2. Findings Summary. Resolved Issues



Similar documents
Getting Started. Visit the website at

HOW TO CREATE A SLICE IN GENI?

Hadoop Data Warehouse Manual

VPN Web Portal Usage Guide

Partek Flow Installation Guide

Secure File Transfer Installation. Sender Recipient Attached FIles Pages Date. Development Internal/External None 11 6/23/08

Generating and Renewing an APNs Certificate. Technical Paper May 2012

Source Code Management for Continuous Integration and Deployment. Version 1.0 DO NOT DISTRIBUTE

mypro Installation and Handling Manual Version: 7

Recommended File System Ownership and Privileges

RecoveryVault Express Client User Manual

Online Backup Linux Client User Manual

Online Backup Client User Manual

Configuring MailArchiva with Insight Server

Using the Push Notifications Extension Part 1: Certificates and Setup

Installation Instructions

System Administration Training Guide. S100 Installation and Site Management

1. Product Information

Online Backup Client User Manual Linux

insync Installation Guide

Installation and Setup Guide

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

Virtual Appliance Installation Guide

Verax Service Desk Installation Guide for UNIX and Windows

Ciphermail Gateway Separate Front-end and Back-end Configuration Guide

VMware Identity Manager Administration

NSi Mobile Installation Guide. Version 6.2

WatchGuard Dimension v1.1 Update 1 Release Notes

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

CDH installation & Application Test Report

MassTransit 6.0 Enterprise Web Configuration for Macintosh OS 10.5 Server

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.0

Online Backup Client User Manual

IIS, FTP Server and Windows

Secure Shell. The Protocol

Postgres Enterprise Manager Installation Guide

École des Ponts Paristech DSI. Installing OpenVPN

Zend Server Amazon AMI Quick Start Guide

S3 Monitor Design and Implementation Plans

Enterprise SSL Support

Online Backup Client User Manual

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

Online Backup Client User Manual Mac OS

Online Backup Client User Manual Mac OS

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

MSOW. MSO for the Web MSONet Workstation Configuration Guide

Encrypted File Transfer - Customer Testing

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Step by step guide for installing highly available System Centre 2012 Virtual Machine Manager Management server:

Getting Started with the Ed-Fi ODS and Ed-Fi ODS API

Contents Set up Cassandra Cluster using Datastax Community Edition on Amazon EC2 Installing OpsCenter on Amazon AMI References Contact

Using Microsoft Visual Studio API Reference

HOWTO configure Xinu under Virtual Box

Signiant Agent installation

Computer Science and Engineering Linux Cisco VPN Client Installation and Setup Guide

Sophos Mobile Control Installation guide. Product version: 3

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

AVG Business SSO Partner Getting Started Guide

Installation Guide. (You can get these files from

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.0

Cloud Homework instructions for AWS default instance (Red Hat based)

VERSION 9.02 INSTALLATION GUIDE.

How to: Install an SSL certificate

QMX ios MDM Pre-Requisites and Installation Guide

Sophos Mobile Control Installation guide

McAfee SMC Installation Guide 5.7. Security Management Center

2X Cloud Portal v10.5

VPN AND CITRIX INSTALLATION GUIDE

NaviCell Data Visualization Python API

Installation, Configuration and Administration Guide

Introweb Remote Backup Client for Mac OS X User Manual. Version 3.20

FortiClient SSL VPN Client User s Guide

Smartphone Pentest Framework v0.1. User Guide

Configure Single Sign on Between Domino and WPS

Aspera Connect Linux 32/64-bit. Document Version: 1

SETTING UP A LAMP SERVER REMOTELY

VMware vcenter Log Insight Getting Started Guide

Cloud Backup Express

Web Conferencing Version 8.3 Troubleshooting Guide

Marriott Enrollment Server for Web User Guide V1.4

Installing an open source version of MateCat

Addonics T E C H N O L O G I E S. NAS Adapter. Model: NASU Key Features

Aspera Connect User Guide

JAMF Software Server Installation and Configuration Guide for Windows. Version 9.3

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

VMware vcenter Support Assistant 5.1.1

Integrating Mac OS X 10.6 with Active Directory. 1 April 2010

Shakambaree Technologies Pvt. Ltd.

