CloudStack is an open-source cloud computing platform similar with both OpenNebula And OpenStack .
Managment Server
service iptables stop
chkconfig iptables off
echo " HOSTNAME=controller.example.com" > /etc/hostname
cat /etc/hostname
echo "142.0.42.46 controller.example.com controller " >> /etc/hosts
echo " HOSTNAME=controller.example.com" >> /etc/sysconfig/network
cat /etc/hosts
hostname controller.example.com
hostname
ping -c 3 controller
yum install -y yum-plugin-priorities gedit curl wget nc
yum -y install policycoreutils setroubleshoot
sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/sysconfig/selinux
sed -i "s/SELINUX=disabled/SELINUX=permissive/g" /etc/sysconfig/selinux
setenforce 0
# vi /etc/yum.repos.d/cloudstack.repo
[cloudstack]
name=cloudstack
baseurl=http://cloudstack.apt-get.eu/rhel/4.2/
enabled=1
gpgcheck=0
yum -y install ntp
service ntpd start
chkconfig ntpd on
yum -y install mysql mysql-server MySQL-python
service mysqld start
chkconfig mysqld on
mysql_install_db
mysql_secure_installation
Downloading vhd-util
wget http://download.cloud.com.s3.amazonaws.com/tools/vhd-util
If the Management Server is RHEL or CentOS, copy vhd-util to /usr/lib64/cloud/common/scripts/vm/hypervisor/xenserver.
If the Management Server is Ubuntu, copy vhd-util to /usr/lib/cloud/common/scripts/vm/hypervisor/xenserver/vhd-util.
yum -y install cloud-client
cloudstack-setup-databases cloud:cloud@localhost --deploy-as=root:mysql-password -i 142.0.42.46
cloudstack-setup-management
Mostly my default the the Dashboard password will be admin and password.
yum -y install nfs-utils
mkdir -p /export/primary
mkdir -p /export/secondary
vi /etc/exports
/export *(rw,async,no_root_squash,no_subtree_check)
# vi /etc/sysconfig/nfs
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020
service rpcbind start
service nfs start
chkconfig nfs on
chkconfig rpcbind on
mkdir -p /mnt/primary
mkdir -p /mnt/secondary
mount -t nfs 142.0.42.46:/export/primary /mnt/primary
mount -t nfs 142.0.42.46:/export/secondary /mnt/secondary
Create a System virtual machine template, you also can get it from official site.
Usage: cloud-install-sys-tmplt: -m <secondary storage mount point> -f <system vm template file> [-h <hypervisor name: kvm|vmware|xenserver> ] [ -s <mgmt server secret key, if you specified any when running cloudstack-setup-database, default is password>][-u <Url to system vm template>] [-F <clean up system templates of specified hypervisor>] [-e <Template suffix, e.g vhd, ova, qcow2>] [-o <Database server hostname or ip, e.g localhost>] [-r <Database user name, e.g root>] [-d <Database password. Fllowed by nothing if the password is empty>]
or
cloud-install-sys-tmplt: -m <secondary storage mount point> -u <http url for system vm template> [-h <hypervisor name: kvm|vmware|xenserver> ] [ -s <mgmt server secret key>]
/usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://d21ifhcun6b1t2.cloudfront.net/templates/4.2/systemvmtemplate-2013-06-12-master-kvm.qcow2.bz2 -h kvm -s -F
On The Compute Node
service iptables stop
chkconfig iptables off
echo " HOSTNAME=compute.example.com" > /etc/hostname
cat /etc/hostname
echo "142.0.42.46 compute.example.com controller " >> /etc/hosts
echo " HOSTNAME=compute.example.com" >> /etc/sysconfig/network
cat /etc/hosts
hostname compute.example.com
hostname
ping -c 3 controller
vi /etc/yum.repos.d/cloudstack.repo
[cloudstack]
name=cloudstack
baseurl=http://cloudstack.apt-get.eu/rhel/4.2/
enabled=1
gpgcheck=0
yum -y install ntp
yum -y install cloudstack-agent
yum -y install qemu-kvm
Modify the libvirt configuration files, remove the following comments, change the value of auth_tcp to “none”
vi /etc/libvirt/libvirtd.conf
listen_tls = 0
listen_tcp = 1
tcp_port = "16509"
auth_tcp = "none"
mdns_adv = 0
Thursday, February 27, 2014
OpenStack Installation And Configuring
The OpenStack project is an open source cloud computing platform for all types of clouds, which aims to be simple to implement, massively scalable, and feature rich. Developers and cloud computing technologists from around the world create the OpenStack project.
OpenStack provides an Infrastructure as a Service (IaaS) solution through a set of interrelated services. Each service offers an application programming interface (API) that facilitates this integration. Depending on your needs, you can install some or all services.
Dashboard ---Horizon
Compute ---Nova
Networking ---Neutron
Object Storage ---Swift
Block Storage ---Cinder
Identity Service---Keystone
Image Service ---Glance
Telemetry ---Ceilometer
Orchestration ---Heat
Dashboard : Horizon Provides a web-based self-service portal to interact with underlying OpenStack services, such as launching an instance, assigning IP addresses and configuring access controls.
Compute : Nova Manages the lifecycle of compute instances in an OpenStack environment. Responsibilities include spawning, scheduling and decomissioning of machines on demand.
Networking : Neutron Enables network connectivity as a service for other OpenStack services, such as OpenStack Compute. Provides an API for users to define networks and the attachments into them. Has a pluggable architecture that supports many popular networking vendors and technologies.
