Fedcloud-tf:WorkGroups:Scenario1:OpenNebulaInstallation
rOCCI-server
This section describes how to install and configure rOCCI-server 1.0.x in SL6
Installation & configuration
See rOCCI-Server#Introduction and follow the instructions. VOMS configuration specific to the EGI FedCloud is below, you should return here after your rOCCI-server has been successfully installed and configured.
VOMS configuration
- Make sure that your server can validate fedcloud.egi.eu's and ops' certs, i.e. the following files exist:
# cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.egee.cesnet.cz /C=NL/O=TERENA/CN=TERENA eScience SSL CA # cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms2.grid.cesnet.cz /C=NL/O=TERENA/CN=TERENA eScience SSL CA
# cat /etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority # cat /etc/grid-security/vomsdir/ops/voms.cern.ch.lsc /DC=ch/DC=cern/OU=computers/CN=voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority
- For details on how to support other VOs, see Fedcloud-tf:Support_a_new_Virtual_Organisation
rOCCI-server + VOMS
- Configure OpenNebula's x509 auth, modify /etc/one/auth/x509_auth.conf file:
# Path to the trusted CA directory. It should contain the trusted CA's for # the server, each CA certificate shoud be name CA_hash.0 :ca_dir: "/etc/grid-security/certificates"
For more information have a look at the official OpenNebula documentation [1]
Automatic propagation from Perun
See Perun and Fedcloud-tf:Support_a_new_Virtual_Organisation#Enable_a_Virtual_Organisation_on_a_EGI_Federated_Cloud_site_using_OpenNebula.
Manual account management
If you want to use X.509/VOMS authentication for your users, you need to create users in OpenNebula with the X.509 driver. For a user named 'johnsmith' from the fedcloud.egi.eu VO the command may look like this
$ oneuser create johnsmith "/DC=es/DC=irisgrid/O=cesga/CN=johnsmith/VO=fedcloud.egi.eu/Role=NULL/Capability=NULL" --driver x509
- And its properties:
$ oneuser update <id_x509_user> X509_DN="/DC=es/DC=irisgrid/O=cesga/CN=johnsmith"
rOCCI-server upgrade
You can upgrade the server using your package manager. Sites running on CentOS 6 or Scientific Linux 6 must execute the following after each upgrade and restart httpd:
$ /opt/occi-server/embedded/bin/passenger-install-apache2-module --auto --languages ruby $ /opt/occi-server/embedded/bin/passenger-install-apache2-module --snippet > /etc/httpd/conf.d/passenger.conf
rOCCI-cli
Installation & configuration
See Fedcloud-tf:CLI_Environment.
Usage
- To test the VOMS support & rOCCI-server yourselves, you can use the following:
# voms-proxy-init -voms fedcloud.egi.eu -rfc
# occi --help
# occi --endpoint $ENDPOINT --auth x509 --resource storage --action list --user-cred /tmp/x509up_u1000 --voms # occi --endpoint $ENDPOINT --auth x509 --resource network --action list --user-cred /tmp/x509up_u1000 --voms # occi --endpoint $ENDPOINT --auth x509 --resource compute --action list --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint $ENDPOINT --auth x509 --resource os_tpl --action list --user-cred /tmp/x509up_u1000 --voms # occi --endpoint $ENDPOINT --auth x509 --resource os_tpl#debian6 --action describe --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint $ENDPOINT --auth x509 --resource compute --action create --attribute occi.core.title="MyrOCCIVM" --mixin os_tpl#debian6 --mixin resource_tpl#small --user-cred /tmp/x509up_u1000 --voms # occi --endpoint $ENDPOINT --auth x509 --resource /compute/<ID> --action describe --user-cred /tmp/x509up_u1000 --voms