| | 1 | [[PageOutline]] |
| | 2 | |
| | 3 | = GENI Racks Administration = |
| | 4 | |
| | 5 | This page describes GENI racks administrative tasks and duties associated with each task. For each rack type, a site contact coordinates delivery, installation, configuration, and maintenance of the rack. In this very important role, you can rely on GPO support, please contact us at [mailto:help@geni.net]. The GPO also provides a real-time public jabber chat room for debugging any issue you may encounter at {{{geni@conference.j.ir.bbn.com}}}. |
| | 6 | |
| | 7 | == Rack Site Requirements and Installation == |
| | 8 | The site contact works with the organization deploying the rack (GPO, RENCI, or HP) to get get the rack (Starter, InstaGENI or ExoGENI) to get the site requirements defined. The site requirements may include: |
| | 9 | * Network Setup - Define how the rack will connect to the Internet and to the GENI backbones. Ex Regional connections, connection speed, VLANs to be used, etc. |
| | 10 | * Site Security Requirements- Determine changes required for rack connectivity, such as FV rules, IP filters, etc. |
| | 11 | * Address assignment for rack components - Define which address, subnet mask, routing is to be configured for the rack components. |
| | 12 | * Power requirements - based on site requirements |
| | 13 | * Administrative accounts - Setup of site administrator account that will be created on the management/head node. |
| | 14 | * Delivery logistics - Details for ''where'' the rack is to be delivered, ''who'' will accept the delivers, and ''when'' the delivery will take place. Also covers any physical restrictions for the rack delivery. |
| | 15 | |
| | 16 | == Rack Administrative Tasks == |
| | 17 | |
| | 18 | As a GENI rack administrator has operator responsibilities that include: |
| | 19 | * managing user accounts for experimenters and for other Operators. |
| | 20 | * updated for software and firmware, depending on the rack type. (See section below for specific rack type) |
| | 21 | * access compute and network resource consoles to support/manage experimenter resources. |
| | 22 | |
| | 23 | = Starter racks Admin = |
| | 24 | |
| | 25 | This section provides a few example of the administrative task on a Starter Rack. |
| | 26 | |
| | 27 | == Get Starter rack Accounts == |
| | 28 | |
| | 29 | '''Requesting an account''' |
| | 30 | |
| | 31 | Site operators should contact [mailto:gpo-infra@geni.net] to request sudo-capable login accounts on the Starter rack hosts by providing: |
| | 32 | * Preferred username |
| | 33 | * Preferred fullname |
| | 34 | * SSH public key for remote login |
| | 35 | * Hashed password for sudo obtained by running: |
| | 36 | {{{ |
| | 37 | openssl passwd -1 |
| | 38 | }}} |
| | 39 | and typing a password twice. The resulting string should be of the form: `$1$xxxxxxxx$xxxxxxxxxxxxxxxxxxxxxx` |
| | 40 | |
| | 41 | ''' Policies for Unix account use ''' |
| | 42 | * Remote account access is via public-key SSH only (no password-based login). |
| | 43 | * Do not run interactive sessions as root (don't use `sudo bash`, but instead run individual commands under sudo for logging). |
| | 44 | * Do not share account credentials. We are happy to create individual accounts, or to give staffers who don't have logins access to our emergency account for outage debugging. |
| | 45 | * GPO staffers actively manage these systems using the puppet configuration management utility. If you need to modify a system, please e-mail us at [mailto:gpo-infra@geni.net] to ensure that the desired change takes effect. |
| | 46 | |
| | 47 | '''Accounts on non-Unix rack devices''' |
| | 48 | |
| | 49 | Please contact [mailto:gpo-infra@geni.net] if you need login access to: |
| | 50 | * Control router or dataplane switch |
| | 51 | * IP KVM for remote console access |
| | 52 | * PDU for remote power control |
| | 53 | |
| | 54 | == Access Devices Consoles == |
| | 55 | ''' Compute Resource consoles''' |
| | 56 | * The fold-out console in the rack can be used to view the consoles of any of the hosts in the rack. |
| | 57 | * The KVM hotkey for changing which device is displayed is `Ctrl Ctrl`. |
| | 58 | |
| | 59 | '''Network Devices Consoles''' |
| | 60 | The `monitor1` node in each rack can be used as a serial console for network devices located in that rack. |
| | 61 | * Login to `monitor1` using the console |
| | 62 | * Use screen to access the desired serial device, e.g.: |
| | 63 | {{{ |
| | 64 | screen /dev/ttyS0 |
| | 65 | }}} |
