How to Create a Hypervisor: Difference between revisions

From DISI
Jump to navigation Jump to search
m (edited ifcfg-br0 contents)
mNo edit summary
 
Line 22: Line 22:


  ifcfg-br1:  
  ifcfg-br1:  
  DEVICE="br1"
  DEVICE="br1"
  BOOTPROTO="static"
  BOOTPROTO="static"

Latest revision as of 17:46, 12 June 2017

CREATING A HYPERVISOR NOTES: CREATING BRIDGES:

cd /etc/sysconfig/network-scripts
cp ifcfg-eth0 /root/ifcfg-eth0.back
cp ifcfg-eth1 /root/ifcfg-eth1.back

Create two files: ifcfg-br0 and ifcfg-br1

vim ifcfg*
ifcfg-br0:
DEVICE="br0"
BOOTPROTO="static"
ONBOOT="yes"
TYPE="Bridge"
IPADDR="10.20.0.236"
PREFIX="16"
DHCP_HOSTNAME="he.cluster.ucsf.bkslab.org"
HOSTNAME="he.cluster.ucsf.bkslab.org"
DOMAIN="cluster.ucsf.bkslab.org"
STP="off"
DELAY="0"
ifcfg-br1: 
DEVICE="br1"
BOOTPROTO="static"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Bridge"
IPADDR="169.230.26.168"
PREFIX="24"
GATEWAY="169.230.26.1"
STP="off"
DELAY="0"
ifcfg-eth0:
DEVICE="eth0"
BOOTPROTO="static"
HWADDR="00:25:90:D9:D8:6E"
IPV6INIT="yes"
MTU="1500"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="691b9591-f3f5-47f1-8cc1-7a45495cc5ba"
BRIDGE="br0"
ifcfg-eth1:
DEVICE="eth1"
BOOTPROTO="none"
HWADDR="00:25:90:D9:D8:6F"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
UUID="c9964a49-dfbc-419e-a475-19e947f45828"
BRIDGE="br1"

TURN ON IP FORWARDING:

/sbin/sysctl -w net.ipv4.ip_forward=1

Check to make sure ip forwarding is on like this:

/sbin/sysctl net.ipv4.ip_forward

Make sure BOOTPROTO is not dhcp and make sure network manager is off INSTALL THE LIBVIRT SERVER:

yum install libvirt qemu-kvm bridge-utils

CHECK THE STORAGE SITUATION OUT: Two ways:

cat /sys/block/sd*/queue/rotational

You get a 1 for HDDs and 0 for SSDs OR

smartctl -a /dev/sd*

CREATE STORAGE POOL MOUNT POINTS:

Just create logical volumes (If there are ssd’s and hd’s you should have two volume groups and two lvms). This is what I did:

df -Th => To see the current filesystem types
lvcreate -l 100%FREE -n lv_images vg_beatles  (The 100% uses the rest of the space in the volume group)
mkfs.ext4 /dev/mapper/vg_beatles-lv_images

BIND TO LIBVIRT DIRECTORY (this was already done for me)

mkdir /var/lib/libvirt/images/bulk
mount -t ext4 /dev/mapper/vg_beatles-lv_images /var/lib/libvirt/images/bulk

Add the mount point to fstab ADD QEMU USER

useradd qemu
groupadd qemu
usermod -a -G qemu qemu

ADJUST FIREWALL

vim /etc/sysconfig/iptables

+++++++++++++++++++++++++++

# 16514 == libvirt tls; 16509 == libvirt tcp; 5900-5999 == vnc ports;
-A INPUT -m state --state NEW -m tcp -p tcp --dport 16514 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 16509 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5999 -s 10.20.0.0/16 -j ACCEPT              

++++++++++++++++++

service iptables restart

ADD TO THE LIBVIRT AND QEMU CONFIGS:

At first, before you get certs settled, have the tcp_port be 16509.  After, when you’re ready to add certs, change the port to 16514.
vim /etc/libvirt/libvirtd.conf

+++++++++++++

log_level = 3
auth_tcp = "none"
log_outputs="3:syslog:libvirtd"
listen_tcp = 1
tcp_port = "16509"
listen_tls = 0

++++++++++++++++++

vim /etc/libvirt/qemu.conf

++++++++++++++++++++++

vnc_tls = 0
vnc_tls_x509_verify = 0
vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
vnc_listen = "10.20.0.236"            => internal ip of the hypervisor itself
vnc_password = "4nu6rho3"
user = "qemu"
group = "qemu"

+++++++++++++++++++++++

vim /etc/sysconfig/libvirtd

++++++++++++++++++++++++++++

LIBVIRTD_ARGS="--listen"