Storage
Object Storage : Swift Stores and retrieves arbitrary unstructured data objects via a RESTful, HTTP based API. It is highly fault tolerant with its data replication and scale out architecture. Its implementation is not like a file server with mountable directories.
Block Storage : Cinder Provides persistent block storage to running instances. Its pluggable driver architecture facilitates the creation and management of block storage devices.
Shared services
Identity Service : Keystone Provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
Image Service : Glance Stores and retrieves virtual machine disk images. OpenStack Compute makes use of this during instance provisioning.
Telemetry : Ceilometer Monitors and meters the OpenStack cloud for billing, benchmarking, scalability, and statistical purposes.
Higher-level services
Orchestration : Heat Orchestrates multiple composite cloud applications by using either the native HOT template format or the AWS CloudFormation template format, through both an OpenStack-native REST API and a CloudFormation-compatible Query API.
Please run a 64 bit Os in your compute node, else you will be having issue while creating Vm running 64 bit Os.
Steps Need to Done on the Controller Server
Networking
service iptables stop
chkconfig iptables off
/etc/sysconfig/network-scripts/ifcfg-eth0
# Internal Network
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes
/etc/sysconfig/network-scripts/ifcfg-eth1
# External Network
DEVICE=eth1
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.0.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes
service network restart
yum -y install policycoreutils setroubleshoot
setenforce 0
yum install -y euca2ools
yum install -y yum-plugin-priorities gedit curl wget nc
Setting Hostname
echo " HOSTNAME=controller" > /etc/hostname
cat /etc/hostname
echo "\n142.0.42.46 controller" >> /etc/hosts
cat /etc/hosts
hostname controller
hostname
ping -c 3 controller
Installing Ntpd Server
yum -y install ntp
service ntpd start
chkconfig ntpd on
Installing Mysql Server
yum -y install mysql mysql-server MySQL-python
service mysqld start
chkconfig mysqld on
mysql_install_db
mysql_secure_installation
set and remember the mysql root password, it will be needed through out further installation.
Installing OpenStack Yum Repos
rpm -ivUh http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm
rpm -ivUh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Installing OpenStack Packages
yum -y install openstack-utils
yum -y install openstack-selinux
yum -y install qpid-cpp-server memcached
vi /etc/qpidd.conf
auth=no
service qpidd start
chkconfig qpidd on
Installing And Configuring KeyStone
yum -y install openstack-keystone python-keystoneclient
The Identity Service uses a database to store information. Specify the location of the database in the configuration file. In this guide, we use a MySQL database on the controller node with the username keystone.
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:password@controller/keystone
Use the openstack-db command to create the database and tables, as well as a database user called keystone to connect to the database.
openstack-db --init --service keystone --password password
Define an authorization token to use as a shared secret between the Identity Service and other OpenStack services. Use openssl to generate a random token and store it in the configuration file:
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
By default, Keystone uses PKI tokens. Create the signing keys and certificates:
chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log
service openstack-keystone start
chkconfig openstack-keystone on
Define users, tenants, and roles
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://142.0.42.46:35357/v2.0
keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-create --name=admin --pass=password
keystone role-create --name=admin
keystone user-role-add --user=admin --tenant=admin --role=admin
[root@server ~]# keystone tenant-create --name=admin --description="Admin Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id | 56b2c2009ac4402996df23f85587eb60 |
| name | admin |
+-------------+----------------------------------+
[root@server ~]# keystone tenant-create --name=service --description="Service Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 48606f4b78024ba5b34f1854154be27e |
| name | service |
+-------------+----------------------------------+
[root@server ~]# keystone user-create --name=admin --pass=password
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 72d9b80b1e464558ab9f563241106a69 |
| name | admin |
+----------+----------------------------------+
[root@server ~]# keystone role-create --name=admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | ba0ed19af57f4122b4c43c8868bfb47c |
| name | admin |
+----------+----------------------------------+
[root@server ~]# keystone user-role-add --user=admin --tenant=admin --role=admin
Define services and API endpoints
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://142.0.42.46:5000/v2.0 --internalurl=http://142.0.42.46:5000/v2.0 --adminurl=http://142.0.42.46:35357/v2.0
[root@server ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Keystone Identity Service |
| id | 05c8b4bcd2b44b59a5f8a3a8cde43c2e |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@server ~]# keystone endpoint-create --service-id=05c8b4bcd2b44b59a5f8a3a8cde43c2e --publicurl=http://142.0.42.46:5000/v2.0 --internalurl=http://142.0.42.46:5000/v2.0 --adminurl=http://142.0.42.46:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://142.0.42.46:35357/v2.0 |
| id | c91bacef4e0549709109d102d26d940e |
| internalurl | http://142.0.42.46:5000/v2.0 |
| publicurl | http://142.0.42.46:5000/v2.0 |
| region | regionOne |
| service_id | 05c8b4bcd2b44b59a5f8a3a8cde43c2e |
+-------------+----------------------------------+
[root@server ~]#
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=password --os-auth-url=http://142.0.42.46:35357/v2.0 token-get
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://142.0.42.46:35357/v2.0 token-get
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://142.0.42.46:35357/v2.0
keystone token-get
keystone user-list
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| 72d9b80b1e464558ab9f563241106a69 | admin | True | |
+----------------------------------+-------+---------+-------+
[root@server ~]#
Install and Configure the Image Service
openstack-config --set /etc/glance/glance-api.conf sql connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf sql connection mysql://glance:password@controller/glance
openstack-db --init --service glance --password password
keystone user-create --name=glance --pass=password
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 903ccd5db7da45d9a15a52f37634652f |
| name | glance |
+----------+----------------------------------+
keystone user-role-add --user=glance --tenant=service --role=admin
Configure the Image Service to use the Identity Service for authentication.
