一、实验环境:
主机名 IP(Static) 系统 配置 用途
master 192.168.220.190 CentOS-6.3-x86_64-minimal 2CPU,1G RAM,20G DISK,1网卡 管理节点
node01 192.168.220.191 CentOS-6.3-x86_64-minimal 2CPU,1G RAM,20G DISK,1网卡 计算节点
* 此例中CentOS-6.3-x86_64-minimal安装时选择中文安装,并设置好主机名和IP地址,时区为亚洲/上海,minimal版本为CentOS官方提供的最小化安装版本,许多软件包需要在线安装,下文中会逐步介绍。安装完成后重启系统并登陆。
OpenNebula3.8.3下载官网地址:http://dev.opennebula.org/packages/opennebula-3.8.3/opennebula-3.8.3.tar.gz
OpenNebula中文语言包:http://www.qyjohn.net/wp-content/uploads/2012/12/Chinese_zh_CN.tar
二、管理节点Opennebula的安装配置:
1.配置hosts文件
编辑/etc/hosts文件,将管理节点和计算节点IP主机名的对应关系加入其中
[root@Master ~]# vi /etc/hosts
192.168.220.190 master
192.168.220.191 node01
2.关闭selinux和iptables
[root@Master ~]# vi /etc/selinux/config
SELINUX=disabled
[root@Master ~]# iptables –F
[root@Master ~]# service iptables stop
[root@Master ~]# chkconfig iptables off
[root@Master ~]# reboot
3.安装需要的软件和编译工具
[root@Master ~]# yum -y install gcc gcc-c++ make wget libcurl-devel libxml2-devel xmlrpc-c-devel openssl-devel mysql-devel openssh pkgconfig ruby scons sqlite-devel xmlrpc-c java-1.7.0-openjdk-devel mysql-server rubygem-rake libxslt-devel expat-devel ruby-devel flex bison curl rubygems libvirt genisoimage
4.创建cloud组和oneadmin用户
这里设置oneadmin密码为chensh
[root@Master ~]# mkdir -p /srv/cloud/
[root@Master ~]# groupadd -g 10000 cloud
[root@Master ~]# useradd -u 10000 -g cloud -m oneadmin -d /srv/cloud/one -s /bin/bash
[root@Master ~]# passwd oneadmin
[root@Master ~]# chown -R oneadmin:cloud /srv/cloud/
5.配置libvirtd
编辑/etc/libvirt/libvirtd.conf配置libvirt,将操作权限授予给cloud组,并将listen_tcp = 1、unix_sock_rw_perms、auth_unix_ro、auth_unix_rw的“#”注释去掉。
[root@Master ~]# vi /etc/libvirt/libvirtd.conf
listen_tcp = 1
unix_sock_group = "cloud"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
编辑/etc/libvirt/qemu.conf,设置VNC:
[root@Master ~]# vi /etc/libvirt/qemu.conf
vnc_listen = “0.0.0.0″
user = "oneadmin" /*oneadmin用户管理虚拟机*/
group = "cloud"
dynamic_ownership = 0 /*禁止虚拟镜像动态调整所有权限*/
[root@Master ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/kvm
[root@Master ~]# chmod o-w /srv/cloud
重启libvirtd服务:
[root@Master ~]# /etc/init.d/libvirtd restart
[root@Master ~]# chown oneadmin:cloud /var/run/libvirt/libvirt-sock
6.Oneadmin用户配置无密钥登录认证
[root@Master ~]# su -l oneadmin
[oneadmin@Master ~]$ ssh-keygen
[oneadmin@Master ~]$ cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
[oneadmin@Master ~]$ echo "Host *" >> ~/.ssh/config
[oneadmin@Master ~]$ echo "StrictHostKeyChecking no" >> ~/.ssh/config
[oneadmin@Master ~]$ exit
7.安装和配置NFS服务
[root@Master ~]# yum -y install nfs-utils rpcbind nfs4-acl-tools
编辑/etc/exports文件:
[root@Master ~]# vi /etc/exports
增加一行内容:
/srv/cloud *(rw,sync,no_root_squash)
启动NFS和rpcbind服务:
[root@Master ~]# service nfs restart
[root@Master ~]# chkconfig nfs on
[root@Master ~]# service rpcbind restart
[root@Master ~]# chkconfig rpcbind on
8.安装MySQL及依赖的软件包
[root@Master ~]# yum -y install mysql-devel mysql-server
[root@Master ~]# service mysqld start
[root@Master ~]# chkconfig mysqld on
[root@Master ~]# mysql_secure_installation
Enter current password for root (enter for none): 回车
Set root password? [Y/n] y
New password: chensh
Re-enter new password: chensh
Password updated successfully!
