Fedcloud-tf:WorkGroups:Scenario1:OpenNebulaInstallation
Jump to navigation
Jump to search
rOCCI-server
This section describes how to install and configure rOCCI-server 1.0.x in SL6
Installation & configuration
VOMS configuration
- Make sure that your server can validate fedcloud.egi.eu's and ops' certs, i.e. the following files exist:
# cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.egee.cesnet.cz /C=NL/O=TERENA/CN=TERENA eScience SSL CA # cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms2.grid.cesnet.cz /C=NL/O=TERENA/CN=TERENA eScience SSL CA
# cat /etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority # cat /etc/grid-security/vomsdir/ops/voms.cern.ch.lsc /DC=ch/DC=cern/OU=computers/CN=voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority
rOCCI-server + VOMS
- Configure OpenNebula's x509 auth, modify /etc/one/auth/x509_auth.conf file:
# Path to the trusted CA directory. It should contain the trusted CA's for # the server, each CA certificate shoud be name CA_hash.0 :ca_dir: "/etc/grid-security/certificates"
For more information have a look at the official OpenNebula documentation [1]
Automatic propagation from Perun
See Perun
Manual account management
If you want to use X.509/VOMS authentication for your users, you need to create users in OpenNebula with the X.509 driver. For a user named 'johnsmith' from the fedcloud.egi.eu VO the command may look like this
$ oneuser create johnsmith "/DC=es/DC=irisgrid/O=cesga/CN=johnsmith/VO=fedcloud.egi.eu/Role=NULL/Capability=NULL" --driver x509
- And its properties:
$ oneuser update <id_x509_user> X509_DN="/DC=es/DC=irisgrid/O=cesga/CN=johnsmith"
rOCCI-server upgrade
You can upgrade the server using your package manager.
rOCCI-cli
- Runnig on Ubuntu 12.04 with Ruby and Rubygems from repositories
$ gem install occi-cli
Note: rOCCI client is compatible with Ruby 1.9.3, 2.0.0 and jRuby 1.7.0
- Configure your user cert:
$ cat $HOME/.globus/usercert.pem $HOME/.globus/userkey.pem >> $HOME/.globus/usercred.pem
- To find out more about available options and defaults use
$ occi --help
- To list available resources use:
$ occi --endpoint https://cloud.cesga.es:3202/ --action list --resource compute --auth x509 $ occi --endpoint https://cloud.cesga.es:3202/ --action list --resource storage --auth x509 $ occi --endpoint https://cloud.cesga.es:3202/ --action list --resource network --auth x509
- To describe available resources use
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource compute --auth x509 $ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource storage --auth x509 $ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource network --auth x509
- To describe specific resources use:
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource https://cloud.cesga.es:3202/compute/<OCCI_ID> --auth x509 $ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource https://cloud.cesga.es:3202/storage/<OCCI_ID> --auth x509 $ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource https://cloud.cesga.es:3202/network/<OCCI_ID> --auth x509
- To list available OS templates or Resource templates use:
$ occi --endpoint https://cloud.cesga.es:3202/ --action list --resource os_tpl --auth x509 $ occi --endpoint https://cloud.cesga.es:3202/ --action list --resource resource_tpl --auth x509
- To describe a specific OS template or Resource template use
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource os_tpl#debian6 --auth x509 $ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource resource_tpl#small --auth x509
- To create a compute resource with mixins use:
$ occi --endpoint https://cloud.cesga.es:3202/ --action create --resource compute --mixin os_tpl#debian6 --mixin resource_tpl#small --attribute occi.core.title="My rOCCI VM" --auth x509
- To delete a compute resource use:
$ occi --endpoint https://cloud.cesga.es:3202/ --action delete --resource https://cloud.cesga.es:3202/compute/<OCCI_ID> --auth x509
- More info available here.
rOCCI-cli + VOMS
- You can apply for VO "fedcloud.egi.eu" membership in Perun
- Install VOMS clients
- To test VOMS support yourselves, you can use the following:
# voms-proxy-init -voms fedcloud.egi.eu -rfc
# occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource storage --action list --user-cred /tmp/x509up_u1000 --voms # occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource network --action list --user-cred /tmp/x509up_u1000 --voms # occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource compute --action list --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource os_tpl --action list --user-cred /tmp/x509up_u1000 --voms # occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource os_tpl#debian6 --action describe --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource compute --action create --attribute occi.core.title="MyrOCCIVM" --mixin os_tpl#debian6 --user-cred /tmp/x509up_u1000 --voms