Project

General

Profile

Wiki » History » Version 10

Version 9 (Parag Mhashilkar, 09/02/2011 01:51 PM) → Version 10/11 (Parag Mhashilkar, 09/02/2011 01:52 PM)

h1. Documentation

{{toc}} toc.

h2. Creating a IFGridftpServerBase Image

OpenNebula specification file used for Base Image creation is as follows

<pre>
NAME = IFGridftpServerBase
CPU = 1
VCPU = 2
MEMORY = 4096

DISK = [
source = /cloud/images/OpenNebula/images/current-image.img,
save = yes,
target = vda,
bus = virtio,
persistent = yes,
readonly = no
]

DISK = [
type = swap,
size = 4096,
target = vdb ]

NIC = [ NETWORK = "FermiCloud" ]

FEATURES=[ acpi="no" ]

GRAPHICS = [
type = "vnc",
listen = "127.0.0.1",
port = "-1",
autoport = "yes",
keymap = "en-us"]

CONTEXT = [
ip_public = "$NIC[IP, NETWORK=\"FermiCloud\"]",
hostname = "if-gridftp-base.fnal.gov",
netmask = "255.255.254.0",
gateway = "131.225.154.1",
ns = "131.225.8.120",
files = "/cloud/images/OpenNebula/templates/init.sh /home/parag/OpenNebula/cedps/k5login",
target = "hdc",
root_pubkey = "id_dsa.pub",
username = "opennebula",
user_pubkey = "id_dsa.pub"
]

REQUIREMENTS = "HYPERVISOR=\"kvm\""

</pre>

Launch a new VM with dynamic IP address.

<pre>
[parag@fcl002 cedps]$ onevm create IFGridftpServerBase.one

# Once the VM is running login into the VM from same of different machine
[parag@cd-109337 ~]$ ssh root@131.225.154.59

# Stop and Disable ypbind
[root@fermicloud002 ~]# service ypbind stop
Shutting down NIS services: [ OK ]
[root@fermicloud002 ~]# chkconfig --list| grep ypbind
ypbind 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@fermicloud002 ~]# chkconfig ypbind off
[root@fermicloud002 ~]# chkconfig --list| grep ypbind
ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off

# Make the experiment disks available without ypbind
[root@fermicloud002 etc]# scp root@fcl002:/etc/auto.* /etc/
[root@fermicloud002 etc]# service autofs stop
Stopping automount: [ OK ]
[root@fermicloud002 etc]# service autofs start
Starting automount: [ OK ]

# Check that experiment areas are available without ypbind
[root@fermicloud002 etc]# ls -la /minos/app

# Install pacman & VDT
[root@fermicloud002 etc]# cd /usr/local/
[root@fermicloud002 pacman-3.29]# tar xzf /tmp/pacman-latest.tar.gz
[root@fermicloud002 local]# cd pacman-3.29/
[root@fermicloud002 pacman-3.29]# source ./setup.sh
[root@fermicloud002 etc]# cd /usr/local/
[root@fermicloud002 local]# mkdir /usr/local/vdt-2.0.99
[root@fermicloud002 local]# ln -s /usr/local/vdt-2.0.99 /usr/local/vdt
[root@fermicloud002 local]# cd /usr/local/vdt-2.0.99/
[root@fermicloud002 vdt-2.0.99]# pacman -get http://vdt.cs.wisc.edu/vdt_200_cache:EDG-Make-Gridmap \
http://vdt.cs.wisc.edu/vdt_200_cache:CA-Certificates-Updater \
http://vdt.cs.wisc.edu/vdt_200_cache:CA-Certificates \
http://vdt.cs.wisc.edu/vdt_200_cache:Fetch-CRL
http://vdt.cs.wisc.edu/vdt_200_cache:Configure-Fetch-CRL \
http://vdt.cs.wisc.edu/vdt_200_cache:VOMS-Client \
http://vdt.cs.wisc.edu/vdt_200_cache:Globus-Base-Data-Server \
http://vdt.cs.wisc.edu/vdt_200_cache:EDG-Make-Gridmap
Do you want to add [http://vdt.cs.wisc.edu/vdt_200_cache] to [trusted.caches]? (y/n/yall): yall

# Setup CA Certificates and other required VDT services
[root@fermicloud002 vdt-2.0.99]# source /usr/local/vdt/setup.sh

# Change $VDT_LOCATION/vdt-app-data/vdt-update-certs/vdt-update-certs.conf to enable OSG CA Certs
[root@fermicloud002 vdt-2.0.99]# vi $VDT_LOCATION/vdt-app-data/vdt-update-certs/vdt-update-certs.conf
[root@fermicloud002 vdt-2.0.99]# vdt-setup-ca-certificates --certs-dir /usr/local/vdt-2.0.99/

# Make sure Host certs and keys are in place
[root@fermicloud002 vdt-2.0.99]# ls -la /etc/grid-security/

# First make sure that /etc/services do not have gsiftp service. If it does remove it
[root@fermicloud002 vdt-2.0.99]# vi /etc/services

# Enable VDT Services
[root@fermicloud002 vdt-2.0.99]# vdt-control --list
Service | Type | Desired State
------------------------+--------+--------------
fetch-crl | cron | do not enable
vdt-rotate-logs | cron | do not enable
vdt-update-certs | cron | do not enable
gsiftp | inetd | do not enable

[root@fermicloud002 vdt-2.0.99]# vdt-control --enable fetch-crl vdt-rotate-logs vdt-update-certs gsiftp
running 'vdt-register-service --name fetch-crl --enable'... ok
running 'vdt-register-service --name vdt-rotate-logs --enable'... ok
running 'vdt-register-service --name vdt-update-certs --enable'... ok
running 'vdt-register-service --name gsiftp --enable'... ok

[root@fermicloud002 vdt-2.0.99]# vdt-control --on
enabling cron service vdt-rotate-logs... ok
enabling inetd service gsiftp... ok
enabling cron service vdt-update-certs... ok
enabling cron service fetch-crl... ok

# Download & Install the if-gridftp-authz-tools available from the Files section of the twiki
[root@fermicloud002 log]# cd /opt/
[root@fermicloud002 opt]wget https://cdcvs.fnal.gov/redmine/attachments/download/5156/if-gridftp-authz-tools-v0.1.tgz
[root@fermicloud002 opt]# tar xzf if-gridftp-authz-tools-v0.1.tgz
[root@fermicloud002 opt]# mkdir if-gridftp-authz-tools/log
</pre>