+++++++++++++++++++++++++++++++

cd /etc/libvirt/qemu/networks

Add the following files here:

cluster.xml and public.xml
vim cluster.xml

++++++++++++++++++++++

<network>
 <name>cluster</name>
 <uuid>691b9591-f3f5-47f1-8cc1-7a45495cc5ba</uuid>
 <forward mode='bridge'/>
 <bridge name='br0' />
 <mac address='00:25:90:D9:D8:6E'/>
 <ip address='10.20.3.254' netmask='255.255.0.0'>  
 </ip>
</network>

++++++++++++++++++++

vim public.xml

+++++++++++++++++++

<network>
  <name>public</name>
  <uuid>c9964a49-dfbc-419e-a475-19e947f45828</uuid>
  <forward mode='bridge'/>
  <bridge name='br1' />
  <mac address='00:25:90:D9:D8:6F'/>
</network> 
cd /etc/libvirt mkdir storage cd storage create fast.xml and bulk.xml vim fast.xml

+++++++++++++++++++++

<pool type="dir">
  <name>fast</name>
  <target>
  <path>/var/lib/libvirt/images</path>
  </target>
</pool>

++++++++++++++++++++

vim bulk.xml

++++++++++++++++++

<pool type="dir">
  <name>bulk</name>
  <target>
  <path>/var/lib/libvirt/images/bulk</path>
  </target>
</pool>

+++++++++++++++++++++
service libvirtd start
WHEN YOU DO THE FOLLOWING YOU EITHER HAVE TO BE IN THE DIRECTORY THAT THE XML FILE IS OR YOU HAVE TO SPECIFY THE FULL PATH TO THE XML FILE.

virsh pool-define fast.xml
virsh pool-start fast
virsh pool-autostart fast
virsh pool-define bulk.xml
virsh pool-start bulk
virsh pool-autostart bulk 
virsh net-define cluster.xml virsh net-start cluster virsh net-autostart cluster virsh net-define public.xml virsh net-start public virsh net-autostart public
service libvirtd restart

TO TEST THE CONFIGURATION SO FAR:

virsh -c qemu:///system list  

You should see this:

 Id    Name                           State
----------------------------------------------------

Then on another machine that has libvirt installed:

[root@tet ~]# virsh -c qemu+tcp://he.cluster.ucsf.bkslab.org/system list
Id    Name                           State
----------------------------------------------------

If that is all good then you can proceed with updating the certs:

mkdir -pv /etc/pki/CA
ln -sv /var/lib/puppet/ssl/certs/ca.pem /etc/pki/CA/cacert.pem
rm -rf /etc/pki/libvirt 
mkdir -pv /etc/pki/libvirt/private cp -rv /var/lib/puppet/ssl/private_keys/`hostname`.pem /etc/pki/libvirt/private/serverkey.pem cp -rv /var/lib/puppet/ssl/certs/`hostname`.pem /etc/pki/libvirt/servercert.pem ln -sv /etc/pki/libvirt/private/serverkey.pem /etc/pki/libvirt/private/clientkey.pem ln -sv /etc/pki/libvirt/servercert.pem /etc/pki/libvirt/clientcert.pem chcon -Rv -u system_u /etc/pki/libvirt chown -Rv root:qemu /etc/pki/libvirt chmod -Rv 440 /etc/pki/libvirt
mkdir -pv /etc/pki/libvirt-vnc ln -sv /etc/pki/CA/cacert.pem /etc/pki/libvirt-vnc/ca-cert.pem ln -sv /etc/pki/libvirt/servercert.pem /etc/pki/libvirt-vnc/server-cert.pem ln -sv /etc/pki/libvirt/private/serverkey.pem /etc/pki/libvirt-vnc/server-key.pem
vim /etc/libvirt/libvirtd.conf

++++++++++++++++++++++++

log_level = 1
#auth_tcp = "none"
log_outputs="3:syslog:libvirtd"
listen_tls = 1
listen_tcp = 0

+++++++++++++++++++++++++++++

vim /etc/libvirt/qemu.conf

++++++++++++++++++++++++++++

vnc_tls = 0
vnc_tls_x509_verify = 0
vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
vnc_listen = "10.20.0.236"
vnc_password = "4nu6rho3"
user = "qemu"
group = "qemu"

++++++++++++++++++++++++++

service libvirtd restart

Test to make sure it's still working:

[root@tet ~]# virsh -c qemu+tls://he.cluster.ucsf.bkslab.org/system list
 Id    Name                           State
----------------------------------------------------

If this looks good go to foreman and register as compute source.