Embed Size (px)
Citation preview
Managing OpenVZ/Xen with HyperVM on CentOS 5.5 HyperVM is a multi-platform, multi-tiered, multi-server, multi-virtualization web based application that will allow you to create and manage different virtual machines each based on different technologies across machines and platforms. Currently it supports OpenVZ and Xen virtualization and is available for RHEL 4/5 as well as CentOS 4 and CentOS 5. This tutorial shows how to install it on a CentOS 5 server to control OpenVZ/Xen containers. 1. Preliminary Note Servers to be used: - Three (3) empty Centos 5.5 servers. 1 for the master and 2 for slave. - For OpenVZ driver, build the server with default partition. - For Xen driver, create an empty LVM for the Xen private virtual servers. Master – procyon.eglobalreach.net (114.198.129.11) Slave1 – hadar.eglobalreach.net (114.198.129.12) Slave2 – altair.eglobalreach.net (114.198.129.13) For Xen drivers, additional procedure is on number 6. The slave is needed only if you want to control OpenVZ/Xen containers on remote servers with HyperVM.
License in term of number of Virtual Private Servers (VPSes) should be registered on the client login page in http://client.lxlabs.com:5557 Registered user for NOC is gr/gr2k10! 2. Installing A HyperVM Master Master: - The HyperVM master allows you to control OpenVZ/Xen containers on the master itself and on slave
machines. Even if you don't want to run slave machines, you need a master.
2.1. Disable SELinux. Open /etc/sysconfig/selinux. - vi /etc/sysconfig/selinux and set SELINUX to disabled.
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
2.2. Run setenforce 0, then reboot. 2.3. Install HyperVM using these next lines.
- wget http://download.lxlabs.com/download/hypervm/production/hypervm-install-master.sh - sh ./hypervm-install-master.sh --virtualization-type=openvz ( for OpenVZ containers) or - sh ./hypervm-install-master.sh --virtualization-type=xen ( for Xen containers)
This will take quite some time as this also installs OpenVZ/Xen and some OpenVZ/Xen templates, so be patient. At the end, you should see something like this:
Downloaded: 7 files, 1.4G in 51m 21s (485 KB/s) Executing Update Cleanup... Will take a long time to finish.... Congratulations. HyperVM has been installed successfully on your server as master You can connect to the server at https://<ip-address>:8887 or http://<ip-address>:8888 Please note that first is secure ssl connection, while the second is normal one. The login and password are 'admin' 'admin'. After Logging in, you will have to change your password to something more secure Thanks for choosing HyperVM to manage your Server, and allowing us to be of service. 2.4. Open /etc/grub.conf, and change the 'default=1' line to 'default=0', and reboot this machine.
- vi /etc/grub.conf and change default=1 to default=0 so that the OpenVZ kernel is the default kernel:
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-92.1.18.el5.028stab060.2PAE) root (hd0,0) kernel /vmlinuz-2.6.18-92.1.18.el5.028stab060.2PAE ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-92.1.18.el5.028stab060.2PAE.img title CentOS (2.6.18-92.1.1.el5) root (hd0,0) kernel /vmlinuz-2.6.18-92.1.1.el5 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-92.1.1.el5.img title CentOS (2.6.18-92.el5) root (hd0,0) kernel /vmlinuz-2.6.18-92.el5 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-92.el5.img
2.5. Reboot the master server. 3. Installing A HyperVM Slave Slave:
- Install the HyperVM slave on slave servers (hadar.egobalreach.net/altair.eglobalreach.net and control it from the panel of master (procyon.eglobalreach.net).
- 3.1. Like the master, disable SELinux. Open /etc/sysconfig/selinux. - vi /etc/sysconfig/selinux and set SELINUX to disabled.
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
3.2. Run setenforce 0, then reboot. 3.3. Install HyperVM using these next lines.
- wget http://download.lxlabs.com/download/hypervm/production/hypervm-install-slave.sh. - sh ./hypervm-install-slave.sh --virtualization-type=openvz (for OpenVZ containers) or - sh ./hypervm-install-slave.sh --virtualization-type=xen (for Xen containers)
The installation won't take long because no container templates need to be downloaded (the templates are stored on the master). At the end, you should see something like this:
Executing Update Cleanup... Will take a long time to finish.... Congratulations. HyperVM has been installed successfully on your server as slave You should open the port 8889 on this server, since this is used for the communication between master and slave To access this slave, go admin->slaves->add slave, give the ip/machine name of this server. The password is 'admin'. The slave will appear in the list of slaves, and you can access it just like you access localhost
3.4. Open /etc/grub.conf, and change the 'default=1' line to 'default=0', and reboot this machine. - vi /etc/grub.conf and change default=1 to default=0 so that the OpenVZ kernel is the default kernel:
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00 # initrd /initrd-version.img #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-92.1.13.el5.028stab059.6PAE) root (hd0,0) kernel /vmlinuz-2.6.18-92.1.13.el5.028stab059.6PAE ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-92.1.13.el5.028stab059.6PAE.img title CentOS (2.6.18-53.1.4.el5) root (hd0,0) kernel /vmlinuz-2.6.18-53.1.4.el5 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-53.1.4.el5.img title CentOS (2.6.18-53.el5)
root (hd0,0) kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-53.el5.img
3.5. Reboot the slave server. Note: Same procedure from steps 3.1 to 3.5 will be done when adding slave servers. 4. Using HyperVM 4.1. Open a browser and go to https://procyon.eglobalreach.net: 8887. Firefox will complain about the self-signed certificate, therefore you must tell Firefox to accept the certificate - to do this, click on the Or you can add an exception link.
