Eycalyptus – cloud introduction and auto-scaling tutorial

In this article, I will show how to do a very simple auto-scaling system on eucalyptus cloud using the wonderful eucalyptus fast start image. Afterwards you will appreciate how easy and configurable the Eucalyptus cloud is in regards to configuring customization scripts on systems that are booted dynamically inside auto-scaling triggers (like low CPU, RAM, etc… ).

A little history, last year (2014), HP has requisitioned a company called Eucalyptus, what I must admit surprised me after spending so much time with OpenStack. So I tried to get an idea why this move has happened and what are the main differences that immediately come to mind to compare these two.

So let me went with you on the first example exposure to Eucalyptus.

Contents

eucalyptus-logo… demo experience

Prerequisites:

  1. Physical system with Intel-V or AMD-x virtualization on CPU
  2. Virtual server running in hypervisor that supports nested virtualization (KVM or vmWare)

The target requirements

1)      Have a cloud system with capability to deploy a server quickly
2)      Test basic systems like load-balancing
3)      Check the network forwarding inside the cloud
4)      Demonstrate auto-scaling system of Eucalyptus on example server system

LAB IP setup

Dedicated vlan or switch with 192.168.128.0/24 with IPs as such:

192.168.125.1 – m0n0wall router
192.168.125.2 – My laptop system IP
192.168.125.3 – CentOS used for embedded eucalyptus deployment
192.168.125.10 – 55 : public IP range for instances
192.168.125.56 – 100 : private IP range for instances

My LAB basically is only running virtual using a wmWare workstation with two interfaces

vmnet0 (host-only network) – centOS6 with Eucalyptus

The virtual eucalyptus presentation server running CentOS and small virtual network on vmNet0 interface
The virtual eucalyptus presentation server running CentOS and small virtual network on vmNet0 interface

Step 1: installation package from eucalyptus

# mkdir ~root/eucalyptus
# cd ~root/eucalyptus
# bash <(curl -Ls eucalyptus.com/install)

First this is the install log, I do not want to go over the details as there are many interactive notes like this one that are simply too boring to note, but they show nicely.

NOTE: if you're running on a laptop, you might want to make sure that
you have turned off sleep/ACPI in your BIOS.  If the laptop goes to sleep,
virtual machines could terminate.

Continue? [Y/n]
Y

However there are more interesting parts to check:

[Precheck] OK, running a full update of the OS. This could take a bit; please wait.
To see the update in progress, run the following command in another terminal:

tail -f /var/log/euca-install-12.25.2014-18.10.45.log

What will be interesting for us during the wizard is setting the public and private IP ranges, in my lab I used these:

What's the first address of your available IP range?
192.168.125.10
What's the last address of your available IP range?
192.168.125.100
OK, IP range is good
  Public range will be:   192.168.125.10 - 192.168.125.55
  Private range will be   192.168.125.56 - 192.168.125.100

Then off-course on the question if we want the optional load balancers, the answer should always be YES as this is what we are interested in 🙂

Do you wish to install the optional load balancer and image
management services? This add 10-15 minutes to the installation.
Install additional services? [Y/n]

Step 2: Install complete

After the installation is complete, you will get something like this after an hour of looking at coffee:

   ) )     
    ( (    
  ........ 
  |      |]
  \      / 
   ------  


[Config] Enabling web console
EUARE_URL environment variable is deprecated; use AWS_IAM_URL instead
[Config] Adding ssh and http to default security group
GROUP   default
PERMISSION      default ALLOWS  tcp     22      22      FROM    CIDR    0.0.0.0/0
GROUP   default
PERMISSION      default ALLOWS  tcp     80      80      FROM    CIDR    0.0.0.0/0


[SUCCESS] Eucalyptus installation complete!
Time to install: 1:10:11
To log in to the Management Console, go to:
http://192.168.125.3:8888/

User Credentials:
  * Account: eucalyptus
  * Username: admin
  * Password: password

If you are new to Eucalyptus, we strongly recommend that you run
the Eucalyptus tutorial now:

  cd /root/cookbooks/eucalyptus/faststart/tutorials
  ./master-tutorial.sh

Thanks for installing Eucalyptus!

 

Step 3: Running the tutorials .. no, really, this thing has tutorials!

On this point I am fucking surprised that this thing is actually user friendly!

# cd /root/cookbooks/eucalyptus/faststart/tutorials
# ./master-tutorial.sh

Step3a: Listing tutorial

Gain login to eucalyptus

# source /root/eucarc

Then describe images:

# euca-describe-images
IMAGE   emi-2b9799cb    imaging-worker-v1/eucalyptus-imaging-worker-image.img.manifest.xml121804880595     available       private x86_64  machine                         instance-store     hvm
IMAGE   emi-dc054c35    loadbalancer-v1/eucalyptus-load-balancer-image.img.manifest.xml 121804880595       available       private x86_64  machine                         instance-store     hvm
IMAGE   emi-e70b2b70    default/default.img.manifest.xml        121804880595    available public   x86_64  machine                         instance-store  hvm

Now let’s import additional image of cloud Fedora from internet:

# curl http://mirror.fdcservers.net/fedora/updates/20/Images/x86_64/Fedora-x86_64-20-20140407-sda.raw.xz > fedora.raw.xz
# xz -d fedora.raw.xz

And install the image to the cloud with the following command. To install the image, we will run the following command:

# euca-install-image -n Fedora20 -b tutorial -i fedora.raw -r x86_64 --virtualization-type hvm

  -n Fedora20 specifies the name we're giving the image.
  -b tutorial specifies the bucket we're putting the image into.
  -i fedora.raw specifies the filename of the input image.
  -r x86_64 specifies the architecture of the image.
  --virtualization-type hvm means that we're using a native hvm image.

