[[PageOutline]] = MyPLC & SFA Installation and Configuration = Start at step 9 if your VM was installed with myplc by the sysadmin[[BR]] Start at step 1 if your VM is a vanilla fedora8 VM[[BR]] === Install myplc using a vanilla fedora VM === 1. Install Fedora 8 in a virtual machine * See [wiki:GeniApiInstallingFedora8 Installing Fedora 8] for info and tips for configuring Fedora 8 for MyPLC [[BR]] 2. Add the MyPLC yum repository: {{{ sudo sh -c 'echo "[myplc]" > /etc/yum.repos.d/myplc.repo' sudo sh -c 'echo "name= MyPLC" >> /etc/yum.repos.d/myplc.repo' sudo sh -c 'echo "baseurl=http://build.planet-lab.org/planetlab/f8/pl-f8-i386-4.3-k22-latest/RPMS/" >> /etc/yum.repos.d/myplc.repo' sudo sh -c 'echo "enabled=1" >> /etc/yum.repos.d/myplc.repo' sudo sh -c 'echo "gpgcheck=0" >> /etc/yum.repos.d/myplc.repo' }}} 3. Install MyPLC (and about fifty other packages): {{{ sudo yum install myplc }}} 4. Configure Iptables to allow incoming http and SFA connections[[BR]] Edit /etc/sysconfig/iptables/ {{{ # Webservers should allow inbound HTTP connections -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT # Ports needed for SFA work -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12345 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12346 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12347 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12348 -j ACCEPT }}} 5. Make sure selinux is disabled[[BR]] * edit /etc/selinux/config (as root) to set SELINUX=disabled 6. Make sure apache is installed. The version does not matter.[[BR]] 7. Configure some PLC variables: {{{ sudo plc-config-tty }}} In plc-config-tty: * Enter 'u' to make "usual" changes. Change the following settings (leave the others as they are): * PLC_NAME : A name to identify your MyPLC instance, e.g. "JBS PLC" * PLC_SHORTNAME : A shorter identifying name, e.g. "jbsplc" * PLC_SLICE_PREFIX : The prefix for slice names, e.g. jbspl (NOTE: Do not use underscores here, or you'll get "PLC: Bootstrapping the database: [FAILED]" at PLC startup) * PLC_ROOT_USER : Your e-mail address, e.g. "jbs@bbn.com" (NOTE: Do not use a plus character here, or sfa_import.py will fail later) * PLC_ROOT_PASSWORD : A (new for this purpose) password you know * PLC_MAIL_ENABLED : [false] true * PLC_MAIL_SUPPORT_ADDRESS : [root+support@localhost.localdomain] plc-admin@ * PLC_WWW_HOST : The name where you'd like to run the MyPLC web site (e.g. the FQDN of the machine, or localhost.localdomain) * PLC_NET_DNS1 : The first nameserver in resolv.conf on the system (e.g. "192.1.249.10") * PLC_NET_DNS2 : The second nameserver in resolv.conf on the system, if there is one * When it drops back to the prompt, enter 's PLC_DB_PASSWORD' to display the PLC DB password, and note it down (SFA will need this later). * Enter 'w' to save changes, then 'q' to quit. 8. Reboot the machine. plc will start automatically on bootup {{{ ps -ef | grep plc root 6394 1 0 May21 ? 00:00:00 plc_httpd nobody 6715 1 0 May21 ? 00:00:00 plc_dnsmasq apache 8538 6394 0 12:47 ? 00:00:00 plc_httpd apache 8928 6394 0 13:24 ? 00:00:00 plc_httpd apache 8943 6394 0 13:24 ? 00:00:00 plc_httpd apache 8944 6394 0 13:24 ? 00:00:00 plc_httpd apache 8949 6394 0 13:24 ? 00:00:00 plc_httpd apache 8950 6394 0 13:24 ? 00:00:00 plc_httpd apache 8951 6394 0 13:24 ? 00:00:00 plc_httpd apache 8952 6394 0 13:24 ? 00:00:00 plc_httpd agosain 9344 9315 0 13:58 pts/0 00:00:00 grep plc }}} === Start Here if you requested a Myplc VM from the sysadmin === 9. Set up ~/.sfi, and create a new SSH key and config file for the admin user of myplc {{{ mkdir ~/.sfi ssh-keygen -f .sfi/root.pkey -N '' rm ~/.sfi/*.cert }}} 10. List and take note of plc-config-tty variables as you will need them later {{{ $ sudo plc-config-tty Enter command (u for usual changes, w to save, ? for help) u == PLC_NAME : [myplc2.gpolab.bbn.com] == PLC_SHORTNAME : [myplc2] == PLC_SLICE_PREFIX : [gpotest] == PLC_ROOT_USER : [root@localhost.localdomain] == PLC_ROOT_PASSWORD : [root] == PLC_MAIL_ENABLED : [true] == PLC_MAIL_SUPPORT_ADDRESS : [plc-admin@myplc2.gpolab.bbn.com] == PLC_DB_HOST : [128.89.91.3] == PLC_API_HOST : [128.89.91.3] == PLC_WWW_HOST : [128.89.91.3] == PLC_BOOT_HOST : [128.89.91.3] == PLC_NET_DNS1 : [128.33.0.20] == PLC_NET_DNS2 : [128.33.1.20] Enter command (u for usual changes, w to