managing openvz with hypervm on centos 5
DESCRIPTION
Managing OpenVZ With HyperVM on CentOS 5TRANSCRIPT
Managing OpenVZ With HyperVM On CentOS 5.2
Version 1.0 Author: Falko Timme <ft [at] falkotimme [dot] com> Last edited 01/23/2009
HyperVM is a multi-platform, multi-tiered, multi-server, multi-virtualization web based application that will allow you to create and manage different virtual machines each based on different technologies across machines and platforms. Currently it supports OpenVZ and Xen virtualization and is available for RHEL 4/5 as well as CentOS 4 and CentOS 5. This tutorial shows how to install it on a CentOS 5.2 server to control OpenVZ containers. I will also explain how to manage OpenVZ containers with HyperVM on a remote CentOS 5.2 server ("slave").
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I'm using two empty CentOS 5.2 servers in this tutorial (empty because HyperVM will also install OpenVZ, so OpenVZ does not need to be installed right now):
server1.example.com (IP 192.168.0.100): master server2.example.com (IP 192.168.0.102): slave
The slave is needed only if you want to control OpenVZ containers on remote servers with HyperVM (explained in an extra chapter).
I couldn't find out anything about HyperVM's license, neither on the HyperVM web site nor in the sources. It seems to be free, at least for a certain amount of controlled OpenVZ containers (according to http://lxlabs.com/store/). If you find out about its license and whether it's free or not, please let me know.
2 Installing A HyperVM Master
server1:
(The HyperVM master allows you to control OpenVZ containers on the master itself and on slave machines. Even if you don't want to run slave machines, you need a master!)
First we need to disable SELinux. Open /etc/sysconfig/selinux...
vi /etc/sysconfig/selinux
... and set SELINUX to disabled:
# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - SELinux is fully disabled.SELINUX=disabled# SELINUXTYPE= type of policy in use. Possible values are:# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.SELINUXTYPE=targeted
Run
setenforce 0
afterwards.
Afterwards we install HyperVM as follows:
wget http://download.lxlabs.com/download/hypervm/production/hypervm-install-master.shsh ./hypervm-install-master.sh --virtualization-type=openvz
This will take quite some time as this also installs OpenVZ and some OpenVZ templates, so be patient. At the end, you should see something like this:
Downloaded: 7 files, 1.4G in 51m 21s (485 KB/s)Executing Update Cleanup... Will take a long time to finish....Congratuations. hyperVM has been installed succesfully on your server as masterYou can connect to the server at https://<ip-address>:8887 or http://<ip-address>:8888Please note that first is secure ssl connection, while the second is normal one.The login and password are 'admin' 'admin'. After Logging in, you will have to change your password to something more secureThanks for choosing hyperVM to manage your Server, and allowing us to be of service
***There is one more step you have to do to make this complete. Open /etc/grub.conf, and change the 'default=1' line to 'default=0', and reboot this machine. You will be rebooted into the openvz kernel and will able to manage vpses from the hyperVM interfaceYou have mail in /var/spool/mail/root[root@server1 ~]#
Next we open /etc/grub.conf...
vi /etc/grub.conf
... and change default=1 to default=0 so that the OpenVZ kernel is the default kernel:
# grub.conf generated by anaconda## Note that you do not have to rerun grub after making changes to this file# NOTICE: You have a /boot partition. This means that# all kernel and initrd paths are relative to /boot/, eg.# root (hd0,0)# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00# initrd /initrd-version.img#boot=/dev/sdadefault=0timeout=5splashimage=(hd0,0)/grub/splash.xpm.gzhiddenmenutitle CentOS (2.6.18-92.1.18.el5.028stab060.2PAE) root (hd0,0) kernel /vmlinuz-2.6.18-92.1.18.el5.028stab060.2PAE ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-92.1.18.el5.028stab060.2PAE.imgtitle CentOS (2.6.18-92.1.1.el5) root (hd0,0) kernel /vmlinuz-2.6.18-92.1.1.el5 ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-92.1.1.el5.imgtitle CentOS (2.6.18-92.el5) root (hd0,0) kernel /vmlinuz-2.6.18-92.el5 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-92.el5.img
Then we reboot the system:
reboot
That's it for the installation.
3 Using HyperVM
Now open a browser and go to https://192.168.0.100:8887 or http://192.168.0.100:8888.
If you're using Firefox 3 and use HTTPS, Firefox will complain about the self-signed certificate, therefore you must tell Firefox to accept the certificate - to do this, click on the Or you can add an exception... link:
Click on Add Exception...:
The Add Security Exception window opens. In that window, click on the Get Certificate button first and then on the Confirm Security Exception button:
Afterwards, you will see the HyperVM login form. Log in with the user admin and the password admin:
The first thing you are asked to do after the first login is to change the default password for admin:
The next thing you are asked to do is configure LXguard. LXguard is a tool like fail2ban or DenyHosts that blocks remote IP addresses from which too many logins originated (this is to prevent brute-force attacks).
