You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 40 Current »

* Apply for account at Maggelan: http://magellan.nersc.gov/?page_id=564

* Sign on to the forum: https://mailman.nersc.gov/mailman/listinfo/eucalyptus-discuss

* Login to web interface: https://mageuca.nersc.gov:8443/

* Upload euca2tols tool kit form http://open.eucalyptus.com/wiki/Euca2oolsGuide

http://open.eucalyptus.com/wiki/Euca2oolsGuide* list of all commands: http://blogs.plexibus.com/2010/06/17/eucalyptus-euca2ools/
in particular I followed '/Euca2oolsInstallJaunty_v1.1' for my Ubuntu VM deployment,
but skip step about updating /etc/apt/sources.list with 'deb http://www.eucalyptussoftware.com/downloads/repo/euca2ools/1.1/ubuntu jaunty universe'

I did:
sudo apt-get update
sudo apt-get install euca2ools

Check euca2ools by executing e.g.: euca2ools
should complain about missing keys but program must be found

* Generate one time keys for Eucalyptus form the interface: https://mageuca.nersc.gov:8443

upload keys to local machine in to .euca directory

Bundle & upload to Eucalyptus my VM 'from within'
* copy private key & certificate to some directory you do NOT want to distribute those with the VM image. Make sure you do not leve them somewhere else on VM - the whole world will hack you later

sudo mkdir /mnt/eucaBuild/
* copy there euca2-yourName-e3e764-cert.pem euca2-yourName-e3f64-pk.pem cloud-cert.pem eucars.csh
* set enviromental variables by source eucars.csh

* setup working directory for the bundle which will be excluded from the bundle

sudo mkdir /image

* Bundle local VM , will take 1-2 hours ..., you may need to specify the kernel & ramdisk (values below worked in November 2010). For the 64-bit VM is generated below:
>sudo euca-bundle-vol -c $EC2_CERT -k $EC2_PRIVATE_KEY -u $EC2_USER_ID --ec2cert $EUCALYPTUS_CERT -d /image -e /image --no-inherit -r x86_64 --kernel eki-AEC117E0 --ramdisk eri-175C1933 --fstab  /mnt/eucaBuild/euca-vfstab

USE of existing images

* query existing images:
> euca-describe-images | grep emi | grep -i ubuntu

OUTPUT:
IMAGE emi-39DF160F ubuntu-image-bucket/ubuntu.9-04.x86-64.img.manifest.xml admin available public x86_64 machine

* create key-pair for one Eucalyptus session
> euca-add-keypair balewski-euca > balewski-euca.private
> chmod 0600 balewski-euca.private

>euca-describe-keypairs

euca-describe-keypairs

* launch an instance you want. The default image has 10GB limit, if you need larger add '-t m1.xlarge' or even  '-t c1.xlarge' for CPUs/20G memory/20 G disk.
> euca-run-instances -k balewski-euca emi-39DF160F -t m1.xlarge

OUTPUT:
RESERVATION r-470107EF balewski balewski-default
INSTANCE i-31D50646 emi-39DF160F 0.0.0.0 0.0.0.0 pending balewski-euca 2010-10-22T16:05:53.609Z eki-AEC117E0 eri-175C1933

* check if instance is running (after few minutes, depends on the size of the image)
> euca-describe-instances i-31D50646
OUTPUT:
RESERVATION r-470107EF balewski default
INSTANCE i-31D50646 emi-39DF160F 128.55.56.51 192.168.4.2 running balewski-euca 0 m1.small 2010-10-22T16:05:53.609Z euca eki-AEC117E0 eri-175C1933

* Set security group prior to connecting to the instance (see 'Potential problems' above - private key may be wrong.)
> euca-authorize -P tcp -p 22 -s 0.0.0.0/0 default

OUTPUT:
GROUP default
PERMISSION default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0

* Connect to the instance
> ssh -i ./balewski-euca.private root@128.55.56.57

* Terminate instance
> euca-terminate-instances i-31D50646

OUTPUT:
INSTANCE i-31D50646

after ~10 seconds the same command results with nothing

----

notes from failing installation of euca2tol on SL5.3

  • instruction page is as for http://open.eucalyptus.com/wiki/Euca2oolsCentosInstall_v1.1
  • set system variables
    export VERSION=1.2
    export ARCH=x86_64
    export http_proxy="http://aaa:bbb" ( do not forget the prefix 'http://')
    to get 'yum' to work from BNL one needs to setup proxy be setting above
  • create file /etc/yum.repos.d/euca.repo as in Centos instruction
    in my case I hardcoded '1.2' instead of '$VERSION' because yum did not wanted to pick it up from the system variable set by the export command. It looks now like this 
    cat  /etc/yum.repos.d/euca.repo
[euca2ools]
name=Euca2ools
baseurl=http://www.eucalyptussoftware.com/downloads/repo/euca2ools/1.2/yum/centos/
enabled=1

