Ok… so once I’ve installed OpenNebula using the rpm packages it’s time to start playing with it. I encourage you to read the following two pages from OpenNebula official documentation, it’ll help you to understand hosts and which commands are at your disposal:
The first step is adding a host (called haddock.local) to our cluster with the onehost create command. My N40L server is running kvm and openvswitch so the command will be executed as follows (please read Managing hosts for a complete list of available parameters):
su oneadmin //You'll need to run commands using the oneadmin user onehost create haddock.local -i im_kvm -v vmm_kvm -n ovswitch
If the command was succesfull, it will return with a numeric identifier for your new host. If you want to list all the hosts in the cluster use the onehost list command:
[oneadmin@haddock ~]$ onehost list ID NAME CLUSTER RVM ALLOCATED_CPU ALLOCATED_MEM STAT 4 haddock.local - 0 0 / 200 (0%) 0K / 5.6G (0%) on
And if you want to get more information about a host, you can use the onehost show command using the identifier for the host (in my case 4)
[oneadmin@haddock ~]$ onehost show 4 HOST 4 INFORMATION ID : 4 NAME : haddock.local CLUSTER : - STATE : MONITORED IM_MAD : im_kvm VM_MAD : vmm_kvm VN_MAD : ovswitch LAST MONITORING TIME : 11/26 20:09:59 ...
Easy!…. but in my case, it was not so easy in fact. The first time I created the host the onehost list command showed “err” in my status, so something was wrong. I’ll tell you about the problems I found and how I solved them just in case.
OpenNebula logs will help you a lot, so take a look at /var/log/one directory. I found in the oned.log file this message “Error monitoring host 0 : MONITOR FAILURE 0 Could not update remotes“. Ok, so it seems that the monitoring process couldn’t get access to my localhost. OpenNebula documentation it’s very clear about this “Before adding a host check that you can ssh to it without being prompt for a password”. OpenNebula suggests “sharing the $HOME
of oneadmin
accross all the servers with NFS or by manually copying the ~/.ssh
directory”, but I prefer to create ssh keys so no password is asked. The passphrase is empty.
[oneadmin@haddock ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/var/lib/one/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/lib/one/.ssh/id_rsa. Your public key has been saved in /var/lib/one/.ssh/id_rsa.pub. The key fingerprint is: ............................. oneadmin@haddock.local The key's randomart image is: +--[ RSA 2048]----+ | . | | o | | . o | +-----------------+
As a root set a password for your oneadmin with passwd oneadmin
Now, let’s copy the ssh public key password to our host, so ssh won’t ask oneadmin user for a password.
[oneadmin@haddock ~]$ ssh-copy-id -i /var/lib/one/.ssh/id_rsa.pub oneadmin@haddock.local oneadmin@haddock.local's password: Now try logging into the machine, with "ssh 'oneadmin@haddock.local'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
If you are running SELinux, you’ll need to run as root the following commands, so SELinux allows you to connect to your localhost using the authorized_keys file. SELinux is difficult and boring but try to keep it enabled… trust me it’s better.
#chcon -v --type=ssh_home_t /var/lib/one/.ssh/authorized_keys #semanage fcontext -a -t ssh_home_t /var/lib/one/.ssh/authorized_keys
Important: Now, try to ssh your host, if no password is prompted for the oneadmin user everything’s good. Also the host key verification will succeed.
Another problem was shown in the oned.log file. OpenNebula couldn’t write some files to /var/tmp/one directory (“Command execution fail: scp -r /var/lib/one/remotes/. haddock.local:/var/tmp/one“), so I created the /var/tmp/one directory and set the right owner:
#mkdir /var/tmp/one #chown oneadmin:oneadmin /var/tmp/one
And finally, another error, but this is just because I compiled libvirt from the source: “Authorization requires authentication but no agent is available“. The solution is adding oneadmin to the libvirt group. Please read this updated post to know how to solve it.
Wow, it was a bit tricky but maybe I did something wrong, please let me know if you were lucky. In a few days I’ll run my first virtual machine in OpenNebula. Have a good time!