source/installguide/locale/zh_CN/LC_MESSAGES/installation.mo (23 lines of code) (raw):
����������������T�������������������.�������L�������
��� �����������������������d�����������/�������L�������������������*���9���9���g���s���=�������!�������O���;���9�������3�������1�������C���+���G���o���q�����������)���l���F�����������g�����������*��� ���(�������2�������������������(�������%���
���V���3���"�������)���������������i���g������������������������ ��R���%!������x"��$����"�������"��1����"�������#��u����#��N���=$�������$�������$�������$��^����$������(%��e���=%��&����%��!����%��`����%��D���M'�������'������I(������g(������s(������|(�������(�������(��u���?)�������)�������+�������+��?���B,��(����,��#����,�������,������n-�������-��l����.��{����.��s���w/�������/�������0�������1�������1������B3��w����4��h����4��Y����4������C5������V5��l����5������S6�������7��`����7��o���88�������:��3����:��A����:��?���9;������y;��(����;�������;�������;��'����;��2����<��#���3<��Z���W<��/����<�������<�������<��!����=��S���-=��.����=�������=������6>�������>�������>��2����?��V���7?�������?��'����?��<����?�������@������.@��\����@��-����A������=A��G���?B��
����B�������B�������B�� ���_C��7����C�������C�������F��S���"G��E���vH��X����H�������I��H���%I������nI��*����I�������I������TJ��w����J������qK��R���XL�������L��|���KM�������M�������M�������M�������O��/����P������-Q��/���@Q��:���pQ�������Q�������Q�������Q��"����Q������!R��V����R��5���-S��8���cS��9����S��[����S������2T������NT��X���WT��R����T�������U��T����U��R����U��@���CV�������V��
����V�������V��4���VW��9����X�������X��U���TY��_����Z������
[�������[������-\��p���<]��6����^��D����^��c���)_��R����_��g����_��{���H`��O����`�������b��$����b�������c�������d��b����e��s���xe�������e��3����f��%����f��K����f������.g������Mg�������g�������g��-����h������:h������Gh��6���Th��-����h�������h�������h������em��Y����n��h���nn��U����n������-o�������o�������p�������p�������q��L���cr��G����r�������r��p����s��t����t������}t��l����t�������t��7����v��A����v������>w�������x��|����x������0y�������z��-����z��=����{������W{��
���n{�� ���y{��_����{��D����{������?|��T���[|��>����|��;����|��7���+}��D���c}��I����}��Q����}������D~��]����������A���^���T�������������������l���r�������߂�����������������(�������O���>�����������"�������p���ă��a���5���������������}���g���(�������������������������������ԇ��-��������������j�������Y���,��� �����������������������N���������������F�������'���U���!���}���M�������<����������*�������ˌ���������
������������������ ���{�������_�������������������������������5���'�������]�������s���������������������������Q���;���~�������v���������������o���������������K�����������g���_���#���T�������b���ؗ������;���l���N���W�����������������������N�����������h�����������#�������-�������-������
������� ���!�������B�������Z���'���m���-�����������Ý��R������*���5�������`�������y�����������<�������'���֞��q�����������p�����������%���%���%���K���V���q�������Ƞ������ޠ��3�����������.���~���A���V�������*�����������B���6�����������V���#���c�������������������,���/���o���\�������̦��)���P���:���z���O���������������E�����������^���$���z���������������2���Z���Ū������ ���H����������9���k���¬������.�������>���r���Q�������Į��.���ɯ����������*�������/���9�������i�������|���
�������������������Ű��F���_���6�������9���ݱ��9�������P���Q����������� �������U���²��V�����������o���F�������G���E���/�������������������մ������������b���-���x���������������;���9���B���x���|���Q�����������G���=�����������N���*���n���_�������;�������@���5���_���v���&���ּ����������������������j���p��� ���@���z���V���������������6�������%�������C�����������>�������Z�������������������'���
��� ���5��� ���?���0���I���'���z�����������
���������������B���N���a�������D�����������8�������������������������������J���G�������3���L�����������j�������r���v�����������l��������(CentOS and RHEL only; not required on Ubuntu)�(KVM only) Ensure that no volume is already mounted at your NFS mount point.�(Optional) For database\_key, substitute the default key that is used to encrypt confidential parameters in the CloudStack database. Default: password. It is highly recommended that you replace this with a more secure value. See :ref:`about-password-key-encryption`.�(Optional) For encryption\_type, use file or web to indicate the technique used to pass in the database encryption password. Default: file. See :ref:`about-password-key-encryption`.�(Optional) For management\_server\_ip, you may explicitly specify cluster management server node IP. If not specified, the local IP address will be used.�(Optional) For management\_server\_key, substitute the default key that is used to encrypt confidential parameters in the CloudStack properties file. Default: password. It is highly recommended that you replace this with a more secure value. See :ref:`about-password-key-encryption`.�(Optional) For management\_server\_key, substitute the default key that is used to encrypt confidential parameters in the CloudStack properties file. Default: password. It is highly recommended that you replace this with a more secure value. See About Password and Key Encryption.�(XenServer only) Download and install vhd-util.