Linux 설치시 설치상태나, 설치 단계에서부터 몇가지 체크하고 모니터링 할게 있어서, SSH로 접근 하면 좀 편하지 않을까 싶어서, Ananconda가 Load되면서 SSH를 뛰울 수 있는 방법이 없나~ 하다가... 아주 썩 깔끔한 방법은 아니지만, 우선 급한대로 원하는 결과만(?) 만들어 내어 일단 메모해둔다. (보안같은 부분은 추가적으로 해줘야 한다.. SSH가 root로 비번도 없이 로그인 되니... pass를 미리 설정하던지, Allow인자를 활용하던지.. 아무튼, 꼭 보안은 별도로 신경 써줘야 한다...)

1. 환경

2. initrd.img 풀어 해치기~

3. ssh 데몬 실행을 위한 준비
(다행이 Anaconda 이미지에 sshd 바이너리나 기본적인 설정파일은 미리 준비되어 있었다.)

4. Anaconda 로딩 시, sshd 자동 실행 처리
(이부분이 참... 원래 init 스크립트가 그냥 bash 쉘 스크립트였는데, CentOS6부터 바꼈는지, 컴파일 되어 있다..ㅡ.ㅡ;; 어쨌든, 훼이크성 편법이지만, 부팅중 실행되는 바이너리 중 하나를 바꿔치기 해서 /usr/sbin/sshd가 실행되도록 임시 처리 했다.... 만만한게 auditd 였다.. 추후 정상적인 init프로세스에 추가 할수 있는 방법을 찾으면 수정..)

5. SSH 설정작업은 끝... 작업했던 디렉토리 내용을 다시 initrd.img로 묶어준다.

6. 이제 다시 설치를 시도해서, 설치 과정중 해당 서버로 SSH접속을 시도해본다.

- Password는 없이 바로 로그인 된다.

- 다른 사전 작업이 필요하다면, 각자 처리 해둔다.

이상, 끝..... 서두에 이야기 했듯이... sshd를 실행하는 것이 정상적이진 않다... 시간이 되는대로 CentOS 6 Anaconda의 init과정을 좀 파봐야 겠다... 뭔가 나오면 그때 문서 업데이트하기로 하고 오늘은 이정도로만....

오늘 예전에 같이 동고동락(?)했던 SE분께 놀러 갔다가 딱 걸렸다..ㅡ.ㅡ;; 그쪽 고객중에서 사내 업무에 필요한 관계로, LiveCD를 커스터마이징하는 방법을 요청 했다고....

뭐 대충 보니, LiveCD에 각종 드라이버나, 유지보수 할수 있는 도구들을 담아두고, 유사시에 LIveCD를 응급복구 용도로 사용할려는 것 같다. 이전에는 WindowsPE를 커스트마이징 해서 사용해 온듯 하나, 라이센스 문제가 불거저 더이상 사용하지 못하게 된것 같기도 하고...

아무튼, 이야기를 들어보니, LIveCD의 커널에 특정 하드웨어(Disk 드라이버나 NIC 드라이버) 모듈을 추가 하는 작업은 아니라, 단순히 Linux OS에서 사용할 유틸리티 파일들을 추가 해두려는 것이라, 바로 테스트 해봤다.

Linux 기반에 원격설치서비스(RIS)구축을 해본적이 있어, "벌거 있겠어?? 그놈이 그놈이겠지.." 했는데, 역시나, 쉬운게 없다..ㅡ.ㅡ;;

먼저 맞닥드린건, Fedora16이라는 최신 시스템...ㅡ.ㅡ;; 그간 관심밖에 있었던 Linux 부팅 프로세스가 엄청 낯설었다.... (정말 이 분야에서도 이제 퇴출될 날이 곧.........) 부트 프로세스에 대해 대충이라도 파악하기 위해, initramfs의 init 스크립트를 한참 봤다... 대략 "이런식이구나..." 보구 나니, 표현과 디렉토리 구조, 그리고 패키징 포맷정도가 달라지고 이전과 개념적으로는 거의 비슷....

해서 오늘의 목적인 "Root-Image 파일에 원하는 유틸리티를 빨랑 박아 넣고 끝내자~~" 로 패스...

# cd /usr/local/src

# mkdir /mnt/tmp

# mount Fedora16-LiveCD.iso /mnt/tmp
mount: warning: /mnt/tmp/ seems to be mounted read-only.

(나중에 ISO 이미지 생성시, 필요하므로 미리 복사해둠...)
# cp -a /mnt/tmp iso-src

# ls -al /mnt/tmp/
total 30
dr-xr-xr-x. 5 4294967295 4294967295   224 Mar 25 20:33 .
drwxr-xr-x. 3 root       root        4096 Mar 25 23:57 ..
dr-xr-xr-x. 3 4294967295 4294967295    84 Mar 25 19:16 EFI
-r--r--r--. 1 4294967295 4294967295 18092 Mar 25 19:17 GPL
dr-xr-xr-x. 2 4294967295 4294967295   444 Mar 25 19:16 isolinux
dr-xr-xr-x. 2 4294967295 4294967295   200 Mar 25 19:18 LiveOS

