Requirements:
1 or 3 system "iron" nodes
- Intel VT-X
- 16 GB memory (minimum)
- 2 TB local storage
Note:
These instructions are specific for Intel CPU chipsets. If using AMD, a couple steps will have to changed that specify Intel-specific settings.
Steps:
1. Install Ubuntu 24.04 LTS and update packages
$ sudo apt-get update && apt-get upgrade -y
2. Set hostname:
$ sudo hostnamectl set-hostname mwwf-clmgmt
3. Enable "universe" repository in /etc/apt/sources.list
$ sudo add-apt-repository universe
$ sudo apt update
4. Install prerequisites packages:
Note: our base Ubuntu minimal already includes a few of these (e.g. sudo vim openssh).
$ sudo apt-get install dpkg-dev apt-utils chrony
$ sudo apt-get install software-properties-common
$ sudo apt-get install openntpd openssh-server sudo vim htop tar intel-microcode bridge-utils
$ sudo apt-get install debhelper openjdk-11-jdk libws-commons-util-java genisoimage libcommons-codec-java libcommons-httpclient-java liblog4j1.2-java maven
ONLY if the "iron" KVM host is using UEFI legacy/secureboot, the ovmf or edk2-ovmf package needs to be installed.
$ sudo apt-get install ovmf
5a. Install MariaDb (or MySQL if preferred):
$ sudo apt install mariadb-server -y
5b. Update the db conf file with the following updates under the [mysqld] section:
Note: Some of these lines exist uncommented already, and a couple need to be uncommented.
$ sudo vi /etc/mysql/mariadb.conf.d/50-server.cnf
[mysqld]
bind-address = 127.0.0.1
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
max_connections = 500
innodb_file_per_table = 1
innodb_file_format = Barracuda
innodb_large_prefix = 1
$ sudo systemctl restart mariadb
<wait>
$ sudo systemctl status mariadb
<verify service running okay>
5c. Create the CloudStack DB:
$ sudo mysql -u root -p
<enter your personal sudo password>
Add the following. Make sure you update the password to your own. Warning, if you use special characters, they will have to be escaped.
CREATE DATABASE cloud CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL PRIVILEGES ON cloud.* TO 'cloud'@'localhost' IDENTIFIED BY 'myreallygoodpassword';
FLUSH PRIVILEGES;
EXIT;
6. Set-up CloudStack Ubuntu repo:
$ cd /home/myadminid
$ mkdir tmp
$ cd tmp
$ echo "deb http://download.cloudstack.org/ubuntu jammy 4.20 main" | sudo tee /etc/apt/sources.list.d/cloudstack.list
$ wget -O - https://download.cloudstack.org/release.asc | sudo apt-key add -
$ sudo apt-get update
7a. Install CloudStack Management:
$ sudo apt install cloudstack-management qemu-kvm libvirt-daemon-system libvirt-clients virtinst
7b. Initialize CloudStack Database:
$ sudo cloudstack-setup-databases 'cloud:myreallygoodpassword'@localhost --deploy-as=root
7c. Allow KVM VMs on current management machine, adding the following line in a new file.
$ sudo vi /etc/sudoers/99-cloudstack-cloud
Defaults:cloud !requiretty
<esc>:wq (to save)
$ sudo chmod 0440 /etc/sudoers.d/99-cloudstack-cloud
7d. Verify CloudStack services are running:
$ sudo virt-host-validate
<view output>
$ sudo virsh list --all
<confirm libvirt sees the host KVM>
7e. Set CloudStack to autostart on reboots:
$ sudo apt-get install cloudstack-agent
$ sudo systemctl enable cloudstack-management
$ sudo systemctl start cloudstack-management
Verify the cloudstack-agent's UUID, host, and bridges values:
$ sudo vi /etc/cloudstack/agent/agent.properties
<verify and update as necessary>
$ sudo systemctl start cloudstack-agent
<wait a second>
$ sudo systemctl status cloudstack-agent
<verify started okay>
7f. Optimize/tune grub settings for KVM, by adding/changing systemd.unified_cgroup_hierarchy if kernel using cgroup1 vs cgroup2:
$ sudo grep cgroup /proc/filesystems
<view result>
nodev cgroup
nodev cgroup2
If you see both listed, you have cgroup2 support:
Backup the current grub settings:
$ sudo cp /etc/default/grub /etc/default/grub.bak
Use sed to update the file with the Intel chipset, or edit manually w/vi:
$ sudo sed -i.bak 's/^\(GRUB_CMDLINE_LINUX_DEFAULT=".*\)"/\1 'intel_iommu=on' systemd.unified_cgroup_hierarchy=0"/' /etc/default/grub
- OR -
$ vi /etc/default/grub
...