  • execute
    yum install euca2ools.$ARCH --nogpgcheck
  • Problems
    1. bundling would quit after ~15 minutes of work with the message: 
      euca-bundle-vol -c $EC2_CERT -k $EC2_PRIVATE_KEY -u $EC2_USER_ID --ec2cert $EUCALYPTUS_CERT -d /image -e /image --no-inherit -r x86_64 --kernel eki-AEC117E0 --ramdisk eri-175C1933
1+0 records in
1+0 records out
1048576 bytes (1.0 MB) copied, 0.131823 seconds, 8.0 MB/s
......
......
......
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 27 mounts or
180 days, whichever comes first.  Use tune2fs \-c or \-i to override.
Unable to copy files
      SOLUTION:
      1. edit python script /usr/lib/python2.5/site-packages/euca2ools/_init_.py
        look for line 1013 and add "print output" so it looks like: 
               if output[1]:
           print output
           raise CopyError
        Then you'll see what's causing problems and exclude it.
      2. in my case it was ~3 screen-dump 
        ('', 'selinux: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/avc: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/booleans: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/.access.5oRT2N: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/.checkreqprot.b5ebHI: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/.commit_pending_bools.1c9ulD: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/.compat_net.JYYQZx: rsync_xal_set: lsetxattr security.selinux failed: Permission
.....
        Which means I should 'disable selinux' by execution of the following command
        echo 0 >/selinux/enforce
      3. I run bundling again and got one more error mentioning 
         /var/run/cups
        The solution to that is to exclude /var/run/cups from bundling by adding
        *-e /var/run/cups * in to euca-bundle-vol command
      4. now bundling finished successfully 
        ......
......
Part: image.part.130
Part: image.part.131
Part: image.part.132
Generating manifest /image/image.manifest.xml
        After which I have enabled back selinux
        echo 1 >/selinux/enforce

SCRATCH -------------------------------------

euca-register -a $EC2_ACCESS_KEY -s $EC2_SECRET_KEY --url $EC2_URL jan7-Sl5.3-x86_64-12GB-external-build/image.manifest.xml

-bash-3.2$ ls -l /global/common/carver/tig/euca2ools/1.2/bin/|grep key

For 32-bit image change kernel to:
>sudo euca-bundle-vol -c $EC2_CERT -k $EC2_PRIVATE_KEY -u $EC2_USER_ID --ec2cert $EUCALYPTUS_CERT -d /image -e /image --no-inherit -r i386 --kernel eki-B15217F6 --ramdisk eri-19791933
OUTPUT:
....
Part: image.part.245
Part: image.part.246
Part: image.part.247
Generating manifest

* uplad bundle to Eucalyptus with name 'star-vm-SL10c-ubuntu-i386', will take many hours depending on connection & total size
> sudo euca-upload-bundle -a $EC2_ACCESS_KEY -s $EC2_SECRET_KEY --url $S3_URL --ec2cert $EUCALYPTUS_CERT -m /image/image.manifest.xml -b star-vm-SL10c-ubuntu-64bit
OUTPUT:
....
Uploading part: image.part.246
Uploading part: image.part.247
Uploaded image as star-vm-SL10c-ubuntu-i386/image.manifest.xml

* register 'star-vm-SL10c-ubuntu-i386' with Eucalyptus
> euca-register -a $EC2_ACCESS_KEY -s $EC2_SECRET_KEY --url $EC2_URL star-vm-SL10c-ubuntu-64bit/image.manifest.xml
OUTPUT:
IMAGE emi-344D1244

Potential problems:

  • synchronization of local clock, can be fixed with command
    > sudo ntpdate hickory.nersc.gov
  • check if key-pair generation succeded, list content of 'balewski-euca.private'  if it does not look like a valid key and you can't find the old key you can remove the old public key from Eucalyptus using command euca-delete-keypair
  • if you can't ssh to a custom made VM and see the error
    ssh: connect to host 128.55.56.63 port 22: Connection refused
    verify the ssh server is running on a local copy on this VM by typing:
    ssh localhost
    If you see the same error install ssh server- on Ubuntu do:
    sudo apt-get install openssh-server openssh-client
  • ssh fails:  check content of the console:  euca-get-console-output 'image-id'
  • No labels