Generating the APNs certificate is a three-step process: Download the AirWatch-signed CSR from the AirWatch Admin Console.

SMS for Outlook. Installation, Configuration and Usage Guide

A Brief Guide to Certificate Management

SQL Server 2008 R2 Express Edition Installation Guide

EMC Data Protection Search

Administering FileVault 2 on OS X Lion with the Casper Suite. Technical Paper July 2012

NEW AND IMPROVED! INSTALLING an IRC Server (Internet Relay Chat) on your WRT54G,GS,GL Version 1.02 April 2 nd, Rusty Haddock/AE5AE

Installation Guide for Pulse on Windows Server 2012

Mac OS X. Staff members using NEIU issued laptops and computers on Active Directory can access NEIU resources that are available on the wired network.

Sophos Mobile Control Installation guide. Product version: 3.5

Local Caching Servers (LCS): User Manual

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Transcription:

Experiences from Deployment of LAMP/PerfSONAR to explore Infrastructure Measurement Slices in GENI Shriram R Ramamurthy, shriram@oar.net; Prasad Calyam, pcalyam@oar.net (Work in Progress) January 2012 1. Purpose of this Document This document describes findings from our experiments to deploy LAMP/perfSONAR (http://groups.geni.net/geni/wiki/lamp) on the GENI infrastructure and to explore the instrumentation and measurement related capabilities for setting up infrastructure measurement slices. Although a LAMP tutorial exists at: http://groups.geni.net/geni/wiki/lamp/tutorial, we initially faced difficulties in re-producing the tutorial steps. In the course of our experiments between October 2011 to December 2011, we worked closely with the LAMP project team to get our issues resolved, and also provided feedback to them to update their documentation and scripts to help future experimenters. 2. Findings Summary Resolved Issues 1. In the first steps, we encountered a Hardware Error problem; there was a hardware error being thrown during the process of creating sliver or getting a ticket to the sliver creation. This error stated: OS 'GeniSlices/UBUNTU91- LAMP' (OS-2283) does not run on this hardware type! This error was reported to the LAMP team and they sent us a patch update that resolved this problem. 2. LAMP does not support the version 2 RSpec format. The lampsendmanifest.py script s execution threw an error indicating the incompatible RSpec version. Also, when the code was manually modified to use the correct RSpec version, the PEM Passphrase request did not pop up. This problem was reported and finally we got a corrected script from the LAMP team. The corrected script has now been posted on the main LAMP wiki. 3. The error-handling messages were not informative; the wrong script that was hosted at the main LAMP wiki, when used, did not throw an error, when the PEM Passphrase was not prompted. The process continued and the lampgetcertificate.py script threw an error. 4. The documentation for bundle certificates was not mentioned in the main LAMP wiki, this resulted in a problem where the tests on being scheduled and pushed to the UNIS, cannot be pulled to view the results. This bug was fixed after the LAMP team got back saying that the getacerts script at /usr/local/etc/protogeni/ssl/getcacerts needs to be run before the systems are

Open Issues rebooted. This was not run earlier as the main LAMP wiki said that the bootstrap command invokes this script, but in our case as well as in other cases as mentioned to us by the LAMP team, it failed to do so. 1. The slice renewal is a problem. The slice currently expires automatically after around 6 hours and we lose all the data, and we have to follow all of the installation steps again to continue running LAMP in our slice. We are trying to automatically kick off a renewal script run via the crontab feature in Linux to see if we can keep the slice up and running for extended durations. 2. BWCTL (throughput) results were not available after the tests were pushed to the UNIS server, and the LAMP team suggested that we get back to see the results after some considerable time has passed by, but still the results are not available. We plan to follow-up with the LAMP team about getting this issue resolved. 3. Technical Terms What is a LAMP Portal? A useful resource for experimenters, which enables configuration, query and visualization of I&M services data. When a slice with LAMP on multiple-nodes is setup, there is a LAMP image deployed on a separate node that hosts the portal, which can then be used as a starting point to interact with the other nodes and the services in the slice. What is UNIS? Unified Network Information Service provides a combined service: Lookup Service, Topology Service. The topology data of the slice (specified in the RSpec) needs to be uploaded to the UNIS. After the upload, users can interact with the perfsonar services within the slice. 4. Step-by-step Process that worked for us We now describe the steps we took to create a slice, getting a LAMP certificate for the slice, uploading the topology to UNIS, and finally enabling the instrumentation and measurement services for the slice. Step-1: Creating the RSpec We need to create an RSpec, which contains various resource specifications and topology. The LAMP uses a variant of the UBUNTU image. This wiki follows the usage of the default RSpec that has been provided in the LAMP wiki. <rspec xmlns="http://protogeni.net/resources/rspec/0.2" xmlns:lamp="http://protogeni.net/resources/rspec/0.2/ext/lamp/1"> <node virtual_id="node1" virtualization_type="raw" exclusive="1" startup_command="/usr/local/etc/lamp/bootstrap.sh urn:publicid:idn+emulab.net+slice+slice_name

