Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "HOWTO15 How to configure the Federated Cloud BDII"

From EGIWiki
Jump to navigation Jump to search
(34 intermediate revisions by 6 users not shown)
Line 1: Line 1:
[[Category: Technology ]]
{{Template:Op menubar}} {{Template:Doc_menubar}} {{TOC_right}}
[[Category: Fedcloud-tf]]
= Purpose =
This page provides instructions on how to configure the Federated Cloud Production BDII.


= Installation guide =
= Purpose  =


== Pre-requisites ==
This page provides instructions on how to configure the Federated Cloud Production resource-BDII.  
This guide has the following pre-requisites:
* Site-BDII, with support to GLUE2 schema specifications. If you do not have already a site BDII installed from EMI or UMD you can follow the installation guide below
* Python 2.2.x


== Install Site-BDII ==
= Installation  =
If you have already a production BDII (eg. for existing Grid or storage resources), you can skip this step. Otherwise, here is a quick guide on how to install and configure a site BDII:


# Install UMD repository according to the instructions here: http://repository.egi.eu/category/umd_releases/distribution/umd-3/
Documentation and general installation guidelines for the cloud-info-provider are available at https://github.com/EGI-FCTF/cloud-bdii-provider
# Install Site-BDII packages: <code>yum install bdii bdii-config-site</code>
# Edit the file <code>/etc/glite-info-static/site/site.cfg</code> with your site information
# Start the BDII service: <code>service bdii start; chkconfig bdii on</code>
# Configure your GOCDB site information the 'GIIS URL' with the address of your site BDII and the base schema, (eg: ldap://prisma-cloud.ba.infn.it:2170/GLUE2DomainID=PRISMA-INFN-BARI,o=glue )


== Install the cloud resource provider script ==
If you don't have already a BDII-site service in production, you will need to install also the <code>bdii</code> package (available in EPEL repo).  
For filling the BDII with the cloud resource information, you need to install the cloud resource provider script.


=== For RHEL/CentOS/ScientifcLinux 6.x ===
If you are using OpenStack as provider, you also need to install the <code>python-novaclient</code> package.
#Install EPEL (follow instructions [https://fedoraproject.org/wiki/EPEL here])
#Install cloud provider script via RPM
yum localinstall http://github.com/EGI-FCTF/BDIIscripts/raw/master/rpm/cloud-info-provider-service-0.2-1.el6.noarch.rpm


=== For other OSes (Install from sources) ===
If you want to install from packages, here follow some guidelines.


git clone http://github.com/EGI-FCTF/BDIIscripts/
== RHEL/CentOS/ScientificLinux ==
cd BDIIscripts
  pip install -e .


= Configuration guide =
*Add EPEL repository according to the instructions at https://fedoraproject.org/wiki/EPEL
*Add the cloud-info-provider repository to yum:


== Configure middleware backend ==
wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/sl-6-x86_64.repo \
The cloud provider script information is retrieved partially from a static configuration file and partially from the cloud middleware directly. Thus, the configuration depends on which middleware you have installed.
    -O /etc/yum.repos.d/cloud-info-provider.repo


=== OpenNebula ===
*Install the package
''NOTE:'' This is a pure OpenNebula installation. If you have installed OpenNebula via rOCCI, refer to the [[#OpenNebula via rOCCI|OpenNebula via rOCCI]] guide.


* Copy the sample provider configuration file to the default software configuration file
  yum install cloud-info-provider-service
  cp /opt/cloud-info-provider/etc/sample.opennebula.yaml /opt/cloud-info-provider/etc/bdii.yaml
* Edit the <code>/opt/cloud-info-provider/etc/bdii.yaml</code> configuration, setting up the site permanent information and the OpenNebula connection information. Most of the information to be provider is self explanatory or specified in the comments. Below there is a set of notes who can be relevant during the configuration.


''Configuration notes:''
== For Debian/Ubuntu 6/7/8  ==
* Keep always full_bdii_ldif set to False
* You need to specify connection parameters to the OpenNebula XML-RPC interface. ''on_auth'' should contain the authorization parameters for an existing user with full read permissions on the image disks. If the user has been created with the ''core'' driver, this parameter shall be set to ''<username>:<password>''. ''on_rpcxml_endpoint'' shall contain the address of the RPCv2 endpoint. Usually it is ''http://myipaddress:2633/RPC2'' . If not on a secure network, it is suggested to provide this interface via https, since the on_auth parameter will be sent in clear text to the server.
* ''site'' parameters can be left commented, since they will be automatically retreived from the ''/etc/glite-info-static/site/site.cfg'' configuration file
* Compute templates can be ignored, since OpenNebula has no concept of resource flavours
* Object storage services (STorage-as-a-service) can be set statically. As they are not provided by OpenNebula, they can be ignored or set to the ones provided by other middleware.