| | 66 | * When done using screen, kill the session by pressing: `Ctrl-a K` |
| | 67 | |
| | 68 | == Monitoring Starter rack Health == |
| | 69 | |
| | 70 | '''Service Health''' |
| | 71 | |
| | 72 | GPO uses Nagios as a front-end for alerting about rack problems. The following services are monitored in the Starter Racks: |
| | 73 | * Resource problems with CPU, swap, or disk space on each host. |
| | 74 | * IP connectivity failures from the rack server to commodity internet (Google) and to the GPO lab. |
| | 75 | * Excessive CPU usage and excessive uplink broadcast traffic on the experimental switch. |
| | 76 | * Problems with standard experimental use of the Eucalyptus aggregate. |
| | 77 | |
| | 78 | The current state of monitored hosts and services at a given city can be viewed at: |
| | 79 | * [http://monitor.gpolab.bbn.com/nagios/cgi-bin/status.cgi?hostgroup=cities-cha&style=detail Chattanooga Status] |
| | 80 | * [http://monitor.gpolab.bbn.com/nagios/cgi-bin/status.cgi?hostgroup=cities-cle&style=detail Cleveland Status] |
| | 81 | |
| | 82 | If you would like to be added to any of these notifications, please contact us at [mailto:gpo-infra@geno.net]. |
| | 83 | |
| | 84 | '''Compute Resources Health''' |
| | 85 | Unix hosts report system health information via ganglia to the [http://monitor.gpolab.bbn.com/ganglia/GPO Monitoring Server]: |
| | 86 | * [http://monitor.gpolab.bbn.com/ganglia/?c=Chattanooga Chattanooga hosts] |
| | 87 | * [http://monitor.gpolab.bbn.com/ganglia/?c=Cleveland Cleveland hosts] |
| | 88 | |
| | 89 | '''Network Devices Health''' |
| | 90 | Network devices are polled for system health via SNMP, and that data is also available at the [http://monitor.gpolab.bbn.com/ganglia/GPO Monitoring Server]: |
| | 91 | * [http://monitor.gpolab.bbn.com/ganglia/?c=Chattanooga Chattanooga devices] |
| | 92 | * [http://monitor.gpolab.bbn.com/ganglia/?c=Cleveland Cleveland devices] |
| | 93 | |
| | 94 | If you need read-only SNMP access to the network devices in a Starter rack, please contact [mailto:gpo-infra@geni.net] |
| | 95 | |
| | 96 | == Perform an experiment in your Starter rack == |
| | 97 | |
| | 98 | '''1.''' In this example, we specify 2 VM instances using the same image, it is also possible to specify 2 separate instances using different images: |
| | 99 | {{{ |
| | 100 | $ euca-run-instances -k mykey -n 2 emi-05AC15E0 |
| | 101 | RESERVATION r-47F80755 agosain agosain-default |
| | 102 | INSTANCE i-45E007BF emi-05AC15E0 0.0.0.0 0.0.0.0 pending mykey 0 m1.small 2011-10-21T02:06:22.451Z cha-euca eki-8F5A137E eri-CB4F1461 |
| | 103 | INSTANCE i-335C067F emi-05AC15E0 0.0.0.0 0.0.0.0 pending mykey 1 m1.small 2011-10-21T02:06:22.453Z cha-euca eki-8F5A137E eri-CB4F1461 |
| | 104 | }}} |
| | 105 | |
| | 106 | '''2.''' Login to the VMs. When connecting to your image you must use the private key from the Eucalyptus keypair you created above. The {{{-i}}} flag lets you specify the private key. Each image also has a specified username that you will use on instances. In the case of the Ubuntu 10.04 (Lucid) image, the username is "ubuntu". So the complete ssh command for this image is: |
| | 107 | {{{ |
| | 108 | $ ssh -i mykey.priv ubuntu@192.1.243.56 |
| | 109 | $ ssh -i mykey.priv ubuntu@192.1.243.53 |
| | 110 | }}} |
| | 111 | |
| | 112 | '''3.''' Now that the VMs are running you can use an iperf client and server setup to exchange traffic between the two VMs. First, install the Iperf application on both VMs: |
| | 113 | {{{ |
| | 114 | apt-get install iperf |
| | 115 | }}} |
| | 116 | Them, start the iperf server: |
| | 117 | {{{ |
| | 118 | ubuntu@ip-10-153-0-67:~$ iperf -s |
| | 119 | ------------------------------------------------------------ |
| | 120 | Server listening on TCP port 5001 |
| | 121 | TCP window size: 85.3 KByte (default) |
| | 122 | ------------------------------------------------------------ |
| | 123 | [ 4] local 10.153.0.67 port 5001 connected with 10.153.0.66 port 52930 |
| | 124 | [ ID] Interval Transfer Bandwidth |
| | 125 | [ 4] 0.0-30.0 sec 1.92 GBytes 549 Mbits/sec |
| | 126 | }}} |
| | 127 | |
| | 128 | '''4.''' Then, connect to the private IP address of other VM and start the iperf client: |
| | 129 | {{{ |
| | 130 | ubuntu@ip-10-153-0-66:~$ iperf -c 10.153.0.67 -t 30 |
| | 131 | ------------------------------------------------------------ |
| | 132 | Client connecting to 10.153.0.67, TCP port 5001 |
| | 133 | TCP window size: 16.0 KByte (default) |
| | 134 | ------------------------------------------------------------ |
