eustore

CirrOS: Perfect Machine Image for Eucalyptus Cloud Debugging

hspencer77, , , , , , Leave a comment

CirrOS is a a trimmed-down OS that has been developed to run on cloud environments. When deployed on Eucalyptus clouds, CirrOS is very effective in confirming the clouds have been set up to provide instance networking, and instance services (metadata and userdata – similar to whats provided on AWS).  Because its seen as being so helpful to cloud administrators, Eucalyptus added both 32 and 64 bit CirrOS images to eustore.  This blog entry will cover how to use eustore to bundle, upload and register the CirrOS image, and how to use it to test out instance services on a Eucalyptus cloud.

Recognition

Before discussing how to use CirrOS on Eucalyptus for instance debugging, I would like to thank the following people:

  • Victor Iglesias – Quality Engineer at Eucalyptus Systems, Inc – for introducing me to CirrOS.
  • Scott Moser – Ubuntu Server Technical Lead at Canonical – for creating CirrOS, along with other great cloud tools like Cloud-Init.

Deploying CirrOS on Eucalyptus

As a cloud administrator, adding CirrOS is relatively straight-forward when using eustore.  To start out, make sure the latest version of euca2ools has been installed. After downloading and sourcing the cloud administrator (i.e. admin user of the eucalyptus account) credentials, use eustore-describe-images to discover the CirrOS images on emis.eucalyptus.com:

$ eustore-describe-images | grep cirros
4001243952 cirros x86_64 experimental-images kvm CirrOS x86-64, 
Tiny image used for testing - root user login
1765979475 cirros i386 experimental-images kvm CirrOS i386, 
Tiny image used for testing - cirros user login
0300949733 cirros x86_64 experimental-images kvm CirrOS x86_64, 
Tiny image used for testing - cirros user login

To bundle, upload and register a CirrOS image, choose the image of your choice, and use eustore-install-image.  For example:

$ eustore-install-image -i 0300949733 -b cirros-0.3.1-x86_64 \
 --hypervisor kvm -s "CirrOS 0.3.1 - x86_64"

The image is now ready to be used on your Eucalyptus cloud.  Creating a keypair with euca-create-keypair:

$ euca-create-keypair euca-admin > euca-admin.priv

Use euca-authorize to allow SSH traffic to the instance.

$ euca-authorize -P tcp -p 22 \ 
-s 0.0.0.0/0 default

Next, launch the CirrOS image using euca-run-instances:

$ euca-run-instances -k euca-admin \
-t m1.medium emi-2611389B

After the instance has been launched successfully, lets look at some of the features of CirrOS that helps with troubleshooting instances.

Instance Status Checks in CirrOS

CirrOS provides great kernel messages when booting.  Not only does it show the boot sequence and discovery of devices, but it also shows information regarding network information and status of the instance userdata and metadata services.  To view this information, use euca-get-console-output on the instance based off the CirrOS image. For example:

$ euca-get-console-output i-B57B4273
i-B57B4273
2014-02-03T04:25:08.535Z
^[[1;256r^[[256;256H^[[6n
Google, Inc.
Serial Graphics Adapter 12/07/11
SGABIOS $Id: sgabios.S 8 2010-04-22 00:03:40Z nlaredo $ (mockbuild@c6b18n1.dev.centos.org) Wed Dec 7 17:04:47 UTC 2011
Term: 80x24
4 0
SeaBIOS (version seabios-0.6.1.2-26.el6)
........
Sending select for 172.17.125.24...
Lease of 172.17.125.24 obtained, lease time 86400
deleting routers
adding dns 10.104.1.216
adding dns 10.1.1.254
cirros-ds 'net' up at 0.68
checking http://169.254.169.254/2009-04-04/instance-id
successful after 1/20 tries: up 0.69. iid=i-B57B4273
failed to get http://169.254.169.254/2009-04-04/user-data
warning: no ec2 metadata for user-data
found datasource (ec2, net)
Starting dropbear sshd: generating rsa key... generating dsa key... OK
/run/cirros/datasource/data/user-data was not '#!' or executable
=== network info ===
if-info: lo,up,127.0.0.1,8,::1
if-info: eth0,up,172.17.125.24,27,fe80::d20d:b5ff:fe7b:4273
ip-route:default via 172.17.125.1 dev eth0
ip-route:172.17.125.0/27 dev eth0 src 172.17.125.24
=== datasource: ec2 net ===
instance-id: i-B57B4273
name: N/A
availability-zone: LayinDaSmackDown
local-hostname: euca-172-17-125-24.eucalyptus.internal
launch-index: 0
......

As viewed from the output, it provides some of the metadata information of the instance.  Because there was no userdata passed when launching the instance, the following error is seen:

/run/cirros/datasource/data/user-data was not '#!' or executable

To see all the metadata provided to the instance, SSH into the instance and run ‘ec2metadata’:

$ ssh -i admin-creds/euca-admin.priv cirros@euca-10-104-7-11.eucalyptus.euca-hasp.eucalyptus-systems.com
The authenticity of host 'euca-10-104-7-11.eucalyptus.euca-hasp.eucalyptus-systems.com (10.104.7.11)' can't be established.
RSA key fingerprint is ae:3a:3f:4d:fe:a2:ab:a6:8d:0c:56:3f:18:93:d1:f9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'euca-10-104-7-11.eucalyptus.euca-hasp.eucalyptus-systems.com,10.104.7.11' (RSA) to the list of known hosts.
$ ec2metadata
ami-id: emi-2611389B
ami-launch-index: 0
ami-manifest-path: cirros-0.3.1-x86_64/cirros-0.3.1-x86_64-rootfs.img.manifest.xml
block-device-mapping/ami: sda1
block-device-mapping/emi: sda1
block-device-mapping/ephemeral: sda2
block-device-mapping/ephemeral0: sda2
block-device-mapping/root: /dev/sda1
block-device-mapping/swap: sda3
hostname: euca-172-17-125-24.eucalyptus.internal
instance-id: i-B57B4273
instance-type: m1.small
kernel-id: eki-37D335EF
local-hostname: euca-172-17-125-24.eucalyptus.internal
local-ipv4: 172.17.125.24
mac: D0:0D:B5:7B:42:73
placement/availability-zone: LayinDaSmackDown
public-hostname: euca-10-104-7-11.eucalyptus.euca-hasp.eucalyptus-systems.com
public-ipv4: 10.104.7.11
public-keys/0: openssh-key
ramdisk-id: eri-487537CB
reservation-id: r-87584400
security-groups: default

Thats it!  As demonstrated, CirrOS helps cloud administrators test networking and instance services for instances relatively quickly.  Using CirrOS helps narrow down if there is a Eucalyptus cloud deployment issue versus an image issue. If you feel really adventurous, Scott has provided some great instructions on how cloud administrators can build their own CirrOS image by hand. Hope this helps.  Enjoy!

 

 

CirrOS: Perfect Machine Image for Eucalyptus Cloud Debugging

12 Steps To EBS-Backed EMI Bliss on Eucalyptus

hspencer77, , , , , , , , , , 2 Comments

In previous posts, I shared how to use Ubuntu Cloud Images and eustore with Eucalyptus and AWS.  This blog entry will focus on how to use these assets to create EBS-backed EMIs in 12 steps.   These steps can be used on AWS as well, but instead of creating an instance store-backed AMI first, Ubuntu has already provided AMIs that can be used as the building block instance on AWS.  Let’s get started.

Prerequisites

On Eucalyptus and AWS, it is required the user has the appropriate IAM policy in order to perform these steps.  The policy should contain the following EC2 Actions at a minimum:

  • RunInstances
  • AttachVolume
  • AuthorizeSecurityGroupEgress
  • AuthorizeSecurityGroupIngress
  • CreateKeyPair
  • CreateSnapshot
  • CreateVolume
  • DescribeImages
  • DescribeInstances
  • DescribeInstanceStatus
  • DescribeSnapshots
  • DetachVolume
  • RegisterImage

In addition, the user needs an access key ID and secret key.  For more information, check out the following resources:

This entry also assumes Eucalyptus euca2ools are installed on the client machine.

The 12 Steps

Although the Ubuntu Cloud Image used in this entry is Ubuntu Precise (12.04) LTS, any of of the maintained Ubuntu Cloud images can be used.

