5. 安装NFS共享(CloudStack需要一个地方来作为第一和第二存储,所有的这些都可以用NFS共享来实现,通常来说配置NFS Server需要一个单独的服务器,但是将Management Server作为NFS服务器也是可行的,这是一个典型的配置。注:这里我们将ManagementServer作为NFS服务器)
5.1 创建两个目录用来作为第一和第二存储
[root@coms-cluster etc]# mkdir -p /export/primary
[root@coms-cluster etc]# mkdir -p /export/secondary
[root@coms-cluster etc]# cd /export/
[root@coms-cluster export]# ll
total 40
drwxr-xr-x 2 root root 4096 May 24 16:52 apps
drwxr-xr-x 3 root root 4096 Jun 4 14:38 home
drwx------ 2 root root 16384 May 24 16:21 lost+found
drwxr-xr-x 2 root root 4096 Jun 8 15:00 primary
drwxr-xr-x 3 root root 4096 May 29 2012 rocks
drwxr-xr-x 2 root root 4096 Jun 8 15:00 secondary
drwxr-xr-x 3 root root 4096 May 24 16:50 site-roll
[root@coms-cluster export]#
5.2 将上面创建的目录加入NFS共享中,编辑/etc/exports文件。
[root@coms-cluster export]#
[root@coms-cluster export]# vi /etc/exports
/export 100.1.1.1(rw,async,no_root_squash) 100.1.0.0/255.255.0.0(rw,async)
/export/primary *(rw,async,no_root_squash)
/export/secondary *(rw,async,no_root_squash)
[root@coms-cluster export]# exportfs -a
[root@coms-cluster export]# showmount -e localhost
Export list for localhost:
/export/secondary * #共享出去的两个目录
/export/primary *
/export (everyone)
[root@coms-cluster export]#
5.3 修改NFS的配置文件/etc/sysconf/nfs,取消下面的注释。(CetOS和RHEL必须,Ubuntu不用设置)
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020
5.4 修改/etc/sysconfig/iptables文件,添加一些规则到INPUT chain
[root@coms-cluster sysconfig]# vi iptables
*nat
# MASQUERADE (host) :
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
-A INPUT -m state --state NEW -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
# A10-REJECT-411-TCP (host) :
-A INPUT -p tcp --dport 372 -j REJECT --sport 1024:65535
# A10-REJECT-411-UDP (host) :
-A INPUT -p udp --dport 372 -j REJECT --sport 1024:65535
# A15-ALL-LOCAL (global) :
-A INPUT -j ACCEPT -i lo
# A20-ALL-PRIVATE (global) :
-A INPUT -i eth0 -j ACCEPT
# A20-SSH-PUBLIC (global) :
-A INPUT -i eth1 -p tcp --dport ssh -j ACCEPT -m state --state NEW
# A30-RELATED-PUBLIC (global) :
-A INPUT -i eth1 -j ACCEPT -m state --state RELATED,ESTABLISHED
# A40-HTTPS-PUBLIC-LAN (host) :
-A INPUT -i eth1 -p tcp --dport https -j ACCEPT -m state --state NEW --source 192.168.1.0/255.255.255.0
# A40-WWW-PUBLIC-LAN (host) :
-A INPUT -i eth1 -p tcp --dport www -j ACCEPT -m state --state NEW --source 192.168.1.0/255.255.255.0
# A50-FORWARD-RELATED (host) :
-A FORWARD -i eth1 -o eth0 -j ACCEPT -m state --state RELATED,ESTABLISHED
# A60-FORWARD (host) :
-A FORWARD -i eth0 -j ACCEPT
# R10-GANGLIA-UDP (host) : block ganglia traffic from non-private interfaces
-A INPUT -p udp --dport 8649 -j REJECT
# R20-MYSQL-TCP (host) : block mysql traffic from non-private interfaces
-A INPUT -p tcp --dport 3306 -j REJECT
# R30-FOUNDATION-MYSQL (host) : block foundation mysql traffic from non-private interfaces
-A INPUT -p tcp --dport 40000 -j REJECT
# R900-PRIVILEGED-TCP (global) :
-A INPUT -i eth1 -p tcp -j REJECT --dport 0:1023
# R900-PRIVILEGED-UDP (global) :
-A INPUT -i eth1 -p udp -j REJECT --dport 0:1023
COMMIT
运行iptables:
[root@coms-cluster sysconfig]# service iptables start
iptables: Applying firewall rules: [ OK ]
[root@coms-cluster sysconfig]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@coms-cluster sysconfig]#
5.5 如果NFS v4的通信是在client和server,将domain加入到/etc/idmapd.conf中,同时在hypervisior和Management Server主机上设置。
[root@coms-cluster sysconfig]# cat /etc/idmapd.conf | grep Domain
Domain = cuc.edu.cn
[root@coms-cluster sysconfig]#
挂载共享目录:
mount –t nfs 192.168.1.117:/export/primary /primary
mount –t nfs 192.168.1.117:/export/secondary /secondary
将挂载命令写入/etc/fstab和/etc/rc.local,使其开机自启动
192.168.1.118:/export/primary /primary nfs defaults 0 0
192.168.1.118:/export/secondary /secondary nfs defaults 0 0
mount –a /etc/rc.local