by Martin Loschwitz

this manual explains how to install OpenStack Essex (Version 2012.1) on Ubuntu 12.04 (Beta). If you want to know more about why I wrote this text, please refer to the corresponding blog post.

PLEASE NOTE: This document deals with the virtualization part of OpenStack only; OpenStack Swift isn’t discussed as it’s not necessary for this part of the setup (if you are looking for Swift installation instructions, take a look at the CSS OpenStack Beginner’s Guide v2.0 where Swift installation is discussed with all necessary details). This text also does not discuss Quantum (yet) but might well be adapted to do so later.

Prerequisites: Ubuntu 12.04 as of April 8th, 2012 with all package updates installed. I’m using the stock OpenStack packages as delivered by Ubuntu. This howto assumes that all relevant OpenStack services are installed on the same machine; in order to add more computing nodes, install the OpenStack nova components on these nodes and adapt /etc/nova/nova.conf accordingly. The machine I created this setup on has two network interfaces, eth0 and eth1. Last but not least, I’m assuming that you are logged in as root.

Step 1: Prepare your System

Install NTP by issuing this command on the command line:

apt-get install ntp

Then, open /etc/ntp.conf in your favourite editor and add these lines:

server ntp.ubuntu.com iburst
server 127.127.1.0
fudge 127.127.1.0 stratum 10

Restart NTP by issuing the command

service ntp restart

to finish this part of the installation. Next, install the tgt target, which features an iscsi target (we’ll need it for nova-volume):

apt-get install tgt

Then start it with

service tgt start

Given that we’ll be running nova-compute on this machine as well, we’ll also need the openiscsi-client. Install it with:

apt-get install open-iscsi open-iscsi-utils

Next, we need to make sure that our network is working as expected. As pointed out earlier, the machine we’re doing this on has two network interfaces, eth0 and eth1. eth0 is the machine’s link to the outside world, eth1 is the interface we’ll be using for our virtual machines. We’ll also make nova bridge clients via eth0 into the internet. To achieve this kind of setup, first create the according network configuration in /etc/network/interfaces (assuming that you are not using NetworkManager). An example could look like this:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.42.0.6
network 10.42.0.0
netmask 255.255.255.0
broadcast 10.42.0.255
gateway 10.42.0.1

auto eth1
iface eth1 inet static
address 192.168.22.1
network 192.168.22.0
netmask 255.255.255.0
broadcast 192.168.22.255

As you can see, the “public” network here is 10.42.0.0/24 while the “private” network (within which our VMs will be residing) is 192.168.22.0/24. This machine’s IP address in the public network is 10.42.0.6 and we’ll be using this IP in configuration files later on (except for when connecting to MySQL, which we’ll by connecting to 127.0.0.1). After changing your network interfaces definition accordingly, make sure that the bridge-utils package is installed. Should it be missing on your system, install it with

apt-get install bridge-utils

Then, restart your network with

/etc/init.d/networking restart

We’ll also need RabbitMQ, an AMQP-implementation, as that is what all OpenStack components use to communicate with eath other, and memcached.

apt-get install rabbitmq-server memcached python-memcache

apt-get install kvm libvirt-bin

Step 2: Install MySQL and create the necessary databases and users

Submitted by martin on Fri, 2012-03-23 20:40 GMT

Nova and glance will use MySQL to store their runtime data. To make sure they can do that, we’ll install and set up MySQL. Do this:

apt-get install -y mysql-server python-mysqldb

When the package installation is done and you want other machines (read: OpenStack computing nodes) to be able to talk to that MySQL database, too, open up /etc/mysql/my.cnf in your favourite editor and change this line:

bind-address = 127.0.0.1

to look like this:

bind-address = 0.0.0.0

Then, restart MySQL:

service mysql restart

Now create the user accounts in mysql and grant them access on the according databases, which you need to create, too:

mysql -u root <<EOF
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'%'
  IDENTIFIED BY 'dieD9Mie';
EOF

mysql -u root <<EOF
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'%'
  IDENTIFIED BY 'ohC3teiv';
EOF

Step 3: Install and configure Keystone

Submitted by martin on Fri, 2012-03-23 22:13 GMT

We can finally get to OpenStack now and we’ll start by installing the Identity component, codenamed Keystone. Install the according packages:

apt-get install keystone python-keystone python-keystoneclient

Then, open /etc/keystone/keystone.conf in an editor and make sure to set a value for admin_token. We’ll use “hastexo” in this example.

Scroll down to the section starting with [catalog]. This section defines where Keystone finds its endpoint defintions. In earlier versions of Keystone, endpoints had to be manually defined with keystone-manage, but in newer Keystone versions, we can just use a template for that. Ubuntu’s default configuration uses such an endpoint catalog stored in MySQL. However, according to the OpenStack developers, this isn’t the recommended method for Essex. Change the [catalog] section to look like this:

[catalog]
driver = keystone.catalog.backends.templated.TemplatedCatalog
template_file = /etc/keystone/default_catalog.templates

After you have conduced these changes, restart Keystone by issuing this command:

service keystone restart

The next step is to fill Keystone with actual data. You can use the script attached to this blog entry entitled keystone_data.sh_.txt. It’s courtesy of the Devstack project with some adaptions. Rename the file to keystone_data.sh. Be sure to replace the admin password (ADMIN_PASSWORD variable) and the value for SERVICE_TOKEN with the entry you specified in keystone.conf for admin_token earlier. Then just make the script executable and call it; if everything goes well, it should deliver a return code of 0 and your keystone is ready to go.