�250 GB of local disk (more results in better capability; 500 GB recommended)�36 GB of local disk�4 GB of memory�64-bit x86 CPU (more cores results in better performance)�A production installation typically uses a separate NFS server. See :ref:`using-a-separage-nfs-server`.�A single Management Server node, with MySQL on the same node.�About Password and Key Encryption�Add a zone. Includes the first pod, cluster, and host. See :ref:`adding-a-host`�Add more clusters (optional). See :ref:`adding-a-cluster`�Add more hosts (optional). See :ref:`adding-a-host`�Add more pods (optional). See :ref:`adding-a-pod`�Add more primary storage (optional). See :ref:`add-primary-storage`�Add more secondary storage (optional). See :ref:`add-secondary-storage`�Add the following lines at the beginning of the INPUT chain, where <NETWORK> is the network that you'll be using:�Additionally, the plain text user authenticator has been modified not to convert supplied passwords to their md5 sums before checking them with the database entries. It performs a simple string comparison between retrieved and supplied login passwords instead of comparing the retrieved md5 hash of the stored password against the supplied md5 hash of the password because clients no longer hash the password. The following method determines what encoding scheme is used to encode the password supplied during user creation or modification.�All hosts within a cluster must be homogeneous. The CPUs must be of the same type, count, and feature flags.�At least 1 NIC�Be sure NFS and rpcbind are running. The commands might be different depending on your OS. For example:�Be sure to configure a load balancer for the Management Servers. See `“Management Server Load Balancing” <http://docs.cloudstack.apache.org/en/latest/administration_guide.html?highlight=management%20server%20load#management-server-load-balancing>`_.�Be sure you fulfill the additional hypervisor requirements and installation steps provided in this Guide. Hypervisor hosts must be properly prepared to work with CloudStack. For example, the requirements for XenServer are listed under Citrix XenServer Installation.�Before setting up the Management Server, download vhd-util from `vhd-util <http://download.cloud.com.s3.amazonaws.com/tools/vhd-util>`_.�Best Practices�Change the following line�Changing the Default Password Encryption�Check for a fully qualified hostname.�Check whether SELinux is installed on your machine. If not, you can skip this section.�Choosing a Deployment Architecture�Choosing a Hypervisor: Supported Features�CloudStack can be blocked by security mechanisms, such as SELinux. Disable SELinux to ensure + that the Agent has all the required permissions.�CloudStack has been tested with MySQL 5.1 and 5.5. These versions are included in RHEL/CentOS and Ubuntu.�CloudStack is only distributed from source from the official mirrors. However, members of the CloudStack community may build convenience binaries so that users can install Apache CloudStack without needing to build from source.�CloudStack needs a place to keep primary and secondary storage (see Cloud Infrastructure Overview). Both of these can be NFS shares. This section tells how to set up the NFS shares before adding the storage to CloudStack.�CloudStack stores several sensitive passwords and secret keys that are used to provide security. These values are always automatically encrypted:�CloudStack uses the Java Simplified Encryption (JASYPT) library. The data values are encrypted and decrypted using a database secret key, which is stored in one of CloudStack’s internal properties files along with the database password. The other encrypted values listed above, such as SSH keys, are in the CloudStack internal database.�Compute node root password�Configure SELinux (RHEL and CentOS):�Configure package repository�Configure the OS and start the Management Server:�Configure the database client. Note the absence of the --deploy-as argument in this case. (For more details about the arguments to this command, see :ref:`install-database-on-separate-node`.)�Congratulations! You have now installed CloudStack Management Server and the database it uses to persist system data.�Copy vhd-util to /usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver.�DEB package repository�Database password�Database secret key�Download vhd-util from `vhd-util <http://download.cloud.com.s3.amazonaws.com/tools/vhd-util>`_�Downloading vhd-util�Edit the /etc/sysconfig/iptables file and add the following line at the beginning of the INPUT chain.�Edit the /etc/sysconfig/iptables file.�Edit the /etc/sysconfig/nfs file.�Edit the MySQL configuration (/etc/my.cnf or /etc/mysql/my.cnf, depending on your OS) and insert the following lines in the [mysqld] section. You can put these lines below the datadir line. The max\_connections parameter should be set to 350 multiplied by the number of Management Servers you are deploying. This example assumes two Management Servers.�Ensure that necessary services are started and set to start on boot.�Even without adding any cloud infrastructure, you can run the UI to get a feel for what's offered and how you will interact with CloudStack on an ongoing basis. See Log In to the UI.