== Verification of cloudkeeper.centos7.x86_64-1.4.1 and cloudkeeper-one.centos7.x86_64-1.2.3 == === Ticket assigned === * [https://rt.egi.eu/rt/Ticket/Modify.html?id=12905] * [https://rt.egi.eu/rt/Ticket/Modify.html?id=12910] === Install UMD4 repos === NOTE: EPEL already installed {{{ [root@fedcloud-services yum.repos.d]# pwd /etc/yum.repos.d [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/sw/production/umd/4/repofiles/sl6/UMD-4-base.repo [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/sw/production/umd/4/repofiles/sl6/UMD-4-updates.repo [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo [root@fedcloud-services ~]# rpm --import http://download.nordugrid.org/RPM-GPG-KEY-nordugrid [root@fedcloud-services ~]# rpm --import http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY }}} === CloudKeeper repo and instalation === For dependence: {{{ [root@fedcloud-services ~]# yum install -y centos-release-qemu-ev wget }}} [root@fedcloud-services yum.repos.d]# pwd /etc/yum.repos.d [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/community/software/cloudkeeper/1.2.x/candidates/v1.2.0-1/repofiles/centos-7-x86_64-candidate.repo -O /etc/yum.repos.d/cloudkeeper.repo [root@fedcloud-services yum.repos.d]# wget http://repository.egi.eu/community/software/cloudkeeper.one/1.2.x/candidates/v1.2.0-1/repofiles/centos-7-x86_64-candidate.repo -O /etc/yum.repos.d/cloudkeeper-one.repo [root@fedcloud-services ~]# yum clean all; yum install cloudkeeper cloudkeeper-one [.....] Dependencias resueltas ================================================================================ Package Arquitectura Versión Repositorio Tamaño ================================================================================ Instalando: cloudkeeper x86_64 1.2.0+20170407162653-1.el7 cloudkeeper-centos-7-x86_64-candidate 44 M cloudkeeper-one x86_64 1.2.0+20170404154623-1.el7 cloudkeeper.one-centos-7-x86_64-candidate 54 M Instalando para las dependencias: boost-system x86_64 1.53.0-26.el7 base 39 k boost-thread x86_64 1.53.0-26.el7 base 57 k glusterfs x86_64 3.7.9-12.el7.centos base 462 k glusterfs-api x86_64 3.7.9-12.el7.centos base 64 k glusterfs-client-xlators x86_64 3.7.9-12.el7.centos base 837 k glusterfs-libs x86_64 3.7.9-12.el7.centos base 331 k gperftools-libs x86_64 2.4-8.el7 base 272 k libaio x86_64 0.3.109-13.el7 base 24 k libiscsi x86_64 1.9.0-7.el7 base 60 k librados2 x86_64 1:0.94.5-1.el7 base 1.7 M librbd1 x86_64 1:0.94.5-1.el7 base 1.8 M libunwind x86_64 2:1.1-5.el7_2.2 base 56 k qemu-img-ev x86_64 10:2.6.0-28.el7_3.6.1 centos-qemu-ev 1.0 M Resumen de la transacción ================================================================================ Instalar 2 Paquetes (+13 Paquetes dependientes) [.....] }}} * Check permissions/owners {{{ [root@fedcloud-services ~]# ls -l /etc/cloudkeeper total 20 -r--r----- 1 cloudkeeper cloudkeeper 2789 may 26 13:17 cloudkeeper.yml -r--r----- 1 cloudkeeper cloudkeeper 1906 may 26 10:04 cloudkeeper.yml.new -rw-r-----. 1 cloudkeeper cloudkeeper 2814 abr 27 13:51 cloudkeeper.yml.old -rw-r-----. 1 cloudkeeper cloudkeeper 1737 abr 18 13:44 cloudkeeper.yml.original [root@fedcloud-services ~]# ls -l /etc/cloudkeeper-one/ total 16 -rw-r-----. 1 cloudkeeper-one cloudkeeper-one 1699 abr 19 13:47 cloudkeeper-one.yml -r--r----- 1 cloudkeeper-one cloudkeeper-one 1672 may 26 10:03 cloudkeeper-one.yml.new -rw-r-----. 