Project

General

Profile

OpenNebula4 New User Quick Start Tutorial

In order to be able to start Virtual Machines (VMs) in FermiCloud you should follow this steps (only once):

1. Create FermiCloud account

It is necessary to apply for an account to use FermiCloud, any registered employee, contractor, or visitor of Fermilab can do this.

New request should be submited via the Service Desk. Request FermiCloud Account

You will be able to instantiate, delete and monitor VMs from both the SSH command line and the web GUI.

Note if you do not currently have a user, contractor, or employee ID at Fermilab you need to request a off-site Fermilab ID number first

https://fermi.service-now.com/new_acct_request.do
For affiliated institution select "Computing Division". For contact list Steven Timm.
More instructions can be found at https://fermi.service-now.com/kb_view.do?sysparm_article=KB0010797

2. SSH in FermiCloud and start a test VM

1. Get a valid kerberos ticket and ssh in fcluigpvm01.fnal.gov.

HINT: you should be forwarding your kerberos ticket (this is client SSH setup). Some useful links if you have trouble with this here: http://fermigrid.fnal.gov/windows-access.html and here:http://kb.mit.edu/confluence/pages/viewpage.action?pageId=4259969
(fermicloudui.fnal.gov is an RRDNS pair that comprises fcluigpvm01.fnal.gov and fcluigpvm02.fnal.gov, both of which can be logged into individually).

2. Run 'onetemplate list'.

If you had something in your login script previously that sourced user.sh you should not do that anymore.
There is a system login script that automatically puts all commands into your PATH and
makes your temporary credential.

This is what you should run:

ssh $USER@fcluigpvm01.fnal.gov
onetemplate list 

This is approximately what you should see:


 timm$ ssh -l timm fcluigpvm01.fnal.gov
Service kx509/certificate
 issuer= /DC=gov/DC=fnal/O=Fermilab/OU=Certificate Authorities/CN=Kerberized CA HSM
 subject= /DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Steven C. Timm/CN=UID:timm
 serial=03082689
 hash=bbfb9173
export ONE_AUTH=/tmp/2904/.one/one_x509
-bash-4.1$ onetemplate list
  ID USER            GROUP           NAME                                REGTIME
   0 oneadmin        oneadmin        EC2_PRIV_1CPU                12/29 15:53:42
   2 oneadmin        oneadmin        CLI_PRIV_SLF6_PRVM_GWMS      12/31 09:05:10
   3 oneadmin        oneadmin        EC2_PRIV_4CPU                01/02 11:35:13
   4 oneadmin        oneadmin        CLI_PRIV_SLF6Vanilla         01/02 12:10:55
   5 oneadmin        oneadmin        CLI_DynamicIP_SLF6Vanilla    02/13 11:27:05
   7 oneadmin        oneadmin        CLI_POOL_IPV6_SLF6Vanilla    02/20 10:53:18
  45 oneadmin        oneadmin        EC2_PUBL_4CPU                03/01 17:37:16
  46 oneadmin        oneadmin        EC2_PUBL_1CPU                03/01 17:39:49
  73 oneadmin        oneadmin        CLI_POOL_IPV6_SLF6_HOME      03/17 20:36:49

Note that the login is making you a token that has an expiration date of
one hour. If the "onetemplate list" command used to work and then quits working, the
token has expired. Log out and log back in.

3. Start a SLF6 VM, name it '$USER test VM', then check if it's online:

This is what you should run:

onetemplate instantiate "CLI_DynamicIP_SLF6Vanilla" --name "$USER test VM" 
onevm list
sleep 100
one_check-pingVMs.sh

You should see something like:

-bash-4.1$ onetemplate instantiate "CLI_DynamicIP_SLF6Vanilla" --name "$USER test VM" 
VM ID: 1668
-bash-4.1$ onevm list
    ID USER     GROUP    NAME            STAT UCPU    UMEM HOST             TIME
  1668 timm     users    timm test VM    pend    0      0K              0d 00h00

-bash-4.1$ one_check-pingVMs.sh 
+OK - Pingable VMs (1/1):
       timm  users    timm test  runn   2      2G          fcl412 00 01:37:40    fermicloud032.fnal.gov.

-bash-4.1$ 

From the output you can see that VM ID 1668 is owned by user timm, it's running on a host named fcl412 and it's hostname is 'fermicloud032.fnal.gov'.

The VM ID is unique, VM ID 1668 will be only this VM and once it is removed no other VM will reuse this ID. The hostname of the VM (fermicloud032.fnal.gov) will not change for the lifetime of the VM, but after you remove the VM the hostname gets reused.

4. Let's try to SSH in the freshly created VM, you are root in this machine and from now on you will be the admin.

ssh root@fermicloudO32.fnal.gov

At this point you could do whatever you need to do with the VM (eg: software testing)

5. Cleanup. Now that you are done with the VM, it is time to remove it. SSH in fcluigpvm01.fnal.gov and use 'onevm delete $ID' or 'onevm shutdown $ID' to remove the VM.

-bash-4.1$ onevm delete 1668
Are you really sure you want to delete this VM? Type a Capital Y
Y
You seem sure, we proceed
-bash-4.1$ onevm list | grep  1668
-bash-4.1$ 

For the standard type of VMs that you get from FermiCloud both 'onevm delete' (hard stop + delete) and a 'onevm shutdown' (ordered shutdown + delete) will completely remove them.
You can only remove your own VMs.

3. Open the web GUI and start a test VM

1. Get a valid Kerberos certificate loaded in your web browser (eg: firefox). You can find instructions here http://computing.fnal.gov/authentication/kca/
2. Open this link from your web browser: http://fermicloud.fnal.gov
3. Click on 'Virtual Machines' from the left menu, here you will see are your VMs.
4. To create a new VM click on the upper left button labeled '+New'. A new form will pop up, here you should type a name for you to identify the VM, select a template and the number of VMs to create. Hit the Create button.
5. If the page does not self-refresh hit the refresh button (by the +New button). Once you see your new VM you can proceed to delete it using the Delete button at the upper right corner.

Now you're ready to use FermiCloud! For more details and VM flavours please take a look at the OpenNebula4 Quick User Guide