ANSOS: Archipel Node Stateless OS

Cyril Peponnet edited this page Sep 17, 2015 · 41 revisions

Archipel Node Stateless OS - Next Generation

ANSOS

Archipel Node Stateless OS next generation (ANSOS-NG) is a Live OS acting as a stateless hypervisor. It allows you to boot up a ready-to-use Archipel enabled hypervisor in no time. The image is small and contains everything you need. All the data is kept in a network mount of your choice. You only have to give a few kernel parameters when booting up the image, the rest is automatic magic.

Get the Archipel Node Stateless OS

Build your own ISO ! This way you know what's inside and you will have the latest packages.

Use Vagrant to bring a build machine in no time using:

vagrant init "vStone/centos-7.x-puppet.3.x" && vagrant up

Install the dependencies according to ANSOS-NG Readme

Then, just do

wget https://raw.githubusercontent.com/CyrilPeponnet/ANSOS-NG/master/docker/buildANSOS.py
python buildANSOS.py -Bc

Preparing your platform

Ejabberd

You need an ejabberd server up and running, configured for Archipel.

Network shares

In order to store data, and be able to conserve information across reboot, ANSOS needs a network share. For now, we strongly suggest to use a CIFS or Glusterfs (both have been qualified) based share (NFS has some bugs preventing sqlite to work properly. But you may want to try). So first of all, create a folder on a server named stateless:

mkdir -p /stateless/{config,logs,qemu,lib,scripts}

Then share it, by adding to /etc/samba/smb.conf:

[stateless]
comment = Archipel Stateless Solid storage
path = /stateless
public = yes
writable = yes
browsable = yes

Then restart samba:

/etc/init.d/smb restart

Your share is ready.

Generic Archipel configuration

ANSOS will search for a general config file, by default in /stateless/config/archipel.conf You need to configure it like the following:

[DEFAULT]
xmpp_server                                 = your.xmppserver.com
archipel_folder_lib                         = /stateless/lib/
archipel_general_uuid                       = cf1c9dca-3e19-4200-9be2-ac1ddbff8997
archipel_folder_data                        = /vm/

[GLOBAL]
xmpp_pubsub_server                          = pubsub.%(xmpp_server)s
archipel_root_admins                        = admin@%(xmpp_server)s
machine_ip                                  = auto
use_avatar                                  = True
machine_avatar_directory                    = /var/lib/archipel/avatars
libvirt_uri                                 = qemu:///system
migration_uri                               = qemu+ssh://@HOSTNAME@/system
module_loading_policy                       = restrictive

[VCARD]
orgname                                     = Archipel Corp.
orgunit                                     = Developers
userid                                      = Antoine Mercadal
locality                                    = San Francisco
categories                                  = default

[HYPERVISOR]
hypervisor_xmpp_jid                         = @HOSTNAME@@%(xmpp_server)s
hypervisor_xmpp_password                    = a-password
hypervisor_name                             = auto
hypervisor_database_path                    = %(archipel_folder_lib)s/@HOSTNAME@/hypervisor.sqlite3
hypervisor_default_avatar                   = defaulthypervisor.png
name_generation_file                        = /var/lib/archipel/names.txt
hypervisor_permissions_database_path        = %(archipel_folder_lib)s/@HOSTNAME@/permissions.sqlite3

[VIRTUALMACHINE]
vm_base_path                                = %(archipel_folder_data)s/drives
vm_default_avatar                           = defaultvm.png
xmpp_password_size                          = 32
maximum_lock_time                           = 1
vm_permissions_database_path                = /permissions.sqlite3
allow_blank_space_in_vm_name                = True
enable_block_device_access                  = True
disable_screenshot                          = False

[LOGGING]
logging_level                               = debug
log_pubsub_item_expire                      = 3600
log_pubsub_max_items                        = 1000
logging_file_path                           = /stateless/logs/archipel.@HOSTNAME@.log
logging_max_bytes                           = 5000000
logging_backup_count                        = 5
logging_date_format                         = %Y-%m-%d %H:%M:%S
logging_formatter                           = %(levelname)s::%(asctime)s::%(filename)s:%(lineno)s::%(message)s
xmpppy_debug                                = False

[MODULES]
action_scheduler                            = True
geolocalization                             = False
hypervisor_health                           = True
hypervisor_network                          = True
hypervisor_vmcasts                          = True
iphone_notification                         = False
oomkiller                                   = True
snapshoting                                 = True
storage                                     = True
virtualmachine_appliance                    = True
vnc                                         = True
xmppserver                                  = True
platformrequest                             = True
vmparking                                   = True

[HEALTH]
health_database_path                        = %(archipel_folder_lib)s/@HOSTNAME@/statscollection.sqlite3
health_collection_interval                  = 5
max_rows_before_purge                       = 50000
max_cached_rows                             = 200

[STORAGE]
iso_base_path                               = %(archipel_folder_data)s/iso
use_metadata_preallocation                  = True
qemu_img_bin_path                           = /usr/bin/qemu-img
golden_drives_dir                           = %(archipel_folder_data)s/goldens

