Project

General

Profile

Wiki » History » Version 11

Parag Mhashilkar, 09/02/2011 02:13 PM

1 10 Parag Mhashilkar
{{toc}}
2 9 Parag Mhashilkar
3 1 Parag Mhashilkar
h2. Creating a IFGridftpServerBase Image
4 1 Parag Mhashilkar
5 2 Parag Mhashilkar
OpenNebula specification file used for Base Image creation is as follows
6 2 Parag Mhashilkar
7 2 Parag Mhashilkar
<pre>
8 2 Parag Mhashilkar
NAME   = IFGridftpServerBase
9 2 Parag Mhashilkar
CPU    = 1
10 2 Parag Mhashilkar
VCPU   = 2
11 4 Parag Mhashilkar
MEMORY = 4096
12 2 Parag Mhashilkar
13 2 Parag Mhashilkar
DISK   = [
14 2 Parag Mhashilkar
           source   = /cloud/images/OpenNebula/images/current-image.img,
15 2 Parag Mhashilkar
           save     = yes,
16 2 Parag Mhashilkar
           target   = vda,
17 2 Parag Mhashilkar
           bus = virtio,
18 2 Parag Mhashilkar
           persistent = yes,
19 2 Parag Mhashilkar
           readonly = no
20 2 Parag Mhashilkar
         ]
21 2 Parag Mhashilkar
22 2 Parag Mhashilkar
DISK   = [
23 2 Parag Mhashilkar
  type     = swap,
24 4 Parag Mhashilkar
  size     = 4096,
25 2 Parag Mhashilkar
  target   = vdb ]
26 2 Parag Mhashilkar
27 2 Parag Mhashilkar
NIC    = [ NETWORK = "FermiCloud" ]
28 2 Parag Mhashilkar
29 2 Parag Mhashilkar
FEATURES=[ acpi="no" ]
30 2 Parag Mhashilkar
31 2 Parag Mhashilkar
GRAPHICS = [
32 2 Parag Mhashilkar
  type    = "vnc",
33 2 Parag Mhashilkar
  listen  = "127.0.0.1",
34 2 Parag Mhashilkar
  port    = "-1",
35 2 Parag Mhashilkar
  autoport = "yes",
36 2 Parag Mhashilkar
  keymap = "en-us"]
37 2 Parag Mhashilkar
38 2 Parag Mhashilkar
39 1 Parag Mhashilkar
CONTEXT = [
40 2 Parag Mhashilkar
    ip_public   = "$NIC[IP, NETWORK=\"FermiCloud\"]",
41 4 Parag Mhashilkar
    hostname    = "if-gridftp-base.fnal.gov",
42 2 Parag Mhashilkar
    netmask     = "255.255.254.0",
43 2 Parag Mhashilkar
    gateway     = "131.225.154.1",
44 2 Parag Mhashilkar
    ns          = "131.225.8.120",
45 2 Parag Mhashilkar
    files       = "/cloud/images/OpenNebula/templates/init.sh /home/parag/OpenNebula/cedps/k5login",
46 2 Parag Mhashilkar
    target      = "hdc",
47 2 Parag Mhashilkar
    root_pubkey = "id_dsa.pub",
48 2 Parag Mhashilkar
    username    = "opennebula",
49 1 Parag Mhashilkar
    user_pubkey = "id_dsa.pub"
50 1 Parag Mhashilkar
]
51 4 Parag Mhashilkar
52 4 Parag Mhashilkar
REQUIREMENTS = "HYPERVISOR=\"kvm\""
53 4 Parag Mhashilkar
54 2 Parag Mhashilkar
</pre>
55 3 Parag Mhashilkar
56 1 Parag Mhashilkar
Launch a new VM with dynamic IP address.
57 1 Parag Mhashilkar
58 1 Parag Mhashilkar
<pre>
59 1 Parag Mhashilkar
[parag@fcl002 cedps]$ onevm create IFGridftpServerBase.one
60 11 Parag Mhashilkar
</pre>
61 1 Parag Mhashilkar
62 11 Parag Mhashilkar
Once the VM is running login into the VM and configure it
63 11 Parag Mhashilkar
64 11 Parag Mhashilkar
<pre>
65 4 Parag Mhashilkar
[parag@cd-109337 ~]$ ssh root@131.225.154.59
66 4 Parag Mhashilkar
67 4 Parag Mhashilkar
# Stop and Disable ypbind
68 4 Parag Mhashilkar
[root@fermicloud002 ~]# service ypbind stop
69 4 Parag Mhashilkar
Shutting down NIS services:                                [  OK  ]
70 4 Parag Mhashilkar
[root@fermicloud002 ~]# chkconfig --list| grep ypbind
71 4 Parag Mhashilkar
ypbind          0:off   1:off   2:on    3:on    4:on    5:on    6:off
72 4 Parag Mhashilkar
[root@fermicloud002 ~]# chkconfig ypbind off
73 4 Parag Mhashilkar
[root@fermicloud002 ~]# chkconfig --list| grep ypbind
74 4 Parag Mhashilkar