File Attachment:

keystone_data.sh_.txt

本地下载(keystone_data.sh_.txt)

Step 4: Install and configure Glance

Submitted by martin on Fri, 2012-03-23 22:33 GMT

The next step on our way to OpenStack is its Image Service, codenamed Glance. First, install the packages necessary for it:

apt-get install glance glance-api glance-client glance-common glance-registry python-glance

When that is done, open /etc/glance/glance-api-paste.ini in an editor and scroll down to the end of the document. You’ll see these three lines at its very end:

admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%

Fill in values here appropriate for your setup. If you used the keystone_data.sh script from this site, then your admin_tenant_name will be admin and your admin_user will be admin, too. admin_password is the password you defined for ADMIN_PASSWORD in keystone_data.sh, so use the same value here, too. In this example, we’ll use hastexo.

After this, open /etc/glance/glance-registry-paste.ini and scroll to that file’s end, too. Adapt it in the same way you adapted /etc/glance/glance-api-paste.ini earlier.

Please open /etc/glance/glance-registry.conf now and scroll down to the line starting with sql_connection. This is where we tell Glance to use MySQL; according to the MySQL configuration we created earlier, the sql_connection-line for this example would look like this:

sql_connection = mysql://glancedbadmin:ohC3teiv@10.42.0.6/glance

It’s important to use the machine’s actual IP in this example and not 127.0.0.1! After this, scroll down until the end of the document and add these two lines:

[paste_deploy]
flavor = keystone

These two lines instruct the Glance Registry to use Keystone for authentication, which is what we want. Now we need to do the same for the Glance API. Open /etc/glance/glance-api.conf and add these two lines at the end of the document:

[paste_deploy]
flavor = keystone

Afterwards, you need to initially synchronize the Glance database by running these commands:

glance-manage version_control 0
glance-manage db_sync

It’s time to restart Glance now:

service glance-api restart && service glance-registry restart

Now what’s the best method to verify that Glance is working as expected? The glance command line utilty can do that for us, but to work properly, it needs to know how we want to authenticate ourselves to Glance (and keystone, subsequently). This is a very good moment to define four environmental variables that we’ll need continously when working with OpenStack: OS_TENANT_NAME, OS_USERNAME, OS_PASSWORD and OS_AUTH_URL.  Here’s what they should look like in our example scenario:

export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=hastexo
export OS_AUTH_URL="http://localhost:5000/v2.0/"

The first three entries are identical with what you inserted into Glance’s API configuration files earlier and the entry for OS_AUTH_URL is mostly generic and should just work. After exporting these variables, you should be able to do

glance index

and get no output at all in return (but the return code will be 0; check with echo $?). If that’s the case, Glance is setup correctly and properly connects with Keystone. Now let’s add our first image!

We’ll be using a Ubuntu UEC image for this. Download one:

wget http://uec-images.ubuntu.com/releases/11.10/release/ubuntu-11.10-server-cloudimg-amd64-disk1.img

Then add this image to Glance:

glance add name="Ubuntu 11.10 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < ubuntu-11.10-server-cloudimg-amd64-disk1.img

After this, if you do

glance index

once more, you should be seeing the freshly added image.

Step 5: Install and configure Nova

Submitted by martin on Fri, 2012-03-23 22:35 GMT

OpenStack Compute, codenamed Nova, is by far the most important and the most substantial openstack component. Whatever you do when it comes to managing VMs will be done by Nova in the background. The good news is: Nova is basically controlled by one configuration file, /etc/nova/nova.conf. Get started by installing all nova-related components:

apt-get install nova-api nova-cert nova-common nova-compute nova-compute-kvm nova-doc nova-network nova-objectstore nova-scheduler nova-vncproxy nova-volume python-nova python-novaclient

Then, open /etc/nova/nova.conf and replace everything in there with these lines:

--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--allow_admin_api=true
--use_deprecated_auth=false
--auth_strategy=keystone
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
--s3_host=10.42.0.6
--ec2_host=10.42.0.6
--rabbit_host=10.42.0.6
--cc_host=10.42.0.6
--nova_url=http://10.42.0.6:8774/v1.1/
--routing_source_ip=10.42.0.6
--glance_api_servers=10.42.0.6:9292
--image_service=nova.image.glance.GlanceImageService
--iscsi_ip_prefix=192.168.22
--sql_connection=mysql://novadbadmin:dieD9Mie@10.42.0.6/nova
--ec2_url=http://10.42.0.6:8773/services/Cloud
--keystone_ec2_url=http://10.42.0.6:5000/v2.0/ec2tokens
--api_paste_config=/etc/nova/api-paste.ini
--libvirt_type=kvm
--libvirt_use_virtio_for_bridges=true
--start_guests_on_host_boot=true
--resume_guests_state_on_host_boot=true
--vnc_enabled=true
--vncproxy_url=http://10.42.0.6:6080
--vnc_console_proxy_url=http://10.42.0.6:6080
# network specific settings
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth1
--flat_network_bridge=br100
--fixed_range=192.168.22.32/27
--floating_range=10.42.0.32/27 
--network_size=32
--flat_network_dhcp_start=192.168.22.33
--flat_injected=False
--force_dhcp_release
--iscsi_helper=tgtadm
--connection_type=libvirt
--root_helper=sudo nova-rootwrap
--verbose

As you can see, many of the entries in this file are self-explanatory; the trickiest bit to get done right is the network configuration part, which you can see at the end of the file. We’re using Nova’s FlatDHCP network mode; 192.168.22.32/27 is the fixed range from which our future VMs will get their IP adresses, starting with 192.168.22.33. Our flat interface is eth1 (nova-network will bridge this into a bridge named br100), our public interface is eth0. An additional floating range is defined at 10.42.0.32/27 (for those VMs that we want to have a ‘public IP’).

Attention: Every occurance of 10.42.0.6 in this file refers to the IP of the machine I used for writing this guide. You need to replace it with the actual machine IP of the box you are running  this on. For example, if your machine has the local IP address 192.168.0.1, then use this IP instead of 10.42.0.6.