=== OpenNebula via rOCCI ===
*Add AppDB's repository:


* Copy the sample provider configuration file to the default software configuration file
  sudo wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/ubuntu-precise-amd64.list \
  cp /opt/cloud-info-provider/etc/sample.opennebularocci.yaml /opt/cloud-info-provider/etc/bdii.yaml
        -O /etc/apt/sources.list.d/cloud-info-provider.list
* Edit the ''/opt/cloud-info-provider/etc/bdii.yaml'' configuration, setting up the site permanent information and the OpenStack connection information. Most of the information to be provider is self explanatory or specified in the comments. Below there is a set of notes who can be relevant during the configuration.


''Configuration notes:''
*Add AppDB key:
* Keep always full_bdii_ldif set to False
* You need to specify connection parameters to the OpenStack interface. ''on_auth'' should contain the authorization parameters for an existing user with full read permissions on the image disks. If the user has been created with the ''core'' driver, this parameter shall be set to ''<username>:<password>''. ''on_rpcxml_endpoint'' shall contain the address of the RPCv2 endpoint. Usually it is ''http://myipaddress:2633/RPC2'' . If not on a secure network, it is suggested to provide this interface via https, since the on_auth parameter will be sent in clear text to the server.
* ''site'' parameters can be left commented, since they will be automatically retreived from the ''/etc/glite-info-static/site/site.cfg'' configuration file
* Compute templates can be gathered in two ways: directly from rOCCI configuration, by setting up the ''template_dir'' parameter to the rOCCI configuration folder or manually by placing them in the configuration file. One option does not preclude the other and the resulting templates will be the merge of the two.
* Images are retrieved from the OpenNebula templates, to mimic the behavior of rOCCI.
* Object storage services (STorage-as-a-service) can be set statically. As they are not provided by OpenNebula, they can be ignored or set to the ones provided by other middleware.


=== OpenStack ===
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E2E992EB352D3E14


* Install the Nova Python SDK (needed by the OpenStack driver). You should have packages for that. In RHEL, they are provided by EPEL and you can install them via
*Install the package
yum install -y python-novaclient


* Copy the sample provider configuration file to the default software configuration file
sudo apt-get update
  cp /opt/cloud-info-provider/etc/sample.openstack.yaml /opt/cloud-info-provider/etc/bdii.yaml
  sudo apt-get install python-cloud-info-provider
* Edit the <code>/opt/cloud-info-provider/etc/bdii.yaml</code> configuration, setting up the site permanent information and the OpenStack connection information. Most of the information to be provider is self explanatory or specified in the file comments. Below there is a set of notes who can be relevant during the configuration.


''Configuration notes:''
= Configuration =
* Keep always full_bdii_ldif set to False
* You need to specify connection parameters to the OpenStack Auth service (Keystone). OpenStack will then get the API endpoints from Keystone.
* Be sure that keystone contains the OCCI endpoint, otherwise it will not be published by the BDII. You can check this via the command <code>keystone service-list</code>. To create a new service and endpoint, you can run <code>keystone service-create --name nova --type occi --description 'Nova OCCI Service'</code> and then <code>keystone endpoint-create --service_id 8e6de5d0d7624584bed6bec9bef7c9e0 --region RegionOne --publicurl http://$HOSTNAME:8787/ --internalurl http://$HOSTNAME:8787/ --adminurl http://$HOSTNAME:8787/</code> where the ''service_id'' is the one obtained from <code>keystone service-list</code>
* In production environments, it is recommended to set the ''insecure'' parameter in the options to ''False'' and uncomment the ''os_cacert''
* ''site'' parameters can be left commented, since they will be automatically retreived from the ''/etc/glite-info-static/site/site.cfg'' configuration file


=== Other ===
Use one of the template files in <code>/etc/cloud-info-provider</code> as basis for creating your own YAML file with the static information of your resources. E.g:  
For all the other middleware, you can setup all the middleware information statically. To do so:


* Copy the sample provider configuration file to the default software configuration file
  cp /etc/cloud-info-provider/sample.openstack.yaml /etc/cloud-info-provider/bdii.yaml
  cp /opt/cloud-info-provider/etc/sample.static.yaml /opt/cloud-info-provider/etc/bdii.yaml
* Edit the <code>/opt/cloud-info-provider/etc/bdii.yaml</code> configuration, setting up all the site compute and storage resource information. Most of the information to be provider is self explanatory or specified in the comments. Below there is a set of notes who can be relevant during the configuration.


