== Verification of infoprovider.cloud-info-provider.centos7.x86_64-0.9.1 == === Ticket assigned === * [https://rt.egi.eu/rt/Ticket/Display.html?id=14318] === Cloud-info-provider repo and installation === {{{ [root@verification ~]# wget http://admin-repo.egi.eu/sw/unverified/cmd-one-1.infoprovider.cloud-info-provider.centos7.x86_64/0/9/1/repofiles/INFOPROVIDER.cloud-info-provider.centos7.x86_64.repo -O /etc/yum.repos.d/INFOPROVIDER.cloud-info-provider.centos7.x86_64.repo [root@verification ~]# cat /etc/yum.repos.d/INFOPROVIDER.cloud-info-provider.centos7.x86_64.repo # EGI Software Repository - REPO META (releaseId,repositoryId,repofileId) - (14318,-,2521) }}} {{{ [INFOPROVIDER.cloud-info-provider.centos7.x86_64] name=INFOPROVIDER.cloud-info-provider.centos7.x86_64 baseurl=http://admin-repo.egi.eu/sw/unverified/cmd-one-1.infoprovider.cloud-info-provider.centos7.x86_64/0/9/1/ enabled=1 protect=1 priority=1 gpgcheck=1 gpgkey=http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY }}} {{{ [root@verification ~]# LC_ALL=C yum -y install cloud-info-provider [.....] Dependencies Resolved ======================================================================================================================================= Package Arch Version Repository Size ======================================================================================================================================= Installing: cloud-info-provider noarch 0.9.1-1.el7.centos INFOPROVIDER.cloud-info-provider.centos7.x86_64 150 k Installing for dependencies: PyYAML x86_64 3.10-11.el7 base 153 k libyaml x86_64 0.1.4-11.el7_0 base 55 k pyOpenSSL x86_64 0.13.1-3.el7 base 133 k python-beaker noarch 1.5.4-10.el7 base 80 k python-mako noarch 0.8.1-2.el7 base 307 k python-markupsafe x86_64 0.11-10.el7 base 25 k python-paste noarch 1.7.5.1-9.20111221hg1498.el7 base 866 k python-six noarch 1.9.0-2.el7 base 29 k python-tempita noarch 0.5.1-6.el7 base 33 k Transaction Summary ======================================================================================================================================= Install 1 Package (+9 Dependent packages) Total download size: 1.8 M Installed size: 8.3 M [.....] Installed: cloud-info-provider.noarch 0:0.9.1-1.el7.centos Dependency Installed: PyYAML.x86_64 0:3.10-11.el7 libyaml.x86_64 0:0.1.4-11.el7_0 pyOpenSSL.x86_64 0:0.13.1-3.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-paste.noarch 0:1.7.5.1-9.20111221hg1498.el7 python-six.noarch 0:1.9.0-2.el7 Complete! }}} {{{ [root@verification ~]# LC_ALL=C yum -y install bdii [.....] Dependencies Resolved ======================================================================================================================================= Package Arch Version Repository Size ======================================================================================================================================= Installing: bdii noarch 5.2.23-1.el7 epel 25 k Installing for dependencies: audit-libs-python x86_64 2.8.1-3.el7 base 75 k checkpolicy x86_64 2.5-6.el7 base 294 k expect x86_64 5.45-14.el7_1 base 262 k glue-schema noarch 2.0.11-1.el7 epel 33 k libcgroup x86_64 0.41-15.el7 base 65 k libsemanage-python x86_64 2.5-11.el7 base 112 k libtool-ltdl x86_64 2.4.2-22.el7_3 base 49 k openldap-clients x86_64 2.4.44-15.el7_5 updates 190 k openldap-servers x86_64 2.4.44-15.el7_5 updates 2.2 M policycoreutils-python x86_64 2.5-22.el7 base 454 k python-IPy noarch 0.75-6.el7 base 32 k setools-libs x86_64 3.3.8-2.el7 base 619 k tcl x86_64 1:8.5.13-8.el7 base 1.9 M Transaction Summary ======================================================================================================================================= Install 