[VMCASTING]
vmcasting_database_path                     = %(archipel_folder_lib)s/@HOSTNAME@/vmcasting.sqlite3
repository_path                             = %(archipel_folder_data)s/repo
temp_path                                   = %(archipel_folder_data)s/tmp
own_vmcast_name                             = Local VM casts of $HOSTAME
own_vmcast_description                      = This is the own vmcast feed of the hypervisor $HOSTAME
own_vmcast_uuid                             = %(archipel_general_uuid)s
own_vmcast_url                              = http://127.0.0.1:8088/vmcasts/
own_vmcast_file_name                        = rss.xml
own_vmcast_lang                             = en-us
own_vmcast_path                             = %(archipel_folder_data)s/vmcasts/
own_vmcast_refresh_interval                 = 60
disks_extensions                            = .qcow2;.qcow;.img;.iso
should_gzip_drives                          = True
ignore_user_gzip_choice                     = False

[OOMKILLER]
database                                    = %(archipel_folder_lib)s/@HOSTNAME@/oom.sqlite3

[SCHEDULER]
database                                    = %(archipel_folder_lib)s/@HOSTNAME@/scheduler.sqlite3

[XMPPSERVER]
use_xmlrpc_api                              = False
xmlrpc_host                                 = %(xmpp_server)s
xmlrpc_port                                 = 4560
xmlrpc_sslonly                              = False
xmlrpc_user                                 = admin
xmlrpc_password                             = password
auto_group                                  = False
auto_group_name_virtualmachines             = All Virtual Machines
auto_group_name_hypervisors                 = All Hypervisors
auto_group_filter                           = all

[VNC]
vnc_certificate_file                        = /etc/archipel/vnc.pem
vnc_only_ssl                                = False
vnc_enable_websocket_debug                  = True

[NETWORKS]
libvirt_nw_filters_path                     = /etc/libvirt/nwfilter

All the @HOSTNAME@ occurrences will be replaced by the actual hostname of the hypervisor.

NOTE: The [DEFAULT] section DOES NOT translate tokens like @HOSTNAME@. Do not use any tokens in it.

Specific Archipel configuration

In addition to the general configuration file, you can create as many files as you have hypervisors. It will override the general options value. By default, you must define this file as /stateless/config/archipel.HOSTNAME.conf.

For example, create a file in /stateless/config/archipel.hypervisorA.conf:

[HYPERVISOR]
hypervisor_xmpp_password    = specific-password

[MODULES]
action_scheduler            = False

NOTE: Creating specific configuration files is optional, but encouraged.

The Post Script

The post-script will be executed after ANSOS initialization, just before starting the actual Archipel process. By default, the script will be read from /stateless/scripts/archipel-mount-post.

This script should contain at least the the mount command for the data files:

#!/bin/bash
echo "IP.IP.IP.IP my.xmppserver.com" >> /etc/hosts
REMOTE_FS="//server/vm"
if [[ ! -n $(mount | grep "$REMOTE_FS") ]]; then
    mount -t cifs -o password=password $REMOTE_FS /vm
fi

It is REQUIRED to mount the data folder to /vm. Note that the ANSOS filesystem is mostly read-only. You cannot create any folder you like in the LiveOS filesystem from this script.

Starting your nodes

Now you have a ready to use platform, boot your virtual machine with the ANSOS iso (from a USB stick, a DVD-ROM, a partition, from PXE, whatever).

You MUST append the following kernel parameters. Configure them as you like:

BOOTIF=enp2s0 hostname=YOUR_NODE_NAME ARCHIPEL_MOUNT_ADDRESS=//server/stateless ARCHIPEL_MOUNT_OPTIONS=user=user,password=password stateless=1 use_node_config

The hypervisor will boot. You will feel some love.

Additional parameters

ANSOS supports more kernel parameters to allow you to tune stuff:

  • ARCHIPEL_MOUNT_TYPE: The type of filesystem to mount (Default: cifs)
  • ARCHIPEL_MOUNT_ADDRESS: The address of the remote filesystem (example: //server/stateless)
  • ARCHIPEL_MOUNT_OPTIONS: The mount options (example: user=bob,password=password)
  • ARCHIPEL_MOUNT_MOUNTPOINT: The local mount point (Default: /stateless)
  • ARCHIPEL_STATELESS_PATH: The default stateless folder path (Default: /stateless)
  • ARCHIPEL_STATELESS_LIB_PATH: The default stateless folder path for lib (Default: /ARCHIPEL_STATELESS_PATH/lib)
  • ARCHIPEL_STATELESS_QEMU_PATH: The default stateless folder path for qemu (Default: /ARCHIPEL_STATELESS_PATH/qemu)
  • ARCHIPEL_STATELESS_CONFIG_PATH: The default stateless folder path for config (Default: /ARCHIPEL_STATELESS_PATH/config)
  • ARCHIPEL_STATELESS_CONFIG_PATH_GENERAL: The default stateless folder path for general config file (Default: /ARCHIPEL_STATELESS_CONFIG_PATH/archipel.conf)
  • ARCHIPEL_STATELESS_CONFIG_PATH_LOCAL: The default stateless folder path for specific config file (Default: /ARCHIPEL_STATELESS_CONFIG_PATH/archipel.$HOSTNAME.conf)
  • ARCHIPEL_SELINUX_MODE: SELinux mode (Default: Permissive)
  • ARCHIPEL_POST_SCRIPT: The post script path (Default: /ARCHIPEL_STATELESS_PATH/scripts/archipel-mount-post)

In addition, you can use specific kernel parameters from see here