Installation Guide for Eucalyptus v0.0 based on Rocks V
Summary ¶
- Satisfy pre-requisites for Eucalyptus installation
- Rocks version V with Java and Xen
- Prepare Rocks for Eucalyptus installation
- Install and enable Eucalyptus roll
- Installation of Eucalyptus on nodes
- Reboot or add new nodes using Eucalyptus Roll
- Installation of Eucalyptus on the Front-end
- Bootstrapping Eucalyptus
- Install and Register a sample VM image
- Enable user sign-up
- Using Eucalyptus for the first time
- Generate keys
- Get EC2 tools
- Set up environment
- EC2 tools quick-start
- User Sign-up
1 - Satisfy pre-requisites for Eucalyptus installation ¶
Eucalyptus 1.0 minimally requires a freshly installed Rocks V front-end system that has been configured to include the Java and Xen Rocks Rolls. It is not necessary to have any compute nodes configured, but if compute nodes are configured they can be re-targeted as Eucalyptus nodes. Once the front-end is up and running, we need to download the Eucalyptus Rocks Roll ISO image and place it on the front end.
Choose either the 64-bit roll:
$ wget http://eucalyptus.cs.ucsb.edu/releases/eucalyptus-5.0-0.x86_64.disk1.iso
Or the 32-bit roll:
$ wget http://eucalyptus.cs.ucsb.edu/releases/eucalyptus-5.0-0.i386.disk1.iso
2 - Prepare Rocks for Eucalyptus installation ¶
Install the Eucalyptus Roll and enable it for deployment on the cluster boot nodes.
# rocks add roll clean=1 /path/to/eucalyptus-5.0-0.*.disk1.iso (warning: don't use a ../ path!) # rocks enable roll eucalyptus # cd /home/install && rocks-dist dist # rocks list roll
The output of the last command should include a line indicating that the eucalyptus roll is installed and enabled. It should also list "java" and "xen" rolls.
3 - Installation of Eucalyptus on nodes ¶
With the rocks roll now installed and enabled on the front-end, we can now start booting or rebooting nodes and instructing the system to rebuild them with eucalyptus installed and running, using standard "rocks" tools.
- OPTION 1: If you don't have all the compute nodes that you would like to use with Eucalyptus, run the following command on the front-end to add more of them:
# insert-ethers
At the prompt, select 'VM Container' and wait for the next screen. At this point, the front-end is waiting for nodes to boot. Boot your nodes, and wait for their MAC addresses to appear in the insert-ethers window.
- OPTION 2: If you have all the nodes that you want to use with Eucalyptus already registered in your system, perform the following command to re-target them for use with Eucalyptus:
# rocks set host pxeboot vm-container-0-0 action=install # rocks set host pxeboot vm-container-0-1 action=install ... (repeat this for each node you want to use with Eucalyptus)
When done, reboot your nodes (e.g., by logging in with ssh into them and running "reboot").
# ssh vc-0-0 reboot # ssh vc-0-1 reboot ...
With either option, the Eucalyptus Roll is being installed on your nodes as they boot. When the installation process is complete, your nodes will reboot (for the second time). At this point, the nodes are fully configured with the Eucalyptus node controller software running.
4 - Installation of Eucalyptus on the Front-end ¶
As soon as all nodes have rebooted for the first time, you may proceed with front-end software installation on the Rocks front end (otherwise, you'll have to add the nodes "manually" later):
# kroll eucalyptus | sh
If you get problems with ssh and rsync connecting to compute nodes, then you ran the command too early. That is OK, but you will have to propagate the keys to those nodes manually:
# /opt/eucalyptus-1.0/usr/sbin/euca_sync_key
If this command also prints out connection errors, the nodes have not all rebooted, yet. Try again in a bit. (Incidentally, if you want to add more nodes into the Eucalyptus cloud later, you would have to add their host names to the NODES= in /etc/default/eucalyptus and re-run euca_sync_key.)
When this is complete (or when you have enough nodes that are working), the Eucalyptus system is fully installed and is ready to use once some first-time administrative tasks are complete.
5 - Bootstrapping Eucalyptus ¶
Before using Eucalyptus, we need to install at least one runnable VM image that users can select. We have provided a small, simple version of linux that you can use to test. Download the image and place it on the front-end:
$ cd $ wget http://eucalyptus.cs.ucsb.edu/downloads/euca-ttylinux.tgz $ tar zxvf euca-ttylinux.tgz
Untar the image, cd to the directory 'ttylinux', and perform the following command to add and register the image with eucalyptus:
$ cd ttylinux # /opt/eucalyptus-1.0/usr/sbin/euca add_image \ --disk-image ttylinux.img \ --kernel-image vmlinuz-2.6.16.33-xen \ --image-name ttylinux
Note that the ttylinux image that we've just installed is a typical xen image, which includes a disk image (ttylinux.img) and a kernel (vmlinuz-2.6.16.33-xen). At this point, you may add addition xen images that you may have already installed or available. The 'euca' command supports other image addition features, including the installation of a ramdisk if your image requires one (see the 'euca --man' output for more information).