# cp /mnt/tmp/LiveOS/squashfs.img /usr/local/src/

# umount /mnt/tmp

# mount squashfs.img /mnt/tmp
mount: warning: /mnt/tmp/ seems to be mounted read-only

# ls -al /mnt/tmp/
total 5
drwx------. 3 root root   29 Mar 25 19:18 .
drwxr-xr-x. 3 root root 4096 Mar 25 23:57 ..
drwxr-xr-x. 2 root root   33 Mar 25 19:18 LiveOS

# tree /mnt/tmp/
/mnt/tmp/
└── LiveOS
    └── ext3fs.img

1 directory, 1 file

# cp /mnt/tmp/LiveOS/ext3fs.img /usr/local/src/

# umount /mnt/tmp

# mount ext3fs.img /mnt/tmp

# ls -al /mnt/tmp/
total 116
dr-xr-xr-x.   2 root root  4096 Mar 25 19:14 bin
dr-xr-xr-x.   5 root root  4096 Mar 25 19:18 boot
drwxr-xr-x.   4 root root  4096 Mar 25 19:10 dev
drwxr-xr-x. 116 root root 12288 Mar 25 19:18 etc
drwxr-xr-x.   2 root root  4096 Jul 29  2011 home
dr-xr-xr-x.  11 root root  4096 Mar 25 19:12 lib
dr-xr-xr-x.  11 root root 12288 Mar 25 19:18 lib64
drwx------.   2 root root 16384 Mar 25 18:50 lost+found
drwxr-xr-x.   2 root root  4096 Jul 29  2011 media
drwxr-xr-x.   2 root root  4096 Jul 29  2011 mnt
drwxr-xr-x.   2 root root  4096 Jul 29  2011 opt
drwxr-xr-x.   2 root root  4096 Mar 25 18:50 proc
dr-xr-x---.   2 root root  4096 Mar 25 19:14 root
drwxr-xr-x.  22 root root  4096 Mar 25 19:13 run
dr-xr-xr-x.   2 root root 12288 Mar 25 19:14 sbin
drwxr-xr-x.   2 root root  4096 Jul 29  2011 srv
drwxr-xr-x.   2 root root  4096 Mar 25 18:50 sys
drwxrwxrwt.   2 root root  4096 Mar 25 19:17 tmp
drwxr-xr-x.  13 root root  4096 Mar 25 19:08 usr
drwxr-xr-x.  17 root root  4096 Mar 25 19:13 var

# chroot /mnt/tmp

(설치)
# yum install [패키지]

(제거)
# yum remove [패키지]

# umount /mnt/tmp

# mkdir LiveOS

# mv ext3fs.img LiveOS/

(삭제 해주지 않으면, 이전 파일에 Append 됨. -noappend 옵션을 주면 되나, 수정전 원본은 삭제해준다.)
# rm squashfs.img

# mksquashfs LiveOS squashfs.img -keep-as-directory -all-root
Source directory entry LiveOS already used! - trying LiveOS_1
[===|

# cp squashfs.img iso-src/LiveOS

(ISO로 만들 Source 디렉토리 외부에 boot정보 파일이 있어야 mkisofs가 정상 작동...)
# cp -a iso-src/isolinue isolinux

# mkisofs -udf -V "Fedora16-LiveCD" -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-info-table -boot-load-size 4 -o Fedora16-LiveCD-New.iso iso-src
I: -input-charset not specified, using utf-8 (detected in locale settings)
Size of boot image is 4 sectors -> No emulation
  1.24% done, estimate finish Mon Mar 26 00:13:36 2012
  2.47% done, estimate finish Mon Mar 26 00:13:36 2012
  3.71% done, estimate finish Mon Mar 26 00:13:36 2012
  4.94% done, estimate finish Mon Mar 26 00:13:36 2012
  6.18% done, estimate finish Mon Mar 26 00:13:36 2012
  7.42% done, estimate finish Mon Mar 26 00:13:49 2012
  8.65% done, estimate finish Mon Mar 26 00:13:47 2012
  9.89% done, estimate finish Mon Mar 26 00:13:46 2012
 11.12% done, estimate finish Mon Mar 26 00:13:44 2012
 12.36% done, estimate finish Mon Mar 26 00:13:44 2012
 13.59% done, estimate finish Mon Mar 26 00:13:43 2012
 14.83% done, estimate finish Mon Mar 26 00:13:42 2012
 16.06% done, estimate finish Mon Mar 26 00:13:48 2012
.
.
.

Install OpenNebula-2.2-1 with Xen

Reference
http://opennebula.org
http://downloads.dsa-research.org/opennebula

Environments

Tested environments info

Test System / Network

- On VMware ESXi
- One vSwitch
- Two VMs
- VM IP Range : 192.168.100.151~160 (10EA)
- By root privileges
- Run "yum -y update" on all nodes
- Template VM Image : CentOS 5.6 x86_64

Test Nodes

- Management Node 
    - IP : 192.168.100.121 (one-01)
    - OS : CentOS 5.6 x86_64 (2.6.18-238.9.1.el5)
    - 1Core / 384RAM
- Xen Node IP : 192.168.100.122
    - IP : 192.168.100.122 (one-02)
    - OS : CentOS 5.6 x86_64 (2.6.18-238.19.1.el5xen)
    - 2Core / 1024RAM

On whole nodes

Add to /etc/hosts

192.168.100.121 one-01
192.168.100.122 one-02

On Management Node

Install OpenNebula & Setup Env.

