Cloudstack Installation Tutorial - HackMD

<iframe width="560" height="315" src="https://www.youtube.com/embed/W7k-s5c92-U" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe> # Cloudstack Installation Tutorial ::: info Contributors : * Aidan Azkafaro Deson * Melchior Natthan V H F H * Alvito Ikramu Walidain * M Haekal Al Ghifary ::: ## Modify The Network Interface Configuration Modify the network interface configuration in netplan ```shell cd /etc/netplan nano 01-netplan.yaml ``` :::spoiler Change all existing configuration in the folder **netplan** by adding .bak ::: Here are the configuration in the 01-netplan.yaml ```yaml= network: version: 2 renderer: networkd ethernets: eno1: dhcp4: false dhcp6: false optional: true eno2: dhcp4: false dhcp6: false optional: true bridges: cloudbr0: addresses: [192.168.10.33/24] routes: - to: default via: 192.168.10.1 nameservers: addresses: [1.1.1.1,8.8.8.8] interfaces: [eno1] dhcp4: false dhcp6: false parameters: stp: false forward-delay: 0 ``` :::spoiler Modify your IP as your enviroment required ::: Apply your changes in the netplan configuration by using this ```shell sudo -i netplan generate netplan apply reboot ``` ## Update the system and install required tools ```shell sudo apt update sudo apt install htop sudo apt install lynx sudo apt install duf sudo apt install htop lynx duf -y sudo apt install bridge-utils ``` ## Configure LVM in the Ubuntu In this part we will extend our LVM ``` shell sudo vgextend ubuntu-vg /dev/sda sudo vgextend ubuntu-vg /dev/sdb ``` ``` shell sudo lvextend -L +100G /dev/ubuntu-vg/ubuntu-lv ``` ```shell sudo resize2fs /dev/ubuntu-vg/ubuntu-lv ``` ## Install SSH server and other tools ``` sudo -i # get root shell apt-get install openntpd openssh-server vim htop tar apt-get install intel-microcode passwd root ``` :::spoiler * `openntpd`: Synchronizes network time. * `openssh-server`: Enables secure remote shell access and file transfers. * `vim`: Provides a powerful command-line text editor. * `htop`: Displays an interactive process viewer and system monitor. * `tar`: Creates and manipulates compressed archive files. * `intel-microcode`: Installs updates and bug fixes for Intel CPUs. ::: ## Enable Root Login The code below opens the SSH server configuration file using the nano text editor, suggests enabling root login in the configuration file by uncommenting the 'PermitRootLogin yes' line, and restarts the SSH service to apply the changes. ```shell nano /etc/ssh/sshd_config #PermitRootLogin yes #restart ssh service service ssh restart ``` ## CloudStack Management Server Setup The provided code sets up the environment for installing and managing the CloudStack infrastructure. It creates the necessary directory, retrieves and configures the GPG key for the CloudStack repository, and adds the repository source. ```shell mkdir -p /etc/apt/keyrings wget -O- http://packages.shapeblue.com/release.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/cloudstack.gpg > /dev/null echo deb [signed-by=/etc/apt/keyrings/cloudstack.gpg] http://packages.shapeblue.com/cloudstack/upstream/debian/4.17 / > /etc/apt/sources.list.d/cloudstack.list ``` Then, it updates package information, and installs the CloudStack management server along with MySQL server. ```shell apt-get update -y apt-get install cloudstack-management mysql-server ``` ## Configure Database The code below modifies the MySQL server configuration by adjusting settings such as server ID, SQL mode, timeout behavior, maximum connections, binary logging, and log format. These changes impact the server's behavior, performance, and replication capabilities. ```shell nano /etc/mysql/mysql.conf.d/mysqld.cnf [mysqld] server-id = 1 sql-mode="STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION,ERROR_FOR_DIVISION_BY_ZERO,NO_ZERO_DATE,NO_ZERO_IN_DATE,NO_ENGINE_SUBSTITUTION" innodb_rollback_on_timeout=1 innodb_lock_wait_timeout=600 max_connections=1000 log-bin=mysql-bin binlog-format = 'ROW' ``` :::spoiler * ``[mysqld]``: This is a section header in the configuration file, indicating that the