| | 135 | [ 3] local 10.153.0.66 port 52930 connected with 10.153.0.67 port 5001 |
| | 136 | [ ID] Interval Transfer Bandwidth |
| | 137 | [ 3] 0.0-30.0 sec 1.92 GBytes 549 Mbits/sec |
| | 138 | }}} |
| | 139 | '''5.''' Terminate your VM instances after you have completed your tests: |
| | 140 | {{{ |
| | 141 | euca-terminate-instances i-38E807A1 |
| | 142 | }}} |
| | 143 | |
| | 144 | == Install a VM image on your Starter rack == |
| | 145 | |
| | 146 | The following procedure outlines an experimenter view into using the Starter racks Eucalyptus VMs as a resource for an experiment. |
| | 147 | |
| | 148 | To request an account for a GENI Starter Rack send an email request to [mailto:gpo-infra@geni.net] including the following details: |
| | 149 | * Preferred username and full name. |
| | 150 | * Public SSH public key for remote login into rack resources. |
| | 151 | * Provide an MD5 hash of the password for sudo use. Generated by {{{openssl passwd -1}}} |
| | 152 | |
| | 153 | 1. Install Euca2ools (where???), which are command-line tools for interacting with the Eucalyptus open-source cloud-computing infrastructure. |
| | 154 | {{{ |
| | 155 | $ sudo apt-get install euca2ools |
| | 156 | }}} |
| | 157 | |
| | 158 | 2. Install Euca credentials. These credentials can be downloaded as a package from your Eucalyptus web site. If you do not have an account you can request one at ???? Once the account is verified and approved, go to the "Credentials" tab. In the "Credentials ZIP-file" section, click on the "Download Credentials" button. Locate the downloaded zip file (the location depends on your OS and web browser) and move it to a working directory. |
| | 159 | |
| | 160 | 3. Unpack the credential and source the environment: |
| | 161 | {{{ |
| | 162 | $ mkdir ~/euca |
| | 163 | $ mv ~/Downloads/euca2-myaccount-x509.zip ~/euca |
| | 164 | $ cd ~/euca |
| | 165 | $ unzip euca2-myaccount-x509.zip |
| | 166 | $ . eucarc |
| | 167 | }}} |
| | 168 | |
| | 169 | 4. Add firewall rules to your euca instance, below ssh and ping are allowed in the example: |
| | 170 | {{{ |
| | 171 | $ euca-authorize -P tcp -p 22 -s 0.0.0.0/0 default |
| | 172 | $ euca-authorize -P icmp -t -1:-1 -s 0.0.0.0/0 default |
| | 173 | }}} |
| | 174 | |
| | 175 | 5. Generate key pair to connect to eauca instance: |
| | 176 | {{{ |
| | 177 | $ euca-add-keypair mykey > mykey.priv |
| | 178 | $ chmod 600 mykey.priv |
| | 179 | }}} |
| | 180 | |
| | 181 | 6. Show available images, start a euca instance with your newly generated keys: |
| | 182 | {{{ |
| | 183 | $ euca-describe-images # show list of available images |
| | 184 | IMAGE emi-48AA122D ubuntu-9.04/ubuntu.9-04.x86-64.img.manifest.xml chaos available public x86_64 machine |
| | 185 | IMAGE emi-62E51726 ubuntu-10.04/lucid-server-cloudimg-amd64.img.manifest.xml tmitchel available public x86_64 machine |
| | 186 | $ euca-run-instances -k mykey emi-62E51726 |
| | 187 | }}} |
| | 188 | |
| | 189 | 7. Set public address for euca VM created above, by requesting for an address to be allocated and then assigning it to the specific euca instance: |
| | 190 | {{{ |
| | 191 | $ euca-allocate-address # will show address that is allocated to you |
| | 192 | ADDRESS 192.1.243.55 |
| | 193 | $ euca-associate-address -i i-38E807A1 192.1.243.55 |
| | 194 | }}} |
| | 195 | |
| | 196 | 8. You may now connect into the Euca VM: |
| | 197 | {{{ |
| | 198 | $ ssh -i mykey.priv ubuntu@192.1.243.55 |
| | 199 | }}} |
| | 200 | |
| | 201 | Your Euca instance may now be used to run an experiment. |
| | 202 | |
| | 203 | = InstaGENI Administration = |
| | 204 | == Get InstaGENI rack Accounts == |
| | 205 | == Access Devices Consoles == |
| | 206 | == Monitoring InstaGENI rack Health == |
| | 207 | == Perform an experiment in your InstaGENI rack == |
| | 208 | == Install a VM image on your InstaGENI rack == |
| | 209 | == InstaGENI Racks Software/Firmware upgrades == |
| | 210 | |
| | 211 | = ExoGENI Administration = |
| | 212 | == Get ExoGENI rack Accounts == |
| | 213 | == Access Devices Consoles == |
| | 214 | == Monitoring ExoGENI rack Health == |
| | 215 | == Perform an experiment in your ExoGENI rack == |
| | 216 | == Install a VM image on your ExoGENI rack == |
| | 217 | == ExoGENI Racks Software/Firmware upgrades == |
| | 218 | |
| | 219 | |
| | 220 | |
| | 221 | ---- |
| | 222 | {{{ |
| | 223 | #!html |
| | 224 | Email <a href="mailto:help@geni.net"> help@geni.net </a> for GENI support or email <a href="mailto:luisa.nevers@bbn.com">me</a> with feedback on this page! |
| | 225 | }}} |
