Cloudstack 的搭建

Note: 关闭了NFS Storage 的防火墙 service iptables stop

1. 新创建的Linux没有获取IP;

vi /etc/sysconfig/network-script/ifcfg-eth0

修改 ONBOOT="yes"

增加 BOOTPROTO="dhcp"

2. 通过命令 "hostname --fqdn"查看FQDN， 如果不能返回值，

vi /etc/hosts

增加 ip fqdn hostname

3. 查看selinux状态 

/usr/sbin/sestatus -v  或 sestatus

得确定selinux状态为disable 或 permissive

Set the SELINUX variable in /etc/selinux/config to "permissive". This ensures that the

permissive setting will be maintained after a system reboot.

Then set SELinux to permissive starting immediately, without requiring a system reboot.

增加 setenforce 0

4. 配置本地yum源

加载光盘系统文件到本地 mount /dev/cdrom /media

Create a repo file at /etc/yum.repos.d/rhel6.repo. In the file, insert the following lines:

[rhel]

name=rhel6

baseurl=file:///media

enabled=1

gpgcheck=0

5. 安装ntp服务

yum install ntp

Edit the NTP configuration file to point to your NTP server.

# vi /etc/ntp.conf

Add one or more server lines in this file with the names of the NTP servers you want to use.

For example:

server 0.xenserver.pool.ntp.org

server 1.xenserver.pool.ntp.org

server 2.xenserver.pool.ntp.org

server 3.xenserver.pool.ntp.org

Restart the NTP client.

# service ntpd restart

Make sure NTP will start again upon reboot.

# chkconfig ntpd on

6. 安装ManagementServer

1. Download the CloudStack Management Server onto the host where it will run. Get the software

from the following link.

https://www.citrix.com/English/ss/downloads/.

2. Install the CloudStack packages. You should have a file in the form of "CloudStack-VERSION-NOSVERSION.

tar.gz". Untar the file and then run the install.sh script inside it. Replace the file and

directory names below with those you are using:

# tar xzf CloudStack-VERSION-N-OSVERSION.tar.gz

# cd CloudStack-VERSION-N-OSVERSION

# ./install.sh

You should see a few messages as the installer prepares, followed by a list of choices.

3. Choose M to install the Management Server software.

> M

4. When the installation is finished, run the following commands to start essential services:

# service rpcbind start

# service nfs start

# chkconfig nfs on

# chkconfig rpcbind on

7. Install and Configure the Database

1. If you already have a version of MySQL installed on the Management Server node, make one of

the following choices, depending on what version of MySQL it is. The most recent version tested is

5.1.58.

• If you already have installed MySQL version 5.1.58 or later, skip to step 4.

• If you have installed a version of MySQL earlier than 5.1.58, you can either skip to step 4 or

uninstall MySQL and proceed to step 2 to install a more recent version.

Warning

It is important that you choose the right database version. Never downgrade a MySQL

installation.

2. On the same computer where you installed the Management Server, re-run install.sh.

# ./install.sh

You should see a few messages as the installer prepares, followed by a list of choices.

3. Choose D to install the MySQL server from the distribution's repo.

> D

Troubleshooting: If you do not see the D option, you already have MySQL installed. Please go

back to step 1.

4. Edit the MySQL configuration (/etc/my.cnf or /etc/mysql/my.cnf, depending on your OS) and

insert the following lines in the [mysqld] section. You can put these lines below the datadir line.

The max_connections parameter should be set to 350 multiplied by the number of Management

Servers you are deploying. This example assumes one Management Server.

innodb_rollback_on_timeout=1

innodb_lock_wait_timeout=600

max_connections=350

log-bin=mysql-bin

binlog-format = 'ROW'

5. Restart the MySQL service, then invoke MySQL as the root user.

# service mysqld restart

# mysql -u root

6. Best Practice: MySQL does not set a root password by default. It is very strongly recommended

that you set a root password as a security precaution. Run the following commands, and

substitute your own desired root password.

mysql> SET PASSWORD = PASSWORD('password');

From now on, start MySQL with mysql -p so it will prompt you for the password.

7. To grant access privileges to remote users, perform the following steps.

a. Run the following commands from the mysql prompt:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;

mysql> exit

b. Restart the MySQL service.

# service mysqld restart

c. Open the MySQL server port (3306) in the firewall to allow remote clients to connect.

# iptables -I INPUT -p tcp --dport 3306 -j ACCEPT

d. Edit the /etc/sysconfig/iptables file and add the following line at the beginning of the INPUT

chain.