''Configuration notes:''
Each middleware has its own options to fetch the dynamic information, check the <code>--help</code> option for more information. Some additional notes are given in the following sections.  
* Keep always full_bdii_ldif set to False
* ''site'' parameters can be left commented, since they will be automatically retreived from the ''/etc/glite-info-static/site/site.cfg'' configuration file


== Test configuration ==
== General  ==
Run manually the cloud-provider script and check that the output is correctly imported into the BDII. To do so, execute


/usr/bin/cloud-info-provider-service > cloud-ldif.ldif
*Site name will be fetched from <code>site</code> -&gt; <code>name</code> in the template file. Set it to the name defined in GOCDB. Alternatively, the site name can be fetched from /etc/glite-info-static/site/site.cfg (or by the file set with the --glite-site-info-static option)


Then open the cloud-ldif.ldif fiel and check that no error is present. Then, import the data into the LDAP via
== OpenNebula ==


ldapdelete -H ldap://full.hostname:2170 'GLUE2GroupID=cloud,GLUE2DomainID=<your site>,o=glue' -D 'your LDAP admin DN' -W
*Use the <code>--middleware opennebularocci</code> option to activate this provider
ldapadd -f cloud-ldif.ldif -H ldap://full.hostname:2170 -D 'your LDAP admin DN' -W


and check that the cloud data has been successfully added via
*Use the <code>sample.opennebularocci.yaml</code> configuration sample. Change the following lines:
<pre>
site:
    # Your site name, as in GODCB (if omitted or set to None, this value is
    # retreived from /etc/glite-info-static/site/site.cfg )
    #name: SITE_NAME
</pre>
<pre>
compute:
    # Total number of cores available
    total_cores: 0
    # Total RAM available (GB)
    total_ram: 0
    # Hypervisor name (e.g. KVM, Xen, etc.)
    hypervisor: Foo Hypervisor
    # Hypervisor version
    hypervisor_version: 0.0.0
    # ...
    # Middleware version
    middleware_version: 0.0
</pre>
<pre>
    endpoints:
        # ...


ldapsearch -x -H ldap://full.hostname:2170 -b 'GLUE2GroupID=cloud,GLUE2DomainID=<your site>,o=glue'
        # Host serving your Virtual Machine Management interface (rOCCI-server)
        https://cloud-service01.example.org:11443:
            endpoint_url: https://cloud-service01.example.org:11443
</pre>
<pre>
    # Images are retreived automatically by the endpoint
    images:
        defaults:
            #...
            # os_tpl schema prefix must match ROCCI_SERVER_OPENNEBULA_SCHEMA_NAMESPACE in rOCCI-server, only the host part
            schema: http://schemas.cloud-service01.example.org/occi/infrastructure/os_tpl
</pre>


== Enable provider ==
*You need to specify connection parameters to the OpenNebula XML-RPC interface:
To enable the provider, just link the executable to the BDII provider directory (as default: <code>/var/lib/bdii/gip/provider/</code> or the BDII_PROVIDER_DIR  path set into <code>/etc/bdii/bdii.conf</code>)
**<code>--on-auth</code> parameter should contain the authorization parameters for an existing user with full read permissions on the image disks. If the user has been created with the <code>core</code> driver, this parameter shall be set to <code>&lt;username&gt;:&lt;password&gt;</code>.
**<code>--on-rpcxml-endpoint</code> shall contain the address of the RPCv2 endpoint. Usually it is <code><nowiki>http://<hostname>:2633/RPC2</nowiki></code>. If not on a secure network, it is suggested to provide this interface via https, since the <code>on-auth</code> parameter will be sent in clear text to the server.


  ln -fs /usr/bin/cloud-info-provider-service /var/lib/bdii/gip/provider/
*Compute templates can be gathered in two ways. One option does not preclude the other and the resulting templates will be the merge of the two.
**directly from remote OpenNebula (with rOCCI-server installed and configured), by setting the <code>--rocci-remote-templates</code> flag
**manually by placing them in the configuration file
 
*With the <code>--cloudkeeper-images</code> flag, OS templates can be filtered so only the cloudkeeper ones are published.
 
