Beruflich Dokumente
Kultur Dokumente
Big Picture
End Users
Application
Cloud Consumer
Cloud Provider
Example
Many R&D businesses rely on cloud environments for both long -term and shortterm services For example:
Deployed 50,000 cores of computing power for 3 hours Cost $15,000
Deployment Models
Public cloud
Resources are shared by many consumers and are provided to anyone (for a fee)
Private cloud
Resources are utilized by a single organization Can still be operated by a third party
Hybrid cloud
Mix of public and private, allowing the consumer to deploy applications using either public or private resources
Service Models
Infrastructure as a Service (IaaS)
Virtual machines and storage are provided Consumers install their own OS from the ground up
IaaS or PaaS?
Depending on the requirements, you should be using an IaaS or PaaS model
Give students a preconfigured image with everything they need on it (PaaS) Allow them to install their own OS and do all the configuration themselves (IaaS)
The former is more likely in a software development course, the later more likely in a networking or administration course
Enter Eucalyptus
Eucalyptus is an open source IaaS cloud platform Compatible with AWS (EC2/S3) Deploy your own private Eucalyptus cloud Move the Eucalyptus images to AWS if you need more resources RightScale, euca2ools and HybridFox help with moving and management
Recommendations:
External storage array for storing images Switch for building a separate private network for the cloud
There is some terminology to get out of the way You need one server to act as the front-end, which will run all of the cloud-level services and store S3 snapshots in Walrus Other servers are nodes for deploying instances of virtual machine images and EBS volumes
Networking Modes
MANAGED-NOVLAN mode
Require a switch to interconnect the private cloud network ( or crossover cable to get one node up) The nodes will not be connected to your regular network directly but use private network
Networking Modes
The other two modes are STATIC and SYSTEM STATIC allows you to configure IP addressing by hand in the cloud
Convenient but very hard to manage in even a small environment
SYSTEM mode should only be used if can't get a switch for MANAGED-NOVLAN mode
Requires more cooperation with your local network admin since not managed by Eucalyptus
Network Configuration
From now on, we will be using MANAGEDNOVLAN mode One very tricky part that isn't explained well in the documentation is that there are really three different sets of IP addresses you must work with
Public, Private, and Virtual Instance IPs
Network Configuration
LAN/ Internet
public address: 5.5.5.5 (eth0)
public network
front-end (cloud controller)
private address: 192.168.0.1 (eth1) private addresses: 192.168.0.X (eth0) internal network addresses: 192.168.0.X, optional external addresses 5.5.5.X
Other Gotchas *
Installing the front-end (we used CentOS 5.8)
Be sure to disable SELinux Enable NTP Install a DHCP server, but DON'T enable it or configure it Configure both public and private NICs statically * Faststart manages this for you
Other Gotchas*
Installing the nodes (we used CentOS 5.8)
They won't have Internet access in the given configuration, so you could temporarily connect them to your regular network until the install is done Disable SELinux Disable the local firewall (iptables) Enable NTP Set the IP address statically After you install xen, you might have to edit the GRUB configuration to tell it to boot the xen kernel Start with a single node until things are working to simplify debugging * Faststart manages this
http://www.eucalyptus.com/sites/all/files/EucalyptusFastInstallGuide-CentOS.pdf
There are two of these, one on each machine: Frontend (cc walrus) and Node Controller (nc) Restart /etc/init.d/eucalyptus-cc cleanrestart for cc when edit on frontend Restart /etc/init.d/eucalyptus-nc restart for nc when edit node(s) Be careful with /etc/init.d/eucalyptus-cloud restart on Frontend -May lose external addresses on VM instances or may forget to take snapshots of data
EucalyptusConfiguration (/etc/eucalyptus/eucalyptus.conf)
euca2ools
Initialization variables: $ . ~/.euca/eucarc # This sources the environment, check with env Informational $ euca-describe-availability-zones verbose $ euca-describe-images $ euca-describe-keypairs $ euca-describe-instances $ euca-describe-volumes $ euca-describe-snapshots $ euca-describe-addresses $ euca-describe-groups
euca2ools 2
Keypairs: $ euca-add-keypair mykey > mykey.priv $ euca-delete-keypair mykey Registering kernel image: $ euca-bundle-image -i vmlinuz-2.6.28-11-server --kernel true $ euca-upload-bundle -b mybucket -m /tmp/vmlinuz-2.6.28-11-server.manifest.xml $ euca-register mybucket/vmlinuz-2.6.28-11-server.manifest.xml Registering ramdisk image: $ euca-bundle-image -i initrd.img-2.6.28-11-server $ euca-upload-bundle -b mybucket -m /tmp/initrd.img-2.6.28-11-server.manifest.xml $ euca-register mybucket/initrd.img-2.6.28-11-server.manifest.xml
euca2ools 3
Registering disk image: $ euca-bundle-image -i image.img --kernel eki-XXXXXXXX --ramdisk eri-XXXXXXXX $ euca-upload-bundle -b mybucket -m /tmp/image.img.manifest.xml $ euca-register mybucket/image.img.manifest.xml Launching and manage instances: $ euca-run-instances emi-XXXXXXXX -k mykey -t c1.medium $ euca-get-console-output i-XXXXXXXX Launching an instance associated with the security group webservers : $ euca-run-instances emi-XXXXXXXX -k mykey -g webservers