Run the following commands and replace Password with the password you chose for the
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://142.0.42.46:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://142.0.42.46:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
On CentOS
cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
Edit each file to set the following options in the [filter:authtoken] section and leave any other existing option as it is.
[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
admin_user=glance
admin_tenant_name=service
admin_password=GLANCE_PASS
keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://142.0.42.46:9292 --internalurl=http://142.0.42.46:9292 --adminurl=http://142.0.42.46:9292
Output
[root@server ~]# keystone service-create --name=glance --type=image --description="Glance Image Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Glance Image Service |
| id | 75a7bef17f9b4329bb84aab14e3a01ae |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@server ~]# keystone endpoint-create --service-id=75a7bef17f9b4329bb84aab14e3a01ae --publicurl=http://142.0.42.46:9292 --internalurl=http://142.0.42.46:9292 --adminurl=http://142.0.42.46:9292
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://142.0.42.46:9292 |
| id | 10fb121e1190488a85341fe34d567c36 |
| internalurl | http://142.0.42.46:9292 |
| publicurl | http://142.0.42.46:9292 |
| region | regionOne |
| service_id | 75a7bef17f9b4329bb84aab14e3a01ae |
+-------------+----------------------------------+
[root@server ~]#
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
Verify the Image Service installation
mkdir images
cd images/
wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
glance image-list
[root@server ~]# cd images/
[root@server images]# wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
--2014-02-27 11:48:30-- http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
Resolving cdn.download.cirros-cloud.net... 204.188.136.134, 204.188.136.74, 2001:559:0:5a::1743:3c82, ...
Connecting to cdn.download.cirros-cloud.net|204.188.136.134|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13147648 (13M) [application/octet-stream]
Saving to: “cirros-0.3.1-x86_64-disk.img”
100%[===========================================================================================================>] 13,147,648 10.1M/s in 1.2s
2014-02-27 11:48:32 (10.1 MB/s) - “cirros-0.3.1-x86_64-disk.img” saved [13147648/13147648]
[root@server images]# glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | d972013792949d0d3ba628fbe8685bce |
| container_format | bare |
| created_at | 2014-02-27T16:50:47 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 886c9f6a-f38c-491d-a2b4-220cf90bd064 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | CirrOS 0.3.1 |
| owner | 56b2c2009ac4402996df23f85587eb60 |
| protected | False |
| size | 13147648 |
| status | active |
| updated_at | 2014-02-27T16:50:48 |
+------------------+--------------------------------------+
[root@server images]# glance image-list
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| 886c9f6a-f38c-491d-a2b4-220cf90bd064 | CirrOS 0.3.1 | qcow2 | bare | 13147648 | active |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
[root@server images]#
Install And Configure Compute controller service
yum -y install openstack-glance
openstack-config --set /etc/glance/glance-api.conf sql connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf sql connection mysql://glance:password@controller/glance
openstack-db --init --service glance --password password
Set the my_ip, vncserver_listen, and vncserver_proxyclient_address configuration options to the internal IP address of the controller node:
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 142.0.42.46
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 142.0.42.46
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 142.0.42.46
keystone user-create --name=nova --pass=password
keystone user-role-add --user=nova --tenant=service --role=admin
Configure Compute to use these credentials with the Identity Service running on the controller. Replace password with your Compute password.
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
Add the credentials to the /etc/nova/api-paste.ini file. Add these options to the [filter:authtoken] section:
You might sometimes have to edit .ini files during initial setup. However, do not edit these files for general configuration tasks.
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
auth_uri = http://controller:5000/v2.0
admin_tenant_name = service
admin_user = nova
admin_password = password
Ensure that the api_paste_config=/etc/nova/api-paste.ini option is set in the /etc/nova/nova.conf file.
keystone service-create --name=nova --type=compute --description="Nova Compute service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://controller:8774/v2/%\(tenant_id\)s --internalurl=http://controller:8774/v2/%\(tenant_id\)s --adminurl=http://controller:8774/v2/%\(tenant_id\)s
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on
nova image-list
+--------------------------------------+--------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------------+--------+--------+
| 886c9f6a-f38c-491d-a2b4-220cf90bd064 | CirrOS 0.3.1 | ACTIVE | |
+--------------------------------------+--------------+--------+--------+
[root@server images]#
Installing And Configuring the dashboard
yum -y install memcached python-memcached mod_wsgi openstack-dashboard
Update the ALLOWED_HOSTS in local_settings.py to include the addresses you wish to access the dashboard from.
Edit /etc/openstack-dashboard/local_settings:
ALLOWED_HOSTS = ['localhost', 'my-desktop', '*']
This guide assumes that you are running the Dashboard on the controller node. You can easily run the dashboard on a separate server, by changing the appropriate settings in local_settings.py.
Edit /etc/openstack-dashboard/local_settings and change OPENSTACK_HOST to the hostname of your Identity Service:
OPENSTACK_HOST = "controller"
Start the Apache web server and memcached:
service httpd start
service memcached start
chkconfig httpd on
chkconfig memcached on
You can now access the dashboard at http://controller/dashboard .
Configure a Compute node
yum -y install openstack-nova-compute
Edit the /etc/nova/nova.conf configuration file:
# openstack-config --set /etc/nova/nova.conf database connection mysql://nova:NOVA_DBPASS@controller/nova
# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password NOVA_PASS
Configure Compute to provide remote console access to instances.
# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.0.11
# openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.0.11
# openstack-config --set /etc/nova/nova.conf \
DEFAULT novncproxy_base_url http://controller:6080/vnc_auto.html
Specify the host that runs the Image Service.