Fill in the max. number of failed login attempts that are allowed before LXguard kicks in and blocks the IP:
You should then go to the Whitelist tab and whitelist your own IP (so that you don't get locked out if you use a wrong login too often):
This is how the HyperVM Home looks. You should browse all the icons to make yourself a little bit more familiar with the software.
Before we can create our first OpenVZ container, we need to define an IP pool from which new containers can take an IP address. Go to Ip Pools. On the Ip Pools page, click on the Add Ip Pool tab:
Fill in a name for the pool, a start and an end IP address, at least one name server (if you fill in more than one, separate them with a space), and the gateway IP address. Then select the server (localhost) that this pool is applicable to:
Besides creating an IP pool, we must also define at least one resource plan before we can create our first OpenVZ container. On the HyperVM Home, click on Resource Plans, and then on the Add Resource Plan tab:
Fill in a name and description and then specify the resources for each OpenVZ container that will use this resource plan:
Now we can create our first OpenVZ container. Click on the Virtual Machines icon in the Resources section of the HyperVM Home; on the page that loads, click on the Add Openvz tab:
Provide a name for that new OpenVZ container and fill in a root password. Type in a free IP address from the IP pool that you've created before,...
... provide a hostname, select the resource plan you've just created and an OS template for the container, then click on Add:
After a few moments, you should see your new container on the Virtual Machines overview page. You can start and stop the container by clicking on the bulb in the S column, but you can as well control it from its own control panel that you can reach by clicking on the container's name in the VM Name column:
This is how the container's control panel looks:
Congratulations, you've just created your first OpenVZ container with HyperVM!
4 Installing A HyperVM Slave
Now we want to install a HyperVM slave on our server2.example.com and control it from the HyperVM control panel on our master (server1.example.com). This is how we do it:
server2:
First we need to disable SELinux. Open /etc/sysconfig/selinux...
vi /etc/sysconfig/selinux
... and set SELINUX to disabled:
# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - SELinux is fully disabled.SELINUX=disabled# SELINUXTYPE= type of policy in use. Possible values are:# targeted - Only targeted network daemons are protected.# strict - Full SELinux protection.SELINUXTYPE=targeted
Run
setenforce 0
afterwards.
Afterwards we install the HyperVM slave as follows:
wget http://download.lxlabs.com/download/hypervm/production/hypervm-install-slave.shsh ./hypervm-install-slave.sh --virtualization-type=openvz
The installation won't take long because no container templates need to be downloaded (the templates are stored on the master). At the end, you should see something like this:
Executing Update Cleanup... Will take a long time to finish....Congratuations. hyperVM has been installed succesfully on your server as slaveYou should open the port 8889 on this server, since this is used for the communication between master and slaveTo access this slave, go admin->slaves->add slave, give the ip/machine name of this server. The password is 'admin'. The slave will appear in the list of slaves, and you can access it just like you access localhost
***There is one more step you have to do to make this complete. Open /etc/grub.conf, and change the 'default=1' line to 'default=0', and reboot this machine. You will be rebooted into the openvz kernel and will able to manage vpses from the hyperVM interface[root@server2 ~]#
Next we open /etc/grub.conf...
vi /etc/grub.conf
... and change default=1 to default=0 so that the OpenVZ kernel is the default kernel:
# grub.conf generated by anaconda## Note that you do not have to rerun grub after making changes to this file# NOTICE: You have a /boot partition. This means that# all kernel and initrd paths are relative to /boot/, eg.# root (hd0,0)# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00# initrd /initrd-version.img#boot=/dev/sdadefault=0timeout=5splashimage=(hd0,0)/grub/splash.xpm.gzhiddenmenutitle CentOS (2.6.18-92.1.13.el5.028stab059.6PAE) root (hd0,0) kernel /vmlinuz-2.6.18-92.1.13.el5.028stab059.6PAE ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-92.1.13.el5.028stab059.6PAE.imgtitle CentOS (2.6.18-53.1.4.el5) root (hd0,0) kernel /vmlinuz-2.6.18-53.1.4.el5 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-53.1.4.el5.imgtitle CentOS (2.6.18-53.el5) root (hd0,0) kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup00/LogVol00 initrd /initrd-2.6.18-53.el5.img
Then we reboot the system:
reboot
That's it for the installation.
Now we can add our new HyperVM slave to the HyperVM control panel. Click on the Servers icon on the HyperVM Home:
Click on the Add Server tab:
Fill in the IP address of the slave (192.168.0.102) and its HyperVM password (the default password is admin). Then click on Add:
You should now see the slave on the Servers overview page (in addition to localhost):
Before we can create an OpenVZ container on the slave, we need to define a second IP pool that we can use on the slave:
(We don't have to define another resource plan - we can use the one we've created before.)
Now go to Virtual Machines > Add Openvz to create a new container on the slave. Fill in a name and IP address for the container as well as a hostname, then select the slave in the Server drop-down menu and finally an OS template:
Afterwards, you should find the new container on the Virtual Machines overview page.
You can start/stop it by clicking on the bulb in the S column:
5 Links
HyperVM: http://lxlabs.com/software/hypervm/ OpenVZ: http://wiki.openvz.org/
CentOS: http://www.centos.org/