  1. Use wget to download tar-gzipped precise-server-cloudimg: 
    $ wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64.tar.gz
  2. After setting the EC2_ACCESS_KEY, EC2_SECRET_KEY, and EC2_URL, use eustore-install-image to an instance stored-backed EMI: 
    $ eustore-install-image -t precise-server-cloudimg-amd64.tar.gz \
-b ubuntu-latest-precise-x86_64 --hypervisor universal \
-s "Ubuntu Cloud Image - Precise Pangolin - 12.04 LTS"
  3. Create a keypair using euca-create-keypair, then use euca-run-instances to launch an instance from the EMI returned from eustore-install-image. For example: 
    $ euca-run-instances -t m1.medium \
-k account1-user01 emi-5C8C3909
  4. Use euca-create-volume to create a volume based upon the size of how big you want the root filesystem to be.  The availability zone (-z option) will be based on if you are using Eucalyptus or AWS: 
    $ euca-create-volume -s 6 \
-z LayinDaSmackDown
  5. Using euca-attach-volume, attach the resulting volume to the running instance. For example: 
    $ euca-attach-volume -d /dev/vdd \
-i i-839E3FB0 vol-B5863B3B
  6. Use euca-authorize to open SSH access to the instance, SSH into the instance, then use wget to download the Ubuntu Precise Cloud Image (qcow2 format): 
    $ ssh -i account1-user01.priv ubuntu@euca-10-104-7-10.eucalyptus.euca-hasp.eucalyptus-systems.com
# sudo -s
# wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img
  7. Install qemu-utils: 
    # apt-get install -y qemu-utils
  8. Use qemu-img to convert image from qcow2 to raw: 
    # qemu-img convert \
-O raw precise-server-cloudimg-amd64-disk1.img precise-server-cloudimg-amd64-disk1-raw.img
  9. dd raw image to block device where volume is attached (use dmesg to figure that out easily): 
    # dmesg | tail
[ 7026.943212] virtio-pci 0000:00:05.0: using default PCI settings
[ 7026.943249] pci 0000:00:07.0: no hotplug settings from platform
[ 7026.943251] pci 0000:00:07.0: using default PCI settings
[ 7026.945964] virtio-pci 0000:00:07.0: enabling device (0000 -> 0003)
[ 7026.955143] virtio-pci 0000:00:07.0: PCI INT A -> Link[LNKC] -> GSI 10 (level, high) -> IRQ 10
[ 7026.955180] virtio-pci 0000:00:07.0: setting latency timer to 64
[ 7026.955429] virtio-pci 0000:00:07.0: irq 45 for MSI/MSI-X
[ 7026.955456] virtio-pci 0000:00:07.0: irq 46 for MSI/MSI-X
[ 7026.986990] vdb: unknown partition table
[10447.093426] virtio-pci 0000:00:07.0: PCI INT A disabled
# dd if=/mnt/precise-server-cloudimg-amd64-disk1-raw.img of=/dev/vdb bs=1M
  10. Log out the instance, and use euca-detach-volume to detach the volume: 
    $ euca-detach-volume vol-B5863B3B
  11. Use euca-create-snapshot to create a snapshot of the volume: 
    $ euca-create-snapshot vol-B5863B3B
  12. Use euca-register to register the resulting snapshot to create the EBS-backed EMI: 
    $ euca-register --name ebs-precise-x86_64-sda \
--snapshot snap-EFDB40A1 --root-device-name /dev/sda

Thats it!  You have successfully created an EBS-backed EMI/AMI.  As mentioned earlier, these steps can be used on AWS just as well (just skip steps 1 & 2, and use one of the Ubuntu Cloud Images in the AWS region of your choice).  Enjoy!

12 Steps To EBS-Backed EMI Bliss on Eucalyptus

Ubuntu Cloud Images and Eustore: The Eucalyptus Cloud Administrator’s Image Management Dream

hspencer77, , , , , , 3 Comments

Ubuntu provides versatile cloud images that can be utilized on various cloud deployment infrastructures.  Eucalyptus’s euca2ools eustore tool makes it easier for cloud administrator’s to bundle, upload and register images on Eucalyptus clouds.  Using eustore-install-image with Ubuntu Cloud images provides the best of both worlds – solid cloud images that can be easily deployed to any Eucalyptus cloud environment.

Set Up Euca2ools Configuration File

Setting up a euca2ools configuration file makes it easier and more efficient to interact with the euca2ools commands.  For this blog entry, the euca2ools configuration file ~/.euca/euca2ools.ini was set up with the following information:

[global]
default-region = LayinDaSmackDown
[user admin]
key-id = L4836KVYWMJCXT4T6Q6B9
secret-key = XCJ6sZVFVfFMR4DNVIUL7N7e4cgk8ebvEW0ej5dZ
account-id = 441445882805
private-key = /home/hspencer/admin-creds/euca2-admin-c9e4580c-pk.pem
certificate = /home/hspencer/admin-creds/euca2-admin-c9e4580c-cert.pem
[region LayinDaSmackDown]
autoscaling-url = http://10.104.1.216:8773/services/AutoScaling
ec2-url = http://10.104.1.216:8773/services/Eucalyptus
elasticloadbalancing-url = http://10.104.1.216:8773/services/LoadBalancing
iam-url = http://10.104.1.216:8773/services/Euare
monitoring-url = http://10.104.1.216:8773/services/CloudWatch
s3-url = http://10.104.1.216:8773/services/Walrus
eustore-url =http://emis.eucalyptus.com/
certificate = /home/hspencer/admin-creds/cloud-cert.pem

After setting up the euca2ools confirmation file, to utilize this file, run any euca2ools command with the –region option.  For example:

$ euca-describe-images --region admin@

Since kernel, ramdisk and root filesystem images will be bundled, uploaded and registered, the cloud administrator’s credentials were used in the euca2ools configuration file.  For more information about kernel and ramdisk management in Eucalyptus, check out the KB article entitled “Kernel and Ramdisk Management in Eucalyptus”.

Ubuntu Cloud Images

To obtain Ubuntu Cloud images that will be bundled, uploaded and registered with eustore-install-image, download the supported Ubuntu Cloud image release of your choice from the Ubuntu Cloud Images page. Download the file thats ends with either amd64.tar.gz or i386.tar.gz using either curl, wget or any other network transfer tool.

For example, to download the latest Ubuntu 13.10 Saucy Salamander Cloud image, run the following command:

$ wget http://cloud-images.ubuntu.com/saucy/current/saucy-server-cloudimg-amd64.tar.gz

This will download and save the saucy-server-cloudimg-amd64.tar.gz file.  Now its time to use eustore-install-image to bundle, upload and register the image.

Bundle, Upload, Register The Image

As mentioned earlier, eustore-install-image will bundle, upload and register the image.  To do this, use the –tarball option of eustore-install-image with the tar-gzipped file downloaded from Ubuntu Cloud Image page.  The key flag here is the –hypervisor option.  Because Ubuntu Cloud images are crafted to work on multiple hypervisors (e.g. Xen, KVM, VMware, etc.), set the –hypervisor option to “universal”. Here is an example of using these options:

$ eustore-install-image -t saucy-server-cloudimg-amd64.tar.gz -b ubuntu-saucy-server-amd64 --hypervisor universal -s "Ubuntu 13.10 - Saucy Salamander" -p ubuntu-saucy --region admin@ -a x86_64
Preparing to extract image...
Extracting kernel 100% |=========================================================================================| 5.34 MB 158.76 MB/s Time: 0:00:00
Bundling kernel 100% |=========================================================================================| 5.34 MB 27.39 MB/s Time: 0:00:00
-- Uploading kernel image --
saucy-server-cloudimg-amd64-vmlinuz-generic.part.0 100% |=========================================================| 5.28 MB 20.91 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64-vmlinuz-generic.manifest.xml 100% |===================================================| 3.45 kB 26.26 kB/s Time: 0:00:00
Registered kernel image eki-2C54378B
Extracting ramdisk 100% |=========================================================================================| 89.56 kB 45.29 MB/s Time: 0:00:00
Bundling ramdisk 100% |=========================================================================================| 89.56 kB 8.31 MB/s Time: 0:00:00
-- Uploading ramdisk image --
saucy-server-cloudimg-amd64-loader.part.0 100% |==================================================================| 89.38 kB 689.09 kB/s Time: 0:00:00
saucy-server-cloudimg-amd64-loader.manifest.xml 100% |============================================================| 3.36 kB 26.03 kB/s Time: 0:00:00
Registered ramdisk image eri-015435B7
Extracting image 100% |=========================================================================================| 1.38 GB 183.45 MB/s Time: 0:00:08
Bundling image 100% |=========================================================================================| 1.38 GB 34.33 MB/s Time: 0:00:43
-- Uploading machine image --
saucy-server-cloudimg-amd64.img.part.0 ( 1/22) 100% |============================================================| 10.00 MB 42.72 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.1 ( 2/22) 100% |============================================================| 10.00 MB 41.06 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.2 ( 3/22) 100% |============================================================| 10.00 MB 42.43 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.3 ( 4/22) 100% |============================================================| 10.00 MB 44.56 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.4 ( 5/22) 100% |============================================================| 10.00 MB 48.43 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.5 ( 6/22) 100% |============================================================| 10.00 MB 57.00 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.6 ( 7/22) 100% |============================================================| 10.00 MB 48.69 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.7 ( 8/22) 100% |============================================================| 10.00 MB 51.00 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.8 ( 9/22) 100% |============================================================| 10.00 MB 43.92 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.9 (10/22) 100% |============================================================| 10.00 MB 46.26 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.10 (11/22) 100% |============================================================| 10.00 MB 46.27 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.11 (12/22) 100% |============================================================| 10.00 MB 48.74 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.12 (13/22) 100% |============================================================| 10.00 MB 44.48 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.13 (14/22) 100% |============================================================| 10.00 MB 44.20 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.14 (15/22) 100% |============================================================| 10.00 MB 48.89 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.15 (16/22) 100% |============================================================| 10.00 MB 46.45 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.16 (17/22) 100% |============================================================| 10.00 MB 56.84 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.17 (18/22) 100% |============================================================| 10.00 MB 53.62 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.18 (19/22) 100% |============================================================| 10.00 MB 56.75 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.19 (20/22) 100% |============================================================| 10.00 MB 48.67 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.20 (21/22) 100% |============================================================| 10.00 MB 44.25 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.part.21 (22/22) 100% |============================================================| 3.19 MB 18.21 MB/s Time: 0:00:00
saucy-server-cloudimg-amd64.img.manifest.xml 100% |===============================================================| 6.63 kB 41.32 kB/s Time: 0:00:00
Registered machine image emi-4EFE3A91
-- Done --
Installed new image emi-4EFE3A91

Now that the kernel, ramdisk and root filesystem are bundled, uploaded and registered, the launch permission of each image needs to be changed so that all the users of the Eucalyptus cloud can launch instances from these images.