# cd /usr/local/src

Download opennebula-2.2-1.x86_64.rpm to /usr/local/src/ (from http://downloads.dsa-research.org/opennebula)

# wget  ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/SRPMS/xmlrpc-c-1.06.18-1.el5.kb.src.rpm

# ls -al /usr/local/src/
-rw-r--r--  1 root root     717867 Jul 22 13:53 opennebula-2.2-1.x86_64.rpm
-rw-r--r--  1 root root     708799 Jul 23 21:49 xmlrpc-c-1.06.18-1.el5.kb.src.rpm

# yum install ruby ruby-devel ruby-docs ruby-ri ruby-irb ruby-rdoc

# rpmbuild --rebuild xmlrpc-c-1.06.18-1.el5.kb.src.rpm

# rpm -Uvh /usr/src/redhat/RPMS/x86_64/xmlrpc-c-*

# rpm -Uvh opennebula-2.2-1.x86_64.rpm

Setup OpenNebula Admin User & Env

# echo "export ONE_XMLRPC=http://localhost:2633/RPC2" >> /etc/profile

# echo "export ONE_AUTH=/home/oneadmin/one_auth" >> /etc/profile

# useradd oneadmin -d /home/oneadmin

# echo "oneadmin:1234" > /home/oneadmin/one_auth

SSH Key Create & Setup sudo

# mkdir /home/oneadmin/.ssh

# ssh-keygen -t rsa -N '' -f /home/oneadmin/.ssh/id_rsa

# cp -a /home/oneadmin/.ssh/id_rsa.pub /home/oneadmin/.ssh/authorized_keys

# chmod 700 /home/oneadmin/.ssh

# chown -R oneadmin:oneadmin /home/oneadmin/.ssh

# sed -i 's/^Defaults    requiretty/# /g' /etc/sudoers

Add to /etc/ssh/ssh_config

Host *
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

On Xen Node

Install Xen

# yum install ruby ebtables

# yum groupinstall Vritualization

# useradd oneadmin -d /home/oneadmin

# reboot

# virsh net-destroy default

# virsh net-undefine default

SSH Key Create & Setup sudo

# mkdir /home/oneadmin/.ssh

# scp root@one-01:/home/oneadmin/.ssh/* /home/oneadmin/.ssh/

# chonw -R oneadmin:oneadmin /home/oneadmin/.ssh

# sed -i 's/^Defaults    requiretty/# /g' /etc/sudoers 

Add to /etc/ssh/ssh_config

Host *
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

on Xen Node

Create Xen Template Image

# virt-install --name centos5_64 --ram 384 --paravirt --location=http://ftp.daum.net/centos/5/os/x86_64/ --file=/home/oneadmin/centos5_64.xen.img -s 1.5

** Install Minimal Package

On VM Template Image - Setup VM Env. (After Installation & Reboot)

# echo "/var/lib/one/one-boot-init.sh" >> /etc/rc.local

# mkdir /var/lib/one/

# vi /var/lib/one/one-boot-init.sh

#!/bin/bash

DEV_CD="/dev/xvdc" 
MNT="media/one" 
CHK_FILE="/var/lib/one/.done_context" 

if [ -b ${DEV_CD} ]; then
        mount -t iso9660 ${DEV_CD} ${MNT}
        if [ -f ${MNT}/context.sh ]; then
                . ${MNT}/init.sh
        fi
        umount ${MNT}
        if [ ! -e ${CHK_FILE} ]; then
                touch ${CHK_FILE}
                chattr +i ${CHK_FILE}
        fi
fi

exit 0

# vi /etc/sysconfig/network-scripts/ifcfg-eth0

# Xen Virtual Ethernet
DEVICE=eth0
BOOTPROTO=static
ONBOOT=no

# vi /etc/sysconfig/network

NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=localhost.localdomain

- Default Runlevel is 3 (/etc/inittab)
- Auto Started Service is Compact (chkconfig & ntsysv)

# sed -i 's/^id:.*/id:3:initdefault:/g' /etc/inittab

# chkconfig --list | grep "3:on" 
acpid              0:off    1:off    2:on    3:on    4:on    5:on    6:off
cpuspeed           0:off    1:on    2:on    3:on    4:on    5:on    6:off
crond              0:off    1:off    2:on    3:on    4:on    5:on    6:off
haldaemon          0:off    1:off    2:off    3:on    4:on    5:on    6:off
iptables           0:off    1:off    2:on    3:on    4:on    5:on    6:off
irqbalance         0:off    1:off    2:on    3:on    4:on    5:on    6:off
messagebus         0:off    1:off    2:off    3:on    4:on    5:on    6:off
network            0:off    1:off    2:on    3:on    4:on    5:on    6:off
sshd               0:off    1:off    2:on    3:on    4:on    5:on    6:off
syslog             0:off    1:off    2:on    3:on    4:on    5:on    6:off

- Copy Template Image to Management Node

# scp /home/oneadmin/centos5_64.xen.img root@one-01:/home/oneadmin/

On Management Node

Setup : NFS Export (for VM_DIR)

# vi /etc/exports

/var/lib/one            192.168.100.122(rw,no_root_squash)
/usr/share/one/hooks    192.168.100.122(rw,no_root_squash)

