2.6. Hypervisor Host installation
2.6.1. Hypervisor Host Installation Overview
This section describes installing a Hypervisor host. This is targeted towards hosts running Linux Kernel Virtual Machine (KVM)
Before continuing, make sure that you have applied the latest updates to your host.
It is NOT recommended to run services on this host not controlled by CloudStack.
The procedure for installing the Hypervisor Host is:
Prepare the Operating System
Install and configure libvirt
Configure Security Policies (AppArmor and SELinux)
Install and configure the Agent
2.6.5. Configure the network bridges
This is a very important section, please make sure you read this thoroughly.
In order to forward traffic to your instances you will need at least two bridges: public and private.
By default these bridges are called cloudbr0 and cloudbr1, but you do have to make sure they are available on each hypervisor.
The most important factor is that you keep the configuration consistent on all your hypervisors.
There are many ways to configure your network. In the Basic networking mode you should have two (V)LAN's, one for your private network and one for the public network.
We assume that the hypervisor has one NIC (eth0) with three tagged VLAN's:
VLAN 100 for management of the hypervisor
VLAN 200 for public network of the instances (cloudbr0)
VLAN 300 for private network of the instances (cloudbr1)
On VLAN 100 we give the Hypervisor the IP-Address 192.168.42.11/24 with the gateway 192.168.42.1
The Hypervisor and Management server don't have to be in the same subnet!
2.6.6. Configuring the firewall
The hypervisor needs to be able to communicate with other hypervisors and the management server needs to be able to reach the hypervisor.
In order to do so we have to open the following TCP ports (if you are using a firewall):
22 (SSH)
1798
16509 (libvirt)
5900 - 6100 (VNC consoles)
49152 - 49216 (libvirt live migration)
It depends on the firewall you are using how to open these ports. Below you'll find examples how to open these ports in RHEL/CentOS and Ubuntu.
2.6.6.1. Open ports in RHEL/CentOS
RHEL and CentOS use iptables for firewalling the system, you can open extra ports by executing the following iptable commands:
iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 1798 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 16509 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 49152:492160 -j ACCEPT
These iptable settings are not persistent accross reboots, we have to save them first.
iptables-save > /etc/sysconfig/iptables
2.6.6.2. Open ports in Ubuntu
The default firewall under Ubuntu is UFW (Uncomplicated FireWall), which is a Python wrapper around iptables.
To open the required ports, execute the following commands:
ufw allow proto tcp from any to any port 22
ufw allow proto tcp from any to any port 1798
ufw allow proto tcp from any to any port 16509
ufw allow proto tcp from any to any port 5900:6100
ufw allow proto tcp from any to any port 49152:492160
By default UFW is not enabled on Ubuntu. Executing these commands with the firewall disabled does not enable the firewall.
2.6.7. Install and configure the Agent
To manage KVM instances on the host CloudStack uses a Agent. This Agent communicates with the Management server and controls all the instances on the host.
First we start by installing the agent:
In RHEL or CentOS:
yum install cloud-agent
In Ubuntu:
apt-get install cloud-agent
The host is now ready to be added to a cluster. This is covered in a later section, see
Section 5.6, “Adding a Host”. It is recommended that you continue to read the documentation before adding the host!