# openstack-config --set /etc/nova/nova.conf DEFAULT glance_host controller
Edit the /etc/nova/api-paste.ini file to add the credentials to the [filter:authtoken] section
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
Start the Compute service and configure it to start when the system boots.
# service libvirtd start
# service messagebus start
# chkconfig libvirtd on
# chkconfig messagebus on
# service openstack-nova-compute start
# chkconfig openstack-nova-compute on
OpenStack provides an Infrastructure as a Service (IaaS) solution through a set of interrelated services. Each service offers an application programming interface (API) that facilitates this integration. Depending on your needs, you can install some or all services.
Dashboard ---Horizon
Compute ---Nova
Networking ---Neutron
Object Storage ---Swift
Block Storage ---Cinder
Identity Service---Keystone
Image Service ---Glance
Telemetry ---Ceilometer
Orchestration ---Heat
Dashboard : Horizon Provides a web-based self-service portal to interact with underlying OpenStack services, such as launching an instance, assigning IP addresses and configuring access controls.
Compute : Nova Manages the lifecycle of compute instances in an OpenStack environment. Responsibilities include spawning, scheduling and decomissioning of machines on demand.
Networking : Neutron Enables network connectivity as a service for other OpenStack services, such as OpenStack Compute. Provides an API for users to define networks and the attachments into them. Has a pluggable architecture that supports many popular networking vendors and technologies.
Storage
Object Storage : Swift Stores and retrieves arbitrary unstructured data objects via a RESTful, HTTP based API. It is highly fault tolerant with its data replication and scale out architecture. Its implementation is not like a file server with mountable directories.
Block Storage : Cinder Provides persistent block storage to running instances. Its pluggable driver architecture facilitates the creation and management of block storage devices.
Shared services
Identity Service : Keystone Provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
Image Service : Glance Stores and retrieves virtual machine disk images. OpenStack Compute makes use of this during instance provisioning.
Telemetry : Ceilometer Monitors and meters the OpenStack cloud for billing, benchmarking, scalability, and statistical purposes.
Higher-level services
Orchestration : Heat Orchestrates multiple composite cloud applications by using either the native HOT template format or the AWS CloudFormation template format, through both an OpenStack-native REST API and a CloudFormation-compatible Query API.
Please run a 64 bit Os in your compute node, else you will be having issue while creating Vm running 64 bit Os.
Steps Need to Done on the Controller Server
Networking
service iptables stop
chkconfig iptables off
/etc/sysconfig/network-scripts/ifcfg-eth0
# Internal Network
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes
/etc/sysconfig/network-scripts/ifcfg-eth1
# External Network
DEVICE=eth1
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.0.0.10
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes
service network restart
yum -y install policycoreutils setroubleshoot
setenforce 0
yum install -y euca2ools
yum install -y yum-plugin-priorities gedit curl wget nc
Setting Hostname
echo " HOSTNAME=controller" > /etc/hostname
cat /etc/hostname
echo "\n142.0.42.46 controller" >> /etc/hosts
cat /etc/hosts
hostname controller
hostname
ping -c 3 controller
Installing Ntpd Server
yum -y install ntp
service ntpd start
chkconfig ntpd on
Installing Mysql Server
yum -y install mysql mysql-server MySQL-python
service mysqld start
chkconfig mysqld on
mysql_install_db
mysql_secure_installation
set and remember the mysql root password, it will be needed through out further installation.
Installing OpenStack Yum Repos
rpm -ivUh http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm
rpm -ivUh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Installing OpenStack Packages
yum -y install openstack-utils
yum -y install openstack-selinux
yum -y install qpid-cpp-server memcached
vi /etc/qpidd.conf
auth=no
service qpidd start
chkconfig qpidd on
Installing And Configuring KeyStone
yum -y install openstack-keystone python-keystoneclient
The Identity Service uses a database to store information. Specify the location of the database in the configuration file. In this guide, we use a MySQL database on the controller node with the username keystone.
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:password@controller/keystone
Use the openstack-db command to create the database and tables, as well as a database user called keystone to connect to the database.