settings below it apply specifically to the MySQL server. * `server-id = 1`: This setting assigns a unique identifier (server ID) of 1 to the MySQL server. This is often used in replication setups to identify different database servers. * `sql-mode`: This setting specifies the SQL mode for the MySQL server. The provided value sets strict mode and various other options related to error handling and date validation. * `innodb_rollback_on_timeout=1`: This setting configures the behavior of the InnoDB storage engine when there is a transaction timeout. Setting it to 1 ensures that the transaction is rolled back on timeout. * `innodb_lock_wait_timeout=600`: This setting specifies the maximum time (in seconds) that InnoDB waits for a lock before considering it a lock timeout. In this case, it is set to 600 seconds (10 minutes). * `max_connections=1000`: This setting determines the maximum number of simultaneous connections allowed to the MySQL server. It is set to 1000 in this example. * `log-bin=mysql-bin`: This setting enables binary logging in MySQL, which is used for various purposes, including replication and data recovery. * `binlog-format = 'ROW'`: This setting determines the format of the binary log. Setting it to 'ROW' ensures that the binary log records changes at the row level, providing more detailed information for replication. ::: Then restart mysql service to apply changes. ``` systemctl restart mysql ``` ## Deploy Database After that, deploy the database as root and then create cloud user with password ``` shell cloudstack-setup-databases cloud:cloud@localhost --deploy-as=root:password -i 192.168.10.33 ``` ## Storage Setup In this step we will install the necessary packages for the NFS server and disk quotas. Then, configures the NFS export settings by specifying the "/export" directory with appropriate options. Additionally, we will create the primary and secondary directories and exports all directories specified in the "/etc/exports" file. ```shell apt-get install nfs-kernel-server quota echo "/export *(rw,async,no_root_squash,no_subtree_check)" > /etc/exports mkdir -p /export/primary /export/secondary exportfs -a ``` :::spoiler echo "/export *(rw,async,no_root_squash,no_subtree_check)" > /etc/exports: This line uses the echo command to write the specified line to the "/etc/exports" file. The line defines the configuration for the NFS exports. In this case, it specifies that the directory "/export" should be exported with the following options: * *: Matches any IP address or hostname, allowing all hosts to access the exported directory. * rw: Grants read and write permissions to the NFS clients. * async: Enables asynchronous writes for better performance. * no_root_squash: Allows the root user on the NFS client to have root-level access on the NFS server. * no_subtree_check: Disables subtree checking, assuming that no changes will occur in the subdirectories of "/export". ::: ## Configure NFS Server In this step we will configure the NFS server by modifying specific different port numbers for various NFS services. After that, the NFS kernel server service will be restarted to apply the updated configurations. ```shell sed -i -e 's/^RPCMOUNTDOPTS="--manage-gids"$/RPCMOUNTDOPTS="-p 892 --manage-gids"/g' /etc/default/nfs-kernel-server sed -i -e 's/^STATDOPTS=$/STATDOPTS="--port 662 --outgoing-port 2020"/g' /etc/default/nfs-common echo "NEED_STATD=yes" >> /etc/default/nfs-common sed -i -e 's/^RPCRQUOTADOPTS=$/RPCRQUOTADOPTS="-p 875"/g' /etc/default/quota ``` ```shell service nfs-kernel-server restart ``` ## Setup KVM In this setup, we will install the required packages for QEMU/KVM and CloudStack agent. And then modifiy the "/etc/libvirt/qemu.conf" file to enable VNC server listening on all network interfaces. After that we will edit the "/etc/default/libvirtd" file to enable libvirtd service listening, either by adding or uncommenting a specific configuration line, depending on the Ubuntu version. ```shell apt-get install qemu-kvm cloudstack-agent sed -i -e 's/\#vnc_listen.