If I check now in the webGUI, there is a new image available called Fedora20.

WebGUI NOTE: Access to the webGUI is running on port 8888, so I will use my http://192.168.125.3:8888/ , the account is “eucalyptus“, username “admin” and password is “password“.

Eucalyptus WebGUI, new Fedora20 image loaded
Eucalyptus WebGUI, new Fedora20 image loaded

New, the tutorial will show you how to change this image from private to public (so that all cloud users can deploy it) and that can be achieved with this command:

# euca-modify-image-attribute -l -a all emi-0676ae2c

REMARK: There is a bug in the tutorial and the command there was missing the image ID.

You can see again the images also with the euca-describe-images command.

Now the last part is lauching an instance with the image, this can be simply done by this command:

# euca-run-instances -k my-first-keypair emi-0676ae2c

REMARK: By default there is already one instance running since installation that is eating 2GB of RAM. So your second instance may fail with euca-run-instances: error (InsufficientInstanceCapacity): Not enough resources, if this happens, go to the eucalyptus WebGUI and terminate the default instance:

Terminate default instance running since install!
Terminate default instance running since install!

If you are doing this via the tutorial, you will get a nice extra output like this:

# euca-run-instances -k my-first-keypair emi-0676ae2c

RESERVATION     r-77b206f8     121804880595   default 
INSTANCE       i-44cb070e     emi-0676ae2c   192.168.125.95 192.168.125.95 pending my-first-keypair   0               
m1.small       2014-12-25T22:08:22.122Z       default   monitoring-disabled     192.168.125.95 192.168.125.95                 
instance-store   hvm                     sg-dca36633                             x86_64

Capturing the instance ID
Capturing the public ip address
Waiting for your instance to start

1
2
3
4
5
6

Use this command to log into your new instance

# ssh -i ~/my-first-keypair.pem fedora@192.168.125.95

Step 3b: Missing more tutorials

The following tutorials are Available Now:
* Viewing available images, and understanding output
* Downloading and installing various cloud images
* Viewing running instances, and understanding output
* Launching an instance from an image

The following tutorials will be Coming Soon:
* Creating and mounting an EBS volume
* Creating a Boot-from-EBS image
* Using cloud-init to run commands automatically on a new instance
* Launching an instance and kicking off an automated application install
* Launching a hybrid install with AWS and Eucalyptus
* Adding a new Node Controller to increase cloud capacity
* ...and many more!

So what to do next ?

Step 4: With tutorials missing, let’s play independently

Now this is where fun starts, we have Eucalyptus, we have an image, but nothing much to do now as the tutorials are not yet really finished (December 2014/January 2015). So let’s try going independently and play around Eucalyptus. But I will not go into API or development of AWS in this tutorial, but I will go for the auto-scaling feature.

But first. lets mess around and get a feeling how to work with Eucalyptus a bit more, so lets list the basic commands for checking the eucalyptus without webGUI:

Prerequisite: Login to eucalyptus, which inside the faststart image you can do via provided source with this command:

source /root/aucarc

 euca-describe-images – shows all the system images loaded in the eucalyptus storage

# euca-describe-images
IMAGE   emi-0676ae2c    tutorial/fedora.raw.manifest.xml        121804880595    available       public  x86_64machine                          instance-store  hvm
IMAGE   emi-2b9799cb    imaging-worker-v1/eucalyptus-imaging-worker-image.img.manifest.xml      121804880595  available        private x86_64  machine                         instance-store  hvm
IMAGE   emi-dc054c35    loadbalancer-v1/eucalyptus-load-balancer-image.img.manifest.xml 121804880595    available      private x86_64  machine                         instance-store  hvm
IMAGE   emi-e70b2b70    default/default.img.manifest.xml        121804880595    available       public  x86_64machine                          instance-store  hvm

 euca-describe-keypairs – shows all the keypairs that eucalyptus has in storage (to use for the systems after launching the instance)

# euca-describe-keypairs
KEYPAIR my-first-keypair        54:f7:8e:6e:84:fb:bc:78:5e:38:42:f5:79:8e:9c:3a:93:75:23:70

euca-describe-groups – will show the FW rules for specific group, currently on the default one exists

