Changes between Initial Version and Version 1 of GeniApiInstallationMyPlc


Ignore:
Timestamp:
09/15/10 22:52:06 (14 years ago)
Author:
tmitchel@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GeniApiInstallationMyPlc

    v1 v1  
     1[[PageOutline]]
     2
     3= MyPLC & SFA Installation and Configuration =
     4
     5Start at step 9 if your VM was installed with myplc by the sysadmin[[BR]]
     6Start at step 1 if your VM is a vanilla fedora8 VM[[BR]]
     7
     8=== Install myplc using a vanilla fedora VM ===
     9
     10 1. Install Fedora 8 in a virtual machine
     11 * See [wiki:GeniApiInstallingFedora8 Installing Fedora 8] for info and tips for configuring Fedora 8 for MyPLC [[BR]]
     12 
     13
     14 2. Add the MyPLC yum repository:
     15{{{
     16sudo sh -c 'echo "[myplc]" > /etc/yum.repos.d/myplc.repo'
     17sudo sh -c 'echo "name= MyPLC" >> /etc/yum.repos.d/myplc.repo'
     18sudo sh -c 'echo "baseurl=http://build.planet-lab.org/planetlab/f8/pl-f8-i386-4.3-k22-latest/RPMS/" >> /etc/yum.repos.d/myplc.repo'
     19sudo sh -c 'echo "enabled=1" >> /etc/yum.repos.d/myplc.repo'
     20sudo sh -c 'echo "gpgcheck=0" >> /etc/yum.repos.d/myplc.repo'
     21}}}
     22
     23 3. Install MyPLC (and about fifty other packages):
     24{{{
     25sudo yum install myplc
     26}}}
     27
     28 4. Configure Iptables to allow incoming http and SFA connections[[BR]]
     29   Edit /etc/sysconfig/iptables/
     30
     31{{{
     32
     33# Webservers should allow inbound HTTP connections
     34-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
     35-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
     36# Ports needed for SFA work
     37-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12345 -j ACCEPT
     38-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12346 -j ACCEPT
     39-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12347 -j ACCEPT
     40-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12348 -j ACCEPT
     41
     42}}}
     43
     44 5. Make sure selinux is disabled[[BR]]
     45 * edit /etc/selinux/config (as root) to set SELINUX=disabled
     46 
     47 6. Make sure apache is installed. The version does not matter.[[BR]]
     48
     49 7. Configure some PLC variables:
     50{{{
     51sudo plc-config-tty
     52}}}
     53 In plc-config-tty:
     54  * Enter 'u' to make "usual" changes. Change the following settings (leave the others as they are):
     55   * PLC_NAME : A name to identify your MyPLC instance, e.g. "JBS PLC"
     56   * PLC_SHORTNAME : A shorter identifying name, e.g. "jbsplc"
     57   * PLC_SLICE_PREFIX : The prefix for slice names, e.g. jbspl (NOTE: Do not use underscores here, or you'll get "PLC: Bootstrapping the database:                           [FAILED]" at PLC startup)
     58   * PLC_ROOT_USER : Your e-mail address, e.g. "jbs@bbn.com" (NOTE: Do not use a plus character here, or sfa_import.py will fail later)
     59   * PLC_ROOT_PASSWORD : A (new for this purpose) password you know
     60   * PLC_MAIL_ENABLED : [false] true
     61   * PLC_MAIL_SUPPORT_ADDRESS : [root+support@localhost.localdomain] plc-admin@<FQDN of the machine >
     62   * PLC_WWW_HOST : The name where you'd like to run the MyPLC web site (e.g. the FQDN of the machine, or localhost.localdomain)
     63   * PLC_NET_DNS1 : The first nameserver in resolv.conf on the system (e.g. "192.1.249.10")
     64   * PLC_NET_DNS2 : The second nameserver in resolv.conf on the system, if there is one
     65  * When it drops back to the prompt, enter 's PLC_DB_PASSWORD' to display the PLC DB password, and note it down (SFA will need this later).
     66  * Enter 'w' to save changes, then 'q' to quit.
