca-run-instances -k my_key emi-3EE71249 RESERVATION r-3C1B081B test test-default INSTANCE i-38C4066D emi-3EE71249 0.0.0.0 0.0.0.0 pending my_key 2012-0417T09:57:25.031Z eki-90461383 eri-E83A14C7 9. Check the state of the instance; [root@localhost .euca]# euca-describe-instances RESERVATION r-3C1B081B test default INSTANCE i-38C4066D emi-3EE71249 172.16.20.238 172.16.20.238 running my_key 0 m1.small 2012-04-17T09:57:25.031Z eucluster eki-90461383 eri-E83A14C7 10. Once you see the status as running, you can login to your Cloud Instance; [root@localhost .euca]# ssh -i my_key.private root@172.16.20.238 The authenticity of host '172.16.20.238 (172.16.20.238)' can't be established. RSA key fingerprint is d9:53:41:68:42:91:9a:83:3e:5e:af:72:20:7a:f3:08. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.20.238' (RSA) to the list of known hosts. -bash-3.2# cat /etc/redhat-release CentOS release 5.3 (Final) -----***-----

Cheers !!! :) Happy Cloud Computing !