1 Package (+13 Dependent packages) Total download size: 6.2 M Installed size: 16 M [.....] Installed: bdii.noarch 0:5.2.23-1.el7 Dependency Installed: audit-libs-python.x86_64 0:2.8.1-3.el7 checkpolicy.x86_64 0:2.5-6.el7 expect.x86_64 0:5.45-14.el7_1 glue-schema.noarch 0:2.0.11-1.el7 libcgroup.x86_64 0:0.41-15.el7 libsemanage-python.x86_64 0:2.5-11.el7 libtool-ltdl.x86_64 0:2.4.2-22.el7_3 openldap-clients.x86_64 0:2.4.44-15.el7_5 openldap-servers.x86_64 0:2.4.44-15.el7_5 policycoreutils-python.x86_64 0:2.5-22.el7 python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-2.el7 tcl.x86_64 1:8.5.13-8.el7 Complete! }}} (!) For cloud-info-provider for OpenNEbula, package python2-defusedxml is necessary {{{ [root@verification ~]# LC_ALL=C yum -y install python2-defusedxml [.....] Dependencies Resolved ================================================================================================================================================= Package Arch Version Repository Size ================================================================================================================================================= Installing: python2-defusedxml noarch 0.5.0-1.el7 INFOPROVIDER.cloud-info-provider.centos7.x86_64 45 k Transaction Summary ================================================================================================================================================= Install 1 Package Total download size: 45 k Installed size: 187 k [.....] Installed: python2-defusedxml.noarch 0:0.5.0-1.el7 Complete! }}} (!) For cloud-info-provider for OpenNEbula, package keystoneauth1 for python is necessary. It must be installed using pip. {{{ [root@verification ~]# pip install keystoneauth1 Collecting keystoneauth1 Downloading https://files.pythonhosted.org/packages/8a/c6/b305566d8a7060aa441ac46df95c07f12341428cff1b8fa93bdd5463426b/keystoneauth1-3.7.0-py2.py3-none-any.whl (288kB) 100% |████████████████████████████████| 296kB 771kB/s Collecting iso8601>=0.1.11 (from keystoneauth1) Downloading https://files.pythonhosted.org/packages/ef/57/7162609dab394d38bbc7077b7ba0a6f10fb09d8b7701ea56fa1edc0c4345/iso8601-0.1.12-py2.py3-none-any.whl Requirement already satisfied (use --upgrade to upgrade): requests>=2.14.2 in /usr/lib/python2.7/site-packages (from keystoneauth1) Requirement already satisfied (use --upgrade to upgrade): six>=1.10.0 in /usr/lib/python2.7/site-packages (from keystoneauth1) Requirement already satisfied (use --upgrade to upgrade): pbr!=2.1.0,>=2.0.0 in /usr/lib/python2.7/site-packages (from keystoneauth1) Collecting os-service-types>=1.2.0 (from keystoneauth1) Downloading https://files.pythonhosted.org/packages/c7/ec/7ef45820d4fa2964f0fea5b264bbb1594b68e330513a161ddcf0efd963e4/os_service_types-1.2.0-py2-none-any.whl Collecting stevedore>=1.20.0 (from keystoneauth1) Downloading https://files.pythonhosted.org/packages/17/6b/3b7d6d08b2ab3e5ef09e01c9f7b3b590ee135f289bb94553419e40922c25/stevedore-1.28.0-py2.py3-none-any.whl Requirement already satisfied (use --upgrade to upgrade): urllib3<1.23,>=1.21.1 in /usr/lib/python2.7/site-packages (from requests>=2.14.2->keystoneauth1) Requirement already satisfied (use --upgrade to upgrade): idna<2.7,>=2.5 in /usr/lib/python2.7/site-packages (from requests>=2.14.2->keystoneauth1) Requirement already satisfied (use --upgrade to upgrade): chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/site-packages (from requests>=2.14.2->keystoneauth1) Requirement already satisfied (use --upgrade to upgrade): certifi>=2017.4.17 in /usr/lib/python2.7/site-packages (from requests>=2.14.2->keystoneauth1) Installing collected packages: iso8601, os-service-types, stevedore, keystoneauth1 Successfully installed iso8601-0.1.12 keystoneauth1-3.7.0 os-service-types-1.2.0 stevedore-1.28.0 You are using pip version 8.1.2, however version 10.