Project

General

Profile

Wiki » History » Version 9

« Previous - Version 9/11 (diff) - Next » - Current version
Parag Mhashilkar, 09/02/2011 01:51 PM


Documentation

toc.

Creating a IFGridftpServerBase Image

OpenNebula specification file used for Base Image creation is as follows

NAME   = IFGridftpServerBase
CPU    = 1
VCPU   = 2
MEMORY = 4096

DISK   = [
           source   = /cloud/images/OpenNebula/images/current-image.img,
           save     = yes,
           target   = vda,
           bus = virtio,
           persistent = yes,
           readonly = no
         ]

DISK   = [
  type     = swap,
  size     = 4096,
  target   = vdb ]

NIC    = [ NETWORK = "FermiCloud" ]

FEATURES=[ acpi="no" ]

GRAPHICS = [
  type    = "vnc",
  listen  = "127.0.0.1",
  port    = "-1",
  autoport = "yes",
  keymap = "en-us"]

CONTEXT = [
    ip_public   = "$NIC[IP, NETWORK=\"FermiCloud\"]",
    hostname    = "if-gridftp-base.fnal.gov",
    netmask     = "255.255.254.0",
    gateway     = "131.225.154.1",
    ns          = "131.225.8.120",
    files       = "/cloud/images/OpenNebula/templates/init.sh /home/parag/OpenNebula/cedps/k5login",
    target      = "hdc",
    root_pubkey = "id_dsa.pub",
    username    = "opennebula",
    user_pubkey = "id_dsa.pub" 
]

REQUIREMENTS = "HYPERVISOR=\"kvm\"" 

Launch a new VM with dynamic IP address.

[parag@fcl002 cedps]$ onevm create IFGridftpServerBase.one

# Once the VM is running login into the VM from same of different machine
[parag@cd-109337 ~]$ ssh root@131.225.154.59

# Stop and Disable ypbind
[root@fermicloud002 ~]# service ypbind stop
Shutting down NIS services:                                [  OK  ]
[root@fermicloud002 ~]# chkconfig --list| grep ypbind
ypbind          0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@fermicloud002 ~]# chkconfig ypbind off
[root@fermicloud002 ~]# chkconfig --list| grep ypbind
ypbind          0:off   1:off   2:off   3:off   4:off   5:off   6:off

# Make the experiment disks available without ypbind
[root@fermicloud002 etc]# scp root@fcl002:/etc/auto.* /etc/
[root@fermicloud002 etc]# service autofs stop
Stopping automount:                                        [  OK  ]
[root@fermicloud002 etc]# service autofs start
Starting automount:                                        [  OK  ]

# Check that experiment areas are available without ypbind
[root@fermicloud002 etc]# ls -la /minos/app

# Install pacman & VDT
[root@fermicloud002 etc]# cd /usr/local/
[root@fermicloud002 pacman-3.29]# tar xzf /tmp/pacman-latest.tar.gz
[root@fermicloud002 local]# cd pacman-3.29/
[root@fermicloud002 pacman-3.29]# source ./setup.sh 
[root@fermicloud002 etc]# cd /usr/local/
[root@fermicloud002 local]# mkdir /usr/local/vdt-2.0.99
[root@fermicloud002 local]# ln -s /usr/local/vdt-2.0.99 /usr/local/vdt
[root@fermicloud002 local]# cd /usr/local/vdt-2.0.99/
[root@fermicloud002 vdt-2.0.99]# pacman -get http://vdt.cs.wisc.edu/vdt_200_cache:EDG-Make-Gridmap \
http://vdt.cs.wisc.edu/vdt_200_cache:CA-Certificates-Updater \
http://vdt.cs.wisc.edu/vdt_200_cache:CA-Certificates \
http://vdt.cs.wisc.edu/vdt_200_cache:Fetch-CRL 
http://vdt.cs.wisc.edu/vdt_200_cache:Configure-Fetch-CRL \
http://vdt.cs.wisc.edu/vdt_200_cache:VOMS-Client \
http://vdt.cs.wisc.edu/vdt_200_cache:Globus-Base-Data-Server \
http://vdt.cs.wisc.edu/vdt_200_cache:EDG-Make-Gridmap
Do you want to add [http://vdt.cs.wisc.edu/vdt_200_cache] to [trusted.caches]? (y/n/yall): yall

# Setup CA Certificates and other required VDT services
[root@fermicloud002 vdt-2.0.99]# source /usr/local/vdt/setup.sh 

# Change $VDT_LOCATION/vdt-app-data/vdt-update-certs/vdt-update-certs.conf to enable OSG CA Certs
[root@fermicloud002 vdt-2.0.99]# vi $VDT_LOCATION/vdt-app-data/vdt-update-certs/vdt-update-certs.conf
[root@fermicloud002 vdt-2.0.99]# vdt-setup-ca-certificates --certs-dir /usr/local/vdt-2.0.99/

# Make sure Host certs and keys are in place
[root@fermicloud002 vdt-2.0.99]# ls -la /etc/grid-security/

# First make sure that /etc/services do not have gsiftp service. If it does remove it
[root@fermicloud002 vdt-2.0.99]# vi /etc/services

# Enable VDT Services
[root@fermicloud002 vdt-2.0.99]# vdt-control --list
Service                 | Type   | Desired State
------------------------+--------+--------------
fetch-crl              | cron    | do not enable 
vdt-rotate-logs        | cron    | do not enable 
vdt-update-certs       | cron    | do not enable 
gsiftp                 | inetd   | do not enable 

[root@fermicloud002 vdt-2.0.99]# vdt-control --enable fetch-crl vdt-rotate-logs vdt-update-certs gsiftp
running 'vdt-register-service --name fetch-crl --enable'... ok
running 'vdt-register-service --name vdt-rotate-logs --enable'... ok
running 'vdt-register-service --name vdt-update-certs --enable'... ok
running 'vdt-register-service --name gsiftp --enable'... ok

[root@fermicloud002 vdt-2.0.99]# vdt-control --on
enabling cron service vdt-rotate-logs... ok
enabling inetd service gsiftp... ok
enabling cron service vdt-update-certs... ok
enabling cron service fetch-crl... ok

# Download & Install the if-gridftp-authz-tools available from the Files section of the twiki
[root@fermicloud002 log]# cd /opt/
[root@fermicloud002 opt]wget https://cdcvs.fnal.gov/redmine/attachments/download/5156/if-gridftp-authz-tools-v0.1.tgz
[root@fermicloud002 opt]# tar xzf if-gridftp-authz-tools-v0.1.tgz 
[root@fermicloud002 opt]# mkdir if-gridftp-authz-tools/log