wiki:GeniApiInstallationMyPlc

Version 1 (modified by tmitchel@bbn.com, 14 years ago) (diff)

--

MyPLC & SFA Installation and Configuration

Start at step 9 if your VM was installed with myplc by the sysadmin
Start at step 1 if your VM is a vanilla fedora8 VM

Install myplc using a vanilla fedora VM

  1. Install Fedora 8 in a virtual machine

  1. Add the MyPLC yum repository:
    sudo sh -c 'echo "[myplc]" > /etc/yum.repos.d/myplc.repo'
    sudo sh -c 'echo "name= MyPLC" >> /etc/yum.repos.d/myplc.repo'
    sudo sh -c 'echo "baseurl=http://build.planet-lab.org/planetlab/f8/pl-f8-i386-4.3-k22-latest/RPMS/" >> /etc/yum.repos.d/myplc.repo'
    sudo sh -c 'echo "enabled=1" >> /etc/yum.repos.d/myplc.repo'
    sudo sh -c 'echo "gpgcheck=0" >> /etc/yum.repos.d/myplc.repo'
    
  1. Install MyPLC (and about fifty other packages):
    sudo yum install myplc
    
  1. Configure Iptables to allow incoming http and SFA connections
    Edit /etc/sysconfig/iptables/
# Webservers should allow inbound HTTP connections
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# Ports needed for SFA work
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12345 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12346 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12347 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12348 -j ACCEPT

  1. Make sure selinux is disabled
  • edit /etc/selinux/config (as root) to set SELINUX=disabled

  1. Make sure apache is installed. The version does not matter.
  1. Configure some PLC variables:
    sudo plc-config-tty
    
    In plc-config-tty:
    • Enter 'u' to make "usual" changes. Change the following settings (leave the others as they are):
      • PLC_NAME : A name to identify your MyPLC instance, e.g. "JBS PLC"
      • PLC_SHORTNAME : A shorter identifying name, e.g. "jbsplc"
      • PLC_SLICE_PREFIX : The prefix for slice names, e.g. jbspl (NOTE: Do not use underscores here, or you'll get "PLC: Bootstrapping the database: [FAILED]" at PLC startup)
      • PLC_ROOT_USER : Your e-mail address, e.g. "Josh Smift" (NOTE: Do not use a plus character here, or sfa_import.py will fail later)
      • PLC_ROOT_PASSWORD : A (new for this purpose) password you know
      • PLC_MAIL_ENABLED : [false] true
      • PLC_MAIL_SUPPORT_ADDRESS : [root+support@localhost.localdomain] plc-admin@<FQDN of the machine >
      • PLC_WWW_HOST : The name where you'd like to run the MyPLC web site (e.g. the FQDN of the machine, or localhost.localdomain)
      • PLC_NET_DNS1 : The first nameserver in resolv.conf on the system (e.g. "192.1.249.10")
      • PLC_NET_DNS2 : The second nameserver in resolv.conf on the system, if there is one
    • When it drops back to the prompt, enter 's PLC_DB_PASSWORD' to display the PLC DB password, and note it down (SFA will need this later).
    • Enter 'w' to save changes, then 'q' to quit.
  1. Reboot the machine. plc will start automatically on bootup
ps -ef | grep plc
root      6394     1  0 May21 ?        00:00:00 plc_httpd
nobody    6715     1  0 May21 ?        00:00:00 plc_dnsmasq
apache    8538  6394  0 12:47 ?        00:00:00 plc_httpd
apache    8928  6394  0 13:24 ?        00:00:00 plc_httpd
apache    8943  6394  0 13:24 ?        00:00:00 plc_httpd
apache    8944  6394  0 13:24 ?        00:00:00 plc_httpd
apache    8949  6394  0 13:24 ?        00:00:00 plc_httpd
apache    8950  6394  0 13:24 ?        00:00:00 plc_httpd
apache    8951  6394  0 13:24 ?        00:00:00 plc_httpd
apache    8952  6394  0 13:24 ?        00:00:00 plc_httpd
agosain   9344  9315  0 13:58 pts/0    00:00:00 grep plc

Start Here if you requested a Myplc VM from the sysadmin

  1. Set up ~/.sfi, and create a new SSH key and config file for the admin user of myplc
    mkdir ~/.sfi
    ssh-keygen -f .sfi/root.pkey -N ''
    rm ~/.sfi/*.cert
    