# exportfs -avr

# chkconfig portmap on

# chkconfig nfs on

# chkconfig nfslock on

# service portmap start

# service nfs start

# service nfslock start

On Xen Node

Mount NFS

# echo "one-01:/var/lib/one/ /var/lib/one nfs defaults 0 0" >> /etc/fstab

# echo "one-01:/usr/share/one/hooks /usr/share/one/hooks nfs defaults 0 0" >> /etc/fstab

# mkdir -p /usr/share/one/hooks

# mount -a

On Management Node

Configuration OpenNebula (oned.conf)

# vi /etc/one/oned.conf

HOST_MONITORING_INTERVAL = 60

VM_POLLING_INTERVAL      = 60

SCRIPTS_REMOTE_DIR=/var/tmp/one

PORT=2633

DB = [ backend = "mysql", server = "localhost", port = "3306", user = "root", passwd = "1234", db_name = "one" ]

VNC_BASE_PORT = 5900

DEBUG_LEVEL=3

NETWORK_SIZE = 254

MAC_PREFIX   = "02:00" 

DEFAULT_IMAGE_TYPE    = "OS" 

DEFAULT_DEVICE_PREFIX = "xvd" 

IM_MAD = [
    name       = "im_xen",
    executable = "one_im_ssh",
    arguments  = "xen" ]

VM_MAD = [
    name       = "vmm_xen",
    executable = "one_vmm_ssh",
    arguments  = "xen",
    default    = "vmm_ssh/vmm_ssh_xen.conf",
    type       = "xen" ]

TM_MAD = [
    name       = "tm_nfs",
    executable = "one_tm",
    arguments  = "tm_nfs/tm_nfs.conf" ]

HM_MAD = [
    executable = "one_hm" ]

VM_HOOK = [
    name      = "image",
    on        = "DONE",
    command   = "image.rb",
    arguments = "$VMID" ]

VM_HOOK = [
    name      = "ebtables-start",
    on        = "running",
    command   = "/usr/share/one/hooks/ebtables-xen", # or ebtables-xen 
    arguments = "one-$VMID",
    remote    = "yes" ]

VM_HOOK = [
    name      = "ebtables-flush",
    on        = "done",
    command   = "/usr/share/one/hooks/ebtables-flush",
    arguments = "",
    remote    = "yes" ]

# service oned stop

# service oned start

Add Xen Node

# onehost create one-02 im_xen vmm_xen tm_nfs

..... wait a minute...

# onehost list
  ID NAME              CLUSTER  RVM   TCPU   FCPU   ACPU    TMEM    FMEM STAT
   0 one-02            default    1    200    196    100      2G    768M   on

Prepare Virtual Network Template

# vi /home/oneadmin/template.vnet.public

NAME = "Public" 
TYPE = "FIXED" 
BRIDGE = "xenbr0" 

LEASES = [ IP = "192.168.100.151" ]
LEASES = [ IP = "192.168.100.152" ]
LEASES = [ IP = "192.168.100.153" ]
LEASES = [ IP = "192.168.100.154" ]
LEASES = [ IP = "192.168.100.155" ]
LEASES = [ IP = "192.168.100.156" ]
LEASES = [ IP = "192.168.100.157" ]
LEASES = [ IP = "192.168.100.158" ]
LEASES = [ IP = "192.168.100.159" ]
LEASES = [ IP = "192.168.100.160" ]

Cretate Virtual Network

# onevnet create /home/oneadmin/template.vnet.public

# onevnet list
  ID USER     NAME              TYPE BRIDGE P #LEASES
   1 oneadmin Public           Fixed xenbr0 N       1

Prepare Virtual Machine Template

# vi /home/oneadmin/template.vm.centos5_64

CPU    = 1

MEMORY = 256

OS = [ bootloader = "/usr/bin/pygrub" ]

#DISK  = [
#  IMAGE ="Xen-CentOS5_64",
#  target = "xvda" ]

DISK = [
  source   = "/home/oneadmin/centos5_64.xen.img",
  target   = "xvda",
  readonly = "no" ]

DISK  = [
  type = "swap",
  size = "1024",
  target = "xvdb" ]

DISK  = [
  type = "fs",
  format = "ext3",
  size = "20480",
  target = "xvdd" ]

NIC = [ NETWORK="Public" ]

GRAPHICS = [ 
  type    = "vnc",              
  listen  = "127.0.0.1" ]

CONTEXT = [
  files = "/home/oneadmin/init.sh /home/oneadmin/.ssh/id_rsa.pub /home/oneadmin/setup-network.sh",
  root_pubkey = "id_rsa.pub",
  VMID = "$VMID",
  target = "xvdc" ]

Create Default Context Files

# vi /home/oneadmin/init.sh

#!/bin/bash

# -------------------------------------------------------------------------- #
# Copyright 2002-2009, Distributed Systems Architecture Group, Universidad   #
# Complutense de Madrid (dsa-research.org)                                   #
#                                                                            #
# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
# not use this file except in compliance with the License. You may obtain    #
# a copy of the License at                                                   #
#                                                                            #
# http://www.apache.org/licenses/LICENSE-2.0                                 #
#                                                                            #
# Unless required by applicable law or agreed to in writing, software        #
# distributed under the License is distributed on an "AS IS" BASIS,          #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
# See the License for the specific language governing permissions and        #
# limitations under the License.                                             #
#--------------------------------------------------------------------------- #