�Export the /export directory.�For Hyper-V�For KVM:�For LXC:�For XenServer:�For anything more than a simple trial installation, you will need guidance for a variety of configuration choices. It is strongly recommended that you read the following:�For the sake of security, be sure the public Internet can not access port 8096 or port 8250 on the Management Server.�For those who have already gone through a design phase and planned a more sophisticated deployment, or those who are ready to start scaling up a trial installation. With the following procedures, you can start using the more powerful features of CloudStack, such as advanced VLAN networking, high availability, additional network elements such as load balancers and firewalls, and support for multiple hypervisors including Citrix XenServer, KVM, and VMware vSphere.�For vSphere:�For your second and subsequent Management Servers, you will install the Management Server software, connect it to the database, and set up the OS for the Management Server.�Fully qualified domain name as returned by the hostname command�Hardware virtualization support required�Host/Hypervisor System Requirements�Hosts have additional requirements depending on the hypervisor. See the requirements listed at the top of the Installation section for your chosen hypervisor:�If DHCP is used for hosts, ensure that no conflict occurs between DHCP server used for these hosts and the DHCP router created by CloudStack.�If NFS v4 communication is used between client and server, add your domain to /etc/idmapd.conf on both the hypervisor host and Management Server.�If a firewall is present on the system, open TCP port 3306 so external MySQL connections can be established.�If the Management Server is RHEL or CentOS, copy vhd-util to `/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver`�If the Management Server is Ubuntu, copy vhd-util to `/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver`�If you are planning to install the Management Server on multiple nodes for high availability, do not proceed to the additional nodes yet. That step will come later.�If you are running the KVM hypervisor on the same machine with the Management Server, edit /etc/sudoers and add the following line:�If you are using a separate NFS server, perform this step. If you are using the Management Server as the NFS server, you MUST NOT perform this step.�If you didn't follow the steps to build your own packages from source in the sections for `“Building RPMs from Source” <building_from_source.html#building-rpms-from-source>`_ or `“Building DEB packages” <building_from_source.html#building-deb-packages>`_ you may find pre-built DEB and RPM packages for your convenience linked from the `downloads <http://cloudstack.apache.org/downloads.html>`_ page.�If you set the CloudStack database encryption type to "web" when you set up the database, you must now add the parameter -s <management-server-secret-key>. See :ref:`about-password-key-encryption`.�If you're using an RPM-based system, you'll want to add the Yum repository so that you can install CloudStack with Yum.�If your secondary storage mount point is not named /mnt/secondary, substitute your own mount point name.�In RHEL or CentOS, SELinux is installed and enabled by default. You can verify this with:�In RHEL or CentOS:�In dbpassword, specify the password to be assigned to the "cloud" user. You can choose to provide no password although that is not recommended.�In dbpassword, specify the password to be assigned to the cloud user. You can choose to provide no password.�In deploy-as, specify the username and password of the user deploying the database. In the following command, it is assumed the root user is deploying the database and creating the "cloud" user.�In deploy-as, specify the username and password of the user deploying the database. In the following command, it is assumed the root user is deploying the database and creating the cloud user.�In either case, each machine must meet the system requirements described in System Requirements.�In the above default ordering, SHA256Salt is used first for ``UserPasswordEncoders``. If the module is found and encoding returns a valid value, the encoded password is stored in the user table's password column. If it fails for any reason, the MD5UserAuthenticator will be tried next, and the order continues. For ``UserAuthenticators``, SHA256Salt authentication is tried first. If it succeeds, the user is logged into the Management server. If it fails, md5 is tried next, and attempts continues until any of them succeeds and the user logs in . If none of them works, the user is returned an invalid credential message.�Insert the following line.�Insert the following lines in the [mysqld] section.�Install MySQL from the package repository from your distribution:�Install MySQL from the package repository of your distribution:�Install NTP.