Build Your Own Cloud with Eucalyptus

by Bill Childers
Ubuntu Cloud

In the March 2010 issue, I wrote an article on how you could deploy Ubuntu 9.10 as part of Amazon's EC2 cloud computing service. Amazon's EC2 service can be useful, but what if you have a bunch of machines already and don't want your data outside your network? Or, what if you don't want to pay the ten-cents-per-hour fee that Amazon charges? That's where the Ubuntu Enterprise Cloud comes in. The Ubuntu Enterprise Cloud system ships with the Server Edition of Ubuntu 9.10, and it's based on the Eucalyptus cloud cluster software.

What exactly is Eucalyptus? Put simply, Eucalyptus is an open-source, Amazon EC2-compatible, cloud computing cluster package that can be run on commodity Linux machines. Although VMware and VirtualBox do similar things, Eucalyptus allows you to scale your cluster across multiple machines. When you run out of resources to run another VM, you simply can pop a new Eucalyptus server on your network, and you're off and running.

Installing Your Ubuntu Enterprise Cloud

Now that you're all fired up, let's get started with the Ubuntu Enterprise Cloud (UEC). The easiest way to get started with UEC is to do a fresh installation of Ubuntu 9.10 Server with the UEC option. You need two systems at a minimum to build your first cloud. One will be the cloud controller (the master node that dispatches and monitors the instances of the virtual machines), and the other will be the node controller (where all the instances actually will run). Minimum configurations are listed in the installation documentation (see Resources), but I recommend a dual-core, 2GHz machine with 2GB of RAM and a 100GB disk as a realistic usable minimum for each. Note that you will need Virtualization Extensions (VT) enabled on the node controller machine. Eucalyptus requires that. Your systems can be either 32-bit or 64-bit (mine are both 64-bit), but be advised that although the 64-bit host can run a 32-bit instance, the opposite is not true.

First, let's install the cloud controller. To start the install, boot your machine off an Ubuntu 9.10 Server CD, select Install Ubuntu Enterprise Cloud at the boot menu, and then press Enter. That starts the standard text-based install, with a twist: along the way, you'll be asked what type of cloud installation mode you want—a “Cluster” or a “Node”. Because you're installing the cloud controller first, select Cluster and press Enter. The installer will proceed normally, but it will ask you two more questions unique to the Ubuntu Enterprise Cloud installation: the name of your cluster (this is just a unique identifier like “testcluster”) and a range of IP addresses on your LAN that the cloud controller can allocate to instances. Once you've done that, the installer will finish out much like a regular Ubuntu text-based install, and your machine will reboot. That's it! Your cloud controller is now on-line.

Next, you need to install a node controller. This is even easier. Boot the computer that will become the node controller from the same Ubuntu 9.10 Server CD, select Install Ubuntu Enterprise Cloud from the boot menu, and the installer should detect the cluster automatically and select Node within the installer. Simply press Enter to confirm you want to install a node and confirm your system's partitioning scheme, and the rest of the installation is completed for you. The installer even copies your login account over from the cloud controller.

Now that your nodes are up, you need to register the node controller with the cloud controller. Log in to the cloud controller, and run the command:

sudo euca_conf --no-rsync --discover-nodes

The cloud controller will auto-discover the nodes that are running the node controller service, and it will prompt you to register each by its IP address.

Obtaining Access

Before you can use the cloud, you've got to register yourself with it and obtain credentials. Fire up a Web browser (either on the cloud controller or on another machine on the LAN), and go to this URL: https://<cloud-controller-ip-address>:8443. You have to use a secure connection, and you'll get a security certificate warning from your browser. Once you accept the cert warning, use the user name “admin” and password “admin” to log in to the page (Figure 1). Then, you'll be prompted to change the admin password and fill in your e-mail address, so the UEC can mail you information about your instances.