urn:publicid:idn+emulab.net+user+user_name"> <node_type type_name="pc" type_slots="1"/> <disk_image name="urn:publicid:idn+emulab.net+image+genislices//ubuntu91- LAMP" /> <lamp:config /> <interface virtual_id="iface0"/> </node> <node virtual_id="node2" virtualization_type="raw" exclusive="1" startup_command="/usr/local/etc/lamp/bootstrap.sh urn:publicid:idn+emulab.net+slice+slice_name urn:publicid:idn+emulab.net+user+user_name"> <node_type type_name="pc" type_slots="1"/> <disk_image name="urn:publicid:idn+emulab.net+image+genislices//ubuntu91- LAMP" /> <lamp:config /> <interface virtual_id="iface0"/> </node> <link virtual_id="link1" > <interface_ref virtual_node_id="node1" virtual_interface_id="iface0"/> <interface_ref virtual_node_id="node2" virtual_interface_id="iface0"/> <link_type type_name="ethernet" /> <latency>100</latency> <packet_loss>0.05</packet_loss> </link> <node virtual_id="lamp" virtualization_type="raw" exclusive="1" startup_command="/usr/local/etc/lamp/bootstrap.sh urn:publicid:idn+emulab.net+slice+slice_name urn:publicid:idn+emulab.net+user+user_name"> <node_type type_name="pc" type_slots="1"/> <disk_image name="urn:publicid:idn+emulab.net+image+genislices//ubuntu91- LAMP" /> <lamp:config> <lamp:service type="lamp_portal" enable="true" /> </lamp:config> </node> </rspec> NOTE: The RSpec has a bootstrap script i.e., the getacerts script, which needs to be run once the system boots. If we do not specify this, we need to run it every time we restart the perfsonar services. As pointed out in the Section 2 (Resolved Issues), often this script has to be run manually even though you specify it in the bootstrap. NOTE: After completion of Step-1, you should download the protogeni-testscripts bundle for further progress. These scripts are available at - http://www.emulab.net/downloads/protogeni-tests.tar.gz. Then make sure that your Mac/PC is running Python version 2.6.x. This is a strict requirement. The protogeni-