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_iommu=on systemd.unified_cgroup_hierarchy=0"
...
<esc>:wq (to save)
$ sudo update-grub
8. Enable root login (alt to ssh keys, or if not adding cloudstack user to suduers):
$ sudo vi /etc/ssh/sshd_config
<allow root login>
<esc>:wq (to save)
9. If CloudStack is not behind firewalls, consider turning off the access to libvert's non SSL TCP and updating security policies. Update the following lines to disable non-secure TCP:
$ sudo vi /etc/libvirt/libvirtd.conf
...
listen_tcp = 0
...
auth_tcp = "none"
...
mdns_adv = 0
...
remote_mode="legacy"
...
<esc>:wq (to save)
Uncomment the line below:
$ sudo vi /etc/default/libvirtd
LIBVIRTD_ARGS="--listen"
...
<esc>:wq (to save)
Set libvert mode:
$ sudo systemctl mask libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tls.socket libvirtd-tcp.socket
$ sudo systemctl restart libvirtd
$ sudo systemctl status libvirtd
<verify restarted okay>
Set-up the apparmor policy:
$ sudo dpkg --list 'apparmor'
<confirm installed/enabled>
Disable AppArmor profiles for libvert:
$ sudo ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/
$ sudo ln -s /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper /etc/apparmor.d/disable/
$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
$ sudo apparmor_parser -R /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
10. Set-up network:
WARNING:
Make sure you have a physical console or ILO for steps 10 and 11 as a mistake will drop a SSH session.
- If not using netplan:
$ sudo vi /etc/network/interfaces
- - Basic Network Example from CloudStack Docs is below. Update the interface from eth0 to ens123, etc.
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet manual
auto eth0.200
iface eth0 inet manual
# management network
auto cloudbr0
iface cloudbr0 inet static
bridge_ports eth0
bridge_fd 0
bridge_stp off
bridge_maxwait 1
address 192.168.42.11
netmask 255.255.255.240
gateway 192.168.42.1
dns-nameservers 8.8.8.8 8.8.4.4
dns-domain lab.example.org
# guest network
auto cloudbr1
iface cloudbr1 inet manual
bridge_ports eth0.200
bridge_fd 0
bridge_stp off
bridge_maxwait 1
- - Advanced example:
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet manual
# The second network interface
auto eth1
iface eth1 inet manual
# management network
auto cloudbr0
iface cloudbr0 inet static
bridge_ports eth0
bridge_fd 5
bridge_stp off
bridge_maxwait 1
address 192.168.42.11
netmask 255.255.255.240
gateway 192.168.42.1
dns-nameservers 8.8.8.8 8.8.4.4
dns-domain lab.example.org
# guest network
auto cloudbr1
iface cloudbr1 inet manual
bridge_ports eth1
bridge_fd 5
bridge_stp off
bridge_maxwait 1
- Netplan Example:
$ sudo vi /etc/netplan/01-KVM-config.yaml
11. Update UFW firewall rules.
- Open ports 22, 1798, 16514, 5900-6100, and 49152-49216:
ufw allow proto tcp from any to any port 22
$ sudo ufw allow proto tcp from any to any port 1798
$ sudo ufw allow proto tcp from any to any port 16514
$ sudo ufw allow proto tcp from any to any port 5900:6100
$ sudo ufw allow proto tcp from any to any port 49152:49216
- Change forwarding default from DENY to ACCEPT:
$ sudo vi /etc/default/ufw
...
DEFAULT_FORWARD_POLICY="ACCEPT"
...
<esc>:wq (to save)
Enable:
$ sudo ufw enable
Additional Notes:
To use this repositorty for DEB, execute the following commands:
export RELEASE=4.18
echo "deb https://download.cloudstack.org/ubuntu $(lsb_release -s -c) ${RELEASE}"|sudo tee /etc/apt/sources.list.d/cloudstack.list
wget -O - https://download.cloudstack.org/release.asc|sudo apt-key add -
sudo apt-get update
N.B.: Replace RELEASE by eg 4.17, 4.18, etc.
Other package lists:
# apt-get install openntpd openssh-server sudo vim htop tar intel-microcode bridge-utils openjdk-11-jdk mariadb-server nfs-common nfs-kernel-server quota python3-pip uuid-runtime dpkg-dev apt-utils software-properties-common debhelper libws-commons-util-java genisoimage libcommons-codec-java libcommons-httpclient-java liblog4j1.2-java maven
previous page
|