EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial

Cloud Interoperability Week – Hands-On Tutorial
Madrid, Spain, September 18th, 2013
1/16Creative Commons Attribution-NonCommercial-ShareAlike License
Build your OCCI-compatible Cloud with
OpenNebula
Daniel Molina Carlos Martín
Boris Parak
The research leading to these results has received funding from Comunidad de Madrid through research grant
MEDIANET S2009/TIC-1468,
Acknowledgments

2An Introduction to Cloud Computing with OpenNebula
Agenda
Build your OCCI-compatible Cloud with OpenNebula!
●  Introduction and Architecture
●  Installation and Basic Usage
●  rOCCI on top of OpenNebula

Build your OCCI-compatible Cloud with OpenNebula
An Introduction to Cloud Computing with
OpenNebula
Daniel Molina & Carlos Martín
Project Engineers
Acknowledgments

Agenda
An Introduction to Cloud Computing with OpenNebula!
●  Infrastructure as a Service
●  The OpenNebula Model
●  The Anatomy of the Cloud

Infrastructure as a Service
Types of Cloud Services!
What Who
On-demand access
to any application
End-user
(does not care about hw or sw)
Platform for building
and delivering web
applications
Developer
(no managing of the underlying hw &
swlayers)
Raw computer
infrastructure
System Administrator
(complete management of the
computer infrastructure)
Software as a Service
Platform as a Service
Infrastructure as a
Service
Physical Infrastructure

Types of Cloud Deployments!
• Simple Web Interface
• Raw Infrastructure Resources
• Pay-as-you-go (On-demand access)
• Elastic & “infinite” Capacity
Public Cloud

Public Cloud
A “Public Cloud behind the firewall”
• Simplify internal operations
• Dynamic allocation of resources
• Higher utilization & operational savings
• Security concerns
Private Cloud

Public Cloud
Private Cloud
•  Supplement the capacity of the Private Cloud
•  Utility Computing dream made a reality!
Hybrid Cloud

Public Cloud
Private Cloud
•  Suplement the capacity of the Private Cloud
•  Utility Computing dream made a reality!
Hybrid Cloud

Challenges of IaaS Clouds!
●  How do I provision a new VM?
Image Management & Context
●  Where do I store the disks?
Storage
●  How do I set up networking for a multitier service?
Network & VLANs
●  Where do I put my web server VM?
Monitoring & Scheduling
●  How do I manage any hypervisor?
Virtualization
●  Who has access to the Cloud’s resources?
User & Role Management
●  How do I manage my distributed infrastructure?
Interfaces & APIs

●  How do I provision a new VM?
Image Management & Context
●  Where do I store the disks?
Storage
●  How do I set up networking for a multitier service?
Network & VLANs
●  Where do I put my web server VM?
Monitoring & Scheduling
●  How do I manage any hypervisor?
Virtualization
●  Who has access to the Cloud’s resources?
User & Role Management
●  How do I manage my distributed infrastructure?
Interfaces & APIs
Uniform management layer that
orchestrates multiple technologies
Challenges of IaaS Clouds!

An Uniform Management Layer!

The OpenNebula Model
●  Adaptable: Integration capabilities to fit into any data center
●  Enterprise-ready: Upgrade process and commercial support
●  No Lock-in: Broad infrastructure and platform independent
●  Light: Efficient & simple
●  Proven: Rigorously tested, mature and widely used
●  Powerful: Advanced features for virtualized
●  Scalable: single instance & multi-tier architectures
●  Be interoperable! rich set of API's & Interfaces
●  Open Source: Apache License v2
An Enterprise-ready Open-source Platform to Manage Cloud Data Centers!