testscripts are compatible with Python 2.6.x alone. And you may get error throws if you try with Python 2.7 even though it s an enhanced release. There must also be an M2Crypto Python Library present on your Mac/PC. Absence of this library may cause Certificate Errors. Make sure you are using version 0.20.1 or above of M2Crypto as recommended by the official website http://chandlerproject.org/bin/view/projects/metoocrypto. NOTE: You may need to resolve a set of dependencies when trying to import the M2Crypto library for Python2.6. Many OS may have the latest version or some other versions of Python, so once the Python2.6 tar ball has been downloaded and installed, we need to go ahead and do ln command for changing the hard link to python. Usually the executable of Python is in /usr/bin or /usr/local/bin, which python command will tell the path, after getting the path do ln s path/to/python2.6 existing/python/path. M2Crypto is dependent on SWIG that has a Perl regular expression parser and hence will require PCRE. The PCRE latest builds can be obtained at http://www.pcre.org/. Once PCRE has been installed, then we can go ahead and install SWIG. The latest builds can be found at http://www.swig.org/download.html. Now make sure that the OpenSSL that is installed on your Mac/PC has a version of at least 0.9.8. OpenSSL might require the openssl-devel install for perfect compiling of M2Crypto. M2Crypto uses the SWIG features, which are essential for building the M2Crypto package. They are: -python -I/usr/local/include/python2.6 - I/usr/include/openssl -includeall -D i386 -cpperraswarn. These flags are essential for a graceful build of M2Crypto. For Fedora users, try the sh fedora_setup.sh build and sh fedora_setup.sh install. This will fix the include flag dependency, by using the proper SWIG features. If this still throws dependency errors of missing config files of SWIG, try uncommenting the finalize_options function s code parts of the setup.py file, in the M2Crypto untar directory. Please reboot your Mac/PC at the end to make the changes effective. Step-2: Slice Creation Next we need to create a slice. Before starting the process, please make sure you have your public key uploaded to the Emulab profile and also have the public/private pair in ~/.ssl directory. Then also make sure that you have the SSL certificate generated in the Emulab profile and have it download into the ~/.ssl/encrypted.pem. For more information in the slice creation and certificate generation in Emulab, please visit: http://www.protogeni.net/trac/protogeni/wiki/tutorial. Step-3: Get Credential We need to get the credential from the Slice Authority (SA) that grants the user a signed document containing the privileges and permissions. This is a credential provided to the user by the local SA i.e., Emulab in our case. Please run the getcredential script from the protogeni-testscripts bundle. python getcredential.py This provides us with the signed credential.

Step-4: Register a Slice Now we need to register a slice name. Please run the registerslice script. python registerslice.py n slice_name The n option if overridden, we get a default slice created as mytestslice. So please make sure you provide the n option else don t use the n option along with any other script. Step-5: Allocating Resources Now we need to allocate the resources. This can be done in two ways. We can either request a ticket and redeem a ticket and then renew a ticket or we can go ahead with the createsliver option (recommended option!) Once you create a slice, we next need to establish a sliver which can hold the resources. Please run the createsliver script. python createsliver.py n slice_name rspec_file.xml This returns the manifest returned for this instance, which we can store in the lampmanifest.xml file. You may not get a manifest return here, as createsliver.py is a bundled script, which does all the operations of requesting and redeeming a ticket. So in this case please use the getmanifest.py script, which is a part of the protogeni-testscripts bundle, to get the output throw of the manifest. Once we have created the sliver, we need to renew it before we start any experiments. The createsliver script, creates the sliver for a specific amount of time, which usually is not enough to do prolonged work, and suddenly you lose the sliver which causes the work to stop abruptly. So we also renew it side by side. python renewslice.py n slice_name time_to_renew_in_minutes NOTE: Renewing the slice automatically renews the containing sliver too. You can find it in the output throw Step-6: Upload to UNIS After creating the slice and the sliver and renewing the sliver too, we need to upload the topology to the UNIS. The topology, which is represented as a RSpec, needs to be converted into a UNIS schema. This is taken care by the script lampsendmanifest.py. But this script has some requirements. The UNIS will always require the slice credential for identification, and also the manifest which we obtained earlier when we allocated the resources. We use the getslicecredential script for the obtaining the slice credential. python getslicecredential.py n slice_name > lamp-credential.xml NOTE: We need to remove the first line in the stored file lamp-credential.xml, so that the signature check sees it as a signature. python lamp-sendmanifest.py lamp-manifest.xml urn:publicid:idn+emulab.net+slice+slice_name lamp-credential.xml