After saving nova.conf, open /etc/nova/api-paste.ini in an editor and scroll down to the end of the file. Adapt it according to the changes you conducted in Glance’s paste-files in step 3.

Then, restart all nova services to make the configuration file changes take effect:

for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler nova-volume nova-vncproxy; do service "$a" stop; done

for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler nova-volume nova-vncproxy; do service "$a" start; done

The next step will create all databases Nova needs in MySQL. While we are at it, we can also create the network we want to use for our VMs in the Nova databases. Do this:

nova-manage db sync

nova-manage network create private --fixed_range_v4=192.168.22.32/27 --num_networks=1 --bridge=br100 --bridge_interface=eth1 --network_size=32

Also, make sure that all files in /etc/nova belong to the nova user and the nova group:

chown -R nova:nova /etc/nova

Then, restart all nova-related services again:

for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler nova-volume nova-vncproxy; do service "$a" stop; done

for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler nova-volume nova-vncproxy; do service "$a" start; done

You should now see all these nova-* processes when doing ps auxw. And you should be able to use the numerous nova commands. For example,

nova list

should give you a list of all currently running VMs (none, the list should be empty). And

nova image-list

should show a list of the image you uploaded to Glance in the step before. If that’s the case, Nova is working as expected and you can carry on with starting your first VM.

Step 6: Your first VM

Submitted by martin on Fri, 2012-03-23 22:37 GMT

Once Nova works as desired, starting your first own cloud VM is easy. As we’re using a Ubuntu image for this example which allows for SSH-key based login only, we first need to store a public SSH key for our admin user in the OpenStack database. Upload the file containing your SSH public key onto the server (i’ll assume the file is called id_dsa.pub) and do this:

nova keypair-add --pub_key id_rsa.pub key1

This will add the key to OpenStack Nova and store it with the name “key1″. The only thing left to do after this is firing up your VM. Find out what ID your Ubuntu image has, you can do this with:

nova image-list

When starting a VM, you also need to define the flavor it is supposed to use. Flavors are pre-defined hardware schemes in OpenStack with which you can define what resources your newly created VM has. OpenStack comes with five pre-defined flavors; you can get an overview over the existing flavors with

nova flavor-list

Flavors are referenced by their ID, not by  their name. That’s important for the actual command to execute to start your VM. That command’s syntax basically is this:

nova boot --flavor ID --image Image-UUID --key_name key-name vm_name

So let’s assume you want to start a VM with the m1.tiny flavor, which has the ID 1. Let’s further assume that your image’s UUID in Glance is 9bab7ce7-7523-4d37-831f-c18fbc5cb543 and that you want to use the SSH key key1. Last but nut least, you want your new VM to have the name superfrobnicator. Here’s the command you would need to start that particular VM:

nova boot --flavor 1 --image 9bab7ce7-7523-4d37-831f-c18fbc5cb543 --key_name key1 superfrobnicator

After hitting the Enter key, Nova will show you a summary with all important details concerning the new VM. After some seconds, issue the command

nova show superfrobnicator

In the line with the private_network keyword, you’ll see the IP address that Nova has assigned this particular VM. As soon as the VMs status is ACTIVE, you should be able to log into that VM by issuing

ssh -i Private-Key ubuntu@IP

Of course Private-Key needs to be replaced with the path to your SSH private key and IP needs to be replaced with the VMs actual IP. If you’re using SSH agent forwarding, you can leave out the “-i”-parameter altogether.

Step 7: The OpenStack Dashboard

Submitted by martin on Fri, 2012-03-23 22:39 GMT

We can use Nova to start and stop virtual machines now, but up to this point, we can only do it on the command line. That’s not good, because typically, we’ll want users without high-level administrator skills to be able to start new VMs. There’s a solution for this on the OpenStack ecosystem called Dashboard, codename Horizon. Horizon is OpenStack’s main configuration interface. It’s django-based.

Let’s get going with it:

apt-get install libapache2-mod-wsgi openstack-dashboard

Make sure that you install at least the version 2012.1~rc2-0ubuntu1 of the openstack-dashboard package as this version contains some important fixes that are necessary for Horizon to work properly.

Then, open /etc/openstack-dashboard/local_settings.py in an editor. Go to the line starting with CACHE_BACKEND and make sure it looks like this:

CACHE_BACKEND = 'memcached://127.0.0.1:11211/'

Now restart Apache with

service apache2 restart

After this, point your webbrowser to the Nova machine’s IP address and you should see the OpenStack Dashboard login prompt. Login with admin and the password you specified. That’s it – you’re in!

Step 8: Making the euca2ools work

Submitted by martin on Fri, 2012-03-23 22:41 GMT

OpenStack offers a full-blown native API for administrator interaction. However, it also has an API compatible with Amazons AWS service. This means that on Linux you can not only use the native OpenStack clients for interaction but also the euca2ools toolsuite. Using euca2ools with keystone is possible. Large portions on how to do it are written down in this document. Here’s the short summary for those who are in a hurry:

export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
export CREDS=$(keystone ec2-credentials-create)
export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')

After that, the euca2ools should just work (if the euca2ools package is installed, of course). You can try running

euca-describe-images

or

euca-describe-instances

to find out whether it’s working or not.

Appendix A: Making nova-volume work

Submitted by martin on Sun, 2012-03-25 15:27 GMT

nova-volume is the OpenStack Compute component that will allow you to assign persistent storage devices to your virtual machines. Internally, it’s using iSCSI, which is why you installed the tgt package earlier.

