The instructions are for KVM/Basic x86_64, version 2.3.0, taken from here: CernVM Downloads.
Make the images
(Note: deathstar runs Fedora 13 at the time of writing.)
[root@deathstar tmp]# du -sh cernvm-2.3.0-x86_64.hdd
13G cernvm-2.3.0-x86_64.hdd
[root@deathstar tmp]# mount cernvm-2.3.0-x86_64.hdd /mnt -o loop,offset=65536
[root@deathstar tmp]# chroot /mnt
check if I am really in chroot... hmmm.. does this qualify ?
[root@deathstar /]# df .
df: Warning: cannot read table of mounted file systems: No such file or directory
Filesystem 1K-blocks Used Available Use% Mounted on
- 12921312 3199696 9070408 27% /
root@deathstar /]# mv /boot/initrd-2.6.18-194.11.4.el5.img
/boot/initrd-2.6.18-194.11.4.el5.img.saveme
[root@deathstar /]# mkinitrd --preload virtio --preload virtio_blk --preload virtio_pci /boot/initrd-2.6.18-194.11.4.el5.img 2.6.18-194.11.4.el5
error opening /sys/block: No such file or directory
error opening /sys/block: No such file or directory
[root@deathstar /]# chmod 644 /boot/initrd-2.6.18-194.11.4.el5.img
[root@deathstar /]# echo "nameserver 155.198.211.2" > /etc/resolv.conf
Don't let just anybody access the web interface:
[root@deathstar /]# wget -O /etc/sysconfig/iptables http://www.hep.ph.ic.ac.uk/~sf105/cernvm/iptables
[snip]
Saving to: `/etc/sysconfig/iptables'
[root@deathstar /]# exit
as me:
[dbauer@deathstar ~]$ cp /mnt/boot/{vmlinuz,initrd}* /home/dbauer/cernvm/2.3.basic/
[dbauer@deathstar ~]$ ls /home/dbauer/cernvm/2.3.basic/
cernvm-2.3.0-x86_64.hdd initrd-2.6.18-194.11.4.el5.img
vmlinuz-2.6.18-194.11.4.el5 (generally referred to as the kernel file)
as root:
[root@deathstar tmp]# umount /mnt
Upload the images
The official instructions.
[dbauer@deathstar 2.3.basic]$ . ~/.euca/euca2-dbauer-x509-cloud00/eucarc
(a) The kernel
[dbauer@deathstar 2.3.basic]$ euca-bundle-image -i vmlinuz-2.6.18-194.11.4.el5 --kernel true
Checking image
Encrypting image
Splitting image...
Part: vmlinuz-2.6.18-194.11.4.el5.part.00
Generating manifest /tmp/vmlinuz-2.6.18-194.11.4.el5.manifest.xml
[dbauer@deathstar 2.3.basic]$ euca-upload-bundle -b cernvm-kernel-bucket -m /tmp/vmlinuz-2.6.18-194.11.4.el5.manifest.xml
Checking bucket: cernvm-kernel-bucket
Creating bucket: cernvm-kernel-bucket
Uploading manifest file
Uploading part: vmlinuz-2.6.18-194.11.4.el5.part.00
Uploaded image as cernvm-kernel-bucket/vmlinuz-2.6.18-194.11.4.el5.manifest.xml
[dbauer@deathstar 2.3.basic]$ cp /tmp/vmlinuz-2.6.18-194.11.4.el5.manifest.xml .
[dbauer@deathstar 2.3.basic]$ euca-register cernvm-kernel-bucket/vmlinuz-2.6.18-194.11.4.el5.manifest.xml
Image: Only administrators can register kernel images.
Simon !!!
After being added to the admin group (not very cloud like, no ?) it now works:
[dbauer@deathstar 2.3.basic]$ euca-register cernvm-kernel-bucket/vmlinuz-2.6.18-194.11.4.el5.manifest.xml
IMAGE eki-AFB11710
(b) The ramdisk
[dbauer@deathstar 2.3.basic]$ euca-bundle-image -i initrd-2.6.18-194.11.4.el5.img --ramdisk true
Checking image
Encrypting image
Splitting image...