# euca-describe-groups
GROUP   sg-dca36633     121804880595    default default group
PERMISSION      121804880595    default ALLOWS  tcp     22      22      FROM    CIDR    0.0.0.0/0       ingress
PERMISSION      121804880595    default ALLOWS  tcp     80      80      FROM    CIDR    0.0.0.0/0       ingress
PERMISSION      121804880595    default ALLOWS  icmp    -1      -1      FROM    CIDR    0.0.0.0/0       ingress

euca-describe-loadbalancing – will show the configured load-balancer groups

# euca-describe-loadbalancing
LOADBALANCING   API_192.168.125.3       API_192.168.125.3.loadbalancing 192.168.125.3                   ENABLED{}

euscale-describe-launch-configs – describes the configuration scripts for instances

# euscale-describe-launch-configs
LAUNCH-CONFIG   M1-SMALL-FEDORA emi-0676ae2c    m1.small

In addition please keep these commands in mind as these are the best commands to troubleshoot during this tutorial, but currently I give no example output because on this point in our tutorial there these are mostly empty.

euca-describe-instances

euca-describe-instance-status

euscale-describe-auto-scaling-groups

euwatch-describe-alarms

Step 5: Start preparations before auto-scaling (security groups)

Here we will create a security group called “Demo” that will allow basically the same things like the default group, but also 443 port. So in total icmp, TCP22, TCP80, TCP443.

# euca-create-group -d "Demo Security Group" DemoSG
GROUP   sg-49d47746     DemoSG  Demo Security Group
# euca-authorize -P icmp -t -1:-1 -s 0.0.0.0/0 DemoSG
GROUP   DemoSG
PERMISSION      DemoSG  ALLOWS  icmp    -1      -1      FROM    CIDR    0.0.0.0/0
# euca-authorize -P tcp -p 22 -s 0.0.0.0/0 DemoSG
GROUP   DemoSG
PERMISSION      DemoSG  ALLOWS  tcp     22      22      FROM    CIDR    0.0.0.0/0
# euca-authorize -P tcp -p 80 -s 0.0.0.0/0 DemoSG
GROUP   DemoSG
PERMISSION      DemoSG  ALLOWS  tcp     80      80      FROM    CIDR    0.0.0.0/0
# euca-authorize -P tcp -p 443 -s 0.0.0.0/0 DemoSG
GROUP   DemoSG
PERMISSION      DemoSG  ALLOWS  tcp     443     443     FROM    CIDR    0.0.0.0/0

if we now look again on all the security groups, we will see both the default and the new one (you can also double-check via webGUI)

# euca-describe-groups
GROUP   sg-49d47746     121804880595    DemoSG  Demo Security Group
PERMISSION      121804880595    DemoSG  ALLOWS  icmp    -1      -1      FROM    CIDR    0.0.0.0/0       ingress
PERMISSION      121804880595    DemoSG  ALLOWS  tcp     443     443     FROM    CIDR    0.0.0.0/0       ingress
PERMISSION      121804880595    DemoSG  ALLOWS  tcp     22      22      FROM    CIDR    0.0.0.0/0       ingress
PERMISSION      121804880595    DemoSG  ALLOWS  tcp     80      80      FROM    CIDR    0.0.0.0/0       ingress
GROUP   sg-dca36633     121804880595    default default group
PERMISSION      121804880595    default ALLOWS  tcp     22      22      FROM    CIDR    0.0.0.0/0       ingress
PERMISSION      121804880595    default ALLOWS  tcp     80      80      FROM    CIDR    0.0.0.0/0       ingress
PERMISSION      121804880595    default ALLOWS  icmp    -1      -1      FROM    CIDR    0.0.0.0/0       ingress

Step 6: Create a load-balancer

=====================================================================================
–OPTIONAL, BUT RECOMMENDED SECTION START–

Sometimes in the future, you will probably need to troubleshoot the load-balancer and for that you need access with SSH to the load-balancer instance. Now the problem is that by default Eucalyptus doesn’t give SSH keys to the load-balancer instances, so we need to do some steps to tell Eucalyptus to give these SSH keys where needed. So first generate a key with euca-create-keypair:

# euca-create-keypair euca-admin-lb > euca-admin-lb.priv
# chmod 0600 euca-admin-lb.priv

The the cloud property ‘loadbalancing.loadbalancer_vm_keyname’ governs the keypair assignments, so we modify it like this:

euca-modify-property -p loadbalancing.loadbalancer_vm_keyname=euca-admin-lb

— OPTIONAL, BUT RECOMMENDED SECTION END–
=====================================================================================

To create a load-balancer, we will use the eulb-create-lb command, the parameters are very simple at this point as we will only use the HTTP for load-balancing with default settings (more information about the settings can be found in the –help of the command, or on eucalyptus.com documentations)

# eulb-create-lb -z default -l "lb-port=80, protocol=HTTP, instance-port=80, instance-protocol=HTTP" DemoLB
DNS_NAME        DemoLB-121804880595.lb.localhost

You can also again check the load-balancer with eulb-describe-lbs

# eulb-describe-lbs
LOAD_BALANCER   DemoLB  DemoLB-121804880595.lb.localhost        2015-01-28T18:19:50.819Z

Every load-balancer needs a health-checking mechanism, this we can add using this command:

# eulb-configure-healthcheck --healthy-threshold 2 --unhealthy-threshold 2 --interval 15 --timeout 30 --target http:80/index.html DemoLB
HEALTH_CHECK    HTTP:80/index.html      15      30      2       2

The above command will create a load-balancer check that is checking an URL of /index.html every 15 seconds, failure of a test is after timeout of 30 seconds and two consecutive failures means server down and two consequent successful tests mean the server is back up.

