Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

291 lines (260 sloc) 10.391 kB
m4_include(/mcs/m4/worksp.lib.m4)
_NIMBUS_HEADER(2.10 Zero To Cloud Guide)
_NIMBUS_HEADER2(n,n,y,n,n,n,n)
_NIMBUS_LEFT2_COLUMN
_NIMBUS_LEFT2_Z2C_SIDEBAR(y)
_NIMBUS_LEFT2_COLUMN_END
_NIMBUS_CENTER2_COLUMN
_NIMBUS_IS_DEPRECATED
<h2>Service Installation</h2>
<p>
On this page, you will install the Nimbus central services and
image repository (<i>Cumulus</i>), and use a cloud
client to access your cloud as a remote client.
</p>
<p>
This will however only work in "fake mode" which means that the
service is only pretending to start VMs. In later steps you will
enable VMMs, connect them with the central service, and have a
working cloud setup.
</p>
<a name="user"> </a>
<h3>Create nimbus user _NAMELINK(user)</h3>
<p>
The first step is to create a separate unix account under which to
install and run the Nimbus services. It is not recommended to use
the root account. Because you will later be configuring password-less
SSH keys between this account and your hypervisor nodes, it is best
to use a dedicated account for these services.
</p>
<p>
In this guide, we will be calling the user
<tt class="literal">nimbus</tt>, but you can use anything you like.
</p>
<a name="downloadinstall"> </a>
<h3>Download and install _NAMELINK(downloadinstall)</h3>
<p>
As the new <tt class="literal">nimbus</tt> user, fetch and unpack
the latest service distribution.
</p>
<pre class="panel">
$ wget http://www.nimbusproject.org/downloads/nimbus-iaas-2.10-src.tar.gz
</pre>
<pre class="panel">
$ tar xfz nimbus-iaas-2.10-src.tar.gz
</pre>
<pre class="panel">
$ cd nimbus-iaas-2.10-src/
</pre>
<p>
You must now choose an installation directory. It could be within
the <tt class="literal">nimbus</tt> user home directory, or something
like <tt class="literal">/opt/nimbus</tt>. If the directory exists,
it must be empty and writable by the <tt class="literal">nimbus</tt> user.
If it does not exist, the parent directory must be writable by the <tt class="literal">nimbus</tt> user.
</p>
<p>
Throughout this guide, we will refer to this installation directory as
<tt class="literal">$NIMBUS_HOME</tt>. To install, run this command from
the Nimbus source directory (specifying your chosen destination).
</p>
<pre class="panel">
$ ./install $NIMBUS_HOME
</pre>
<div class="note">
<p class="note-title">Self-contained</p>
<p>
Software is not installed anywhere else on the services node,
only under this installation directory.
</p>
</div>
<div class="note">
<p class="note-title">Alternate Python</p>
<p>
If you need to specify a non default Python, you can do so by setting the
<tt class="literal">PYTHON</tt> environment variable. For example if you
are using RHEL5 and cannot upgrade the system Python to 2.5+, you can
install Python separately and specify
<tt class="literal">PYTHON=/usr/local/bin/python2.5</tt> for installation.
</p>
</div>
<p>
The installer performs several steps:
</p>
<ul>
<li>
Installs Cumulus and dependencies to a Python
<a href="http://pypi.python.org/pypi/virtualenv">virtualenv</a>
</li>
<li>Builds and installs the central IaaS services</li>
<li>Creates initial databases</li>
<li>Runs interactive configuration program to gather basic information</li>
<li>Generates internal Certificate Authority for host certificates</li>
</ul>
<p>
After the install completes, you should have a Nimbus system set up with
security, web services, and sensible configuration defaults. However the
service is running in "fake" mode, where no VMs are actually started. This
is a great opportunity to test the service and Cumulus installs before we
move on to VMM and network setup.
</p>
<div class="note">
<p class="note-title">Service ports</p>
<p>
Nimbus requires several network ports. We have chosen some sensible defaults,
but you may adjust them if needed. The defaults are:
</p>
<UL>
<LI>Cumulus : 8888</LI>
<LI>Nimbus Service interface : 8443</LI>
<LI>EC2 compatible Query Interface: 8444</LI>
</UL>
<p>
If you need to change these ports, check out
<a href="../reference.html#service-ports">this section</a>
of the reference guide.
</p>
</div>
<div class="note">
<p class="note-title">Certificates</p>
<p>
The installer generates a new X509 Certificate Authority and host certificate but you are not required to use these in production, it is possible to use your own credential system. Setting this up is out of scope of this guide, you should wait until you have a working system before changing this.
</p>
</div>
<a name="start"> </a>
<h3>Start services _NAMELINK(start)</h3>
<p>
Now that the services are installed, you can try to start them for the first
time. First, change to the installation directory and take a look at what is
in the <tt class="literal">bin/</tt> directory.
</p>
<pre class="panel">
$ cd $NIMBUS_HOME
</pre>
<pre class="panel">
$ ls bin/
nimbus-configure nimbus-new-cert nimbus-reset-state
nimbus-edit-user nimbus-new-user nimbus-version
nimbus-list-users nimbus-remove-user nimbusctl
</pre>
<p>
There are several useful commands available which we will get to in time, but
for now we want to use the <tt class="literal">nimbusctl</tt> command to start
the Nimbus services.
