[[PageOutline]] == '''Omni Tutorial''' == [[br]] = Prework = 1. Download and install [http://www.virtualbox.org/ VirtualBox] on your machine, we have tested versions 4.1.12 * If your computer runs Ubuntu 10.04 which comes with !VirtualBox 3.1.6_OSE, please download the latest version of !VirtualBox. 2. [https://www.geni.net Download] the VM image 3. Run !VirtualBox and Import Appliance (File->Import Appliance), accept the default settings for the VM. * If you are using a FAT32 filesystem you will NOT be able to load the image. 4. Start the VM and log in 5. Change the default password, on the task bar on the top, click on the right on the user 'geni', and choose the Change Password button. 6. Verify that the VM has connectivity. Start Firefox (shortcut on the top bar) and try to load Google. If you can't reach any website, restore VM's Network connection. * On the far right on the top bar, there is the network icon (two opposite facing arrows). * Click that icon and choose 'Auto eth0'. * Try loading the webpage again. = Useful Tips = * You '''can copy-paste''' between the host and the guest VM. * In the terminal within the VM, use '''Ctrl-Shift-C to copy''' and '''Ctrl-Shift-V to paste'''. * vim and emacs editors are installed on the VM, so feel free to use them for editing your files. * To replace a pattern within the file: * If you are using vim, while in command mode, type: {{{ %s/pattern/replace_text/gc }}} And press 'y' for the instances of the pattern you want replaced, 'n' otherwise. * If you are using emacs, press Alt-x and then type: {{{ query-replace }}} and press ENTER. Enter the pattern to be replaced, press ENTER, enter the text you want to replace it with and press ENTER. Press 'y' for the instances of the pattern you want replaced, 'n' otherwise. * If you want to have a shared folder between your machine and the VM so that it's easier to transfer files during the tutorial, you have to do this before starting the VM. Follow [http://ozz314.wordpress.com/2008/05/08/virtualbox-shared-folders-between-ubuntu-guest-and-mac-host/ these instructions] * If you get an error running Omni, look at the [http://trac.gpolab.bbn.com/gcf/wiki/OmniTroubleShoot troubleshoot page] for help. * rspeclint = 1. Using Omni = == 1a. Configure Omni == In order to configure Flack, you needed to login to your account in Emulab and instruct Flack to load your user information (certificate and public keys). For Omni we need to do something similar. Omni uses a configuration file, and there is a script that will automatically generate the file with some default options and place it in the default place of ~/.gcf/. Go back to your browser, and go to the Emulan tab. On the left of your screen, there should be a link "Download your cert". Click on that and select the option about downloading as a pem file. Save this page under ~/.ssl/geni_cert.pem. Open a terminal window and type : {{{ omni-configure.py }}} This should configure your Omni, with your downloaded certificate and an ssh key pair for logging in to the nodes. Open the file `~/.gcf/omni_config` using either vim or emacs. Close to the top of the file you will see two parameters called `default_cf` and `users`. Your username should be at least listed in the user section. Look for the sections in the file that are named `[pgeni]` and `[gpousr##]`. In the pgeni section you configure Omni to use your personal information. The cert and the key attribute point to files that we have manually downloaded from pgeni.gpolab.bbn.com. This is equivalent to the Download action of Flack. In the `[gpousr##]` section, the information need for logging-in to reserved compute resources are provided. It includes you unique URN and a public key that would be uploaded to the hosts that you will reserve during the tutorial. Another interesting section to look at is the `[aggregate-nicknames]` sections. Flack already knows the URL for all the AMs and present you a list of AMs to choose from using a short, descriptive name. In Omni a user is required to pass the URL for each call to the GENI AM API. In this section the user get a chance to provide short descriptive names to the URLs that are easier to memorize and use. == 1b. Clear the passphrase from your cert == When you first logged in to Flack, you had to type your passphrase (password). Flack cashes this information and re-uses it for the duration of the session. Omni will ask you for the phrase multiple times per command. To save time during the tutorial, we are going to remove the passphrase from your cert. There is a script to clear your passphrase. Run : {{{ clear-pem-cert.py }}} Use the same password as in Flack. Verify that you have the necessary credential and key files {{{ ls ~/.ssh ~/.ssl }}} The output looks like : {{{ geni@geni-vm:~$ ls ~/.ssh ~/.ssl /home/geni/.ssh: config geni_key geni_key.pub /home/geni/.ssl: geni_cert_enc.pem geni_cert.pem }}} || geni_cert.pem || Cleartext certificate, i.e. does not require any passphrase || || geni_cert_enc.pem || Encrypted certificate || || geni_key || The private key that gpousr25 would use to login to the nodes || || geni_key.pub || The corresponding public key that gpousr25 will ask to be loaded to the nodes || == 1c. Test Omni setup == In order to test that our configuration is correct, you can issue a getversion command. For this step we have used !PlanetLab's AM, but you can use any Aggregate Manager(AM). {{{ omni.py getversion -a http://www.planet-lab.org:12346 }}} Or equivalently using the !PlanetLab nickname: {{{ omni.py getversion -a plc }}} For the rest of the tutorial we are going to use aggregate nicknames. == 1d. Omni Commands == === Listresources in Omni === Flack goes behind the scenes and call listresources for the AMs that you chose, and draws the resources in a map. In Omni in order to see what is available in each AM you will have to manually invoke listresources. Invoke listresources on utah's ProtoGENI cluster {{{ omni.py listresources -a pg-utah -o }}} The `-o` option will save the output to a file. The filename is chosen by Omni and printed as part of the output. For user gpousr25 this will look like : === Listmyslices in Omni === Both Flack and Omni can see all the slices that are created by a user. In Flack there is a list of slices under the user on the left side of the window. In order to see your active slices with Omni, you will have to use the `listmyslices` command. {{{ omni.py listmyslices gpousr## }}} For user gpousr25, this would look like : {{{ }}} === Omni Scripting === After reserving the nodes, you are ready to login. When reserving !PlanetLab resources, using a ProtoGENI clearinghouse, the login name that should be used to access the nodes is ''''not'''' the username. The login is listed as part of the sliverstatus call. For common functionality like this that is expected to be used often, omni gives you the capability of writing scripts and including omni as a library. Under the /home/geni/gcf directory there is a folder 'examples' that includes example python scripts that use Omni. One script that is available is the ''readyToLogin.py'' script that will return the exact command for logging-in to your nodes. {{{ readyToLogin -a sliceomni## }}} The script will return the actual command that you would need to use for logging in. = 2. Sending IP traffic = We will start testing our setup by sending IP traffic between our hosts. == 2a. Login to PCUT == First login to the PCUT host. To do that go the Flack page and press the (i) button on the PCUT box. On the screen that will come up press the 'SSH' button. == 2b. Ping VMUT == After you login to the PCUT, try to ping VMUT. To figure out what is the IP address of VMUT, go back to Flack and press on the (i) of the link between VMUT and PCUT. The information on that page should tell you what is the IP of that node. Run : {{{ ping }}} An example output should look like : {{{ [[inki@pcut ~]$ ping 10.10.2.1 -c 5 PING 10.10.2.1 (10.10.2.1) 56(84) bytes of data. 64 bytes from 10.10.2.1: icmp_seq=1 ttl=64 time=1.95 ms 64 bytes from 10.10.2.1: icmp_seq=2 ttl=64 time=2.27 ms 64 bytes from 10.10.2.1: icmp_seq=3 ttl=64 time=2.04 ms 64 bytes from 10.10.2.1: icmp_seq=4 ttl=64 time=1.95 ms 64 bytes from 10.10.2.1: icmp_seq=5 ttl=64 time=1.72 ms --- 10.10.2.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4005ms rtt min/avg/max/mdev = 1.728/1.992/2.278/0.179 ms }}} From PCUT you should also be able to ping PCRemote. The IP of PCRemote is '''"10.10.4.2"'''. {{{ [inki@pcut ~]$ ping 10.10.4.2 -c 5 PING 10.10.4.2 (10.10.4.2) 56(84) bytes of data. 64 bytes from 10.10.4.2: icmp_seq=1 ttl=64 time=2.39 ms 64 bytes from 10.10.4.2: icmp_seq=2 ttl=64 time=0.218 ms 64 bytes from 10.10.4.2: icmp_seq=3 ttl=64 time=2.32 ms 64 bytes from 10.10.4.2: icmp_seq=4 ttl=64 time=0.253 ms 64 bytes from 10.10.4.2: icmp_seq=5 ttl=64 time=2.33 ms --- 10.10.4.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4004ms rtt min/avg/max/mdev = 0.218/1.504/2.398/1.037 ms }}} Now let's try and ping the PCRemote from VMUT. Login to VMUT and run: {{{ ping 10.10.4.2 -c 5 -w 5 }}} The ping should timeout. The output should look like : {{{ [inki@VMUT ~]$ ping 10.10.4.2 -c 5 -w 5 PING 10.10.4.2 (10.10.4.2) 56(84) bytes of data. --- 10.10.4.2 ping statistics --- 6 packets transmitted, 0 received, 100% packet loss, time 4998ms }}} == 2c. Enable IP forwarding at PCUT == The ping fails because although PCRemote and VMUT are both connected to PCUT, the PCUT is not configured to route packets. Check the IP routing flag : {{{ [inki@pcut ~]$ cat /proc/sys/net/ipv4/ip_forward 0 }}} To enable IP forwarding run : {{{ echo "1" | sudo tee /proc/sys/net/ipv4/ip_forward }}} Now try to ping again from VMUT. The output should look like : {{{ [inki@VMUT ~]$ ping 10.10.4.2 -c 5 PING 10.10.4.2 (10.10.4.2) 56(84) bytes of data. 64 bytes from 10.10.4.2: icmp_seq=1 ttl=63 time=4.02 ms 64 bytes from 10.10.4.2: icmp_seq=2 ttl=63 time=3.48 ms 64 bytes from 10.10.4.2: icmp_seq=3 ttl=63 time=3.44 ms 64 bytes from 10.10.4.2: icmp_seq=4 ttl=63 time=3.46 ms 64 bytes from 10.10.4.2: icmp_seq=5 ttl=63 time=3.44 ms --- 10.10.4.