Step 7: Server configuration scripts after booting (in auto-scaling)

If we want to do auto-scaling demo, the empty servers booting has to have some way to prepare the server after boot for real work. Because we are working here with HTTP servers, we need a small script, that will install apache2 server and configure a basic index.html webpage.

This is a script that we will use as part of a “launch-configuration” to do example configuration of a server instance after start:

#!/bin/bash
# 
# This small script will prepare a virtual image in eucalyptus to perform 
# as a small web server

# PART I.
# GET its own local identification

local_ipv4=$(curl -qs http://169.254.169.254/latest/meta-data/local-ipv4)
public_ipv4=$(curl -qs http://169.254.169.254/latest/meta-data/public-ipv4)
hostname=instance-${local_ipv4//./-}.networkgeekstuff.com
hostname $hostname

# PART II.
# Setup hosts
cat << EOF >> /etc/hosts
$local_ipv4   $hostname ${hostname%%.*}
EOF

# PART III.
# install apache
yum install -y httpd mod_ssl

# PART IV.
# configure apache to display a test page that will show our test message
cat << EOF >> /var/www/html/index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome networkgeekstuff.com eucalyptus demo system instance</title>
</head>
<body>
<h1>Welcome networkgeekstuff.com eucalyptus demo system instance</h1>

<p> You are visiting demo system configured by script from networkgeekstuff.com Eucalyptus tutorial </p>
<p> System ID is : $(hostname) </p>
</body>
</html>
EOF

# PART V.
# configure apache to start on boot
chkconfig httpd on
service httpd start

Tak this script and save it as a file /root/demo-lanuch-configuration-script.sh

Now lets take this script and make it part of a DemoLC launch configuration in eucalyptus with euscale-create-launch-config , we will use our Fedora20 image ID of emi-0676ae2c.

# euscale-create-launch-config DemoLC --image-id emi-0676ae2c --instance-type m1.small \
           --monitoring-enabled --key my-first-keypair --group=DemoSG \
           --user-data-file=/root/demo-lanuch-configuration-script.sh

Now have a look on the launch-configuration with euscale-describe-launch-configs, where our DemoLC is visible:

# euscale-describe-launch-configs
LAUNCH-CONFIG   DemoLC  emi-0676ae2c    m1.small
LAUNCH-CONFIG   lc-euca-internal-elb-121804880595-DemoLB-81abd4bf       emi-dc054c35    m1.small              loadbalancer-vm-121804880595-DemoLB
LAUNCH-CONFIG   M1-SMALL-FEDORA emi-0676ae2c    m1.small

Step 8: Creating the auto-scaling group

=====================================================================================
— OPTIONAL START: VERIFY YOU HAVE ENOUGH RESOURCES FOR MULTIPLE INSTANCES —

Before we go further I want to present to you something that was a problem for me when I was first attempting to create this auto-scaling system. My problem was that despite that I have enough RAM in my eucalyptus host (~8GB), I was not able to start more than 2 instances because of resource quotas and the auto-scaling was simply quietly failing in the background. Therefore you should first manually check if you can create at least 3 instances manually in the dashboard/webGUI (whe one running on 8888 port).

You can either start creating new instances via the webGUI interface and wait until you hit this error:

Eucalyptus resource limit error after unsuccessful instance launch.
Eucalyptus resource limit error after unsuccessful instance launch.

The problem that I had was that I had enough RAM, definitely enough to have several t1.small instances (256MB RAM each) running, but something was blocking me, what I found out was that each eucalyptus node (ergo server registered in the control system as place capable of hosting instances) has a quota limits that can be viewed with euca-describe-availability-zones verbose command. This is what I got when I had my problems:

# euca-describe-availability-zones verbose
AVAILABILITYZONE        default 192.168.125.3 arn:euca:eucalyptus:default:cluster:default-cc-1/
AVAILABILITYZONE        |- vm types     free / max   cpu   ram  disk
AVAILABILITYZONE        |- m1.small     0000 / 0001   1    256     5
AVAILABILITYZONE        |- t1.micro     0000 / 0001   1    256     5
AVAILABILITYZONE        |- m1.medium    0000 / 0001   1    512    10
AVAILABILITYZONE        |- c1.medium    0000 / 0000   2    512    10
AVAILABILITYZONE        |- m1.large     0000 / 0000   2    512    10
<<omitted>>

Notice the free and max columns, this is the maximum amount of instances your eucalyptus node will allow you to launch! And 1 instance maximum is definitely not enough for an auto-scaling tutorial we are running here. So here is how to extend this limit, but note that your are responsible for managing your own RAM limits when you do this.

