On this page, you will install the Nimbus central services and image repository (Cumulus), and use a cloud client to access your cloud as a remote client.
This will however only work in "fake mode" which means that the service is only pretending to start VMs. In later steps you will enable VMMs, connect them with the central service, and have a working cloud setup.
Create nimbus user
The first step is to create a separate unix account under which to install and run the Nimbus services. It is not recommended to use the root account. Because you will later be configuring password-less SSH keys between this account and your hypervisor nodes, it is best to use a dedicated account for these services.
In this guide, we will be calling the user nimbus, but you can use anything you like.
Download and install
As the new nimbus user, fetch and unpack the latest service distribution.
$ curl -O https://www.nimbusproject.org/downloads/nimbus-iaas-2.10.1-src.tar.gz
$ tar xfz nimbus-iaas-2.10.1-src.tar.gz
$ cd nimbus-iaas-2.10.1-src/
You must now choose an installation directory. It could be within the nimbus user home directory, or something like /opt/nimbus. If the directory exists, it must be empty and writable by the nimbus user. If it does not exist, the parent directory must be writable by the nimbus user.
Throughout this guide, we will refer to this installation directory as $NIMBUS_HOME. To install, run this command from the Nimbus source directory (specifying your chosen destination).
$ ./install $NIMBUS_HOME
Software is not installed anywhere else on the services node, only under this installation directory.
If you need to specify a non default Python, you can do so by setting the PYTHON environment variable. For example if you are using RHEL5 and cannot upgrade the system Python to 2.5+, you can install Python separately and specify PYTHON=/usr/local/bin/python2.5 for installation.
pyOpenSSL and OpenSSL compatibility
Nimbus installs pyOpenSSL 0.13 by default, which requires OpenSSL 0.9.8f of later. If you are using a distribution with an earlier OpenSSL version, such as CentOS 5, set the OLD_OPENSSL_VERSION environment variable to install pyOpenSSL 0.10 instead.
The installer performs several steps:
- Installs Cumulus and dependencies to a Python virtualenv
- Builds and installs the central IaaS services
- Creates initial databases
- Runs interactive configuration program to gather basic information
- Generates internal Certificate Authority for host certificates
After the install completes, you should have a Nimbus system set up with security, web services, and sensible configuration defaults. However the service is running in "fake" mode, where no VMs are actually started. This is a great opportunity to test the service and Cumulus installs before we move on to VMM and network setup.
Nimbus requires several network ports. We have chosen some sensible defaults, but you may adjust them if needed. The defaults are:
- Cumulus : 8888
- Nimbus Service interface : 8443
- EC2 compatible Query Interface: 8444
If you need to change these ports, check out this section of the reference guide.
The installer generates a new X509 Certificate Authority and host certificate but you are not required to use these in production, it is possible to use your own credential system. Setting this up is out of scope of this guide, you should wait until you have a working system before changing this.
Now that the services are installed, you can try to start them for the first time. First, change to the installation directory and take a look at what is in the bin/ directory.
$ cd $NIMBUS_HOME
$ ls bin/ nimbus-configure nimbus-new-cert nimbus-reset-state nimbus-edit-user nimbus-new-user nimbus-version nimbus-list-users nimbus-remove-user nimbusctl
There are several useful commands available which we will get to in time, but for now we want to use the nimbusctl command to start the Nimbus services.
$ ./bin/nimbusctl start Launching Nimbus services... OK Launching Cumulus services... OK
If one or both services fail to start, you should take a look at the appropriate log file. For Nimbus services, check var/services.log. For Cumulus, look in var/cumulus.log.
Create first user
Now that Nimbus is installed and running, we can move on to testing with a real client. But first, we need to create a user account to test with. We will do this with the nimbus-new-user tool. It has many options which you will want to explore later. But for now we should just use the defaults, specifying an email address to associate with the account as well as a temporary directory in which to place credentials.
$ ./bin/nimbus-new-user -d /tmp/newuser [email protected] cert : /tmp/newuser/usercert.pem key : /tmp/newuser/userkey.pem dn : /O=Auto/OU=NimbusTestCA/[email protected] canonical id : d5170810-85f8-11df-86fa-001641156eb6 access id : pig5Rexcj6uFQBH3exGM5 access secret : uQA6LqXSVNFwubQ505II1kqeLMEsEXGd1oXGNjwp0G url : None web id : None cloud properties : /tmp/newuser/cloud.properties
The script outputs a lot of information about the new user, but you only need the files that were generated and written to your specified output directory. Hold on to these files, you will need them momentarily, after you install the cloud client.
Install cloud client and credentials
We will test our services using the Nimbus cloud client. You can do so from the same system you are installing on, but you may want to use a separate system so you can verify that networking is working correctly. Grab the latest cloud client from the Nimbus downloads page (version must be >= 16).
$ curl -O https://www.nimbusproject.org/downloads/nimbus-cloud-client-022.tar.gz
$ tar xfz nimbus-cloud-client-022.tar.gz
Now you need to install the files produced earlier by nimbus-new-user. The cloud.properties file needs to be placed into the extracted cloud client's conf/ directory. The usercert.pem and userkey.pem files need to be installed into ~/.nimbus/ in your home directory. Be careful not to overwrite any credentials you already have in ~/.nimbus/.
$ cp /tmp/newuser/cloud.properties nimbus-cloud-client-022/conf/
$ mkdir ~/.nimbus/
$ cp /tmp/newuser/*.pem ~/.nimbus/
Naturally, if you are testing the client on a different system than the service installation, you'll need to use scp or similar to copy these files.
You also need to grab a few more files from the Nimbus service installation and drop them into the client. These are the internal CA certificates and enable the client to trust the server. The needed files are in $NIMBUS_HOME/var/ca/trusted-certs/.
$ cp $NIMBUS_HOME/var/ca/trusted-certs/* nimbus-cloud-client-022/lib/certs/
Try it out!
First we will attempt to query the service. This command shows the running VMs that you own. Of course you do not have any at this point, but this can help to diagnose any configuration or security problems.
$ cd nimbus-cloud-client-022/
$ ./bin/cloud-client.sh --status Querying for ALL instances. There's nothing running on this cloud that you own.
If you see this message, all is well. You've successfully queried the running Nimbus service! The next step is to query Cumulus and list the available images you have to run. Again, of course you will have none.
$ bin/cloud-client.sh --list No files.
If that command succeeded, then all of the Nimbus services are operational. We will come back to this client later and use it to transfer and start real VMs. But for now, let's turn attention back to the service node to Install DHCPd and Configure Networking.