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
9.创建Opennebula数据库
* MySQL的密码为chensh
[root@Master ~]# mysql -u root -p
mysql> CREATE USER 'oneadmin'@'localhost' IDENTIFIED BY 'oneadmin';
mysql> CREATE DATABASE opennebula;
mysql> GRANT ALL PRIVILEGES ON opennebula.* TO 'oneadmin' IDENTIFIED BY 'oneadmin';
mysql> flush privileges;
mysql> quit;
10.编译安装Opennebula3.8.3
上传opennebula-3.8.3.tar.gz到oneadmin用户目录下
[root@Master ~]# su -l oneadmin
[oneadmin@Master ~]$ wget http://dev.opennebula.org/packages/opennebula-3.8.3/opennebula-3.8.3.tar.gz
[oneadmin@Master ~]$ ls
opennebula-3.8.3.tar.gz
[oneadmin@Master ~]$ tar -zxvf opennebula-3.8.3.tar.gz
[oneadmin@Master ~]$ cd opennebula-3.8.3
[oneadmin@Master opennebula-3.8.3]$ scons sqlite=no mysql=yes /*默认Opennebula使用sqlite数据库*/
[oneadmin@Master opennebula-3.8.3]$ ./install.sh -u oneadmin -g cloud -d /srv/cloud/one
[oneadmin@Master opennebula-3.8.3]$ cd
[oneadmin@Master ~]$
11.设置.bash_profile环境变量
[oneadmin@Master ~]$ vi ~/.bash_profile
加入如下内容:
export ONE_LOCATION=/srv/cloud/one
export ONE_AUTH=$ONE_LOCATION/.one/one_auth
export ONE_XMLRPC=http://localhost:2633/RPC2
export PATH=$ONE_LOCATION/bin:/usr/local/bin:/var/lib/gems/1.8/bin/:$PATH
执行.bash_profile,使得这些环境变量生效:
[oneadmin@Master ~]$ source ~/.bash_profile
12.设置OpenNebula的用户名和密码
编辑~/.one/one_auth
[oneadmin@Master ~]$ mkdir ~/.one
[oneadmin@Master ~]$ echo "oneadmin:chensh" > ~/.one/one_auth
[oneadmin@Master ~]$ chmod 640 ~/.one/one_auth
13.设置OpenNebula使用的数据库参数
编辑~/etc/oned.conf
[oneadmin@Master ~]$ vi etc/oned.conf
# DB = [ backend = "sqlite" ]
# Sample configuration for MySQL
DB = [ backend = "mysql",
server = "localhost",
port = 0,
user = "oneadmin",
passwd = "oneadmin",
db_name = "opennebula" ]
14.启动OpenNebula服务
[oneadmin@Master ~]$ one start
15.检查one命令功能是否正常
[oneadmin@Master ~]$ onehost list
ID NAME CLUSTER RVM TCPU FCPU ACPU TMEM FMEM AMEM STAT
[oneadmin@Master ~]$ onevm list
ID USER GROUP NAME STAT UCPU UMEM HOST TIME
[oneadmin@Master ~]$ exit
三、管理节点Sunstone的安装配置
1.安装SunStone依赖的软件包
[root@Master ~]# gem install rake json sequel sinatra sinatra-sequel sqlite3 mysql curb nokogiri xmlparser thin json rails amazon-ec2 uuidtools net-ldap
2.修改sunstone-server.conf配置
[root@Master ~]# su - oneadmin
[oneadmin@Master ~]$ vi etc/sunstone-server.conf
将原有:host: 127.0.0.1中IP字段修改为本机IP:
:host: 192.168.220.190
保存退出。
3.安装VNC服务
[root@Master ~]# su - oneadmin
[oneadmin@Master ~]$ ./share/install_novnc.sh
4.中文语言包安装
[oneadmin@Master ~]$ wget http://www.qyjohn.net/wp-content/uploads/2012/12/Chinese_zh_CN.tar
[oneadmin@Master ~]$ tar -xvf Chinese_zh_CN.tar
[oneadmin@Master ~]$ cd Chinese_zh_CN
[oneadmin@Master Chinese_zh_CN]$ ls
OCCI readme.txt SunStone
[oneadmin@MasterChinese_zh_CN]$ cp -r SunStone/zh_CN /srv/cloud/one/lib/sunstone/public/locale
[oneadmin@MasterChinese_zh_CN]$ cp SunStone/config-tab.js /srv/cloud/one/lib/sunstone/public/js/plugins
[oneadmin@MasterChinese_zh_CN]$ cp -r OCCI/zh_CN /srv/cloud/one/lib/ruby/cloud/occi/ui/public/locale
[oneadmin@MasterChinese_zh_CN]$ cp OCCI/configuration.js /srv/cloud/one/lib/ruby/cloud/occi/ui/public/js/plugins
5.启动Sunstone服务
[oneadmin@Master ~]$ sunstone-server start
