The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Fedcloud-tf:WorkGroups:Scenario1:OpenNebulaInstallation
rOCCI-server
This section describes how to install and configure rOCCI-server 1.0.x in SL6
Installation & configuration
See rOCCI-Server#Introduction and follow the instructions. VOMS configuration specific to the EGI FedCloud is below, you should return here after your rOCCI-server has been successfully installed and configured.
VOMS configuration
- Make sure that your server can validate fedcloud.egi.eu's and ops' certs, i.e. the following files exist:
# cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.egee.cesnet.cz /C=NL/O=TERENA/CN=TERENA eScience SSL CA # cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms2.grid.cesnet.cz /C=NL/O=TERENA/CN=TERENA eScience SSL CA
# cat /etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority # cat /etc/grid-security/vomsdir/ops/voms.cern.ch.lsc /DC=ch/DC=cern/OU=computers/CN=voms.cern.ch /DC=ch/DC=cern/CN=CERN Trusted Certification Authority
- For details on how to support other VOs, see Fedcloud-tf:Support_a_new_Virtual_Organisation
rOCCI-server + VOMS
- Configure OpenNebula's x509 auth, modify /etc/one/auth/x509_auth.conf file:
# Path to the trusted CA directory. It should contain the trusted CA's for # the server, each CA certificate shoud be name CA_hash.0 :ca_dir: "/etc/grid-security/certificates"
For more information have a look at the official OpenNebula documentation [1]
Automatic propagation from Perun
See Perun and Fedcloud-tf:Support_a_new_Virtual_Organisation#Enable_a_Virtual_Organisation_on_a_EGI_Federated_Cloud_site_using_OpenNebula.
Manual account management
If you want to use X.509/VOMS authentication for your users, you need to create users in OpenNebula with the X.509 driver. For a user named 'johnsmith' from the fedcloud.egi.eu VO the command may look like this
$ oneuser create johnsmith "/DC=es/DC=irisgrid/O=cesga/CN=johnsmith/VO=fedcloud.egi.eu/Role=NULL/Capability=NULL" --driver x509
- And its properties:
$ oneuser update <id_x509_user> X509_DN="/DC=es/DC=irisgrid/O=cesga/CN=johnsmith"
rOCCI-server upgrade
You can upgrade the server using your package manager.
rOCCI-cli
Installation & configuration
See Fedcloud-tf:CLI_Environment.
Usage
- To test the VOMS support & rOCCI-server yourselves, you can use the following:
# voms-proxy-init -voms fedcloud.egi.eu -rfc
# occi --help
# occi --endpoint $ENDPOINT --auth x509 --resource storage --action list --user-cred /tmp/x509up_u1000 --voms # occi --endpoint $ENDPOINT --auth x509 --resource network --action list --user-cred /tmp/x509up_u1000 --voms # occi --endpoint $ENDPOINT --auth x509 --resource compute --action list --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint $ENDPOINT --auth x509 --resource os_tpl --action list --user-cred /tmp/x509up_u1000 --voms # occi --endpoint $ENDPOINT --auth x509 --resource os_tpl#debian6 --action describe --user-cred /tmp/x509up_u1000 --voms
# occi --endpoint $ENDPOINT --auth x509 --resource compute --action create --attribute occi.core.title="MyrOCCIVM" --mixin os_tpl#debian6 --mixin resource_tpl#small --user-cred /tmp/x509up_u1000 --voms # occi --endpoint $ENDPOINT --auth x509 --resource /compute/<ID> --action describe --user-cred /tmp/x509up_u1000 --voms