openstack-db --init --service keystone --password password
Define an authorization token to use as a shared secret between the Identity Service and other OpenStack services. Use openssl to generate a random token and store it in the configuration file:
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
By default, Keystone uses PKI tokens. Create the signing keys and certificates:
chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log
service openstack-keystone start
chkconfig openstack-keystone on
Define users, tenants, and roles
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://142.0.42.46:35357/v2.0
keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-create --name=admin --pass=password
keystone role-create --name=admin
keystone user-role-add --user=admin --tenant=admin --role=admin
[root@server ~]# keystone tenant-create --name=admin --description="Admin Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id | 56b2c2009ac4402996df23f85587eb60 |
| name | admin |
+-------------+----------------------------------+
[root@server ~]# keystone tenant-create --name=service --description="Service Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 48606f4b78024ba5b34f1854154be27e |
| name | service |
+-------------+----------------------------------+
[root@server ~]# keystone user-create --name=admin --pass=password
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 72d9b80b1e464558ab9f563241106a69 |
| name | admin |
+----------+----------------------------------+
[root@server ~]# keystone role-create --name=admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | ba0ed19af57f4122b4c43c8868bfb47c |
| name | admin |
+----------+----------------------------------+
[root@server ~]# keystone user-role-add --user=admin --tenant=admin --role=admin
Define services and API endpoints
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://142.0.42.46:5000/v2.0 --internalurl=http://142.0.42.46:5000/v2.0 --adminurl=http://142.0.42.46:35357/v2.0
[root@server ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Keystone Identity Service |
| id | 05c8b4bcd2b44b59a5f8a3a8cde43c2e |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@server ~]# keystone endpoint-create --service-id=05c8b4bcd2b44b59a5f8a3a8cde43c2e --publicurl=http://142.0.42.46:5000/v2.0 --internalurl=http://142.0.42.46:5000/v2.0 --adminurl=http://142.0.42.46:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://142.0.42.46:35357/v2.0 |
| id | c91bacef4e0549709109d102d26d940e |
| internalurl | http://142.0.42.46:5000/v2.0 |
| publicurl | http://142.0.42.46:5000/v2.0 |
| region | regionOne |
| service_id | 05c8b4bcd2b44b59a5f8a3a8cde43c2e |
+-------------+----------------------------------+
[root@server ~]#
Verify the Identity Service installation
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=password --os-auth-url=http://142.0.42.46:35357/v2.0 token-get
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://142.0.42.46:35357/v2.0 token-get
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://142.0.42.46:35357/v2.0
keystone token-get
keystone user-list
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| 72d9b80b1e464558ab9f563241106a69 | admin | True | |
+----------------------------------+-------+---------+-------+
[root@server ~]#
Install and Configure the Image Service
openstack-config --set /etc/glance/glance-api.conf sql connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf sql connection mysql://glance:password@controller/glance
openstack-db --init --service glance --password password
keystone user-create --name=glance --pass=password
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 903ccd5db7da45d9a15a52f37634652f |
| name | glance |
+----------+----------------------------------+
keystone user-role-add --user=glance --tenant=service --role=admin
Configure the Image Service to use the Identity Service for authentication.
Run the following commands and replace Password with the password you chose for the
glance user in the Identity Service:openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://142.0.42.46:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://142.0.42.46:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password password
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
On CentOS
cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
Edit each file to set the following options in the [filter:authtoken] section and leave any other existing option as it is.
[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
admin_user=glance
admin_tenant_name=service
admin_password=GLANCE_PASS
keystone service-create --name=glance --type=image --description="Glance Image Service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://142.0.42.46:9292 --internalurl=http://142.0.42.46:9292 --adminurl=http://142.0.42.46:9292
Output
[root@server ~]# keystone service-create --name=glance --type=image --description="Glance Image Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Glance Image Service |
| id | 75a7bef17f9b4329bb84aab14e3a01ae |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@server ~]# keystone endpoint-create --service-id=75a7bef17f9b4329bb84aab14e3a01ae --publicurl=http://142.0.42.46:9292 --internalurl=http://142.0.42.46:9292 --adminurl=http://142.0.42.46:9292
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://142.0.42.46:9292 |
| id | 10fb121e1190488a85341fe34d567c36 |
| internalurl | http://142.0.42.46:9292 |
| publicurl | http://142.0.42.46:9292 |
| region | regionOne |
| service_id | 75a7bef17f9b4329bb84aab14e3a01ae |
+-------------+----------------------------------+
[root@server ~]#
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
Verify the Image Service installation
mkdir images
cd images/
wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
glance image-list
[root@server ~]# cd images/
[root@server images]# wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
--2014-02-27 11:48:30-- http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
Resolving cdn.download.cirros-cloud.net... 204.188.136.134, 204.188.136.74, 2001:559:0:5a::1743:3c82, ...
Connecting to cdn.download.cirros-cloud.net|204.188.136.134|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13147648 (13M) [application/octet-stream]
Saving to: “cirros-0.3.1-x86_64-disk.img”
100%[===========================================================================================================>] 13,147,648 10.1M/s in 1.2s
2014-02-27 11:48:32 (10.1 MB/s) - “cirros-0.3.1-x86_64-disk.img” saved [13147648/13147648]
[root@server images]# glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | d972013792949d0d3ba628fbe8685bce |
| container_format | bare |
| created_at | 2014-02-27T16:50:47 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 886c9f6a-f38c-491d-a2b4-220cf90bd064 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | CirrOS 0.3.1 |
| owner | 56b2c2009ac4402996df23f85587eb60 |
| protected | False |
| size | 13147648 |
| status | active |
| updated_at | 2014-02-27T16:50:48 |
+------------------+--------------------------------------+
[root@server images]# glance image-list
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| 886c9f6a-f38c-491d-a2b4-220cf90bd064 | CirrOS 0.3.1 | qcow2 | bare | 13147648 | active |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
[root@server images]#
Install And Configure Compute controller service
yum -y install openstack-glance
openstack-config --set /etc/glance/glance-api.conf sql connection mysql://glance:password@controller/glance
openstack-config --set /etc/glance/glance-registry.conf sql connection mysql://glance:password@controller/glance
openstack-db --init --service glance --password password
Set the my_ip, vncserver_listen, and vncserver_proxyclient_address configuration options to the internal IP address of the controller node:
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 142.0.42.46
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 142.0.42.46
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 142.0.42.46
keystone user-create --name=nova --pass=password
keystone user-role-add --user=nova --tenant=service --role=admin
Configure Compute to use these credentials with the Identity Service running on the controller. Replace password with your Compute password.
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password password
Add the credentials to the /etc/nova/api-paste.ini file. Add these options to the [filter:authtoken] section:
You might sometimes have to edit .ini files during initial setup. However, do not edit these files for general configuration tasks.
