From b6a610e2db5798ae69cfd2cc8a9d7f85617f3926 Mon Sep 17 00:00:00 2001
From: Wido den Hollander <wido@widodh.nl>
Date: Tue, 14 Aug 2012 17:30:38 +0200
Subject: [PATCH] docs: Work on Management Server and Hypervisor Host
 installation

The Hypervisor installation describes what cloud-setup-agent is actually doing, but this way administrators know what the tool is doing.

We could remove all these things from cloud-setup-agent and require system administrators to perform these steps them selfs, this way
we don't break anything on their systems.

It would make setting up Hypervisors a bit harder, but would be much better on the longer run.
---
 docs/en-US/hypervisor-host-install-flow.xml   | 31 +++++++++
 .../en-US/hypervisor-host-install-libvirt.xml | 59 ++++++++++++++++
 .../hypervisor-host-install-overview.xml      | 36 ++++++++++
 .../hypervisor-host-install-prepare-os.xml    | 53 ++++++++++++++
 ...ervisor-host-install-security-policies.xml | 69 +++++++++++++++++++
 docs/en-US/installation.xml                   |  3 +-
 docs/en-US/minimum-system-requirements.xml    |  6 +-
 7 files changed, 253 insertions(+), 4 deletions(-)
 create mode 100644 docs/en-US/hypervisor-host-install-flow.xml
 create mode 100644 docs/en-US/hypervisor-host-install-libvirt.xml
 create mode 100644 docs/en-US/hypervisor-host-install-overview.xml
 create mode 100644 docs/en-US/hypervisor-host-install-prepare-os.xml
 create mode 100644 docs/en-US/hypervisor-host-install-security-policies.xml

diff --git a/docs/en-US/hypervisor-host-install-flow.xml b/docs/en-US/hypervisor-host-install-flow.xml
new file mode 100644
index 00000000000..5badfde8888
--- /dev/null
+++ b/docs/en-US/hypervisor-host-install-flow.xml
@@ -0,0 +1,31 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements.  See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership.  The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied.  See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<section id="hypervisor-host-install-flow">
+    <title>Hypervisor Host installation</title>
+    <xi:include href="hypervisor-host-install-overview.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+    <xi:include href="hypervisor-host-install-prepare-os.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+    <xi:include href="hypervisor-host-install-libvirt.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+    <xi:include href="hypervisor-host-install-security-policies.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+</section>
\ No newline at end of file
diff --git a/docs/en-US/hypervisor-host-install-libvirt.xml b/docs/en-US/hypervisor-host-install-libvirt.xml
new file mode 100644
index 00000000000..239c4d71667
--- /dev/null
+++ b/docs/en-US/hypervisor-host-install-libvirt.xml
@@ -0,0 +1,59 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements.  See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership.  The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied.  See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<section id="hypervisor-host-install-libvirt">
+    <title>Install and Configure libvirt</title>
+    <para>&PRODUCT; uses libvirt for managing virtual machines. Therefor it is vital that libvirt is configured correctly.</para>
+    <orderedlist>
+        <listitem>
+            <para>Install libvirt</para>
+            <para>On RHEL or CentOS:</para>
+            <programlisting># yum install libvirt</programlisting>
+            <para>On Ubuntu:</para>
+            <programlisting># apt-get install libvirt-bin</programlisting>
+        </listitem>
+        <listitem>
+            <para>In order to have live migration working libvirt has to listen for unsecured TCP connections.</para>
+            <programlisting># vi /etc/libvirt/libvirtd.conf</programlisting>
+            <para>Set the following paramaters:</para>
+            <programlisting>listen_tls = 0</programlisting>
+            <programlisting>listen_tcp = 1</programlisting>
+            <programlisting>tcp_port = 16059</programlisting>
+            <programlisting>auth_tcp none</programlisting>
+        </listitem>
+        <listitem>
+            <para>In order to have libvirt listening on TCP we have to change the execution arguments.</para>
+            <para>On RHEL or CentOS:</para>
+            <programlisting># vi /etc/sysconfig/libvirtd</programlisting>
+            <para>Uncomment the following line:</para>
+            <programlisting>#LIBVIRTD_ARGS="--listen"</programlisting>
+            <para>On Ubuntu:</para>
+            <programlisting># vi /etc/init/libvirt-bin.conf</programlisting>
+            <para>Change the following line:</para>
+            <programlisting>exec /usr/sbin/libvirtd -d</programlisting>
+            <para>to (just add -l)</para>