Once an image is registered, we need to log in to the Eucalyptus administrative web-site to allow users to start signing up to use the system. Direct your browser at the following location:
Your browser will flag the Web site as one using an untrusted (self-signed) certificate. Accept it.
You will be presented with a login screen, at which point you can log in using the username 'admin' and password 'admin'. The first time you log in, the system will require you to change your password and enter a valid administrator email address. This address will be used whenever a new user requests an account on your Eucalyptus system.
6 - Using Eucalyptus for the first time ¶
Now that you've bootstrapped eucalyptus, the system is ready for users to sign up and start using your cloud (see the section on User Signup below for more information on that). As administrator, you may interact with the system in precisely the same manner as your users, with the exception that your keys will allow you to inspect and terminate all instances running on the system, regardless of which user owns them.
The first step is to generate your eucalyptus keys. Once you have logged in as user 'admin' the the Eucalyptus web-page:
You will see a button entitled 'Generate Certificate'. Click this to download your admin key-pair. You can keep these keys in a secure place on any host. The following instructions apply to any Unix-flavored machine, not necessarily the cluster where Eucalyptus was installed. Unzip the keys using the following command:
$ unzip name-of-the-key-zip.zip
The zip-file contains two files with the .pem extension; these are your public and private keys. Place these keys in a secure location:
$ mkdir ~/.euca $ mv euca2-admin*.pem ~/.euca $ chmod 0700 ~/.euca $ chmod 0600 ~/.euca/*.pem
Next, we need to download the EC2 command-line tools from Amazon:
$ wget http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip $ unzip ec2-api-tools.zip
Once you have unzipped the tools, we must set up your environment by setting the following environment variables:
$ export EC2_HOME=/path/to/installed/ec2-commandline-tools $ export PATH=$PATH:$EC2_HOME/bin $ export EC2_URL=http://your.front.end.hostname:8773/services/Eucalyptus $ export EC2_PRIVATE_KEY=~/.euca/euca2-admin-*-pk.pem $ export EC2_CERT=~/.euca/euca2-admin-*-cert.pem
Now, we ready to start using the tools. To test if your cloud is up and running, execute the following EC2 command:
$EC2_HOME/bin/ec2-describe-availability-zones (You might want to add $EC2_HOME/bin to your path.)
In the output of the above command, you should see your front-end hostname displayed along with the status of 'UP' and a short description of how many 'small' instance types your cloud can execute (002/002 means 2 available out of 2 total).
7 - EC2 tools quick-start ¶
Now we can begin running VM instances on your Eucalyptus cloud. Using the EC2 command-line tools, we can look at installed images, execute instances of those images, describe the running instances and terminate them when we're finished using them. The following EC2 commands are used to control your instances:
$ ec2-describe-images IMAGE <emi-id> ... $ ec2-describe-instances (will be empty until you start an instance) $ ec2-add-keypair <keyname> KEYPAIR keyname ... -----BEGIN RSA PRIVATE KEY----- <key contents> -----END RSA PRIVATE KEY----- $ cat >keyname.private [paste the key contents, including BEGIN and END lines, printed out by the command] $ chmod 0600 keyname.private $ ec2-run-instances <emi-id> -k <keyname> -n <number of instances to start> $ ec2-describe-instances (should now show the instance)
Once the instance is shown as 'Running', it will also show two IP addresses assigned to it. You may log into it with the SSH key that you created:
$ ssh -i keyname.private root@one-of-the-ip-addresses
Alternatively, you can log into the 'ttylinux' instance that we provided with login 'root' and password 'root'.
$ ec2-terminate-instances <emi-id1> <emi-id2> ... <emi-idn>
8 - User Sign-up ¶
Instructions in sections 6 and 7 apply to regular users, as well. Users interested in joining the cloud should be directed to the front-end Web page:
As soon as the administrator logs in for the first time, the login box will have an "Apply for account" link underneath it. After a user fills out the form the email is sent to the administrator, containing two URLs, one for accepting and one for rejecting the user.
Note that there is no authentication performed on the people who fill out the form. Is up to the administrator to perform this authentication! The only "guarantee" the administrator has is that the account will not be active unless the person who requested the account (and, hence, knows the password) can read email at the submitted address. Therefore, if the administrator is willing to give the account to the person behind the email address, it is safe to approve the account. Otherwise, the administrator may use the additional information submitted (such as the telephone number, project PI, etc.) to make the decision.
Accepting or rejecting a signup request causes an email message to be sent to the user who made the request. In the case of an acceptance notification, the user will see a link for activating the account. Before activating the account, the user will have to log in with the username and password that they chose at signup.