�Install and Configure the MySQL database�Install on CentOS/RHEL�Install on Ubuntu�Install the Database on a Separate Node�Install the Database on the Management Server Node�Install the First Management Server�Install the Management Server (choose single-node or multi-node). See :ref:`adding-a-zone`�Install the Management Server on the First Host�Install the database server�Installation�Installation Complete! Next Steps�It is recommended that you test to be sure the previous steps have been successful.�Latest hotfixes applied to hypervisor software�Log back in to the hypervisor host and try to mount the /export directories. For example, substitute your own management server name:�Log in to the UI. See `*User Interface* <http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/ui.html#log-in-to-the-ui>`_�Log in to the hypervisor host.�Log in to your OS as root.�Make sure that the machine can reach the Internet.�Make sure you have the required hardware ready. See :ref:`minimum-system-requirements`�Management Server Installation�Management Server Installation Overview�Management Server, Database, and Storage System Requirements�Minimum System Requirements�Mount the secondary storage on your Management Server. Replace the example NFS server name and NFS share paths below with your own.�Multiple Management Server nodes, with MySQL on a node separate from the Management Servers.�Must support HVM (Intel-VT or AMD-V enabled).�NFS is not the only option for primary or secondary storage. For example, you may use Ceph RBD, GlusterFS, iSCSI, and others. The choice of storage system will depend on the choice of hypervisor and whether you are dealing with primary or secondary storage.�NTP is required to synchronize the clocks of the servers in your cloud.�Network Setup�Now reload the iptables rules.�Now that the database is set up, you can finish configuring the OS for the Management Server. This command will set up iptables, sudoers, and start the Management Server.�Now update your local apt cache.�Now you should be able to install CloudStack using Yum.�Of course, the database secret key itself can not be stored in the open – it must be encrypted. How then does CloudStack read it? A second secret key must be provided from an external source during Management Server startup. This key can be provided in one of two ways: loaded from a file or provided by the CloudStack administrator. The CloudStack database has a configuration setting that lets it know which of these methods will be used. If the encryption type is set to "file," the key must be in a file in a known location. If the encryption type is set to "web," the administrator runs the utility com.cloud.utils.crypt.EncryptionSecretKeySender, which relays the key to the Management Server over a known port.�On RHEL and CentOS, MySQL does not set a root password by default. It is very strongly recommended that you set a root password as a security precaution.�On RHEL and CentOS, MySQL does not set a root password by default. It is very strongly recommended that you set a root password as a security precaution. Run the following command to secure your installation. You can answer "Y" to all questions except "Disallow root login remotely?". Remote root login is required to set up the databases.�On RHEL/CentOS systems, you'll need to install the nfs-utils package:�On RHEL/CentOS, MySQL doesn't automatically start after installation. Start it manually.�On RHEL/CentOS:�On Ubuntu, UFW is the default firewall. Open the port with this command:�On Ubuntu, restart MySQL.�On Ubuntu, use the following path instead:�On Ubuntu, you can also create /etc/mysql/conf.d/cloudstack.cnf file and add these directives there. Don't forget to add [mysqld] on the first line of the file.�On Ubuntu, you can also create a file `/etc/mysql/conf.d/cloudstack.cnf` and add these directives there. Don't forget to add [mysqld] on the first line of the file.�On the Management Server host, create two directories that you will use for primary and secondary storage. For example:�On the Management Server, run one or more of the following cloud-install-sys-tmplt commands to retrieve and decompress the system VM template. Run the command for each hypervisor type that you expect end users to run in this Zone.�On the management server, create a mount point for secondary storage. For example:�On the storage server, create an NFS share for secondary storage and, if you are using NFS for primary storage as well, create a second NFS share. For example:�Open the MySQL configuration file. The configuration file is ``/etc/my.cnf`` or ``/etc/mysql/my.cnf``, depending on your OS.�Operating system:�Overview of Installation Steps�Passwords are encoded when creating or updating users. CloudStack allows you to determine the default encoding and authentication mechanism for admin and user logins. Two new configurable lists have been introduced—userPasswordEncoders and userAuthenticators. userPasswordEncoders allows you to configure the order of preference for encoding passwords, whereas userAuthenticators allows you to configure the order in which authentication schemes are invoked to validate user passwords.�Perform the steps in `“Prepare the Operating System” <#prepare-the-operating-system>`_ and `“Building RPMs from Source” <building_from_source.html#building-rpms-from-source>`_ or `“Building DEB packages” <building_from_source.html#building-deb-packages>`_ as appropriate.