Quick Installation Guide

    High level overview of the process

    This guide will focus on building a CloudStack cloud using KVM on CentOS 7.7 with NFS storage on a flat layer-2 network utilizing layer-3 network isolation (aka Security Groups), and doing it all on a single piece of hardware.

    KVM, or Kernel-based Virtual Machine is a virtualization technology for the Linux kernel. KVM supports native virtualization atop processors with hardware virtualization extensions.

    Security Groups act as distributed firewalls that control access to a group of virtual machines.

    Prerequisites

    To complete this guide you’ll need the following items:

    1. At least one computer which supports and has enabled hardware virtualization.
    2. An CentOS 7.7 x86_64 install ISO, on bootable media
    3. A /24 network with the gateway being at xxx.xxx.xxx.1, no DHCP should be on this network and none of the computers running CloudStack will have a dynamic address. Again this is done for the sake of simplicity.

    Before you begin , you need to prepare the environment before you install CloudStack. We will go over the steps to prepare now.

    Operating System

    Using the CentOS 7.7 x86_64 install ISO, you’ll need to install CentOS 7 on your hardware. The defaults will generally be acceptable for this installation. You may want to configure network configuration during setup - either using the guidelines below, or using a standard access configuration which we will modify later.

    Once this installation is complete, you’ll want to gain access to your server - through SSH (if network is configured) or connected peripherals. Note that you should not allow remote root logins in a production environment, so be sure to turn off this feature once the installation and configuration is complete.

    If your network interface was configured to grant the server internet access, it is always wise to update the system before starting:

    Configuring the network

    Unless you have configured it during install, which will not be covered by this guide, the network interface will not come up on your hardware and you will need to configure it to work in your environment. Since we specified that there will be no DHCP server in this environment we will be manually configuring your network interface.

    Before going any further, make sure that “brctl” and “net-tools” are installed and available:

    Connecting via the console you should login as root. We will start by creating the bridge that Cloudstack will use for networking. Create and open /etc/sysconfig/network-scripts/ifcfg-cloudbr0 and add the following settings:

    Note

    IP Addressing - Throughout this document we are assuming that you will have a /24 network for your CloudStack implementation. This can be any RFC 1918 network. However, we are assuming that you will match the machine address that we are using. Thus we may use 172.16.10.2 and because you might be using the 192.168.55.0/24 network you would use 192.168.55.2

    1. DEVICE=cloudbr0
    2. TYPE=Bridge
    3. ONBOOT=yes
    4. BOOTPROTO=static
    5. IPV6INIT=no
    6. IPV6_AUTOCONF=no
    7. DELAY=5
    8. IPADDR=172.16.10.2
    9. GATEWAY=172.16.10.1
    10. NETMASK=255.255.255.0
    11. DNS1=8.8.8.8
    12. DNS2=8.8.4.4
    13. STP=yes
    14. USERCTL=no
    15. NM_CONTROLLED=no

    Save the configuration and exit. We will then edit the interface so that it makes use of this bridge.

    Open the configuration file of your interface and configure it as follows:

    Note

    Interface name used as example only. Replace eth0 with your default ethernet interface name.

    1. TYPE=Ethernet
    2. DEFROUTE=yes
    3. NAME=eth0
    4. DEVICE=eth0
    5. ONBOOT=yes
    6. BRIDGE=cloudbr0

    Note

    You should not use the Hardware Address (aka the MAC address, or UUID) from our example for your configuration. It is network interface specific, so you should keep the address already provided in the UUID directive.

    Now that we have the configuration files properly set up, we need to run a few commands to start up the network:

    1. # systemctl enable network
    3. # systemctl restart network

    Note that if you were connected through SSH, you will be temporarily (~5 seconds depending on hardware) disconnected. If the disconnection lasts, there was an error in configuration.