EDIT file /etc/eucalyptus/aucalyptus.conf and look for a parameter “MAX_CORES=0“.  And increase the value, afterwards restart the eucalytus process with # service eucalyptus-cloud restart or  # service eucalyptus-nc restart reboot.

I for example changed MAX_CORES=4 and as such I get the following availabilities in the cloud:

# euca-describe-availability-zones verbose
AVAILABILITYZONE        default 192.168.125.3 arn:euca:eucalyptus:default:cluster:default-cc-1/
AVAILABILITYZONE        |- vm types     free / max   cpu   ram  disk
AVAILABILITYZONE        |- m1.small     0004 / 0004   1    256     5
AVAILABILITYZONE        |- t1.micro     0004 / 0004   1    256     5
AVAILABILITYZONE        |- m1.medium    0002 / 0002   1    512    10
AVAILABILITYZONE        |- c1.medium    0002 / 0002   2    512    10
AVAILABILITYZONE        |- m1.large     0002 / 0002   2    512    10
AVAILABILITYZONE        |- m1.xlarge    0002 / 0002   2   1024    10
AVAILABILITYZONE        |- c1.xlarge    0002 / 0002   2   2048    10
AVAILABILITYZONE        |- m2.xlarge    0002 / 0002   2   2048    10
AVAILABILITYZONE        |- m3.xlarge    0001 / 0001   4   2048    15
AVAILABILITYZONE        |- m2.2xlarge   0000 / 0000   2   4096    30

— OPTIONAL END: VERIFY YOU HAVE ENOUGH RESOURCES FOR MULTIPLE INSTANCES —
=====================================================================================

Now we are going to prepare a auto-scaling group that will be driving starting and shutdowns of server as needed, the command used is euscale-create-auto-scaling-group and we will reference both the load-balancer DemoLB and the launch-configuration DemoLC we created in previous steps.

# euscale-create-auto-scaling-group DemoASG --launch-configuration DemoLC \
             --availability-zones default --load-balancers DemoLB \
             --min-size 1 --max-size 3 --desired-capacity 1

You can again then verify the auto-scaling groups existence with euscale-describe-auto-scaling-groups command as below:

# euscale-describe-auto-scaling-groups
AUTO-SCALING-GROUP      DemoASG DemoLC  default DemoLB  1       3       1       Default
AUTO-SCALING-GROUP      asg-euca-internal-elb-121804880595-DemoLB       lc-euca-internal-elb-121804880595-DemoLB-81abd4bf      default         1       1       1       Default
INSTANCE        i-b764ff79      default InService       Healthy lc-euca-internal-elb-121804880595-DemoLB-81abd4bf

Step 9: Creating scaling-policy for both increase and decrease of instance counts

With the following command euscale-put-scaling-policy we will define a policy for changing scaling capacity based, as name suggest we will in the second step make this policy behavior based on CPU alarms.

# euscale-put-scaling-policy DemoHighCPUPolicy --auto-scaling-group DemoASG --adjustment=1 --type ChangeInCapacity
arn:aws:autoscaling::121804880595:scalingPolicy:4952e021-f20d-4180-a971-8de31dcbe610:autoScalingGroupName/DemoASG:policyName/DemoHighCPUPolicy

Now the second part is to create and alarm and monitor the CPU usage, for that we will use the euwatch-put-metric-alarm command, and at the end in the –alarm-action we will use the auto-scale policy ID from the previous command.

# euwatch-put-metric-alarm DemoAddNodesAlarm --metric-name CPUutilization \
--unit Percent --namespace "AWS/EC2" --statistic Average --period 120 --threshold 50 \
--comparison-operator GreaterThanOrEqualToThreshold --dimensions "AutoScalingGroupName=DemoASG" --evaluation-periods 2 \
--alarm-action arn:aws:autoscaling::121804880595:scalingPolicy:4952e021-f20d-4180-a971-8de31dcbe610:autoScalingGroupName/DemoASG:policyName/DemoHighCPUPolicy

NOW WE REPEAT THESE STEP WITH DIFFERENT PARAMETERS TO CREATE SCALE-DOWN POLICY

The differences are:
DemoDelNodesAlarm (changed name)
— adjustment = -1 (to have a decrease in number of instances)
— threshold 10   (to check when CPU utilization on instance is below 10%)
–comparison-operator LessThanOrEqualToThreshold (to check below the 10% CPU threshold)

# euscale-put-scaling-policy DemoLowCPUPolicy --auto-scaling-group DemoASG --adjustment=-1 --type ChangeInCapacity
arn:aws:autoscaling::121804880595:scalingPolicy:784c3b5a-17ef-4cbe-9743-4d55623c8faa:autoScalingGroupName/DemoASG:policyName/DemoLowCPUPolicy
# euwatch-put-metric-alarm DemoDelNodesAlarm --metric-name CPUutilization \
--unit Percent --namespace "AWS/EC2" --statistic Average --period 120 --threshold 10 \
--comparison-operator LessThanOrEqualToThreshold --dimensions "AutoScalingGroupName=DemoASG" --evaluation-periods 2 \
--alarm-action arn:aws:autoscaling::121804880595:scalingPolicy:784c3b5a-17ef-4cbe-9743-4d55623c8faa:autoScalingGroupName/DemoASG:policyName/DemoLowCPUPolicy

Step 10: Creating a termination policy

One thing that we omitted in the previous scale-down policy is to say which instance should be terminated from the group of instances running. At this moment we will simply choose one of the pre-set options that is called OldestLaunchConfiguration. This method will during scale-down policy shutdown that instance, that has the oldest version of configuration script from Step 7 (ergo it is expected that you will update these scripts over time).