Figure 1. The Ubuntu Enterprise Cloud Login Page

Next, you need to get your credentials to a location where you can use them. I prefer to do this on the cloud controller, so run this script as your regular user on the cloud controller:

mkdir -p ~/.euca
chmod 700 ~/.euca
cd ~/.euca
sudo euca_conf --get-credentials mycreds.zip
unzip mycreds.zip
cd -

This drops your credentials for the UEC into the ~/.euca directory. The credentials can be downloaded from the UEC admin portal to another Ubuntu machine for use if you so desire. Next, you need to add the line . ~/.euca/eucarc to your shell's profile (~/.bashrc on an Ubuntu machine or the cloud controller) to source the eucarc file every time your shell starts. If you're on another machine aside from the cloud controller, you need to install the euca2ools package as well.

Now that the prep work is done, you can verify that the cluster is working properly by running the euca-describe-availability-zones verbose command:

[email protected]:~$ euca-describe-availability-zones verbose
AVAILABILITYZONE     cluster1        192.168.1.116
AVAILABILITYZONE     |- vm types     free / max   cpu   ram  disk
AVAILABILITYZONE     |- m1.small     0002 / 0002   1    128     2
AVAILABILITYZONE     |- c1.medium    0002 / 0002   1    256     5
AVAILABILITYZONE     |- m1.large     0001 / 0001   2    512    10
AVAILABILITYZONE     |- m1.xlarge    0001 / 0001   2   1024    20
AVAILABILITYZONE     |- c1.xlarge    0000 / 0000   4   2048    20
Installing Images on Your UEC

Although it's possible to make your own custom images to run on your cloud (see Resources for a link on bundling images), it's far easier to get one from the UEC “store” (Figure 2). Simply access the cloud controller at the URL https://<cloud-controller-ip-address>:8443/, enter your login and password, click the Store tab, and you'll be presented with the UEC Store. Just find an image you'd like to install (at the time of this writing, there are only three), and push the Install button. Your image will download and install to your cluster automagically. Once that's done, you'll get a How to Run? link under the grayed-out Install button. If you click that link, you'll get the exact command line that will instantiate, or start, your selected image.

Figure 2. UEC Store

Starting Your Image

Instantiating an image requires you to use the command line on the cloud controller (or wherever you installed your credentials). Before you run your first image, you've got to create an SSH keypair so you can log in to your instance as root once it's up and running. The key is stored and is common across all your instances, so this script needs to be run only once:

if [ ! -e ~/.euca/mykey.priv ]; then
    touch ~/.euca/mykey.priv
    chmod 0600 ~/.euca/mykey.priv
    euca-add-keypair mykey > ~/.euca/mykey.priv
fi

Next, configure the cloud to allow port 22 access (SSH) inbound for all instances. The following command will allow SSH from any source IP:

euca-authorize default -P tcp -p 22 -s 0.0.0.0/0

Now, you can fire up your first image:

[email protected]:~$ euca-run-instances emi-DF841070 -k mykey -t c1.medium
RESERVATION     r-3409079E      admin   admin-default
INSTANCE        i-46780864      emi-DF841070
                                    0.0.0.0  0.0.0.0  pending mykey
                                    2009-12-10T06:26:09.471Z
                                    eki-F59010E3  eri-0A2A115C

The first time you instantiate a particular image, it'll be slow to start. Eucalyptus caches the image on the node controller, so there's a sizable amount of data that's got to move to the node. You can keep tabs on the status of your image by running:

watch -n5 euca-describe-instances

You'll see two IP addresses listed in the output of the euca-describe-instances command. One will be an IP on your LAN, and the other will be a private IP. Once the instance is listed as “running”, you can ssh to it on the IP listed in the output. Note that it doesn't have a user account with a password on it, so you need to use the SSH key created earlier:

[email protected]:~$ euca-describe-instances
RESERVATION     r-3409079E      admin   default
INSTANCE        i-46780864      emi-DF841070
                                    192.168.1.170  172.19.1.2
                                    running  mykey  0  c1.medium
                                    2009-12-10T06:26:09.471Z
                                    cluster1
                                    eki-F59010E3  eri-0A2A115C
[email protected]:~$
[email protected]:~$ ssh -i ~/.euca/mykey.priv [email protected]92.168.1.170
The authenticity of host '192.168.1.170' can't be established.
...
Are you sure you want to continue connecting (yes/no)? yes
...
Linux 172 2.6.31-14-server #48-Ubuntu SMP Fri Oct 16 15:07:34 
UTC 2009 x86_64

...