euca2ools 4
Connecting to the instance: $ ssh -i mykey.priv user@ip $ euca-reboot-instances i-XXXXXXXX $ euca-terminate-instances i-XXXXXXXX Create new 10GB volume: $ euca-create-volume -s 10 -z mycloud $ euca-create-volume -s 10 --snapshot snap-ZZZZZZZZ --zone mycloud Attach a volume to a runing instance: $ euca-attach-volume -i i-XXXXXXX -d /dev/sdb vol-YYYYYYYY
euca2ools 5
Detach a volume: $ euca-detach-volume vol-YYYYYYYY $ euca-delete-volume vol-YYYYYYYY ### for windows only Snapshots: $ euca-create-snapshot vol-YYYYYYYY $ euca-delete-snapshot snap-ZZZZZZZZ Allocating IP address: $ euca-allocate-address ADDRESS IP Releasing a public ip address from a specify user: $ euca-release-address IP
euca2ools 6
MORE ADDRESS IP Associating a public ip address to a running instance $ euca-associate-address -i i-XXXXXXXX ip Disassociating a public ip address from a running instance $ euca-disassociate-address ip Creating a security group named webservers: $ euca-add-group -d "Web Servers" webservers Adding a rule to the security group webservers allowing icmp and tcp traffic from a.b.c.d: $ euca-authorize -P tcp -s a.b.c.d webservers $ euca-authorize -P icmp -s a.b.c.d webservers
euca2ools 7
Removing the rule for icmp traffic from the source ip a.b.c.d from the security group webservers: $ euca-revoke -P icmp -s a.b.c.d webservers Deleting the security group webservers: $ euca-delete-group webservers SOURCE: http://cssoss.wordpress.com/2010/05/10/eucalyptus-beginner%E2%80%99s-guide-%E2%8093-uec-edition-chapter-10%E2%80%93-euca%C2%A0commands
Upload
[root@css1 euca-ubuntu-9.04-x86_64]# euca-upload-bundle -b mybucket -m /tmp/ubuntu.9-04.x8664.img.manifest.xml Checking bucket: mybucket Uploading manifest file Uploading part: ubuntu.9-04.x86-64.img.part.0 Uploading part: ubuntu.9-04.x86-64.img.part.1 Uploading part: ubuntu.9-04.x86-64.img.part.2 . Uploading part: ubuntu.9-04.x86-64.img.part.10 Uploading part: ubuntu.9-04.x86-64.img.part.11 Uploading part: ubuntu.9-04.x86-64.img.part.12 Uploading part: ubuntu.9-04.x86-64.img.part.13 Uploaded image as mybucket/ubuntu.9-04.x86-64.img.manifest.xml
Register
[root@css1 euca-ubuntu-9.04-x86_64]# euca-register mybucket/ubuntu.9-04.x86-64.img.manifest.xml IMAGE emi-345611F6
hybridfox
SUSE Studio
http://susestudio.com/home
Troubleshooting
There are many moving parts in Eucalyptus and it can frustrating to fix The most common failure case is that you try to run a new instance and it stays "pending" for a long time before terminating When this happens, there are a few places to check
Troubleshooting: DHCP
If the instance does not get an IP address (public or private) then mostly likely the DHCP assignments are not working
When you actually run an instance, the cloud controller on the frontend will start a dhcpd process to assign IP addresses to the new instance If you do a 'ps ef | grep dhcpd' and don't see anything, then DHCP is not running during setup
This almost certainly means that the VNET configuration is wrong (VNET overlap with private network, etc)
You can also look in /var/run/eucalyptus/net/ for the DHCP configuration and lease files
Look for the above "resource response summary" messages They will tell you how many resources are available for each instance size In the above, you see that it says there are 0 available and 0 total for each size which means that the front-end can't talk to the nodes, probably because of a firewall problem
In general, look for the [EUCAERROR lines to find errors that you need to address In the above example, it tells you that the node can't contact the walrus component of front end (for S3 storage) (i.e. snapshots and images) Again, this is probably a firewall issue, so be sure the firewall is off on the node
Troubleshooting: Images
Another issue is broken or incompatible images If Eucalyptus tells you that an instance is running but you can't log in, try pinging it If you can't ping it, the instance didn't boot correctly You can test it with xen
Log in to the node and run "xm list" You can then log in directly to the instance with "xm console INSTANCE" If it's waiting at a maintenance prompt then something is wrong with the image try another image Note, do a CTRL-] to exit the xen console
Add another $2k for the front-end and it's about $10k total (but dont forget switches etc.)
Conclusion
If you are interested in setting up a private or hybrid cloud for a course, Xen is reasonable option Eucalyptus/AWS are an infrastructure and web services platform in the cloud Cloud networking is an important new tool for education, scientific discovery and business logic services The benefit is that you can validate and verify locally before for-fee AWS cloud with a larger implementation EBS coupled with S3 gives a fast and safe way to protect data. Freddy Fender Wasted Days is good Koala theme music
AWS Info
http://aws.amazon.com/govcloud-us/ http://aws.amazon.com/resources/webinars/ http://aws.typepad.com/ http://www.youtube.com/user/AmazonWebServices/videos?vie w=pl http://calculator.s3.amazonaws.com/calc5.html http://aws.amazon.com/ec2/instance-types/
CONTACTS
David Rilett Charlie Wiseman