以前花了很多时间配置出来的,写出来供搭建参考,希望有人更深入的学习了解。
目录... 1
nimbus简单测试环境的搭建... 3
一、环境介绍... 3
二、环境部署... 5
我们先在nimbus server进行安装部署... 5
1.安装java和apache-ant,及XML-Parser. 5
2. 安装GT. 6
3.创建配置证书... 6
(1)创建CA.. 6
(2)配置CA.. 9
(3)创建主机证书... 9
(4)签发主机证书... 10
(5)创建用户证书... 11
(6)签发用户证书... 12
(7)确保主机证书可以被容器访问... 12
(8)为用户增加授权... 13
(9)验证基础安全... 13
4. 配置gridftp服务... 14
5. 验证调整GT. 15
6.安装Nimbus-TP2.2. 16
7. 配置nimbus-tp2.2. 17
(1)配置nimbus server端和VMM节点的globus用户无需密码互登陆... 17
(2)配置nimbus 18
(3)添加xen虚机的网络地址... 26
(4)调整一些云的设置... 26
8.创建云目录... 30
我们在nimbus client进行安装部署... 30
我们对VMM进行安装部署... 34
一.安装配置nimbus-control 34
二. 创建半虚拟化镜像... 36
1.用于半虚拟化安装NFS. 36
2.半虚拟化安装rhel5.2. 38
3. 创建我们所需的镜像... 52
三、环境测试... 54
四、实现One Click Clusters 60
1. 介绍... 60
2. 安装部署... 61
在nimbus server上进行的操作... 61
(1)安装 nimbus-context-broker. 61
(2)配置无密码的CA Certificates 61
(3)配置jndi-config.xml文件... 61
(4)重启container. 62
在虚机镜像中执行的操作... 63
3. 验证... 64
五、 总结... 67
1. 一些机制的认识... 67
(1)nimbus如何分配VMM资源?... 67
(2)如何处理手工关掉的vm?... 68
(3)Cloud Schedule的一些理解... 68
2. 一些不足... 70
(1)nimbus目前不支持高可用... 70
(2)nimbus的镜像不能使windows 70
(3)镜像根分区必须挂载到sda1. 70
(4)nimbus支持的vm,只能在启动时dhcp配置一个网卡... 71
Nimbus(workspace.globus.org)是基于Globus(www.globus.org)网格软件包GT中的java core(ws-core)组件而开发的IaaS平台软件。
一、环境介绍
这里为了搭建一个简单的环境,我们选取了三台机器:
|
Role
|
Hostname
|
IP
|
OS
|
User
|
Software
|
|
nimbus client
|
wang135.hrwang.com
|
172.20.86.135
|
RHEL5.2/CentOS5.2
|
nimbus
|
jdk-1_5_0_17-linux
nimbus-cloud-client-011.tar.gz
|
|
nimbus server
|
wang136.hrwang.com
|
172.20.86.136
|
RHEL5.2/CentOS5.2
|
globus
nimbus
|
jdk-1_5_0_17-linux
apache-ant-1.7.1-bin.tar.gz
XML-Parser-2.36.tar.gz
gt4.0.8-all-source-installer.tar.bz2
nimbus-TP2.2.tar.gz
|
|
VMM
|
cloud.jsgl.com
|
172.20.86.174
|
RHEL5.2/CentOS5.2
|
globus
|
dhcpd
python2.3+
sudo
ebtables-v2.0.8-2.tar.gz
nimbus-controls-TP2.2.tar.gz
|
结合上面的结构图,wang135.hrwang.com可以当做cloud-client; wang136.hrwang.com可以当做Workspace Service+Repository; node可以当做VMMs。
二、环境部署
下面以#开头的命令是root用户执行的,以$开头的命令是普通用户执行的。
首先确保,每台机器的/etc/hosts内容都如下:
172.20.86.135 wang135.hrwang.com wang135
172.20.86.136 wang136.hrwang.com wang136
172.20.86.169 cloud.jsgl.com cloud
另外将相应的用户在相应的机器上创建起来。
我们先在nimbus server进行安装部署
1.安装java和apache-ant,及XML-Parser
[root@wang136 opt]# pwd
/opt
[root@wang136 opt]# ./jdk-1_5_0_17-linux-amd64.bin 解压安装
[root@wang136 opt]# tar zxvf apache-ant-1.7.1-bin.tar.gz 解压安装
[root@wang136 opt]# vi /etc/profile 在文件末添加环境变量
export ANT_HOME=/opt/apache-ant-1.7.1/
PATH=/opt/apache-ant-1.7.1/bin:/opt/jdk1.5.0_17/bin:/opt/jdk1.5.0_17/jre/bin:$PATH
JAVA_HOME=/opt/jdk1.5.0_17
CLASSPATH=/opt/jdk1.5.0_17/lib:/opt/jdk1.5.0_17/jre/lib:/opt/apache-ant-1.7.1/lib
export PATH
export JAVA_HOME
export CLASSPATH
[root@wang136 opt]# source /etc/profile 生效环境变量
[root@wang136 opt]# java –version 验证
java version "1.5.0_17"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_17-b04)
Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_17-b04, mixed mode)
[root@wang136 opt]# ant -version
Apache Ant version 1.7.1 compiled on June 27 2008
[root@wang136 opt]# tar zxvf XML-Parser-2.36.tar.gz 安这个包是为了以后装GRAM
[root@wang136 opt]# cd XML-Parser-2.36
[root@wang136 XML-Parser-2.36]# perl Makefile.PL
[root@wang136 XML-Parser-2.36]# make
[root@wang136 XML-Parser-2.36]# make install
2. 安装GT
[root@wang136 ~]# useradd globus 创建globus用户
[root@wang136 ~]# passwd globus
[root@wang136 ~]# mkdir /usr/local/globus-4.0.8 创建安装目录
[root@wang136 ~]# chown -R globus:globus /usr/local/globus-4.0.8
[root@wang136 ~]# cd /opt/ 软件放在opt目录下
[root@wang136 opt]# tar jxvf gt4.0.8-all-source-installer.tar.bz2
[root@wang136 opt]# chown -R globus:globus gt4.0.8-all-source-installer
切换到globus登陆的终端
[globus@wang136 gt4.0.8-all-source-installer]$ pwd
/opt/gt4.0.8-all-source-installer
[globus@wang136 gt4.0.8-all-source-installer]$ export GLOBUS_LOCATION=/usr/local/globus-4.0.8 (将这行添加到/home/globus/.bash_profile的末尾)
[globus@wang136 gt4.0.8-all-source-installer]$ ./configure --prefix=/usr/local/globus-4.0.8
[globus@wang136 gt4.0.8-all-source-installer]$ make wsjava gridftp
[globus@wang136 gt4.0.8-all-source-installer]$ make wsjava gridftp install