== OpenStack  ==
 
*Use the <code>--middleware openstack</code> option to activate this provider
 
*The OpenStack provider uses python-novaclient (needs to be installed separately)
**<code>--os-username</code>, <code>--os-password</code>, <code>--auth-tenant-name</code>, <code>--os-auth-url</code>, <code>--os-cacert</code>, <code>--insecure</code> options to the cloud-provider allow to set the connection parameters. Alternatively you can use environment variables (e.g. <code>OS_USERNAME</code>) as with other OpenStack clients
**<code>--insecure</code> should not be used in production!
 
*Be sure that keystone contains the OCCI endpoint, otherwise it will not be published by the BDII. You can check this via the command <code>keystone service-list</code>. To create a new service and endpoint, you can run
<pre>keystone service-create --name occi_api --type occi --description 'Nova OCCI Service'
 
keystone endpoint-create --service_id &lt;service-id&gt; --region RegionOne --publicurl http://$HOSTNAME:8787/ \
                                        --internalurl http://$HOSTNAME:8787/ --adminurl http://$HOSTNAME:8787/
</pre>
where the ''service-id'' is the one obtained from <code>keystone service-list</code>.
 
*By default, the provider script will filter images without marketplace uri defined into the marketplace or vmcatcher_event_ad_mpuri property. If you want to list all the images templates (included local snapshots), set the variable 'require_marketplace_id: false' under 'compute' -&gt; 'images' -&gt; 'defaults' in the YAML configuration file.
 
== Create the provider ==
 
*Create the file <code>/var/lib/bdii/gip/provider/cloud-info-provider</code> that calls the provider with the correct options for your site, for example:
<pre>#!/bin/sh
 
cloud-info-provider-service --yaml /etc/cloud-info-provider/openstack.yaml \
                            --middleware openstack \
                            --os-username &lt;username&gt; --os-password &lt;passwd&gt; \
                            --os-tenant-name &lt;tenant&gt; --os-auth-url &lt;url&gt;
</pre>
*Give execution permission:
 
chmod +x /var/lib/bdii/gip/provider/cloud-info-provider
 
*and test it:
 
/var/lib/bdii/gip/provider/cloud-info-provider
 
*That should return the complete LDIF describing your site. Now you can start the bdii service
 
service bdii start
 
*And check that the information is being published
 
ldapsearch -x -h localhost -p 2170 -b o=glue
 
== Add your resource BDII to the site-BDII  ==
 
Add your cloud-info-provider to your site-BDII by adding a new URL like this:
 
ldap://&lt;cloud-info-provier-hostname&gt;:2170/GLUE2GroupID=cloud,o=glue
 
Check how to set up your Site-BDII at [[MAN01 How to publish Site Information]] for information on how to add the URL.
 
[[Category:Operations_Manuals]]

Revision as of 12:36, 11 October 2017

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators



Purpose

This page provides instructions on how to configure the Federated Cloud Production resource-BDII.

Installation

Documentation and general installation guidelines for the cloud-info-provider are available at https://github.com/EGI-FCTF/cloud-bdii-provider

If you don't have already a BDII-site service in production, you will need to install also the bdii package (available in EPEL repo).

If you are using OpenStack as provider, you also need to install the python-novaclient package.

If you want to install from packages, here follow some guidelines.

RHEL/CentOS/ScientificLinux

wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/sl-6-x86_64.repo \
   -O /etc/yum.repos.d/cloud-info-provider.repo
  • Install the package
yum install cloud-info-provider-service

For Debian/Ubuntu 6/7/8

  • Add AppDB's repository:
sudo wget http://repository.egi.eu/community/software/cloud.info.provider/0.x/releases/repofiles/ubuntu-precise-amd64.list \
        -O /etc/apt/sources.list.d/cloud-info-provider.list
  • Add AppDB key:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E2E992EB352D3E14
  • Install the package
sudo apt-get update
sudo apt-get install python-cloud-info-provider

Configuration

Use one of the template files in /etc/cloud-info-provider as basis for creating your own YAML file with the static information of your resources. E.g:

cp /etc/cloud-info-provider/sample.openstack.yaml /etc/cloud-info-provider/bdii.yaml

Each middleware has its own options to fetch the dynamic information, check the --help option for more information. Some additional notes are given in the following sections.