$ euca-modify-image-attribute -l -a all emi-4EFE3A91 --region admin@
launchPermission emi-4EFE3A91 ADD Group all
$ euca-modify-image-attribute -l -a all eri-015435B7 --region admin@
launchPermission eri-015435B7 ADD Group all
$ euca-modify-image-attribute -l -a all eki-2C54378B --region admin@
launchPermission eki-2C54378B ADD Group all

Thats it!  Now users can launch instances from the EMI, EKI and ERI as below:

$ euca-run-instances -k account1-user01 -t m1.medium emi-4EFE3A91 --region account1-user01@ --user-data-file cloud-init.config

Enjoy!

Ubuntu Cloud Images and Eustore: The Eucalyptus Cloud Administrator’s Image Management Dream

Bind DNS + OpenLDAP MDB == Dynamic Domain and Fully Delegated Sub-Domain Configuration of DNS

hspencer77, , , , , , , , 7 Comments

This blog post was driven by the need to make it easier to test Eucalyptus DNS in a lab environment.   The goal was to have a scriptable way to add/delete fully delegated sub-domains without having to reload/restart DNS when Eucalyptus clouds were being deployed/destroyed.   This was tested on an CentOS 6 instance running in a Eucalyptus 3.3 HA Cloud.

Prerequisites

This entry will not cover setting up Eucalyptus HA, creating a Eucalyptus user, using eustore to register the image, and/or opening up ports in security groups.  Its assumed the reader understands these concepts.  The focus will be configuring and deploying Bind9 and OpenLDAP.

In addition to using a CentOS 6.4 image, the following is needed:

  • ports open for DNS (tcp and udp 53)
  • port open for OpenLDAP (tcp 389)
  • port open for SSH (tcp 22)

Now that the prereqs have been covered, lets jump into setting up the environment.

Base Software Installation

There are a series of packages needed to install OpenLDAP (since we are building from source), and Bind9.  Once the instance is launched and running, SSH into the instance, and run the following commands:

# sudo yum -y upgrade
# sudo yum install -y git cyrus-sasl gcc glibc-devel libtool-ltdl \
db4-devel openssl-devel unixODBC-devel libtool-ltdl-devel libtool \
cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-lib cyrus-sasl-md5 \
make bind-dyndb-ldap

All the packages except for bind-dyndb-ldap are needed to build OpenLDAP from source.  The reason we are building OpenLDAP from source is to take advantage of their powerful backend – MDB.  Check out my previous blogs on this topic from this listing.

The key package for Bind9 DNS to communicate to OpenLDAP as a backend is bind-dyndb-ldap.  This plug-in is used by the FreeIPA Identity/Policy Management application to help leverage 389 Directory Servers (which is based off OpenLDAP) for storing domain name information.

OpenLDAP Installation and Configuration

Since all the base packages are installed, we can now grab and install the latest source version of OpenLDAP.  While still being logged into the instance, run the following command:

# git clone git://git.openldap.org/openldap.git ~/openldap

Since we are working with an instance based on the CentOS 6 image on eustore, we will use the ephemeral store (which is mounted under /media/ephemeral0) for the location of our OpenLDAP installation.  Create a directory for installing OpenLDAP on the ephemeral store by running the command below:

# mkdir /media/ephemeral0/openldap

Next, configure OpenLDAP:

# cd ~/openldap
# ./configure --prefix=/media/ephemeral0/openldap --enable-debug=yes \
--enable-syslog --enable-dynamic --enable-slapd --enable-dynacl \
--enable-spasswd --enable-modules --enable-rlookups --enable-mdb \
--enable-monitor --enable-overlays --with-cyrus-sasl --with-threads \
--with-tls=openssl CC="gcc" LDFLAGS="-L/usr/lib64/sasl2" CPPFLAGS="-I/usr/include/sasl"

After thats completed successfully, compile and install OpenLDAP:

# make depend
# make
# sudo make install

After the installation is complete, create the openldap user that will be responsible for running OpenLDAP:

# sudo useradd -m -U -c "OpenLDAP User" -s /bin/bash openldap
# sudo passwd -l openldap

Since the bind-dyndb-ldap package was installed earlier, copy the schema to where OpenLDAP stores its schemas, so that it can be added to the OpenLDAP configuration:

# sudo cp /usr/share/doc/bind-dyndb-ldap-2.3/schema \
/media/ephemeral0/openldap/etc/openldap/schema/bind-dyndb-ldap.schema

Next, create the LDAP password for the cn=admin,cn=config user.  This user is responsible for managing the configuration of the OpenLDAP server using OLC:

# /media/ephemeral0/openldap/sbin/slappasswd -h {SSHA}

Modify the slapd.conf file located under /media/ephemeral0/openldap/etc/openldap/, to set up the base configuration structure (cn=config) for OpenLDAP.  When completed, it should look like the following:

#######################################################################
# Config database definitions
#######################################################################
pidfile /media/ephemeral0/openldap/var/run/slapd.pid
argsfile /media/ephemeral0/openldap/var/run/slapd.args
database config
rootdn cn=admin,cn=config
rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxx - (password created for cn=admin,cn=config user)
# Schemas, in order
include /media/ephemeral0/openldap/etc/openldap/schema/core.schema
include /media/ephemeral0/openldap/etc/openldap/schema/cosine.schema
include /media/ephemeral0/openldap/etc/openldap/schema/inetorgperson.schema
include /media/ephemeral0/openldap/etc/openldap/schema/collective.schema
include /media/ephemeral0/openldap/etc/openldap/schema/corba.schema
include /media/ephemeral0/openldap/etc/openldap/schema/duaconf.schema
include /media/ephemeral0/openldap/etc/openldap/schema/dyngroup.schema
include /media/ephemeral0/openldap/etc/openldap/schema/misc.schema
include /media/ephemeral0/openldap/etc/openldap/schema/nis.schema
include /media/ephemeral0/openldap/etc/openldap/schema/openldap.schema
include /media/ephemeral0/openldap/etc/openldap/schema/ppolicy.schema
include /media/ephemeral0/openldap/etc/openldap/schema/bind-dyndb-ldap.schema

Create the slapd.d directory under /media/ephemeral0/openldap/etc/openldap/.  This will contain all the directory information:

# sudo chown -R openldap:openldap /media/ephemeral0/openldap/* 
# su - openldap -c "mkdir /media/ephemeral0/openldap/etc/openldap/slapd.d"

Populate the slapd.d directory with the base configuration by running the following command:

su - openldap -c "/media/ephemeral0/openldap/sbin/slaptest \
-f /media/ephemeral0/openldap/etc/openldap/slapd.conf \
-F /media/ephemeral0/openldap/etc/openldap/slapd.d"
config file testing succeeded

For this example, we will be setting up the directory to use dc=eucalyptus,dc=com as the LDAP base.  Create the cn=Directory Manager,dc=eucalyptus,dc=com LDAP password:

# /media/ephemeral0/openldap/sbin/slappasswd -h {SSHA}

Create an LDIF that will define the configuration of the DB associated with the information regarding the DNS entries.  For this example, the LDIF will be called directory-layout.ldif.  It should look like the following:

#######################################################################
# MDB database definitions
#######################################################################
#
dn: olcDatabase=mdb,cn=config
changetype: add
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcSuffix: dc=eucalyptus,dc=com
olcRootDN: cn=Directory Manager,dc=eucalyptus,dc=com
olcRootPW: {SSHA}xxxx - (password of cn=Directory Manager,dc=eucalyptus,dc=com user)
olcDbDirectory: /media/ephemeral0/openldap/var/openldap-data/dns
olcDbIndex: objectClass eq
olcAccess: to attrs=userPassword by dn="cn=Directory Manager,dc=eucalyptus,dc=com"
 write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=Directory Manager,dc=eucalyptus,dc=com" write by * read
olcDbMaxReaders: 0
olcDbMode: 0600
olcDbSearchStack: 16
olcDbMaxSize: 4294967296
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbNoSync: FALSE
olcDbEnvFlags: writemap
olcDbEnvFlags: nometasync