     67
     68 8. Reboot the machine. plc will start automatically on bootup
     69
     70{{{
     71ps -ef | grep plc
     72root      6394     1  0 May21 ?        00:00:00 plc_httpd
     73nobody    6715     1  0 May21 ?        00:00:00 plc_dnsmasq
     74apache    8538  6394  0 12:47 ?        00:00:00 plc_httpd
     75apache    8928  6394  0 13:24 ?        00:00:00 plc_httpd
     76apache    8943  6394  0 13:24 ?        00:00:00 plc_httpd
     77apache    8944  6394  0 13:24 ?        00:00:00 plc_httpd
     78apache    8949  6394  0 13:24 ?        00:00:00 plc_httpd
     79apache    8950  6394  0 13:24 ?        00:00:00 plc_httpd
     80apache    8951  6394  0 13:24 ?        00:00:00 plc_httpd
     81apache    8952  6394  0 13:24 ?        00:00:00 plc_httpd
     82agosain   9344  9315  0 13:58 pts/0    00:00:00 grep plc
     83
     84}}}
     85
     86=== Start Here if you requested a Myplc VM from the sysadmin ===
     87
     889. Set up ~/.sfi, and create a new SSH key and config file for the admin user of myplc
     89{{{
     90mkdir ~/.sfi
     91ssh-keygen -f .sfi/root.pkey -N ''
     92rm ~/.sfi/*.cert
     93}}}
     94
     9510. List and take note of plc-config-tty variables as you will need them later
     96
     97{{{
     98$ sudo plc-config-tty
     99Enter command (u for usual changes, w to save, ? for help) u
     100== PLC_NAME : [myplc2.gpolab.bbn.com]
     101== PLC_SHORTNAME : [myplc2]
     102== PLC_SLICE_PREFIX : [gpotest]
     103== PLC_ROOT_USER : [root@localhost.localdomain]
     104== PLC_ROOT_PASSWORD : [root]
     105== PLC_MAIL_ENABLED : [true]
     106== PLC_MAIL_SUPPORT_ADDRESS : [plc-admin@myplc2.gpolab.bbn.com]
     107== PLC_DB_HOST : [128.89.91.3]
     108== PLC_API_HOST : [128.89.91.3]
     109== PLC_WWW_HOST : [128.89.91.3]
     110== PLC_BOOT_HOST : [128.89.91.3]
     111== PLC_NET_DNS1 : [128.33.0.20]
     112== PLC_NET_DNS2 : [128.33.1.20]
     113Enter command (u for usual changes, w to save, ? for help) s PLC_DB_PASSWORD
     114PLC_DB_PASSWORD = 02d32348-2480-464e-a3b8-a00f4ddeac36
     115Enter command (u for usual changes, w to save, ? for help) q
     116
     117}}}
     118
     11911. Browse to your MyPLC web interface by the name you used for PLC_WWW_HOST above, via HTTPS, and log in using the username and password you used as PLC_ROOT_USER and PLC_ROOT_PASSWORD above.
     120
     121 * Replace the default key with your the SSH public key you created a moment ago:
     122  * On the home page, select ''My Account'' on the left menu bar.
     123  * Scroll down to "One Key", and click on the arrow next to it.
     124  * Select the box next to the existing key, and click "Remove keys".
     125  * Click "Browse..." to find your public key, and upload it
     126
     12712. Create a new site in myplc, this is where your nodes will get installed
     128  * Click "logout of <myplc_instance_name>"
     129  * On the left menu bar, click "File a site registration"
     130  * Fill out the long form -- make sure that site name and login base are the same
     131   * Site name: gpotest // same as login base
     132   * login base: gpotest // same as site name
     133   * abbreviated: gpotest
     134   * URL: http://some.dummy.url.net
     135   * Lat/Long: 1
     136   * Max slices: 100
     137   * For Principal Investigator information use the same email and password as for PLC_ROOT_USER and PLC_ROOT_PASSWORD
     138   * Fill the rest in with dummy information
     139  * Log back into myplc as admin, and click on 'pending requests' in the sites section on the left  menu
     140  * Click on the site name
     141  * Hit the approve button
     142 
     14313. Create a new user in myplc, this is where your slices will get created
     144  * Click "logout of <myplc_instance_name>"
     145  * Click on "Create an Account"
     146  * First name: *       
     147  * Last name: *       
     148  * E-mail: Your E-mail address must be able to receive e-mail and will be used as your username:       
     149  * Password: *
     150  * Site: Select the site where you belong :
     151  * Enable your account
     152  * Go to My Account-> All Accounts->Click on your account-> Enable
     153  * Replace the default key with your the SSH public key:
     154  * On the home page, select ''My Account'' on the left menu bar.
     155  * Scroll down to "No Key", and click on the arrow next to it.
