wiki:OmniSetupGEC9Demos

Quick HOWTO

Installing omni and reserving resources

Omni is the command line client for using the GENI AM API to reserve resources. It comes as part of the 'gcf' software package. These are quick instructions for installing omni and using it to reserve resources.

Note: This is a quick version tailored to reserving resources for GEC9 plenary demos. For more on using omni and the GENI common API, there's additional documentation at http://trac.gpolab.bbn.com/gcf/wiki.

Comments? Concerns? Problems? Email us at gcf-dev at geni.net

  1. You'll need a linux box with python 2.6, gcf is not python 3 compatible.
  2. Download a copy of GCF 1.1, the GENI reference control framework software. You can get it from http://www.gpolab.bbn.com/local-sw/. Unpack into a convenient directory, <gcf>.
  3. Check the INSTALL.txt file, and install the required packages. Do not follow the instructions for setting up your omni_config file. We'll do that later. Shortcut for selected distributions:
    • Debian/Ubuntu:
      sudo apt-get install python-m2crypto python-dateutil \
                           python-pyopenssl libxmlsec1 xmlsec1 \
                           libxmlsec1-openssl libxmlsec1-dev
      
    • RedHat/Fedora:
      sudo yum install m2crypto python-dateutil pyOpenSSL xmlsec1 \
                       xmlsec1-devel xmlsec1-openssl xmlsec1-openssl-devel
      
  4. Download your ssl certificate.
    • Log into the Emulab interface of the GPO ProtoGENI: http://www.pgeni.gpolab.bbn.com If you don't know have an account, the POC for your demo should be able to approve a new account. Check with him/her or Mark, Niky, or Chaos if you need additional information (like the project name you should use when requesting an account).
    • Select the "Profile" tab.
    • If you haven't generated an SSL cert for the GPO ProtoGENI installation before, choose "Generate SSL Cert" from the menu at left, and follow the instructions. Remember your passphrase, you'll need it later.
    • Choose "Download your SSL Cert" from the menu on the left. Choose PEM format, and save the file somewhere convenient, like <~/.ssl/gpo-pgeni.pem>.
    • Optional: If you find yourself getting tired of typing your SSL cert passphrase (you'll need to type it multiple times for each omni command below), you may wish to create an unencrypted copy. You can use the commands below, but please show appropriate care.
      openssl rsa -in ~/.ssl/gpo-pgeni.pem -out ~/.ssl/gpo-pgeni-cleartext.pem
      openssl x509 -in ~/.ssl/gpo-pgeni.pem >> ~/.ssl/gpo-pgeni-cleartext.pem
      chmod 400 ~/.ssl/gpo-pgeni-cleartext.pem
      
  5. Generate an RSA public/private key pair for yourself. If you already have one that you want to reuse, fine. If not, you can make one with this command:
    ssh-keygen
    
    You'll need the public key file in the next step.
  6. Configure omni with your user information.
    • Rename the sample omni configuration file that came with the distribution.
      cd <gcf>
      mv omni_config omni_config.orig
      
    • Download the GEC9 demo omni configuration file attached below, and place it under your home directory as ~/.gcf/omni_config
    • Find your user URN with this command (using the file where you saved your SSL cert above).
      openssl x509 -noout -text -in <~/.ssl/gpo-pgeni.pem> | grep 'urn:publicid'
      

It should look something like:

urn:publicid:IDN+pgeni.gpolab.bbn.com+user+yourname
  • Edit the omni_config file, making these changes:
    • In the users section, change the urn to match yours from above.
    • In the users section, change the keys entry to point to your SSH public key file (see above).
    • In the frameworks section, change both the cert entry and the key entry to point to <~/.ssl/gpo-pgeni.pem> or whatever name you chose for your downloaded SSL cert above. (If you made an unencrypted version in step 4 above, point there instead.)
  1. Test your omni installation and configuration. In <gcf>:
    src/omni.py listresources -a https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/am
    
    You'll need to provide the passphrase you used when generating your SSL cert You should get back an XML blob that looks more like a list of resources than like an error message.
  2. Create an rspec. These are different for different resource types. GPO will help you put one together. A sample one-node ProtoGENI rspec is attached below. If you use it, you'll need to replace "pcX" with your assigned resource. You may also want to change the OS that is loaded on your box.

For sample Open Flow rspecs and tips on creating one, see http://trac.gpolab.bbn.com/gcf/wiki/OmniOpenFlow .

  1. Create a slice.
    src/omni.py createslice <myslicename>
    
  2. Extend the lifetime of the slice.
    src/omni.py renewslice <myslicename> 20101108T15:00:00Z
    
  3. Create a sliver and reserve the resources identified in your rspec.
    src/omni.py createsliver -a https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/am -n <myslicename> <rspecfile>
    
  4. Check whether your resources are ready.
    src/omni.py sliverstatus -a https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/am <myslicename>
    
    It may take several minutes to set things up.
  5. If your sliver is a myplc sliver (i.e. if you are reserving planetlab nodes), check the actual username for login (omni sometimes guesses wrong) and the sliver expiration time. The sliverstatus command reports these two things as, e.g.:
     'pl_expires': 1288185257,
     'pl_login': 'pgenigpolabbbncom_ecgtest'}
    
    The expiration date is two weeks after the creation of the slice, which may be sooner than GEC9. If so, renew the sliver until November 8th (note that the timezone syntax used here is slightly different from the renewslice syntax):
    src/omni.py renewsliver <slicename> 20101208T10:00:00
    
  6. You're good to go. Log in and use your resources. The public key(s) you generated above and listed in the user section of your omni_config file are installed on the reserved machines. You log in via ssh using the corresponding private key. When you want to give your resources back:
    src/omni.py deletesliver -a https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/am <myslicename>
    

Having multiple users accessing resources

Following the steps described above, only the user that created the slice can access the hosts that are reserved. In order to be able to have multiple users accessing the reserved hosts, only the omni_config file needs to be modified. Look at omni_multi_config for example. Basically the only change that is needed is in the Users section to change the keys entry to be a comma separated list of all the public keys that need to be installed, probably one public key per user.

If you have already created a sliver, you would need to delete the sliver and recreate it in order for the change to take effect.

For ProtoGENI hosts, after the host is reserved all users can access the host using as username the username of the person that created the slice (e.g. alice@pcX.pgeni.gpolab.bbn.com) and their own key.

Last modified 13 years ago Last modified on 01/18/11 11:14:42

Attachments (4)

Download all attachments as: .zip