save, ? for help) s PLC_DB_PASSWORD PLC_DB_PASSWORD = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx Enter command (u for usual changes, w to save, ? for help) q }}} 11. Browse to your MyPLC web interface by the name you used for PLC_WWW_HOST above, via HTTPS, and log in using the username and password you used as PLC_ROOT_USER and PLC_ROOT_PASSWORD above. * Replace the default key with your the SSH public key you created a moment ago: * On the home page, select ''My Account'' on the left menu bar. * Scroll down to "One Key", and click on the arrow next to it. * Select the box next to the existing key, and click "Remove keys". * Click "Browse..." to find your public key, and upload it 12. Create a new site in myplc, this is where your nodes will get installed * Click "logout of " * On the left menu bar, click "File a site registration" * Fill out the long form -- make sure that site name and login base are the same * Site name: gpotest // same as login base * login base: gpotest // same as site name * abbreviated: gpotest * URL: http://some.dummy.url.net * Lat/Long: 1 * Max slices: 100 * For Principal Investigator information use the same email and password as for PLC_ROOT_USER and PLC_ROOT_PASSWORD * Fill the rest in with dummy information * Log back into myplc as admin, and click on 'pending requests' in the sites section on the left menu * Click on the site name * Hit the approve button 13. Create a new user in myplc, this is where your slices will get created * Click "logout of " * Click on "Create an Account" * First name: * * Last name: * * E-mail: Your E-mail address must be able to receive e-mail and will be used as your username: * Password: * * Site: Select the site where you belong : * Enable your account * Go to My Account-> All Accounts->Click on your account-> Enable * Replace the default key with your the SSH public key: * On the home page, select ''My Account'' on the left menu bar. * Scroll down to "No Key", and click on the arrow next to it. * Click "Browse..." to find your public key, and upload it 14. Add your !PlanetLab nodes to the new site. Make sure the sysadmin tells you the port number on power1.gpolab.bbn.com the node is connected to.[[BR]] power1.gpolab.bbn.com is the power controller for the node to control remote reboots * We want to only focus on this new site, gpolab1, so remove other sites from the account * Click on My Account on left menu * Click on '2 sites' down arrow * Click on any sites that aren't 'gpolab1' and hit the remove sites button * Now logout and log back in as root * '''NOTE''' The Add node option and Register Node option on the web interface do the same thing. However, our DNS entries 128.33.0.20 is not accepted by the Add Node tab as the routine complains about {{{ Cannot create entry as address is not in /25 network }}} * Click on 'Register Node' under admin search on left menu and add your node (must use a full hostname) * Fill in the information {{{ Register a New PCU Site: gpolab1 Model: APC Ap79XXX sequence 1-2-1-port-3 Hostname: power1.gpolab.bbn.com IP Address: 192.1.249.15 Username: Password: }}} {{{ Site gpolab1 Hostname saba.gpolab.bbn.com Model Custom Method Static IP address 128.89.91.14 Netmask 255.255.255.128 Network 128.89.91.0 Broadcast 128.89.91.127 Gateway 128.89.91.1 DNS 1 128.33.0.20 DNS 2 128.33.1.20 }}} 15. After the node shows up in the site it was created in, Select "Reinstall" for "Preferred Boot State" and "download iso .." for "Download" 16. Save the ISO file , burn it on a CD and install it on the node 17. It will take 10 minutes for the node to install completely and the "Observed Boot state" will change from "Reinstall" to "Boot" === Install SFA === 1. Installing SFA via RPM (the SFA packages come from the same yum repo added in step 2 of installing myplc) {{{ sudo yum update fedora-release sudo yum install sfa sfa-plc sfa-client }}} To install from SVN (should not normally be needed) {{{ sudo yum update fedora-release sudo yum install m2crypto python-dateutil python-psycopg2 myplc-config pyOpenSSL python-ZSI libxslt-python xmlsec1-openssl-devel python-lxml svn co http://svn.planet-lab.org/svn/sfa/branches/geni-api cd geni-api make sudo make install }}} 2. Configure some SFA variables: {{{ sudo sfa-config-tty }}} In sfa-config-tty: * Enter 'u' to make "usual" changes. Anywhere you see localhost, replace that with your server's domain or IP address. Other specific changes are: * SFA_INTERFACE_HRN: This should be 'plc.gpotest'. In general it is plc.X where X is your PLC slice prefix from above * SFA_REGISTRY_ROOT_AUTH: this should be 'plc' * SFA_PLC_USER: The same as PLC_ROOT_USER above * SFA_PLC_PASSWORD: The same as PLC_ROOT_PASSWORD above * SFA_PLC_DB_PASSWORD: PLC sets this, run 'plc-config-tty' * type 'l' to list variables, and copy the PLC_DB_PASSWORD value * Enter 'w' to save changes, then 'q' to quit. 3. Start up SFA once, to create the initial /etc/sfa/sfa_config.py, and stop it again: {{{ sudo service sfa reload }}} 4. Import your PLC database into SFA: {{{ sudo sfa-import-plc.py # if this fails, try running sfa-nuke-plc.py and then running again }}} 5. Start up SFA again: {{{ sudo service sfa start }}} 6. Create the SFA client's config file. use the primary user name which myplc knows about. In this case it is root@localhost.localdomain. Be sure to use your new site's name, such as 'gpolab1' {{{ echo 'SFI_AUTH="plc.gpotest.gpolab1"' > .sfi/sfi_config echo 'SFI_USER="plc.gpotest.gpolab1.root"' >> .sfi/sfi_config echo 'SFI_REGISTRY="http://localhost:12345"' >> .sfi/sfi_config echo 'SFI_SM="http://localhost:12347"' >> .sfi/sfi_config echo 'SFI_GENI_AM="http://localhost:12348"' >> .sfi/sfi_config }}} 7. Test that it works: {{{ [jkarlin@dhcp89-081-074 client]$ sfi.py GetVersion {'geni_api': 1, 'sfa': 1} }}} The version call is a GENI API call, and should return 'geni_api': Some other things you can try to make sure SFA is properly configured: {{{ sfi.py list plc.gpotest.gpolab1 }}} Expect output like this: {{{ plc.gpotest.gpolab1.jbs (user) ... }}} And then run this: {{{ sfi.py resources }}} It should give you back some xml.. and not an error. * Further testing information will be written soon. ''' GOTCHAS ''' 1. [[BR]] {{{ sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Cert URN is not an extension of its parent: plc.gpotest }}} * Clean up all of the keys imported from the old sfa-import-plc and run it over again {{{ /etc/init.d/sfa/stop rm -rf /var/lib/sfa/authorities rm /etc/sfa/trusted_roots/* sfa-nuke-plc.py sfa-import-plc.py /etc/init.d/sfa/start }}} 2. [[BR]] {{{ sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Connection Key GID mismatch: plc.gpotest.gpolabr2.root }}} * did you upload the new public key to myplc web interface; '' My Account '' for the primary user of myplc[[BR]] rerun sfa-import-plc.py {{{ sfi.py list plc.gpotest.gpolab1 }}} 3. [[BR]] {{{ sfa.util.xmlrpcprotocol.ServerException: : get_self_credential: Cert an extension of its parent: plc.gpotest }}} * Make sure the user in the key-gen step is the primary user of myplc [[BR]] {{{ SFI_USER="plc.gpolab.gpolabr2.root" }}} {{{ ssh-keygen -f .sfi/root.pkey -N '' }}} 4.[[BR]] Adding a node using planetlab CLI. This is a work around for "Add Node" not working and an alternative to the web interface "Register Node" {{{ sudo plcsh }}} Once inside the plantlab shell type these commands and press enter after each line[[BR]] {{{ newnode={} newnode["boot_state"]="reinstall" newnode["model"]="Custom" newnode["deployment"]="planetlab" newnode["hostname"]="gardil.gpolab.bbn.com" AddNode("",newnode) }}} ''' Note ''' : make sure that the [[BR]] {{{ newnode["deployment"]="planetlab" }}} field value matches the value under <> brackets /var/ww/html/boot/bootstrapfs-.tar.bz2 on the myplc server[[BR]] {{{ newinterface={} newinterface["network"]="192.1.249.128" newinterface["is_primary"]=True newinterface["dns1"]="192.1.249.10" newinterface["dns2"]="" newinterface["mac"]="" newinterface["netmask"]="255.255.255.192" newinterface["gateway"]="192.1.249.129" newinterface["broadcast"]="192.1.249.191" newinterface["ip"]="192.1.249.147" newinterface["method"]="static" newinterface["type"]="ipv4" AddInterface("gardil.gpolab.bbn.com",newinterface) }}} 5.[[BR]] {{{ sudo sfa-import-plc.py Hierarchy: creating authority: plc using existing key /var/lib/sfa/authorities/plc/plc.pkey for authority plc Segmentation fault }}} If sfa-import-plc.py seg faults, it could be because pyOpenSSL is out of date. Try: {{{ sudo yum upgrade pyOpenSSL }}} Go to the myplc web interface and the node should be available. Follow steps 15-17 to complete installation