Build Your Own Cloud with Eucalyptus
In the March 2010 issue, I wrote an article on how you could deploy Ubuntu 9.10 as part of Amazon's EC2 cloud computing service. Amazon's EC2 service can be useful, but what if you have a bunch of machines already and don't want your data outside your network? Or, what if you don't want to pay the ten-cents-per-hour fee that Amazon charges? That's where the Ubuntu Enterprise Cloud comes in. The Ubuntu Enterprise Cloud system ships with the Server Edition of Ubuntu 9.10, and it's based on the Eucalyptus cloud cluster software.
What exactly is Eucalyptus? Put simply, Eucalyptus is an open-source, Amazon EC2-compatible, cloud computing cluster package that can be run on commodity Linux machines. Although VMware and VirtualBox do similar things, Eucalyptus allows you to scale your cluster across multiple machines. When you run out of resources to run another VM, you simply can pop a new Eucalyptus server on your network, and you're off and running.
Now that you're all fired up, let's get started with the Ubuntu Enterprise Cloud (UEC). The easiest way to get started with UEC is to do a fresh installation of Ubuntu 9.10 Server with the UEC option. You need two systems at a minimum to build your first cloud. One will be the cloud controller (the master node that dispatches and monitors the instances of the virtual machines), and the other will be the node controller (where all the instances actually will run). Minimum configurations are listed in the installation documentation (see Resources), but I recommend a dual-core, 2GHz machine with 2GB of RAM and a 100GB disk as a realistic usable minimum for each. Note that you will need Virtualization Extensions (VT) enabled on the node controller machine. Eucalyptus requires that. Your systems can be either 32-bit or 64-bit (mine are both 64-bit), but be advised that although the 64-bit host can run a 32-bit instance, the opposite is not true.
First, let's install the cloud controller. To start the install, boot your machine off an Ubuntu 9.10 Server CD, select Install Ubuntu Enterprise Cloud at the boot menu, and then press Enter. That starts the standard text-based install, with a twist: along the way, you'll be asked what type of cloud installation mode you want—a “Cluster” or a “Node”. Because you're installing the cloud controller first, select Cluster and press Enter. The installer will proceed normally, but it will ask you two more questions unique to the Ubuntu Enterprise Cloud installation: the name of your cluster (this is just a unique identifier like “testcluster”) and a range of IP addresses on your LAN that the cloud controller can allocate to instances. Once you've done that, the installer will finish out much like a regular Ubuntu text-based install, and your machine will reboot. That's it! Your cloud controller is now on-line.
Next, you need to install a node controller. This is even easier. Boot the computer that will become the node controller from the same Ubuntu 9.10 Server CD, select Install Ubuntu Enterprise Cloud from the boot menu, and the installer should detect the cluster automatically and select Node within the installer. Simply press Enter to confirm you want to install a node and confirm your system's partitioning scheme, and the rest of the installation is completed for you. The installer even copies your login account over from the cloud controller.
Now that your nodes are up, you need to register the node controller with the cloud controller. Log in to the cloud controller, and run the command:
sudo euca_conf --no-rsync --discover-nodes
The cloud controller will auto-discover the nodes that are running the node controller service, and it will prompt you to register each by its IP address.
Before you can use the cloud, you've got to register yourself with it and obtain credentials. Fire up a Web browser (either on the cloud controller or on another machine on the LAN), and go to this URL: https://<cloud-controller-ip-address>:8443. You have to use a secure connection, and you'll get a security certificate warning from your browser. Once you accept the cert warning, use the user name “admin” and password “admin” to log in to the page (Figure 1). Then, you'll be prompted to change the admin password and fill in your e-mail address, so the UEC can mail you information about your instances.
Next, you need to get your credentials to a location where you can use them. I prefer to do this on the cloud controller, so run this script as your regular user on the cloud controller:
mkdir -p ~/.euca chmod 700 ~/.euca cd ~/.euca sudo euca_conf --get-credentials mycreds.zip unzip mycreds.zip cd -
This drops your credentials for the UEC into the ~/.euca directory. The credentials can be downloaded from the UEC admin portal to another Ubuntu machine for use if you so desire. Next, you need to add the line . ~/.euca/eucarc to your shell's profile (~/.bashrc on an Ubuntu machine or the cloud controller) to source the eucarc file every time your shell starts. If you're on another machine aside from the cloud controller, you need to install the euca2ools package as well.
Now that the prep work is done, you can verify that the cluster is working properly by running the euca-describe-availability-zones verbose command:
bill@falcon:~$ euca-describe-availability-zones verbose AVAILABILITYZONE cluster1 192.168.1.116 AVAILABILITYZONE |- vm types free / max cpu ram disk AVAILABILITYZONE |- m1.small 0002 / 0002 1 128 2 AVAILABILITYZONE |- c1.medium 0002 / 0002 1 256 5 AVAILABILITYZONE |- m1.large 0001 / 0001 2 512 10 AVAILABILITYZONE |- m1.xlarge 0001 / 0001 2 1024 20 AVAILABILITYZONE |- c1.xlarge 0000 / 0000 4 2048 20
Bill Childers is the Virtual Editor for Linux Journal. No one really knows what that means.
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide
- Server Hardening
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- The US Government and Open-Source Software
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
- AdaCore's SPARK Pro
- ACI Worldwide's UP Retail Payments