Make sure and create the directory where the DB information will be stored:

# su - openldap -c "mkdir /media/ephemeral0/openldap/var/openldap-data/dns"

Start up the OpenLDAP directory:

# sudo /media/ephemeral0/openldap/libexec/slapd -h "ldap:/// ldapi:///" \
-u openldap -g openldap

After OpenLDAP has been started successfully,  upload the directory-layout.ldif as the cn=admin,cn=config user:

# /media/ephemeral0/openldap/bin/ldapadd -D cn=admin,cn=config -W \
-f directory-layout.ldif
Enter LDAP Password:
adding new entry "olcDatabase=mdb,cn=config"

To allow search access to the directory, create an LDIF called frontend.ldif, that contains the following:

dn: olcDatabase={-1}frontend,cn=config
changetype: modify
replace: olcAccess
olcAccess: to dn.base="" by * read
olcAccess: to dn.base="cn=Subschema" by * read
olcAccess: to * by self write by users read by anonymous auth

Upload the LDIF using the ldapmodify command:

# /media/ephemeral0/openldap/bin/ldapmodify -D cn=admin,cn=config -W -f frontend.ldif
Enter LDAP Password:
modifying entry "olcDatabase={-1}frontend,cn=config"

To check the results of these changes, use ldapsearch:

# /media/ephemeral0/openldap/bin/ldapsearch -D cn=admin,cn=config -W -b cn=config
Enter LDAP Password:
(ldapsearch results...)

After confirming that the base configurations have been stored, create an LDIF called dns-domain.ldif that lays out the directory structure for the database.  As seen previously in the directory-layout.ldif, the base is dc=eucalyptus,dc=com. The dns-domain.ldif file should look like the following:

dn: dc=eucalyptus,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Eucalyptus Systems Inc - QA DNS Domain
dc: eucalyptus
description: Test LDAP+DNS Setup
 
dn: ou=dns,dc=eucalyptus,dc=com
objectClass: organizationalUnit
ou: dns

After creating the dns-domain.ldif file, upload the file using the cn=Directory Manager,dc=eucalyptus,dc=com user:

# /media/ephemeral0/openldap/bin/ldapadd -H ldap://localhost \
-D "cn=Directory Manager,dc=eucalyptus,dc=com" -W -f dns-domain.ldif
Enter LDAP Password:
adding new entry "dc=eucalyptus,dc=com"
adding new entry "ou=dns,dc=eucalyptus,dc=com"

To allow the cn=Directory Manager,dc=eucalyptus,dc=com user to see what updates are being done to the Directory, enable the Access Log overlay.  To enable this option, create an LDIF file called access-log.ldif.  The contents should look like the following:

dn: olcDatabase={2}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {2}mdb
olcDbDirectory: /media/ephemeral0/openldap/var/openldap-data/access
olcSuffix: cn=log
olcDbIndex: reqStart eq
olcDbMaxSize: 1073741824
olcDbMode: 0600
olcAccess: {1}to * by dn="cn=Directory Manager,dc=eucalyptus,dc=com" read

dn: olcOverlay={1}accesslog,olcDatabase={3}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: {1}accesslog
olcAccessLogDB: cn=log
olcAccessLogOps: all
olcAccessLogPurge: 7+00:00 1+00:00
olcAccessLogSuccess: TRUE
olcAccessLogOld: (objectclass=idnsRecord)

After creating the access-log.ldif, create the directory for storing the access database:

# su - openldap -c "mkdir /media/ephemeral0/openldap/var/openldap-data/access"

Upload the LDIF using the cn=admin,cn=config user:

# /media/ephemeral0/openldap/bin/ldapadd -D cn=admin,cn=config -W -f access-log.ldif

Now that OpenLDAP is ready to go, let’s work on configuring Bind9 DNS.

Bind9 DNS Configuration

Since bind-dyndb-ldap has a dependency package of bind,  named has already been installed on the instance.  The only thing left to do is edit /etc/named.conf so that we are able to use the dynamic ldap backend module.  Edit /etc/named.conf so that it looks like the following:

options {
 listen-on port 53 { <private IP address of the instance>; };
 listen-on-v6 port 53 { ::1; };
 directory "/var/named";
 dump-file "/var/named/data/cache_dump.db";
 statistics-file "/var/named/data/named_stats.txt";
 memstatistics-file "/var/named/data/named_mem_stats.txt";
 recursion yes;

 dnssec-enable yes;
 dnssec-validation yes;
 dnssec-lookaside auto;

/* Path to ISC DLV key */
 bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
 allow-recursion { any; };
};

dynamic-db "qa_dns_test" {
 library "ldap.so";
 arg "uri ldap://localhost";
 arg "base ou=dns,dc=eucalyptus, dc=com";
 arg "auth_method none";
 arg "cache_ttl 10";
 arg "zone_refresh 1";
 arg "dyn_update yes";
};

logging {
 channel default_debug {
 file "data/named.run";
 severity debug;
 print-time yes;
 };
};

zone "." IN {
 type hint;
 file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

As seen above, the dynamic-db section is the configuration for connecting to the OpenLDAP server.  For more advanced configurations, please reference the README in the bind-dyndb-ldap repository on git.fedorahosted.org.

Now we are ready to start named (the bind DNS server).  Before starting the server, make sure and create the rndc key, then start named:

# rndc-confgen -a -r /dev/urandom
# service named start

You have successfully created an Bind9 DNS + OpenLDAP deployment.  Let’s run a quick test.

Test the Deployment

To test the deployment, I created an LDIF called test-cloud.ldif.  The configuration sets up a domain called eucalyptus-systems.com.  It also creates a sub-domain that will be forwarding requests for euca-hasp.eucalyptus-systems.com to the CLCs of the Eucalyptus HA deployment that has been set up.  The contents of the file are as follows:

dn: idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com
objectClass: top
objectClass: idnsZone
objectClass: idnsRecord
idnsName: eucalyptus-systems.com
idnsUpdatePolicy: grant EUCALYPTUS-SYSTEMS.COM krb5-self * A;
idnsZoneActive: TRUE
idnsSOAmName: server.eucalyptus-systems.com
idnsSOArName: root.server.eucalyptus-systems.com
idnsAllowQuery: any;
idnsAllowDynUpdate: TRUE
idnsSOAserial: 1
idnsSOArefresh: 10800
idnsSOAretry: 900
idnsSOAexpire: 604800
idnsSOAminimum: 86400
NSRecord: ns
ARecord: 192.168.55.103 - (the public IP of the instance)

dn: idnsName=ns,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com
objectClass: idnsRecord
objectClass: top
idnsName: ns
aRecord: 192.168.55.103

dn: idnsName=server,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com
objectClass: idnsRecord
objectClass: top
idnsName: server
CNAMERecord: eucalyptus-systems.com.

dn: idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com
objectClass: idnszone
objectClass: idnsrecord
objectClass: top
idnsName: 39.168.192.in-addr.arpa.
idnsSOAmName: server.eucalyptus-systems.com
idnsSOArName: root.server.eucalyptus-systems.com
idnsSOAserial: 1350039556
idnsSOArefresh: 10800
idnsSOAretry: 900
idnsSOAexpire: 604800
idnsSOAminimum: 86400
idnsZoneActive: TRUE
idnsAllowDynUpdate: TRUE
idnsAllowQuery: any;
idnsAllowTransfer: none;
idnsUpdatePolicy: grant EUCALYPTUS-SYSTEMS.COM krb5-subdomain 39.168.192.in-addr.arpa. PTR;
nSRecord: server.eucalyptus-systems.com.

dn: idnsName=_ldap._tcp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com
objectClass: idnsRecord
objectClass: top
idnsName: _ldap._tcp
SRVRecord: 0 100 389 server

dn: idnsName=_ntp._udp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com
objectClass: idnsRecord
objectClass: top
idnsName: _ntp._udp
SRVRecord: 0 100 123 server

# The DNS entries for the CLCs of the cloud - viking-01 and viking-02

dn: idnsName=viking-02,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com
objectClass: idnsRecord
objectClass: top
idnsName: viking-02
aRecord: 192.168.39.102

dn: idnsname=102,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com
objectClass: idnsrecord
objectClass: top
idnsName: 102
pTRRecord: viking-02.eucalyptus-systems.com.

dn: idnsName=viking-01,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com
objectClass: idnsRecord
objectClass: top
idnsName: viking-01
aRecord: 192.168.39.101

dn: idnsname=101,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com
objectClass: idnsrecord
objectClass: top
idnsName: 101
pTRRecord: viking-01.eucalyptus-systems.com.