CHK_FILE="/var/lib/one/.done_context" 

/sbin/iptables -I INPUT -p icmp -j REJECT

if [ ! -e ${CHK_FILE} ]; then
    ## Random Password for root
#   dd if=/dev/urandom count=128 2>/dev/null | md5sum | passwd --stdin root

    MNT="/media/one" 

    if [ -f ${MNT}/context.sh ]; then
      . ${MNT}/context.sh
    fi

    fdisk /dev/xvdb << EOF
n
p
1

t
82
w
EOF
    if [ -b /dev/xvdb1 ]; then
        mkswap /dev/xvdb1
        echo "/dev/xvdb1 swap swap defaults 0 0" >> /etc/fstab
        swapon -a
    fi

    #hostname $HOSTNAME
    #sed -i "/HOSTNAME=/s/=.*$/=$HOSTNAME/" /etc/sysconfig/network

    #if [ -n "$IP_PUBLIC" ]; then
    #   ifconfig eth0 $IP_PUBLIC
    #fi

    #if [ -n "$NETMASK" ]; then
    #   ifconfig eth0 netmask $NETMASK
    #fi

    if [ -f ${MNT}/$ROOT_PUBKEY ]; then
        mkdir -p /root/.ssh
        cat ${MNT}/$ROOT_PUBKEY >> /root/.ssh/authorized_keys
        chmod -R 600 /root/.ssh/
    fi

    if [ -n "$USERNAME" ]; then
        useradd $USERNAME
        if [ -f ${MNT}/$USER_PUBKEY ]; then
            mkdir -p /home/$USERNAME/.ssh/
            cat ${MNT}/$USER_PUBKEY >> /home/$USERNAME/.ssh/authorized_keys
            chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh
            chmod -R 600 /home/$USERNAME/.ssh/authorized_keys
        fi
    fi
fi

### Network Setup
if [ -f ${MNT}/setup-network.sh ]; then
    ${MNT}/setup-network.sh
fi

if [ ! -e ${CHK_FILE} ]; then
    ### Run Deploy
    if [ -f ${MNT}/deploy*/setup.sh ]; then
        ${MNT}/deploy*/setup.sh
    fi
fi

## Etc Jobs

### VMS init Setup END
/sbin/iptables -D INPUT -p icmp -j REJECT

# vi /home/oneadmin/setup-network.sh

#!/bin/bash
#
# chkconfig: 2345 10 90
# description:  network reconfigure
#                                                     
# -------------------------------------------------------------------------- #
# Copyright 2002-2009, Distributed Systems Architecture Group, Universidad   #
# Complutense de Madrid (dsa-research.org)                                   #
#                                                                            #
# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
# not use this file except in compliance with the License. You may obtain    #
# a copy of the License at                                                   #
#                                                                            #
# http://www.apache.org/licenses/LICENSE-2.0                                 #
#                                                                            #
# Unless required by applicable law or agreed to in writing, software        #
# distributed under the License is distributed on an "AS IS" BASIS,          #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
# See the License for the specific language governing permissions and        #
# limitations under the License.                                             #
#--------------------------------------------------------------------------- #

# Gets IP address from a given MAC
mac2ip() {
    mac=$1

    let ip_a=0x`echo $mac | cut -d: -f 3`
    let ip_b=0x`echo $mac | cut -d: -f 4`
    let ip_c=0x`echo $mac | cut -d: -f 5`
    let ip_d=0x`echo $mac | cut -d: -f 6`

    ip="$ip_a.$ip_b.$ip_c.$ip_d" 

    echo $ip
}

# Gets the network part of an IP
get_network() {
    IP=$1

    echo $IP | cut -d'.' -f1,2,3
}

get_interfaces() {
    IFCMD="/sbin/ifconfig -a" 

    $IFCMD | grep ^eth | sed 's/ *Link encap:Ethernet.*HWaddr /-/g'
}

get_dev() {
    echo $1 | cut -d'-' -f 1
}

get_mac() {
    echo $1 | cut -d'-' -f 2
}

gen_hosts() {
    NETWORK=$1
    echo "127.0.0.1 localhost" 
    for n in `seq -w 01 99`; do
        n2=`echo $n | sed 's/^0*//'`
        echo ${NETWORK}.$n2 cluster${n}
    done
}

gen_exports() {
    NETWORK=$1
    echo "/images ${NETWORK}.0/255.255.255.0(rw,async,no_subtree_check)" 
}

gen_hostname() {
    MAC=$1
    #NUM=`mac2ip $MAC | cut -d'.' -f4`
    NUM=`mac2ip $MAC`
    #NUM2=`echo 000000$NUM | sed 's/.*\(..\)/\1/'`
    #echo cluster$NUM2
    NUM2=`echo $NUM | sed 's/\./-/g'`
    echo $NUM2
}

gen_interface() {
 DEV_MAC=$1
 DEV=`get_dev $DEV_MAC`
 MAC=`get_mac $DEV_MAC`
 IP=`mac2ip $MAC`
 NETWORK=`get_network $IP`

cat <<EOT
DEVICE=$DEV
BOOTPROTO=none
HWADDR=$MAC
ONBOOT=yes
TYPE=Ethernet
NETMASK=255.255.255.0
IPADDR=$IP
EOT

    if [ $DEV == "eth0" ]; then
      echo " GATEWAY=$NETWORK.1" 
    fi

echo "" 
}

IFACES=`get_interfaces`

for i in $IFACES; do
    DEV=`get_dev $i`
  gen_interface $i > /etc/sysconfig/network-scripts/ifcfg-${DEV}
done

