Difference between revisions of "HOWTO15 How to configure the Federated Cloud BDII"
Line 55: | Line 55: | ||
*Site name will be fetched from <code>site</code> -> <code>name</code> in the template file. Set it to the name defined in GOCDB. Alternatively, the site name can be fetched from /etc/glite-info-static/site/site.cfg (or by the file set with the --glite-site-info-static option) | *Site name will be fetched from <code>site</code> -> <code>name</code> in the template file. Set it to the name defined in GOCDB. Alternatively, the site name can be fetched from /etc/glite-info-static/site/site.cfg (or by the file set with the --glite-site-info-static option) | ||
== OpenNebula | == OpenNebula == | ||
*Use the <code>--middleware opennebularocci</code> option to activate this provider | *Use the <code>--middleware opennebularocci</code> option to activate this provider | ||
Line 63: | Line 63: | ||
**<code>--on-rpcxml-endpoint</code> shall contain the address of the RPCv2 endpoint. Usually it is <code><nowiki>http://<hostname>:2633/RPC2</nowiki></code>. If not on a secure network, it is suggested to provide this interface via https, since the <code>on-auth</code> parameter will be sent in clear text to the server. | **<code>--on-rpcxml-endpoint</code> shall contain the address of the RPCv2 endpoint. Usually it is <code><nowiki>http://<hostname>:2633/RPC2</nowiki></code>. If not on a secure network, it is suggested to provide this interface via https, since the <code>on-auth</code> parameter will be sent in clear text to the server. | ||
* | *Compute templates can be gathered in two ways. One option does not preclude the other and the resulting templates will be the merge of the two. | ||
**directly from remote OpenNebula (with rOCCI-server installed and configured), by setting the <code>--rocci-remote-templates</code> flag | |||
**manually by placing them in the configuration file | |||
* | *With the <code>--cloudkeeper-images</code> flag, OS templates can be filtered so only the cloudkeeper ones are published. | ||
== OpenStack == | == OpenStack == |
Revision as of 13:30, 11 October 2017
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
Purpose
This page provides instructions on how to configure the Federated Cloud Production resource-BDII.
Installation
Documentation and general installation guidelines for the cloud-info-provider are available at https://github.com/EGI-FCTF/cloud-bdii-provider
If you don't have already a BDII-site service in production, you will need to install also the bdii
package (available in EPEL repo).
If you are using OpenStack as provider, you also need to install the python-novaclient
package.
If you want to install from packages, here follow some guidelines.
RHEL/CentOS/ScientificLinux
- Add EPEL repository according to the instructions at https://fedoraproject.org/wiki/EPEL
- Add the cloud-info-provider repository to yum:
wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/sl-6-x86_64.repo \ -O /etc/yum.repos.d/cloud-info-provider.repo
- Install the package
yum install cloud-info-provider-service
For Debian/Ubuntu 6/7/8
- Add AppDB's repository:
sudo wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/ubuntu-precise-amd64.list \ -O /etc/apt/sources.list.d/cloud-info-provider.list
- Add AppDB key:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E2E992EB352D3E14
- Install the package
sudo apt-get update sudo apt-get install python-cloud-info-provider
Configuration
Use one of the template files in /etc/cloud-info-provider
as basis for creating your own YAML file with the static information of your resources. E.g:
cp /etc/cloud-info-provider/sample.openstack.yaml /etc/cloud-info-provider/bdii.yaml
Each middleware has its own options to fetch the dynamic information, check the --help
option for more information. Some additional notes are given in the following sections.
General
- Site name will be fetched from
site
->name
in the template file. Set it to the name defined in GOCDB. Alternatively, the site name can be fetched from /etc/glite-info-static/site/site.cfg (or by the file set with the --glite-site-info-static option)
OpenNebula
- Use the
--middleware opennebularocci
option to activate this provider
- You need to specify connection parameters to the OpenNebula XML-RPC interface:
--on-auth
parameter should contain the authorization parameters for an existing user with full read permissions on the image disks. If the user has been created with thecore
driver, this parameter shall be set to<username>:<password>
.--on-rpcxml-endpoint
shall contain the address of the RPCv2 endpoint. Usually it ishttp://<hostname>:2633/RPC2
. If not on a secure network, it is suggested to provide this interface via https, since theon-auth
parameter will be sent in clear text to the server.
- Compute templates can be gathered in two ways. One option does not preclude the other and the resulting templates will be the merge of the two.
- directly from remote OpenNebula (with rOCCI-server installed and configured), by setting the
--rocci-remote-templates
flag - manually by placing them in the configuration file
- directly from remote OpenNebula (with rOCCI-server installed and configured), by setting the
- With the
--cloudkeeper-images
flag, OS templates can be filtered so only the cloudkeeper ones are published.
OpenStack
- Use the
--middleware openstack
option to activate this provider
- The OpenStack provider uses python-novaclient (needs to be installed separately)
--os-username
,--os-password
,--auth-tenant-name
,--os-auth-url
,--os-cacert
,--insecure
options to the cloud-provider allow to set the connection parameters. Alternatively you can use environment variables (e.g.OS_USERNAME
) as with other OpenStack clients--insecure
should not be used in production!
- Be sure that keystone contains the OCCI endpoint, otherwise it will not be published by the BDII. You can check this via the command
keystone service-list
. To create a new service and endpoint, you can run
keystone service-create --name occi_api --type occi --description 'Nova OCCI Service' keystone endpoint-create --service_id <service-id> --region RegionOne --publicurl http://$HOSTNAME:8787/ \ --internalurl http://$HOSTNAME:8787/ --adminurl http://$HOSTNAME:8787/
where the service-id is the one obtained from keystone service-list
.
- By default, the provider script will filter images without marketplace uri defined into the marketplace or vmcatcher_event_ad_mpuri property. If you want to list all the images templates (included local snapshots), set the variable 'require_marketplace_id: false' under 'compute' -> 'images' -> 'defaults' in the YAML configuration file.
Create the provider
- Create the file
/var/lib/bdii/gip/provider/cloud-info-provider
that calls the provider with the correct options for your site, for example:
#!/bin/sh cloud-info-provider-service --yaml /etc/cloud-info-provider/openstack.yaml \ --middleware openstack \ --os-username <username> --os-password <passwd> \ --os-tenant-name <tenant> --os-auth-url <url>
- Give execution permission:
chmod +x /var/lib/bdii/gip/provider/cloud-info-provider
- and test it:
/var/lib/bdii/gip/provider/cloud-info-provider
- That should return the complete LDIF describing your site. Now you can start the bdii service
service bdii start
- And check that the information is being published
ldapsearch -x -h localhost -p 2170 -b o=glue
Add your resource BDII to the site-BDII
Add your cloud-info-provider to your site-BDII by adding a new URL like this:
ldap://<cloud-info-provier-hostname>:2170/GLUE2GroupID=cloud,o=glue
Check how to set up your Site-BDII at MAN01 How to publish Site Information for information on how to add the URL.