  1. List and take note of plc-config-tty variables as you will need them later
$ sudo plc-config-tty
Enter command (u for usual changes, w to save, ? for help) u
== PLC_NAME : [myplc2.gpolab.bbn.com] 
== PLC_SHORTNAME : [myplc2] 
== PLC_SLICE_PREFIX : [gpotest] 
== PLC_ROOT_USER : [root@localhost.localdomain] 
== PLC_ROOT_PASSWORD : [root] 
== PLC_MAIL_ENABLED : [true] 
== PLC_MAIL_SUPPORT_ADDRESS : [plc-admin@myplc2.gpolab.bbn.com] 
== PLC_DB_HOST : [128.89.91.3] 
== PLC_API_HOST : [128.89.91.3] 
== PLC_WWW_HOST : [128.89.91.3] 
== PLC_BOOT_HOST : [128.89.91.3] 
== PLC_NET_DNS1 : [128.33.0.20] 
== PLC_NET_DNS2 : [128.33.1.20] 
Enter command (u for usual changes, w to save, ? for help) s PLC_DB_PASSWORD
PLC_DB_PASSWORD = 02d32348-2480-464e-a3b8-a00f4ddeac36
Enter command (u for usual changes, w to save, ? for help) q

  1. Browse to your MyPLC web interface by the name you used for PLC_WWW_HOST above, via HTTPS, and log in using the username and password you used as PLC_ROOT_USER and PLC_ROOT_PASSWORD above.
  • Replace the default key with your the SSH public key you created a moment ago:
    • On the home page, select My Account on the left menu bar.
    • Scroll down to "One Key", and click on the arrow next to it.
    • Select the box next to the existing key, and click "Remove keys".
    • Click "Browse..." to find your public key, and upload it
  1. Create a new site in myplc, this is where your nodes will get installed
    • Click "logout of <myplc_instance_name>"
    • On the left menu bar, click "File a site registration"
    • Fill out the long form -- make sure that site name and login base are the same
      • Site name: gpotest same as login base
      • login base: gpotest same as site name
      • abbreviated: gpotest
      • URL: http://some.dummy.url.net
      • Lat/Long: 1
      • Max slices: 100
      • For Principal Investigator information use the same email and password as for PLC_ROOT_USER and PLC_ROOT_PASSWORD
      • Fill the rest in with dummy information
    • Log back into myplc as admin, and click on 'pending requests' in the sites section on the left menu
    • Click on the site name
    • Hit the approve button

  1. Create a new user in myplc, this is where your slices will get created
    • Click "logout of <myplc_instance_name>"
    • Click on "Create an Account"
    • First name: *
    • Last name: *
    • E-mail: Your E-mail address must be able to receive e-mail and will be used as your username:
    • Password: *
    • Site: Select the site where you belong :
    • Enable your account
    • Go to My Account-> All Accounts->Click on your account-> Enable
    • Replace the default key with your the SSH public key:
    • On the home page, select My Account on the left menu bar.
    • Scroll down to "No Key", and click on the arrow next to it.
    • Click "Browse..." to find your public key, and upload it
  1. Add your PlanetLab nodes to the new site. Make sure the sysadmin tells you the port number on power1.gpolab.bbn.com the node is connected to.

power1.gpolab.bbn.com is the power controller for the node to control remote reboots

  • We want to only focus on this new site, gpolab1, so remove other sites from the account
    • Click on My Account on left menu
    • Click on '2 sites' down arrow
    • Click on any sites that aren't 'gpolab1' and hit the remove sites button
  • Now logout and log back in as root
  • NOTE The Add node option and Register Node option on the web interface do the same thing. However, our DNS entries 128.33.0.20 is not accepted by the Add Node tab as the routine complains about
 Cannot create entry as address is not in /25 network
  • Click on 'Register Node' under admin search on left menu and add your node (must use a full hostname)
    • Fill in the information
Register a New PCU
Site: gpolab1	   	
Model: 	APC Ap79XXX sequence 1-2-1-port-3
Hostname: power1.gpolab.bbn.com	
IP Address: 192.1.249.15
Username: <ask sysadmin> 	
Password: <ask sysadmin>
Site	  gpolab1
Hostname  saba.gpolab.bbn.com	
Model	  Custom
Method	   Static
IP address 128.89.91.14	
Netmask	   255.255.255.128
Network	   128.89.91.0
Broadcast  128.89.91.127
Gateway	   128.89.91.1
DNS 1	   128.33.0.20
DNS 2	   128.33.1.20

  1. After the node shows up in the site it was created in, Select "Reinstall" for "Preferred Boot State" and "download iso .." for "Download"
  1. Save the ISO file , burn it on a CD and install it on the node
  1. It will take 10 minutes for the node to install completely and the "Observed Boot state" will change from "Reinstall" to "Boot"

Install SFA

  1. Installing SFA
    sudo yum update fedora-release
    sudo yum install sfa sfa-plc sfa-client
    

To install from SVN (should not normally be needed)

sudo yum update fedora-release
sudo yum install m2crypto python-dateutil python-psycopg2 myplc-config pyOpenSSL python-ZSI libxslt-python xmlsec1-openssl-devel python-lxml
svn co http://svn.planet-lab.org/svn/sfa/branches/geni-api
cd geni-api
make
sudo make install
  1. Configure some SFA variables:
    sudo sfa-config-tty
    