    Hostname

    CloudStack requires that the hostname be properly set. If you used the default options in the installation, then your hostname is currently set to localhost.localdomain. To test this we will run:

    1. # hostname --fqdn

    At this point it will likely return:

    1. localhost

    To rectify this situation - we’ll set the hostname by editing the /etc/hosts file so that it follows a similar format to this example:

    1. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    2. ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
    3. 172.16.10.2 srvr1.cloud.priv

    After you’ve modified that file, go ahead and restart the network using:

    1. # systemctl restart network

    Now recheck with the hostname –fqdn command and ensure that it returns a FQDN response

    SELinux

    At the moment, for CloudStack to work properly SELinux must be set to permissive. We want to both configure this for future boots and modify it in the current running system.

    To configure SELinux to be permissive in the running system we need to run the following command:

    1. # setenforce 0

    To ensure that it remains in that state we need to configure the file /etc/selinux/config to reflect the permissive state, as shown in this example:

    1. # This file controls the state of SELinux on the system.
    2. # SELINUX= can take one of these three values:
    3. # enforcing - SELinux security policy is enforced.
    4. # permissive - SELinux prints warnings instead of enforcing.
    5. # disabled - No SELinux policy is loaded.
    6. SELINUX=permissive
    7. # SELINUXTYPE= can take one of these two values:
    9. # mls - Multi Level Security protection.
    10. SELINUXTYPE=targeted

    NTP

    NTP configuration is a necessity for keeping all of the clocks in your cloud servers in sync. However, NTP is not installed by default. So we’ll install and and configure NTP at this stage. Installation is accomplished as follows:

    1. # yum -y install ntp

    The actual default configuration is fine for our purposes, so we merely need to enable it and set it to start on boot as follows:

    Configuring the CloudStack Package Repository

    Note

    The Apache CloudStack official releases are source code. As such there are no ‘official’ binaries available. The full installation guide describes how to take the source release and generate RPMs and and yum repository. This guide attempts to keep things as simple as possible, and thus we are using one of the community-provided yum repositories. Furthermore, this example assumes a 4.14.0.0 Cloudstack install - substitute versions as needed.

    To add the CloudStack repository, create /etc/yum.repos.d/cloudstack.repo and insert the following information.

    1. [cloudstack]
    2. name=cloudstack
    3. baseurl=http://download.cloudstack.org/centos/$releasever/4.14/
    4. enabled=1
    5. gpgcheck=0

    NFS

    Our configuration is going to use NFS for both primary and secondary storage. We are going to go ahead and setup two NFS shares for those purposes. We’ll start out by installing nfs-utils.

    1. # yum -y install nfs-utils

    We now need to configure NFS to serve up two different shares. This is handled comparatively easily in the /etc/exports file. You should ensure that it has the following content:

    1. /export/secondary *(rw,async,no_root_squash,no_subtree_check)
    2. /export/primary *(rw,async,no_root_squash,no_subtree_check)

    You will note that we specified two directories that don’t exist (yet) on the system. We’ll go ahead and create those directories and set permissions appropriately on them with the following commands:

    1. # mkdir -p /export/primary
    2. # mkdir /export/secondary

    CentOS 7.x releases use NFSv4 by default. NFSv4 requires that domain setting matches on all clients. In our case, the domain is cloud.priv, so ensure that the domain setting in /etc/idmapd.conf is uncommented and set as follows: Domain = cloud.priv

    Now you’ll need to add the configuration values at the bottom in the file /etc/sysconfig/nfs (or merely uncomment and set them)

    1. LOCKD_TCPPORT=32803
    2. LOCKD_UDPPORT=32769
    3. MOUNTD_PORT=892
    4. RQUOTAD_PORT=875
    5. STATD_PORT=662
    6. STATD_OUTGOING_PORT=2020

    Now we need to disable the firewall, so that it will not block connections.

    Note

    Configuration of the firewall on CentOS7 is beyond the purview of this guide.

    To do so, simply use the following two commands:

    1. # systemctl stop firewalld
    2. # systemctl disable firewalld

    We now need to configure the nfs service to start on boot and actually start it on the host by executing the following commands:

    1. # systemctl enable rpcbind
    2. # systemctl enable nfs
    3. # systemctl start rpcbind
    4. # systemctl start nfs

    We’re going to install the CloudStack management server and surrounding tools.