Widely Used to Build Enterprise Private Clouds in Medium and Large Data Centers!
Reference Users
Survey Q2/Q3 2012 (2,500 users http://c12g.com/resources/survey/)
The OpenNebula Model

Story
A Project Aimed at Building the Industry Standard Open Cloud Management Tool!
2005
2008 2009 2010 2011 2012
• Develop & innovate
• Support the community
• Collaborate
Large-scale production
deployment: 16,000 VMs
5,000 downloads/
month
20142013
Research
Project
TP v1.0 v1.2 v1.4 v2.0 v2.2 v3.0 v3.2 v3.4 v3.6 v3.8 v4.0 V4.2

The Anatomy of the Cloud
Different Perspectives of the Cloud – Demands from the Different Communities!
Cloud Consumer
Cloud
Administrator
Cloud Integrator
Cloud Application
Developer

OpenNebula Architecture - Infrastructure Agnostic and Highly Customizable!
OpenNebula core
Virtualization Images
Storage Network
Auth
Monitoring
Scheduler
XML-RPC API
OCA (Ruby, Java)
CLI GUI
Cloud
Servers
DB
Languages

Cloud Architecture - The Internals of the Cloud!
Interfaces, Tools & API
• CLI & Sunstone (GUI)
• API
•  Cloud (EC2,OCCI)
•  Service Management & Catalogs
Compute Hosts
• Grouped into logical clusters
• Multiple hypervisors
• Monitoring
Storage
• VM disks (file & block)
• Image Distribution
• Multiple Backends
Multi-tenancy
• AAA Services
• Scheduling
• Permissions & roles
Network
• VLAN
• Firewalling
• Multiple Technologies

Basic OpenNebula Deployment!
•  Repository of VM images
•  Multiple Backends (LVM, Ceph)
Monitoring,Virtualization,
Storage and Network
•  Provides physical resources for the VMs
•  Must have a hypervisor installed

We Will Be Happy to Clarify Any Question !
Questions?

Build your OCCI-compatible Cloud with OpenNebula
Installation and Basic Usage
Daniel Molina & Carlos Martín
Project Engineer
Acknowledgments

2Installing and Basic Usage
Agenda
Installing and Basic Usage!
●  Planning the Installation
●  Virtual Lab Configuration
●  Basic Usage
●  Managing Hosts
●  Images, Networks, Templates and VMs
●  Managing Users, Quotas and ACLs
●  Logging & Debugging
●  Configuration Files
●  Appendix A - Installation

A Typical OpenNebula Environment
Planning the Installation!
•  Repository of VM images
•  Multiple Backends (LVM, Ceph)
Monitoring,Virtualization,
Storage and Network
•  Provides physical resources for the VMs
•  Must have a hypervisor installed

Required Software
Installing!
●  Head node
●  ssh, ruby
●  OpenNebula: oned, mm_sched, sunstone, …
●  Worker nodes
●  Hypervisor (KVM, Xen or VMWare)
●  ssh, ruby (Xen & KVM)
●  Optional
●  Storage Backends (LVM, iSCSI, Ceph, …)
●  Networking systems (VLAN, Open vSwitch, …)
●  Ganglia, LDAP, Apache, Nginx

Virtual Lab
Planning the Installation!
NODE 1 NODE 2

Virtual Lab
Installing!
●  Start Virtual Box
●  File > Import Appliance…
●  frontend_node1.ova & node2.ova
●  Start frontend_node1 and node2 images
●  You can access them from:
1.  VirtualBox GUI
2.  Console
●  frontend_node1 (password centos)
●  node2 (password centos)
$ ssh localhost -l root -p 2222
$ ssh localhost -l root -p 2223

CLI – node1
Basic Usage!
Hands on (node1) !
●  OpenNebula CLI Commands
# su - oneadmin
$ one[TAB]
oneuser Manage Users oneimage Manage Images
onegroup Manage Groups onetemplate Manage Templates
oneacl Manage ACLs onevm Manage VMs
onehost Manage Hosts oneacct Accounting Tool
onecluster Manage Clusters onemarket Marketplace Tool
onevnet Manage Networks onedb DB Tool
onedatastore Manage Datastores

CLI – node1
Basic Usage!
●  Get the Sunstone Login information
●  Try out sunstone!
http://localhost:9869
# (as oneadmin)
$ cat ~/.one/one_auth
oneadmin:<password>

Adding Hosts - Sunstone
Basic Usage – Hosts!
Hands on! (Sunstone)
● Create one host in Sunstone: node1
● Virtualization: KVM
● Information: KVM
● Network: dummy
● Cluster: none
● Watch transition INIT ! ON
● Click on the row for more information
● Automatic gathering of monitoring data
● Take a look at the graphs