    In sfa-config-tty:
    • Enter 'u' to make "usual" changes. Anywhere you see localhost, replace that with your server's domain or IP address. Other specific changes are:
      • SFA_INTERFACE_HRN: This should be 'plc.gpotest'. In general it is plc.X where X is your PLC slice prefix from above
      • SFA_REGISTRY_ROOT_AUTH: this should be 'plc'
      • SFA_PLC_USER: The same as PLC_ROOT_USER above
      • SFA_PLC_PASSWORD: The same as PLC_ROOT_PASSWORD above
      • SFA_PLC_DB_PASSWORD: PLC sets this, run 'plc-config-tty'
      • type 'l' to list variables, and copy the PLC_DB_PASSWORD value
    • Enter 'w' to save changes, then 'q' to quit.
  1. Start up SFA once, to create the initial /etc/sfa/sfa_config.py, and stop it again:
    sudo service sfa reload
    
  1. Import your PLC database into SFA:
    sudo sfa-import-plc.py  # if this fails, try running sfa-nuke-plc.py and then running again
    
  1. Start up SFA again:
    sudo service sfa start
    
  1. Create the SFA client's config file. use the primary user name which myplc knows about. In this case it is root@localhost.localdomain. Be sure to use your new site's name, such as 'gpolab1'
    echo 'SFI_AUTH="plc.gpotest.gpolab1"' > .sfi/sfi_config
    echo 'SFI_USER="plc.gpotest.gpolab1.root"' >> .sfi/sfi_config
    echo 'SFI_REGISTRY="http://localhost:12345"' >> .sfi/sfi_config
    echo 'SFI_SM="http://localhost:12347"' >> .sfi/sfi_config
    echo 'SFI_GENI_AM="http://localhost:12348"' >> .sfi/sfi_config
    
  1. Test that it works:
    sfi.py list plc.gpotest.gpolab1
    
    Expect output like this:
    plc.gpotest.gpolab1.jbs (user)
    ...
    
    And then run this:
    sfi.py resources
    
    It should give you back some xml.. and not an error.
  • Further testing information will be written soon.

GOTCHAS


sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Cert URN is not an extension of its parent: plc.gpotest
  • Clean up all of the keys imported from the old sfa-import-plc and run it over again
/etc/init.d/sfa/stop
rm -rf /var/lib/sfa/authorities
rm /etc/sfa/trusted_roots/* 
sfa-nuke-plc.py
sfa-import-plc.py
/etc/init.d/sfa/start

sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Connection Key GID mismatch: plc.gpotest.gpolabr2.root
  • did you upload the new public key to myplc web interface; My Account for the primary user of myplc

rerun sfa-import-plc.py

sfi.py list plc.gpotest.gpolab1

sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Cert
an extension of its parent: plc.gpotest
  • Make sure the user in the key-gen step is the primary user of myplc
SFI_USER="plc.gpolab.gpolabr2.root"
ssh-keygen -f .sfi/root.pkey -N ''

4.

Adding a node using planetlab CLI. This is a work around for "Add Node" not working and an alternative to the web interface "Register Node"

sudo plcsh

Once inside the plantlab shell type these commands and press enter after each line

newnode={}
newnode["boot_state"]="reinstall"
newnode["model"]="Custom"
newnode["deployment"]="planetlab"
newnode["hostname"]="gardil.gpolab.bbn.com"
AddNode("<login base of your site>",newnode) 

Note : make sure that the

newnode["deployment"]="planetlab"

field value matches the value under <> brackets /var/ww/html/boot/bootstrapfs-<planetlab>.tar.bz2 on the myplc server

newinterface={}
newinterface["network"]="192.1.249.128"
newinterface["is_primary"]=True
newinterface["dns1"]="192.1.249.10"
newinterface["dns2"]=""
newinterface["mac"]=""
newinterface["netmask"]="255.255.255.192"
newinterface["gateway"]="192.1.249.129"
newinterface["broadcast"]="192.1.249.191"
newinterface["ip"]="192.1.249.147"
newinterface["method"]="static"
newinterface["type"]="ipv4"
AddInterface("gardil.gpolab.bbn.com",newinterface)

5.

sudo sfa-import-plc.py
Hierarchy: creating authority: plc
using existing key /var/lib/sfa/authorities/plc/plc.pkey for authority plc
Segmentation fault

If sfa-import-plc.py seg faults, it could be because pyOpenSSL is out of date.

Try:

sudo yum upgrade pyOpenSSL

Go to the myplc web interface and the node should be available. Follow steps 15-17 to complete installation