    We’ll start with installing MySQL and configuring some options to ensure it runs well with CloudStack.

    First, as CentOS 7 no longer provides the MySQL binaries, we need to add a MySQL community repository, that will provide MySQL Server (and the Python MySQL connector later) :

    1. # wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
    2. # rpm -ivh mysql-community-release-el7-5.noarch.rpm

    Install by running the following command:

    1. # yum -y install mysql-server

    With MySQL now installed we need to make a few configuration changes to /etc/my.cnf. Specifically we need to add the following options to the [mysqld] section:

    1. innodb_lock_wait_timeout=600
    2. max_connections=350
    3. log-bin=mysql-bin
    4. binlog-format = 'ROW'

    Note

    For Ubuntu 16.04 and later, make sure you specify a server-id in your .cnf file for binary logging. Set the server-id according to your database setup.

    1. server-id=master-01
    2. innodb_rollback_on_timeout=1
    3. innodb_lock_wait_timeout=600
    5. log-bin=mysql-bin
    6. binlog-format = 'ROW'

    Now that MySQL is properly configured we can start it and configure it to start on boot as follows:

    MySQL Connector Installation

    Install Python MySQL connector from the MySQL community repository (which we’ve added previously):

    1. # yum -y install mysql-connector-python

    Please note that the previously required mysql-connector-java library is now bundled with CloudStack Management server and is no more required to be installed separately.

    Installation

    We are now going to install the management server. We do that by executing the following command:

    1. # yum -y install cloudstack-management

    CloudStack 4.14 requires Java 11 JRE. Installing the management server will automatically install Java 11, but it’s good to explicitly confirm that the Java 11 is the selected/active one (in case you had a previous Java version already installed):

    Make sure that Java 11 is the chosen one.

    With the application itself installed we can now setup the database, we’ll do that with the following command and options:

    1. # cloudstack-setup-databases cloud:password@localhost --deploy-as=root

    When this process is finished, you should see a message like “CloudStack has successfully initialized the database.”

    Now that the database has been created, we can take the final step in setting up the management server by issuing the following command:

    1. # cloudstack-setup-management

    If the servlet container is Tomcat7 the argument –tomcat7 must be used.

    System Template Setup

    CloudStack uses a number of system VMs to provide functionality for accessing the console of virtual machines, providing various networking services, and managing various aspects of storage. This step will acquire those system images ready for deployment when we bootstrap your cloud.

    1. /usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /export/secondary -u http://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-kvm.qcow2.bz2 -h kvm -F

    That concludes our setup of the management server. We still need to configure CloudStack, but we will do that after we get our hypervisor set up.

    KVM is the hypervisor we’ll be using - we will recover the initial setup which has already been done on the hypervisor host and cover installation of the agent software, you can use the same steps to add additional KVM nodes to your CloudStack environment.

    Prerequisites

    We explicitly are using the management server as a compute node as well, which means that we have already performed many of the prerequisite steps when setting up the management server, but we will list them here for clarity. Those steps are:

    Configuring the network

    SELinux

    Configuring the CloudStack Package Repository

    You shouldn’t need to do that for the management server, of course, but any additional hosts will need for you to complete the above steps.

    Installation of the KVM agent is trivial with just a single command, but afterwards we’ll need to configure a few things.

    1. # yum -y install epel-release
    2. # yum -y install cloudstack-agent

    KVM Configuration

    We have two different parts of KVM to configure, libvirt, and QEMU.

    QEMU Configuration

    KVM configuration is relatively simple at only a single item. We need to edit the QEMU VNC configuration. This is done by editing /etc/libvirt/qemu.conf and ensuring the following line is present and uncommented.

    1. vnc_listen=0.0.0.0

    Libvirt Configuration

    CloudStack uses libvirt for managing virtual machines. Therefore it is vital that libvirt is configured correctly. Libvirt is a dependency of cloud-agent and should already be installed.