Adding Hosts - CLI
Basic Usage – Hosts!
Hands on! (CLI)
(always as oneadmin in the Frontend – node 1)
$ onehost -help
$ onehost create -help
$ ssh node2 ls /var/tmp/one
$ onehost create node2 -i kvm -v kvm -n dummy
$ onehost list
$ onehost top
# Wait for ON ... and then CTRL-C
$ ssh node2 ls /var/tmp/one
$ onehost show node2
$ onehost show 1
$ onehost show -x 1

Adding Images
Basic Usage – Images!
● Create an Image in Sunstone
● Name: tty
● Provide a Path: /var/tmp/tutorial/ttylinux.qcow2.img
● Advanced ! Driver: qcow2
● Datastore: default
● Create!
● Watch transition LOCKED ! READY
● Ownership and Permissions (ala Unix!), Size, Driver...
Hands on! (CLI)
$ oneimage list
$ oneimage show tty
# DO NOT EXECUTE THE FOLLOWING COMMAND
$ oneimage create --name tty --driver qcow2
--path /var/tmp/tutorial/ttylinux.qcow2.img -d default

System Datastore
Basic Usage – Datastores!
● Inspect each Datastore:
● The system datastore:
● Holds images for running VMs
● The TM_MAD (transfer manager driver) is shared which means:

Shared Datastore
Basic Usage – Datastores!
● The default datastore:
● Holds images ready to be cloned or linked for VMs
● The DS_MAD is fs because our image is a regular file
● The TM_MAD (transfer manager driver) is shared which means:

Adding Networks
Basic Usage – Networks!
● Create a new Network
● Name: private
● Type: Fixed Network
● IP: 192.168.0.1 -> [ENTER] -> repeat ... -> 192.168.0.4
● Network Model: default
● Bridge: br1
br1
VM VM
Node 1
eth1
br1
Node 2
eth1
VM VM

Adding Networks
Basic Usage – Networks!
● Network extended information:
● Lease Management ! Add, Hold and Remove Leases
Hands on! (CLI)
$ cat private2.net
NAME = private2
TYPE = fixed
BRIDGE = br1
LEASES = [ IP = 10.0.0.1 ]
LEASES = [ IP = 10.0.0.2 ]
$ onevnet create private2
$ onevnet list
$ onevnet show private
$ onevnet addleases private 192.168.0.105
$ onevnet hold private 192.168.0.105

Adding Templates
Basic Usage – Template!
● A template is a Virtual Machine definition ready to be instantiated
● It has CPU, Memory, Disks, NIC, Graphical Ports, etc...
● Create a new Template:
● Name: ttylinux
● CPU: 0.1
● Memory: 64M
● Storage: tty
● Network: private
● Input/Output: VNC
● Random values in Context ! Custom Variables
● Create!

Adding Templates
Basic Usage – Template!
Hands on! (CLI)
● Try the useful --dry option in the CLI
$ onetemplate create --help
$ onetemplate create --name ttylinux --cpu 0.1
--memory 64 --disk tty --nic private --vnc --dry
NAME="ttylinux“
CPU=0.1
MEMORY=64
DISK=[
IMAGE="tty“
]
NIC=[
NETWORK="private“
]
GRAPHICS=[ TYPE="vnc", LISTEN="0.0.0.0" ]

Instantiating
Basic Usage – VMs!
● Instantiate the template
● Deploy 2 VMs
● Leave the name blank
● Watch the transition PENDING ! RUNNING
● In which host is running each VM?
● vnc (node1) ! root / password
● ifconfig ! configured using context
● ping the other machine (node2)
● Migrate / live-migrate (node2)

Main VM actions
suspend VM state saved. Kept in the host.
power off (--hard) Powers off a VM. Kept in the host.
stop VM state saved. Taken to the system datastore.
undeploy (--hard) Powers off a VM. Taken to the system datastore.
reboot (--hard) Reboots the VM.
delete --recreate Cleans the VM and moves it to PENDING.
shutdown (--hard) Powers off a VM, cleans host and VM is removed
from OpenNebula.
delete VM is immediately destroyed regardless of state.
Recommended only for oneadmin.

