该建什么样的模板
“CloudStack 很轻,可以担的很重!!”
一、规划
- 磁盘方案:40G
- 无SWAP分区
- 系统配置调整
- sysctl性能优化
二、目标
先通过ISO方式安装VM,后针对ISO安装的实例创建模板
三、ISO安装
- 上传ISO
- 新建实例
- 附加ISO
- 启动实例
- 进入系统安装页面
- 完成安装
- 卸载ISO
以centos6为例
分区创建
一个“/” 根分区即可,无需建立swap分区等
软件安装
最小安装即可
安装完毕,在cloudstack平台实例中卸载iso, 然后reboot
系统配置
vm启动登入后执行以下脚本:
# 清除UUID
/bin/cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=dhcp
EOF
##防止网卡名称改变
echo "rm /etc/udev/rules.d/70-persistent-net.rules" >> /etc/rc.local
##允许cloudstack修改密码
/bin/cat > /etc/init.d/cloud-set-guest-password << EOF
#!/bin/bash
#
# Init file for Password Download Client
#
# chkconfig: 345 98 02
# description: Password Download Client
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Modify this line to specify the user (default is root)
user=root
# Add your DHCP lease folders here
DHCP_FOLDERS="/var/lib/dhclient/* /var/lib/dhcp3/* /var/lib/dhcp/*"
password_received=0
file_count=0
error_count=0
for DHCP_FILE in $DHCP_FOLDERS
do
if [ -f $DHCP_FILE ]
then
file_count=$((file_count+1))
PASSWORD_SERVER_IP=$(grep dhcp-server-identifier $DHCP_FILE | tail -1 | awk '{print $NF}' | tr -d '\;')
if [ -n "$PASSWORD_SERVER_IP" ]
then
logger -t "cloud" "Found password server IP $PASSWORD_SERVER_IP in $DHCP_FILE"
logger -t "cloud" "Sending request to password server at $PASSWORD_SERVER_IP"
password=$(wget -q -t 3 -T 20 -O - --header "DomU_Request: send_my_password" $PASSWORD_SERVER_IP:8080)
password=$(echo $password | tr -d '\r')
if [ $? -eq 0 ]
then
logger -t "cloud" "Got response from server at $PASSWORD_SERVER_IP"
case $password in
"") logger -t "cloud" "Password server at $PASSWORD_SERVER_IP did not have any password for the VM"
continue
;;
"bad_request") logger -t "cloud" "VM sent an invalid request to password server at $PASSWORD_SERVER_IP"
error_count=$((error_count+1))
continue
;;
"saved_password") logger -t "cloud" "VM has already saved a password from the password server at $PASSWORD_SERVER_IP"
continue
;;
*) logger -t "cloud" "VM got a valid password from server at $PASSWORD_SERVER_IP"
password_received=1
break
;;
esac
else
logger -t "cloud" "Failed to send request to password server at $PASSWORD_SERVER_IP"
error_count=$((error_count+1))
fi
else
logger -t "cloud" "Could not find password server IP in $DHCP_FILE"
error_count=$((error_count+1))
fi
fi
done
if [ "$password_received" == "0" ]
then
if [ "$error_count" == "$file_count" ]
then
logger -t "cloud" "Failed to get password from any server"
exit 1
else
logger -t "cloud" "Did not need to change password."
exit 0
fi
fi
logger -t "cloud" "Changing password ..."
echo $user:$password | chpasswd
if [ $? -gt 0 ]
then
usermod -p `mkpasswd -m SHA-512 $password` $user
if [ $? -gt 0 ]
then
logger -t "cloud" "Failed to change password for user $user"
exit 1
else
logger -t "cloud" "Successfully changed password for user $user"
fi
fi
logger -t "cloud" "Sending acknowledgment to password server at $PASSWORD_SERVER_IP"
wget -t 3 -T 20 -O - --header "DomU_Request: saved_password" $PASSWORD_SERVER_IP:8080
exit 0
EOF
chmod 755 /etc/init.d/cloud-set-guest-password
chkconfig cloud-set-guest-password on
##系统配置调整
for i in NetworkManager acpid anacron apmd atd auditd autofs avahi-daemon avahi-dnsconfd bluetooth conman cpuspeed crond cups dnsmasq dund firstboot gpm haldaemon hidd ibmasm ip6tables iptables irda isdn irqbalance kdump kudzu lvm2-monitor mcstrans mdmonitor mdmpd messagebus microcode_ctl multipathd mysqld netconsole netfs netplugd network nfs nfslock nscd ntpd oddjobd pand pcscd portmap psacct rawdevices rdisc readahead_early readahead_later restorecond rpcgssd rpcidmapd rpcsvcgssd saslauthd sendmail setroubleshoot smartd smb snmpd snmptrapd sshd syslog tcsd winbind wpa_supplicant xfs ypbind yum-updatesd postfix auditd blk-availability ip6tables lvm2-monitor netfs udev-post cups nfslock rpcbind portreserve certmonger; do chkconfig $i off; done
yum -y install wget
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
cat >> /etc/security/limits.conf << EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
echo "blacklist acpi_pad" >> /etc/modprobe.d/blacklist.conf
ulimit -SHn 65535
echo 'syntax on' > /root/.vimrc 2>/dev/null
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config
sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
sed -i 's/1024/65535/' /etc/security/limits.d/90-nproc.conf
/bin/cat > /etc/cron.daily/ntpdate << _ntpdate/usr/sbin/ntpdate 1.cn.pool.ntp.org && /sbin/hwclock --systohc
_ntpdate
/usr/sbin/ntpdate 1.cn.pool.ntp.org && /sbin/hwclock --systohc
chmod 755 /etc/cron.daily/ntpdate
yum -y install gcc gcc-c++ make autoconf
yum -y install wget ntp ntpdate vim openssh-clients telnet net-snmp traceroute tcpdump man xinetd rsync screen socat nload sysstat lsof unzip
性能优化
/bin/cat > /etc/sysctl.conf << EOF
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.lo.arp_announce=2
EOF
四、 创建模板
实例》ISO实例》查看卷》生成模板
至此,模板创建完成!
“CloudStack 很轻,可以担的很重!!”
本文系作者原创,转载请注明出处。如您阅读的是转载,请最好再看下原文,原文随时会更新和勘误的。
@Gordon_chang
1997年毕业于北京联合大学,先后在中国万网,新媒传信,亚信等公司工作,现在在一家创业型公司担任云计算与大数据运维方面的 PM & Engineer。 专注于以下四个领域:
分布式存储
分布式数据库
云计算
大数据
重点通过技术架构与性能优化(底层)实现基于私有云的大数据平台能力