# The delegated zone - euca-hasp.eucalyptus-systems.com

dn: idnsName=euca-hasp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com
objectClass: top
objectClass: idnsRecord
objectClass: idnsZone
idnsForwardPolicy: first
idnsAllowDynUpdate: FALSE
idnsZoneActive: TRUE
idnsAllowQuery: any;
idnsForwarders: 192.168.39.101
idnsForwarders: 192.168.39.102
idnsName: euca-hasp
idnsSOAmName: server.eucalyptus-systems.com
idnsSOArName: root.server.eucalyptus-systems.com
idnsSOAretry: 15
idnsSOAserial: 1
idnsSOArefresh: 80
idnsSOAexpire: 120
idnsSOAminimum: 30
nSRecord: viking-01.eucalyptus-systems.com
nSRecord: viking-02.eucalyptus-systems.com

Since this was intended for a lab environment where sub-domains (and possibly domains) would be added/deleted on a regular basis, the SOA records were not set to the RFC 1912 standards defined for production DNS use.

After creating this LDIF,  it was uploaded to the LDAP server as the cn=Directory Manager,dc=eucalyptus,dc=com user:

# /media/ephemeral0/openldap/bin/ldapadd -H ldap://localhost \
-D "cn=Directory Manager,dc=eucalyptus,dc=com" -W -f test-cloud.ldif
Enter LDAP Password:
adding new entry "idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
adding new entry "idnsName=ns,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
adding new entry "idnsName=server,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
adding new entry "idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com"
adding new entry "idnsName=_ldap._tcp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
adding new entry "idnsName=_ntp._udp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
adding new entry "idnsName=viking-02,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
adding new entry "idnsname=102,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com"
adding new entry "idnsName=viking-01,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
adding new entry "idnsname=101,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com"
adding new entry "idnsName=euca-hasp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"

To test out the setup, tests were ran against the public IP address of the instance to resolve for the various configurations:

# nslookup viking-01.eucalyptus-systems.com 192.168.55.103
Server: 192.168.55.103
Address: 192.168.55.103#53

Name: viking-01.eucalyptus-systems.com
Address: 192.168.39.101

# nslookup 192.168.39.101 192.168.55.103
Server: 192.168.55.103
Address: 192.168.55.103#53

101.39.168.192.in-addr.arpa name = viking-01.eucalyptus-systems.com.

# nslookup eucalyptus.euca-hasp.eucalyptus-systems.com 192.168.55.103
Server: 192.168.55.103
Address: 192.168.55.103#53

Non-authoritative answer:
Name: eucalyptus.euca-hasp.eucalyptus-systems.com
Address: 192.168.39.102

# nslookup walrus.euca-hasp.eucalyptus-systems.com 192.168.55.103
Server: 192.168.55.103
Address: 192.168.55.103#53

Non-authoritative answer:
Name: walrus.euca-hasp.eucalyptus-systems.com
Address: 192.168.39.101

As see above, not only did the resolution come back correct for the machines under the eucalyptus-systems.com domain, but it also forwarded the requests for the hosts under euca-hasp.eucalyptus-systems.com correctly, and returned the correct response.

To delete the set up, an LDIF called delete-test-cloud.ldif from the test-cloud.ldif as follows:

# tac test-cloud.ldif | grep dn: > delete-test-cloud.ldif

Open up the delete-test-cloud.ldif and add the following lines between each dn:

changetype: delete
(empty line)

Now, use ldapmodify as the cn=Directory Manager,dc=eucalyptus,dc=com user to delete the entries:

# /media/ephemeral0/openldap/bin/ldapmodify -H ldap://localhost -D "cn=Directory Manager,dc=eucalyptus,dc=com" -W -f delete-test-cloud.ldif
Enter LDAP Password:
deleting entry "idnsName=euca-hasp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
deleting entry "idnsname=101,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com"
deleting entry "idnsName=viking-01,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
deleting entry "idnsname=102,idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com"
deleting entry "idnsName=viking-02,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
deleting entry "idnsName=_ntp._udp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
deleting entry "idnsName=_ldap._tcp,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
deleting entry "idnsname=39.168.192.in-addr.arpa.,ou=dns,dc=eucalyptus,dc=com"
deleting entry "idnsName=server,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
deleting entry "idnsName=ns,idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"
deleting entry "idnsName=eucalyptus-systems.com,ou=dns,dc=eucalyptus,dc=com"

To confirm, do a lookup against one of the entries to see if it still exists:

# nslookup viking-01.eucalyptus-systems.com 192.168.55.103
Server: 192.168.55.103
Address: 192.168.55.103#53

** server can't find viking-01.eucalyptus-systems.com: NXDOMAIN

There you have it!  A successful Bind9 DNS + OpenLDAP deployment is ready to be used.

Enjoy!  And as always, questions/suggestions/comments are always welcome.

Bind DNS + OpenLDAP MDB == Dynamic Domain and Fully Delegated Sub-Domain Configuration of DNS

Zen Load Balancer + Eucalyptus == Open Source Load Balancer Appliance in the Cloud

hspencer77, , , , , , , , , , , 4 Comments

Recently, I had the opportunity to sit in on a few meetings at Eucalyptus Systems, Inc. discussing Elastic Load Balancing implementation ideas for Eucalyptus 3.3.  Elastic Load Balancing is under the “Future Development Directions” on the Eucalyptus Cloud Roadmap.  Part of my involvement was to evaluate the Zen Load Balancer.   The first question that I asked myself was “Can this open source load balancer appliance be tested in the cloud?”  I figured this would be a great way to not only test the appliance, but also give some insight as to how users would expect to interact with the load balancer in the cloud – similar to how AWS users interact with Elastic Load Balancing in EC2.

As the title mentions, this application can be made as an Eucalyptus Machine Image (EMI), and used in Eucalyptus as a load balancer.  This blog entry will focus on the creation of the KVM EMI from a VirtualBox (VDI) image.  Since the Zen Load Balancer is an appliance based off of Debian, it was really straight-forward to convert to an EMI.  A follow-up blog entry will discuss how to use the appliance in Eucalyptus to load balance traffic for a group of instances (e.g. HTTP/HTTPS traffic).

Creating the VirtualBox Image

To create the raw disk image needed for the EMI in Eucalyptus, I used VirtualBox on my machine, which is a MacBook Air running Mac OS X 10.8.2.  After downloading and installing VirtualBox, I went through the following steps to create a Zen Load Balancer VirtualBox image:

  1. I started up VirtualBox and I am presented with the following Window: 

    VirtualBox Welcome UI
    VirtualBox Welcome GUI

     

  2. Select “New” in the upper right-hand corner of the screen, and the GUI below will be displayed.  In this example, the name of the VM will be “ZenLoadBalancer”, the type is “Linux”, and the version is “Debian (64-bit). Select “Continue” after the fields have been filled in.

    Create Virtual Machine - Name and Operating System
    VirtualBox UI to select Name and Operating System

     

  3. Select the amount of RAM need for the VM.  In this example, I used 1024 MB. Select “Continue”.

    Create Virtual Machine - Memory Size
    Create Virtual Machine UI – Memory Size

     

  4. Select the hard drive file type.  Here, I selected VirtualBox Disk Image (VDI).  Select “Continue” once a selection has been made.

    Select Hard Drive File Type
    Select Hard Drive File Type

     

  5. Select to make the physical hard drive fixed, then select “Continue”.

    Select Fixed or Dynamic Hard Drive Type
    Select Fixed or Dynamic Hard Drive Type

     

  6. Select the name of the VM image file, and the size of the image.  In this example, the name is “ZenLoadBalancer” using the default location for storing the image, and 3 Gigs was allocated for the image.

    Create Virtual Hard Drive - Location and Size
    Create Virtual Hard Drive – Location and Size

     

  7. Now we need make sure that the network interface is configured and to add the Zen Load Balancer ISO as a CD-ROM device to the VM. To configure these options, start with the Basic Configuration GUI.

    ZenLoadBalancer - Basic Configuration GUI
    ZenLoadBalancer – Basic Configuration GUI

     

  8. Select the “Network” Icon in the top menu. Select “Adapter 1”, and make sure “Enable Network Adapter” is set.  Set “Attached to:” to “Bridged Adapter”, and select the adapter that the bridge will be connected to.  In this example, its en0.  Make sure no other adapters are enabled.  This is important for creating the EMI from this VM.

    Configuring Network Adapter - ZenLoadBalancer
    Configuring Network Adapter – ZenLoadBalancer

     

  9. Select the “Storage” icon in the menu.  Select the “+” sign next to “Controller:IDE” in the right-hand sidebar.

    Adding New IDE
    Adding New IDE

     

  10. Confirm to add new CD/DVD drive to controller IDE by selected ‘Choose disk’, then select the Zen Load Balancer ISO.  Select “Open”. Select “OK” on the main menu when the IDE has been attached.

