% % OpenNebula.tex % % Fork Sand IT Manual % % Copyright (C) 2018, Fork Sand, Inc. % Copyright (C) 2017, Jeff Moe % Copyright (C) 2017 Aleph Objects, Inc. % % This document is licensed under the Creative Commons Attribution 4.0 % International Public License (CC BY-SA 4.0) by Fork Sand, Inc. % % XXX TODO: opennebula-sunstone-login.png \section{Overview} OpenNebula is a virtual machine manager. The private cloud deployment will be based on OpenNebula version 5.4, which is currently in beta. There are only Debian 8 (Jessie, oldstable) releases. Debian hasn't packaged OpenNebula since wheezy. It has it in sid, but even that is an old version. The only packages available for Debian are the upstream ones for Jessie made by OpenNebula. UPDATE: although it isn't listed on their website, it does appear their are Debian 9 (Stretch) builds of OpenNebula for the betas of the forthcoming 5.4 version, which is great. Documentation: \url{https://docs.opennebula.org/5.4/} \begin{figure}[h!] \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-opennebula.png} \caption{OpenNebula Website} \label{fig:www-opennebula} \end{figure} \begin{itemize} \item Website: \\ \url{https://opennebula.org/} \item Debian Stretch Repo: \\ \url{http://downloads.opennebula.org/repo/5.4/Debian/9/pool/opennebula/} \end{itemize} The following servers will be deployed to host OpenNebula and the KVMs: \begin{itemize} \item \texttt{waz-kvm-001.forksand.com} --- Virtual Machine Server 1 \item \texttt{waz-kvm-002.forksand.com} --- Virtual Machine Server 2 \item \texttt{waz-kvm-003.forksand.com} --- Virtual Machine Server 3 \item \texttt{waz-kvm-004.forksand.com} --- Virtual Machine Server 4 \item \texttt{waz-kvm-005.forksand.com} --- Virtual Machine Server 5 \item \texttt{waz-sun-001.forksand.com} --- OpenNebula Sunstone Web GUI 1 \item \texttt{waz-sun-002.forksand.com} --- OpenNebula Sunstone Web GUI 2 \end{itemize} \subsection{Virtual Machine Servers} KVM virtual machine servers. Fast CPU, with lots of RAM. Uses Ceph to store virtual images. \subsection{Sunstone Web GUI Servers} Sunstone is OpenNebula's Web GUI for administration of the cluster. \begin{figure}[h!] \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{opennebula-sunstone.png} \caption{OpenNebula Sunstone Web Admin GUI} \label{fig:opennebula-sunstone} \end{figure} \begin{minted}{sh} wget -q -O- https://downloads.opennebula.org/repo/repo.key | apt-key add - echo "deb http://downloads.opennebula.org/repo/5.4/Debian/9 stable opennebula" > /etc/apt/sources.list.d/opennebula.list apt update apt -y install opennebula-node service libvirtd restart \end{minted} \section{Bugs} Things that are bugs or at least aren't configured correctly. \section{Sunstone Configuration} At this point, you should have the OpenNebula Sunstone server up and running. See scripts in \texttt{source/resources/ns24} for automation. \begin{enumerate} \item Set up ssh tunnel (use Sunstone server name for ns24): Code: \\ \texttt{ssh -N -C -L 9869:localhost:9869 ns24} \item In workstation, open browser to url: URL: \\ \url{http://localhost:9869/} Info: \\ This goes through the encrypted SSH tunnel, but doesn't use https. \item Click \texttt{OpenNebula} in the upper right to get the full web console. \item Click \texttt{Infrastructure}. \item Click \texttt{Hosts}. \item Click The \texttt{+} plus icon. \item Enter the hostname of the KVM server you want to use, such as the Sunstone server itself. \texttt{Type: KVM} \texttt{Hostname: ns24} \item Click \texttt{Create}. \item Repeatedly hit the reload button that's the two arrows in a circle, as it goes thru stages of setup, starting at \texttt{INIT}. \item Confirm status is \texttt{ON}. \end{enumerate} \section{Sunstone Deploy Image} This is a quick and dirty way to deploy a first test image. NOTE: It is note privacy aware, as it pulls the image from the OpenNebula ``store''. How to deploy an image from the OpenNebula App store: \begin{enumerate} \item Click \texttt{Storage}. \item Click \texttt{Apps} \item Click \texttt{Debian 9 - KVM}. \item Click on the icon that is a cloud with an arrow in it. This downloads it to OpenNebula. \item Select a datastore by clicking the \texttt{default} line. \item Leave name and all that the same, and click \texttt{Download}. \item Click \texttt{Images} under \texttt{Storage} in the left column. \item Hit the refresh icon repeatedly. \item When \texttt{Status} is \texttt{READY}, it is good to go. \item Click \texttt{Templates} in the left column. \item Click \texttt{VMs}. \item Click \texttt{Debian 9 - KVM}. \item Click \texttt{Instantiate}. \item \texttt{VM Name} enter \texttt{deb9}. \item \texttt{Number of instances} enter \texttt{1}. \item \texttt{Memory} enter \texttt{768}. \item \texttt{CPU} enter \texttt{1}. \item Click the slider to \texttt{Instantiate as persistent}. \item Click \texttt{Instantiate}. \item Click \texttt{Instances} in the left column. \item Click \texttt{VMs}. \item Click the reload icon, repeat. \item It is good when \texttt{Status} is \texttt{RUNNING}. \item Set up an \texttt{ssh} tunnel so VNC can be used: \texttt{ssh -N -C -L 29876:localhost:29876 ns24} \item Click on the little monitor icon to launch VNC. \item Look at booted up screen at \texttt{login:} prompt. \item This means a Debian KVM booted up and the VNC is working. There is no password for the \texttt{root} account, only \texttt{ssh} is available. So without network setup, you can't really do anything with this image. Booted, it just shows it works. \end{enumerate} I think delete this section, it would go before the \texttt{Templates} above.: \begin{enumerate} \item Click \texttt{Debian 9 - KVM}. \item PROBABLY NO: Click \texttt{Clone} to make a local copy. \item PROBABLY NO: It will say \texttt{Copy of Debian 9 - KVM}, leave as-is, click \texttt{Clone}. \item Click on the icon with three dots. \item Click \texttt{Make Persistent}. \item Click on the icon with three dots. \item Click \texttt{Enable}. \end{enumerate} \section{OpenNebula Networking} XXX Yes, this part needs set up... \begin{minted}{sh} # /etc/network/interfaces bridge section, add this: auto br0 iface br0 inet static bridge_ports eth0 bridge_fd 0 address 192.168.100.1 netmask 255.255.255.0 network 192.168.100.0 broadcast 192.168.100.255 gateway 192.168.100.1 dns-nameservers 37.235.1.174 dns-search forksand.com \end{minted} As user \texttt{jebba}, on the server, run this to generate a key. Then paste that key into Sunstone under "SSH Public Key". \begin{minted}{sh} ssh-keygen -t ed25519 \end{minted} \begin{minted}{sh} # XXX test. Use this IP and interface, so no 192.168.0.0 but real IPs. # Comment this out: auto eth0:27 iface eth0:27 inet static address 174.128.229.158 netmask 255.255.255.224 gateway 174.128.229.129 \end{minted} XXX Check if IP forwarding is needed in \texttt{/etc/sysctl.conf}. If things are set up to use a bridge and 192.168.100.100, \texttt{iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE} Will bring things up to NAT. XXX The port forwarding is forwarding all port 53 to guest at the moment.