Experiment: Running IaaS Cloud Inside Container

manishfoodtechs

manish srivastava

Posted on July 9, 2020

Experiment: Running IaaS Cloud Inside Container

In this experiment, I am trying to build an IaaS inside container.Better to name -"container cloud".

If you don't know about different types of clouds, please visit my post :

Different types of Clouds:

SAAS: SOFTWARE AS A SERVICE
PAAS: PLATFORM AS A SERVICE
IAAS: INFRASTRUCTURE AS A SERVICE

Common Examples of SaaS, PaaS, & IaaS:

SaaS:Google Apps, Dropbox, Salesforce, Cisco WebEx, Concur, GoToMeeting
PaaS:AWS Elastic Beanstalk, Windows Azure, Heroku, Force.com, Google App Engine, Apache Stratos, OpenShift
IaaS:DigitalOcean, Linode, Rackspace, Amazon Web Services (AWS), Cisco Metapod, Microsoft Azure, Google Compute Engine (GCE)

There are different types of containers and their pros & cons. you can get some details here :

Alt Text

I am choosing LXC!!! why?

  • nearest like VM , its VE.
  • Allows iptables -easy like VM. For IaaS , I am choosing Opennebula. My these two articles can help you to understand more about opennebula:

(1)https://dev.to/manishfoodtechs/this-will-blow-your-mind-your-own-open-cloud-in-5-minutes-3k6k
(2)https://dev.to/manishfoodtechs/creating-your-cloud-infrastructure-like-google-cloud-and-digital-ocean-from-scratch-part-3-coding-stuff-20eo

STEP-1: Download and run lxd. New to containers? or LXD? learn here:

STEP-2: Download and run Opennebula.(https://github.com/OpenNebula/minione)
c1 is my container.
If you have kvm enabled host then try kvm / firegate else lxc minions script.

root@vmi307975:~#lxc launch ubuntu:18.04 c1 -c security.privileged=true -c security.nesting=true
root@vmi307975:~# lxc exec c1 bash
root@c1:~# wget 'https://github.com/OpenNebula/minione/releases/latest/download/minione'
root@c1:~# sudo bash minione --force

### Checks & detection
Checking cpu virtualization capabilities  SKIP QEMU will be used
Checking augeas is installed  SKIP will try to install
Checking free disk space  IGNORE
Checking apt-transport-https is installed  SKIP will try to install
Checking AppArmor  SKIP will try to modify
Checking for present ssh key  SKIP
Checking (iptables|netfilter)-persistent are installed  SKIP will try to install

### Main deployment steps:
Install OpenNebula frontend version 5.12
Configure bridge minionebr with IP 172.16.100.1/24
Enable NAT over eth0
Modify AppArmor
Install OpenNebula KVM node
Export appliance and update VM template
Install  augeas-tools apt-transport-https iptables-persistent netfilter-persistent

Do you agree? [yes/no]:
yes

### Installation
Updating APT cache  OK
Install  augeas-tools apt-transport-https iptables-persistent netfilter-persistent  OK
Creating bridge interface minionebr  OK
Bring bridge interfaces up  OK
Configuring NAT using iptables  OK
Saving iptables changes  OK
Installing DNSMasq  OK
Starting DNSMasq  OK
Configuring repositories  OK
Updating APT cache  OK
Installing OpenNebula packages  OK
Installing OpenNebula kvm node packages  OK
Updating AppArmor  OK
Disable default libvirtd networking  OK
Restart libvirtd  OK

### Configuration
Switching OneGate endpoint in oned.conf  OK
Switching OneGate endpoint in onegate-server.conf  OK
Switching keep_empty_bridge on in OpenNebulaNetwork.conf  OK
Switching scheduler interval in oned.conf  OK
Switching to QEMU emulation  OK
Setting initial password for current user and oneadmin  OK
Changing WebUI to listen on port 80  OK
Starting OpenNebula services  OK
Enabling OpenNebula services  OK
Add ssh key to oneadmin user  OK
Update ssh configs to allow VM addresses reusig  OK
Ensure own hostname is resolvable  OK
Checking OpenNebula is working  OK
Disabling ssh from virtual network  OK
Adding localhost ssh key to known_hosts  OK
Testing ssh connection to localhost  OK
Updating datastores template  OK
Creating KVM host  OK
Creating virtual network  OK
Exporting [CentOS 7] from Marketplace to local datastore  OK
Waiting until the image is ready  OK
Updating VM template  OK

### Report
OpenNebula 5.12 was installed
Sunstone [the webui] is running on:
  http://10.96.16.242/
Use following to login:
  user: oneadmin
  password: j27h253eBi
root@c1:~# sudo apt-get update && sudo apt-get upgrade -y
Hit:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://security.ubuntu.com/ubuntu bionic-security InRelease
Hit:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
Ign:5 https://downloads.opennebula.io/repo/5.12/Ubuntu/18.04 stable InRelease
Hit:6 https://downloads.opennebula.io/repo/5.12/Ubuntu/18.04 stable Release
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@c1:~# exit
exit
root@vmi307975:~# lxc config device add c1 myport80 proxy listen=tcp:0.0.0.0:6060 connect=tcp:10.96.16.242:80
Device myport80 added to c1
root@vmi307975:~#
Enter fullscreen mode Exit fullscreen mode

Networking:

  1. Use IP tables or inbuilt proxy of lxc.

  2. Visit:hostip:port

    Alt Text

IMP REQUEST:
You are most welcome to join my team

Alt Text

Click here for joining my team .

Also you are most welcome to join OPEN SOURCE INTELLIGENT SYSTEM (OSINT) if you can help in open source project regarding safeguarding humans from various diseases like CORONA outbreak
https://github.com/Manishfoodtechs/OSINTHRH/wiki

Contact email: Manishfoodtechs@gmail.com.

If you have any problem, our team is also engaged in professional consultancy and delivery.

Imagecredit: Pixabay, manishfoodtechs,giphy

💖 💪 🙅 🚩
manishfoodtechs
manish srivastava

Posted on July 9, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related