+            <programlisting>exec /usr/sbin/libvirtd -d -l</programlisting>
+        </listitem>
+    </orderedlist>
+</section>
\ No newline at end of file
diff --git a/docs/en-US/hypervisor-host-install-overview.xml b/docs/en-US/hypervisor-host-install-overview.xml
new file mode 100644
index 00000000000..54ca55fc977
--- /dev/null
+++ b/docs/en-US/hypervisor-host-install-overview.xml
@@ -0,0 +1,36 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements.  See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership.  The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied.  See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<section id="hypervisor-host-install-overview">
+    <title>Hypervisor Host Installation Overview</title>
+    <para>This section describes installing a Hypervisor host. This is targeted towards hosts running Linux Kernel Virtual Machine (KVM)</para>
+    <warning><para>Before continuing, make sure that you have applied the latest updates to your host.</para></warning>
+    <para>The procedure for installing the Hypervisor Host is:</para>
+    <orderedlist>
+        <listitem><para>Prepare the Operating System</para></listitem>
+        <listitem><para>Install and configure libvirt</para></listitem>
+        <listitem><para>Configure Security Policies (AppArmor and SELinux)</para></listitem>
+        <listitem><para>Install and configure the Agent</para></listitem>
+    </orderedlist>
+</section>
\ No newline at end of file
diff --git a/docs/en-US/hypervisor-host-install-prepare-os.xml b/docs/en-US/hypervisor-host-install-prepare-os.xml
new file mode 100644
index 00000000000..2884cd13d5e
--- /dev/null
+++ b/docs/en-US/hypervisor-host-install-prepare-os.xml
@@ -0,0 +1,53 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements.  See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership.  The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied.  See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<section id="hypervisor-host-install-prepare-os">
+    <title>Prepare the Operating System</title>
+    <para>The OS of the Host must be prepared to host the &PRODUCT; Agent and run KVM instances.</para>
+    <orderedlist>
+        <listitem><para>Log in to your OS as root.</para></listitem>
+        <listitem>
+            <para>Check for a fully qualified hostname.</para>
+            <programlisting># hostname --fqdn</programlisting>
+            <para>This should return a fully qualified hostname such as "kvm1.lab.example.org".  If it does not, edit /etc/hosts so that it does.</para>
+        </listitem>
+        <listitem>
+            <para>Make sure that the machine can reach the Internet.</para>
+            <programlisting># ping www.cloudstack.org</programlisting>
+        </listitem>
+        <listitem>
+            <para>Turn on NTP for time synchronization.</para>
+            <note><para>NTP is required to synchronize the clocks of the servers in your cloud.</para></note>
+                <orderedlist numeration="loweralpha">
+                    <listitem><para>Install NTP</para>
+                        <para condition="community">On RHEL or CentOS:</para>
+                        <programlisting># yum install ntp</programlisting>
+                        <para condition="community">On Ubuntu:</para>
+                        <programlisting condition="community"># apt-get install openntpd</programlisting>
+                    </listitem>
+                </orderedlist>
+        </listitem>
+        <listitem><para>Repeat all of these steps on every hypervisor host.</para></listitem>
+    </orderedlist>
+</section>
\ No newline at end of file
diff --git a/docs/en-US/hypervisor-host-install-security-policies.xml b/docs/en-US/hypervisor-host-install-security-policies.xml
new file mode 100644
index 00000000000..4ba748ed49d
--- /dev/null
+++ b/docs/en-US/hypervisor-host-install-security-policies.xml
@@ -0,0 +1,69 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
+%BOOK_ENTITIES;
+]>
+
+<!-- Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements.  See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership.  The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied.  See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<section id="hypervisor-host-install-security-policies">
+    <title>Configure the Security Policies</title>
+    <orderedlist>
+        <listitem>
+            <para>Configure SELinux (RHEL and CentOS)</para>
+            <orderedlist numeration="loweralpha">
+                <listitem>
+                    <para>Check to see whether SELinux is installed on your machine. If not, you can skip this section.</para>
+                    <para>In RHEL or CentOS, SELinux is installed and enabled by default. You can verify this with:</para>
