2008/07/25

Xen DomU上でDRBDを使う・その1・Xen環境の準備

Xen環境構築の詳細については、『Red Hat Cluster: CentOS 5.1上でRHCSを使ってみる』を参照。ここでは、DomUのKickstart設定ファイルを紹介する。以下の点に注意して欲しい。
  • RPMパッケージdrbd82およびkmod-drbd82-xenをインストールする。
  • ファイアウォール設定で、DRBDの通信、TCPポート7788~7799を許可する。

logging --host=192.168.55.32 --level=debug

install
url --url http://Repository.LocalDomain/centos/5/os/i386
lang en_US.UTF-8
keyboard jp106
network --device eth0 --bootproto dhcp --hostname=localhost.localdomain
rootpw --iscrypted $1$NG4SU1bL$I8FOJo.81cUrO6Xj4dau41
firewall --enabled --ssh --port=snmp:udp
authconfig --enableshadow --enablemd5
selinux --permissive
timezone Asia/Tokyo
bootloader --location=mbr --driveorder=xvda --append="console=xvc0"

services --enabled=ntpd,oddjobd,snmpd --disabled=acpid,apmd,avahi-daemon,bluetooth,cpuspeed,cups,gpm,hidd,lm_sensors,mdmonitor,microcode_ctl,nfslock,pcscd,smartd,xfs,yum-updatesd

clearpart --all --drives=xvda --initlabel
part /boot --fstype ext3 --size=100 --ondisk=xvda
part pv.2 --size=0 --grow --ondisk=xvda
volgroup VolGroup00 --pesize=32768 pv.2
logvol swap --fstype swap --name=LogVol01 --vgname=VolGroup00 --size=272 --grow --maxsize=544
logvol / --fstype ext3 --name=LogVol00 --vgname=VolGroup00 --size=1024 --grow
repo --name=base --baseurl=http://Repository.LocalDomain/centos/5/os/i386/
repo --name=updates --baseurl=http://Repository.LocalDomain/centos/5/updates/i386/
repo --name=addons --baseurl=http://Repository.LocalDomain/centos/5/addons/i386/
repo --name=extras --baseurl=http://Repository.LocalDomain/centos/5/extras/i386/

reboot

%packages
@admin-tools
@base
@cluster-storage
@clustering
@core
@emacs
@mail-server
@network-server
@ruby
@server-cfg
@system-tools
@text-internet
@web-server
-smartmontools
-OpenIPMI*
-squid
-samba-*
-system-config-samba
lynx
tftp
kernel-xen
kmod-gfs-xen
-kernel
-kmod-gfs
-kmod-gnbd
-NetworkManager
-bluez-utils
device-mapper-multipath
-irda-utils
-pcmciautils
net-snmp-utils
net-snmp-libs
net-snmp
iscsi-initiator-utils
-apmd
-acpid
drbd82
kmod-drbd82-xen
-kmod-drbd82

%post --log=/mnt/sysimage/root/install-post.log
### network
echo 'NOZEROCONF=yes' >> /etc/sysconfig/network

/bin/cp -p /etc/sysconfig/network-scripts/ifcfg-eth0 /tmp/ifcfg-eth0
/bin/sed 's/^HWADDR=/#HWADDR=/' < /tmp/ifcfg-eth0 > /etc/sysconfig/network-scripts/ifcfg-eth0

/bin/egrep -v '^#' /etc/sysconfig/network-scripts/ifcfg-eth0 | /bin/sed 's/eth0/eth1/' > /etc/sysconfig/network-scripts/ifcfg-eth1
/bin/egrep -v '^#' /etc/sysconfig/network-scripts/ifcfg-eth0 | /bin/sed 's/eth0/eth2/' > /etc/sysconfig/network-scripts/ifcfg-eth2
/sbin/restorecon /etc/sysconfig/network-scripts/ifcfg-eth[12]

### logrotate
/bin/cat > /etc/logrotate.d/00local.conf <<EOL
rotate 20
compress
start 100
EOL
/sbin/restorecon /etc/logrotate.d/00local.conf

### yum update from the local repository
/bin/cp -p /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.dist
/bin/sed 's/mirrorlist=/#mirrorlist=/
s/#baseurl=/baseurl=/
s/mirror.centos.org/Repository.LocalDomain/' < /etc/yum.repos.d/CentOS-Base.repo.dist > /etc/yum.repos.d/CentOS-Base.repo

### For Cluster
##### /etc/cluster/fence_xvm.key
/usr/bin/base64 -di > /etc/cluster/fence_xvm.key <<EOL
Atf+JoYSVwnPqBR8vnbG68EaY/Y4sr570YywcWXUcsZD6BwQAMA0x62YIMSlHArX60JzvNeh95x7
<<略>>
EN00EFaiso4dDtVaX2RYJf30RExW4E312yu+XwoXjrES0uLIK33p0HToOXUX3RjsCqYuM7ulE5iD
EOL
/bin/chmod 600 /etc/cluster/fence_xvm.key

##### iptables
/bin/cp -p /etc/sysconfig/iptables /etc/sysconfig/iptables.dist
/bin/cat > /etc/sysconfig/iptables <<EOL
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 7788:7799 -i eth1 -s 192.168.56.0/24 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 7788:7799 -i eth2 -s 192.168.57.0/24 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -s 192.168.55.0/24 -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOL

### sshd
/bin/cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.dist
/bin/sed 's/^PasswordAuthentication yes/PasswordAuthentication no/' < /etc/ssh/sshd_config.dist > /etc/ssh/sshd_config