1 cloudkeeper-one cloudkeeper-one 1672 abr 18 15:40 cloudkeeper-one.yml.original drwxr-xr-x. 2 root root 4096 may 22 17:10 templates [root@fedcloud-services ~]# ls -l /etc/cloudkeeper-one/templates/ total 12 -rw-r-----. 1 cloudkeeper-one cloudkeeper-one 369 abr 18 13:43 image.erb -rw-r----- 1 cloudkeeper-one cloudkeeper-one 666 may 22 17:10 template.erb }}} === CloudKeeper configuration === * Some firewall rules {{{ [root@fedcloud-one ~]# firewall-cmd --permanent --new-zone=fedcloud success [root@fedcloud-one ~]# firewall-cmd --permanent --zone=fedcloud --add-source=193.144.35.77 success [root@fedcloud-one ~]# firewall-cmd --permanent --zone=fedcloud --add-port=2633/tcp success [root@fedcloud-services ~]# firewall-cmd --permanent --zone=fedcloud --add-source=193.144.35.17 success [root@fedcloud-services ~]# firewall-cmd --permanent --zone=fedcloud --add-port=50505/tcp success [root@fedcloud-one ~]# firewall-cmd --reload success }}} * Changes on file ''/etc/cloudkeeper/cloudkeeper.yml'' {{{ # diff cloudkeeper.yml cloudkeeper.yml.original 3,9d2 < - https://99999999-9999-9999-9999-999999999999:x-oauth-basic@vmcaster.appdb.egi.eu/store/vo/fedcloud.egi.eu/image.list < - https://99999999-9999-9999-9999-999999999999:x-oauth-basic@vmcaster.appdb.egi.eu/store/vo/vo.chain-project.eu/image.list < - https://99999999-9999-9999-9999-999999999999:x-oauth-basic@vmcaster.appdb.egi.eu/store/vo/geohazards.terradue.com/image.list < - https://99999999-9999-9999-9999-999999999999:x-oauth-basic@vmcaster.appdb.egi.eu/store/vo/hydrology.terradue.com/image.list < - https://99999999-9999-9999-9999-999999999999:x-oauth-basic@vmcaster.appdb.egi.eu/store/vo/d4science.org/image.list < - https://99999999-9999-9999-9999-999999999999:x-oauth-basic@vmcaster.appdb.egi.eu/store/vo/vo.emsodev.eu/image.list < - https://99999999-9999-9999-9999-999999999999:x-oauth-basic@vmcaster.appdb.egi.eu/store/vo/vo.access.egi.eu/image.list 14c7 < image-dir: /var/spool/cloudkeeper/images # Directory to store images to --- > image-dir: /var/spool/cloudkeeper/images/ # Directory to store images to 24,30c17,19 < ###RDIEZ The ip witch OpenNebula will download the image (in my case, this machine when cloudkeeper and cloudkeeper runs.... < ip-address: 193.144.35.77 # IP address NGINX can listen on < port: 50505 # Port NGINX can listen on < proxy: < ip-address: # Proxy IP address < port: # Proxy port < ssl: false # Whether proxy will use SSL connection --- > ip-address: 127.0.0.1 # IP address NGINX can listen on > min-port: 7300 # Minimal port NGINX can listen on > max-port: 7400 # Maximal port NGINX can listen on 33c22 < certificate: /etc/grid-security/hostcert.pem # Backend's certificate --- > certificate: /etc/grid-security/backendcert.pem # Backend's certificate 37c26 < level: INFO # Logging level --- > level: ERROR # Logging level }}} * Changes on file ''/etc/cloudkeeper-one/cloudkeeper-one.yml'' {{{ # diff cloudkeeper-one.yml cloudkeeper-one.yml.original 10c10 < tmp-dir: /var/spool/cloudkeeper-one/appliances/ # Directory where to temporarily store appliances --- > tmp-dir: /var/spool/cloudkeeper-one/appliances # Directory where to temporarily store appliances 14,15c14,15 < secret: oneadmin:myoneadminpassword # If not specified, looking for secret in environment