== Verification of cesnet.rocci-cli.centos7.x86_64-4.10.2 == === Ticket assigned === * [https://rt.egi.eu/rt/Ticket/Display.html?id=13785] === rocci-cli and trustanchors repos === {{{ [root@verification yum.repos.d]# pwd /etc/yum.repos.d [root@verification yum.repos.d]# wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo [root@verification yum.repos.d]# wget http://admin-repo.egi.eu/sw/unverified/cmd-one-1.cesnet.rocci-cli.centos7.x86_64/4/10/2/repofiles/CESNET.rocci-cli.centos7.x86_64.repo [root@verification yum.repos.d]# cat EGI-trustanchors.repo # EGI Software Repository - REPO META (releaseId,repositoryId,repofileId) - (13879,-,2471) [EGI-trustanchors] name=EGI-trustanchors baseurl=http://repository.egi.eu/sw/production/cas/1/current/ enabled=1 gpgcheck=1 gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3 [root@verification yum.repos.d]# cat CESNET.rocci-cli.centos7.x86_64.repo # EGI Software Repository - REPO META (releaseId,repositoryId,repofileId) - (13785,2489,2446) [CESNET.rocci-cli.centos7.x86_64] name=CESNET.rocci-cli.centos7.x86_64 baseurl=http://admin-repo.egi.eu/sw/unverified/cmd-one-1.cesnet.rocci-cli.centos7.x86_64/4/10/2/ enabled=1 protect=1 priority=1 gpgcheck=1 gpgkey=http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY }}} === Install auxiliary packages === {{{ [root@verification yum.repos.d]# LC_ALL=C yum install lcg-CA voms-clients-cpp [.....] Dependencies Resolved ==================================================================================================================================================================== Package Arch Version Repository Size ==================================================================================================================================================================== Installing: lcg-CA noarch 1.88-1 EGI-trustanchors 2.1 k voms-clients-cpp x86_64 2.0.14-1.el7 epel 143 k Installing for dependencies: ca-policy-egi-core noarch 1.88-1 EGI-trustanchors 9.8 k ca-policy-lcg noarch 1.88-1 EGI-trustanchors 10 k ca_AEGIS noarch 1.88-1 EGI-trustanchors 5.0 k ca_ANSPGrid noarch 1.88-1 EGI-trustanchors 5.3 k ca_ASGCCA-2007 noarch 1.88-1 EGI-trustanchors 5.0 k ca_AddTrust-External-CA-Root noarch 1.88-1 EGI-trustanchors 5.8 k ca_ArmeSFo noarch 1.88-1 EGI-trustanchors 4.8 k ca_AustrianGrid noarch 1.88-1 EGI-trustanchors 5.0 k [.....] Transaction Summary ==================================================================================================================================================================== Install 2 Packages (+97 Dependent packages) Total download size: 817 k Installed size: 1.2 M Is this ok [y/d/N]: y [.....] Retrieving key from http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3 Importing GPG key 0x3CDBBC71: Userid : "EUGridPMA Distribution Signing Key 3 " Fingerprint: d12e 9228 22be 64d5 0146 188b c32d 99c8 3cdb bc71 From : http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3 Is this ok [y/N]: y [.....] Installed: lcg-CA.noarch 0:1.88-1 voms-clients-cpp.x86_64 0:2.0.14-1.el7 Dependency Installed: ca-policy-egi-core.noarch 0:1.88-1 ca-policy-lcg.noarch 0:1.88-1 ca_AEGIS.noarch 0:1.88-1 ca_ANSPGrid.noarch 0:1.88-1 ca_ASGCCA-2007.noarch 0:1.88-1 ca_AddTrust-External-CA-Root.noarch 0:1.88-1 ca_ArmeSFo.noarch 0:1.88-1 ca_AustrianGrid.noarch 0:1.88-1 ca_BG-ACAD-CA.noarch 0:1.88-1 [.....] Complete! }}} === System configuration === Some configuration is needed for voms/x509 authentication {{{ [root@verification ~]# cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.grid.cesnet.cz.lsc /DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz /C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 3 [root@verification ~]# cat /etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz.lsc /DC=cz/DC=cesnet-ca/O=CESNET/CN=voms2.grid.cesnet.cz /DC=cz/DC=cesnet-ca/O=CESNET CA/CN=CESNET CA 3 }}} {{{ [root@verification ~]# cat /etc/vomses/fedcloud.egi.eu-voms1.grid.cesnet.cz "fedcloud.egi.eu" "voms1.grid.cesnet.cz" "15002" "/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz" "fedcloud.egi.eu" "24" [root@verification ~]# cat /etc/vomses/fedcloud.egi.eu-voms2.grid.cesnet.cz "fedcloud.egi.eu" "voms2.grid.cesnet.cz" "15002" "/DC=cz/DC=cesnet-ca/O=CESNET/CN=voms2.grid.cesnet.cz" "fedcloud.egi.eu" "24" }}} Personal certificates: {{{ [root@verification ~]# ls -ld /root/.globus drwx------ 2 root root 43 dic 1 08:40 /root/.globus [root@verification ~]# ls -l /root/.globus/ total 8 -r--r--r-- 1 root root 2244 dic 1 08:40 usercert.pem -r-------- 1 root root 2021 dic 1 08:40 userkey.pem }}} === rocci-cli repo and installation === {{{ [root@verification ~]# LC_ALL=C yum install occi-cli [.....] Dependencies Resolved ==================================================================================================================================================================== Package Arch Version Repository Size ==================================================================================================================================================================== Installing: occi-cli x86_64 4.3.10+20171005163921-2.el7 CESNET.rocci-cli.centos7.x86_64 24 M Transaction Summary ==================================================================================================================================================================== Install 1 Package Total download size: 24 M Installed size: 83 M Is this ok [y/d/N]: y [.....] Retrieving key from http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY Importing GPG key 0x96B71B07: Userid : "Kostas Koumantaros (UMD Release Manager) " Fingerprint: 32ad 8d80 fa5a 89b5 3dc5 de93 6799 de16 96b7 1b07 From : http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY Is this ok [y/N]: y [.....] Installed: occi-cli.x86_64 0:4.3.10+20171005163921-2.el7 Complete! }}} === Verify occi-client === (!) Creating proxy: {{{ [root@verification ~]# voms-proxy-init -key ~/.globus/userkey.pem -cert ~/.globus/usercert.pem -certdir /etc/grid-security/certificates/ -voms fedcloud.egi.eu --rfc Enter GRID pass phrase: Your identity: /DC=org/DC=terena/DC=tcs/C=ES/O=CESGA/CN=Ruben Diez Lazaro rdiez@cesga.es Creating temporary proxy .............................. Done Contacting voms1.grid.cesnet.cz:15002 [/DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz] "fedcloud.egi.eu" Done Creating proxy .................................................. Done Your proxy is valid until Mon Dec 4 16:03:22 2017 [root@verification ~]# voms-proxy-info --all subject : /DC=org/DC=terena/DC=tcs/C=ES/O=CESGA/CN=Ruben Diez Lazaro rdiez@cesga.es/CN=1969412793 issuer : /DC=org/DC=terena/DC=tcs/C=ES/O=CESGA/CN=Ruben Diez Lazaro rdiez@cesga.es identity : /DC=org/DC=terena/DC=tcs/C=ES/O=CESGA/CN=Ruben Diez Lazaro rdiez@cesga.es type : RFC compliant proxy strength : 1024 bits path : /tmp/x509up_u0 timeleft : 11:59:56 key usage : Digital Signature, Key Encipherment, Data Encipherment === VO fedcloud.egi.eu extension information === VO : fedcloud.egi.eu subject : /DC=org/DC=terena/DC=tcs/C=ES/O=CESGA/CN=Ruben Diez Lazaro rdiez@cesga.es issuer : /DC=org/DC=terena/DC=tcs/C=CZ/ST=Hlavni mesto Praha/L=Praha 6/O=CESNET/CN=voms1.grid.cesnet.cz attribute : /fedcloud.egi.eu/Role=NULL/Capability=NULL timeleft : 11:59:53 uri : voms1.grid.cesnet.cz:15002 }}} List resources: {{{ [root@verification ~]# /opt/occi-cli/bin/occi --endpoint https://fedcloud-services.egi.cesga.es:11443/ --action list --resource os_tpl --auth x509 --user-cred /tmp/x509up_u0 --voms http://occi.fedcloud-services.egi.cesga.es/occi/infrastructure/os_tpl#uuid_07fbd366_bbd2_5ca4_8f47_82c23ebc7d23_default_50 http://occi.fedcloud-services.egi.cesga.es/occi/infrastructure/os_tpl#uuid_fe71524e_66d3_5d09_8375_c5510ed5ccba_default_51 http://occi.fedcloud-services.egi.cesga.es/occi/infrastructure/os_tpl#uuid_e009209f_b62b_552e_b26c_eef351264f58_default_52 http://occi.fedcloud-services.egi.cesga.es/occi/infrastructure/os_tpl#uuid_c0482bc2_bf41_5d49_a85f_a750174a186b_default_53 http://occi.fedcloud-services.egi.cesga.es/occi/infrastructure/os_tpl#uuid_b25c250b_637b_5622_a6fb_b0db4f2883f2_default_54 [.....] }}} Deploy: {{{ [root@verification ~]# /opt/occi-cli/bin/occi --endpoint https://fedcloud-services.egi.cesga.es:11443/ --action create --resource compute --mixin os_tpl#uuid_e009209f_b62b_552e_b26c_eef351264f58_default_52 --attribute occi.core.title="probe_rdiez" --auth x509 --user-cred /tmp/x509up_u0 --voms https://fedcloud-services.egi.cesga.es:11443/compute/20303 }}} (!) VM appears in OpenNebula dashboard List running VMs: {{{ [root@verification ~]# /opt/occi-cli/bin/occi --endpoint https://fedcloud-services.egi.cesga.es:11443/ --action list --resource compute --auth x509 --user-cred /tmp/x509up_u0 --voms https://fedcloud-services.egi.cesga.es:11443/compute/20303 }}} Delete VM: {{{ [root@verification ~]# /opt/occi-cli/bin/occi --endpoint https://fedcloud-services.egi.cesga.es:11443/ --action delete --resource https://fedcloud-services.egi.cesga.es:11443/compute/20303 --auth x509 --user-cred /tmp/x509up_u0 --voms [root@verification ~]# /opt/occi-cli/bin/occi --endpoint https://fedcloud-services.egi.cesga.es:11443/ --action list --resource compute --auth x509 --user-cred /tmp/x509up_u0 --voms }}} (!) VM is deleted from OpenNebula dashboard === Finding world-writable files in the packages contents === {{{ [root@verification ~]# rpm -qalv | egrep "^[-d]([-r][-w][-xs]){2}[-r]w" drwxrwxrwt 2 root root 0 nov 5 2016 /tmp drwxrwxrwt 2 root root 0 nov 5 2016 /var/tmp }}}