We get an output throw, which shows the message we sent to UNIS. Then we get a prompt for pass phrase. Upon the correct pass phrase enter; we get the data elements successfully replaced message. This means that the topology is now uploaded successfully in the UNIS. Use the lamp-getmanifest.py script to obtain the lampmanifest.xml file s content. Step-7: LAMP Certificate We now have to upload the LAMP certificate to all the nodes in our slice. We need to upload the certificate to the /usr/local/etc/protogeni/ssl/lampcert.pem. The file name in the nodes must for sure be lampcert.pem. But you may have any file name in your local directory. python lamp-getcertificate.py n slice_name The resulting certificate throw, needs to be stored in a file and then uploaded to the location as specified above. [Assume it is stored in lampcert.pem in the local directory also]. grep login lamp-manifest.xml bash-3.2$ grep "login" lamp-manifest.xml <services><login authentication="ssh-keys" hostname="pc117.emulab.net" port="22" username=user_name/></services></node> <services><login authentication="ssh-keys" hostname="pc104.emulab.net" port="22" username=user_name/></services></node> <services><login authentication="ssh-keys" hostname="pc142.emulab.net" port="22" username=user_name/></services></node> bash-3.2$ We need to upload the lampcert.pem in our local directory to the /usr/local/etc/protogeni/ssl/lampcert.pem in the nodes we have obtained above. Now all we need to do is to ssh to the nodes above and load this lampcert.pem file into the specified location. NOTE: You may get a permission denied when you try to ssh into the nodes. Use the i flag of the ssh to direct the ssh to read from the ~/.ssl/your_private_key. Now after uploading the lampcert.pem from the local directory to the location in the nodes [this can either be achieved by scp or by simply copy pasting after ssh to the nodes], we need to run the following shell script: bash-3.2$ cat shell.sh for node in node1 node2 node3; do ssh -i ~/.ssl/your_private_key user_name@$node "sudo mv lampcert.pem /usr/local/etc/protogeni/ssl/lampcert.pem" ssh -i ~/.ssl/your_private_key user_name@$node "sudo chown root.perfsonar /usr/local/etc/protogeni/ssl/lampcert.pem"

ssh -i ~/.ssl/your_private_key user_name@$node "sudo chmod 440 /usr/local/etc/protogeni/ssl/lampcert.pem" ssh i ~/.ssl/your_private_key user_name@$node "sudo /usr/local/etc/lamp/bootstrap.sh urn:publicid:idn+emulab.net+slice+geni1 urn:publicid:idn+emulab.net+user+shriram" ssh -i ~/.ssl/your_private_key user_name@$node "sudo perl /usr/local/etc/protogeni/ssl/getcacerts" ssh -i ~/.ssl/your_private_key user_name@$node "sudo /etc/init.d/psconfig restart" done bash-3.2$ Step-8: Browser Access Now after restarting the perfsonar-ps Services in the nodes, we can access the LAMP portal. NOTE: To access the LAMP portal, we need to upload a certificate to the browser. Follow the below steps to upload a certificate if you are using the Firefox web-browser. The portal access works fine with Firefox and Google Chrome. It does not work well with Safari. Go to your user profile page on the Utah Emulab. Click 'Generate SSL Cert' on the left. Enter a password and remember it. Immediately click on the pkc12 format download and store it locally. Then feel free to click on the Download [1 st option] option and copy the certificate and paste it in the ~/.ssl/encrypted.pem. This is to update your local certificate as you have changed it now. Open Firefox, select Preferences [command+, for mac] Select Advanced Tab and choose Encryption sub tab. Check the Select One Automatically radio button. Click View Certificates and select Your Certificates tab. Import the pkc12 format you downloaded locally and save the settings. Now open the https://pc142.emulab.net/lamp/ [Here pc142 is the lamp node] Only the lamp node, see the Rspec, can be accessed via the web portal. Then Select the Add Exception, and you will reach the lamp portal of the node. Step-9: Completing LAMP Deployment The rest of the steps are as specified in the main LAMP wiki: http://groups.geni.net/geni/wiki/lamp/tutorial from Step 6.

5. Conclusion In the above, we have described the complete details of the first five steps along with the [NOTE] tags, which are likely the error possibilities in getting LAMP successfully deployed in your GENI slice. Although the main LAMP wiki is very helpful, and the LAMP team is very responsive to help requests, our overall experience showed that the documentation in the main LAMP wiki needs to be more informative. Also, due to the dependencies of the LAMP software, there might be other challenges that may arise across Mac/PC platforms. 6. References [1] http://groups.geni.net/geni/wiki/lamp/tutorial [2] http://www.protogeni.net/trac/protogeni/wiki/tutorial [3] https://www.protogeni.net/trac/protogeni/wiki/flashclientsetup [4] http://groups.geni.net/geni/wiki/gir3.2_lamp [5] Inputs from: Matthew Jaffee mjaffee@indiana.edu; lamp@damsl.cis.udel.edu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information