+                    <programlisting># rpm -qa | grep selinux</programlisting>
+                </listitem>
+                <listitem>
+                    <para>Set the SELINUX variable in /etc/selinux/config to "permissive". This ensures that the permissive setting will be maintained after a system reboot.</para>
+                    <para>In RHEL or CentOS:</para>
+                    <programlisting># vi /etc/selinux/config</programlisting>
+                    <para>Change the following line</para>
+                    <programlisting>SELINUX=enforcing</programlisting>
+                    <para>to this</para>
+                    <programlisting>SELINUX=permissive</programlisting>
+                </listitem>
+                <listitem>
+                    <para>Then set SELinux to permissive starting immediately, without requiring a system reboot.</para>
+                    <programlisting># setenforce permissive</programlisting>
+                </listitem>
+            </orderedlist>
+        </listitem>
+        <listitem>
+            <para>Configure Apparmor (Ubuntu)</para>
+            <orderedlist numeration="loweralpha">
+                <listitem>
+                    <para>Check to see whether AppArmor is installed on your machine. If not, you can skip this section.</para>
+                    <para>In Ubuntu AppArmor is installed and enabled by default. You can verify this with:</para>
+                    <programlisting># dpkg --list 'apparmor'</programlisting>
+                </listitem>
+                <listitem>
+                    <para>Disable the AppArmor profiles for libvirt</para>
+                    <programlisting>ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/</programlisting>
+                    <programlisting>ln -s /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper /etc/apparmor.d/disable/</programlisting>
+                    <programlisting>apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd</programlisting>
+                    <programlisting>apparmor_parser -R /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper</programlisting>
+                </listitem>
+            </orderedlist>
+        </listitem>
+    </orderedlist>
+</section>
\ No newline at end of file
diff --git a/docs/en-US/installation.xml b/docs/en-US/installation.xml
index 883a09462cf..948931e5768 100644
--- a/docs/en-US/installation.xml
+++ b/docs/en-US/installation.xml
@@ -27,5 +27,6 @@
     <xi:include href="who-should-read-installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
     <xi:include href="installation-steps-overview.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
     <xi:include href="minimum-system-requirements.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
-    <xi:include href="management-server-install-flow.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>    
+    <xi:include href="management-server-install-flow.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
+    <xi:include href="hypervisor-host-install-flow.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
 </chapter>
diff --git a/docs/en-US/minimum-system-requirements.xml b/docs/en-US/minimum-system-requirements.xml
index da60c2c7984..0043a26dba8 100644
--- a/docs/en-US/minimum-system-requirements.xml
+++ b/docs/en-US/minimum-system-requirements.xml
@@ -36,7 +36,7 @@
             </listitem>
             <listitem><para>64-bit x86 CPU (more cores results in better performance)</para></listitem>
             <listitem><para>4 GB of memory</para></listitem>
-            <listitem><para>250 GB of local disk (more results in better capability; 500 GB recommended)</para></listitem>
+            <listitem><para>50 GB of local disk (When running secondary storage on the management server 500GB is recommended)</para></listitem>
             <listitem><para>At least 1 NIC</para></listitem>
             <listitem><para>Statically allocated IP address</para></listitem>
             <listitem><para>Fully qualified domain name as returned by the hostname command</para></listitem>
@@ -78,8 +78,8 @@
             </itemizedlist>
             <para>The main requirement for KVM hypervisors is the libvirt and Qemu version. If you whish to run on a different distribution, make sure you meet the following requirements:</para>
             <itemizedlist>
-                <listitem><para>libvirt: 0.9.4 and higher</para></listitem>
-                <listitem><para>Qemu/KVM: 1.0 and higher</para></listitem>
+                <listitem><para>libvirt: 0.9.4 or higher</para></listitem>
+                <listitem><para>Qemu/KVM: 1.0 or higher</para></listitem>
             </itemizedlist>
         </section>
         <section id="hypervisor-requirements-ovm">