    Confirming adding new controller IDE
    Confirming adding new controller IDE

    Selecting ZenLoadBalancer ISO
    Selecting ZenLoadBalancer ISO

     

  11. Its now time to power on the VM.  Select “Start” in the main GUI.

    Starting the VM
    Starting the VM

     

  12. The Zen Load Balancer boot-up screen will be presented.

    Zen Load Balancer Splash Screen
    Zen Load Balancer Splash Screen

     

  13. Select “Install”, and begin the static network configuration on the appliance.  In this example, I select 192.168.1.130 as the IP for the VM, and 192.168.1.1 as my gateway.  Even though this is static, we will use some /etc/rc.local magic to dynamically change this information per instance when its used as an EMI.

    Configuring Static IP
    Configuring Static IP

     

  14. After completing those steps, the command-line prompt will be presented.

    Zen Load Balancer Log-In Prompt
    Zen Load Balancer Log-In Prompt

     

  15. Log into the VM, and install the latest linux-headers-*-amd64, linux-image-*-amd64, curl, and isc-dhcp-client using apt.
  16. To make sure that the image can take advantage of using VirtIO, add “virtio”, “virtio_pci”, “virtio_net” and “virtio_blk” virtio modules to the /etc/initramfs-tools/modules file, then run 

    update-initramfs -u

We have finished all the prep work for the image.  Now, we just stop the VM, and get ready to convert this VDI to an EMI.

Creating the Eucalyptus Machine Image

After stopping the VirtualBox VM, we are now ready to convert it to an EMI.  Since the VirtualBox VM image is a VDI, we need to pull out the root filesystem from the raw disk image, and use that as the EMI.

  1.  To get us started, lets  convert the VDI to a raw image.   On my MacBook Air, I opened up good ol’ iTerm.  and ran the following command:   

    $ VBoxManage internalcommands \
converttoraw /Users/haroldspencerjr/VirtualBox\ VMs/ZenLoadBalancer/ZenLoadBalancer.vdi \
ZenLoadBalancer.img

  2. After that completes, you end up with raw image that has the following characteristics: 

    $ file ZenLoadBalancer.img
ZenLoadBalancer.img: x86 boot sector; partition 1: ID=0x83, active, 
starthead 32, startsector 2048, 5924864 sectors; partition 2: ID=0x5,
 starthead 15, startsector 5928958, 360450 sectors, code offset 0x63

     We need to grab the root file system out.  Since I wanted to use parted to figure out which section of the image I needed to pull out using dd, I moved the image to the frontend of my Eucalyptus cloud – which is running on CentOS 6.3.  Once I had it on that machine, I ran parted on the image.  The output looks like the following: 

    # sudo parted ZenLoadBalancer.img

GNU Parted 2.1

Using /root/ZenLoadBalancer.img

Welcome to GNU Parted! Type 'help' to view a list of commands.

(parted) u

Unit?  [compact]? b

(parted) p

Model:  (file)

Disk /root/ZenLoadBalancer.img: 3221225472B

Sector size (logical/physical): 512B/512B

Partition Table: msdos

Number  Start        End          Size         Type      File system     Flags

1      1048576B     3034578943B  3033530368B  primary   ext3            boot

2      3035626496B  3220176895B  184550400B   extended

5      3035627520B  3220176895B  184549376B   logical   linux-swap(v1)
(parted)

  3. As you can see, the root file system is in partition 1.  Note the values for “Start” and “Size” (in this example, the start is 1048576B and the Size is 3033530368B).  This is what you will need to use with dd to pull out the root file system.  When using dd, the bs option can be used to speed up the process.  In this example, I used bs=512.  Since I used that, I had to divide that against the “Start” and “Size” values, and use those values for “skip” and “count”.  The root filesystem that I pull out will be called “ZenLB-rootfs.img”. 

    # sudo dd if=ZenLoadBalancer.img of=ZenLB-rootfs.img bs=512 skip=2048 count=5924864

    After it completes, I will end up with ~3 Gig image: 

    # du -sh ZenLB-rootfs.img2.9G ZenLB-rootfs.img

  4. Next, I need to mount the root device to the loopback to do some additional preparations to the root filesystem, and get the ramdisk and kernel.  Mount the image (in this example, I used /mnt/debian): 

    # sudo mount -o loop ZenLB-rootfs.img /mnt/debian

# sudo mount -o bind /proc /mnt/debian/proc

# sudo mount -o bind /sys /mnt/debian/sys

# sudo mount -o bind /dev /mnt/debian/dev

# sudo mount -o bind /dev/pts /mnt/debian/dev/pts

  5. Once its been mounted, chroot into /mnt/debian. 

    # sudo chroot /mnt/debian

  6. We need to remove /etc/init.d/zenloadbalancer from being ran on start-up.  Use update-rc.d to remove it from the start-up scripts. 

    # sudo update-rc.d -f zenloadbalancer remove

  7. We have to remove the udev rules for networking to make sure we don’t cause any confusion for the image when its launched as an instance: 

    # rm -rf /etc/udev/rules.d/70-persistent-net.rules

  8. Now, we have to edit /etc/network/interfaces to make sure when the eth0 interface is activated, it uses dhcp.  Add the following to the /etc/network/interfaces file:   

    auto eth0
iface eth0 inet dhcp

  9. To get the image ready for the cloud, we need to add/update the /etc/rc.local file.  Copy and paste the contents of the rc.local file from the eucalyptus/Eucalyptus-Scripts repo on github to the /etc/rc.local file.
  10. We need to add one more edit to the /etc/rc.local file.  This addition allows us to configure the Zen Loadbalancer application using the metadata service provided by Eucalyptus. With your favorite editor (e.g. vi, emacs, nano, etc.), open up /etc/rc.local, and add the following lines before the “exit 0”: 

    # set IP information for ZenLoadBalancer

ZENLB_GATEWAY="`route -n | grep UG | awk '{print $2}'`"

ZENLB_IP_INFO="eth0::${META_IP}:255.255.255.0:${ZENLB_GATEWAY}:up::"

echo ${ZENLB_IP_INFO} > /usr/local/zenloadbalancer/config/if_eth0_conf

echo "ZenLoadBalancer IP/Gateway Configuration:"

echo "****************************************"

cat /usr/local/zenloadbalancer/config/if_eth0_conf

echo "****************************************"

ZENLB_GATEWAY="`route -n | grep UG | awk '{print $2}'`"

sed --in-place 's/$defaultgw="192.168.1.1";/$defaultgw="${ZENLB_GATEWAY}";/' /usr/local/zenloadbalancer/config/global.conf


# start zenloadbalancer

/etc/init.d/zenloadbalancer start

  11. Exit out of the chroot environment by typing “exit”.  Copy the ramdisk and kernel from the boot directory where the image is mounted (i.e. /mnt/debian/boot): 

    # sudo cp /mnt/debian/boot/vmlinuz-2.6.32-5-amd64 .
# sudo cp /mnt/debian/boot/initrd.img-2.6.32-5-amd64 .

  12. Unmount all the mounts associated with /mnt/debian: 

    # sudo umount /mnt/debian/dev/pts; sudo umount /mnt/debian/dev;\
 sudo umount /mnt/debian/sys;\
 sudo umount /mnt/debian/proc; sudo umount /mnt/debian

  13. Now that we have the root filesystem image, kernel and ramdisk, lets prepare these images to be bundled, uploaded and registered using eustore.  Create a directory for these images (in this example, ZenLoadBalancer), and a directory inside that directory for the kernel and ramdisk.  To work with eustore, the directory needs to have the name format “hypervisor type”-kernel.  Since we are using KVM, the directory created is “kvm-kernel”.   

    mkdir -p ZenLoadBalancer/kvm-kernel

  14. Move the root filesystem image (ZenLB-rootfs.img) into the ZenLoadBalancer directory, and then move the kernel and ramdisk into the ZenLoadBalancer/kvm-kernel directory. *NOTE* Make sure the images are owned by the current user if you are not the root user.  This can be done using “chown”. After moving the images to those locations, the layout should look similar to the following: 

    # ls ZenLoadBalancer/*

ZenLoadBalancer/ZenLB-rootfs.img

ZenLoadBalancer/kvm-kernel:

initrd.img-2.6.32-5-amd64  vmlinuz-2.6.32-5-amd64

  15. Now all we have to do is tar-gzip up the ZenLoadBalancer directory: 

    # tar -zcvf \
ZenLoadbalancer-x86_64.tgz ZenLoadBalancer

  16. Use eustore to bundle, upload, and register the ramdisk (ERI), kernel (EKI) and root filesystem image (EMI): 

    # eustore-install-image -t ZenLoadbalancer-x86_64.tgz -b zenloadbalancer-debian-x86_64 \
-s "ZenLoadbalancer V2 Stable 1" -k kvm -a x86_64

Unbundling image

going to look for kernel dir : kvm-kernel

Bundling/uploading ramdisk

Checking image

Compressing image

Encrypting image

Splitting image...