ypbind          0:off   1:off   2:off   3:off   4:off   5:off   6:off
75 4 Parag Mhashilkar
76 4 Parag Mhashilkar
# Make the experiment disks available without ypbind
77 4 Parag Mhashilkar
[root@fermicloud002 etc]# scp root@fcl002:/etc/auto.* /etc/
78 4 Parag Mhashilkar
[root@fermicloud002 etc]# service autofs stop
79 4 Parag Mhashilkar
Stopping automount:                                        [  OK  ]
80 4 Parag Mhashilkar
[root@fermicloud002 etc]# service autofs start
81 4 Parag Mhashilkar
Starting automount:                                        [  OK  ]
82 4 Parag Mhashilkar
83 4 Parag Mhashilkar
# Check that experiment areas are available without ypbind
84 4 Parag Mhashilkar
[root@fermicloud002 etc]# ls -la /minos/app
85 4 Parag Mhashilkar
86 4 Parag Mhashilkar
# Install pacman & VDT
87 4 Parag Mhashilkar
[root@fermicloud002 etc]# cd /usr/local/
88 4 Parag Mhashilkar
[root@fermicloud002 pacman-3.29]# tar xzf /tmp/pacman-latest.tar.gz
89 4 Parag Mhashilkar
[root@fermicloud002 local]# cd pacman-3.29/
90 4 Parag Mhashilkar
[root@fermicloud002 pacman-3.29]# source ./setup.sh 
91 4 Parag Mhashilkar
[root@fermicloud002 etc]# cd /usr/local/
92 4 Parag Mhashilkar
[root@fermicloud002 local]# mkdir /usr/local/vdt-2.0.99
93 4 Parag Mhashilkar
[root@fermicloud002 local]# ln -s /usr/local/vdt-2.0.99 /usr/local/vdt
94 4 Parag Mhashilkar
[root@fermicloud002 local]# cd /usr/local/vdt-2.0.99/
95 6 Parag Mhashilkar
[root@fermicloud002 vdt-2.0.99]# pacman -get http://vdt.cs.wisc.edu/vdt_200_cache:EDG-Make-Gridmap \
96 6 Parag Mhashilkar
http://vdt.cs.wisc.edu/vdt_200_cache:CA-Certificates-Updater \
97 6 Parag Mhashilkar
http://vdt.cs.wisc.edu/vdt_200_cache:CA-Certificates \
98 6 Parag Mhashilkar
http://vdt.cs.wisc.edu/vdt_200_cache:Fetch-CRL 
99 6 Parag Mhashilkar
http://vdt.cs.wisc.edu/vdt_200_cache:Configure-Fetch-CRL \
100 6 Parag Mhashilkar
http://vdt.cs.wisc.edu/vdt_200_cache:VOMS-Client \
101 6 Parag Mhashilkar
http://vdt.cs.wisc.edu/vdt_200_cache:Globus-Base-Data-Server \
102 6 Parag Mhashilkar
http://vdt.cs.wisc.edu/vdt_200_cache:EDG-Make-Gridmap
103 4 Parag Mhashilkar
Do you want to add [http://vdt.cs.wisc.edu/vdt_200_cache] to [trusted.caches]? (y/n/yall): yall
104 1 Parag Mhashilkar
105 5 Parag Mhashilkar
# Setup CA Certificates and other required VDT services
106 5 Parag Mhashilkar
[root@fermicloud002 vdt-2.0.99]# source /usr/local/vdt/setup.sh 
107 5 Parag Mhashilkar
108 5 Parag Mhashilkar
# Change $VDT_LOCATION/vdt-app-data/vdt-update-certs/vdt-update-certs.conf to enable OSG CA Certs
109 5 Parag Mhashilkar
[root@fermicloud002 vdt-2.0.99]# vi $VDT_LOCATION/vdt-app-data/vdt-update-certs/vdt-update-certs.conf
110 5 Parag Mhashilkar
[root@fermicloud002 vdt-2.0.99]# vdt-setup-ca-certificates --certs-dir /usr/local/vdt-2.0.99/
111 5 Parag Mhashilkar
112 5 Parag Mhashilkar
# Make sure Host certs and keys are in place
113 5 Parag Mhashilkar
[root@fermicloud002 vdt-2.0.99]# ls -la /etc/grid-security/
114 1 Parag Mhashilkar
115 5 Parag Mhashilkar
# First make sure that /etc/services do not have gsiftp service. If it does remove it
116 7 Parag Mhashilkar
[root@fermicloud002 vdt-2.0.99]# vi /etc/services
117 7 Parag Mhashilkar
118 11 Parag Mhashilkar
# Enable VDT Services but do not start them
119 5 Parag Mhashilkar
[root@fermicloud002 vdt-2.0.99]# vdt-control --list
120 5 Parag Mhashilkar
Service                 | Type   | Desired State
121 5 Parag Mhashilkar
------------------------+--------+--------------
122 5 Parag Mhashilkar