�Preferred: CentOS/RHEL 6.3+ or Ubuntu 12.04(.1)�Prepare NFS Shares�Prepare and Start Additional Management Servers�Prepare and Start Additional Management Servers (optional)�Prepare the Operating System�Prepare the System VM Template�RPM package repository�Reboot the Management Server host.�Remove the character # from the beginning of the Domain line in idmapd.conf and replace the value in the file with your own domain. In the example below, the domain is company.com.�Repeat all of these steps on every host where the Management Server will be installed.�Repeat these steps for each secondary storage server.�Repeat these steps on each additional Management Server.�Return to the root shell on your first Management Server.�Run the following command to secure your installation. You can answer "Y" to all questions.�Run the following commands:�SSH keys�Secondary storage must be seeded with a template that is used for CloudStack system VMs.�Set SELinux to permissive starting immediately, without requiring a system reboot.�Set the SELINUX variable in ``/etc/selinux/config`` to "permissive". This ensures that the permissive setting will be maintained after a system reboot.�Set up the database. The following command creates the "cloud" user on the database.�Set up the database. The following command creates the cloud user on the database.�Start or restart MySQL to put the new configuration into effect.�Statically allocated IP address�Storage Setup�The CloudStack Management server can be installed using either RPM or DEB packages. These packages will depend on everything you need to run the Management server.�The CloudStack management server uses a MySQL database server to store its data. When you are installing the management server on a single node, you can install the MySQL server locally. For an installation that has multiple management server nodes, we assume the MySQL database also runs on a separate node.�The Management Server on this node should now be running.�The OS must be prepared to host the Management Server using the following steps. These steps must be performed on each Management Server node.�The encryption type, database secret key, and Management Server secret key are set during CloudStack installation. They are all parameters to the CloudStack database setup script (cloudstack-setup-databases). The default values are file, password, and password. It is, of course, highly recommended that you change these to more secure keys.�The exact commands for the following steps may vary depending on your operating system version.�The first step in installation, whether you are installing the Management Server on one host or many, is to install the software on a single node.�The host is where the cloud services run in the form of guest virtual machines. Each host is one machine that meets the following requirements:�The machines that will run the Management Server and MySQL database must meet the following requirements. The same machines can also be used to provide primary and secondary storage, such as via localdisk or NFS. The Management Server may be placed on a virtual machine.�The management server doesn't require a specific distribution for the MySQL node. You can use a distribution or Operating System of your choice. Using the same distribution as the management server is recommended, but not required. See `“Management Server, Database, and Storage System Requirements” <#management-server-database-and-storage-system-requirements>`_.�The procedure for installing the Management Server is:�The requirements for primary and secondary storage are described in:�There is a RPM package repository for CloudStack so you can easily install on RHEL based platforms.�These repositories contain both the Management Server and KVM Hypervisor packages.�This procedure is required only for installations where XenServer is installed on the hypervisor hosts.�This process will require approximately 5 GB of free space on the local file system and up to 30 minutes each time it runs.�This section describes how to install MySQL on the same machine with the Management Server. This technique is intended for a simple deployment that has a single Management Server node. If you have a multi-node Management Server deployment, you will typically use a separate node for MySQL. See :ref:`install-database-on-separate-node`.�This section describes installing the Management Server. There are two slightly different installation flows, depending on how many Management Server nodes will be in your cloud:�This section tells how to set up NFS shares for primary and secondary storage on the same node with the Management Server. This is more typical of a trial installation, but is technically possible in a larger deployment. It is assumed that you will have less than 16TB of storage on the host.�This section tells how to set up NFS shares for secondary and (optionally) primary storage on an NFS server running on a separate node from the Management Server.�This should return a fully qualified hostname such as "management1.lab.example.org". If it does not, edit /etc/hosts so that it does.