Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

OpenNebula Backend

From EGIWiki
Jump to navigation Jump to search

The OpenNebula backend is bundled with rOCCI-server. Follow these steps to configure and activate it:

  1. Make sure OpenNebula is already installed and running in your environment. Otherwise it is highest time to install it. Note that installation of OpenNebula is beyond the scope of this Admin Guide. You may find useful some of the available OpenNebula Tutorials.
  2. Create a rocci account for the rOCCI-server backend in OpenNebula and make it a member of the oneadmin group: su - oneadmin oneuser create rocci '<actual_password_edited_out>' --driver server_cipher oneuser chgrp rocci oneadmin exit
  3. Edit Virtual Host configuration file /etc/apache2/sites-available/occi-ssl or /etc/httpd/conf.d/occi-ssl.conf, respectively, and change the following:
    1. attribute ROCCI_SERVER_BACKEND must be set to opennebula as shown: SetEnv ROCCI_SERVER_BACKEND opennebula Note: Do not confuse with attribute ROCCI_SERVER_BACKEND; that has another purpose.
    2. attribute ROCCI_SERVER_ONE_PASSWD must be set to give the password for the rocci user set up in the previous step: SetEnv ROCCI_SERVER_ONE_PASSWD <actual_password_edited_out>
    3. Server name attributes must be set to the rOCCI server's fully qualified domain name. Set ROCCI_SERVER_HOSTNAME and ServerName accordingly: ServerName rocci-server.example.com and SetEnv ROCCI_SERVER_HOSTNAME rocci-server.example.com Note: In case your rOCCI-server is not collocated with OpenNebula, these both need to point to the rOCCI-server. A different attribute is used to indicate the OpenNebula server.
  4. Restart the WebServer. You may skip this step if you are going to configure GridSite next.
    APT-based distributions (Debian, Ubuntu, …) RPM-based distributions (Scientific Linux, CentOS, …) 
    service apache2 restart

    service httpd restart
    Tested in Debian 7 Wheezy Tested in SL 6.5 Carbon

Use with GridSite and VOMS (optional)

As long as your site is a part of the EGI Federated Cloud infrastructure, or another infrastructure relying on Virtual Organization Management Services (VOMS), you also need to install the GridSite module for Apache.

  1. Choose repository to install from. GridSite is available from standard distribution repositories (EPEL, Debian) but not always in its most recent versions. EGI's UMD repository may be a better source, especially if you are a part of EGI.
    1. Installing from standard distro repositories:
      APT-based distributions (Debian, Ubuntu, …) RPM-based distributions (Scientific Linux, CentOS, …) 
      apt-get install -y gridsite

      rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
yum install -y gridsite
      Tested in Debian 7 Wheezy Tested in SL 6.5 Carbon
    2. Installing from UMD:
      APT-based distributions (Debian, Ubuntu, …) RPM-based distributions (Scientific Linux, CentOS, …)

      UMD is currently only available for Debian 6 Squeeze. If you cannot use the current GridSite version in Wheezy, and want a new one, contact GridSite developers. 

      rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
yum install -y yum-priorities yum-protectbase
rpm -ivh http://emisoft.web.cern.ch/emisoft/dist/EMI/3/sl6/x86_64/base/emi-release-3.0.0-2.el6.noarch.rpm
yum install -y gridsite
      Tested in Debian 7 Wheezy Tested in SL 6.5 Carbon
  2. Make sure mod_gridsite is loaded when WebServer starts. If you are installing in accordance with the previous step, it is already OK. Otherwise, you may need to add a config file (see example in /opt/rOCCI-server/examples/etc/apache2/mods-available/zgridsite.load) and enable the module.
  3. Activate GridSite in you Virtual Host's configuration file—/etc/apache2/sites-available/occi-ssl or /etc/httpd/conf.d/occi-ssl.conf, respectively.
    1. Add the following directives: 
       ## variables (and is needed for gridsite-admin.cgi to work.)
 GridSiteEnvs on 
 ## Nice GridSite directory listings (without truncating file names!)
 GridSiteIndexes off 
 ## If this is greater than zero, we will accept GSI Proxies for clients
 ## (full client certificates - eg inside web browsers - are always ok)
 GridSiteGSIProxyLimit 4 
 ## This directive allows authorized people to write/delete files
 ## from non-browser clients - eg with htcp(1)
 GridSiteMethods ""
    2. And change the value of the SSLVerifyClient attribute to require SSLVerifyClient require
    3. Extend SSLOptions attribute with option ExportCertData: SSLOptions +StdEnvVars +ExportCertData
  4. Make sure your VOMS settings are present, either in /etc/vomses or as .lsc files in the /etc/grid-security/vomsdir structure.
  5. Enable GridSite and restart the WebServer.
    APT-based distributions (Debian, Ubuntu, …) RPM-based distributions (Scientific Linux, CentOS, …) 
    a2enmod zgridsite
service apache2 restart

    service httpd restart
    Tested in Debian 7 Wheezy Tested in SL 6.5 Carbon
Retrieved from "https://wiki.egi.eu/w/index.php?title=OpenNebula_Backend&oldid=69885"