\* Apply for account at Maggelan: [http://magellan.nersc.gov/?page_id=564]
\* Sign on to the forum: [https://mailman.nersc.gov/mailman/listinfo/eucalyptus-discuss]
\* Login to web interface: [https://mageuca.nersc.gov:8443/|https://mageuca.nersc.gov:8443/]
\* Upload euca2tols tool kit form [http://open.eucalyptus.com/wiki/Euca2oolsGuide]
[http://open.eucalyptus.com/wiki/Euca2oolsGuide]\* list of all commands: [http://blogs.plexibus.com/2010/06/17/eucalyptus-euca2ools/]
in particular I followed '/Euca2oolsInstallJaunty_v1.1' for my Ubuntu VM deployment,
but skip step about updating /etc/apt/sources.list with 'deb [http://www.eucalyptussoftware.com/downloads/repo/euca2ools/1.1/ubuntu] jaunty universe'
I did:
*sudo apt-get update*
*sudo apt-get install euca2ools*
Check euca2ools by executing e.g.: euca2ools
should complain about missing keys but program must be found
\* Generate one time keys for Eucalyptus form the interface: [https://mageuca.nersc.gov:8443]
upload keys to local machine in to .euca directory
----
*Bundle & upload to Eucalyptus my VM 'from within'*
\* copy private key & certificate to some directory you do NOT want to distribute those with the VM image. Make sure you do not leve them somewhere else on VM - the whole world will hack you later
*sudo mkdir /mnt/eucaBuild/*
\* copy there euca2-yourName-e3e764-cert.pem euca2-yourName-e3f64-pk.pem cloud-cert.pem eucars.csh
\* set enviromental variables by *source eucars.csh*
\* setup working directory for the bundle which will be excluded from the bundle
*sudo mkdir /image*
\* *Bundle* local VM , will take 1-2 hours ..., you may need to specify the kernel & ramdisk (values below worked in November 2010). {color:#0000ff}For{color} {color:#0000ff}the{color} {color:#0000ff}64-bit VM is generated below:{color}
>*sudo euca-bundle-vol \-c $EC2_CERT \-k $EC2_PRIVATE_KEY \-u $EC2_USER_ID \--ec2cert $EUCALYPTUS_CERT \-d /image \-e /image \--no-inherit \-r x86_64 \--kernel eki-AEC117E0 \--ramdisk eri-175C1933* \--fstab /mnt/eucaBuild/euca-vfstab
----
USE of existing images
\* query existing images:
> *euca-describe-images \| grep emi \| grep \-i ubuntu*
_OUTPUT:_
_IMAGE emi-39DF160F ubuntu-image-bucket/ubuntu.9-04.x86-64.img.manifest.xml admin available public x86_64 machine_
\* create key-pair for one Eucalyptus session
> *euca-add-keypair balewski-euca > balewski-euca.private*
> *chmod 0600 balewski-euca.private*
*>euca-describe-keypairs*
euca-describe-keypairs
\* launch an instance you want. The default image has 10GB limit, if you need larger add '*\-t m1.xlarge*' or even '*\-t c1.xlarge*' for CPUs/20G memory/20 G disk.
> *euca-run-instances \-k balewski-euca* *emi-39DF160F **\-t m1.xlarge*
_OUTPUT:_
_RESERVATION r-470107EF balewski balewski-default_
_INSTANCE i-31D50646 emi-39DF160F 0.0.0.0 0.0.0.0 pending balewski-euca 2010-10-22T16:05:53.609Z eki-AEC117E0 eri-175C1933_
\* check if instance is running (after few minutes, depends on the size of the image)
> *euca-describe-instances i-31D50646*
_OUTPUT:_
_RESERVATION r-470107EF balewski default_
_INSTANCE i-31D50646 emi-39DF160F 128.55.56.51 192.168.4.2 running balewski-euca 0 m1.small 2010-10-22T16:05:53.609Z euca eki-AEC117E0 eri-175C1933_
\* Set security group prior to connecting to the instance (see 'Potential problems' above - private key may be wrong.)
> *euca-authorize \-P tcp \-p 22 \-s 0.0.0.0/0 default*
_OUTPUT:_
_GROUP default_
_PERMISSION default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0_
\* {color:#ff0000}Connect to the instance{color}
{color:#ff0000}>{color} {color:#ff0000}{*}ssh \-i ./balewski-euca.private root@128.55.56.57{*}{color}
\* Terminate instance
> *euca-terminate-instances i-31D50646*
_OUTPUT:_
_INSTANCE i-31D50646_
after \~10 seconds the same command results with nothing
---\-
----
*notes from failing installation of euca2tol on SL5.3*
* *instruction page* is as for [http://open.eucalyptus.com/wiki/Euca2oolsCentosInstall_v1.1]
* set system variables
export VERSION=1.2
export ARCH=x86_64
export http_proxy="http://aaa:bbb" ( _do not forget the prefix 'http://'_)
to get 'yum' to work from BNL one needs to setup proxy be setting above
* create file */etc/yum.repos.d/euca.repo* as in Centos instruction
in my case I hardcoded '1.2' instead of '$VERSION' because yum did not wanted to pick it up from the system variable set by the export command. It looks now like this
{code}cat /etc/yum.repos.d/euca.repo
[euca2ools]
name=Euca2ools
baseurl=http://www.eucalyptussoftware.com/downloads/repo/euca2ools/1.2/yum/centos/
enabled=1 {code}
\\
* execute
yum install euca2ools.$ARCH \--nogpgcheck
* Problems
*# bundling would quit after \~15 minutes of work with the message:
{code}
euca-bundle-vol -c $EC2_CERT -k $EC2_PRIVATE_KEY -u $EC2_USER_ID --ec2cert $EUCALYPTUS_CERT -d /image -e /image --no-inherit -r x86_64 --kernel eki-AEC117E0 --ramdisk eri-175C1933
1+0 records in
1+0 records out
1048576 bytes (1.0 MB) copied, 0.131823 seconds, 8.0 MB/s
......