Other VM actions
● VM extended information tab
● Capacity - Resize VM capacity (power off –hard, first)
● Storage
● Network - Attach new nic
● create a new network ! attach nic ! reboot
● Snapshot
● create a file using VNC
● Take snapshot
● Modify the file
● Revert
● Placement
● Actions - Schedule action
● Template
● Log

Managing Users
Basic Usage – Users!
● Create new user: testuser / testpass
● Click on new user ! Update Quotas
● Enforce 1 Max VMs ! Add/edit quota
● Other possible options
● limit the use of a Datastore
● limit the use of an Image
● limit the use of a Network
● Apply changes!
● Create new ACL
● We can customize any rule extending the functionality provided by the
Unix ownership/group/permissions schema.

Logs
Basic Usage – Logging and Debugging!
● Logs are kept under /var/log/one
● oned.log: all the information related to the oned daemon. Every
request, actions and driver errors will be here.
The verbosity is set by DEBUG_LEVEL in /etc/one/oned.conf
● sched.log:has all the information related to the placement of Virtual
Machines. If a VM is not being deployed (kept in PENDING state), this
log will explain why.
● <id>.log: the log of each VM. Also accessible through Sunstone.

oned.conf
Configuration!
/etc/one/oned.conf (open this file and take a look!)
● OpenNebula Daemon:
● LOG, PORT, DB
● Monitoring Intervals:
● MANAGER_TIMER, MONITORING_INTERVAL
● Configuration options for VMs:
● VNC_BASE_PORT
● MAC_PREFIX (MAC " IP)
● DEFAULT_DEVICE_PREFIX = "hd“ (or vd, xvd, etc…)
● Drivers:
● IM_MAD, VMM_MAD, TM_MAD, DATASTORE_MAD, HM_MAD,
AUTH_MAD
● Resources:
● DEFAULT_UMASK
● VM_RESTRICTED_ATTR, IMAGE_RESTRICTED_ATTR

sched.conf
Configuration!
/etc/one/sched.conf (open this file and take a look!)
● Scheduler Daemon:
● ONED_PORT, SCHED_INTERVAL, LOG
● Dispatch Options
● MAX_VM, MAX_DISPATCH, MAX_HOST, LIVE_RESCHEDS
● Policy
● DEFAULT_SCHED (packing, striping, load-aware, custom)

We Will Be Happy to Clarify Any Question !
Questions?

Appendix A
Installation
This is just a reference of what have been done to configure the frontend_node1 and
node2 images

Installation node 1 - Frontend
Installing!
●  Activate repo and Install Packages
●  Add QEMU drivers
●  Configure NFS Server
# cp /var/tmp/tutorial/opennebula.repo /etc/
yum.repos.d/
# yum clean all
# yum install opennebula-server opennebula-sunstone
opennebula-node-kvm
# Change VM_MAD type from kvm to qemu
# cat /etc/exports
/var/lib/one
*(rw,sync,no_subtree_check,root_squash,anonuid=9869,anongid=9869)

Installation node 1 - Frontend
Installing!
●  Configure Sunstone
●  Start Services
●  Quick overview of the CLI
# service nfs start
# service libvirtd start
# service opennebula start
# service opennebula-sunstone start
# chkconfig nfs on
# gpasswd -a oneadmin wheel
# su - oneadmin
$ oneuser show
$ oneuser -help
# sed -i 's/127.0.0.1/0.0.0.0/' /etc/one/sunstone-server.conf

Installation node 2 – Worker Node
Installing!
●  Activate repo and Install Packages
●  Configure Network, Hostname, NFS and sudo
# cp /var/tmp/tutorial/opennebula.repo /etc/yum.repos.d/
# yum clean all
# yum install opennebula-node-kvm
# chkconfig NetworkManager off
# service NetworkManager stop
# echo HOSTNAME=node2 > /etc/sysconfig/network
# hostname node2
# sed -i 's/1.1.1.1/1.1.1.2/' /etc/sysconfig/network-
scripts/ifcfg-br1
# ifconfig br1 1.1.1.2/24 up
# mount –t nfs 1.1.1.1:/var/lib/one /var/lib/one
# gpasswd -a oneadmin wheel
# service libvirtd start

