CloudStack安装部署与常见问题解决(4)

5. 安装NFS共享(CloudStack需要一个地方来作为第一和第二存储,所有的这些都可以用NFS共享来实现,通常来说配置NFS Server需要一个单独的服务器,但是将Management Server作为NFS服务器也是可行的,这是一个典型的配置。注:这里我们将ManagementServer作为NFS服务器)

5.1 创建两个目录用来作为第一和第二存储

[root@coms-cluster etc]# mkdir -p /export/primary

[root@coms-cluster etc]# mkdir -p /export/secondary

[root@coms-cluster etc]# cd /export/

[root@coms-cluster export]# ll

total 40

drwxr-xr-x 2 root root 4096 May 24 16:52 apps

drwxr-xr-x 3 root root 4096 Jun 4 14:38 home

drwx------ 2 root root 16384 May 24 16:21 lost+found

drwxr-xr-x 2 root root 4096 Jun 8 15:00 primary

drwxr-xr-x 3 root root 4096 May 29 2012 rocks

drwxr-xr-x 2 root root 4096 Jun 8 15:00 secondary

drwxr-xr-x 3 root root 4096 May 24 16:50 site-roll

[root@coms-cluster export]#

 

5.2 将上面创建的目录加入NFS共享中,编辑/etc/exports文件。

[root@coms-cluster export]#

[root@coms-cluster export]# vi /etc/exports

/export 100.1.1.1(rw,async,no_root_squash) 100.1.0.0/255.255.0.0(rw,async)

/export/primary *(rw,async,no_root_squash)

/export/secondary *(rw,async,no_root_squash)

[root@coms-cluster export]# exportfs -a

[root@coms-cluster export]# showmount -e localhost

Export list for localhost:

/export/secondary * #共享出去的两个目录

/export/primary *

/export (everyone)

[root@coms-cluster export]#

 

5.3 修改NFS的配置文件/etc/sysconf/nfs,取消下面的注释。(CetOS和RHEL必须,Ubuntu不用设置)

LOCKD_TCPPORT=32803

LOCKD_UDPPORT=32769

MOUNTD_PORT=892

RQUOTAD_PORT=875

STATD_PORT=662

STATD_OUTGOING_PORT=2020

 

5.4 修改/etc/sysconfig/iptables文件,添加一些规则到INPUT chain

[root@coms-cluster sysconfig]# vi iptables

*nat

# MASQUERADE (host) :

-A POSTROUTING -o eth1 -j MASQUERADE

COMMIT

*filter

:INPUT ACCEPT [0:0]

-A INPUT -m state --state NEW -p udp --dport 111 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT

-A INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT

-A INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT

-A INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT

-A INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT

-A INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [0:0]

# A10-REJECT-411-TCP (host) :

-A INPUT -p tcp --dport 372 -j REJECT --sport 1024:65535

# A10-REJECT-411-UDP (host) :

-A INPUT -p udp --dport 372 -j REJECT --sport 1024:65535

# A15-ALL-LOCAL (global) :

-A INPUT -j ACCEPT -i lo

# A20-ALL-PRIVATE (global) :

-A INPUT -i eth0 -j ACCEPT

# A20-SSH-PUBLIC (global) :

-A INPUT -i eth1 -p tcp --dport ssh -j ACCEPT -m state --state NEW

# A30-RELATED-PUBLIC (global) :

-A INPUT -i eth1 -j ACCEPT -m state --state RELATED,ESTABLISHED

# A40-HTTPS-PUBLIC-LAN (host) :

-A INPUT -i eth1 -p tcp --dport https -j ACCEPT -m state --state NEW --source 192.168.1.0/255.255.255.0

# A40-WWW-PUBLIC-LAN (host) :

-A INPUT -i eth1 -p tcp --dport www -j ACCEPT -m state --state NEW --source 192.168.1.0/255.255.255.0

# A50-FORWARD-RELATED (host) :

-A FORWARD -i eth1 -o eth0 -j ACCEPT -m state --state RELATED,ESTABLISHED

# A60-FORWARD (host) :

-A FORWARD -i eth0 -j ACCEPT

# R10-GANGLIA-UDP (host) : block ganglia traffic from non-private interfaces

-A INPUT -p udp --dport 8649 -j REJECT

# R20-MYSQL-TCP (host) : block mysql traffic from non-private interfaces

-A INPUT -p tcp --dport 3306 -j REJECT

# R30-FOUNDATION-MYSQL (host) : block foundation mysql traffic from non-private interfaces

-A INPUT -p tcp --dport 40000 -j REJECT

# R900-PRIVILEGED-TCP (global) :

-A INPUT -i eth1 -p tcp -j REJECT --dport 0:1023

# R900-PRIVILEGED-UDP (global) :

-A INPUT -i eth1 -p udp -j REJECT --dport 0:1023

COMMIT

 

运行iptables:

[root@coms-cluster sysconfig]# service iptables start

iptables: Applying firewall rules: [ OK ]

[root@coms-cluster sysconfig]# service iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

[root@coms-cluster sysconfig]#

 

5.5 如果NFS v4的通信是在client和server,将domain加入到/etc/idmapd.conf中,同时在hypervisior和Management Server主机上设置。

[root@coms-cluster sysconfig]# cat /etc/idmapd.conf | grep Domain

Domain = cuc.edu.cn

[root@coms-cluster sysconfig]#

 

挂载共享目录:

mount –t nfs 192.168.1.117:/export/primary /primary

mount –t nfs 192.168.1.117:/export/secondary /secondary

将挂载命令写入/etc/fstab和/etc/rc.local,使其开机自启动

192.168.1.118:/export/primary /primary nfs defaults 0 0

192.168.1.118:/export/secondary /secondary nfs defaults 0 0

mount –a /etc/rc.local

 

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/260fadb46ace5ae5970d1c12e1b80fc5.html