3.创建配置证书
(1)创建CA
使用globus用户执行下面的操作
[globus@wang136 gt4.0.8-all-source-installer]$ cd /usr/local/globus-4.0.8/
[globus@wang136 globus-4.0.8]$ sh etc/globus-user-env.sh
将下面这行添加到/home/globus/.bash_profile的末尾:
source /usr/local/globus-4.0.8/etc/globus-user-env.sh
[globus@wang136 globus-4.0.8]$ ./setup/globus/setup-simple-ca 生成CA
WARNING: GPT_LOCATION not set, assuming:
GPT_LOCATION=/usr/local/globus-4.0.8
C e r t i f i c a t e A u t h o r i t y S e t u p
This script will setup a Certificate Authority for signing Globus
users certificates. It will also generate a simple CA package
that can be distributed to the users of the CA.
The CA information about the certificates it distributes will
be kept in:
/home/globus/.globus/simpleCA/
The unique subject name for this CA is:
cn=Globus Simple CA, ou=simpleCA-wang136.hrwang.com, ou=GlobusTest, o=Grid
Do you want to keep this as the CA subject (y/n) [y]:y
Enter the email of the CA (this is the email where certificate
requests will be sent to be signed by the CA):wanghongrui@ceopen.cn
The CA certificate has an expiration date. Keep in mind that
once the CA certificate has expired, all the certificates
signed by that CA become invalid. A CA should regenerate
the CA certificate and start re-issuing ca-setup packages
before the actual CA certificate expires. This can be done
by re-running this setup script. Enter the number of DAYS
the CA certificate should last before it expires.
[default: 5 years (1825 days)]:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
creating CA config package...done.
A self-signed certificate has been generated
for the Certificate Authority with the subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-wang136.hrwang.com/CN=Globus Simple CA
If this is invalid, rerun this script
./setup/globus/setup-simple-ca
and enter the appropriate fields.
-------------------------------------------------------------------
The private key of the CA is stored in /home/globus/.globus/simpleCA//private/cakey.pem
The public CA certificate is stored in /home/globus/.globus/simpleCA//cacert.pem
The distribution package built for this CA is stored in
/home/globus/.globus/simpleCA//globus_simple_ca_2f982487_setup-0.19.tar.gz
This file must be distributed to any host wishing to request
certificates from this CA.
CA setup complete.
The following commands will now be run to setup the security
configuration files for this CA:
$GLOBUS_LOCATION/sbin/gpt-build /home/globus/.globus/simpleCA//globus_simple_ca_2f982487_setup-0.19.tar.gz
$GLOBUS_LOCATION/sbin/gpt-postinstall
-------------------------------------------------------------------
setup-ssl-utils: Configuring ssl-utils package
Running setup-ssl-utils-sh-scripts...
***************************************************************************
Note: To complete setup of the GSI software you need to run the
following script as root to configure your security configuration
directory:
/usr/local/globus-4.0.8/setup/globus_simple_ca_2f982487_setup/setup-gsi
For further information on using the setup-gsi script, use the -help
option. The -default option sets this security configuration to be
the default, and -nonroot can be used on systems where root access is
not available.
***************************************************************************
setup-ssl-utils: Complete
注1: 上面选择的都是默认答案,只有邮箱和密码根据情况填写。
(2)配置CA
使用root执行:
[root@wang136 opt]# export GLOBUS_LOCATION=/usr/local/globus-4.0.8
[root@wang136 opt]# /usr/local/globus-4.0.8/setup/globus_simple_ca_2f982487_setup/setup-gsi -default
setup-gsi: Configuring GSI security
Making /etc/grid-security...
mkdir /etc/grid-security
Making trusted certs directory: /etc/grid-security/certificates/
mkdir /etc/grid-security/certificates/
Installing /etc/grid-security/certificates//grid-security.conf.2f982487...
Running grid-security-config...
Installing Globus CA certificate into trusted CA certificate directory...
Installing Globus CA signing policy into trusted CA certificate directory...
setup-gsi: Complete