Assuming that you have a local LVM volume group entitled nova-volumes, you can try assigning a 1G large volume to our superfrobnicator VM by using these commands to create a 1G large volume and assign it accordingly:

nova volume-create --display_name "volume1" 1 nova volume-attach superfrobnicator 1 /dev/vdb

Please take particular note of the parameter between superfrobnicator and /dev/vdb in this example. It refers to the actual ID of the volume. To find out a volume’s ID, you can do

nova volume-list

and then use the value from the “ID” field for a specific volume. If everything went well, you’ll see a new disk device in the superfrobnicator VM now, /dev/vdb.

Appendix B: Using floating IPs

Submitted by martin on Sun, 2012-03-25 16:25 GMT

Floating IPs are an unbelievably handy tool in OpenStack to supply your virtual machines with “official” IP addresses. In this example, we’ve mainly been dealing with the 192.168.22.0/24 network, which is the “internal” network for our VMs. Our VMs can communicate with each other and they can communicate with the outside world, but they don’t have an official IP address that others could connect to (the “public” net in this test-setup is 10.42.0.0/24 after all). Floating IPs allow you to assign your VMs an additional IP from that “public” network, making them accessible directly. And using floating IPs is anything but hard!

First, you’ll have to define a range of addresses which OpenStack nova will use. Our old friend nova-manage does this:

nova-manage floating create --ip_range=10.42.0.32/27

Then, within Nova itself, you’ll have to create a floating IP (creating here is Nova-speak for “reserving”):

nova floating-ip-create

This command will print out an IP address (in this example it’s 10.42.0.35) that you will need in the next step. To assign this IP to our superfrobnicator VM, use this command:

nova add-floating-ip superfrobnicator 10.42.0.35

Please note: Assigning a floating IP to an existing VM does automatically enable that IP for the VM. You’ll not have to manually assign the IP to the VMs main network interface, as all the networking magic is done by iptables on the actual compute node.

That’s it! Your new VM can now use its floating IP. There is only one problem left: By default, nova uses very secure iptables rules to protect IPs reachable via floating IPs from abuse. De facto, nova will not allow any traffic from the outside to get through to your VM. We’ll have to fiddle with Security Groups to solve this problem. Here’s how you can enable SSH access and ICMP to your floating IPs:

nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

After this, your VM will be reachable directly from the outside via its floating IP address (by SSH and ICMP).

1.  减少ext4 root分区大小 ( lvreduce )

2. 创建新的ext3分区 ( lvcreate )

3. 格式化 ext3 分区 ( mkfs.ext3 )

4. 为 ext4 root分区创建一个snapshot ( lvcreate )

4. 备份 ext4 root snapshot分区 （ fsarchiver )

5. 恢复备份到 ext3分区 ( fsarchiver )

6. 修改 /etc/fstab 及 /boot/grub/grub.conf 使用新的 ext3 root分区

7. 删除snapshot分区( lvremove ), 重启动 ( reboot )

8. 如果需要，除旧的 ext4 root分区 ( lvremove ), 扩展新的 ext3 分区大小 ( lvextend )

fsarchiver快速入门 ( http://www.fsarchiver.org/QuickStart )

How to save filesystems to an archive

Here is how to use FSArchiver to backup a partition of your disk. Let’s consider your linux operating system is installed on /dev/sda1 and you want to back it up to a file on /mnt/backup. You can run this command from a livecd:

fsarchiver savefs /mnt/backup/gentoo-rootfs.fsa /dev/sda1

You can also archive several filesystems in a single archive file:

fsarchiver savefs /mnt/backup/gentoo-rootfs.fsa /dev/sda1 /dev/sda2 /dev/volgroup/lv01

Here is an example of output when we save two filesystems to an archive:

# fsarchiver savefs -o /backup/backup-fsa/backup-fsa025-gentoo-amd64-20090103-01.fsa /dev/sda1 /dev/sda2 -v -j4 -A
filesystem features: [has_journal,resize_inode,dir_index,filetype,sparse_super,large_file]
============= archiving filesystem /dev/sda1 =============
-[00][REGFILE ] /vmlinuz-2.6.25.20-x64-fd13
-[00][REGFILE ] /sysresccd/memdisk
-[00][REGFILE ] /sysresccd/pxelinux.0
-[00][REGFILE ] /sysresccd/initram.igz
-[00][REGFILE ] /sysresccd/boot.cat
.....
-[00][DIR     ] /mkbootcd-gentoo64
-[00][REGFILE ] /System.map-2.6.25.20-x64-fd13
-[00][REGFILE ] /config-2.6.25.20-x64-fd13
-[00][REGFILE ] /config-2.6.27.09-x64-fd16
-[00][DIR     ] /
============= archiving filesystem /dev/sda2 =============
-[01][SYMLINK ] /bin/bb
-[01][REGFILE ] /bin/dd
-[01][REGFILE ] /bin/cp
-[01][REGFILE ] /bin/df
.....
-[01][REGFILE ] /fdoverlay/profiles/repo_name
-[01][DIR     ] /fdoverlay/profiles
-[01][DIR     ] /fdoverlay
-[01][DIR     ] /

How to extract filesystems from an archive

FSArchiver supports multiple filesystems per archive. For that reason, you have to specify which filesystem you want to restore. Each filesystem has a number starting at 0. The first filesystem in the archive will be filesystem number 0, the second will be filesystem number 1, … You can restore either one filesystem at a time, or several filesystems with just one command.

Here is how to restore a filesystem from an archive when there is only one filesystem in that archive:

fsarchiver restfs /mnt/backup/gentoo-rootfs.fsa id=0,dest=/dev/sda1

There is how to restore the second filesystem from an archive (second = number 1):

fsarchiver restfs /mnt/backup/archive-multple-filesystems.fsa id=1,dest=/dev/sdb1

You can also restore both the first and the second filesystem in the same time: (numbers 0 and 1)

fsarchiver restfs /mnt/backup/archive-multple-filesystems.fsa id=0,dest=/dev/sda1 id=1,dest=/dev/sdb1

Option -F was used to convert a filesystem in old version. For instance, it allows to restore a filesystem which was ext2 when it was saved as reiserfs on the new partition. Now, you have to specify option mkfs=xxx with the destination partition. Here is how to restore the first filesystem from an archive to /dev/sda1 and to convert it to reiserfs in the same time:

fsarchiver restfs /mnt/backup/gentoo-rootfs.fsa id=0,dest=/dev/sda1,mkfs=reiserfs

Display info about an archive

It may be useful to know what has been saved in an archive. You can do this using archinfo. It will tell you how many filesystems there are, their properties, the original size of the filesystem and how much space is used:

fsarchiver archinfo /backup/backup-fsa/sysimg-t3p5g965-debian-20100131-07h16.fsa

Here is an example of output:

# fsarchiver archinfo /backup/backup-fsa/sysimg-t3p5g965-debian-20100131-07h16.fsa
====================== archive information ======================
Archive type:                   filesystems
Filesystems count:              2
Archive id:                     4b610c6e
Archive file format:            FsArCh_002
Archive created with:           0.6.6
Archive creation date:          20100131-07:16:35
Archive label:                  debian-backup
Compression level:              7 (lzma level 1)
Encryption algorithm:           none

===================== filesystem information ====================
Filesystem id in archive:       0
Filesystem format:              ext3
Filesystem label:               boot
Filesystem uuid:                d76278bf-5e65-4568-a899-9558ce61bf06
Original device:                /dev/sda1
Original filesystem size:       961.18 MB (1007869952 bytes)
Space used in filesystem:       356.86 MB (374190080 bytes)

===================== filesystem information ====================
Filesystem id in archive:       1
Filesystem format:              ext3
Filesystem label:               debian
Filesystem uuid:                4b0da78f-7f02-4487-a1e2-774c9b412277
Original device:                /dev/vgmain/snapdeb
Original filesystem size:       11.81 GB (12682706944 bytes)
Space used in filesystem:       7.11 GB (7635599360 bytes)

Multi-thread compression

FSArchiver also supports multi-threaded compression. If you have a multi-core processor (eg: dual-core or quad-core) you should create several compression jobs so that all the cores are used. It will make the compression or decompression a lot faster. For instance, if you have a dual-core, you should use option -j2 to create two compression threads to use the power of the two cores. If you have a quad-core cpu, option -j4 is recommended, except if you want to leave one core idle for other programs. In that case you can use -j3. Here is an example of multi-threaded compression:

fsarchiver -j3 -o savefs /mnt/backup/gentoo-rootfs.fsa /dev/sda1

Splitting the archive into several volumes

If the archive file is very big, you may want to split it into several small files. For instance, if the size of your backup is 8GB and you want to save it on DVD+RW discs, it may be useful to split the archive into volumes of 4.3GB. File splitting is supported ijn FSArchiver-0.3.0 and newer. To use it when you create an archive, you just have to use option -s to specific the size you want for each volume, in mega-bytes.

fsarchiver savefs -s 4300 /data/backup-rhel-5.2-fsa033.fsa /dev/sda1

The first volume always have an .fsa extension. The names of the next volumes will terminate with .f01, .f02, .f03, … When you restore the archive, you just have to specify the path to the first volume on the command line, and it will automatically use the next volumes if they are in the same directory. Else it will display a prompt, where you can specify another location for a volume.

Execution environment

FSArchiver requires the file-system tools to be installed to save the file-system attributes (when you do a fsarchiver savefs) and it also requires these tools to recreate the file-system when you do a fsarchive restfs. Anyway, you only need the tools of the current file-system to be installed. In other words, you don’t require xfsprogs to be installed if you only work on an ext3 file-system.

For these reasons, it’s a good idea to run FSArchiver from an environment with all the system tools installed. The best environment is the latest SystemRescueCd version, since it comes with all the linux file-system tools and a very recent FSArchiver version.

It’s also important that you make sure that SELinux is not enabled in the kernel running FSArchiver when you save a file-system which has been labeled by SELinux, or you can use FSArchiver with SELinux enabled if you are sure that the context where it’s running has enough privileges to read the extended-attributes related to SELinux. In the other cases, the kernel could return unlabeled instead of the real value of the security.selinux attribute. Then FSArchiver would not preserve these attributes and then the system would not work when you restore your root filesystem, or you would have to ask the SELinux to relabel the file-system. The SELinux support is disabled by default if you use FSArchiver from SystemRescueCd-1.1.3 or newer, so your SELinux labels will be preserved if you use FSArchiver from that environment.

Detection of the filesystems

FSArchiver is able to detect the filesystems which are installed on all the disks of a computer. This is very useful when you want to work on a partition when you don’t know what is its device name.

# fsarchiver probe simple
[=====DEVICE=====] [==FILESYS==] [=====LABEL=====] [====SIZE====] [MAJ] [MIN]
[/dev/sda1       ] [ext3       ] [boot           ] [   768.72 MB] [  8] [  1]
[/dev/sda2       ] [reiserfs   ] [gentoo         ] [    12.00 GB] [  8] [  2]
[/dev/sda3       ] [ext3       ] [data           ] [   350.00 GB] [  8] [  3]
[/dev/sda4       ] [ext3       ] [backup         ] [   300.00 GB] [  8] [  4]
[/dev/sda5       ] [lvm2pv     ] [               ] [   134.38 GB] [  8] [  5]
[/dev/sda6       ] [lvm2pv     ] [               ] [   106.24 GB] [  8] [  6]
[/dev/sdb1       ] [reiserfs   ] [usb8gb         ] [     7.46 GB] [  8] [ 17]

Command line and its arguments

====> fsarchiver version 0.6.12 (2010-12-25) - http://www.fsarchiver.org <====
Distributed under the GPL v2 license (GNU General Public License v2).
 * usage: fsarchiver [<options>] <command> <archive> [<part1> [<part2> [...]]]
<commands>
 * savefs: save filesystems to an archive file (backup a partition to a file)
 * restfs: restore filesystems from an archive (overwrites the existing data)
 * savedir: save directories to the archive (similar to a compressed tarball)
 * restdir: restore data from an archive which is not based on a filesystem
 * archinfo: show information about an existing archive file and its contents
 * probe [detailed]: show list of filesystems detected on the disks
<options>
 -o: overwrite the archive if it already exists instead of failing
 -v: verbose mode (can be used several times to increase the level of details)
 -d: debug mode (can be used several times to increase the level of details)
 -A: allow to save a filesystem which is mounted in read-write (live backup)
 -a: allow running savefs when partition mounted without the acl/xattr options
 -e <pattern>: exclude files and directories that match that pattern
 -L <label>: set the label of the archive (comment about the contents)
 -z <level>: compression level from 1 (very fast)  to  9 (very good) default=3
 -s <mbsize>: split the archive into several files of <mbsize> megabytes each
 -j <count>: create more than one compression thread. useful on multi-core cpu
 -c <password>: encrypt/decrypt data in archive, "-c -" for interactive password
 -h: show help and information about how to use fsarchiver with examples
 -V: show program version and exit
<information>
 * Support included for: lzo=yes, lzma=yes
 * support for ntfs filesystems is unstable: don't use it for production.
<examples>
 * save only one filesystem (/dev/sda1) to an archive:
   fsarchiver savefs /data/myarchive1.fsa /dev/sda1
 * save two filesystems (/dev/sda1 and /dev/sdb1) to an archive:
   fsarchiver savefs /data/myarchive2.fsa /dev/sda1 /dev/sdb1
 * restore the first filesystem from an archive (first = number 0):
   fsarchiver restfs /data/myarchive2.fsa id=0,dest=/dev/sda1
 * restore the second filesystem from an archive (second = number 1):
   fsarchiver restfs /data/myarchive2.fsa id=1,dest=/dev/sdb1
 * restore two filesystems from an archive (number 0 and 1):
   fsarchiver restfs /data/arch2.fsa id=0,dest=/dev/sda1 id=1,dest=/dev/sdb1
 * restore a filesystem from an archive and convert it to reiserfs:
   fsarchiver restfs /data/myarchive1.fsa id=0,dest=/dev/sda1,mkfs=reiserfs
 * save the contents of /usr/src/linux to an archive (similar to tar):
   fsarchiver savedir /data/linux-sources.fsa /usr/src/linux
 * save a filesystem (/dev/sda1) to an archive split into volumes of 680MB:
   fsarchiver savefs -s 680 /data/myarchive1.fsa /dev/sda1
 * save a filesystem and exclude all files/dirs called 'pagefile.*':
   fsarchiver savefs /data/myarchive.fsa /dev/sda1 --exclude='pagefile.*'
 * generic exclude for 'share' such as '/usr/share' and '/usr/local/share':
   fsarchiver savefs /data/myarchive.fsa --exclude=share
 * absolute exclude valid for '/usr/share' but not for '/usr/local/share':
   fsarchiver savefs /data/myarchive.fsa --exclude=/usr/share
 * save a filesystem (/dev/sda1) to an encrypted archive:
   fsarchiver savefs -c mypassword /data/myarchive1.fsa /dev/sda1
 * Same as before but prompt for password in the terminal:
   fsarchiver savefs -c - /data/myarchive1.fsa /dev/sda1
 * extract an archive made of simple files to /tmp/extract:
   fsarchiver restdir /data/linux-sources.fsa /tmp/extract
 * show information about an archive and its file systems:
   fsarchiver archinfo /data/myarchive2.fsa

在某一个状态下做备份的时候，可能有应用正在访问某一个文件或者数据库，这就是使得备份的时候文件处于一个状态，而备份完后，文件却处于另外一个状态，从而造成备份的非一致性，这种状态恢复数据库数据几乎不会成功。

状态的解决办法是将其分区挂载为只读，然后通过数据库的表级别锁定(table-level write locks)甚至停止数据库来备份数据。所有这些方法无意严重影响了服务的可用性。使用LVM snapshot既可以获得一致性备份，又不会影响服务器的可用性。

要提醒一点是，snapshot这种方法仅对LVM有效，对于非LVM文件系统无效。

snapshot的实现有多种方式(参考文章最后的连接)，这里说说LVM中snapshot的“写时复制”(copy on write) 的实现方法。

当一个snapshot创建的时候，仅拷贝原始卷里数据的元数据(meta- data)。创建的时候，并不会有数据的物理拷贝，因此snapshot的创建几乎是实时的，当原始卷上有写操作执行时，snapshot跟踪原始卷块的改变，这个时候原始卷上将要改变的数据在改变之前被拷贝到snapshot预留的空间里，因此这个原理的实现叫做写时复制(copy-on- write)。

在写操作写入块之前，CoW将原始数据移动到snapshot空间里，这样就保证了所有的数据在snapshot创建时保持一致。而对于snapshot的读操作，如果是读取数据块是没有修改过的，那么会将读操作直接重定向到原始卷上，如果是要读取已经修改过的块，那么就读取拷贝到snapshot中的块。

这样，通常的文件I/0流程有一个改变，那就是在文件系统和设备驱动之间增加了一个cow层，变成了下面这个样子：
file I/0 —> filesystem — >CoW –> block I /O

下面的图也许可以比较容易了解CoW的原理：

采取CoW实现方式时，snapshot的大小并不需要和原始卷一样大，其大小仅仅只需要考虑两个方面：从shapshot创建到释放这段时间内，估计块的改变量有多大;数据更新的频率。一旦 snapshot的空间记录满了原始卷块变换的信息，那么这个snapshot立刻被释放，从而无法使用，从而导致这个snapshot无效。所以，非常重要的一点，一定要在snapshot的生命周期里，做完你需要做得事情。当然，如果你的snapshot大小和原始卷一样大，甚至还要大，那它的寿命就是“与天齐寿”了。

snapshot其实除了备份以外，还有很多其他用途：

1）虚拟化

在使用 LVM2 时，快照可以不是只读的。这意味着，在创建快照之后， 可以像常规块设备一样挂载和读写快照。

因为流行的虚拟化系统（比如 Xen、VMWare、Qemu 和 KVM）可以将块设备用作 guest 映像，所以可以创建这些映像的完整拷贝，并根据需要使用它们，它们就像是内存占用量很低的虚拟机。这样做的好处是部署迅速（创建快照的时间常常不超过几秒）和节省空间（guest 共享原映像的大多数数据）。

设置的步骤如下：

1. 为原映像创建一个逻辑卷。
2. 使用这个 LV 作为磁盘映像安装 guest 虚拟机。
3. 暂停这个虚拟机。内存映像可以是一个常规文件，所有其他快照都放在里面。
4. 为原 LV 创建一个可读写的快照。
5. 使用快照卷作为磁盘映像生成一个新的虚拟机。如果需要的话，要修改网络/控制台设置。
6. 登录已经创建的虚拟机，修改网络设置/主机名。

完成这些步骤之后， 就可以让用户访问刚创建的虚拟机了。如果需要另一个虚拟机，那么只需重复步骤 4 到 6（所以不需要重新安装虚拟机）。还可以用一个脚本自动执行这些步骤。

在使用完虚拟机之后， 可以停止虚拟机并销毁快照。

2）数据回溯

在一个生产系统上要执行一些操作，需要慎之又慎，即便在模拟环境中做过很多次测试都没有问题，但是并不能保证在生产环境就一定成功，于是这个时候，我们把系统做一个snapshot，这样一旦新操作出现问题，立刻回溯到创建 snapshot的时间点，当然你也可以认为这是一个备份的扩展使用。

最后，我们举一些例子，加深对snapshot的理解。

a) 创建一个20M的snapshot，执行一些操作看看CoW的动作。

我们举一个例子来说明如何创建和使用snapshot。我们假定创建一个20M的snapshot，这就意味着在snapshot生命周期里，你仅能有20M的数据量改变。

下面的命令，为/dev/vg/lvdata创建/dev/vg/lvdata-sp

# lvcreate -L20M -s -n lvdata-sp /dev/vg/lvdata
Logical volume “lvdata-sp” created
其中lvdata大小为20MB。

# lvdisplay /dev/vg/lvdata-sp

— Logical volume —

LV Name /dev/vg/lvdata-sp
VG Name vg
LV UUID Yl0fQU-Ve9T-lfmp-xJPq-Uwrd-RVVM-lDDVz0
LV Write Access read/write
LV snapshot status active destination for /dev/vg/lvdata
LV Status available
# open 1
LV Size 200.00 MB
Current LE 50
COW-table size 20.00 MB
COW-table LE 5
Allocated to snapshot 0.27%
Snapshot chunk size 8.00 KB
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:0

上面的 Allocated to snapshot 0.27%是我们关心的，表示目前还有99.73%的空间没有使用。

我们尝试在lvdata创建一个10M的文件，再看看这个参数值。

# mount /dev/vg/lvdata /media/lvdata/
# dd if=/dev/hda of=/media/lvdata/10M bs=1M count=10

10+0 records in
10+0 records out
10485760 bytes (10 MB) copied, 0.272393 seconds, 38.5 MB/s

# lvdisplay /dev/vg/lvdata-sp

— Logical volume —

LV Name /dev/vg/lvdata-sp
VG Name vg
LV UUID Yl0fQU-Ve9T-lfmp-xJPq-Uwrd-RVVM-lDDVz0
LV Write Access read/write
LV snapshot status active destination for /dev/vg/lvdata
LV Status available
# open 0
LV Size 200.00 MB
Current LE 50
COW-table size 20.00 MB
COW-table LE 5
Allocated to snapshot 51.02%
Snapshot chunk size 8.00 KB
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:0

”Allocated to snapshot 51.02%“,符合我们的预期。此时snapshot还剩下大概10M不到的空间了，如果我么再在lvdata上创建一个12M的文件，会发生什么呢？

#dd if=/dev/hda of=/media/lvdata/12M bs=1M count=12

12+0 records in
12+0 records out
12582912 bytes (13 MB) copied, 0.288311 seconds, 43.6 MB/s
device-mapper: snapshots: Invalidating snapshot: Unable to allocate exception.