    1. In order to have live migration working libvirt has to listen for unsecured TCP connections. We also need to turn off libvirts attempt to use Multicast DNS advertising. Both of these settings are in /etc/libvirt/libvirtd.conf

      Set the following paramaters:

      1. listen_tls = 0
      2. listen_tcp = 1
      3. tcp_port = "16509"
      4. auth_tcp = "none"
      5. mdns_adv = 0

    2. Turning on “listen_tcp” in libvirtd.conf is not enough, we have to change the parameters as well we also need to modify /etc/sysconfig/libvirtd:

      Uncomment the following line:

      1. #LIBVIRTD_ARGS="--listen"

    3. Restart libvirt

      1. # systemctl restart libvirtd

    KVM configuration complete

    For the sake of completeness you should check if KVM is running OK on your machine:

    That concludes our installation and configuration of KVM, and we’ll now move to using the CloudStack UI for the actual configuration of our cloud.

    As we noted before we will be using security groups to provide isolation and by default that implies that we’ll be using a flat layer-2 network. It also means that the simplicity of our setup means that we can use the quick installer.

    UI Access

    To get access to CloudStack’s web interface, merely point your browser to http://172.16.10.2:8080/client The default username is ‘admin’, and the default password is ‘password’. You should see a splash screen that allows you to choose several options for setting up CloudStack. You should choose the Continue with Basic Setup option.

    You should now see a prompt requiring you to change the password for the admin user. Please do so.

    Setting up a Zone

    A zone is the largest organization entity in CloudStack - and we’ll be creating one, this should be the screen that you see in front of you now. And for us there are 5 pieces of information that we need.

    1. Name - we will set this to the ever-descriptive ‘Zone1’ for our cloud.
    2. Public DNS 1 - we will set this to 8.8.8.8 for our cloud.
    3. Public DNS 2 - we will set this to 8.8.4.4 for our cloud.
    4. Internal DNS1 - we will also set this to 8.8.8.8 for our cloud.
    5. Internal DNS2 - we will also set this to 8.8.4.4 for our cloud.

    Note

    CloudStack distinguishes between internal and public DNS. Internal DNS is assumed to be capable of resolving internal-only hostnames, such as your NFS server’s DNS name. Public DNS is provided to the guest VMs to resolve public IP addresses. You can enter the same DNS server for both types, but if you do so, you must make sure that both internal and public IP addresses can route to the DNS server. In our specific case we will not use any names for resources internally, and we have indeed them set to look to the same external resource so as to not add a namerserver setup to our list of requirements.

    Pod Configuration

    Now that we’ve added a Zone, the next step that comes up is a prompt for information regading a pod. Which is looking for several items.

    1. Name - We’ll use Pod1 for our cloud.
    2. Gateway - We’ll use 172.16.10.1 as our gateway
    3. Netmask - We’ll use 255.255.255.0
    4. Start/end reserved system IPs - we will use 172.16.10.10-172.16.10.20
    5. Guest gateway - We’ll use 172.16.10.1
    6. Guest netmask - We’ll use 255.255.255.0
    7. Guest start/end IP - We’ll use 172.16.10.30-172.16.10.200

    Now that we’ve added a Zone, we need only add a few more items for configuring the cluster.

    1. Name - We’ll use Cluster1
    2. Hypervisor - Choose KVM

    You should be prompted to add the first host to your cluster at this point. Only a few bits of information are needed.

    1. Hostname - we’ll use the IP address 172.16.10.2 since we didn’t set up a DNS server.
    2. Username - we’ll use root
    3. Password - enter the operating system password for the root user

    Primary Storage

    With your cluster now setup - you should be prompted for primary storage information. Choose NFS as the storage type and then enter the following values in the fields:

    1. Name - We’ll use Primary1
    2. Server - We’ll be using the IP address 172.16.10.2
    3. Path - Well define /export/primary as the path we are using

    Secondary Storage

    If this is a new zone, you’ll be prompted for secondary storage information - populate it as follows:

    1. NFS server - We’ll use the IP address 172.16.10.2
    2. Path - We’ll use /export/secondary

    That’s it, you are done with installation of your Apache CloudStack cloud.