     156  * Click "Browse..." to find your public key, and upload it
     157
     15814. Add your !PlanetLab nodes to the new site. Make sure the sysadmin tells you the port number on power1.gpolab.bbn.com the node is connected to.[[BR]]
     159    power1.gpolab.bbn.com is the power controller for the node to control remote reboots
     160  * We want to only focus on this new site, gpolab1, so remove other sites from the account
     161   * Click on My Account on left menu
     162   * Click on '2 sites' down arrow
     163   * Click on any sites that aren't 'gpolab1' and hit the remove sites button
     164  * Now logout and log back in as root
     165  * '''NOTE''' The Add node option and Register Node option on the web interface do the same thing. However, our DNS entries 128.33.0.20 is not accepted by the Add Node tab as the routine complains about
     166
     167{{{
     168 Cannot create entry as address is not in /25 network
     169}}}
     170
     171  * Click on 'Register Node' under admin search on left menu and add your node (must use a full hostname)
     172   * Fill in the information
     173
     174{{{
     175Register a New PCU
     176Site: gpolab1           
     177Model:  APC Ap79XXX sequence 1-2-1-port-3
     178Hostname: power1.gpolab.bbn.com
     179IP Address: 192.1.249.15
     180Username: <ask sysadmin>       
     181Password: <ask sysadmin>
     182}}}
     183
     184{{{
     185Site      gpolab1
     186Hostname  saba.gpolab.bbn.com   
     187Model     Custom
     188Method     Static
     189IP address 128.89.91.14
     190Netmask    255.255.255.128
     191Network    128.89.91.0
     192Broadcast  128.89.91.127
     193Gateway    128.89.91.1
     194DNS 1      128.33.0.20
     195DNS 2      128.33.1.20
     196
     197}}}
     198
     19915. After the node shows up in the site it was created in, Select "Reinstall" for "Preferred Boot State" and "download iso .." for "Download"
     200
     20116. Save the ISO file , burn it on a CD and install it on the node
     202
     20317. It will take 10 minutes for the node to install completely and the "Observed Boot state" will change from "Reinstall" to "Boot"
     204 
     205
     206=== Install SFA ===
     207
     208
     209  1. Installing SFA
     210  {{{
     211  sudo yum update fedora-release
     212  sudo yum install sfa sfa-plc sfa-client
     213  }}}
     214
     215 
     216  To install from SVN (should not normally be needed)
     217  {{{
     218  sudo yum update fedora-release
     219  sudo yum install m2crypto python-dateutil python-psycopg2 myplc-config pyOpenSSL python-ZSI libxslt-python xmlsec1-openssl-devel python-lxml
     220  svn co http://svn.planet-lab.org/svn/sfa/branches/geni-api
     221  cd geni-api
     222  make
     223  sudo make install
     224  }}}
     225
     226
     227 2. Configure some SFA variables:
     228{{{
     229sudo sfa-config-tty
     230}}}
     231 In sfa-config-tty:
     232  * Enter 'u' to make "usual" changes. Anywhere you see localhost, replace that with your server's domain or IP address.  Other specific changes are:
     233   * SFA_INTERFACE_HRN: This should be 'plc.gpotest'.  In general it is plc.X where X is your PLC slice prefix from above
     234   * SFA_REGISTRY_ROOT_AUTH: this should be 'plc'
     235   * SFA_PLC_USER: The same as PLC_ROOT_USER above
     236   * SFA_PLC_PASSWORD: The same as PLC_ROOT_PASSWORD above
     237   * SFA_PLC_DB_PASSWORD: PLC sets this, run 'plc-config-tty'
     238   * type 'l' to list variables, and copy the PLC_DB_PASSWORD value
     239  * Enter 'w' to save changes, then 'q' to quit.
     240
     241 3. Start up SFA once, to create the initial /etc/sfa/sfa_config.py, and stop it again:
     242{{{
     243sudo service sfa reload
     244}}}
     245
     246 4. Import your PLC database into SFA:
     247{{{
     248sudo sfa-import-plc.py  # if this fails, try running sfa-nuke-plc.py and then running again
     249}}}
     250
     251 5. Start up SFA again:
     252{{{
     253sudo service sfa start
     254}}}
     255
     256 6. Create the SFA client's config file. use the primary user name which myplc knows about. In this case it is root@localhost.localdomain. Be sure to use your new site's name, such as 'gpolab1'
     257{{{
     258echo 'SFI_AUTH="plc.gpotest.gpolab1"' > .sfi/sfi_config
     259echo 'SFI_USER="plc.gpotest.gpolab1.root"' >> .sfi/sfi_config
     260echo 'SFI_REGISTRY="http://localhost:12345"' >> .sfi/sfi_config
     261echo 'SFI_SM="http://localhost:12347"' >> .sfi/sfi_config
     262echo 'SFI_GENI_AM="http://localhost:12348"' >> .sfi/sfi_config
     263}}}
     264
     265 7. Test that it works:
     266{{{
     267sfi.py list plc.gpotest.gpolab1
     268}}}
     269   Expect output like this:
     270{{{
     271plc.gpotest.gpolab1.jbs (user)
     272...