Part: initrd.img-2.6.32-5-amd64.part.00

Generating manifest /tmp/NJMRYf/initrd.img-2.6.32-5-amd64.manifest.xml

Checking bucket: zenloadbalancer-debian-x86_64

Creating bucket: zenloadbalancer-debian-x86_64

Uploading manifest file

Uploading part: initrd.img-2.6.32-5-amd64.part.00

Uploaded image as zenloadbalancer-debian-x86_64/initrd.img-2.6.32-5-amd64.manifest.xml

zenloadbalancer-debian-x86_64/initrd.img-2.6.32-5-amd64.manifest.xml

eri-31D33872

Bundling/uploading kernel

Checking image

Compressing image

Encrypting image

Splitting image...

Part: vmlinuz-2.6.32-5-amd64.part.00

Generating manifest /tmp/NJMRYf/vmlinuz-2.6.32-5-amd64.manifest.xml

Checking bucket: zenloadbalancer-debian-x86_64

Uploading manifest file

Uploading part: vmlinuz-2.6.32-5-amd64.part.00

Uploaded image as zenloadbalancer-debian-x86_64/vmlinuz-2.6.32-5-amd64.manifest.xml

zenloadbalancer-debian-x86_64/vmlinuz-2.6.32-5-amd64.manifest.xml

eki-B420361A

Bundling/uploading image

Checking image

Compressing image

Encrypting image

Splitting image...

Part: ZenLB-rootfs.part.00

Part: ZenLB-rootfs.part.01

Part: ZenLB-rootfs.part.02

Part: ZenLB-rootfs.part.03

Part: ZenLB-rootfs.part.04

Part: ZenLB-rootfs.part.05

Part: ZenLB-rootfs.part.06

Part: ZenLB-rootfs.part.07

Part: ZenLB-rootfs.part.08

Part: ZenLB-rootfs.part.09

Part: ZenLB-rootfs.part.10

Part: ZenLB-rootfs.part.11

Part: ZenLB-rootfs.part.12

Part: ZenLB-rootfs.part.13

Part: ZenLB-rootfs.part.14

Part: ZenLB-rootfs.part.15

Part: ZenLB-rootfs.part.16

Part: ZenLB-rootfs.part.17

Part: ZenLB-rootfs.part.18

Part: ZenLB-rootfs.part.19

Part: ZenLB-rootfs.part.20

Part: ZenLB-rootfs.part.21

Part: ZenLB-rootfs.part.22

Part: ZenLB-rootfs.part.23

Part: ZenLB-rootfs.part.24

Part: ZenLB-rootfs.part.25

Part: ZenLB-rootfs.part.26

Part: ZenLB-rootfs.part.27

Part: ZenLB-rootfs.part.28

Part: ZenLB-rootfs.part.29

Part: ZenLB-rootfs.part.30

Part: ZenLB-rootfs.part.31

Part: ZenLB-rootfs.part.32

Part: ZenLB-rootfs.part.33

Part: ZenLB-rootfs.part.34

Part: ZenLB-rootfs.part.35

Part: ZenLB-rootfs.part.36

Part: ZenLB-rootfs.part.37

Part: ZenLB-rootfs.part.38

Part: ZenLB-rootfs.part.39

Part: ZenLB-rootfs.part.40

Part: ZenLB-rootfs.part.41

Part: ZenLB-rootfs.part.42

Part: ZenLB-rootfs.part.43

Part: ZenLB-rootfs.part.44

Generating manifest /tmp/NJMRYf/ZenLB-rootfs.manifest.xml

Checking bucket: zenloadbalancer-debian-x86_64

Uploading manifest file

Uploading part: ZenLB-rootfs.part.00

Uploading part: ZenLB-rootfs.part.01

Uploading part: ZenLB-rootfs.part.02

Uploading part: ZenLB-rootfs.part.03

Uploading part: ZenLB-rootfs.part.04

Uploading part: ZenLB-rootfs.part.05

Uploading part: ZenLB-rootfs.part.06

Uploading part: ZenLB-rootfs.part.07

Uploading part: ZenLB-rootfs.part.08

Uploading part: ZenLB-rootfs.part.09

Uploading part: ZenLB-rootfs.part.10

Uploading part: ZenLB-rootfs.part.11

Uploading part: ZenLB-rootfs.part.12

Uploading part: ZenLB-rootfs.part.13

Uploading part: ZenLB-rootfs.part.14

Uploading part: ZenLB-rootfs.part.15

Uploading part: ZenLB-rootfs.part.16

Uploading part: ZenLB-rootfs.part.17

Uploading part: ZenLB-rootfs.part.18

Uploading part: ZenLB-rootfs.part.19

Uploading part: ZenLB-rootfs.part.20

Uploading part: ZenLB-rootfs.part.21

Uploading part: ZenLB-rootfs.part.22

Uploading part: ZenLB-rootfs.part.23

Uploading part: ZenLB-rootfs.part.24

Uploading part: ZenLB-rootfs.part.25

Uploading part: ZenLB-rootfs.part.26

Uploading part: ZenLB-rootfs.part.27

Uploading part: ZenLB-rootfs.part.28

Uploading part: ZenLB-rootfs.part.29

Uploading part: ZenLB-rootfs.part.30

Uploading part: ZenLB-rootfs.part.31

Uploading part: ZenLB-rootfs.part.32

Uploading part: ZenLB-rootfs.part.33

Uploading part: ZenLB-rootfs.part.34

Uploading part: ZenLB-rootfs.part.35

Uploading part: ZenLB-rootfs.part.36

Uploading part: ZenLB-rootfs.part.37

Uploading part: ZenLB-rootfs.part.38

Uploading part: ZenLB-rootfs.part.39

Uploading part: ZenLB-rootfs.part.40

Uploading part: ZenLB-rootfs.part.41

Uploading part: ZenLB-rootfs.part.42

Uploading part: ZenLB-rootfs.part.43

Uploading part: ZenLB-rootfs.part.44

Uploaded image as zenloadbalancer-debian-x86_64/ZenLB-rootfs.manifest.xml

zenloadbalancer-debian-x86_64/ZenLB-rootfs.manifest.xml

Installed image: emi-826F3A01

Test the Zen LoadBalancer Eucalyptus Machine Image

We are now ready to test out the newly bundled image.  Make sure and source your Eucalyptus creds (i.e. source .eucarc) so that we can create a security group for the load balancer, and then launch the image.

First, create the security group, and authorize ports for SSH (22), ping (ICMP), and ZenLoadBalancer admin UI (444).


# euca-create-group zenloadbalancer -d "Security Group for Zen Loadbalancer"

GROUP zenloadbalancer Security Group for Zen Loadbalancer

# euca-authorize -P tcp -p 22 -s 0.0.0.0/0 zenloadbalancer

GROUP zenloadbalancer

PERMISSION zenloadbalancer ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0

# euca-authorize -P tcp -p 444 -s 0.0.0.0/0 zenloadbalancer

GROUP zenloadbalancer

PERMISSION zenloadbalancer ALLOWS tcp 444 444 FROM CIDR 0.0.0.0/0

# euca-authorize -P icmp -t -1:-1 -s 0.0.0.0/0 zenloadbalancer

GROUP zenloadbalancer

PERMISSION zenloadbalancer ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0

# euca-describe-group zenloadbalancer

GROUP 345590850920 zenloadbalancer Security Group for Zen Loadbalancer

PERMISSION 345590850920 zenloadbalancer ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0

PERMISSION 345590850920 zenloadbalancer ALLOWS tcp 444 444 FROM CIDR 0.0.0.0/0

PERMISSION 345590850920 zenloadbalancer ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0

Now, lets launch an instance under the “zenloadbalancer” group.


# euca-run-instances -k admin emi-826F3A01 -g zenloadbalancer

Run “euca-describe-instances” to see when the instance gets into a running state:


# euca-describe-instances i-BF33466F
RESERVATION r-7D23418A 345590850920 zenloadbalancer
INSTANCE i-BF33466F emi-826F3A01 euca-192-168-55-105.wu-tang.euca-hasp.eucalyptus-systems.com euca-10-106-45-14.wu-tang.internal running admin 0 
m1.small 2012-11-28T17:32:44.184Z enter-the-wu eki-B420361A eri-31D33872 
monitoring-disable euca-192-168-55-105.wu-tang.euca-hasp.eucalyptus-systems.com euca-10-106-45-14.wu-tang.internal instance-store

Once, the instance is up, access the Zen Load Balancer Admin UI – https://euca-192-168-55-105.wu-tang.euca-hasp.eucalyptus-systems.com:444/ – and log-in using the username “admin” and password “admin” – as per the Zen Load Balancer Administrator’s Guide:

Zen Load Balancer Admin UI Login

Landing Page – Zen Load Balancer Admin UI

And thats it.  You now have an Open Source Load Balancer ready for cloud use.  The follow-up blog to this will show how to use the Zen Load Balancer in Eucalyptus.  Hope you found this helpful.  Enjoy!