</p>
<pre class="panel">
$ ./bin/nimbusctl start
Launching Nimbus services... OK
Launching Cumulus services... OK
</pre>
<p>
If one or both services fail to start, you should take a look at the appropriate
log file. For Nimbus services, check <tt class="literal">var/services.log</tt>.
For Cumulus, look in <tt class="literal">var/cumulus.log</tt>.
</p>
<a name="nimbususer"> </a>
<h3>Create first user _NAMELINK(nimbususer)</h3>
<p>
Now that Nimbus is installed and running, we can move on to testing with a real
client. But first, we need to create a user account to test with. We will do this
with the <tt class="literal">nimbus-new-user</tt> tool. It has many options which
you will want to explore later. But for now we should just use the defaults,
specifying an email address to associate with the account as well as a temporary
directory in which to place credentials.
</p>
<pre class="panel">
$ ./bin/nimbus-new-user -d /tmp/newuser someone@someplace.com
cert : /tmp/newuser/usercert.pem
key : /tmp/newuser/userkey.pem
dn : /O=Auto/OU=NimbusTestCA/CN=someone@someplace.com
canonical id : d5170810-85f8-11df-86fa-001641156eb6
access id : pig5Rexcj6uFQBH3exGM5
access secret : uQA6LqXSVNFwubQ505II1kqeLMEsEXGd1oXGNjwp0G
url : None
web id : None
cloud properties : /tmp/newuser/cloud.properties
</pre>
<p>
The script outputs a lot of information about the new user, but you only need the
files that were generated and written to your specified output directory. Hold on to these files, you
will need them momentarily, after you install the cloud client.
</p>
<a name="clcl"> </a>
<h3>Install cloud client and credentials _NAMELINK(clcl)</h3>
<p>
We will test our services using the Nimbus cloud client. You can do so from the same
system you are installing on, but you may want to use a separate system so you can
verify that networking is working correctly. Grab the latest cloud client from the
Nimbus <a href="http://www.nimbusproject.org/downloads/">downloads page</a>
(version must be >= 16).
</p>
<pre class="panel">
$ wget http://www.nimbusproject.org/downloads/nimbus-cloud-client-019.tar.gz
</pre>
<pre class="panel">
$ tar xfz nimbus-cloud-client-019.tar.gz
</pre>
<p>
Now you need to install the files produced earlier by
<tt class="literal">nimbus-new-user</tt>. The <tt class="literal">cloud.properties</tt>
file needs to be placed into the extracted cloud client's <tt class="literal">conf/</tt>
directory. The <tt class="literal">usercert.pem</tt> and
<tt class="literal">userkey.pem</tt> files need to be installed into
<tt class="literal">~/.nimbus/</tt> in your home directory. Be careful not to overwrite
any credentials you already have in <tt class="literal">~/.nimbus/</tt>.
</p>
<pre class="panel">
$ cp /tmp/newuser/cloud.properties nimbus-cloud-client-019/conf/
</pre>
<pre class="panel">
$ mkdir ~/.nimbus/
</pre>
<pre class="panel">
$ cp /tmp/newuser/*.pem ~/.nimbus/
</pre>
<p>
Naturally, if you are testing the client on a different system than the service installation,
you'll need to use <tt class="literal">scp</tt> or similar to copy these files.
</p>
<p>
You also need to grab a few more files from the Nimbus service installation and drop
them into the client. These are the internal CA certificates and enable the client to
trust the server. The needed files are in
<tt class="literal">$NIMBUS_HOME/var/ca/trusted-certs/</tt>.
</p>
<pre class="panel">
$ cp $NIMBUS_HOME/var/ca/trusted-certs/* nimbus-cloud-client-019/lib/certs/
</pre>
<a name="try"> </a>
<h3>Try it out! _NAMELINK(try)</h3>
<p>
First we will attempt to query the service. This command shows the running VMs that you own.
Of course you do not have any at this point, but this can help to diagnose any configuration
or security problems.
</p>
<pre class="panel">
$ cd nimbus-cloud-client-019/
</pre>
<pre class="panel">
$ ./bin/cloud-client.sh --status
Querying for ALL instances.
There's nothing running on this cloud that you own.
</pre>
<p>
If you see this message, all is well. You've successfully queried the running Nimbus service!
The next step is to query Cumulus and list the available images you have to run. Again, of
course you will have none.
</p>
<pre class="panel">
$ bin/cloud-client.sh --list
No files.
</pre>
<p>
If that command succeeded, then all of the Nimbus services are operational. We will come back
to this client later and use it to transfer and start real VMs. But for now, let's turn attention
back to the service node to <a href="networking-setup.html">Install DHCPd and Configure Networking</a>.
</p>
_NIMBUS_CENTER2_COLUMN_END
_NIMBUS_FOOTER1
_NIMBUS_FOOTER2
_NIMBUS_FOOTER3
Jump to Line
Something went wrong with that request. Please try again.