-A INPUT -p tcp --dport 3306 -j ACCEPT

8. Set up the database. The following command creates the cloud user on the database.

• In dbpassword, specify the password to be assigned to the cloud user. You can choose to

provide no password.

• In deploy-as, specify the username and password of the user deploying the database. In the

following command, it is assumed the root user is deploying the database and creating the

cloud user.

• (Optional) For encryption_type, use file or web to indicate the technique used to pass in the

database encryption password. Default: file. See About Password and Key Encryption.

• (Optional) For management_server_key, substitute the default key that is used to encrypt

confidential parameters in the CloudPlatform properties file. Default: password. It is highly

recommended that you replace this with a more secure value. See About Password and Key

Encryption.

• (Optional) For database_key, substitute the default key that is used to encrypt confidential

parameters in the CloudPlatform database. Default: password. It is highly recommended that

you replace this with a more secure value. See About Password and Key Encryption.

# cloudstack-setup-databases cloud:<dbpassword>@localhost --deploy-as=root:<password> -e

<encryption_type> -m <management_server_key> -k <database_key>

9. Now that the database is set up, you can finish configuring the OS for the Management Server.

This command will set up iptables, sudoers, and start the Management Server.

# cloudstack-setup-management

7. Deploy a Separate NFS Server （最简单的方法，不要设置防火墙的相关信息，直接关闭防火墙 service iptables stop）

1. On the storage server, create an NFS share for secondary storage and, if you are using NFS for

primary storage as well, create a second NFS share. For example:

# mkdir -p /export/primary

# mkdir -p /export/secondary

2. To configure the new directories as NFS exports, edit /etc/exports. Export the NFS share(s) with

rw,async,no_root_squash. For example:

# vi /etc/exports

Insert the following line.

/export *(rw,async,no_root_squash)

3. Export the /export directory.

# exportfs -a

4. On the management server, create a mount point for secondary storage. For example:

# mkdir -p /mnt/secondary

5. Mount the secondary storage on your Management Server. Replace the example NFS server

name and NFS share paths below with your own.

# mount -t nfs nfsservername:/nfs/share/secondary /mnt/secondary

Edit the /etc/sysconfig/nfs file.

# vi /etc/sysconfig/nfs

Uncomment the following lines:

LOCKD_TCPPORT=32803

LOCKD_UDPPORT=32769

MOUNTD_PORT=892

RQUOTAD_PORT=875

STATD_PORT=662

STATD_OUTGOING_PORT=2020

Edit the /etc/sysconfig/iptables file.

# vi /etc/sysconfig/iptables

Add the following lines at the beginning of the INPUT chain:

-A INPUT -m state --state NEW -p udp --dport 111 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT

-A INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT

-A INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT

-A INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT

-A INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT

Run the following commands:

# service iptables restart

# service iptables save

9. Prepare the System VM Template

1. On the Management Server, run one or more of the following cloud-install-sys-tmplt commands

to retrieve and decompress the system VM template. Run the command for each hypervisor type

that you expect end users to run in this Zone.

If your secondary storage mount point is not named /mnt/secondary, substitute your own mount

point name.

If you set the CloudPlatform database encryption type to "web" when you set up the database, you

must now add the parameter -s <management-server-secret-key>. See About Password and Key

Encryption.

This process will require approximately 5 GB of free space on the local file system and up to 30

minutes each time it runs.

• For XenServer:

# /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /

mnt/secondary -u http://download.cloud.com/templates/4.2/systemvmtemplate-2013-07-12-

master-xen.vhd.bz2 -h xenserver -s <optional-management-server-secret-key> -F

• For vSphere:

# /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /

mnt/secondary -u http://download.cloud.com/templates/4.2/systemvmtemplate-4.2-vh7.ova -

h vmware -s <optional-management-server-secret-key> -F

• For KVM:

# /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /

mnt/secondary -u http://download.cloud.com/templates/4.2/systemvmtemplate-2013-06-12-

master-kvm.qcow2.bz2 -h kvm -s <optional-management-server-secret-key> -F

2. If you are using a separate NFS server, perform this step. If you are using the Management

Server as the NFS server, you MUST NOT perform this step.

Chapter 5. Installation

62

When the script has finished, unmount secondary storage and remove the created directory.

# umount /mnt/secondary

# rmdir /mnt/secondary

3. Repeat these steps for each secondary storage server.