Changes between Version 8 and Version 9 of Eucalyptus-Binary-Install

07/13/11 15:29:27 (8 years ago)
jonmills (IP:



  • Eucalyptus-Binary-Install

    v8 v9  
    223223=== %Post section === 
    225 In our Kickstart %post macro, we'll do some initial configuration.  In particular: 
    226  * libvirtd will install, by default, a bridge called 'virbr0'.  We don't want to use that.  Instead, we'll pre-configure the node to use a bridge called 'br0' that uses 'eth0' for its device. 
    227  * We want to set up our iptables firewall the right way.  Particularly a good idea if you are running your nodes in euca SYSTEM mode with public ip addresses 
    228  * Want to disable eucalyptus-nc service at boot (at least until all tweaking is done.) 
     225In our Kickstart %post macro, we'll do some initial configuration: 
     228# Libvirtd will, by default install a 'virbr0' but it's not a good idea to use that with Euca 
     229# Instead, we'll create a 'br0' that uses 'eth0'. 
     230# This expects you are controlling network configuration with DHCP 
     231cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF 
     238cat > /etc/sysconfig/network-scripts/ifcfg-br0 <<EOF 
     239# Euca default bridge 
     247# Configure java 
     248# This depends upon you having installed the sun jdk in the %packages section from your own Yum repo... 
     249/usr/sbin/alternatives --install /usr/bin/java java /usr/java/jdk1.6.0_26/jre/bin/java 1 
     250/usr/sbin/alternatives --set java /usr/java/jdk1.6.0_26/jre/bin/java 
     252# Disable euca at least until you've tested it 
     253/sbin/chkconfig eucalyptus-nc off 
     255# Default firewall allows SSH, Avahi, NTP, DHCP, and all traffic on local subnet (for Euca). 
     256# Note that without '-A FORWARD -m physdev  --physdev-is-bridged -j ACCEPT' Euca nodes cannot DHCP. 
     257cat > /etc/sysconfig/iptables <<EOF 
     259:INPUT ACCEPT [0:0] 
     260:FORWARD ACCEPT [0:0] 
     261:OUTPUT ACCEPT [249:77576] 
     262:RH-Firewall-1-INPUT - [0:0] 
     263-A INPUT -j RH-Firewall-1-INPUT  
     264-A FORWARD -m physdev  --physdev-is-bridged -j ACCEPT  
     265-A FORWARD -j RH-Firewall-1-INPUT  
     266-A RH-Firewall-1-INPUT -i lo -j ACCEPT  
     267-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT  
     268-A RH-Firewall-1-INPUT -p esp -j ACCEPT  
     269-A RH-Firewall-1-INPUT -p ah -j ACCEPT  
     270-A RH-Firewall-1-INPUT -d -p udp -m udp --dport 5353 -j ACCEPT  
     271-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT  
     272-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT  
     273-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT  
     274-A RH-Firewall-1-INPUT -s -p udp -m state --state NEW -m udp --dport 68 -j ACCEPT  
     275-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 123 -j ACCEPT  
     276-A RH-Firewall-1-INPUT -s -j ACCEPT 
     277-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT  
     278-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited  
     282# Configure hypervisor for Euca 
     283# You'll need a correctly configured libvirtd.conf on a webserver somewhere to grab with wget 
     284/bin/mkdir -p /home/eucalyptus 
     285/bin/chown 500:500 /home/eucalyptus/ 
     286/bin/chmod 755 /home/eucalyptus/ 
     287/bin/echo "libvirt:x:499:eucalyptus" >> /etc/group 
     288mv /etc/libvirt/libvirtd.conf /etc/libvirt/libvirtd.conf.orig 
     289/usr/bin/wget -c --directory-prefix=/etc/libvirt http://$INSTALL_SITE/extras/libvirtd.conf 
     291# You'll get errors if you don't create this link 
     292/bin/ln -s /usr/libexec/qemu-kvm /usr/bin/kvm 
     294# Configure loop devices 
     295/bin/echo 'options loop max_loop=255' >> /etc/modprobe.conf