/bin/mkdir ~root/.ssh
/bin/chmod 600 ~root/.ssh
/bin/cat > ~root/.ssh/authorized_keys2 <<EOL
ssh-dss AAAA<<略>>
EOL
/bin/chmod 644 ~root/.ssh/authorized_keys2

### Mail
##### /etc/mail/sendmail.cf
/usr/bin/patch /etc/mail/sendmail.mc <<EOL
26c26
< dnl define(\`SMART_HOST', \`smtp.your.provider')dnl
---
> define(\`SMART_HOST', \`SmtpServer.LocalDomain')dnl
EOL
(cd /etc/mail; /usr/bin/make sendmail.cf)

##### /etc/aliases
/usr/bin/patch /etc/aliases <<EOL
96c96
< #root:             marc
---
> root:              root@LocalDomain
EOL
/usr/bin/newaliases

### SNMP
/bin/cat > /etc/snmp/snmpd.conf <<EOL
com2sec localhost localhost           COMMUNITY_STRING
com2sec localnet  192.168.55.0/24    COMMUNITY_STRING

group   gOpLocalhost   v1            localhost
group   gOpLocalhost   v2c           localhost
group   gOpLocalnet    v1            localnet
group   gOpLocalnet    v2c           localnet

view    all           included   .1
view    systemview    included   REDHAT-CLUSTER-MIB:RedHatCluster

access  gOpLocalhost   ""      any       noauth    exact  all    none    all
access  gOpLocalnet    ""      any       noauth    exact  all    none    all

syslocation Unknown
syscontact root@LocalDomain

disk /     100000

load 10

# for cluster
dlmod RedHatCluster     /usr/lib/cluster-snmp/libClusterMonitorSnmp.so
EOL

/bin/cat > /etc/snmp/snmp.conf <<EOL
mibs +REDHAT-MIB:REDHAT-CLUSTER-MIB
EOL

### NTP on Xen DomU
/bin/cat >> /etc/sysctl.conf <<EOL

# For ntpd on Xen DomU.
xen.independent_wallclock = 1
EOL

### cron
/bin/cp -p /etc/crontab /etc/crontab.dist
/bin/sed 's/^\(..\) 4 /\1 5 /' < /etc/crontab.dist > /etc/crontab

### grub
/bin/cp -p /boot/grub/grub.conf /boot/grub/grub.conf.dist
/bin/sed 's/ rhgb quiet//' < /boot/grub/grub.conf.dist > /boot/grub/grub.conf

### /etc/bashrc
/bin/cp -p /etc/bashrc /etc/bashrc.dist
/bin/sed 's/xterm\*)/xterm*|vt100*)/' < /etc/bashrc.dist > /etc/bashrc
この設定を元に、Xen DomU dc0を作成する。
# virt-install --name=dc0 --ram=256 --file=/dev/VolGroupXX/LogVolDc0 --mac='00:16:3e:1d:91:00' --bridge=br4000 --nographics --location='http://Repository.LocalDomain/centos/5/os/i386' --extra-args='ks=http://Repository.LocalDomain/centos/conf/DomU-DRBD-ks.cfg'
DomU dc0のインストールが完了したら、LV(logical volume, 論理ボリューム) /dev/VolGroupXX/LogVolDc0を元にDomU dc[23]用のLVをスナップショットLVとして作成する(『XenとLVM・その3・スナップショットLVの利用』参照)
# lvcreate --snapshot --size=1G --name=LogVolDc2 /dev/VolGroupXX/LogVolDc0
Logical volume "LogVolDc2" created
# lvcreate --snapshot --size=1G --name=LogVolDc3 /dev/VolGroupXX/LogVolDc0
Logical volume "LogVolDc3" created
#
続いて、dc[23]に/dev/xvdbとしてエクスポートするためのLVを作成する。
# lvcreate --size=4G --name=LogVolR0-2 /dev/VolGroupXX
Logical volume "LogVolR0-2" created
# lvcreate --size=4G --name=LogVolR0-3 /dev/VolGroupXX
Logical volume "LogVolR0-3" created
#
DomU dc2の設定ファイル/etc/xen/dc2は以下の通り。
name = "dc2"
uuid = "3cc1d59c-b2b1-42a6-b31a-35be18db188d"
maxmem = 512
memory = 256
vcpus = 1
bootloader = "/usr/bin/pygrub"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
vfb = [  ]
disk = [ "phy:/dev/VolGroupXX/LogVolDc2,xvda,w",
"phy:/dev/VolGroupXX/LogVolR0-2,xvdb,w" ]
vif = [ "mac=00:16:3e:1d:91:02,bridge=br4000",
"mac=00:16:3e:1d:92:02,bridge=br4001",
"mac=00:16:3e:1d:93:02,bridge=br4002" ]
DomU dc2を起動する。
# xm create -c dc2
<<略>>
INIT: version 2.86 booting
Welcome to  CentOS release 5.2 (Final)
Press 'I' to enter interactive startup.
<<略>>
Starting DRBD resources:    no resources defined!
no resources defined!
[ ]no resources defined!
.
no resources defined!
no resources defined!
[  OK  ]
<<略>>

CentOS release 5.2 (Final)
Kernel 2.6.18-92.1.6.el5xen on an i686

dc2.LocalDomain login:
DRBDの設定を行っていないため、その旨警告メッセージが表示されている。DomU dc3についても同様に作業する。


その0・概要』『その1・Xen環境の準備』『その2・DRBD設定前の確認』『その3・drbd.confの設定』『その4・DRBDの初期化』『その5・初期同期』『その6・ベンチマーク

0 件のコメント: