Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "HOWTO15 How to configure the Federated Cloud BDII"

From EGIWiki
Jump to navigation Jump to search
 
(21 intermediate revisions by 6 users not shown)
Line 1: Line 1:
[[Category: Technology ]]
{{Template:Op menubar}} {{Template:Doc_menubar}}
[[Category: Fedcloud-tf]]
[[Category:Deprecated]]
{| style="border:1px solid black; background-color:lightgrey; color: black; padding:5px; font-size:140%; width: 90%; margin: auto;"
| style="padding-right: 15px; padding-left: 15px;" |
|[[File:Alert.png]] This page is '''Deprecated'''; the content has been moved to https://docs.egi.eu/providers/cloud-compute/openstack/#egi-information-system 
|}


= Purpose =
{{TOC_right}}


This page provides instructions on how to configure the Federated Cloud Production resource-BDII.
= Purpose  =


= Installation =
This page provides instructions on how to configure the Federated Cloud Production resource-BDII.


Packages for the cloud-info-provider are available at [https://appdb.egi.eu/store/software/cloud.info.provider EGI's AppDB]. They will install bdii as a dependency.
= Installation  =


== RHEL/CentOS/ScientificLinux ==
Documentation and general installation guidelines for the cloud-info-provider are available at https://github.com/EGI-FCTF/cloud-bdii-provider
 
If you don't have already a BDII-site service in production, you will need to install also the <code>bdii</code> package (available in EPEL repo).
 
If you are using OpenStack as provider, you also need to install the <code>python-novaclient</code> package.
 
If you want to install from packages, here follow some guidelines.
 
== RHEL/CentOS/ScientificLinux ==
 
*Add EPEL repository according to the instructions at https://fedoraproject.org/wiki/EPEL
*Add the cloud-info-provider repository to yum:


* Add EPEL repository according to the instructions at https://fedoraproject.org/wiki/EPEL
* Add the cloud-info-provider repository to yum:
  wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/sl-6-x86_64.repo \
  wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/sl-6-x86_64.repo \
      -O /etc/yum.repos.d/cloud-info-provider.repo
    -O /etc/yum.repos.d/cloud-info-provider.repo
* Install the package
 
*Install the package
 
  yum install cloud-info-provider-service
  yum install cloud-info-provider-service


== For Debian/Ubuntu 6/7/8 ==
== For Debian/Ubuntu 6/7/8 ==
 
*Add AppDB's repository:


* Add AppDB's repository:
  sudo wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/ubuntu-precise-amd64.list \
  sudo wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/ubuntu-precise-amd64.list \
          -O /etc/apt/sources.list.d/cloud-info-provider.list
        -O /etc/apt/sources.list.d/cloud-info-provider.list
* Add AppDB key:
 
*Add AppDB key:
 
  sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E2E992EB352D3E14
  sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E2E992EB352D3E14
* Install the package
 
*Install the package
 
  sudo apt-get update
  sudo apt-get update
  sudo apt-get install python-cloud-info-provider
  sudo apt-get install python-cloud-info-provider


= Configuration =
= Configuration =
 
Use one of the template files in <code>/etc/cloud-info-provider</code> as basis for creating your own YAML file with the static information of your resources. E.g:


Use one of the template files in <code>/etc/cloud-info-provider</code> as basis for creating your own YAML file with the static information of your resources. E.g:
  cp /etc/cloud-info-provider/sample.openstack.yaml /etc/cloud-info-provider/bdii.yaml
  cp /etc/cloud-info-provider/sample.openstack.yaml /etc/cloud-info-provider/bdii.yaml


Each middleware has its own options to fetch the dynamic information, check the <code>--help</code> option for more information. Some additional notes are given in the following sections.
Each middleware has its own options to fetch the dynamic information, check the <code>--help</code> option for more information. Some additional notes are given in the following sections.  


== General ==
== General ==
* Site name will be fetched from <code>site</code> -> <code>name</code> in the template file. Set it to the name defined in GOCDB. Alternatively, the site name can be fetched from /etc/glite-info-static/site/site.cfg (or by the file set with the --glite-site-info-static option)


== OpenNebula + rOCCI ==
*Site name will be fetched from <code>site</code> -&gt; <code>name</code> in the template file. Set it to the name defined in GOCDB. Alternatively, the site name can be fetched from /etc/glite-info-static/site/site.cfg (or by the file set with the --glite-site-info-static option)
* Use the <code>--middleware opennebularocci</code> option to activate this provider


* You need to specify connection parameters to the OpenNebula XML-RPC interface:
== OpenNebula ==
** <code>--on-auth</code> parameter should contain the authorization parameters for an existing user with full read permissions on the image disks. If the user has been created with the <code>core</code> driver, this parameter shall be set to <code><username>:<password></code>.
** <code>--on-rpcxml-endpoint</code> shall contain the address of the RPCv2 endpoint. Usually it is <code><nowiki>http://<hostname>:2633/RPC2</nowiki></code>. If not on a secure network, it is suggested to provide this interface via https, since the <code>on-auth</code> parameter will be sent in clear text to the server.


* Compute templates can be gathered in two ways: directly from rOCCI configuration, by setting up the <code>--rocci-template-dir</code> option pointing to the rOCCI configuration folder or manually by placing them in the configuration file. One option does not preclude the other and the resulting templates will be the merge of the two.
*Use the <code>--middleware opennebularocci</code> option to activate this provider


== OpenStack ==
*Use the <code>sample.opennebularocci.yaml</code> configuration sample. Change the following lines:
<pre>
site:
    # Your site name, as in GODCB (if omitted or set to None, this value is
    # retreived from /etc/glite-info-static/site/site.cfg )
    #name: SITE_NAME
</pre>
<pre>
compute:
    # Total number of cores available
    total_cores: 0
    # Total RAM available (GB)
    total_ram: 0
    # Hypervisor name (e.g. KVM, Xen, etc.)
    hypervisor: Foo Hypervisor
    # Hypervisor version
    hypervisor_version: 0.0.0
    # ...
    # Middleware version
    middleware_version: 0.0
</pre>
<pre>
    endpoints:
        # ...


* Use the <code>--middleware openstack</code> option to activate this provider
        # Host serving your Virtual Machine Management interface (rOCCI-server)
        https://cloud-service01.example.org:11443:
            endpoint_url: https://cloud-service01.example.org:11443
</pre>
<pre>
    # Images are retreived automatically by the endpoint
    images:
        defaults:
            #...
            # os_tpl schema prefix must match ROCCI_SERVER_OPENNEBULA_SCHEMA_NAMESPACE in rOCCI-server, only the host part
            schema: http://schemas.cloud-service01.example.org/occi/infrastructure/os_tpl
</pre>


* The OpenStack provider uses python-novaclient (already included as a dependency in deb packages, rpm based systems will need to install it separately):
*You need to specify connection parameters to the OpenNebula XML-RPC interface:  
** <code>--os-username</code>, <code>--os-password</code>, <code>--auth-tenant-name</code>, <code>--os-auth-url</code>, <code>--os-cacert</code>, <code>--insecure</code> options to the cloud-provider allow to set the connection parameters. Alternatively you can use environment variables (e.g. <code>OS_USERNAME</code>) as with other OpenStack clients
**<code>--on-auth</code> parameter should contain the authorization parameters for an existing user with full read permissions on the image disks. If the user has been created with the <code>core</code> driver, this parameter shall be set to <code>&lt;username&gt;:&lt;password&gt;</code>.
** <code>--insecure</code> should not be used in production!
**<code>--on-rpcxml-endpoint</code> shall contain the address of the RPCv2 endpoint. Usually it is <code><nowiki>http://<hostname>:2633/RPC2</nowiki></code>. If not on a secure network, it is suggested to provide this interface via https, since the <code>on-auth</code> parameter will be sent in clear text to the server.


* Be sure that keystone contains the OCCI endpoint, otherwise it will not be published by the BDII. You can check this via the command <code>keystone service-list</code>. To create a new service and endpoint, you can run
*Compute templates can be gathered in two ways. One option does not preclude the other and the resulting templates will be the merge of the two.
<pre>
**directly from remote OpenNebula (with rOCCI-server installed and configured), by setting the <code>--rocci-remote-templates</code> flag
keystone service-create --name occi_api --type occi --description 'Nova OCCI Service'
**manually by placing them in the configuration file
 
*With the <code>--cloudkeeper-images</code> flag, OS templates can be filtered so only the cloudkeeper ones are published.
 
== OpenStack  ==
 
*Use the <code>--middleware openstack</code> option to activate this provider
 
*The OpenStack provider uses python-novaclient (needs to be installed separately)
**<code>--os-username</code>, <code>--os-password</code>, <code>--auth-tenant-name</code>, <code>--os-auth-url</code>, <code>--os-cacert</code>, <code>--insecure</code> options to the cloud-provider allow to set the connection parameters. Alternatively you can use environment variables (e.g. <code>OS_USERNAME</code>) as with other OpenStack clients
**<code>--insecure</code> should not be used in production!
 
*Be sure that keystone contains the OCCI endpoint, otherwise it will not be published by the BDII. You can check this via the command <code>keystone service-list</code>. To create a new service and endpoint, you can run
<pre>keystone service-create --name occi_api --type occi --description 'Nova OCCI Service'


keystone endpoint-create --service_id <service-id> --region RegionOne --publicurl http://$HOSTNAME:8787/ \
keystone endpoint-create --service_id &lt;service-id&gt; --region RegionOne --publicurl http://$HOSTNAME:8787/ \
                                         --internalurl http://$HOSTNAME:8787/ --adminurl http://$HOSTNAME:8787/
                                         --internalurl http://$HOSTNAME:8787/ --adminurl http://$HOSTNAME:8787/
</pre>  
</pre>  
where the ''service-id'' is the one obtained from <code>keystone service-list</code>.
where the ''service-id'' is the one obtained from <code>keystone service-list</code>.  


* By default, the provider script will filter images without marketplace uri defined into the marketplace or vmcatcher_event_ad_mpuri property. If you want to list all the images templates (included local snapshots), set the variable 'require_marketplace_id: false' under 'compute' -> 'images' -> 'defaults' in the YAML configuration file.
*By default, the provider script will filter images without marketplace uri defined into the marketplace or vmcatcher_event_ad_mpuri property. If you want to list all the images templates (included local snapshots), set the variable 'require_marketplace_id: false' under 'compute' -&gt; 'images' -&gt; 'defaults' in the YAML configuration file.


== Create the provider ==
== Create the provider ==


* Create the file <code>/var/lib/bdii/gip/provider/cloud-info-provider</code> that calls the provider with the correct options for your site, for example:
*Create the file <code>/var/lib/bdii/gip/provider/cloud-info-provider</code> that calls the provider with the correct options for your site, for example:
<pre>
<pre>#!/bin/sh
#!/bin/sh


cloud-info-provider-service --yaml /etc/cloud-info-provider/openstack.yaml \
cloud-info-provider-service --yaml /etc/cloud-info-provider/openstack.yaml \
                             --middleware openstack \
                             --middleware openstack \
                             --os-username <username> --os-password <passwd> \
                             --os-username &lt;username&gt; --os-password &lt;passwd&gt; \
                             --os-tenant-name <tenant> --os-auth-url <url>
                             --os-tenant-name &lt;tenant&gt; --os-auth-url &lt;url&gt;
</pre>
</pre>  
* Give execution permission:
*Give execution permission:
 
  chmod +x /var/lib/bdii/gip/provider/cloud-info-provider
  chmod +x /var/lib/bdii/gip/provider/cloud-info-provider
* and test it:
 
*and test it:
 
  /var/lib/bdii/gip/provider/cloud-info-provider
  /var/lib/bdii/gip/provider/cloud-info-provider
* That should return the complete LDIF describing your site. Now you can start the bdii service
 
*That should return the complete LDIF describing your site. Now you can start the bdii service
 
  service bdii start
  service bdii start
* And check that the information is being published
ldapsearch -x -h localhost -p 2170 -b o=glue


== Add your resource BDII to the site-BDII ==
*And check that the information is being published


Information on how to set up your Site-BDII is available at [[MAN01 How to publish Site Information]]
ldapsearch -x -h localhost -p 2170 -b o=glue


Add your cloud-info-provider to your site-BDII by adding a new URL like this:
== Add your resource BDII to the site-BDII ==


ldap://<cloud-info-provier-hostname>:2170/GLUE2GroupID=cloud,o=glue
Add your cloud-info-provider to your site-BDII by adding a new URL like this:  


== Alternative: use your cloud-provider as site-BDII ==
ldap://&lt;cloud-info-provier-hostname&gt;:2170/GLUE2GroupID=cloud,o=glue


{{Template:Block-comment
Check how to set up your Site-BDII at [[MAN01 How to publish Site Information]] for information on how to add the URL.  
| name=Warning
| text=This configuration fails to publish GlueSchema 1.3 information! Your site will fail NAGIOS tests!
}}


If you don't have an existing site-BDII and you want to generate both the resource information and the site information with the cloud-bdii-provider you can add in the /var/lib/bdii/gip/provider/cloud-info-provider the <code>--full-bdii-info</code> option to the cloud-info-provider-service. The YAML file must contain all your site information as described in the templates.
[[Category:Operations_Manuals]]

Latest revision as of 13:36, 10 September 2021

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators
Alert.png This page is Deprecated; the content has been moved to https://docs.egi.eu/providers/cloud-compute/openstack/#egi-information-system


Purpose

This page provides instructions on how to configure the Federated Cloud Production resource-BDII.

Installation

Documentation and general installation guidelines for the cloud-info-provider are available at https://github.com/EGI-FCTF/cloud-bdii-provider

If you don't have already a BDII-site service in production, you will need to install also the bdii package (available in EPEL repo).

If you are using OpenStack as provider, you also need to install the python-novaclient package.

If you want to install from packages, here follow some guidelines.

RHEL/CentOS/ScientificLinux

wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/sl-6-x86_64.repo \
   -O /etc/yum.repos.d/cloud-info-provider.repo
  • Install the package
yum install cloud-info-provider-service

For Debian/Ubuntu 6/7/8

  • Add AppDB's repository:
sudo wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/ubuntu-precise-amd64.list \
        -O /etc/apt/sources.list.d/cloud-info-provider.list
  • Add AppDB key:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E2E992EB352D3E14
  • Install the package
sudo apt-get update
sudo apt-get install python-cloud-info-provider

Configuration

Use one of the template files in /etc/cloud-info-provider as basis for creating your own YAML file with the static information of your resources. E.g:

cp /etc/cloud-info-provider/sample.openstack.yaml /etc/cloud-info-provider/bdii.yaml

Each middleware has its own options to fetch the dynamic information, check the --help option for more information. Some additional notes are given in the following sections.

General

  • Site name will be fetched from site -> name in the template file. Set it to the name defined in GOCDB. Alternatively, the site name can be fetched from /etc/glite-info-static/site/site.cfg (or by the file set with the --glite-site-info-static option)

OpenNebula

  • Use the --middleware opennebularocci option to activate this provider
  • Use the sample.opennebularocci.yaml configuration sample. Change the following lines:
site:
    # Your site name, as in GODCB (if omitted or set to None, this value is
    # retreived from /etc/glite-info-static/site/site.cfg )
    #name: SITE_NAME
compute:
    # Total number of cores available
    total_cores: 0
    # Total RAM available (GB)
    total_ram: 0
    # Hypervisor name (e.g. KVM, Xen, etc.)
    hypervisor: Foo Hypervisor
    # Hypervisor version
    hypervisor_version: 0.0.0
    # ...
    # Middleware version
    middleware_version: 0.0
    endpoints:
        # ...