Part: initrd-2.6.18-194.11.4.el5.img.part.00
Generating manifest /tmp/initrd-2.6.18-194.11.4.el5.img.manifest.xml
[dbauer@deathstar 2.3.basic]$ euca-upload-bundle -b cernvm-ramdisk-bucket -m /tmp/initrd-2.6.18-194.11.4.el5.img.manifest.xml
Checking bucket: cernvm-ramdisk-bucket
Creating bucket: cernvm-ramdisk-bucket
Uploading manifest file
Uploading part: initrd-2.6.18-194.11.4.el5.img.part.00
Uploaded image as
cernvm-ramdisk-bucket/initrd-2.6.18-194.11.4.el5.img.manifest.xml
[dbauer@deathstar 2.3.basic]$ euca-register
cernvm-ramdisk-bucket/initrd-2.6.18-194.11.4.el5.img.manifest.xml
IMAGE eri-0F4C1867
(c)The machine image
[dbauer@deathstar 2.3.basic]$ export ERI=eri-0F4C1867
[dbauer@deathstar 2.3.basic]$ export EKI=eki-AFB11710
[dbauer@deathstar 2.3.basic]$ euca-bundle-image -i cernvm-2.3.0-x86_64.hdd --kernel $EKI --ramdisk $ERI
Checking image
Encrypting image
Splitting image...
Part: cernvm-2.3.0-x86_64.hdd.part.00
[snip]
Part: cernvm-2.3.0-x86_64.hdd.part.26
Generating manifest /tmp/cernvm-2.3.0-x86_64.hdd.manifest.xml
[dbauer@deathstar 2.3.basic]$ euca-upload-bundle -b cernvm-image-bucket -m /tmp/cernvm-2.3.0-x86_64.hdd.manifest.xml
Checking bucket: cernvm-image-bucket
Creating bucket: cernvm-image-bucket
Uploading manifest file
Uploading part: cernvm-2.3.0-x86_64.hdd.part.00
[snip]
Uploading part: cernvm-2.3.0-x86_64.hdd.part.26
Uploaded image as cernvm-image-bucket/cernvm-2.3.0-x86_64.hdd.manifest.xml
[dbauer@deathstar 2.3.basic]$ euca-register cernvm-image-bucket/cernvm-2.3.0-x86_64.hdd.manifest.xml
IMAGE emi-4461161C
Trying it out
[dbauer@deathstar 2.3.basic]$ euca-add-keypair dbcloud00 | tee dbcloud00.private
[dbauer@deathstar 2.3.basic]$ chmod 0600 dbcloud00.private
[dbauer@deathstar 2.3.basic]$ euca-describe-availability-zones verbose
AVAILABILITYZONE cloud00 cloud00.grid.hep.ph.ic.ac.uk
AVAILABILITYZONE |- vm types free / max cpu ram disk
AVAILABILITYZONE |- m1.small 0007 / 0007 1 128 2
AVAILABILITYZONE |- c1.medium 0007 / 0007 1 256 5
AVAILABILITYZONE |- m1.large 0007 / 0007 1 512 10
AVAILABILITYZONE |- m1.xlarge 0003 / 0003 2 1024 20
AVAILABILITYZONE |- c1.xlarge 0003 / 0003 2 2048 20
I guess I have to use xlarge here:
[dbauer@deathstar 2.3.basic]$ euca-run-instances -k dbcloud00 -n 1 -t m1.xlarge emi-4461161C
RESERVATION r-2EFA067C dbauer dbauer-default
INSTANCE i-50010991 emi-4461161C 0.0.0.0 0.0.0.0 pending dbcloud00 0 m1.xlarge 2011-05-24T17:10:59.773Z cloud00 eki-AFB11710 eri-0F4C1867
I think I am going to quit while I am ahead.....
It fails (times out):
[dbauer@deathstar 2.3.basic]$ euca-describe-instances
RESERVATION r-2EFA067C dbauer default
INSTANCE i-50010991 emi-4461161C 146.179.247.25
146.179.247.25 terminated dbcloud00 0
m1.xlarge 2011-05-24T17:10:59.773Z cloud00 eki-AFB11710
eri-0F4C1867
Argggggggggggghhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.
After acquiring root access on cloud00, the error (among others) in
/var/log/eucalyptus/nc.log reads: "ibvirt: cannot send data: Broken pipe
(code=38)" and is solved by restarting eucalyptus-nc.
So now I have my machine:
[dbauer@deathstar ~]$ euca-describe-instances
RESERVATION r-45660741 dbauer default
INSTANCE i-552A0A8B emi-4461161C 146.179.247.25 146.179.247.25 running dbcloud00 0 m1.xlarge 2011-05-25T12:42:22.504Z cloud00 eki-AFB11710 eri-0F4C1867
Logging on to the web interface, this one wants me to configure some
proxies. This is, as it turns out an omen.
Leave page empty.
Change password on next page ("Change Password").
"User Account Setup" page: "Group" is empty (was 'CMS'/'Atlas'/etc on DOC)
implementation) and the whole thing fails. Grrrrrrrrrrrrrrrrr.
It still make the user though and I can log in and have a look around.
Closer inspection reveals that it has trouble looking stuff up on the internet:
[root@localhost ~]# nslookup www.google.co.uk
;; connection timed out; no servers could be reached
The gist of this is: cloud00 needs a reboot or something close to it.
Trying it out after resetting cloud00
[dbauer@deathstar ~]$ euca-run-instances -k dbcloud00 -n 1 -t m1.xlarge
emi-4461161C
[dbauer@deathstar ~]$ euca-describe-instances
RESERVATION r-34500673 dbauer default
INSTANCE i-3D2C07AC emi-4461161C 146.179.247.27 146.179.247.27
running dbcloud00 0 m1.xlarge 2011-05-25T15:35:29.581Z
cloud00 eki-AFB11710 eri-0F4C1867
Log onto the web interface and follow the steps as described here.
This all goes very well until I try and reboot the machine and it doesn't come
back. A closer look (it's not just cernvm that doesn't reboot) leads to the
conclusion that CentOS 5 KVM is probably not recent enough to handle this. Not
good.
One day later
Take up Simon's suggestion to configure the image locally and then upload it to
cloud - this would also get me around the 'set CMS again after rebooting'
issue.
Step 1:
Install kvm and virt-manager (yum install virt-manager and yum install
qemu-kvm).
Turn on virtualisation on my machine: It's hiding under 'Security' in the BIOS
(F10 on reboot).
Step 2 (from memory - I hate GUIs):
Start a virtual machine in virt-manager: Set 'Name' to something catchy and
click 'Import existing image'. Provide path to .hdd file ('Browse', then 'Browse
Local'), OS type is Linux and
Version Redhat 5.4 or later.
Remove [need to look this up], add hardware 'Storage', provide path again.
Click 'Run'.
Step 3:
Configure machine and reboot. Click OK in webinterface when reboot has finished,
shut everything down and rebundle the new image:
export ERI=eri-0F4C1867
export EKI=eki-AFB11710
euca-bundle-image -i cernvm-2.3.0-x86_64.hdd --kernel $EKI --ramdisk $ERI
euca-upload-bundle -b cernvm-image-bucket -m /tmp/cernvm-2.3.0-x86_64.hdd.manifest.xml
[do I need to delete the old one first ? - let's try without it.]
[dbauer@deathstar tmp]$ euca-register cernvm-image-bucket/cernvm-2.3.0-x86_64.hdd.manifest.xml
IMAGE emi-4457161D
Testing, 3rd try
[dbauer@deathstar tmp]$ euca-run-instances -k dbcloud00 -n 1 -t m1.xlarge emi-4457161D
RESERVATION r-4CC008EA dbauer dbauer-default
INSTANCE i-37BB0675 emi-4457161D 0.0.0.0 0.0.0.0 pending
dbcloud00 0 m1.xlarge 2011-05-26T13:07:55.124Z
cloud00 eki-AFB11710 eri-0F4C1867
Nope, same as before.
Deregister everything, try again.
[dbauer@deathstar tmp]$ euca-deregister emi-4461161C
IMAGE emi-4461161C
[dbauer@deathstar tmp]$ euca-deregister emi-4457161D
IMAGE emi-4457161D
euca-delete-bundle -a $EC2_ACCESS_KEY -s $EC2_SECRET_KEY --url $S3_URL
-b cernvm-image-bucket -p cernvm-2.3.0-x86_64.hdd
[root@cloud00 ~]# ls -l /srv/localstage/eucalyptus/buckets/cernvm-image-bucket/
total 0
Same commands as before, result:
[dbauer@deathstar tmp]$ euca-register cernvm-image-bucket/cernvm-2.3.0-x86_64.hdd.manifest.xml
IMAGE emi-444C1618
[at which point I forgot to keep a log, but:]
Success
(Note: I might take more than one go when starting it up for the first
time.)
. ~/.euca/euca2-dbauer-x509-cloud00/eucarc
[snip]
IMAGE emi-444C1618 cernvm-image-bucket/cernvm-2.3.0-x86_64.hdd.manifest.xml dbauer available public x86_64 machine eki-AFB11710 eri-0F4C1867 instance-store
[snap]
euca-run-instances -k dbcloud00 -n 1 -t m1.xlarge emi-444C1618
[dbauer@deathstar ~]$ euca-describe-instances
RESERVATION r-3F5F06F0 dbauer default
INSTANCE i-49C20866 emi-444C1618 146.179.247.27 146.179.247.27
running dbcloud00 0 m1.xlarge 2011-06-21T14:02:34.299Z
cloud00 eki-AFB11710 eri-0F4C1867
It does remember the user:
[dbauer@deathstar ~]$ ssh dbauer@146.179.247.27
dbauer@146.179.247.27's password:
And the CMS software (with the usual disclaimer about /etc/cms/SITECONF missing) seems to be installed as well:
[dbauer@cloud00vm02 ~]$ ls /opt/
classads cms d-cache edg external glite globus gpt grid lcg
Detour: emacs
Not having ticked the 'Desktop' box, I realized I needed an emacs on the
machine and not wanting to go through the whole rigamarole again, I tried to
install it using the conary
package manager CERNVM insists on using (last updated in 2009). (Trying to
install yum on the sly didn't work. Grrrrr....). I get:
sudo conary install emacs
Including extra troves to resolve dependencies:
Xaw3d:lib=1.5E_10.1-1-4
Applying update job:
Install Xaw3d(:lib)=1.5E_10.1-1-4
Install emacs(:data :runtime)=21.4_20.el5-1-4
No emacs in PATH, and /usr/bin/emacs-x opens a window, but the menu is missing
and it throws a bunch of errors.
It takes "sudo conary install emacs-nox emacs-common" to actually get a working
copy of emacs.
Can I run MC ?
Yes, but all the
caveats for CERNVM 2.2 apply.
Now, can I run MC ? That's a different story....
From Simon:
The magic steps:
1) Get the CernVM KVM image file (I'll call this "kvm.img")
2) Extract the kernel & initrd from the kvm.img file:
mount kvm.img /mnt -o loop,offset=65536 (as root on your desktop)
# Rebuild the initrd with the virtio drivers
chroot /mnt (as root)
# Make sure you really are in the chroot or you could break
# your system!
rm /boot/initrd-2.6.18-194.11.4.el5.img
mkinitrd --preload virtio --preload virtio_blk --preload virtio_pci
/boot/initrd-2.6.18-194.11.4.el5.img 2.6.18-194.11.4.el5
chmod 644 /boot/initrd-2.6.18-194.11.4.el5.img
echo "nameserver 155.198.211.2" > /etc/resolv.conf
# Prevent random people accessing the web admin service!
# This is just asking to get hacked otherwise.
wget -O /etc/sysconfig/iptables
http://www.hep.ph.ic.ac.uk/~sf105/cernvm/iptables
# Install a script which gets the ssh keys from eucalyptus
wget -O /etc/rc.local http://www.hep.ph.ic.ac.uk/~sf105/cernvm/rc.local
chmod 755 /etc/rc.d/rc.local
exit # This should leave the chroot
cp /mnt/boot/{vmlinuz,initrd}* /some/other/path (back as normal user)
umount /mnt (as root again)
I'll call these vmlinuz and initrd.img...
3) You should now have 3 files in a directory:
kvm.img (root image), vmlinuz (kernel), initrd.img (initramfs)
4) Follow the "Adding images" instruction on:
http://open.eucalyptus.com/wiki/EucalyptusImageManagement_v2.0
5) Try booting the image and see what goes wrong... (This step can
take a while, ~20 minutes, the first start is always
very slow as it caches the image, future starts will only take ~1 min).