创建文件的过程中，一个报错出现了，snapshot已经无效。我们看看snapshot卷的详细信息。

# lvdisplay /dev/vg/lvdata-sp
/dev/vg/lvdata-sp: read failed after 0 of 4096 at 0: 输入/输出错误

— Logical volume —

LV Name /dev/vg/lvdata-sp
VG Name vg
LV UUID Yl0fQU-Ve9T-lfmp-xJPq-Uwrd-RVVM-lDDVz0
LV Write Access read/write
LV snapshot status INACTIVE destination for /dev/vg/lvdata
LV Status available
# open 0
LV Size 200.00 MB
Current LE 50
COW-table size 20.00 MB
COW-table LE 5
Snapshot chunk size 8.00 KB
Segments 1
Allocation inherit
Read ahead sectors 0

整个snapshot卷已经出现I/0错误了，而且snapshot的状态也是“INACTIVE”。

是否能挂载上来呢？

# mount /dev/vg/lvdata-sp /media/snapshot/
mount: you must specify the filesystem type

#dmesg

Buffer I/O error on device dm-0, logical block 0
Buffer I/O error on device dm-0, logical block 1
Buffer I/O error on device dm-0, logical block 2
Buffer I/O error on device dm-0, logical block 3
Buffer I/O error on device dm-0, logical block 4
Buffer I/O error on device dm-0, logical block 5
Buffer I/O error on device dm-0, logical block 6
Buffer I/O error on device dm-0, logical block 7
Buffer I/O error on device dm-0, logical block 8
Buffer I/O error on device dm-0, logical block 9
hfs: unable to find HFS+ superblock

从dmesg的错误信息来看，超级块的信息也丢失了

尝试激活一下lvdata-sp

# lvchange -ay /dev/vg/lvdata-sp

/dev/vg/lvdata-sp: read failed after 0 of 4096 at 0: 输入/输出错误

恩，这个snapshot已经被释放了，所以剩下要做得事情就是删除它。

# lvremove /dev/vg/lvdata-sp

/dev/vg/lvdata-sp: read failed after 0 of 4096 at 0: 输入/输出错误
Do you really want to remove active logical volume “lvdata-sp”? [y/n]: y
Logical volume “lvdata-sp” successfully removed

b）利用snapshot在线备份MySQL数据库（或者其他数据库）

流程是先做一个flush操作，并锁定表，然后创建snapshot，然后解锁，然后备份数据，最后释放snapshot。这样，MySQL几乎不会中断其运行。

FLUSH TABLES WITH READ LOCK;
! lvcreate –size 100m –snapshot –name snap /dev/VolGroup01/LogVol00
UNLOCK TABLES;

接着做一些备份的工作

mkdir /snap
mount /dev/VolGroup01/snap /snap
# This is where you back up whatever you need from /snap, e.g. rsync(1)
umount /snap
lvremove /dev/VolGroup01/snap
rmdir /snap

(转载自百度文库: http://wenku.baidu.com/view/8e7b4f215901020207409cbe.html )

需要加载的Apache模块:

auth_basic_module
authn_dbd_module
dbd_module

httpd.conf配置：

DBDriver mysql
DBDParams "dbname=xxx,user=xxx,pass=xxx"


  AuthName "Restricted Area"
  AuthType Basic
  AuthBasicProvider dbd

  require valid-user

  AuthDBDUserPWQuery \
    "SELECT encrypt(password) FROM users WHERE username = %s"

Password Formats说明:
http://httpd.apache.org/docs/2.2/en/misc/password_encryptions.html

研究了一下是MTU的问题，Linux有MPPE加密时MTU自动减4个字节及1396，Windows默认是1400

可以在linux下修改MTU为1400, 运行 ifconfig ppp0 mtu 1400

或者修改/etc/ppp/ip-up,在倒数第二行也就是exit 0前面加上/sbin/ifconfig $1 mtu 1400

也欢迎合租，联系请发邮件 admin@fallday.org

VPN PPTP Client设置
远程子网：PPTP Server设定的VPN网段
远程子网：255.255.255.0
MPPE加密填写：mppe required,no40,no56,stateless

在管理中命令界面设置启动脚本

sleep 120
OLDGW=$(nvram get wan_gateway)
VPNSRV=$(nvram get pptpd_client_srvip)
VPNSRVSUB=$(nvram get pptpd_client_srvsub)
PPTPDEV=$(route -n | grep ^${VPNSRVSUB%.[0-9]*} | awk '{print $NF}' | head -n 1)
VPNGW=$(ifconfig $PPTPDEV | grep -Eo "P-t-P:([0-9.]+)" | cut -d: -f2)
route add -host $VPNSRV gw $OLDGW
route del default gw $OLDGW
route add default gw $VPNGW

保存为启动脚本重启路由器。

如果要自己指定某些IP不走VPN网关，可以加上自己的路由规则。
route add -net xxx.xxx.0.0/16 gw $OLDGW

另推荐几篇文章：
1. DD-WRT搭配autoddvpn全自动FQ配置精简教程 （ http://duke8253.com/?p=124 ）
2. autoddvpn – DD-WRT自動翻牆解決方案 （ http://code.google.com/p/autoddvpn/ ）
3. chnroutes – Scripts to generate special routes for china ips （ http://code.google.com/p/chnroutes/ ）

A.1、安装DAG repository

Fedora可以直接yum install curlftpfs，CentOS不行，得用DAG repository，所以得先安装DAG repository。

rpm -Uhv http://apt.sw.be/RedHat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

A.2、安装 curlftpfs

yum install curlftpfs

B、挂载FTP服务器

B.1、用curlftpfs命令挂载

curlftpfs -o codepage=utf8 ftp://username:password@192.168.192.168 /ftp

codepage：      编码

username：      FTP用户名

password:       FTP密码
192.168.1.111:  FTP地址
/ftp:           准备挂载到的路径

B.2、卸载挂载

fusermount -u /ftp

或

umount /ftp

B.3、开放权限

这样其它用户也能读写了,uid和gid改成你自己的id

sudo curlftpfs –o rw,allow_other,uid=0,gid=0 ftp:// username: password @192.168.1.111 /ftp

B.4、开机自动挂载
echo “curlftpfs#username:password@192.168.1.111 /ftp fuse allow_other,uid=0,gid=0 0 0″ >> /etc/fstab

原文链接: http://www.linuxidc.com/Linux/2011-05/35917.htm