Click on Add Exception, and then continue with the process. 4.2. You will see the HyperVM login form. Log in with the user admin and the password admin.
4.3. Change the default password for admin.
4.4. Configure LXguard. LXguard is a tool like fail2ban or DenyHosts that blocks remote IP addresses from which too many logins originated (this is to prevent brute-force attacks).
4.5. Fill in the maximum number of failed login attempts that are allowed before LXguard kicks in and blocks the IP:
4.6. Whitelist 202.124.138.210 on the whitelist your own IP.
4.7. Before creating OpenVZ container/Xen containers, we need to define an IP pool from which new containers can take an IP address. Go to IP Pools. On the IP Pools page, click on the Add IP Pool tab.
4.8 Fill in a name for the pool, a start and an end IP address, at least one name server (if you fill in more than one, separate them with a space), and the gateway IP address. Then select the server (localhost) that this pool is applicable to.
4.9. Afterwards you should see the new pool on the IP Pools overview page.
4.10. Besides creating an IP pool, we must also define at least one resource plan before we can create our first OpenVZ container. On the HyperVM Home, click on Resource Plans, and then on the Add Resource Plan tab. Or omit this if you don’t want to create a resource plan.
4.11. Fill in a name and description and then specify the resources for each OpenVZ/Xen container that will use this resource plan:
4.12. Now we can create our first OpenVZ/Xen container. Click on the Virtual Machines icon in the Resources section of the HyperVM Home; on the page that loads, click on the Add OpenVZ/Xen tab.
4.13. Provide a name (usually the hostname of the server) for that new OpenVZ/Xen container and fill in a root password. Type in a free IP address from the IP pool that you've created before.
4.14. Provide a hostname, select the resource plan you've just created and an OS template for the container, then click on Add.
4.15. After a few moments, you should see your new container on the Virtual Machines overview page. You can start and stop the container by clicking on the bulb in the S column, but you can as well control it from its own control panel that you can reach by clicking on the container's name in the VM Name column:
4.16. This is how the container's control panel looks:
Congratulations, you've just created your first OpenVZ container with HyperVM.
5. Adding slave server on HyperVM
5.1. Now we can add our new HyperVM slave to the HyperVM control panel. Click on the Servers icon on the HyperVM Home.
5.2. Click on the Add Server tab:
5.3. Fill in the IP address of the slave (192.168.0.102) and its HyperVM password (the default password is admin). Then click on Add.
5.4. You should now see the slave on the Servers overview page (in addition to localhost).
5.5 You can start/stop it by clicking on the bulb in the S column.
6. Additional Guide for Creating LVM for XEN Containers 6.1. Delete all the linux partition if exist on the system.
- Create /swap double the size of the RAM on the system. /boot 500mb /20480 in ext3 In free space. Make LVM create / For our setup, 20GB was allocated for the system, 8GB for swap and the remaining is on the extended as LVM.
6.2. Using the Extended Linux LVM partition done on the installation, do the following steps. - fdisk /dev/sda - At the Linux fdisk command prompt.
1. press p to print the partition tables, then m to view the next step. 2. press d to delete the extended LVM partition 3. press 5 to delete the Linux LVM 4. press d again to delete the extended partition 4. press 4 to delete the extended partition 5. press w to update the volume 6. reboot
- Creating a new logical volume, at the prompt after doing fdisk /dev/sda
1. press n to create a new partition table 2. press p to select the primary, then ENTER twice. 3. press w to update the table, then reboot. 4. do the fdisk /dev/sda again, then type t and select 4. 5. press L for the list of options of partition type. 6. press 8e to choose the Linux LVM and press ENTER 7. press w and reboot.
6.3. Next, this LVM command will create a LVM physical volume (PV) on a regular hard disk or partition. - pvcreate /dev/sda4 6.4. Now, another LVM command to create a LVM volume group (VG) called vg0 with a physical extent size (PE size) of 16MB - vgcreate -s 16M VolGroup00 /dev/sda4 Other Notes:
1. Always do a yum update after installing the openvz/xen kernel updates for HyperVM