# euscale-update-auto-scaling-group DemoASG --termination-policies "OldestLaunchConfiguration"

REMARK: This method actually has one additional use-case, imagine that you are doing an application update (for example new version of webpage rolled out to the instances), for something like this you can modify the server configuration script from Step 7 and then just increasing the load will launch a new auto-scaled instance with new webpage and after a while, when the system will be scaling-done the instance cluster, it will shutdown specifically those servers that are running with the oldest version of the server configuration script. This way you can technically do a rolling updates across all your instances as a “trick”.

Step 11: Verification that auto-scaling is running the first instance

Ok, so everything is actually configured, now the auto-scaling group should have already created the initial instance. On this point I will show the webGUI view on the running instances, but I really recommend you to re-run all the commands from Step 4 to give yourself the full view on how the auto-scaling and instance status looks like from the console commands perspective.

If you go to webGUI, then immediatelly enter the “SCALING-GROUPS” view and you will see two groups exist, one is internal system for load-balancer resouces, which is a result of your DemoLB, but you do not have to care about this, the second however is your DemoASG and you should see the number of instances on 1! This is the view:

DemoASG showing the initial instance running!
DemoASG showing the initial instance running!

Next we will check the details, select the gear icon and select View details

1_auto_scaling

In this view, select “Instances” tab and you should see your auto-scaled instance ID i-db9ead12:

Detail of the initial instance ID
Detail of the initial instance ID

Now that we have our ID, lets go check the instance details in the main view “Instances” view (go back to dashboard and select Running instances there):

Finding our auto-scaled instance via ID in the running instance list (note the IP address)
Finding our auto-scaled instance via ID in the running instance list (note the IP address)

Ok, now we have an IP address, lets go connect to it! If you followed my steps from the beginning, you should have the my-first-keypair.pem file in the /root directory. So you can use it to connect to the fedora image like this:

# ssh -i ./my-first-keypair.pem fedora@192.168.125.53
Last login: Wed Jan 28 22:14:20 2015 from 192.168.125.53
[fedora@instance-192-168-125-74 ~]$

Immediatelly please notice that the hostname of the target system is “instance-192-168-125-74” what means that our configuration script has worked!!! Maybe it will take some time to finish the whole configuration (like apache2 installation), but lets check if the HTTP service is running already with the netstat command.

[fedora@instance-192-168-125-74 ~]$ sudo netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN
tcp6       0      0 [::]:http               [::]:*                  LISTEN
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
tcp6       0      0 [::]:https              [::]:*                  LISTEN

As you can see, HTTP is running, so lets point our browser to it (using either the internal 192.168.125.53 OR the external 192.168.125.74 IP) and check what we will find:

Access to instance working, including configuration script that configured a webpage!
Access to instance working via 192.168.125.53 (internal IP), including configuration script that configured a webpage!
Access to instance working via 192.168.125.74 (external IP), including configuration script that configured a webpage!
Access to instance working via 192.168.125.74 (external IP), including configuration script that configured a webpage!

Now also you should check the access via the load-balancer, if everything works, you should also via the load-balancer, first check the IP of the load-balancer via the webGUI, go to Running instances again and select details of the load-balancer instance running.

Load-Balancer instance public 192.168.125.17 and private 192.168.125.71 IPs
Load-Balancer instance public 192.168.125.17 and private 192.168.125.71 IPs

So to test access, point your browser also to the public IP of the load-balancer that is the 192.168.125.71 and you should see access to one of the running instances, in this case only the one 192.168.125.74:

Access to instance 192.168.125.74 web service VIA load-balancer with public IP 192.168.125.71
Access to instance 192.168.125.74 web service VIA load-balancer with public IP 192.168.125.71

BONUS Step if not working: Troubleshooting load-balancer if needed.

When I have tried accessing the test webpage via Load-Balancer for the first time, it was not working, after double-checking everything I concluded that something must be wrong with the Eucalyptus Load-Balancers used in the auto-scaling. But how to troubleshoot this ? Well the point is that from the eucalyptus system, you can only check how the load-balancer considers the server HTTP system alive or not with the eulb-describe-instance-health command. This was specifically my problem, the server (despite running HTTP and test page) was considered “OutOfService”.