variable ONE_AUTH and file ~/.one/one_auth < endpoint: http://fedcloud-one.egi.cesga.es:2633/RPC2 # If not specified, looking for endpoint in environment variable ONE_XMLRPC and file ~/.one/one_endpoint --- > secret: oneadmin:opennebula # If not specified, looking for secret in environment variable ONE_AUTH and file ~/.one/one_auth > endpoint: http://localhost:2633/RPC2 # If not specified, looking for endpoint in environment variable ONE_XMLRPC and file ~/.one/one_endpoint }}} * Changes on file ''/etc/cloudkeeper-one/templates/template.erb'' for match specifig OpenNebula configuration {{{ [.....] NIC=[ NETWORK="fedcloud-test", NETWORK_UNAME="oneadmin" ] GRAPHICS=[ KEYMAP="es", LISTEN="0.0.0.0", TYPE="VNC" ] CONTEXT = [ NETWORK = "YES", SSH_PUBLIC_KEY = "$USER[SSH_PUBLIC_KEY]" ] }}} === CloudKeeper run and test === {{{ [root@fedcloud-services ~]# service cloudkeeper-one start Starting cloudkeeper-one ... Started [root@fedcloud-services ~]# chkconfig cloudkeeper-one on [root@fedcloud-services ~]# service cloudkeeper-cron start Enabling periodic cloudkeeper-cron [root@fedcloud-services ~]# chkconfig cloudkeeper-cron on }}} And run the command: {{{ [root@fedcloud-services ~]# sudo -u cloudkeeper /opt/cloudkeeper/bin/cloudkeeper [.....] }}} After finish without errors, new images and templates appears in OpenNebula === Launch a machine from a UI === {{{ [rdiez@ui ~]$ voms-proxy-init -voms fedcloud.egi.eu --rfc Enter GRID pass phrase for this identity: Contacting voms1.grid.cesnet.cz:15002 [/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz] "fedcloud.egi.eu"... Remote VOMS server contacted succesfully. Created proxy in /tmp/x509up_u50003. Your proxy is valid until Wed Jun 07 00:38:14 CEST 2017 }}} {{{ [rdiez@ui ~]$ /opt/occi-cli/bin/occi --endpoint "https://fedcloud-services.egi.cesga.es:11443" --action create --resource compute --attribute occi.core.title="test-rdiez" --mixin http://occi.fedcloud-services.egi.cesga.es/occi/infrastructure/os_tpl#uuid_591f6cd0_28af_552a_9447_875b44a86112_default_6 --mixin http://fedcloud.egi.eu/occi/compute/flavour/1.0#small --auth x509 --user-cred /tmp/x509up_u50003 --voms https://fedcloud-services.egi.cesga.es:11443/compute/21 }}} {{{ [rdiez@ui ~]$ /opt/occi-cli/bin/occi --endpoint "https://fedcloud-services.egi.cesga.es:11443" --action list --resource compute --auth x509 --user-cred /tmp/x509up_u50003 --voms https://fedcloud-services.egi.cesga.es:11443/compute/18 https://fedcloud-services.egi.cesga.es:11443/compute/20 https://fedcloud-services.egi.cesga.es:11443/compute/21 }}} {{{ [rdiez@ui ~]$ /opt/occi-cli/bin/occi --endpoint "https://fedcloud-services.egi.cesga.es:11443" --action delete --resource https://fedcloud-services.egi.cesga.es:11443/compute/21 --auth x509 --user-cred /tmp/x509up_u50003 --voms }}} {{{ [rdiez@ui ~]$ /opt/occi-cli/bin/occi --endpoint "https://fedcloud-services.egi.cesga.es:11443" --action list --resource compute --auth x509 --user-cred /tmp/x509up_u50003 --voms https://fedcloud-services.egi.cesga.es:11443/compute/18 https://fedcloud-services.egi.cesga.es:11443/compute/20 }}} === Finding world-writable files in the packages contents === {{{ [root@fedcloud-services ~]# rpm -qalv | egrep "^[-d]([-r][-w][-xs]){2}[-r]w" drwxrwxrwt 2 root root 0 nov 5 2016 /tmp drwxrwxrwt 2 root root 0 nov 5 2016 /var/tmp }}}