General

  • Site name will be fetched from site -> name in the template file. Set it to the name defined in GOCDB. Alternatively, the site name can be fetched from /etc/glite-info-static/site/site.cfg (or by the file set with the --glite-site-info-static option)

OpenNebula

  • Use the --middleware opennebularocci option to activate this provider
  • Use the sample.opennebularocci.yaml configuration sample. Change the following lines:
site:
    # Your site name, as in GODCB (if omitted or set to None, this value is
    # retreived from /etc/glite-info-static/site/site.cfg )
    #name: SITE_NAME
compute:
    # Total number of cores available
    total_cores: 0
    # Total RAM available (GB)
    total_ram: 0
    # Hypervisor name (e.g. KVM, Xen, etc.)
    hypervisor: Foo Hypervisor
    # Hypervisor version
    hypervisor_version: 0.0.0
    # ...
    # Middleware version
    middleware_version: 0.0
    endpoints:
        # ...

        # Host serving your Virtual Machine Management interface (rOCCI-server)
        https://cloud-service01.example.org:11443:
            endpoint_url: https://cloud-service01.example.org:11443
    # Images are retreived automatically by the endpoint
    images:
        defaults:
            #...
            # os_tpl schema prefix must match ROCCI_SERVER_OPENNEBULA_SCHEMA_NAMESPACE in rOCCI-server, only the host part
            schema: http://schemas.cloud-service01.example.org/occi/infrastructure/os_tpl
  • You need to specify connection parameters to the OpenNebula XML-RPC interface:
    • --on-auth parameter should contain the authorization parameters for an existing user with full read permissions on the image disks. If the user has been created with the core driver, this parameter shall be set to <username>:<password>.
    • --on-rpcxml-endpoint shall contain the address of the RPCv2 endpoint. Usually it is http://<hostname>:2633/RPC2. If not on a secure network, it is suggested to provide this interface via https, since the on-auth parameter will be sent in clear text to the server.
  • Compute templates can be gathered in two ways. One option does not preclude the other and the resulting templates will be the merge of the two.
    • directly from remote OpenNebula (with rOCCI-server installed and configured), by setting the --rocci-remote-templates flag
    • manually by placing them in the configuration file
  • With the --cloudkeeper-images flag, OS templates can be filtered so only the cloudkeeper ones are published.

OpenStack

  • Use the --middleware openstack option to activate this provider
  • The OpenStack provider uses python-novaclient (needs to be installed separately)
    • --os-username, --os-password, --auth-tenant-name, --os-auth-url, --os-cacert, --insecure options to the cloud-provider allow to set the connection parameters. Alternatively you can use environment variables (e.g. OS_USERNAME) as with other OpenStack clients
    • --insecure should not be used in production!
  • Be sure that keystone contains the OCCI endpoint, otherwise it will not be published by the BDII. You can check this via the command keystone service-list. To create a new service and endpoint, you can run
keystone service-create --name occi_api --type occi --description 'Nova OCCI Service'

keystone endpoint-create --service_id <service-id> --region RegionOne --publicurl http://$HOSTNAME:8787/ \
                                         --internalurl http://$HOSTNAME:8787/ --adminurl http://$HOSTNAME:8787/

where the service-id is the one obtained from keystone service-list.

  • By default, the provider script will filter images without marketplace uri defined into the marketplace or vmcatcher_event_ad_mpuri property. If you want to list all the images templates (included local snapshots), set the variable 'require_marketplace_id: false' under 'compute' -> 'images' -> 'defaults' in the YAML configuration file.

Create the provider

  • Create the file /var/lib/bdii/gip/provider/cloud-info-provider that calls the provider with the correct options for your site, for example:
#!/bin/sh

cloud-info-provider-service --yaml /etc/cloud-info-provider/openstack.yaml \
                            --middleware openstack \
                            --os-username <username> --os-password <passwd> \
                            --os-tenant-name <tenant> --os-auth-url <url>
  • Give execution permission:
chmod +x /var/lib/bdii/gip/provider/cloud-info-provider
  • and test it:
/var/lib/bdii/gip/provider/cloud-info-provider
  • That should return the complete LDIF describing your site. Now you can start the bdii service
service bdii start
  • And check that the information is being published
ldapsearch -x -h localhost -p 2170 -b o=glue

Add your resource BDII to the site-BDII

Add your cloud-info-provider to your site-BDII by adding a new URL like this:

ldap://<cloud-info-provier-hostname>:2170/GLUE2GroupID=cloud,o=glue

Check how to set up your Site-BDII at MAN01 How to publish Site Information for information on how to add the URL.