  System information as of Thu Dec 10 06:32:03 UTC 2009

  System load: 0.0              Memory usage: 16%  Processes:      70
  Usage of /:  29.6% of 1.98GB  Swap usage:   0%   Users logged in: 0

...
[email protected]:~$

At this point, you're in your instance, and it's a fully functioning system. You can apt-get packages like apache or do further system configuration if you want. When you're done, you can exit your SSH session, and then terminate the instance by finding the instance ID from the output of the euca-describe-instances command (in the example above, it's i-46780864) and running euca-terminate-instances <instanceID>. Your instance will then shut down.

This article barely scratches the surface of what's possible with the Ubuntu Enterprise Cloud. Although it's less flexible than other virtualization technologies like VMware or VirtualBox, it is API-compatible with Amazon's EC2 service, and it allows you to build networks of virtual machines far beyond what's possible with conventional virtualization solutions. If you require a scalable network of virtual systems that can be instantiated and terminated dynamically, the Ubuntu Enterprise Cloud and Eucalyptus are for you.

Virtualization Extensions—Make Sure They're Enabled!

Eucalyptus requires that the CPU on the node controllers have Virtualization Extensions (VT) enabled. Do yourself a favor and go into your BIOS and check that it is enabled. Simply grepping for “vmx” in /proc/cpuinfo isn't enough. The BIOS support must be enabled as well. When preparing to write this article, I burned up several days in testing to learn this fact. The virtual machine appeared to start, then terminated immediately with an obscure message in the nc.log file on the node controller like [EUCAERROR ] libvirt: Domain not found: no domain with matching name 'i-427C0881' (code=42). Simply flipping the BIOS switch that enabled Virtualization Extensions allowed the virtual machine to start properly. Verify your BIOS settings before installation!

What's the Walrus—CooCooCaChoo?

Eucalyptus includes a service known as the walrus. The walrus service is a storage service that emulates Amazon's S3 storage. This article covers the default installation of Eucalyptus that runs the walrus service on the same system as the cloud controller. If you have a server with a lot of disk space, it's entirely possible to split the walrus service out and export hunks of disk space as volumes to the virtual machines. In other words, it's a free implementation of a virtual SAN for your virtual machines. Unfortunately, getting into the specifics of the walrus goes beyond what can be covered here.

DHCP Issues

The Eucalyptus cloud controller does run a DHCP server that will respond to requests from cloud instances. However, if you have a DHCP server on your LAN, it may be possible that your instances could receive a DHCP address from your other DHCP server rather than the cloud controller's DHCP server. You may want to tell your main DHCP server to ignore requests sent from the MAC addresses of the cloud instances. All of the cloud instances have MAC addresses that begin in d0:0d. On my DHCP server running dnsmasq, all I had to do was add a line to the dnsmasq.conf file that said dhcp-host=d0:0d:*,ignore.

Resources

Ubuntu Enterprise Cloud Documentation: https://help.ubuntu.com/community/UEC

Ubuntu Server 9.10 Download: www.ubuntu.com/getubuntu/download-server

Eucalyptus Home Page: open.eucalyptus.com

Installing UEC Using the Installer CD: https://help.ubuntu.com/community/UEC/CDInstall

Installing UEC Using the Package-Based Install: https://help.ubuntu.com/community/UEC/PackageInstall

Bundling Your Own UEC Images: https://help.ubuntu.com/community/UEC/BundlingImages

Using the Walrus Storage Controller: https://help.ubuntu.com/community/UEC/StorageController

Bill Childers is an IT Manager in Silicon Valley, where he lives with his wife and two children. He enjoys Linux far too much, and he probably should get more sun from time to time. In his spare time, he does work with the Gilroy Garlic Festival, but he does not smell like garlic.

Load Disqus comments