# gen_hosts $NETWORK > /etc/hosts
# gen_exports $NETWORK  > /etc/exports
# gen_hostname $MAC  > /etc/hostname

#ifdown $DEV
#ifup $DEV

MNT="/media/one" 
if [ -f ${MNT}/context.sh ]; then
  . ${MNT}/context.sh
fi

HOSTNAME=ONE-${VMID}-`gen_hostname $MAC`

hostname $HOSTNAME
sed -i "/HOSTNAME=/s/=.*$/=$HOSTNAME/" /etc/sysconfig/network

if [ -n "$DNS" ]; then
    for dns in $DNS
    do
        echo "nameserver $dns" > /etc/resolv.conf
    done
else
    echo "nameserver 168.126.63.1
nameserver 168.126.63.2" > /etc/resolv.conf
fi

service network restart

Creating VM and Connect SSH

Create VM

# onevm create /home/oneadmin/template.vm.centos5_64

..... wait a minute...

# onevm list
   ID     USER     NAME STAT CPU     MEM        HOSTNAME        TIME
   37 oneadmin   one-37 runn   0    256M          one-02 07 04:40:21

# onevm show 37
VIRTUAL MACHINE 37 INFORMATION                                                  
ID             : 37                  
NAME           : one-37              
STATE          : ACTIVE              
LCM_STATE      : RUNNING             
START TIME     : 07/24 18:38:40      
END TIME       : -                   
DEPLOY ID:     : one-37              

VIRTUAL MACHINE MONITORING                                                      
NET_RX         : 11                  
USED MEMORY    : 262144              
USED CPU       : 0                   
NET_TX         : 6887                

VIRTUAL MACHINE TEMPLATE                                                        
CONTEXT=[
  FILES=/home/oneadmin/init.sh /home/oneadmin/.ssh/id_rsa.pub /home/oneadmin/setup-network.sh,
  ROOT_PUBKEY=id_rsa.pub,
  TARGET=xvdc,
  VMID=37 ]
CPU=1
DISK=[
  CLONE=YES,
  DISK_ID=0,
  IMAGE=Xen-CentOS5_64,
  IMAGE_ID=2,
  READONLY=NO,
  SAVE=NO,
  SOURCE=/var/lib/one//images/334f3324668b29bd253c7d304e499576ede0b611,
  TARGET=xvda,
  TYPE=DISK ]
DISK=[
  DISK_ID=1,
  SIZE=1024,
  TARGET=xvdb,
  TYPE=swap ]
DISK=[
  DISK_ID=2,
  FORMAT=ext3,
  SIZE=20480,
  TARGET=xvdd,
  TYPE=fs ]
GRAPHICS=[
  LISTEN=127.0.0.1,
  PORT=5937,
  TYPE=vnc ]
MEMORY=256
NAME=one-37
NIC=[
  BRIDGE=xenbr0,
  IP=192.168.100.154,
  MAC=02:00:c0:a8:64:9a,
  NETWORK=Public,
  NETWORK_ID=1 ]
OS=[
  BOOTLOADER=/usr/bin/pygrub ]
VMID=37

Connect to VM's SSH

# ssh -i /home/oneadmin/.ssh/id_rsa root@192.168.100.154
Warning: Permanently added '192.168.100.154' (RSA) to the list of known hosts.
Last login: Sun Jul 31 22:35:14 2011 from 192.168.100.121
[root@ONE-37-192-168-100-154 ~]#

Some Info on VM

[root@ONE-37-192-168-100-154 ~]# cat /proc/cpuinfo 
processor    : 0
vendor_id    : GenuineIntel
cpu family    : 6
model        : 23
model name    : Intel(R) Core(TM)2 Quad CPU    Q9550  @ 2.83GHz
stepping    : 10
cpu MHz        : 2826.250
cache size    : 6144 KB
fpu        : yes
fpu_exception    : yes
cpuid level    : 13
wp        : yes
flags        : fpu tsc msr pae cx8 apic cmov pat clflush acpi mmx fxsr sse sse2 ss syscall nx lm constant_tsc pni ssse3 cx16 sse4_1 lahf_lm
bogomips    : 7097.80
clflush size    : 64
cache_alignment    : 64
address sizes    : 40 bits physical, 48 bits virtual
power management:

[root@ONE-37-192-168-100-154 ~]# free -m
             total       used       free     shared    buffers     cached
Mem:           256        252          3          0         45        145
-/+ buffers/cache:         61        194
Swap:         1019          0       1019

[root@ONE-37-192-168-100-154 ~]# ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:00:C0:A8:64:9A  
          inet addr:192.168.100.154  Bcast:192.168.100.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:50726 errors:0 dropped:0 overruns:0 frame:0
          TX packets:146 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7059149 (6.7 MiB)  TX bytes:17642 (17.2 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:700 (700.0 b)  TX bytes:700 (700.0 b)