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. }}} === Cloud-info-provider configuration === {{{ [root@verification ~]# cat /var/lib/bdii/gip/provider/cloud-info-provider #!/bin/bash cloud-info-provider-service --yaml-file /etc/cloud-info-provider/bdii.yaml --on-auth oneadmin:xxxxx --on-rpcxml-endpoint http://fedcloud-one.egi.cesga.es:2633/RPC2 --rocci-template-dir /opt/rOCCI-server/etc/backends/opennebula/fixtures/resource_tpl/ --middleware opennebularocci }}} {{{ [root@verification ~]# ls -l /var/lib/bdii/gip/provider/cloud-info-provider -rwxr-xr-x 1 ldap ldap 296 jun 5 06:33 /var/lib/bdii/gip/provider/cloud-info-provider }}} {{{ [root@verification ~]# cat /etc/cloud-info-provider/bdii.yaml site: # Your site name, as in GODCB (if omitted or set to None, this value is # retreived from /etc/glite-info-static/site/site.cfg ) name: CESGA # Site url url: http://www.cesga.es # Production level #production_level: production # Two digit country code country: ES # Site Longitude longitude: -8.553147 # Site Latitude latitude: 42.875558 # Your affiliated NGI ngi: NGI_IBERGRID # Contact email general_contact: grid-admin@cesga.es # User support email user_support_contact: grid-admin@cesga.es # Sysadmin contact email sysadmin_contact: grid-admin@cesga.es # Security contacts email email security_contact: grid-admin@cesga.es # User support email bdii_host: 127.0.0.1 # User support email bdii_port: 2170 compute: # Total number of cores available total_cores: 16 # Total RAM available (GB) total_ram: 32 # Hypervisor name (e.g. KVM, Xen, etc.) hypervisor: KVM # Hypervisor version hypervisor_version: 1.5.3 # Middleware used (e.g. OpenNebula, CloudStack, OpenStack, etc) middleware: OpenNebula # Middleware version middleware_version: 5.2.1 # Middleware developer middleware_developer: OpenNebula Team # Service Production level (testing, candidate, production...) service_production_level: candidate # Service capabilities capabilities: - cloud.managementSystem endpoints: defaults: api_authn_method: X509-VOMS production_level: production https://fedcloud-cmdone.egi.cesga.es:11443: endpoint_url: https://fedcloud-cmdone.egi.cesga.es:11443 api_type: OCCI api_version: 1.1 # Templates are retreived automatically from rOCCI-server templates: defaults: platform: amd64 network: public # Images are retreived automatically by the endpoint images: defaults: platform: amd64 schema: http://fedcloud-cmdone.egi.cesga.es/occi/infrastructure/os_tpl }}} {{{ [root@verification ~]# ls -l /etc/cloud-info-provider/bdii.yaml -rw-r--r-- 1 root root 2104 jun 5 06:36 /etc/cloud-info-provider/bdii.yaml }}} {{{ [root@verification ~]# service bdii start Starting bdii (via systemctl): [ OK ] [root@verification ~]# service bdii status BDII Runnning [ OK ] }}} === Testing === (!) For test purposes, please shutdown the firewall in the OpenNebula box. {{{ [root@verification ~]# sudo -u ldap /var/lib/bdii/gip/provider/cloud-info-provider dn: o=glue objectClass: organization o: glue dn: GLUE2GroupID=cloud,o=glue objectClass: GLUE2Group GLUE2GroupID: cloud dn: GLUE2ServiceID=verification.egi.cesga.es_cloud.compute,GLUE2GroupID=cloud,o=glue objectClass: GLUE2Entity objectClass: GLUE2Service objectClass: GLUE2ComputingService GLUE2ServiceAdminDomainForeignKey: CESGA GLUE2ServiceID: verification.egi.cesga.es_cloud.compute GLUE2ServiceQualityLevel: candidate GLUE2ServiceType: IaaS GLUE2ServiceCapability: ['cloud.managementSystem'] dn: GLUE2ManagerID=verification.egi.cesga.es_cloud.compute_manager,GLUE2ServiceID=verification.egi.cesga.es_cloud.compute,GLUE2GroupID=cloud,o=glue objectClass: GLUE2Entity objectClass: GLUE2Manager objectClass: GLUE2ComputingManager GLUE2ManagerID: verification.egi.cesga.es_cloud.compute_manager GLUE2ManagerProductName: KVM GLUE2ManagerServiceForeignKey: verification.egi.cesga.es_cloud.compute GLUE2ComputingManagerComputingServiceForeignKey: verification.egi.cesga.es_cloud.compute GLUE2EntityName: Cloud Manager for verification.egi.cesga.es GLUE2ManagerProductVersion: 1.5.3 GLUE2ComputingManagerTotalLogicalCPUs: 16 GLUE2ComputingManagerWorkingAreaTotal: 32 dn: GLUE2EndpointID=https://fedcloud-cmdone.egi.cesga.es:11443_OCCI_1.1_X509-VOMS,GLUE2ServiceID=verification.egi.cesga.es_cloud.compute,GLUE2GroupID=cloud,o=glue objectClass: GLUE2Entity objectClass: GLUE2Endpoint objectClass: GLUE2ComputingEndpoint GLUE2EndpointHealthState: ok GLUE2EndpointID: https://fedcloud-cmdone.egi.cesga.es:11443_OCCI_1.1_X509-VOMS GLUE2EndpointInterfaceName: OCCI GLUE2EndpointQualityLevel: production GLUE2EndpointServiceForeignKey: verification.egi.cesga.es_cloud.compute GLUE2EndpointServingState: production GLUE2EndpointURL: https://fedcloud-cmdone.egi.cesga.es:11443 GLUE2ComputingEndpointComputingServiceForeignKey: verification.egi.cesga.es_cloud.compute GLUE2EndpointCapability: ['cloud.managementSystem'] GLUE2EndpointImplementationName: OpenNebula GLUE2EndpointImplementationVersion: 5.2.1 GLUE2EndpointImplementor: OpenNebula Team GLUE2EndpointInterfaceVersion: 1.1 #GLUE2EndpointSemantics: #GLUE2EndpointSupportedProfile: GLUE2EntityOtherInfo: Authn=X509-VOMS GLUE2EndpointTechnology: None dn: GLUE2ApplicationEnvironmentID=http://fedcloud-cmdone.egi.cesga.es/occi/infrastructure/os_tpl#uuid_8b3f7a4d_29ae_5bd1_ada5_efedd1993643_default_61_verification.egi.cesga.es,GLUE2ServiceID=verification.egi.cesga.es_cloud.compute,GLUE2GroupID=cloud,o=glue objectClass: GLUE2Entity objectClass: GLUE2ApplicationEnvironment GLUE2ApplicationEnvironmentID: http://fedcloud-cmdone.egi.cesga.es/occi/infrastructure/os_tpl#uuid_8b3f7a4d_29ae_5bd1_ada5_efedd1993643_default_61_verification.egi.cesga.es GLUE2ApplicationEnvironmentAppName: 8b3f7a4d-29ae-5bd1-ada5-efedd1993643@default GLUE2ApplicationEnvironmentAppVersion: 2018.03.12 GLUE2ApplicationEnvironmentRepository: https://appdb.egi.eu/store/vo/image/8b3f7a4d-29ae-5bd1-ada5-efedd1993643:6179/ GLUE2ApplicationEnvironmentDescription: EGI FedCloud clients rOCCI-cli installed on the Long Term Support version of Ubuntu support guaranteed until April 2019.Includes voms clients with the fedcloud.egi.eu preconfigured and rOCCI-cli tool to interact with the FedCloud services. User must upload his/her certificate into the VM in order to create the proxy.This Virtual Machine has been created by the EGI Federated Cloud using a minimal Ubuntu 16.04 installation with cloud-init contextualization. In order to log into the image a ssh key must be used default user name is ubuntu.See https//wiki.egi.eu/wiki/FAQ10_EGI_Federated_Cloud_UserHow_can_I_connect_to_a_VM.3F for more informationImage was built using packer with the configuration available at https//github.com/EGI-FCTF/VMI-endorsement/. GLUE2EntityName: http://fedcloud-cmdone.egi.cesga.es/occi/infrastructure/os_tpl#uuid_8b3f7a4d_29ae_5bd1_ada5_efedd1993643_default_61 GLUE2ApplicationEnvironmentComputingManagerForeignKey: verification.egi.cesga.es_cloud.compute_manager [.....] }}} === Finding world-writable files in the packages contents === {{{ [root@verification ~]# rpm -qalv | egrep "^[-d]([-r][-w][-xs]){2}[-r]w" drwxrwxrwt 2 root root 0 abr 11 00:59 /tmp drwxrwxrwt 2 root root 0 abr 11 00:59 /var/tmp }}}