�This step is required only for installations where XenServer is installed on the hypervisor hosts.�To add the CloudStack repository, create ``/etc/yum.repos.d/cloudstack.repo`` and insert the following information.�To configure the new directories as NFS exports, edit /etc/exports. Export the NFS share(s) with rw,async,no\_root\_squash,no\_subtree\_check. For example:�Try using the cloud. See :ref:`initialize-and-test`�Turn on NTP for time synchronization.�Two NFS shares called /export/primary and /export/secondary are now set up.�Uncomment the following lines:�Use your preferred editor and open (or create) ``/etc/apt/sources.list.d/cloudstack.list``. Add the community provided repository to the file:�User API secret key�Using a Separate NFS Server�Using the Management Server as the NFS Server�VNC password�VPN password�We now have to add the public key to the trusted keys.�We start by installing the required packages:�What should you do next?�When a new user is created, the user password is encoded by using the first valid encoder loaded as per the sequence specified in the ``UserPasswordEncoders`` property in the ``ComponentContext.xml`` or ``nonossComponentContext.xml`` files. The order of authentication schemes is determined by the ``UserAuthenticators`` property in the same files. If Non-OSS components, such as VMware environments, are to be deployed, modify the ``UserPasswordEncoders`` and ``UserAuthenticators`` lists in the ``nonossComponentContext.xml`` file, for OSS environments, such as XenServer or KVM, modify the ``ComponentContext.xml`` file. It is recommended to make uniform changes across both the files. When a new authenticator or encoder is added, you can add them to this list. While doing so, ensure that the new authenticator or encoder is specified as a bean in both these files. The administrator can change the ordering of both these properties as preferred to change the order of schemes. Modify the following list properties available in ``client/tomcatconf/nonossComponentContext.xml.in`` or ``client/tomcatconf/componentContext.xml.in`` as applicable, to the desired order:�When copying and pasting a command, be sure the command has pasted as a single line before executing. Some document viewers may introduce unwanted line breaks in copied text.�When the script has finished, unmount secondary storage and remove the created directory.�When this script is finished, you should see a message like “Successfully initialized the database.”�When you deploy CloudStack, the hypervisor host must not have any VMs already running�When you're ready, add the cloud infrastructure and try running some virtual machines on it, so you can watch how CloudStack manages the infrastructure. See Provision Your Cloud Infrastructure.�Who Should Read This�You can add a DEB package repository to your apt sources with the following commands. Please note that only packages for Ubuntu 12.04 LTS (precise) are being built at this time.�You can also use the Management Server node as the NFS server. This is more typical of a trial installation, but is technically possible in a larger deployment. See :ref:`using-the-management-server-as-the-nfs-server`.�You can put these lines below the datadir line. The max\_connections parameter should be set to 350 multiplied by the number of Management Servers you are deploying. This example assumes one Management Server.�You should see the message “CloudStack Management Server setup is done.”�Your DEB package repository should now be configured and ready for use.�Yum repository information is found under ``/etc/yum.repos.d``. You'll see several ``.repo`` files in this directory, each one denoting a specific repository.�`“About Primary Storage” <http://docs.cloudstack.apache.org/en/latest/concepts.html#about-primary-storage>`_�`“About Secondary Storage” <http://docs.cloudstack.apache.org/en/latest/concepts.html#about-secondary-storage>`_�to this:�|installation-complete.png: Finished installs with single Management Server and multiple Management Servers|�Project-Id-Version: Apache CloudStack Installation RTD
Report-Msgid-Bugs-To:
POT-Creation-Date: 2014-06-30 11:42+0200
PO-Revision-Date: 2014-06-30 10:24+0000
Last-Translator: FULL NAME <EMAIL@ADDRESS>
Language-Team: Chinese (China) (http://www.transifex.com/projects/p/apache-cloudstack-installation-rtd/language/zh_CN/)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Language: zh_CN
Plural-Forms: nplurals=1; plural=0;