[root@ONE-37-192-168-100-154 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         192.168.100.1   0.0.0.0         UG    0      0        0 eth0

[root@ONE-37-192-168-100-154 ~]# fdisk -l

Disk /dev/xvda: 1572 MB, 1572864000 bytes
255 heads, 63 sectors/track, 191 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

    Device Boot      Start         End      Blocks   Id  System
/dev/xvda1   *           1          13      104391   83  Linux
/dev/xvda2              14         191     1429785   83  Linux

Disk /dev/xvdb: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

    Device Boot      Start         End      Blocks   Id  System
/dev/xvdb1               1         130     1044193+  82  Linux swap / Solaris

Disk /dev/xvdd: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/xvdd doesn't contain a valid partition table

Disk /dev/xvdc: 0 MB, 382976 bytes
255 heads, 63 sectors/track, 0 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/xvdc doesn't contain a valid partition table

[root@ONE-37-192-168-100-154 ~]# mount
/dev/xvda2 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/xvda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/xvdd on /mnt type ext3 (rw)

[root@ONE-37-192-168-100-154 ~]# df -Th
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/xvda2    ext3    1.4G  995M  289M  78% /
/dev/xvda1    ext3     99M   14M   81M  14% /boot
tmpfs        tmpfs    128M     0  128M   0% /dev/shm

[END]

 http://redmine.nehome.net/redmine/projects/cloudstack/wiki/Install_-_CloudStack_CE_21x_ManagementComputing_Node 



[Management Server(CentOS 5.x)]
(JDK install/setting)

hostname is FQDN
Edit /etc/hosts : All node
Setup DNS Server (Option) 
yum -y install mysql-server
sed -i '/^[mysqld]/a innodb_lock_wait_timeout=600' /etc/my.cnf
sed -i '/^[mysqld]/a innodb_rollback_on_timeout=1' /etc/my.cnf
service mysqld start
chkconfig mysqld on
mysqladmin -uroot password '1234'
wget http://download.cloud.com/foss/centos/cloud.repo -O /etc/yum.repos.d/cloud.repo
yum clean all
yum -y install cloud-console-proxy
yum -y install cloud-client
cloud-setup-databases cloud:1234@localhost kvm --deploy-as=root:1234
virsh net-destroy default
rm -f /etc/libvirt/qemu/networks/default.xml
service dnsmasq stop
service libvirtd stop
chkconfig dnsmasq off
chkconfig libvirtd off
cloud-setup-management
reboot

[Computing Nnode]

wget http://download.cloud.com/foss/centos/cloud.repo -O /etc/yum.repos.d/cloud.repo
yum clean all
yum -y install cloud-agent
cloud-setup-agent
cloud-setup-agent --no-kvm (not use kvm module)
virsh net-destroy default
rm -f /etc/libvirt/qemu/networks/default.xml
(on CentOS)
#iptables -I INPUT -i cloud0 -j ACCEPT  
#iptables -I FORWARD -i cloud0 -o cloud0 -j ACCEPT  
#iptables -I FORWARD -i cloudbr0 -o cloudbr0 -j ACCEPT 
#iptables -I INPUT -m tcp -p tcp --dport 5900:6100 ?j ACCEPT 
(on Fedora)
#iptables -I FORWARD -i cloudbr0 -o cloudbr0 -j ACCEPT 
#iptables -I INPUT -m tcp -p tcp --dport 5900:6100 ?j ACCEPT
service iptables save
reboot

Introduction

Puppet is a Ruby based Configuration Management System with client/server model,  licensed under GPLv2 .It has one Master server puppetmasterd  and all other machines are configured as puppet clients . We set configurations at the puppet server and then push them to all clients which are connected to the master. The client puppet correctly applies the corresponding configurations on the client machine regardless of their platform difference.

Puppet is a gift to the server administrators who need to manage a large number of systems with different flavor of Gnu/Linux, Mac, Solaris and other Unix Based systems.If we are managing systems via remote administration then it would be a headache to the administrator and if the systems are different then the complexity will increase. Some accidental configuration changes may cause inconsistent working of the server. If we are using the Puppet for the configuration management then it will be a one time implementation of these configuration changes only at puppet server, then we just apply them to different puppet clients without any delay.

Another power of the puppet is it uses a Declarative Language to define configuration settings at the puppet master server. This language includes all major high level language features like Functions, Conditional Statements, Inheritance and other OOPs concepts. This feature makes for more readable , reusable and consistent Puppet configurations settings, when we compared with other configuration management tools like Cfengine.

Working

Puppet master server stores all client configurations, and  each client will contact the server via port 8140 (by default). The connection between server and client is encrypted. The client will generate a self-signed key before it connects to server and will submit this self-signed key to the master server and get the verified key back. Here master server acts like a Certification Authority. After this process, the client will establish a encrypted session with the server and get the configuration settings, then compile and apply it on client system. When the client compiles the configurations from server it may rise error messages if  there are any syntax errors in the configuration definitions. We can verify this on the puppet server and client log file.

