OpenNebula

OpenNebula is another Open Source cloud platform (so you can build your own cloud using Open Source).

Compared to OpenStack:

• Pros

  • supports common Hypervisors and also Linux Containers
  • long tradition (I tested it around 2015 with ESXi w/o major problems)
  • the minione install (see below) runs quickly and happily on my VM with 2 CPUs and 5GB of RAM
  • much less overhead than OpenStack
  • CLI commands run instantly in All-In-One installation

• Cons

  • clumsy non-commercial clause for latest Upgrade packages.

    From: https://support.opennebula.pro/hc/en-us/articles/360043961492-OpenNebula-Subscription-FAQ

    All CE migration packages for versions prior the latest one are—and will be after each new major/minor release—publicly available for all types of organizations and deployments under Apache License 2.0 as part of the standard OpenNebula distribution. However, the CE migration packages for the latest version are distributed under a Software License Agreement for Non-Commercial Use. These migration packages can be requested and used by individuals and by organizations with non-commercial deployments or with significant contributions to the OpenNebula Community.

  • also limited updates for CE:

    The Community Edition of OpenNebula is updated and released every 6 months and maintained through the Community Forum. OpenNebula Systems does not produce maintenance versions of the Community Edition, only patch versions with critical bug fixes.

  • sometimes important error messages are missing even when oned has set DEBUG (3) level (see Error monitoring host below)

  • seems to be much less known than OpenStack

I'm currently testing single VM installation from

• http://docs.opennebula.io/minione/

Prolonging timeouts

I have had slow and bumpy Internet connection. So I made these patches to make minione script more tolerant:

• changed minione script ONE_WAIT_TIMEOUT variable:

  --- minione.orig	2020-12-18 09:04:25.703000000 +0100
  +++ minione	2020-12-18 09:04:42.028000000 +0100
  @@ -144,7 +144,7 @@
   FORWARD=$(sysctl -n net.ipv4.ip_forward 2>/dev/null)
   LIBVIRTD='libvirtd'
   ONE_WAIT_TIMEOUT=60
  -IMAGE_WAIT_TIMEOUT=300
  +IMAGE_WAIT_TIMEOUT=30000
   STAR_NET=''
   ONE_SERVICES='opennebula opennebula-sunstone opennebula-flow opennebula-gate'
   FRC_KERNEL_PARAMS="console=ttyS0 reboot=k panic=1 pci=off i8042.noaux i8042.nomux i8042.nopnp i8042.dumbkbd"
  

• patched /var/lib/one/remotes/datastore/downloader.sh to allow retries on transient download errors:

  --- /var/lib/one/remotes/datastore/downloader.sh.orig	2020-12-18 09:10:46.491000000 +0100
  +++ /var/lib/one/remotes/datastore/downloader.sh	2020-12-18 09:10:57.014000000 +0100
  @@ -282,7 +282,7 @@
       export HASH_FILE="/tmp/downloader.hash.$$"
   fi
   
  -GLOBAL_CURL_ARGS="--fail -sS -k -L"
  +GLOBAL_CURL_ARGS="--retry 100 --fail -sS -k -L"
   
   case "$FROM" in
   http://*|https://*)
  

  • WARNING! Ensure that you did not create file with wrong permissions! Otherwise very very very bad things will happen (see Troubleshooting section below).

Notes

After installation you have two ways how to authenticate CLI (always on Nebula Server):

1. using oneadmin user for example:

   sudo -u oneadmin onehost list
   

2. Or copy required authentication files to your non-privileged user:

   sudo cp -r /var/lib/one/.one ~/
   sudo chown -R $USER:`id -gn` .one
   # now any "one" command should work:
   onehost list
   

If there was no error on installation you can simply login to Web UI (valid is IP address and credentials on standard 80 HTTP port) - printed at the end of installation.

Then you can try (tested on Nebula 6.8.0):

• Templates -> VMS
• check on Alpine Linux 3.17
• click on Instantiate
• fill in VM Name - for example alpine1
• and click on another Instantiate button
• finally click on Instances -> VMs to see your VM and control it.

Login to instance:

• you can find only SSH public key when you look to:
  • Instances -> alpine -> conf
• but you need private key - it is under /root/.ssh/id_rsa
• you can verify that claim by reading /root/.ssh/id_rsa.pub that must match what you see under Web UI
• so to login to VM
  • go to Conf tab
  • note IP address labeled ETH0_IP in my case 172.16.100.2
  • now try on Your Nebula HOST (server where you installed Nebula)

    sudo ssh [email protected]
    
    Warning: Permanently added '172.16.100.2' (ECDSA) to the list of known hosts.
    localhost:~# uname -a
    
    Linux localhost 5.15.115-0-virt #1-Alpine SMP Mon, 05 Jun 2023 09:54:09 +0000 x86_64 Linux
    

  • note that root SSH client used matching private key /root/.ssh/id_rsa to login to VM
  • please note that minone by default configures only local network 172.16.0.0 - that is not routable outside Nebula server

Troubleshooting

Download "CentOS 7" image manually

NOTE: OpenNebula 6.8 uses rather Alpine Linux 3.17 that nicely fits into 256MB disk.

In my case the downloader failed anyway so I downloaded and re-created image manually using:

• download image using plain curl:

  $ curl -O -L --retry 100 \
       https://marketplace.opennebula.io/appliance/a093aa48-1113-11ea-8c65-f0def1753696/download/0
  $ md5sum -b 0
  
  9d7711919b859e0d9525a0c448987b31 *0
  

• create file centos_template.one with contents like:

  NAME          = "CentOS 7"
  PATH          = "/root/0"
  TYPE          = "OS"
  DESCRIPTION   = "Image from file"
  

• NOTE: Update path and ensure that user oneadmin can read our image file (in our case it is file /root/0

• Now delete wrong image (with err status) and create new image:

  # do this as user "root" or "oneadmin"
  oneimage delete "CentOS 7"
  oneimage create centos_template.one --datastore default
  oneimage list
  

• IMPORTANT: Once is installation completed login via Web UI edit OS Template (there is only one) and ensure that Storage points to right Image ID (when we deleted and created new Image the ID likely changed!)

• now your OpenNebula should be ready to create first VM ...

Error monitoring host

I had critical problem - my virtualization host (localhost of course) was unable to start. The only error message was:

Error monitoring Host localhost (0): 

Which is not helpful (there should be printed cause after colon, but not in my case).

Even such simple command as this:

sudo -u oneadmin onehost sync

Said Failed update on hosts ... localhost

Totally desperate I run strace using:

sudo -u oneadmin bash
strace -f -o /tmp/xx onehost sync

And then I revealed it:

9909  open("datastore/downloader.sh.orig", O_RDONLY) = -1 EACCES (Permission denied)

Aaarrrrggghhhh! I did little trick to prolong "CentOS 7" image download timeout (and added retry), because my Internet connection is bumpy...

And this was the problem:

• OpenNebula does basically this for each Host (see https://forum.opennebula.io/t/solved-failed-to-update-the-following-hosts/7265):

  scp -rp /var/lib/one/remotes/* $REMOTE_HOST:/var/tmp/one
  

• if above command fails then everything aborts without meaningful error message!

So the solution was easy:

chmod a+rX /var/lib/one/remotes/datastore/downloader.sh.orig

And then onehost sync finished without error...

And these commands were enough to clear error state:

onehost disable 0
onehost enable 0

Resources

• Deployment Guide (includes installation instructions)
  • http://docs.opennebula.io/5.12/deployment/index.html
• PDF manuals (but only up to 5.10.1 version - why?)
  • http://docs.opennebula.io/pdf/