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
auth_uri = http://controller:5000/v2.0
admin_tenant_name = service
admin_user = nova
admin_password = password
Ensure that the api_paste_config=/etc/nova/api-paste.ini option is set in the /etc/nova/nova.conf file.
keystone service-create --name=nova --type=compute --description="Nova Compute service"
keystone endpoint-create --service-id=the_service_id_above --publicurl=http://controller:8774/v2/%\(tenant_id\)s --internalurl=http://controller:8774/v2/%\(tenant_id\)s --adminurl=http://controller:8774/v2/%\(tenant_id\)s
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on
nova image-list
+--------------------------------------+--------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------------+--------+--------+
| 886c9f6a-f38c-491d-a2b4-220cf90bd064 | CirrOS 0.3.1 | ACTIVE | |
+--------------------------------------+--------------+--------+--------+
[root@server images]#
Installing And Configuring the dashboard
yum -y install memcached python-memcached mod_wsgi openstack-dashboard
Update the ALLOWED_HOSTS in local_settings.py to include the addresses you wish to access the dashboard from.
Edit /etc/openstack-dashboard/local_settings:
ALLOWED_HOSTS = ['localhost', 'my-desktop', '*']
This guide assumes that you are running the Dashboard on the controller node. You can easily run the dashboard on a separate server, by changing the appropriate settings in local_settings.py.
Edit /etc/openstack-dashboard/local_settings and change OPENSTACK_HOST to the hostname of your Identity Service:
OPENSTACK_HOST = "controller"
Start the Apache web server and memcached:
service httpd start
service memcached start
chkconfig httpd on
chkconfig memcached on
You can now access the dashboard at http://controller/dashboard .
Configure a Compute node
yum -y install openstack-nova-compute
Edit the /etc/nova/nova.conf configuration file:
# openstack-config --set /etc/nova/nova.conf database connection mysql://nova:NOVA_DBPASS@controller/nova
# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password NOVA_PASS
- Configure the Compute Service to use the Qpid message broker by setting these configuration keys:
# openstack-config --set /etc/nova/nova.conf \ DEFAULT rpc_backend nova.openstack.common.rpc.impl_qpid # openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname
controller
Configure Compute to provide remote console access to instances.
# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.0.11
# openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.0.11
# openstack-config --set /etc/nova/nova.conf \
DEFAULT novncproxy_base_url http://controller:6080/vnc_auto.html
Specify the host that runs the Image Service.
# openstack-config --set /etc/nova/nova.conf DEFAULT glance_host controller
Edit the /etc/nova/api-paste.ini file to add the credentials to the [filter:authtoken] section
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
Start the Compute service and configure it to start when the system boots.
# service libvirtd start
# service messagebus start
# chkconfig libvirtd on
# chkconfig messagebus on
# service openstack-nova-compute start
# chkconfig openstack-nova-compute on
Tuesday, February 25, 2014
Mysql-Backup-script
===Mysql-Backup-script===
\#!/bin/sh
datum=`/bin/date +%Y%m%d-%H`
/usr/bin/mysqladmin --user=root --password=yourrootsqlpassword stop-slave
/usr/bin/mysqldump --user=root --password=yourrootsqlpassword --lock-all-tables \
--all-databases > /home/sqlbackup/backup-${datum}.sql
/usr/bin/mysqladmin --user=root --password=yourrootsqlpassword start-slave
for file in "$( /usr/bin/find /home/sqlbackup -type f -mtime +2 )"
do
/bin/rm -f $file
done
exit 0
=======================================
MHOST=localhost
MUSER=backup
MPASS=OwBPimRc
BACKUPDIR="/mnt/backup"
MYSQL="$(which mysql)"
MYSQLDUMP="$(which mysqldump)"
GZIP="$(which gzip)"
DBPREFIX="$(hostname -s).mysqldb"
echo "Run MySQL backup"
DBS="$($MYSQL -u $MUSER -h $MHOST -p$MPASS -Bse 'show databases')"
for db in $DBS
do
FILE=${BACKUPDIR}/${DBPREFIX}.${db}.`date +%Y%m%d`.gz
$MYSQLDUMP --no-tablespaces --skip-lock-tables -u $MUSER -h $MHOST -p$MPASS $db | $GZIP -9 > $FILE
done
find -name "${BACKUPDIR}/${DBPREFIX}*" -type f -mtime +10 -exec rm -f '{}' ';'
\#!/bin/sh
datum=`/bin/date +%Y%m%d-%H`
/usr/bin/mysqladmin --user=root --password=yourrootsqlpassword stop-slave
/usr/bin/mysqldump --user=root --password=yourrootsqlpassword --lock-all-tables \
--all-databases > /home/sqlbackup/backup-${datum}.sql
/usr/bin/mysqladmin --user=root --password=yourrootsqlpassword start-slave
for file in "$( /usr/bin/find /home/sqlbackup -type f -mtime +2 )"
do
/bin/rm -f $file
done
exit 0
=======================================
MHOST=localhost
MUSER=backup
MPASS=OwBPimRc
BACKUPDIR="/mnt/backup"
MYSQL="$(which mysql)"
MYSQLDUMP="$(which mysqldump)"
GZIP="$(which gzip)"
DBPREFIX="$(hostname -s).mysqldb"
echo "Run MySQL backup"
DBS="$($MYSQL -u $MUSER -h $MHOST -p$MPASS -Bse 'show databases')"
for db in $DBS
do
FILE=${BACKUPDIR}/${DBPREFIX}.${db}.`date +%Y%m%d`.gz
$MYSQLDUMP --no-tablespaces --skip-lock-tables -u $MUSER -h $MHOST -p$MPASS $db | $GZIP -9 > $FILE
done
find -name "${BACKUPDIR}/${DBPREFIX}*" -type f -mtime +10 -exec rm -f '{}' ';'
Nagios- Setting up
Nagios client Side setting
=============
cd /usr/local/src/
mkdir nagios
cd nagios
useradd nagios
wget http://pkgs.fedoraproject.org/repo/pkgs/nagios-plugins/nagios-plugins-1.4.16.tar.gz/862f5e44fb5bc65ce7e5d86d654d4da0/nagios-plugins-1.4.16.tar.gz
tar -xzf nagios-plugins-1.4.16.tar.gz
cd nagios-plugins-1.4.16
export LDFLAGS=-ldl
./configure --with-nagios-user=nagios --with-nagios-group=nagios --enable-redhat-pthread-workaround --enable-ssl
make
make install
cd ..
Nrpe
========
wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.13/nrpe-2.13.tar.gz/download
tar -xzf nrpe-2.13.tar.gz
cd nrpe-2.13
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd
yum install xinetd
service xinetd restart
echo "nrpe 5666/tcp # NRPE" >> /etc/services
Open The Port 5666 in csf if its installed .
===========
Now add IP to allowed_hosts in following files
/etc/xinet.d/nrpe
/usr/local/nagios/etc/nrpe.cfg
ADD port 5666 in /etc/csf/csf.conf file TCP_IN section and restart
firewall
passwd nagios
CREATE USER 'nagios'@'IP' IDENTIFIED BY 'password@666#';
CREATE USER 'nagios'@'127.0.0.1' IDENTIFIED BY 'password@666#';
UPDATE mysql.user SET Password=PASSWORD('new-password-here') WHERE User='user-name-here' AND Host='host-name-here';
define service{
use local-service ; Name of service template to use
host_name sample.example.com
service_description mySQL
is_volatile 0
check_period 24x7
max_check_attempts 20
normal_check_interval 5
retry_check_interval 1
notification_options w,u,c,r
notification_interval 960
notification_period 24x7
check_command check_mysql!nagios!password@666#
}
=============
cd /usr/local/src/
mkdir nagios
cd nagios
useradd nagios
wget http://pkgs.fedoraproject.org/repo/pkgs/nagios-plugins/nagios-plugins-1.4.16.tar.gz/862f5e44fb5bc65ce7e5d86d654d4da0/nagios-plugins-1.4.16.tar.gz
tar -xzf nagios-plugins-1.4.16.tar.gz
cd nagios-plugins-1.4.16
export LDFLAGS=-ldl
./configure --with-nagios-user=nagios --with-nagios-group=nagios --enable-redhat-pthread-workaround --enable-ssl
make
make install
cd ..
Nrpe
========
wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.13/nrpe-2.13.tar.gz/download
tar -xzf nrpe-2.13.tar.gz
cd nrpe-2.13
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd
yum install xinetd
service xinetd restart
echo "nrpe 5666/tcp # NRPE" >> /etc/services
Open The Port 5666 in csf if its installed .
===========
Now add IP to allowed_hosts in following files
/etc/xinet.d/nrpe
/usr/local/nagios/etc/nrpe.cfg
ADD port 5666 in /etc/csf/csf.conf file TCP_IN section and restart
firewall
passwd nagios
CREATE USER 'nagios'@'IP' IDENTIFIED BY 'password@666#';
CREATE USER 'nagios'@'127.0.0.1' IDENTIFIED BY 'password@666#';
UPDATE mysql.user SET Password=PASSWORD('new-password-here') WHERE User='user-name-here' AND Host='host-name-here';
define service{
use local-service ; Name of service template to use
host_name sample.example.com
service_description mySQL
is_volatile 0
check_period 24x7
max_check_attempts 20
normal_check_interval 5
retry_check_interval 1
notification_options w,u,c,r
notification_interval 960
notification_period 24x7
check_command check_mysql!nagios!password@666#
}
Sunday, February 23, 2014
NTPD - cap_set_proc() failed to drop root privileges: Operation not permitted
Problem description
NTPD doesn't start on a virtual machine:
service ntpd status
ntpd dead but pid file exists
service ntpd restart
Shutting down ntpd: [FAILED]
Starting ntpd: [ OK ]
tail /var/log/messages
... cap_set_proc() failed to drop root privileges: Operation not permitted
Resolution
vi /etc/sysconfig/ntpd
locate the following line and comment it out:
# OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g"
Now the restart will work:
service ntpd start
NTPD doesn't start on a virtual machine:
service ntpd status
ntpd dead but pid file exists
service ntpd restart
Shutting down ntpd: [FAILED]
Starting ntpd: [ OK ]
tail /var/log/messages
... cap_set_proc() failed to drop root privileges: Operation not permitted
Resolution
vi /etc/sysconfig/ntpd
locate the following line and comment it out:
# OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g"
Now the restart will work:
service ntpd start
Tuesday, February 18, 2014
Amazon Web Services --Aws
Amazon Web Services (abbreviated AWS) is a collection of remote computing services (also called web services) that together make up a cloud computing platform, offered over the Internet by Amazon.com. The most central and well-known of these services are Amazon EC2 and Amazon S3. The service is advertised as providing a large computing capacity (potentially many servers) much faster and cheaper than building a physical server farm.
Amazon Elastic Compute Cloud (EC2) is a central part of Amazon.com's cloud computing platform, Amazon Web Services (AWS). EC2 allows users to rent virtual computers on which to run their own computer applications. EC2 allows scalable deployment of applications by providing a Web service through which a user can boot an Amazon Machine Image to create a virtual machine, which Amazon calls an "instance", containing any software desired. A user can create, launch, and terminate server instances as needed, paying by the hour for active servers, hence the term "elastic". EC2 provides users with control over the geographical location of instances that allows for latency optimization and high levels of redundancy.
Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need.
An AMI includes the following:
A template for the root volume for the instance (for example, an operating system, an application server, and applications)
Launch permissions that control which AWS accounts can use the AMI to launch instances
A block device mapping that specifies the volumes to attach to the instance when it's launched
Amazon Simple Storage Service , Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers.
Amazon S3 provides a simple web-services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, secure, fast, inexpensive infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to developers.
The Ami of an Instance will be running in an storage known as ephemeral, in which none of the datas are stored and once the instance is terminated the Data's or the modification to the instance AMI are lost.
Anything that is not stored on an ebs volume that is mounted to the instance will be lost. For instance, if you mount your ebs volume at /mystuff, then anything not in /mystuff will be lost. If you don't mount an ebs volume and save stuff on it, then I believe everything will be lost.
You can create an AMI from your current machine state, which will contain everything in your ephemeral storage. Then, when you launch a new instance based on that AMI it will contain everything as it is now.
Note that there is a difference between "stop" and "terminate". If you "stop" an instance that is backed by EBS then the information on the root volume will still be in the same state when you "start" the machine again. If you "terminate" the machine, then even if it is backed by EBS it is gone. Creating the AMI will save that state for you and allow you to start a new instance to replace a terminated instance.
Amazon Elastic Block Storage (EBS) provides raw block devices that can be attached to Amazon EC2 instances. These block devices can then be used like any raw block device. In a typical use case, this would include formatting the device with a filesystem and mounting said filesystem. In addition EBS supports a number of advanced storage features, including snapshotting and cloning. Currently EBS volumes can be up to 1TB in size. EBS volumes are built on replicated back end storage, so that the failure of a single component will not cause data loss.
Amazon CloudWatch provides monitoring for AWS cloud resources and the applications customers run on AWS.Amazon CloudWatch monitors AWS resources such as Amazon EC2 and Amazon RDS DB instances, and can also monitor custom metrics generated by a customer’s applications and services. With Amazon CloudWatch, you gain system-wide visibility into resource utilization, application performance, and operational health.
Amazon's elastic IP address feature is similar to static IP address in traditional data centers, with one key difference. A user can programmatically map an elastic IP address to any virtual machine instance without a network administrator's help and without having to wait for DNS to propagate the new binding. In this sense an Elastic IP Address belongs to the account and not to a virtual machine instance. It exists until it is explicitly removed, and remains associated with the account even while it is associated with no instance.
Amazon Elastic Compute Cloud (EC2) is a central part of Amazon.com's cloud computing platform, Amazon Web Services (AWS). EC2 allows users to rent virtual computers on which to run their own computer applications. EC2 allows scalable deployment of applications by providing a Web service through which a user can boot an Amazon Machine Image to create a virtual machine, which Amazon calls an "instance", containing any software desired. A user can create, launch, and terminate server instances as needed, paying by the hour for active servers, hence the term "elastic". EC2 provides users with control over the geographical location of instances that allows for latency optimization and high levels of redundancy.
Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need.
An AMI includes the following:
A template for the root volume for the instance (for example, an operating system, an application server, and applications)
Launch permissions that control which AWS accounts can use the AMI to launch instances
A block device mapping that specifies the volumes to attach to the instance when it's launched
Amazon Simple Storage Service , Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers.
Amazon S3 provides a simple web-services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, secure, fast, inexpensive infrastructure that Amazon uses to run its own global network of web sites. The service aims to maximize benefits of scale and to pass those benefits on to developers.
The Ami of an Instance will be running in an storage known as ephemeral, in which none of the datas are stored and once the instance is terminated the Data's or the modification to the instance AMI are lost.
Anything that is not stored on an ebs volume that is mounted to the instance will be lost. For instance, if you mount your ebs volume at /mystuff, then anything not in /mystuff will be lost. If you don't mount an ebs volume and save stuff on it, then I believe everything will be lost.
You can create an AMI from your current machine state, which will contain everything in your ephemeral storage. Then, when you launch a new instance based on that AMI it will contain everything as it is now.
Note that there is a difference between "stop" and "terminate". If you "stop" an instance that is backed by EBS then the information on the root volume will still be in the same state when you "start" the machine again. If you "terminate" the machine, then even if it is backed by EBS it is gone. Creating the AMI will save that state for you and allow you to start a new instance to replace a terminated instance.
Amazon Elastic Block Storage (EBS) provides raw block devices that can be attached to Amazon EC2 instances. These block devices can then be used like any raw block device. In a typical use case, this would include formatting the device with a filesystem and mounting said filesystem. In addition EBS supports a number of advanced storage features, including snapshotting and cloning. Currently EBS volumes can be up to 1TB in size. EBS volumes are built on replicated back end storage, so that the failure of a single component will not cause data loss.
Amazon CloudWatch provides monitoring for AWS cloud resources and the applications customers run on AWS.Amazon CloudWatch monitors AWS resources such as Amazon EC2 and Amazon RDS DB instances, and can also monitor custom metrics generated by a customer’s applications and services. With Amazon CloudWatch, you gain system-wide visibility into resource utilization, application performance, and operational health.
Amazon's elastic IP address feature is similar to static IP address in traditional data centers, with one key difference. A user can programmatically map an elastic IP address to any virtual machine instance without a network administrator's help and without having to wait for DNS to propagate the new binding. In this sense an Elastic IP Address belongs to the account and not to a virtual machine instance. It exists until it is explicitly removed, and remains associated with the account even while it is associated with no instance.
Subscribe to:
Posts (Atom)