Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Fedcloud-tf:WorkGroups:Scenario1:OpenNebulaInstallation"

From EGIWiki
Jump to navigation Jump to search
(Redirected page to MAN10#OpenNebula)
 
(13 intermediate revisions by one other user not shown)
Line 1: Line 1:
== rOCCI-server  ==
#REDIRECT[[MAN10#OpenNebula]]
 
This section describes how to install and configure rOCCI-server 1.0.x in SL6
 
=== Installation & configuration ===
 
See [https://github.com/EGI-FCTF/rOCCI-server/wiki/rOCCI-Server-Admin-Guide#Introduction rOCCI-Server#Introduction]
 
=== VOMS configuration ===
 
*Make sure that your server can validate fedcloud.egi.eu's and ops' certs, i.e. the following files exist:
 
# cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc
/DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.egee.cesnet.cz
/C=NL/O=TERENA/CN=TERENA eScience SSL CA
# cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc
/DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms2.grid.cesnet.cz
/C=NL/O=TERENA/CN=TERENA eScience SSL CA
 
# cat /etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc
/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
# cat /etc/grid-security/vomsdir/ops/voms.cern.ch.lsc
/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
 
=== rOCCI-server + VOMS  ===
 
*Configure OpenNebula's x509 auth, modify /etc/one/auth/x509_auth.conf file:
 
# Path to the trusted CA directory. It should contain the trusted CA's for
# the server, each CA certificate shoud be name CA_hash.0
:ca_dir: "/etc/grid-security/certificates"
 
For more information have a look at the official OpenNebula documentation [http://opennebula.org/documentation]
 
==== Automatic propagation from Perun ====
 
See [https://github.com/EGI-FCTF/fctf-perun Perun]
 
==== Manual account management ====
 
If you want to use X.509/VOMS authentication for your users, you need to create users in OpenNebula with the X.509 driver. For a user named 'johnsmith' from the fedcloud.egi.eu VO the command may look like this
 
$ oneuser create johnsmith "/DC=es/DC=irisgrid/O=cesga/CN=johnsmith/VO=fedcloud.egi.eu/Role=NULL/Capability=NULL" --driver x509
 
*And its properties:
 
$ oneuser update <id_x509_user>
X509_DN="/DC=es/DC=irisgrid/O=cesga/CN=johnsmith"
 
=== rOCCI-server upgrade  ===
 
You can upgrade the server using your package manager.
 
== rOCCI-cli  ==
 
*Runnig on Ubuntu 12.04 with Ruby and Rubygems from repositories
 
$ gem install occi-cli
 
'''Note:''' rOCCI client is compatible with Ruby 1.9.3, 2.0.0 and jRuby 1.7.0
 
*Configure your user cert:
 
$ cat $HOME/.globus/usercert.pem $HOME/.globus/userkey.pem >> $HOME/.globus/usercred.pem
 
*To find out more about available options and defaults use
 
$ occi --help
 
*To list available resources use:
 
$ occi --endpoint https://cloud.cesga.es:3202/ --action list --resource compute --auth x509
$ occi --endpoint https://cloud.cesga.es:3202/ --action list --resource storage --auth x509
$ occi --endpoint https://cloud.cesga.es:3202/ --action list --resource network --auth x509
 
*To describe available resources use
 
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource compute --auth x509
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource storage --auth x509
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource network --auth x509
 
*To describe specific resources use:
 
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource https://cloud.cesga.es:3202/compute/<OCCI_ID> --auth x509
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource https://cloud.cesga.es:3202/storage/<OCCI_ID> --auth x509
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource https://cloud.cesga.es:3202/network/<OCCI_ID> --auth x509
 
*To list available OS templates or Resource templates use:
 
$ occi --endpoint https://cloud.cesga.es:3202/ --action list --resource os_tpl --auth x509
$ occi --endpoint https://cloud.cesga.es:3202/ --action list --resource resource_tpl --auth x509
 
*To describe a specific OS template or Resource template use
 
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource os_tpl#debian6 --auth x509
$ occi --endpoint https://cloud.cesga.es:3202/ --action describe --resource resource_tpl#small --auth x509
 
*To create a compute resource with mixins use:
 
$ occi --endpoint https://cloud.cesga.es:3202/ --action create --resource compute --mixin os_tpl#debian6 --mixin resource_tpl#small --attribute occi.core.title="My rOCCI VM" --auth x509
 
*To delete a compute resource use:
 
$ occi --endpoint https://cloud.cesga.es:3202/ --action delete --resource https://cloud.cesga.es:3202/compute/<OCCI_ID> --auth x509
 
*More info available [https://github.com/EGI-FCTF/rOCCI-cli here].
 
=== rOCCI-cli + VOMS ===
 
*You can apply for VO "fedcloud.egi.eu" membership in [https://perun.metacentrum.cz/perun-registrar-cert/?vo=fedcloud.egi.eu Perun]
*Install VOMS clients
*Install IGTF trust anchors
*Configure VOMS servers serving selected VOs
 
$ cat ~/.voms/vomses
"fedcloud.egi.eu" "voms2.grid.cesnet.cz" "15002" "/DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms2.grid.cesnet.cz" "fedcloud.egi.eu" "24"
"fedcloud.egi.eu" "voms1.egee.cesnet.cz" "15002" "/DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.egee.cesnet.cz" "fedcloud.egi.eu" "24"
 
*To test VOMS support yourselves, you can use the following:
 
# voms-proxy-init -voms fedcloud.egi.eu -rfc
 
# occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource storage --action list --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource network --action list --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource compute --action list --user-cred /tmp/x509up_u1000 --voms
 
# occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource os_tpl --action list --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource os_tpl#debian6 --action describe --user-cred /tmp/x509up_u1000 --voms
 
# occi --endpoint https://cloud.cesga.es:3202/ --auth x509 --resource compute --action create --attribute occi.core.title="MyrOCCIVM" --mixin os_tpl#debian6 --user-cred /tmp/x509up_u1000 --voms
 
== References  ==
 
*https://github.com/EGI-FCTF/rOCCI-server
*https://github.com/EGI-FCTF/rOCCI-cli

Latest revision as of 10:29, 5 June 2015

Redirect to:

Retrieved from "https://wiki.egi.eu/w/index.php?title=Fedcloud-tf:WorkGroups:Scenario1:OpenNebulaInstallation&oldid=79877"