        # Host serving your Virtual Machine Management interface (rOCCI-server)
        https://cloud-service01.example.org:11443:
            endpoint_url: https://cloud-service01.example.org:11443
    # Images are retreived automatically by the endpoint
    images:
        defaults:
            #...
            # os_tpl schema prefix must match ROCCI_SERVER_OPENNEBULA_SCHEMA_NAMESPACE in rOCCI-server, only the host part
            schema: http://schemas.cloud-service01.example.org/occi/infrastructure/os_tpl
  • You need to specify connection parameters to the OpenNebula XML-RPC interface:
    • --on-auth parameter should contain the authorization parameters for an existing user with full read permissions on the image disks. If the user has been created with the core driver, this parameter shall be set to <username>:<password>.
    • --on-rpcxml-endpoint shall contain the address of the RPCv2 endpoint. Usually it is http://<hostname>:2633/RPC2. If not on a secure network, it is suggested to provide this interface via https, since the on-auth parameter will be sent in clear text to the server.
  • Compute templates can be gathered in two ways. One option does not preclude the other and the resulting templates will be the merge of the two.
    • directly from remote OpenNebula (with rOCCI-server installed and configured), by setting the --rocci-remote-templates flag
    • manually by placing them in the configuration file
  • With the --cloudkeeper-images flag, OS templates can be filtered so only the cloudkeeper ones are published.

OpenStack

  • Use the --middleware openstack option to activate this provider
  • The OpenStack provider uses python-novaclient (needs to be installed separately)
    • --os-username, --os-password, --auth-tenant-name, --os-auth-url, --os-cacert, --insecure options to the cloud-provider allow to set the connection parameters. Alternatively you can use environment variables (e.g. OS_USERNAME) as with other OpenStack clients
    • --insecure should not be used in production!
  • Be sure that keystone contains the OCCI endpoint, otherwise it will not be published by the BDII. You can check this via the command keystone service-list. To create a new service and endpoint, you can run
keystone service-create --name occi_api --type occi --description 'Nova OCCI Service'

keystone endpoint-create --service_id <service-id> --region RegionOne --publicurl http://$HOSTNAME:8787/ \
                                         --internalurl http://$HOSTNAME:8787/ --adminurl http://$HOSTNAME:8787/

where the service-id is the one obtained from keystone service-list.

  • By default, the provider script will filter images without marketplace uri defined into the marketplace or vmcatcher_event_ad_mpuri property. If you want to list all the images templates (included local snapshots), set the variable 'require_marketplace_id: false' under 'compute' -> 'images' -> 'defaults' in the YAML configuration file.

Create the provider

  • Create the file /var/lib/bdii/gip/provider/cloud-info-provider that calls the provider with the correct options for your site, for example:
#!/bin/sh

cloud-info-provider-service --yaml /etc/cloud-info-provider/openstack.yaml \
                            --middleware openstack \
                            --os-username <username> --os-password <passwd> \
                            --os-tenant-name <tenant> --os-auth-url <url>
  • Give execution permission:
chmod +x /var/lib/bdii/gip/provider/cloud-info-provider
  • and test it:
/var/lib/bdii/gip/provider/cloud-info-provider
  • That should return the complete LDIF describing your site. Now you can start the bdii service
service bdii start
  • And check that the information is being published
ldapsearch -x -h localhost -p 2170 -b o=glue

Add your resource BDII to the site-BDII

Add your cloud-info-provider to your site-BDII by adding a new URL like this:

ldap://<cloud-info-provier-hostname>:2170/GLUE2GroupID=cloud,o=glue

Check how to set up your Site-BDII at MAN01 How to publish Site Information for information on how to add the URL.