fetch-crl              | cron    | do not enable 
123 5 Parag Mhashilkar
vdt-rotate-logs        | cron    | do not enable 
124 5 Parag Mhashilkar
vdt-update-certs       | cron    | do not enable 
125 5 Parag Mhashilkar
gsiftp                 | inetd   | do not enable 
126 7 Parag Mhashilkar
127 5 Parag Mhashilkar
[root@fermicloud002 vdt-2.0.99]# vdt-control --enable fetch-crl vdt-rotate-logs vdt-update-certs gsiftp
128 1 Parag Mhashilkar
running 'vdt-register-service --name fetch-crl --enable'... ok
129 1 Parag Mhashilkar
running 'vdt-register-service --name vdt-rotate-logs --enable'... ok
130 1 Parag Mhashilkar
running 'vdt-register-service --name vdt-update-certs --enable'... ok
131 1 Parag Mhashilkar
running 'vdt-register-service --name gsiftp --enable'... ok
132 1 Parag Mhashilkar
133 1 Parag Mhashilkar
# Download & Install the if-gridftp-authz-tools available from the Files section of the twiki
134 1 Parag Mhashilkar
[root@fermicloud002 log]# cd /opt/
135 1 Parag Mhashilkar
[root@fermicloud002 opt]wget https://cdcvs.fnal.gov/redmine/attachments/download/5156/if-gridftp-authz-tools-v0.1.tgz
136 1 Parag Mhashilkar
[root@fermicloud002 opt]# tar xzf if-gridftp-authz-tools-v0.1.tgz 
137 1 Parag Mhashilkar
[root@fermicloud002 opt]# mkdir if-gridftp-authz-tools/log
138 11 Parag Mhashilkar
139 11 Parag Mhashilkar
# Setup the default crontabs but keep them disabled
140 11 Parag Mhashilkar
###### Customize the crontab below before enabling them ######
141 11 Parag Mhashilkar
142 11 Parag Mhashilkar
###### Change the nis-hostname and the nis-domain based on the experiment
143 11 Parag Mhashilkar
### 57 */2 * * * source /root/.bash_profile; /opt/if-gridftp-authz-tools/bin/create_password_file.py --nis-domain=XXXXXXXXX --nis-hostname=gpwn001.fnal.gov >>/opt/if-gridftp-authz-tools/log/gridmap_with_usernames.log 2>&1;
144 11 Parag Mhashilkar
145 11 Parag Mhashilkar
##### Change the group names based on voms groups for the experiment
146 11 Parag Mhashilkar
##### Supports more than one group
147 11 Parag Mhashilkar
### 57 */2 * * * source /root/.bash_profile; source /usr/local/vdt/setup.sh; /opt/if-gridftp-authz-tools/bin/gridmap_with_usernames.py --group-uri-base 'vomss://voms.fnal.gov:8443/voms/fermilab?/fermilab' --group XXXXXXXX --mappings-from-file /opt/if-gridftp-authz-tools/etc/testusers --output /etc/grid-security/grid-mapfile >> /opt/if-gridftp-authz-tools/log/gridmap_with_usernames.log 2>&1
148 11 Parag Mhashilkar
149 1 Parag Mhashilkar
</pre>
150 11 Parag Mhashilkar
151 11 Parag Mhashilkar
Logout of the VM, and same the VM image for reuse
152 11 Parag Mhashilkar
153 11 Parag Mhashilkar
h2. Creating & customizing a image from IFGridftpServerBase image
154 11 Parag Mhashilkar
155 11 Parag Mhashilkar
Steps involved
156 11 Parag Mhashilkar
157 11 Parag Mhashilkar
# Make sure base image is not running
158 11 Parag Mhashilkar
# Save the base image as an experiment specific image
159 11 Parag Mhashilkar
# In the Experiment specific image spec file, put the hostname, static ip address
160 11 Parag Mhashilkar
# Launch the new VM
161 11 Parag Mhashilkar
# Make sure the certificates specific to new VM are in place and referenced from the /etc/grid-security
162 11 Parag Mhashilkar
# Source vdt setup and run vdt-control --on
163 11 Parag Mhashilkar
# Enable the crontabs after making changes to them.
164 11 Parag Mhashilkar
# Run the scripts from the cron (To create gridmap and local users) manually once to test them