     273}}}
     274  And then run this:
     275{{{
     276sfi.py resources
     277}}}
     278  It should give you back some xml.. and not an error.
     279
     280* Further testing information will be written soon.
     281
     282''' GOTCHAS '''
     283
     284 1.  [[BR]]
     285
     286{{{
     287sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Cert URN is not an extension of its parent: plc.gpotest
     288}}}
     289
     290 * Clean up all of the keys imported from the old sfa-import-plc and run it over again
     291
     292{{{
     293/etc/init.d/sfa/stop
     294rm -rf /var/lib/sfa/authorities
     295rm /etc/sfa/trusted_roots/*
     296sfa-nuke-plc.py
     297sfa-import-plc.py
     298/etc/init.d/sfa/start
     299}}}
     300
     301
     302 2. [[BR]]
     303
     304{{{
     305sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Connection Key GID mismatch: plc.gpotest.gpolabr2.root
     306}}}
     307
     308 * did you upload the new public key to myplc web interface; '' My Account '' for the primary user of myplc[[BR]]
     309
     310   rerun sfa-import-plc.py
     311 
     312{{{
     313sfi.py list plc.gpotest.gpolab1
     314}}}
     315
     316
     317 3. [[BR]]
     318
     319{{{
     320sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Cert
     321an extension of its parent: plc.gpotest
     322}}}
     323
     324 * Make sure the user in the key-gen step is the primary user of myplc [[BR]]
     325
     326
     327{{{
     328SFI_USER="plc.gpolab.gpolabr2.root"
     329}}}
     330
     331
     332
     333{{{
     334ssh-keygen -f .sfi/root.pkey -N ''
     335}}}
     336
     3374.[[BR]]
     338
     339Adding a node using planetlab CLI. This is a work around for "Add Node" not working and an alternative to the web interface "Register Node"
     340
     341{{{
     342sudo plcsh
     343}}}
     344
     345Once inside the plantlab shell type these commands and press enter after each line[[BR]]
     346
     347{{{
     348newnode={}
     349newnode["boot_state"]="reinstall"
     350newnode["model"]="Custom"
     351newnode["deployment"]="planetlab"
     352newnode["hostname"]="gardil.gpolab.bbn.com"
     353AddNode("<login base of your site>",newnode)
     354}}}
     355
     356''' Note ''' : make sure that the [[BR]]
     357
     358{{{
     359newnode["deployment"]="planetlab"
     360}}}
     361
     362field value matches the value under <> brackets /var/ww/html/boot/bootstrapfs-<planetlab>.tar.bz2 on the myplc server[[BR]]
     363
     364{{{
     365newinterface={}
     366newinterface["network"]="192.1.249.128"
     367newinterface["is_primary"]=True
     368newinterface["dns1"]="192.1.249.10"
     369newinterface["dns2"]=""
     370newinterface["mac"]=""
     371newinterface["netmask"]="255.255.255.192"
     372newinterface["gateway"]="192.1.249.129"
     373newinterface["broadcast"]="192.1.249.191"
     374newinterface["ip"]="192.1.249.147"
     375newinterface["method"]="static"
     376newinterface["type"]="ipv4"
     377AddInterface("gardil.gpolab.bbn.com",newinterface)
     378
     379}}}
     380
     3815.[[BR]]
     382{{{
     383sudo sfa-import-plc.py
     384Hierarchy: creating authority: plc
     385using existing key /var/lib/sfa/authorities/plc/plc.pkey for authority plc
     386Segmentation fault
     387}}}
     388
     389If sfa-import-plc.py seg faults, it could be because pyOpenSSL is out of date. 
     390
     391Try:
     392{{{
     393sudo yum upgrade pyOpenSSL
     394}}}
     395
     396Go to the myplc web interface and the node should be available. Follow steps 15-17 to complete installation