Project

General

Profile

Intro to FermiCloud

FermiCloud is a Infrastructure as a Service (IaaS) Cloud Computing facility at Fermilab. It is operated by the
Experimental Computing Facilities department of the Scientific Computing Facilities Quadrant of the
Scientific Computing Services Department at Fermilab. Steven Timm is the operations lead.
The Grid and Cloud Operations group manages the OpenNebula service and the hardware/OS support is
handled by the Scientific Server Infrastructure group.

Any problems should be referred to the "FermiCloud Support" group in ServiceNow, which contains members from both Grid and Cloud
Operations and Scientific Server Infrastructure.

The term "FermiCloud" also refers to the FermiCloud Project that built FermiCloud starting in 2010 and transferred it to operations as of
November of 2013. There are several subprojects of this redmine project which date from those times. Those are all now obsolete and the
code is no longer used.

Service Level

In its current form FermiCloud is operated on a Best Effort basis only.
We offer three basic VM services:

If your virtual machine has a need for regular pageable service desk support or professional system management services and is expected to be around for
a while then it probably should be hosted in GPCF/GPCF2.

FermiCloud downtimes usually happen on the third Thursday of the month in conjunction with the GPCF downtime.
We will attempt to notify a user before rebooting or migrating their VM but cannot promise this.
FermiCloud VM images are NOT BACKED UP.
FermiCloud home directories are NOT BACKED UP. Do not put anything in your home directory that you don't want
other VM's to read--especially grid certificates and private keys.

FermiCloud is based on OpenNebula.

FermiCloud User Documentation

List of FermiCloud static IP VM's and users

Cloud Projects Documentation

Documentation on the FermiCloud Project, now mostly historical, can be found at [[FermiCloud Project Web Page][http://fclweb.fnal.gov]]
Documentation on the new HEPCloud project can be found in FermiPoint [[HEPCloud Project FermiPoint Site][https://fermipoint.fnal.gov/project/fnalhcf/SitePages/Home.aspx]]
Documentation of the Fermilab Scientific Computing Division Cloud Program of Work, which incorporated several projects
and R+D activities including the FermiCloud Project, can be found at [Cloud Program Project Planning]. Site has been dormant of a year or so.

[[Cloud Program Project Planning][https://cdcvs.fnal.gov/redmine/projects/cloudprogramplanning]]

Operations Documentation

The OpenNebula service was previously managed by the Grid and Cloud Services Operations group. Their operational Wiki is here:

[[https://cdcvs.fnal.gov/redmine/projects/grid_and_cloud_computing_operations/wiki]]

We are gradually transferring all documentation that pertains to current OpenNebula service operations to
this wiki. Old OpenNebula 2 and 3 documentation will not be transferred.

**OpenNebula4 Operations

Web Server Policy

According to the [[Fermilab Policy on Computing][http://cd-docdb.fnal.gov/cgi-bin/RetrieveFile?docid=1186&filename=Fermilab_NEW_Policy_on_Computing_2013.htm]] any web server that is visible off the site of Fermilab must apply for approval to make that web service visible. Last year enforcement of this policy was extended from normal web ports 80 and 443 to all ports. At the moment, these exemptions are not granted for the dynamic-IP VM's of FermiCloud. Therefore if you have such a server running on FermiCloud you must use iptables to make it visible only on the site of Fermilab and use the Fermilab VPN to access it from off site. An example is below. There are a few of the static-ip virtual machines on FermiCloud that do have web server exemptions approved.

FAQ

Where is fermicloud web GUI?

http://fermicloud.fnal.gov You will need a valid KCA certificate loaded in your browser!
http://fclheadgpvm01.fnal.gov You will need a valid KCA certificate loaded in your browser!

Who can use FermiCloud?

Any registered employee, contractor, or visitor of Fermilab. Please see OpenNebula4 New User Quick Start Tutorial

How do I start using FermiCloud?

Start by taking a look at New User Quick Start Tutorial or OpenNebula4 New User Quick Start Tutorial

I have a problem with FermiCloud, how do I get support?

Open a ServiceDesk ticket at http://servicedesk.fnal.gov/
Ask them to assign it to "FermiCloud Support"

What Email lists are available for FermiCloud

All users are automatically added to the which is the official way that FermiCloud outages
are announced. Those who have general questions about FermiCloud may subscribe to the list.
both are listserv lists served off of listserv.fnal.gov. Three other lists, fermicloud-project, fermicloud-accounting-info, and fermicloud-security-discuss
are defunct.

My Fermicloud VM certificate expired, how do I get it updated?

Certificates are brought in the machine at boot time, reboot the VM and it will grab the new certificates by running the vmcontext (you can also try running it manually as root from the command line).

How to increase the number of cores or amount of memory of a virtual machine?

Starting for example from the CLI_DynamicIP_SLF6Vanilla template which is currently template number 5:
Execute the clone command, this will return an ID which you then update with "onetemplate update" as below.

onetemplate clone 5 mytemplate
ID: 137
onetemplate update 137

If the EDITOR variable is set correctly which it should be, this will bring up the template file.
To increase the number of CPU's change

VCPU="1" to VCPU="2" or 4 or whatever.

To increase the amount of memory change from

MEMORY="1900"
to however many megabytes of memory you need.

Then exit vi
and start the template with onetemplate instantiate 137

How to use iptables on an SL7 VM
the default firewall service in SL7 is "firewalld" however iptables can still be used as follows:
0) put the following content in /etc/sysconfig/iptables
[root@fermicloud006 ~]# more /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Wed Jun 26 15:40:08 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2515129:446733658]
-A INPUT -s 127.0.0.1/255.255.255.255 -j ACCEPT
-A INPUT -s 131.225.0.0/255.255.0.0 -p udp -j ACCEPT 
-A INPUT -s 131.225.0.0/255.255.0.0 -p tcp -j ACCEPT 
-A INPUT -j DROP

COMMIT

1) yum -y install iptables-services
2) systemctl mask firewalld
3) systemctl enable iptables
4) systemctl start iptables