Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Fedcloud-tf:WorkGroups:Scenario1:OpenNebulaInstallation"

From EGIWiki
Jump to navigation Jump to search
(Redirected page to MAN10#OpenNebula)
 
(8 intermediate revisions by one other user not shown)
Line 1: Line 1:
== rOCCI-server  ==
#REDIRECT[[MAN10#OpenNebula]]
 
This section describes how to install and configure rOCCI-server 1.0.x in SL6
 
=== Installation & configuration ===
 
See [https://github.com/EGI-FCTF/rOCCI-server/wiki/rOCCI-Server-Admin-Guide#Introduction rOCCI-Server#Introduction] and follow the instructions. VOMS configuration specific to the EGI FedCloud is below, you should return here after your rOCCI-server has been successfully installed and configured.
 
=== VOMS configuration ===
 
*Make sure that your server can validate fedcloud.egi.eu's and ops' certs, i.e. the following files exist:
 
# cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc
/DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.egee.cesnet.cz
/C=NL/O=TERENA/CN=TERENA eScience SSL CA
# cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc
/DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms2.grid.cesnet.cz
/C=NL/O=TERENA/CN=TERENA eScience SSL CA
 
# cat /etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc
/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
# cat /etc/grid-security/vomsdir/ops/voms.cern.ch.lsc
/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch
/DC=ch/DC=cern/CN=CERN Trusted Certification Authority
 
*For details on how to support other VOs, see [[Fedcloud-tf:Support_a_new_Virtual_Organisation]]
 
=== rOCCI-server + VOMS  ===
 
*Configure OpenNebula's x509 auth, modify /etc/one/auth/x509_auth.conf file:
 
# Path to the trusted CA directory. It should contain the trusted CA's for
# the server, each CA certificate shoud be name CA_hash.0
:ca_dir: "/etc/grid-security/certificates"
 
For more information have a look at the official OpenNebula documentation [http://opennebula.org/documentation]
 
==== Automatic propagation from Perun ====
 
See [https://github.com/EGI-FCTF/fctf-perun Perun] and [[Fedcloud-tf:Support_a_new_Virtual_Organisation#Enable_a_Virtual_Organisation_on_a_EGI_Federated_Cloud_site_using_OpenNebula]].
 
==== Manual account management ====
 
If you want to use X.509/VOMS authentication for your users, you need to create users in OpenNebula with the X.509 driver. For a user named 'johnsmith' from the fedcloud.egi.eu VO the command may look like this
 
$ oneuser create johnsmith "/DC=es/DC=irisgrid/O=cesga/CN=johnsmith/VO=fedcloud.egi.eu/Role=NULL/Capability=NULL" --driver x509
 
*And its properties:
 
$ oneuser update <id_x509_user>
X509_DN="/DC=es/DC=irisgrid/O=cesga/CN=johnsmith"
 
=== rOCCI-server upgrade  ===
 
You can upgrade the server using your package manager. Sites running on CentOS 6 or Scientific Linux 6 must execute the following after each upgrade:
 
<pre>
$ /opt/occi-server/embedded/bin/passenger-install-apache2-module --auto --languages ruby
$ /opt/occi-server/embedded/bin/passenger-install-apache2-module --snippet  > /etc/httpd/conf.d/passenger.conf
</pre>
 
== rOCCI-cli  ==
 
=== Installation & configuration ===
 
See [[Fedcloud-tf:CLI_Environment]].
 
=== Usage ===
 
*To test the VOMS support & rOCCI-server yourselves, you can use the following:
 
# voms-proxy-init -voms fedcloud.egi.eu -rfc
 
# occi --help
 
# occi --endpoint $ENDPOINT --auth x509 --resource storage --action list --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint $ENDPOINT --auth x509 --resource network --action list --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint $ENDPOINT --auth x509 --resource compute --action list --user-cred /tmp/x509up_u1000 --voms
 
# occi --endpoint $ENDPOINT --auth x509 --resource os_tpl --action list --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint $ENDPOINT --auth x509 --resource os_tpl#debian6 --action describe --user-cred /tmp/x509up_u1000 --voms
 
# occi --endpoint $ENDPOINT --auth x509 --resource compute --action create --attribute occi.core.title="MyrOCCIVM" --mixin os_tpl#debian6 --mixin resource_tpl#small --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint $ENDPOINT --auth x509 --resource /compute/&lt;ID&gt; --action describe --user-cred /tmp/x509up_u1000 --voms
 
== References  ==
 
*https://github.com/EGI-FCTF/rOCCI-server
*https://github.com/EGI-FCTF/rOCCI-cli

Latest revision as of 10:29, 5 June 2015

Redirect to:

Retrieved from "https://wiki.egi.eu/w/index.php?title=Fedcloud-tf:WorkGroups:Scenario1:OpenNebulaInstallation&oldid=79877"