diff --git a/source/installguide/hypervisor/lxc.rst b/source/installguide/hypervisor/lxc.rst index e4bae66a3a..01969b6596 100644 --- a/source/installguide/hypervisor/lxc.rst +++ b/source/installguide/hypervisor/lxc.rst @@ -71,8 +71,8 @@ LXC does not have any native system VMs, instead KVM will be used to run system VMs. This means that your host will need to support both LXC and KVM, thus most of the installation and configuration will be identical to the KVM installation. The material in this section doesn't duplicate -KVM installation docs. It provides the CloudStack-specific steps that -are needed to prepare a KVM host to work with CloudStack. +information, so perform the steps in the Host KVM Installation section first +:ref:`host-kvm-installation`. .. warning:: Before continuing, make sure that you have applied the latest updates to @@ -123,235 +123,226 @@ KVM Instances. NTP is required to synchronize the clocks of the servers in your cloud. Unsynchronized clocks can cause unexpected problems. - #. Install NTP +#. Install NTP - .. parsed-literal:: - - $ yum install ntp + In RHEL or CentOS: .. parsed-literal:: - $ apt-get install openntpd - -#. Repeat all of these steps on every hypervisor host. - - -Install and configure the Agent -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To manage LXC Instances on the host CloudStack uses a Agent. This Agent -communicates with the Management server and controls all the Instances -on the host. - -First we start by installing the agent: - -In RHEL or CentOS: - -.. parsed-literal:: - - $ yum install -y epel-release - $ yum install cloudstack-agent - -In Ubuntu: - -.. parsed-literal:: - - $ apt-get install cloudstack-agent - -Next step is to update the Agent configuration settings. The settings -are in ``/etc/cloudstack/agent/agent.properties`` - -#. Set the Agent to run in LXC mode: - - .. parsed-literal:: + $ yum install chrony - hypervisor.type=lxc + In Ubuntu: -#. Optional: If you would like to use direct networking (instead of the - default bridge networking), configure these lines: + .. parsed-literal:: - .. parsed-literal:: + $ apt install chrony - libvirt.vif.driver=com.cloud.hypervisor.kvm.resource.DirectVifDriver + In SUSE: - .. parsed-literal:: + .. parsed-literal:: - network.direct.source.mode=private + $ zypper install chrony - .. parsed-literal:: +#. Repeat all of these steps on every hypervisor host. - network.direct.device=eth0 -The host is now ready to be added to a cluster. This is covered in a -later section, see :ref:`adding-a-host`. It is -recommended that you continue to read the documentation before adding -the host! +Configure package repository +^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +CloudStack is only distributed from source from the official mirrors. +However, members of the CloudStack community may build convenience +binaries so that users can install Apache CloudStack without needing to +build from source. -Install and Configure libvirt -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -CloudStack uses libvirt for managing Instances. Therefore it is -vital that libvirt is configured correctly. Libvirt is a dependency of -cloudstack-agent and should already be installed. +If you didn't follow the steps to build your own packages from source in +the sections for `“Building RPMs from Source” +<../building_from_source.html#building-rpms-from-source>`__ or +`“Building DEB packages” <../building_from_source.html#building-deb-packages>`__ +you may find pre-built DEB and RPM packages for your convenience linked from +the `downloads `_ page. -#. In order to have live migration working libvirt has to listen for - insecured TCP connections. We also need to turn off libvirts attempt - to use Multicast DNS advertising. Both of these settings are in - ``/etc/libvirt/libvirtd.conf`` +.. note:: + These repositories contain both the Management Server and KVM Hypervisor + packages. - Set the following parameters: +RPM package repository +~~~~~~~~~~~~~~~~~~~~~~ - .. parsed-literal:: +There is a RPM package repository for CloudStack so you can easily +install on RHEL and SUSE based platforms. - listen_tls = 0 +If you're using an RPM-based system, you'll want to add the Yum +repository so that you can install CloudStack with Yum. - .. parsed-literal:: +In RHEL or CentOS: - listen_tcp = 1 +Yum repository information is found under ``/etc/yum.repos.d``. You'll +see several ``.repo`` files in this directory, each one denoting a +specific repository. - .. parsed-literal:: +To add the CloudStack repository, create +``/etc/yum.repos.d/cloudstack.repo`` and insert the following +information. - tcp_port = "16509" +In the case of RHEL being used, you can replace 'centos' by 'rhel' in the value of baseurl - .. parsed-literal:: +.. parsed-literal:: - auth_tcp = "none" + [cloudstack] + name=cloudstack + baseurl=http://download.cloudstack.org/centos/$releasever/|version|/ + enabled=1 + gpgcheck=0 - .. parsed-literal:: +Now you should now be able to install CloudStack using Yum. - mdns_adv = 0 +In SUSE: -#. Turning on "listen\_tcp" in libvirtd.conf is not enough, we have to - change the parameters as well: +Zypper repository information is found under ``/etc/zypp/repos.d/``. You'll +see several ``.repo`` files in this directory, each one denoting a +specific repository. - On RHEL or CentOS modify ``/etc/sysconfig/libvirtd``: +To add the CloudStack repository, create +``/etc/zypp/repos.d/cloudstack.repo`` and insert the following +information. - Uncomment the following line: +.. parsed-literal:: - .. parsed-literal:: + [cloudstack] + name=cloudstack + baseurl=http://download.cloudstack.org/suse/|version|/ + enabled=1 + gpgcheck=0 - #LIBVIRTD_ARGS="--listen" - On Ubuntu: modify ``/etc/default/libvirt-bin`` +Now you should now be able to install CloudStack