查看var/sunstone.log,找到SunStone所使用的默认端口号,一般是9869。
6.WEB访问Sunstone
通过谷歌或火狐浏览器访问http://192.168.220.190:9869/,用户名和密码为OpenNebula账户信息,本例为用户名:oneadmin,密码:chensh。登录进入SunStone之后,可以查看和设置计算节点、虚拟机、网络、模板、映像、用户、群组、权限。以及统计监控信息。
四、计算节点安装配置
1.设置桥接网络
(1).编辑/etc/sysconfig/network内容如下:
[root@node01 ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node01
GATEWAY=br0
(2).编辑/etc/sysconfig/network-scripts/ifcfg-eth0内容如下,HWADDR可注释掉:
[root@node01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
ONBOOT=yes
BRIDGE=br0
HWADDR=00:0C:29:ED:3D:46
(3).创建ifcfg-br0文件,内容如下:
[root@node01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
BOOTPROTO=static
ONBOOT=yes
TYPE=Bridge
IPADDR=192.168.220.191
NETMASK=255.255.255.0
GATEWAY=192.168.220.2
BROADCAST=192.168.220.255
DELAY=0
(4).重启网络服务:
[root@node01 ~]# service network restart
(5).查看网桥接口:
[root@node01 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c29ed3d46 no eth0
virbr0 8000.525400eeaa17 yes virbr0-nic
(6).查看br0接口IP:
[root@node01 ~]# ip addr show br0
7: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:0c:29:ed:3d:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.220.191/24 brd 192.168.220.255 scope global br0
inet6 fe80::20c:29ff:feed:3d46/64 scope link
valid_lft forever preferred_lft forever
(7).查看路由是否正确:
[root@node01 ~]# ip route
192.168.220.0/24 dev br0 proto kernel scope link src 192.168.220.191
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
169.254.0.0/16 dev br0 scope link metric 1007
default via 192.168.220.2 dev br0
(8).ping外网地址测试连通性:
[root@node01 ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data.
64 bytes from 61.135.169.125: icmp_seq=1 ttl=128 time=62.2 ms
64 bytes from 61.135.169.125: icmp_seq=2 ttl=128 time=46.2 ms
2.配置hosts文件
编辑/etc/hosts文件,将管理节点和计算节点IP主机名的对应关系加入其中
[root@node01 ~]# vi /etc/hosts
192.168.220.190 master
192.168.220.191 node01
3.关闭selinux和iptables
[root@node01 ~]# vi /etc/selinux/config
SELINUX=disabled
[root@node01 ~]# iptables –F
[root@node01 ~]# service iptables stop
[root@node01 ~]# chkconfig iptables off
[root@node01 ~]# reboot
4.安装计算节点依赖的软件包
[root@node01 ~]# yum -y install gcc gcc-c++ kvm libvirt python-virtinst ruby ruby-devel ruby-docs ruby-ri flex bison xmlrpc-c-devel libxslt-devel
5.配置NFS客户端
编辑/etc/fstab,配置NFS客户端:(OpenNebula管理节点的IP是192.168.220.190)
[root@node01 ~]# vi /etc/fstab
192.168.220.190:/srv/cloud /srv/cloud nfs defaults 0 0
6.创建NFS挂载目录
[root@node01 ~]# mkdir -p /srv/cloud
7.创建cloud组和oneadmin用户
[root@node01 ~]# groupadd -g 10000 cloud
[root@node01 ~]# useradd -u 10000 -g cloud -m oneadmin -s /bin/bash
[root@node01 ~]# usermod -d /srv/cloud/one oneadmin
[root@node01 ~]# passwd oneadmin
[root@node01 ~]# chown oneadmin:cloud /srv/cloud/
8.挂载NFS文件系统
[root@node01 ~]# mount master:/srv/cloud /srv/cloud
9.配置libvirtd
编辑/etc/libvirt/libvirtd.conf配置libvirt,将操作权限授予给cloud组,并将listen_tcp = 1、unix_sock_rw_perms、auth_unix_ro、auth_unix_rw的“#”注释去掉。
[root@node01 ~]# vi /etc/libvirt/libvirtd.conf
listen_tcp = 1
unix_sock_group = "cloud"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
编辑/etc/libvirt/qemu.conf,设置VNC:
[root@node01 ~]# vi /etc/libvirt/qemu.conf
vnc_listen = “0.0.0.0″
user = "oneadmin" /*oneadmin用户管理虚拟机*/
group = "cloud"
dynamic_ownership = 0 /*禁止虚拟镜像动态调整所有权限*/
[root@node01 ~]# ln -s /usr/libexec/qemu-kvm /usr/bin/kvm
重启libvirtd服务
[root@node01 ~]# /etc/init.d/libvirtd restart
[root@node01 ~]# chown oneadmin:cloud /var/run/libvirt/libvirt-sock
五、管理端添加计算节点
可以通过基于WEB界面的SunStone添加计算节点,也可以在管理节点通过命令行添加计算节点,下面是命令行添加计算节点的方法:
[oneadmin@Master ~]$ onehost create node01 --im im_kvm --vm vmm_kvm --net tm_shared
ID: 0
[oneadmin@Master ~]$ onehost list
ID NAME CLUSTER RVM TCPU FCPU ACPU TMEM FMEM AMEM STAT
0 node01 - 0 200 200 200 992.8M 881.7M 992.8M on
[oneadmin@Master ~]$
六、创建KVM虚拟机:
1.下载虚拟机模板
[oneadmin@Master ~]$ mkdir ~/one-templates
[oneadmin@Master ~]$ cd ~/one-templates
[oneadmin@Master one-templates]$ wget http://dev.opennebula.org/attachments/download/170/ttylinux.tar.gz
[oneadmin@Master one-templates]$ tar –zxvf ttylinux.tar.gz
[oneadmin@Master one-templates]$ ls
init.sh small_network.net ttylinux.img ttylinux.one ttylinux.tar.gz
2.定义虚拟网络
编辑small_network.net
[oneadmin@Master one-templates]$ vi small_network.net
NAME = “Small Network”
TYPE = FIXED
BRIDGE = br0
LEASES = [ IP="192.168.10.5"]
LEASES = [ IP="192.168.10.6"]
LEASES = [ IP="192.168.10.7"]
LEASES = [ IP="192.168.10.8"]
LEASES = [ IP="192.168.10.9"]
3.创建一个网络
[oneadmin@Master one-templates]$ onevnet create small_network.net
ID: 0
列出所有网络:
[oneadmin@Master one-templates]$ onevnet list
ID USER GROUP NAME CLUSTER TYPE BRIDGE LEASES
0 oneadmin cloud Small network - F br0 0
4.修改虚拟机参数
编辑ttylinux.one,修改虚拟机参数:
[oneadmin@Master one-templates]$ vi ttylinux.one
NAME = ttylinux
CPU = 0.1
MEMORY = 64
DISK = [
source = "/srv/cloud/one/one-templates/ttylinux.img",
target = "hda",
readonly = "no" ]
NIC = [ NETWORK = "Small network" ]
FEATURES=[ acpi="no" ]
#CONTEXT = [
# hostname = "$NAME",
# ip_public = "PUBLIC_IP",
# files = "/path/to/init.sh /path/to/id_dsa.pub",
# target = "hdc",
# root_pubkey = "id_dsa.pub",
# username = "opennebula",
# user_pubkey = "id_dsa.pub"
#]
"ttylinux.one" 25L, 534C 已写入
5.创建KVM虚拟机
[oneadmin@Master one-templates]$ onevm create ttylinux.one
*本次只是实验,虚拟机做计算节点创建虚拟机后无法运行,状态会由INIT-Faild,原因是虚拟机的VCPU已经不再支持虚拟化,如果条件允许请用物理服务器作为计算节点安装测试。
*************************************************************************************************************
问题:
问题1:
Sun Jan 6 14:50:41 2013 [VMM][I]: /usr/lib/ruby/1.8/open3.rb:73: warning: Insecure world writable dir /srv/cloud in PATH, mode 040777
分析:
这是由于other用户对/srv/cloud目录具有写权限,存在潜在的安全性问题,所有ruby告警;
解决办法:
chmod o-w /srv/cloud
*************************************************************************************************************
问题2:
1 error: Failed to connect socket to '/usr/local/var/run/libvirt/libvirt-sock': No such file or directory
做个链接:
ln -s /var/run/libvirt/libvirt-sock /usr/local/var/run/libvirt/libvirt-sock
2 libvirt: Remote error : unable to connect to '/usr/local/var/run/libvirt/libvirt-sock-ro': No such file or directory”
再做个链接:
ln -s /var/run/libvirt/libvirt-sock-ro /usr/local/var/run/libvirt/libvirt-sock-ro
************************************************************************************************************