�(仅限CentOS 和 RHEL平台,对Ubuntu不作要求)�(仅KVM)确保没有任何卷被挂载到你的NFS挂载点上。�(可选)database_key,在CloudStack数据库中使用加密的机密参数替代默认密码。默认为:password。强烈推荐您使用更安全的值替代它。参阅: :ref:`about-password-key-encryption`.�(可选)encryption_type, 使用file或web来告知数据库通过哪种技术对密码进行加密. 默认是file. 参考 :ref:`about-password-key-encryption`.�(可选)management_server_ip, 你可以明确的指定群集管理服务器的IP。如果不指定,默认使用本机IP。�(可选)management_server_key,在CloudStack属性文件中使用加密的机密参数替代默认密码。默认为:password。强烈推荐您使用更安全的值替代它。参阅: :ref:`about-password-key-encryption`.�(可选)management_server_key,在CloudStack属性文件中使用加密的机密参数替代默认密码。默认为:password。强烈推荐您使用更安全的值替代它。参阅关于密码和密钥加密。�(仅限XenServer)下载并安装vhd-util.�250GB本地硬盘 (更大的容量性能更佳;推荐500GB)�36GB本地磁盘空间�4GB 内存�64位x86 CPU(多核性能更佳)�典型地安装使用一个独立的NFS 服务器。参阅 :ref:`using-a-separage-nfs-server`.�一个单独的管理服务器节点, MySQL也装在这个节点上.�关于密码和密钥加密�添加区域。包含第一个Pod,群集,和主机。参阅 :ref:`adding-a-host`�添加更多的群集(可选)。参阅 :ref:`adding-a-cluster`�添加更多的主机(可选)。参阅 :ref:`adding-a-host`�添加更多的Pod(可选)。参阅 :ref:`adding-a-pod`�添加更多的主存储(可选)。参阅 :ref:`add-primary-storage`�添加更多的辅助存储(可选)。参阅 :ref:`add-secondary-storage`�在INPUT链开始处添加如下行, <NETWORK>处为你正在使用的网络:�此外,纯文本的用户认证方已经修改为:在检查数据库记录之前,不对获取的密码进行md5值校验。仅对提供的登录密码执行检索。 由于客户端不再对密码进行散列(hash),所以不再对比存储的密码散列值和获取的密码的哈希值。下面的方法决定用于用户创建或修改过程中提供的密码进行编码时使用什么编码方案。�集群中的主机必须是相同架构。CPU的型号、数量和功能参数必须相同。�至少一块网卡�确定NFS和rpcbind正在运行。具体命令可能因您的操作系统而不同。例如:�确保为管理服务器配置负载均衡。参阅: `“管理服务器负载均衡" <http://docs.cloudstack.apache.org/en/latest/administration_guide.html?highlight=management%20server%20load#management-server-load-balancing>`_.�如果你按照本指南的步骤并确定你满足了所选用虚拟机软件的 要求。宿主机应该就可以在CloudStack中正常工作了。比如XenServer的要求列表在Citrix XenServer安装部分。�在设置管理服务器前,下载 `vhd-util<http://download.cloud.com.s3.amazonaws.com/tools/vhd-util>`_.�最佳实践�查找如下行�更改默认密码加密�检查FQN完全合格/限定主机名。�检查你的机器是否安装了SELinux。如果没有,请跳过此部分。�选择部署架构�选择Hypervisor:支持的功能�CloudStack的会被安全机制阻止,例如SELinux。确保关闭SELinux 和 Agent具有所必需的权限。�CloudStack已经在MySQL 5.1和5.5上被测试过。这些平台版本包含RHEL/CentOS和Ubuntu.�CloudStack是唯一一种源自官方镜像源文件的分布式平台。尽管如此,CloudStack社区的成语可以构建便捷的二进制代码,使用户能够在无需构建源代码的情况下安装Apache CloudStack。�CloudStack需要主存储和辅助存储空间(参阅 云基础设施概述)。两种存储都可以是NFS共享存储。这节描述如何在CloudStack中添加存储。�CloudStack存储一些敏感密码和密钥用于提供安全保证。这些值总是自动被加密。�CloudStack使用java简单的加密库(JASYPT)。数据值加密和解密通过使用一个存储在一个CloudStack带有数据库密码的内部属性文件中的密钥。上述列出的其他加密的值,例如SSH密钥,也在CloudStack内部数据库中。�计算节点root密码�配置SELinux(RHEL和CentOS):�配置包仓库�配置操作系统,并启动管理服务:�配置数据库客户端。注意不使用 --deploy-as 参数在这种情况下。 (关于该命令参数更详细的信息, 参阅 :ref:`install-database-on-separate-node`.)�恭喜!你现在已经安装好了CloudStack管理服务器和用于持久化系统数据的数据库。�复制vhd-util到/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver目录下。�DEB包库�数据库密码�数据库密钥�下载 `vhd-util <http://download.cloud.com.s3.amazonaws.com/tools/vhd-util>`_�下载vhd-util�编辑/etc/sysconfig/iptables文件并在INPUT链中添加下列行。�编辑 /etc/sysconfig/iptables文件。�编辑/etc/sysconfig/nfs文件。�编辑MySQL的配置文件 (根据你操作系统的不同, 文件为/etc/my.cnf 或者/etc/mysql/my.cnf) 并在 [mysqld] 章节插入下面几行. 你可以把这几行放在datadir行下. 参数max_connections应该设置为 350 乘以你部署管理服务器节点的个数. 这个示例假定你只部署了一台管理服务器.�确保必要的服务已经启动并设置为开机启动。�即使没有增加任何云的基础设施,你可以运行登陆界面感受其提供的内容并与CloudStack进行持续的交互。参见登陆用户界面�输出/export目录。�对于Hyper-V:�对于KVM:�对于LXC:�对于XenServer:�对于任何一个简单的实验设备,你将需要一系列的配置选择向导。强烈推荐您阅读以下内容:�出于安全的目的,确保公共网络无法访问管理服务器的8096或者8250端口。�如果您已经完成设计阶段,计划部署一个复杂的云,或是准备对用基础安装向导搭建的试验云进行扩展,请选择此项。在后续过程中,您可以使用CloudStack中更强大的功能,例如高级VLAN网络、高可用、负载均衡器和防火墙等额外网络设备,以及支持Citrix XenServer、KVM、VMware vSphere等多种虚拟化平台。�对于vSphere:�在你的次级以及以后的管理服务器上,你将安装管理服务器软件,连接到数据库,并启动管理服务器的操作系统。�使用hostname命令能返回的完全合格的域名�硬件虚拟化支持�主机/Hypervisor系统需求�根据所使用虚拟化软件的不同主机可能有另外的需求。详情请查看你所选用虚拟化软件安装部分的需求清单�如果主机使用DHCP,请确保这些主机使用的DHCP服务和CloudStack创建的虚拟路由器提供的DHCP服务不冲突。�如果客户端和服务器之间使用NFS v4进行通讯,在hypervisor主机和管理服务器上的/etc/idmapd.conf文件中添加你的域名。�如果系统中存在防火墙,打开TCP的3306端口用于建立MySQL连接。�如果管理服务器是RHEL或者是CentOS,复制 vhd-util到`/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver`�如果管理服务器是Ubuntu系统,复制vhd-util到`/usr/share/cloudstack-common/scripts/vm/hypervisor/xenserver`�如果你计划为了高可用在多个节点安装管理服务器,目前不要进行添加其他节点,这个会在后面的步骤中进行�如果你的KVM Hypervisor和管理服务器在同一台的机器上,编辑 /etc/sudoers并添加以下行:�如果你使用独立的NFS服务器,执行这一步骤。如果你使用管理服务器作为NFS服务器,你必须确保不执行这一步骤。�如果你不能按照步骤使用源码构建你自己的包 `“从源码编译RPM包” <building_from_source.html#building-rpms-from-source>`_ 或 `“编译DEB包” <building_from_source.html#building-deb-packages>`_ 你会发现预先构建的DEB和RPM包在 `下载 <http://cloudstack.apache.org/downloads.html>`_ 页面.�如果在设置数据库时,配置CloudStack数据库加密类型是"web",你现在必须添加参数-s <management-server-secret-key>。参阅 :ref:`about-password-key-encryption`。�如果你使用基于RPM的系统,你需要添加Yum库,以便可以用Yum安装CloudStack.�如果辅助存储挂点不是 /mnt/secondary,替换你自己的挂载点名称。�在RHEL或者CentOS中,SELinux是默认安装并启动的。你可以使用如下命令验证:�在RHEL/CentOS上:�dbpassword,为 "cloud"的用户设置的密码。你也可以选择不设置密码,尽管并不推荐。�dbpassword,为 "cloud"的用户设置的密码。你也可以选择不设置密码。�deploy-as, 指定安装数据库的用户名和密码. 在下面的命令中, root用户部署了数据库并创建了cloud用户.�deploy-as, 指定安装数据库的用户名和密码. 在下面的命令中, root用户部署了数据库并创建了cloud用户.�无论哪种方案, 所有系统的要求都要符合系统需求里的描述.�在上述排序中,SHA256Salt首次使用 ``UserPasswordEncoders``.如果这个模块已经找到并且编码后返回一个有效值,编码密码存储在用户表密码列中。如果因某些原因失败,接下来将尝试MD5UserAuthenticator,并按照规定继续。对于 ``UserAuthenticators``, SHA256Salt授权首先被使用。如果成功,用户将登陆进入管理服务器。如果失败,下一步将尝试md5,并继续尝试直到成功。如果他们没起作用,用户将返回一个无效的确认信息。�插入如下行。�在[mysqld]区域插入下列行。�使用你部署的软件仓库安装MySQL:.�使用你部署的软件仓库安装MySQL:.�安装NTP.�安装并配置MySQL数据库。�在CentOS/RHEL上安装�在Ubuntu上安装�在单独的节点上安装数据库。�在管理服务器节点上安装数据库。�安装第一台管理服务器�安装管理服务器 (选择单节点或多节点)。 参阅 :ref:`adding-a-zone`�在第一台主机上安装管理服务器�安装数据库服务器�安装�安装完成!下一步�强烈建议您测试以确保之前的步骤已经成功。�虚拟机软件需打好最新的补丁�重新登录到hypervisor主机并尝试挂载/export目录。例如,替代你自己的管理服务器名称:�登陆到用户界面。参阅 `*用户界面* <http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/ui.html#log-in-to-the-ui>`_�登陆hypervisor主机。�使用root用户登录操作系统。�确保机器可以连接到互联网.�确定您已经准备好了所需的硬件。参阅 :ref:`minimum-system-requirements`�管理服务器安装�管理服务器安装概述�管理服务器,数据库和存储系统需求。�最低系统需求�在你的管理服务器上挂载辅助存储。更换下面示例中的NFS服务器名称和NFS共享路径为你自己的。�多个管理服务器节点, MySQL装在与所有管理服务都不相同的节点上.�必须支持HVM(启用Intel-VT或AMD-V)。�NFS并不是主存储和二期存储的唯一选择。例如,您可以使用Ceph RBD、GlusterFS、iSCSI等其它存储。存储系统的选择依赖于虚拟化平台类型以及是用于主存储还是二级存储。�NTP服务用来在你的云中同步服务器时钟。�网络设置�现在重新加载iptables规则。�现在数据库已经设置好, 你可以完成管理服务器的设置. 这个命令将会设置iptables, sudoers并启动管理服务.�现在升级本地的apt缓存�现在你可以通过Yum安装CloudStack 。�当然,数据库密钥本身不是公开存储的-它必须被加密。那么,CloudStack如何阅读它呢?从外部源启动管理服务时必须提供第二个密钥。这个密钥可以提供两种方式中的一种:从文件加载或者由CloudStack的管理员提供。CloudStack数据库中都有一个配置设置使它知道这些方法将被调用。如果加密类型设置为 "file," 密钥 必须存在于文件的已知位置中。如果加密类型设置为 "web," 管理员运行 com.cloud.utils.crypt.EncryptionSecretKeySender工具,which relays the key to the Management Server over a known port.�在RHEL和CentOS上, MySQL默认并未设置root用户的密码. 强烈建议您设置超级用户密码作为安全预防措施。�在RHEL 和 CentOS上,MySQL默认并未设置root用户的密码。强烈建议您设置超级用户密码作为安全预防措施。运行以下命令进行安全配置。你可以对所有问题回答"Y", "Disallow root login remotely?"问题除外。设置数据库需要root远程登录。�在 RHEL/CentOS系统上,你需要安装 nfs-utils包:�在RHEL/CentOS上,MySQL在安装完后不会自动启动。手工启动它。�在RHEL/CentOS上:�在Ubuntu上,默认防火墙是UFW。用以下命令打开端口:�在Ubuntu上,重启MySQL.�在Ubuntu上,使用如下路径:�在Ubuntu上,你也可以创建 /etc/mysql/conf.d/cloudstack.cnf文件并在此添加如下目录。不要忘记在文件第一行加[mysqld]。�在Ubuntu上,你也可以创建 /etc/mysql/conf.d/cloudstack.cnf文件并在此添加如下目录。不要忘记在文件第一行加[mysqld]。�在管理服务器主机上,创建两个目录用作主存储和辅助存储。例如:�在管理服务器上,运行一个或多个cloud-install-sys-tmplt命令检索和解压系统虚拟机模版。运行这个命令在每个你希望最终用户在这个区域中运行的hypervisor类型。�在管理服务器上,创建一个辅助存储的挂载点。例如:�在存储服务器上,创建一个用于辅助存储的NFS共享,如果同时也用于主存储,则创建2个NFS共享,例如:�编辑MySQL的配置文件 。根据你操作系统的不同, 文件是/etc/my.cnf 或者/etc/mysql/my.cnf.�操作系统:�安装步骤概述�创建或更新用户密码会被加密。CloudStack允许你定义管理员和用户登录的默认密码和授权机制。这两种配置列表都已经介绍过了—userPasswordEncoders 和 userAuthenticators。userPasswordEncoders允许你配置优先顺序进行密码编码,而userAuthenticators允许你配置的调用身份验证方案来验证用户密码。�执行这些步骤 `“准备操作系统” <#prepare-the-operating-system>`_ 和 `“从源码编译RPM包” <building_from_source.html#building-rpms-from-source>`_ 或 `“编译DEB包” <building_from_source.html#building-deb-packages>`_ 视情况而定.�推荐:CentOS/RHEL 6.3+ 或 Ubuntu 12.04(.1)�准备NFS共享存储�准备和启动额外的管理服务器。�准备并启动额外的管理服务器(可选)�准备操作系统�准备系统虚拟机模板�RPM 包仓库�重启管理服务器主机。�从idmapd.conf文件中的Domain开始行移除字符#,并替代文件中的该值为你自己的域名。在下面的示例中,域名为company.com.�在每一个安装管理服务器的节点上重复所有这些步骤.�在每个辅助存储服务器上重述如下步骤。�在每个额外的管理服务器上重复这些步骤。�返回到第一个管理服务器root用户的shell中。�运行以下命令进行安全配置。你可以对所有的问题回答”Y"。�运行如下命令:�SSH密钥�辅助存储必须应用一个使用于生成CloudStack中虚拟机系统的模板。�执行该命令无需系统重启就会将SELinux的运行模式设置为permissive。�在 ``/etc/selinux/config`` 中设置SELINUX变量值为 "permissive"。这样能确保对SELinux的设置在系统重启之后依然生效。�设置数据库. 下列的命令会在数据库中创建"cloud"用户.�设置数据库。按照如下命令在数据库中创建cloud用户。�启动或者重启MySQL使新的配置生效。�静态分配的IP地址�存储设置�CloudStack管理服务器可以用RMP或者DEB包来安装,这些包会依赖运行管理服务器的所有需要的东西。�CloudStack管理服务器使用一个MySQL数据库服务来存储自身数据。当你在一个独立的节点上安装管理服务器,你可以在本地安装MySQL服务器。对于在多重节点上安装,我们假设MySQL也运行在一个已经分隔开的节点上。�管理服务应该运行在这个节点上。�要在主机上安装管理服务器,需要按下列步骤准备操作系统. 这些步骤必须在每个要安装的管理服务器节点上执行.�加密类型,数据库密钥和管理服务器密钥在CloudStack初始化的过程中设置。它们全部是CloudStack数据库设置脚本的参数(cloud-setup-databases).默认值是file,password和password。当然,强烈建议你修改这些密钥。�以下步骤的命令取决于你的操作系统版本。�安装的第一步,不论你在一台或多台主机上安装管理服务器,在单个节点上安装这些软件。�主机是以虚拟机形式运行云服务。每台主机需满足如下要求:�运行管理服务器和mysql数据库的机器必须满足以下要求。主存储和辅助存储可以通过本地存储或NFS配置在一台机器上。管理服务器可以安装在虚拟机中。�管理服务器不要求为MySQL节点指定特定的分支。你可以选择使用任何一个操作系统的分支。建议与管理服务器使用相同的分支,但不做强制要求。参阅 `“管理服务器, 数据库和存储系统要求” <#management-server-database-and-storage-system-requirements>`_.�安装管理服务器的步骤:�主存储和辅助存储的需求描述:�这里有一个CloudStack的RPM包库,所以你可以轻易地安装在RHEL基础平台上。�该仓库同时包含管理服务器和KVM Hypervisor的包�这个步骤仅适用于安装了XenServer的hypervisor主机。�这个过程每次运行30分钟,运行时要求本地文件系统剩余大约5GB的空间。�本节将会介绍如何将MySQL与管理服务器安装在同一台机器上. 这种方法是针对只有一个管理服务器的部署. 如果你部署了多台管理服务器节点, 你最好使用单独的一个节点来部署MySQL数据库. 参阅 :ref:`install-database-on-separate-node`.�本节介绍管理服务器的安装. 根据你云环境中管理服务器节点个数的不同, 安装步骤有两处稍有不同.�本节讲述如何在管理服务器节点上设置主存储和辅助存储的NFS共享目录。这是典型的安装部署,但是部署更大的环境在技术上可行的。假设你的主机上拥有少于16TB的存储空间。�这一节描述如何在存储系统中为辅助存储和主存储(可选)设置NFS共享,它运行在一个与管理控制服务器不同的独立节点。�该命令会返回完整主机名,例如"management1.lab.example.org"。如果没有,请编辑 /etc/hosts。�这个步骤仅适用于安装了XenServer的hypervisor主机。�添加CloudStack库,创建 ``/etc/yum.repos.d/cloudstack.repo``并插入以下信息�配置新的目录作为NFS输出,编辑/etc/exports。使用 rw,async,no_root_squash,no_subtree_check 输出NFS共享目录。例如:�尝试使用云。参阅: :ref:`initialize-and-test`�启用NTP服务以确保时间同步.�两个NFS共享 /export/primary和 /export/secondary已经建立。�取消如下行的注释:�用你准备好的编辑器打开(或创建) ``/etc/apt/sources.list.d/cloudstack.list``.将社区提供的仓库添加到该文件:�用户API密钥�使用独立的NFS服务器�使用管理服务器作为NFS服务器�VNC密码�VPN密码�我们现在必须添加公钥并信任密钥。�我们开始安装需要的软件包:�下面你将做什么?�在创建新用户时,用户密码是按照``ComponentContext.xml`` 或 ``nonossComponentContext.xml`` 文件中 ``UserPasswordEncoders`` 属性中指定的顺序对有效的编码器进行编码。该文件中的 ``UserAuthenticators`` 属性也指定了认证方案的顺序。如果使用了Non-OSS(非开源软件)组件,例如要部署VMware环境,修改 ``nonossComponentContext.xml`` 文件中的 ``UserPasswordEncoders`` 和 ``UserAuthenticators`` 列表。针对OSS(开源软件),例如XenServer和KVM,则修改 ``ComponentContext.xml`` 文件。建议对这两个文件做统一的修改。当添加新的认证器和解释器时,你可以添加至该列表。做的过程中,确保已经在这些文件中指定认证器和解释器。管理员可以更改这两个属性的排序和计划作为首选的排列顺序。如果适用的话,在 ``client/tomcatconf/nonossComponentContext.xml.in`` 或 ``client/tomcatconf/componentContext.xml.in`` 文件中修改下面的列表中可用的属性的顺序:�当复制和粘贴命令时,请确保没有多余的换行符,因为一些文档查看器可能会在复制时加上换行符。�当脚本完成后,卸载辅助存储并移除创建的目录。�当脚本完成后,你将会看到类似这样的信息:"Successfully initialized the database"�在部署CloudStack时,Hypervisor主机不能运行任何虚拟机�当你已经准备好了,添加云基础架构和尝试运行一些虚拟机,你将会观察到CloudStack如何管理基础设施。参阅:提供你的云基础设置�谁应该读本文�你可以按照以下指令在你的apt源中增加DEB包库。请注意只有来自 Ubuntu 12.04 LTS (precise)的包可以在此时构建。�你也可以使用管理服务节点作为NFS服务器。这是更为典型的安装,部署更大的环境在技术上是可行的。参阅 :ref:`using-the-management-server-as-the-nfs-server`.�你可以把这几行放在datadir行下. 参数max_connections应该设置为 350 乘以你部署管理服务器节点的个数. 这个示例假定你只部署了一台管理服务器.�你应该看到这样的信息: “Management Server setup is done.”�你的DEB包库现在将被配置并准备使用。�Yum库信息在``/etc/yum.repos.d``中。你可以看到一些 ``.repo``文件在这个目录中,每个都代表一个特定的仓库。�`“关于主存储” <http://docs.cloudstack.apache.org/en/latest/concepts.html#about-primary-storage>`_�`“关于辅助存储” <http://docs.cloudstack.apache.org/en/latest/concepts.html#about-secondary-storage>`_。�修改为:�|installation-complete.png: Finished installs with single Management Server and multiple Management Servers|