Here is the outline of puppet server and client Architecture

Puppet Architecture

Installation

Before installing Puppet, we need to setup some dependencies. First we need ruby with common library files(xml,ssl,etc.) installed, and facter, which is another ruby project that gathers all system information. Facter will be installed in all puppet clients. The puppet server retrieves the client configuration settings and other system-specific details from facter.

You can use the ruby’s built-in library management tool rubygem(rake) (similar to CPAN for Perl) to solve the dependency problems with libraries.

Facter installation :-

Get latest version from www.reductivelabs.com

Puppet installation :-

If we are installing from the package manager, there will be two packages: puppetd as the client and puppet-master as the Puppet server. We need to install both to setup the client and server, and both can be installed from the source code.

Download latest package from the www.puppetlabs.com, then similar to facter installation:

This step will install the required packages for the Puppet client and server. If you have any dependency problems then it might be due to a version mismatch problem between ruby/puppet/facter, so select correct the versions.

By default, the configuration files are listed under /etc/puppet and all others are in the /var/lib/puppet  folder (including log files).

Currently Puppet support all major Unix like systems but not Windows.The latest versions of the Puppet has introduced support for the Windows operating system by developing Windows specificfacter tool.

How to configure Puppet server :-

After  successful installation of the Puppet master server and client, there is a set of daemons associate with this package as well as command line utilities to manage these daemons. They are:

Puppet  work without creating configuration files explicitly; they are already pre-configured. But to start the interaction with clients we need to make some changes. First, we can check the structure of the puppet configuration file.

It’s a good practice maintaining an explicit puppet configuration file;the latest versions of puppet use single configuration file to manage every daemons. By default, configuration files are stored under /etc/puppet. We save  all the configuration details of major daemons at /etc/puppet/puppet.conf.The puppet.conf use a special type of configuration structure to include every daemon’s configuration details,described below:

To get all the parameters under each daemons and main section with its functional details, please refer this page

How to Connect Puppet Client with Puppet Server

To set up a client we  just have to install the puppet client version or every package in another system.Your master server is now capable to work as a puppet client also. At the master server we need to specify the set of configuration that will guide how to change the configurations at clients.

Puppet server and client use Hostname to communicate with each other and also used to generate ssh key and key verification etc.., so we need a stable hostname resolution system (DNS or Local settings) in our network to ensure the proper connection between clients and server.So select proper hostnames to your server and clients like:

puppet-server.com #For your Master Server

puppet-client1.com,puppet-client2.com,etc... #Your clients.

After the hostname allocation we need to start the server and client daemons.Use command line options now to know the more about the interactions between client and server.

To start the master server :-

Then Start the puppet Client, specify the server name

On the client side we will get the message regarding the creation of a self signed key and waiting for server verification.

At the same time server side we will get the following message.

To proceed further , at server side we need to verify this key from the puppet-client.com. For that we can use the key management tool puppetca.

Now If we are restarting the puppet client with following command, you can see the client will immediately apply the configurations. You can check this from the log file or from the console if you are running the client in none daemonize mode.

Note:- If we are specify these settings at puppet.conf then you can just type the commands without any parameters to start appropriate daemons.

The Configuration Management

Last and very powerful feature of the puppet is the way Puppet server define the Client configurations. For that Puppet use one declarative language which support most of the high level language constructs like OOPs. So lets try one simple configuration which change the permission of /etc/passwd file at all the clients connected with server to 640 and check Apache webserver installed or not , if not, puppet client will install it automatically.

These configuration specifications are defined under a file “/etc/puppet/manifests/site.pp” by default, we can split this file in to several files then include them at sites.pp.

Here is the sample site.pp file.

The above file is the Puppet client configuration specification written in puppet declarative language on puppet master server.

This language has a lot of constructs to define the resource and its properties.Using these constructs we manage the resources on client systems. The types of resources that puppet manages are listed bellow, plus we can add our own customized resources to mange.

Type of Resources that puppet can manage, by default:-

• Files
• Packages
• Services
• Corn Jobs
• Users and Groups
• To run Shell Commands
• And User defined resource types
  

Each of the above resources has a set of attributes or properties and values. Using the puppet configuration language, we can set the corresponding property values. The resource can defined by providing three main parameters: Resource type name, then inside braces({}) title of the resource and set of property values. From the above example, take the resource of type Filewith title name “password” inside that we have set of property values like name,owner,groups etc… so if a client successfully connect to server,the client puppet will apply these setting on client machine. If we change this property values, after next interval we can see the client will successfully apply it.

In this way we can control the resource configurations. On our networks there should be  different types of systems (Redhat,Debian,etc..),and they have some changes in the structure of the files and other package names, so here we need to apply the configurations based on the type of clients.Puppet provide Conditional statements (if and case ) to check and apply configurations depending on client architecture. For that we need some system information from the client andfacter will provide these details. We can use that information in the puppet configuration specifications like a variable, for example: $operatingsystem (You can see all the details that facter will provide by just typing the command facter at command prompt.)

Similarly, we can specify the rules based on the client name, and using the OPPs constructs we can define the classes and reuse them with other client definitions. You can find some of them from  above example site.pp file.You can do a high level configuration design using puppet language. To learn more about the language constructs, please check the puppet online wiki or a nice book  which describe everything associated with Puppet by James Turnbull(Pulling Strings with Puppet.)