# eulb-describe-instance-health DemoLB
INSTANCE        i-7ddcfe12      OutOfService

Ok, so we need to check the load-balancer operation, and for that we need to enter it. First list out the instances and look for the load-balancer, in the webGUI you can find the loadbalancer in the running instances, and select detailed view:

load-balancer instance SSH access details
load-balancer instance SSH access details

Notice the Instance ID of i-b5d6412a in the GUI, we can find this also in the console instances view:

# euca-describe-instances
RESERVATION     r-4d06d56c      121804880595    euca-internal-121804880595-DemoLB
INSTANCE        i-b5d6412a      emi-dc054c35    192.168.125.92  192.168.125.92  running     euca-admin-lb         m1.small        2015-01-29T08:02:55.934Z        default                         monitoring-enabled      192.168.125.92       192.168.125.92                  instance-store                                  hvm             cde4677e-a6c6-4eee-8f8f-a2a95e54a9ad_default_1  sg-0c984bf7                     arn:aws:iam::121804880595:instance-profile/internal/loadbalancer/loadbalancer-vm-121804880595-DemoLB x86_64
TAG     instance        i-d4cea9f5      Name    loadbalancer-resources
TAG     instance        i-d4cea9f5      aws:autoscaling:groupName       asg-euca-internal-elb-121804880595-DemoLB
TAG     instance        i-d4cea9f5      euca:node       192.168.125.3

Right behind the “running” word is the key pair that the load-balancer instance is using, which is of course the euca-admin-lb that the created Step 6 optional section. If you didn’t done this, you probably see “0” instead of key and this means that there is no SSH keypair deployed in the load-balancer and you cannot connect there now! However if you have done the optional part of Step 6, you can now connect to the loadbalancer with SSH like this:

# ssh -i euca-admin-lb.priv root@192.168.125.17

Once inside the load-balancer, the main cause for me was the NTP not synchronized.

Here are the LOGs : /var/log/load-balancer-servo/servo.log , my error that pointed me to NTP was:

servo [ERROR]:failed to report the cloudwatch metrics: [Errno -2] Name or service not known

Step 12: Verify the auto-scaling work with CPU stress tests

Now we have the auto-scaling configured, we have policy to increase and to decrease the number of instances based on CPU load, so lets test it. Right now our group has a minimum running instances of 1, lets try to push it to 2 with loading the CPU a little bit up.

To have a tool to push CPU usage up, install “stress” to the

# yum install -y stress

Now, have a look on the auto-scaling group in the webGUI, there is a default cooldown period in seconds between scaling events, therefore we must product a CPU usage above 50% cpu for more than 300 seconds in order to have a trigger.  And for that we use the stress tool like this (running from inside the instance):

# stress -c 4 -t 600

This will generate a CPU load inside the instance that should trigger a scaling event.

top - 18:19:08 up 53 min,  2 users,  load average: 101.24, 85.11, 45.10
Tasks: 174 total, 102 running,  72 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,  0.0 id,  0.0 wa, 98.0 hi,  0.0 si, 95.0 st
KiB Mem:    245364 total,   240940 used,     4424 free,     7808 buffers
KiB Swap:        0 total,        0 used,        0 free,   124428 cached

  PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND                             
  866 root      20   0    7268     92      0 R  23.6  0.0   0:00.75 stress                              
  867 root      20   0    7268     92      0 R  23.6  0.0   0:00.75 stress                              
  868 root      20   0    7268     92      0 R  23.6  0.0   0:00.75 stress                              
  869 root      20   0    7268     92      0 R  23.6  0.0   0:00.75 stress

Alternative, if stress is not generating enough CPU load is to use superPi or for 64bit only linux then this version of y-cruncher pi

Watching the triggers and alarms status:

# euwatch-describe-alarms
DemoAddNodesAlarm       OK       arn:aws:autoscaling::121804880595:scalingPolicy:087c4635-6bed-4578-af94-1a167479a4ae:autoScalingGroupName/DemoASG:policyName/DemoHighCPUPolicy      AWS/EC2 CPUutilization  120     Average 2       GreaterThanOrEqualToThreshold   20.0
DemoDelNodesAlarm       OK       arn:aws:autoscaling::121804880595:scalingPolicy:fa7de436-5548-4791-9c18-6ef73fb4b375:autoScalingGroupName/DemoASG:policyName/DemoLowCPUPolicy       AWS/EC2 CPUutilization  120     Average 2       LessThanOrEqualToThreshold      10.0

Specifically if you want history of the data that the alarms use as “input” you can go directly for the metric for CPUutilization like this