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 3998ms rtt min/avg/max/mdev = 3.444/3.574/4.028/0.233 ms }}} Congrats you were able to run a multihop IP experiment. = 3. Sending Layer 2 traffic = GENI provides the capability of creating diverse, layer two topologies. The topology you have created includes connection at Layer 2. The layer two part of your topology looks like this; the actual info of your topology might be different. In this exercise we are going to send layer 2 traffic between the hosts of our topology. == 3a. Bring Down IP at PCUT == First of all lets bring down the IP configuration from our hosts. At the terminal of PCUT first run ifconfig to figure out which are the dataplane interfaces. Run : {{{ /sbin/ifconfig }}} The output should look like : {{{ [inki@pcut ~/pingPlus]$ /sbin/ifconfig VLAN02 Link encap:UNSPEC HWaddr 9B-62-24-9B-6F-00-F4-EF-00-00-00-00-00-00-00-00 inet addr:192.168.5.2 P-t-P:192.168.5.2 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) eth0 Link encap:Ethernet HWaddr 00:02:B3:23:6D:12 inet addr:155.98.36.155 Bcast:155.98.39.255 Mask:255.255.252.0 inet6 addr: fe80::202:b3ff:fe23:6d12/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9593 errors:0 dropped:0 overruns:0 frame:0 TX packets:1119 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1823255 (1.7 MiB) TX bytes:118901 (116.1 KiB) eth1 Link encap:Ethernet HWaddr 00:02:B3:23:6D:13 inet addr:10.10.2.2 Bcast:10.10.2.255 Mask:255.255.255.0 inet6 addr: fe80::202:b3ff:fe23:6d13/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:82 errors:0 dropped:0 overruns:0 frame:0 TX packets:54 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7542 (7.3 KiB) TX bytes:4632 (4.5 KiB) eth2 Link encap:Ethernet HWaddr 00:03:47:94:C5:7B inet addr:10.10.4.1 Bcast:10.10.4.255 Mask:255.255.255.0 inet6 addr: fe80::203:47ff:fe94:c57b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:41 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2794 (2.7 KiB) TX bytes:3338 (3.2 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:57 errors:0 dropped:0 overruns:0 frame:0 TX packets:57 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4913 (4.7 KiB) TX bytes:4913 (4.7 KiB) }}} The two interface that are connected to VMUT and PCRemote are eth1 and eth2 respectively. To bring them down run : {{{ sudo /sbin/ifconfig eth1 0.0.0.0 sudo /sbin/ifconfig eth2 0.0.0.0 }}} == 3b. Run Layer 2 Ping == From VMUT try to ping PCUT. First we will need to figure out the MAC address of PCUT. We can find the MAC address the same way as the IP addresses byt checking the information on the link. You will need to use the ethernet type that is given in your account slip. Run : {{{ cd pingPlus sudo ./pingPlus }}} The result should look like : {{{ [inki@VMUT ~/pingPlus]$ sudo ./pingPlus 00:24:E8:7A:97:DD eth419 10000 audit_log_user_command(): Connection refused RQ:'9561+2063' to 0:24:e8:7a:97:dd. RL:9561+2063=11624 from 0:24:e8:7a:97:dd. }}} == 3c. Enable Layer 2 forwarding at PC@Utah == = 4. Cleanup resources = Although all your reservations, have expiration times, its always good practice to release the resources after your experiment is over to make them available to other experimenters. === Deletesliver with Omni === For each createsliver that you have run, you will need to run deletesliver to release the resources {{{ omni.py deletesliver -a sliceomni## }}} You can not delete your slice. Although this will be cleaned up when it expires, it should be an empty container and thus does not hold up any resources. Congratulations, you have finished the tutorial! Now you are ready to design and run your own experiments. Don't hesitate to [mailto:help@geni.net email us] with any questions you might have. = 5. Fill out the tutorial survey = We love to hear what you think so that we can improve the tutorials in the future. Please complete the [https://docs.google.com/spreadsheet/viewform?formkey=dHpkWWd3UXdFZ0tZa0Q5TkNNb3JOY0E6MA#gid=0 online survey] and get a temporary GENI tatoo! = 6. Get Your Own Account = The accounts, that you used in the above steps will be deactivated after the tutorial. If you do not already have an account at GPO's ProtoGENI cluster, you should get your own account so that you can further experiment with GENI. If you would like to run your own experiments in this infrastructure, please contact us at [mailto:help@geni.net] to get a permanent account. Look at the [http://trac.gpolab.bbn.com/gcf/wiki/OmniConfigure Omni Configuration page] about how to configure your Omni with your personal info. = AM URL Table = || AM || Nickname ||URL || || Utah's ProtoGENI || pg-utah || http://www.emulab.net/protogeni/xmlrpc/am || || Kentucky's ProtoGENI || pg-ky ||https://www.uky.emulab.net/protogeni/xmlrpc/am || || OTHER || || || || !PlanetLab ||plc||http://www.planet-lab.org:12346 || || GPO's ProtoGENI || pg-gpo ||http://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/am ||