......
......
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 27 mounts or
180 days, whichever comes first. Use tune2fs \-c or \-i to override.
Unable to copy files{code}
*SOLUTION:*
*## edit python script /usr/lib/python2.5/site-packages/euca2ools/\__init_\_.py
look for line 1013 and add "print output" so it looks like:
{code} if output[1]:
print output
raise CopyError{code}
Then you'll see what's causing problems and exclude it.
*## in my case it was \~3 screen-dump
{code}('', 'selinux: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/avc: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/booleans: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/.access.5oRT2N: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/.checkreqprot.b5ebHI: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/.commit_pending_bools.1c9ulD: rsync_xal_set: lsetxattr security.selinux failed: Permission denied\nselinux/.compat_net.JYYQZx: rsync_xal_set: lsetxattr security.selinux failed: Permission
.....
{code}
Which means I should 'disable selinux' by execution of the following command
*echo 0 >/selinux/enforce*
*## I run bundling again and got one more error mentioning
{code} /var/run/cups
{code}The solution to that is to exclude /var/run/cups from bundling by adding
\*-e /var/run/cups * in to _euca-bundle-vol_ command
*## now bundling finished successfully
{code}
......
......
Part: image.part.130
Part: image.part.131
Part: image.part.132
Generating manifest /image/image.manifest.xml
{code}
After which I have enabled back selinux
*echo 1 >/selinux/enforce*
SCRATCH \------------------------------------\-
euca-register \-a $EC2_ACCESS_KEY \-s $EC2_SECRET_KEY \--url $EC2_URL jan7-Sl5.3-x86_64-12GB-external-build/image.manifest.xml
\-bash-3.2$ ls \-l /global/common/carver/tig/euca2ools/1.2/bin/\|grep key
{color:#0000ff}For 32-bit image change kernel to:{color}
>*sudo euca-bundle-vol \-c $EC2_CERT \-k $EC2_PRIVATE_KEY \-u $EC2_USER_ID \--ec2cert $EUCALYPTUS_CERT \-d /image \-e /image \--no-inherit \-r* *i386* *\--kernel* *eki-B15217F6* *\--ramdisk* *eri-19791933*
_OUTPUT:_
_...._
_Part: image.part.245_
_Part: image.part.246_
_Part: image.part.247_
_Generating manifest_
\* *uplad* bundle to Eucalyptus with name 'star-vm-SL10c-ubuntu-i386', will take many hours depending on connection & total size
> *sudo euca-upload-bundle \-a $EC2_ACCESS_KEY \-s $EC2_SECRET_KEY \--url $S3_URL \--ec2cert $EUCALYPTUS_CERT \-m /image/image.manifest.xml* *\-b star-vm-SL10c-ubuntu-64bit*
_OUTPUT:_
_...._
_Uploading part: image.part.246_
_Uploading part: image.part.247_
{color:#ff0000}{_}Uploaded image as star-vm-SL10c-ubuntu-i386/image.manifest.xml{_}{color}
\* register 'star-vm-SL10c-ubuntu-i386' with Eucalyptus
> *euca-register \-a $EC2_ACCESS_KEY \-s $EC2_SECRET_KEY \--url $EC2_URL star-vm-SL10c-ubuntu-64bit/image.manifest.xml*
{color:#ff0000}{_}OUTPUT:_{color}
{color:#ff0000}IMAGE emi-344D1244{color}
*Potential problems*:
* synchronization of local clock, can be fixed with command
> *sudo ntpdate hickory.nersc.gov*
* check if key-pair generation succeded, list content of 'balewski-euca.private' if it does not look like a valid key and you can't find the old key you can remove the old public key from Eucalyptus using command *euca-delete-keypair*
* if you can't ssh to a custom made VM and see the error
_ssh: connect to host 128.55.56.63 port 22: Connection refused_
verify the ssh server is running on a local copy on this VM by typing:
*ssh localhost*
If you see the same error install ssh server\- on Ubuntu do:
*sudo apt-get install openssh-server openssh-client*
* ssh fails: check content of the console: * euca-get-console-output 'image-id'* |