# euwatch-get-stats -n AWS/EC2 -s Average --period 120 --dimensions "AutoScalingGroupName=DemoASG" CPUUtilization 
2015-01-31 16:50:00             0.7666666666666666                              Percent
2015-01-31 16:52:00             0.7350993377483444                              Percent
2015-01-31 16:54:00             0.7248322147651006                              Percent
2015-01-31 16:58:00             2.2333333333333334                              Percent
2015-01-31 17:00:00             6.119205298013245                               Percent
2015-01-31 17:04:00             21.381270903010034                              Percent
2015-01-31 17:08:00             0.8400000000000001                              Percent
2015-01-31 17:10:00             4.523178807947019                               Percent
2015-01-31 17:12:00             43.50666666666667                               Percent
2015-01-31 17:14:00             41.463087248322154                              Percent
2015-01-31 17:18:00             33.01324503311258                               Percent
2015-01-31 17:20:00             36.28                           Percent
2015-01-31 17:22:00             4.3892617449664435                              Percent
2015-01-31 17:24:00             8.920529801324504                               Percent
2015-01-31 17:28:00             11.355704697986576                              Percent
2015-01-31 17:30:00             3.4172185430463577                              Percent
2015-01-31 17:32:00             3.0134228187919465                              Percent
2015-01-31 17:34:00             33.81456953642384                               Percent
2015-01-31 17:38:00             8.080536912751677                               Percent
2015-01-31 17:40:00             23.2317880794702                                Percent

Worst case scenario if you have problem triggering the alarms, you can do it manually like this by setting the alarm state to “ALARM”:

euwatch-set-alarm-state --state-value ALARM --state-reason Testing DemoAddNodesAlarm

If successful, you will see two INSTANCES,one old and one new that was launched under the auto-scaling group:

Auto scaling group triggered INSTANCE increase to 2
Auto scaling group triggered INSTANCE increase to 2
The details of the two instances now running
The details of the two instances now running

In summary

Now after all is finished, and the auto-scaling is working, you technically have something like shown in the diagram below. To test/verify, I encourage you to use all of the commands that I presented during the tutorial, the euca*, eulb*, euwatch* to verify the functionality. I understand that there are probably many other questions here, specifically about the load-balancer internal functions, but this calls actually for actually start learning Eucalyptus for production deployment and that is right now beyond the target of this quick introduction article. But feel free to check the external links below for more information on eucalyptus (especially the administrator guide).

The final auto-scaling architecture at the end of this tutorial
The final auto-scaling architecture at the end of this tutorial

External resources:

Eucalyptus Documentation – https://www.eucalyptus.com/docs/eucalyptus/4.1.0/index.html

Eucalyptus Administrator Guide – https://www.eucalyptus.com/docs/eucalyptus/4.1.0/admin-guide/index.html

To meet other people and get community support, go for IRC to #freenode.com and go for #eucalyptus channel

---
Peter Havrila , published on

2 comments ...

  1. when i am install backport 3.12.1 every thing goes right but when i type make it’s always shows me /————–
    | Your kernel headers are incomplete/not installed.
    | Please install kernel headers, including a .config
    | file or use the KLIB/KLIB_BUILD make variables to
    | set the kernel to build against, e.g.
    | make KLIB=/lib/modules/3.1.7/
    | to compile/install for the installed kernel 3.1.7
    | (that isn’t currently running.)
    \–
    make[1]: *** [modules] Error 1
    make: *** [default] Error 2
    it is very minor error 🙂
    you have not installed kernel headers so i just type root@choco:/usr/src/backports-3.12-1# apt-get install -y linux-headers-$(uname -r)
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    E: Unable to locate package linux-headers-3.14-kali1-686-pae
    E: Couldn’t find any package by regex ‘linux-headers-3.14-kali1-686-pae’
    and shows me this msg show above and i hae checked my reposetory
    ## Regular repositories
    root@choco:/etc/apt# cat sources.list
    deb http://http.kali.org/ /kali main contrib non-free
    deb http://http.kali.org/ /wheezy main contrib non-free
    deb http://http.kali.org/kali kali-dev main contrib non-free
    deb http://http.kali.org/kali kali-dev main/debian-installer
    deb-src http://http.kali.org/kali kali-dev main contrib non-free
    deb http://http.kali.org/kali kali main contrib non-free
    deb http://http.kali.org/kali kali main/debian-installer
    deb-src http://http.kali.org/kali kali main contrib non-free
    deb http://security.kali.org/kali-security kali/updates main contrib non-free
    deb-sr
    actually am doing these thing because my wireless card stuck on fixed channel -1 that’s why i am trying to install backpoert

    my first step to install backpoert are
    cd /usr/src/
    sudo wget https://www.kernel.org/pub/linux/kernel/projects/backports/stable/v3.12/backports-3.12-1.tar.bz2
    tar xvf backports-3.12-1.tar.bz2
    cd backports-3.12-1
    sudo apt-get install patch
    sudo wget http://patches.aircrack-ng.org/mac80211.compat08082009.wl_frag+ack_v1.patch
    sudo patch -p1 < mac80211.compat08082009.wl_frag+ack_v1.patch
    sudo apt-get install libncurses5-dev
    make defconfig-ath9k \\ after entering this command shows me msg install kernel header
    please sir help me i have seen many of article but can't find the way
    i think you can help me

    1. I have a feeling you are simply missink the kernel-devel packages. But I see you are using Kali which is a distribution I am now familiar with in detail (other than the wifi hacking tutorials here). But since it is based on ububntu, maybe simply “apt-get install linux-headers” ?

Comments are closed.