Zen Load Balancer + Eucalyptus == Open Source Load Balancer Appliance in the Cloud

The Collaboration: Eustore with Varnish and Eucalyptus Walrus

hspencer77, , , , , , , Leave a comment

In my last blog, I covered three ways Eucalyptus Systems uses the Varnish-Walrus architecture. This blog will cover how eustore takes advantage of this architecture.

Overview

Eustore is an image management tool developed by David Kavanagh. Its primary goal is to automate image bundling, uploading and registration.  The two commands provided by eustore is eustore-describe-images and eustore-install-image.


# eustore-describe-images --help
Usage: eustore-describe-images [options]

lists images from Eucalyptus.com

Options:
-h, --help show this help message and exit
-v, --verbose display more information about images

Standard Options:
-D, --debug Turn on all debugging output
--debugger Enable interactive debugger on error
-U URL, --url=URL Override service URL with value provided
--region=REGION Name of the region to connect to
-I ACCESS_KEY_ID, --access-key-id=ACCESS_KEY_ID
Override access key value
-S SECRET_KEY, --secret-key=SECRET_KEY
Override secret key value
--version Display version string

# eustore-install-image --help
Usage: eustore-install-image [options]

downloads and installs images from Eucalyptus.com

Options:
-h, --help show this help message and exit
-i IMAGE_NAME, --image_name=IMAGE_NAME
name of image to install
-b BUCKET, --bucket=BUCKET
specify the bucket to store the images in
-k KERNEL_TYPE, --kernel_type=KERNEL_TYPE
specify the type you're using [xen|kvm]
-d DIR, --dir=DIR specify a temporary directory for large files
--kernel=KERNEL Override bundled kernel with one already installed
--ramdisk=RAMDISK Override bundled ramdisk with one already installed

Standard Options:
-D, --debug Turn on all debugging output
--debugger Enable interactive debugger on error
-U URL, --url=URL Override service URL with value provided
--region=REGION Name of the region to connect to
-I ACCESS_KEY_ID, --access-key-id=ACCESS_KEY_ID
Override access key value
-S SECRET_KEY, --secret-key=SECRET_KEY
Override secret key value
--version Display version string

Eustore, by default, uses the images located on emis.eucalyptus.com.  Eustore can be configured to use other locations for images.  Eustore utilizes two components for image management:

  • JSON configuration file – catalog.json
  • Location for tar-gzipped EMIs

The images found on emis.eucalyptus.com and the JSON configuration file associated with those images are all located in unique Walrus buckets. The images shown in this blog are in the starter-emis bucket. The ACLs for these buckets allow for the objects to be publicly accessible. For more information on Walrus ACLs, please reference the section “Access Control List (ACL) Overview” in the AWS S3 Developer’s Guide.

The two commands mentioned above that eustore provides – eustore-describe-images and eustore-install-images – significantly cuts down the number of commands needed to be input by the user. Without using eustore, a user would need to run 3 commands (euca-bundle-image, euca-upload-image, and euca-register) for the kernel, ramdisk, and raw disk image for an EMI (this translates to a total of 9 commands).

The Collaboration

eustore-describe-images

When eustore-describe-images is ran, the following occurs:

Diagram of eustore-describe-images
eustore-describe-images
  1. eustore-describe-image requests information from JSON file (stored in Walrus bucket) from emis.eucalyptus.com (varnishd instance)
  2. ** If JSON file – catalog.json – is not present on emis.eucalyptus.com‘s cache, then JSON file is pulled from Walrus bucket
  3. Data from JSON file is returned to eustore-describe-images.


    # eustore-describe-images
    ....
    centos-x86_64-20120114 centos x86_64 2012.1.14 CentOS 5 1.3GB root, Single Kernel
    centos-lg-i386-20110702 centos i386 2011.07.02 CentOS 5 4.5GB root, Hypervisor-Specific Kernels
    centos-lg-x86_64-20110702centos x86_64 2011.07.02 CentOS 5 4.5GB root, Hypervisor-Specific Kernels
    centos-lg-x86_64-20111228centos x86_64 2011.12.28 CentOS 5 4.5GB root, Single Kernel
    centos-lg-x86_64-20120114centos x86_64 2012.1.14 CentOS 5 4.5GB root, Single Kernel
    debian-i386-20110702 debian i386 2011.07.02 Debian 6 1.3GB root, Hypervisor-Specific Kernels
    debian-x86_64-20110702 debian x86_64 2011.07.02 Debian 6 1.3GB root, Hypervisor-Specific Kernels
    debian-x86_64-20120114 debian x86_64 2012.1.14 Debian 6 1.3GB root, Single Kernel
    .....

eustore-install-image

eustore-install-image follows the same steps as eustore-describe-images, except it uses the information stored in the JSON file for each EMI.  The following information is present for each EMI:


{
"images": [
{
"name": "centos-x86_64-20120114",
"description": "CentOS 5 1.3GB root, Single Kernel",
"version": "2012.1.14",
"architecture": "x86_64",
"os": "centos",
"url": "starter-emis/euca-centos-2012.1.14-x86_64.tgz",
"date": "20120114150503",
"recipe": "centos-based",
"stamp": "28fc-4826",
"contact": "images@lists.eucalyptus.com"
},
.....
{
"name": "debian-x86_64-20120114",
"description": "Debian 6 1.3GB root, Single Kernel",
"version": "2012.1.14",
"architecture": "x86_64",
"os": "debian",
"url": "starter-emis/euca-debian-2012.1.14-x86_64.tgz",
"date": "20120114152138",
"recipe": "debian-based",
"stamp": "3752-f34a",
"contact": "images@lists.eucalyptus.com"
},
....
]
}

When eustore-install-image -i centos-x86_64-20120114 -b centos_x86-64 is executed, the following occurs:

Diagram of eustore-install-image
eustore-install-image
  1. eustore-install-image requests image (which is in a tar-gzipped form) to be downloaded from emis.eucalyptus.com
  2. ** If image is not available (euca-centos-2012.1.14-x86_64.tgz) in varnish cache, then varnishd (emis.eucalyptus.com) will pull image from starter-emis bucket and store it in ephemeral space for caching to handle future requests.
  3. Once the tar-gzipped file is downloaded, eustore-install-image will bundle, upload, and register the kernel (EKI), ramdisk (ERI) and image (EMI).

As demonstrated above, eustore definitely makes image management efficient and user-friendly. Stay tuned for upcoming blogs discussing more on how the Varnish-Walrus architecture is utilized.

For any questions, concerns, and/or suggestions, please email images@lists.eucalyptus.com or community@lists.eucalyptus.com. And as always, you can respond with comments here as well.:-)

Enjoy!

**This step won’t happen if the contents are cached on emis.eucalyptus.com

The Collaboration: Eustore with Varnish and Eucalyptus Walrus

Fun with Varnish and Walrus on Eucalyptus, Part 2

hspencer77, , , , , , , , , Leave a comment

A few weeks ago, I posted a blog entitled “Fun with Varnish and Walrus on Eucalyptus, Part 1“. This blog will follow-up on my blog to showcase a few production use cases that utilize the VarnishWalrus architecture built on top of Eucalyptus.*NOTE* This architecture can also be leveraged using AWS EC2 and S3. This is one of the many benefits of Eucalyptus being AWS compatible.

The tools and web pages that take advantage of the Varnish-Walrus architecture on Eucalyptus are the following:

Eustore uses the Varnish-Walrus architecture by pulling images through emi.eucalyptus.com (the varnish instance). The data for each of the images is stored in a JSON file located in a Walrus bukkit. For more information about Eustore, please refer to David Kavanagh’s Eustore blog.

The Starter Eucalyptus Machine Images (EMIs) page uses the Varnish-Walrus architecture to allow users to download all of the EMIs that can be downloaded.

Starter EMIs
Starter Eucalyptus Machine Images (EMIs)
Since emis.eucalyptus.com is a varnish instance, you can query logs there to get statistics on how many of each EMI has been downloaded.

The Eucalyptus Machine Images page is a static web page for emis.eucalyptus.com, which is comprised of HTML, CSS, and jQuery – which are all stored in a Walrus bukkit.

http://emis.eucalyptus.com
Eucalyptus Machine Images Page
The web page for emis.eucalyptus.com definitely shows the power of using Walrus as a data store for various information. It accesses the same JSON file that is used by Eustore. We did this to make sure that there is consistency with all tools and web pages that provide access to the EMIs we create.

Hope you enjoyed this introduction to the use cases we use here at Eucalyptus. Stay tuned to the follow-up blogs that provide a more in-depth view as to how each use case utilizes our Varnish-Walrus infrastructure.

Thanks to David Kavanagh and Ian Struble for helping in this endeavor. This blog would have been out sooner, but I was busy at Scale 10x working the booth for Eucalyptus Systems. To see the fun we had at the conference, check out the following tumblr posts:

Till next time…

1Eustore was designed by David Kavanagh, one of the many great colleagues I work with at Eucalyptus Systems. It initially started as a project idea that spurred from various image management needs discussed in the Eucalyptus Image Management group.

Fun with Varnish and Walrus on Eucalyptus, Part 2