using zypper. - Add "-l" to the following line - .. parsed-literal:: +DEB package repository +~~~~~~~~~~~~~~~~~~~~~~ - libvirtd_opts="-d" +You can add a DEB package repository to your apt sources with the +following commands. Replace the code name with your Ubuntu LTS version : +Ubuntu 20.04 (focal), Ubuntu 22.04 (jammy), Ubuntu 24.04 (noble). - so it looks like: +Use your preferred editor and open (or create) +``/etc/apt/sources.list.d/cloudstack.list``. Add the community provided +repository to the file (replace "trusty" with "xenial" or "bionic" if it is the case): - .. parsed-literal:: +.. parsed-literal:: - libvirtd_opts="-d -l" + deb https://download.cloudstack.org/ubuntu focal |version| -#. In order to have the VNC Console work we have to make sure it will - bind on 0.0.0.0. We do this by editing ``/etc/libvirt/qemu.conf`` +We now have to add the public key to the trusted keys. - Make sure this parameter is set: +.. parsed-literal:: - .. parsed-literal:: + wget -O - https://download.cloudstack.org/release.asc |sudo tee /etc/apt/trusted.gpg.d/cloudstack.asc - vnc_listen = "0.0.0.0" +Now update your local apt cache. -#. Restart libvirt +.. parsed-literal:: - In RHEL or CentOS: + sudo apt update - .. parsed-literal:: +Your DEB package repository should now be configured and ready for use. - $ service libvirtd restart +Install and configure the Agent +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - In Ubuntu: +To manage LXC Instances on the host CloudStack uses a Agent. This Agent +communicates with the Management server and controls all the Instances +on the host. - .. parsed-literal:: +.. note:: + Depending on your distribution you might need to add the corresponding package repository + for CloudStack. - $ service libvirt-bin restart +First we start by installing the agent: +In RHEL or CentOS: -Configure the Security Policies -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.. parsed-literal:: -CloudStack does various things which can be blocked by security -mechanisms like AppArmor and SELinux. These have to be disabled to -ensure the Agent has all the required permissions. + $ yum install -y epel-release + $ yum install cloudstack-agent -#. Configure SELinux (RHEL and CentOS) +In Ubuntu: - #. Check to see whether SELinux is installed on your machine. If not, - you can skip this section. +.. parsed-literal:: - In RHEL or CentOS, SELinux is installed and enabled by default. - You can verify this with: + $ apt install cloudstack-agent - .. parsed-literal:: +In SUSE: - $ rpm -qa | grep selinux +.. parsed-literal:: - #. Set the SELINUX variable in ``/etc/selinux/config`` to - "permissive". This ensures that the permissive setting will be - maintained after a system reboot. + $ zypper install cloudstack-agent - In RHEL or CentOS: - .. parsed-literal:: +If you're using a non-root user to add the LXC host, please add the user to +sudoers file: - $ vi /etc/selinux/config +.. parsed-literal:: - Change the following line + cloudstack ALL=NOPASSWD: /usr/bin/cloudstack-setup-agent + Defaults:cloudstack !requiretty - .. parsed-literal:: +Next step is to update the Agent configuration settings. The settings +are in ``/etc/cloudstack/agent/agent.properties`` - SELINUX=enforcing +#. Set the Agent to run in LXC mode: - to this + .. parsed-literal:: - .. parsed-literal:: + hypervisor.type=lxc - SELINUX=permissive +#. Optional: If you would like to use direct networking (instead of the + default bridge networking), configure these lines: - #. Then set SELinux to permissive starting immediately, without - requiring a system reboot. + .. parsed-literal:: - .. parsed-literal:: + libvirt.vif.driver=com.cloud.hypervisor.kvm.resource.DirectVifDriver - $ setenforce permissive + .. parsed-literal:: -.. note:: In a production environment, selinux should be set to enforcing - and the necessary selinux policies are created to allow the - services to run. + network.direct.source.mode=private -#. Configure Apparmor (Ubuntu) + .. parsed-literal:: - #. Check to see whether AppArmor is installed on your machine. If - not, you can skip this section. + network.direct.device=eth0 - In Ubuntu AppArmor is installed and enabled by default. You can - verify this with: +The host is now ready to be added to a cluster. This is covered in a +later section, see :ref:`adding-a-host`. It is +recommended that you continue to read the documentation before adding +the host! - .. parsed-literal:: - $ dpkg --list 'apparmor' +Install and Configure libvirt +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - #. Disable the AppArmor profiles for libvirt +CloudStack uses libvirt for managing System VM Instances, even in a LXC host. Therefore it is +vital that libvirt is configured correctly. Libvirt is a dependency of +cloudstack-agent and should already be installed. - .. parsed-literal:: +Please refer to :ref:`install-and-configure-libvirt` for the steps to install and configure +libvirt. Only the, perform the next steps. - $ ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/ +In Ubuntu: - .. parsed-literal:: +.. parsed-literal:: - $ ln -s /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper /etc/apparmor.d/disable/ + apt install libvirt-daemon-driver-lxc -y - .. parsed-literal:: - $ apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd +Configure the Security Policies +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - .. parsed-literal:: +CloudStack does various things which can be blocked by security +mechanisms like AppArmor and SELinux. These have to be disabled to +ensure the Agent has all the required permissions. - $ apparmor_parser -R /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper +Please refer to :ref:`configure-the-security-policies` for the steps to install and configure libvirt. Configure the network bridges