Project

General

Profile

Install procedure

Ensure that you have hardware virtualization turned on in the BIOS and 'kvm' kernel module loaded

cat /proc/cpuinfo | egrep '(svm|vmx)' 
lsmod | grep kvm

Install dependencies

yum install openssh openssh-clients qemu-kvm libvirt nfs-utils bridge-utils ruby -y
rpm -ivh http://mirror.nl.leaseweb.net/epel/6/x86_64/epel-release-6-7.noarch.rpm

Configure user

useradd oneadmin
groupadd oneadmin
useradd -G oneadmin oneadmin
usermod -u 1001 oneadmin
groupmod -g 1001 oneadmin
vi /etc/sudoers -> add root permissions to oneadmin with "oneadmin ALL=(ALL) ALL"

Configure firewall and policies

vi /etc/sysconfig/selinux -> change selinux=enforcing to selinux=permissive 
sudo setenforce 0
vi /etc/polkit-1/localauthority/50-local.d/50-org.libvirt.unix.manage-opennebula.pkla
Identity=unix-user:oneadmin
Action=org.libvirt.unix.manage
#Action=org.libvirt.unix.monitor
ResultAny=yes
ResultInactive=yes
ResultActive=yes
vi /etc/sysconfig/iptables
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:65536]
:OUTPUT ACCEPT [0:65536]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32769 -j ACCEPT
#noVNC ports
-A INPUT -m state --state NEW -m tcp -p tcp --dport 29876 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 29876 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 35776:46776 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 35776:46776 -j ACCEPT
#mySQL
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 3306 -j ACCEPT
#HTTP
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4567:4572 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 4567:4572 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:7000 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 5900:7000 -j ACCEPT

Configure SSH

su oneadmin
cd
ssh-keygen
scp cloudpt2.clients.ua.pt:/home/oneadmin/.ssh/id_rsa.pub ~/.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
cp ~/.ssh/authorized_keys ~/.ssh/known_hosts
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/id_rsa.pub
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/known_hosts
chkconfig sshd on

Configure NFS

mkdir /opt/opennebula
mkdir /opt/opennebula_shared
chown /opt/opennebula oneadmin
chgrp /opt/opennebula_shared oneadmin
chown /opt/opennebula oneadmin
chgrp /opt/opennebula_shared oneadmin
vi /etc/fstab
cloudpt2.clients.ua.pt:/opt/opennebula /opt/opennebula nfs defaults 0 0
cloudpt2.clients.ua.pt:/opt/opennebula_shared /opt/opennebula_shared nfs defaults 0 0
chkconfig nfs on
chkconfig rpcbind on
chkconfig nfslock on
service nfs restart
service rpcbind restart
service nfslock restart
vi ~/.bash_profile
export ONE_LOCATION=/opt/opennebula
mount -a -v

Configure Libvirt

vi /etc/libvirt/libvirtd.conf
listen_tcp = 1
unix_sock_group = oneadmin
unix_sock_ro_perms = 0777
unix_sock_rw_perms = 0777
auth_unix_rw = "none"
vi /etc/libvirt/qemu.conf
user = "oneadmin"
group = "oneadmin"
dynamic_ownership = 0
chkconfig libvirtd on
service libvirtd restart