*$/vnc_listen = "0.0.0.0"/g' /etc/libvirt/qemu.conf nano /etc/default/libvirtd #On Ubuntu 22.04, add LIBVIRTD_ARGS="--listen" to /etc/default/libvirtd instead. #uncomment LIBVIRTD_ARGS="--listen" ``` ## Configure Default Libvirtd Config The following code modifies the "/etc/libvirt/libvirtd.conf" file to configure libvirtd settings for TCP listening, specify the TCP port number, disable TLS listening, multicast DNS advertisement, and authentication for TCP connections. Additionally, it masks several libvirtd-related sockets and restarts the libvirtd service to apply the configuration changes. ```shell echo 'listen_tls=0' >> /etc/libvirt/libvirtd.conf echo 'listen_tcp=1' >> /etc/libvirt/libvirtd.conf echo 'tcp_port = "16509"' >> /etc/libvirt/libvirtd.conf echo 'mdns_adv = 0' >> /etc/libvirt/libvirtd.conf echo 'auth_tcp = "none"' >> /etc/libvirt/libvirtd.conf systemctl mask libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tls.socket libvirtd-tcp.socket systemctl restart libvirtd ``` :::spoiler * echo 'listen_tls=0' >> /etc/libvirt/libvirtd.conf: This command appends the line "listen_tls=0" to the "/etc/libvirt/libvirtd.conf" file. This configuration setting disables TLS (Transport Layer Security) listening for libvirtd. * echo 'listen_tcp=1' >> /etc/libvirt/libvirtd.conf: This command appends the line "listen_tcp=1" to the "/etc/libvirt/libvirtd.conf" file. This configuration setting enables TCP listening for libvirtd. * echo 'tcp_port = "16509"' >> /etc/libvirt/libvirtd.conf: This command appends the line "tcp_port = "16509"" to the "/etc/libvirt/libvirtd.conf" file. This configuration setting specifies the TCP port to be used by libvirtd. In this case, the port number is set to 16509. * echo 'mdns_adv = 0' >> /etc/libvirt/libvirtd.conf: This command appends the line "mdns_adv = 0" to the "/etc/libvirt/libvirtd.conf" file. This configuration setting disables multicast DNS advertisement for libvirtd. * echo 'auth_tcp = "none"' >> /etc/libvirt/libvirtd.conf: This command appends the line "auth_tcp = "none"" to the "/etc/libvirt/libvirtd.conf" file. This configuration setting specifies that no authentication is required for TCP connections to libvirtd. ::: ## Generate host id The following code generates the host ID using the uuid package. It then generates a universally unique identifier (UUID) using the uuid command and assigns it to the variable $UUID. The generated host ID then stored to the /etc/libvirt/libvirtd.conf file. After adding the host ID to the configuration file, we need to restart the libvirtd service for the changes to take effect. The following command restarts the libvirtd service ```shell apt-get install uuid UUID=$(uuid) echo host_uuid = \"$UUID\" >> /etc/libvirt/libvirtd.conf systemctl restart libvirtd ``` ## Disable apparmour on libvirtd ```shell ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/ ln -s /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper /etc/apparmor.d/disable/ apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd apparmor_parser -R /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper ``` ## Launch Management Server ### Start Your Cloud ```shell cloudstack-setup-management systemctl status cloudstack-management tail -f /var/log/cloudstack/management/management-server.log ``` After management server is UP, proceed to http://192.168.10.33(i.e. the cloudbr0-IP):8080/client and log in using the default credentials - username admin and password password. ## Enable XRDP [Reference](https://www.digitalocean.com/community/tutorials/how-to-enable-remote-desktop-protocol-using-xrdp-on-ubuntu-22-04) ```shell apt update apt install xfce4 xfce4-goodies -y apt install xrdp -y nano /etc/xrdp/xrdp.ini systemctl restart xrdp systemctl status xrdp ``` ## Accessing From Host Finally we can access the cloudstack dashboard from http://192.168.10.33:8080/client ![](https://hackmd.io/_uploads/Bk6j8MDuh.png) Head to the dashboard and choose continue installation ![](https://hackmd.io/_uploads/SkdbvMPd3.png) In there we can set up Zones, Clusters, Pods and Hosts and adjust it to our own needs.