Configure Password-less SSH
Installing!
●  OpenNebula needs passwordless ssh access to
all the nodes from all the nodes:
# (as oneadmin)
$ ssh-keyscan node1 node2 > ~/.ssh/known_hosts
# test it!
$ ssh node2
$ exit
$ ssh node1
$ exit

EGI-InSPIRE
Build your OCCI-compatible cloud with
OpenNebula and rOCCI
Boris Parák, CESNET
EGI Technical Forum 2013, Madrid, ES 1
EGI-InSPIRE RI-261323 www.egi.eu

Tutorial Overview
1. Introduction to (r)OCCI
2. Requirements
3. rOCCI-server
3.1 Installation
3.2 Conﬁguration
3.3 Start-up
4. rOCCI-cli
4.1 Installation
4.2 Usage
5. Showcase
6. Appendix

Introduction – OCCI
• OCCI æ Open Cloud Computing Interface
• text-based protocol and API focusing on interoperability in
the cloud
• originally designed for IaaS clouds, but is extensible
• works with resources, links and mixins

Introduction – rOCCI
What is rOCCI?
• a framework implementing OCCI in Ruby
• a client providing shell-based user interface
• an open source project hosted on GitHub
• consists of rOCCI-core, rOCCI-api and rOCCI-cli
What is rOCCI-server?
• a server-side implementation leveraging rOCCI
• a bridge between OpenNebula and the world of OCCI
• stateless proxy delegating authentication, authorization
and functionality to OpenNebula

Introduction – Architecture

Introduction – Terminology

Requirements
• OpenNebula, v3.4 - v4.2
• Ruby 1.9.3
• Rubygems
• optionally, Apache2 as an application server for production
deployments

rOCCI-server – Installation
• rOCCI-server can be installed directly from its git
repository or from a zip archive
• should use a separate user account
• can be installed and distributed as a separate
ready-to-launch appliance
rOCCI-server is already installed in your VMs.

rOCCI-server – Conﬁguration
# configure authentication with OpenNebula
[oneadmin]$ oneuser create rocci $RANDOM
--driver server_cipher
[oneadmin]$ oneuser chgrp rocci oneadmin
# provide default backend configuration
[rocci]$ cd /var/tmp/rOCCI-server
[rocci]$ cp etc/backend/opennebula/opennebula.json
etc/backend/default.json
# update credentials for the rocci user
[rocci]$ vim etc/backend/default.json

rOCCI-server – Start-up
# start the passenger
[rocci]$ cd /var/tmp/rOCCI-server
[rocci]$ bundle exec passenger start
# ... and that’s it!

rOCCI-cli – Installation
• ordinary Rubygem, available as ’occi-cli’
• provides shell-based user interface
• supports basic, digest, X.509 and VOMS authentication
# check whether the client is present and works
# (run this OUTSIDE the /var/tmp/rOCCI-server directory)
[rocci]$ occi -d -v

rOCCI-cli – Usage
# all ’occi’ commands mentioned from now on
# have to be executed under the rocci user account
$ occi --help

Showcase – List
$ occi --endpoint http://localhost:3000/ --auth basic
--username oneadmin --password $PASSWD
--action list --resource storage
--action list --resource network
--action list --resource compute

Showcase – Describe
--action describe --resource storage
--action describe --resource network
--action describe --resource compute

Showcase – Instantiate
--action create --resource compute
--mixin os_tpl#ttylinux
--mixin resource_tpl#small
--attributes title=’rOCCI_VM’
--action describe --resource /compute/<id>
--action delete --resource /compute/<id>

References
What to read if you want to know more?
• http://occi-wg.org
• https://github.com/gwdg/rOCCI-server
• https://github.com/gwdg/rOCCI-core
• https://github.com/gwdg/rOCCI-api
• https://github.com/gwdg/rOCCI-cli
Do you have any questions?
• ask directly at parak@cesnet.cz
• ask in the mailing lists rocci@gwdg.de or
inspire-mp-rocci@mailman.egi.eu

Appendix – rOCCI-server
# create a user
$ useradd rocci
$ usermod -L rocci
# check Ruby version
$ su - rocci
[rocci]$ ruby -v
# install a few native dependencies
$ yum install expat-devel libxml2-devel libxslt-devel

# install the rOCCI-server itself
[rocci]$ cd /opt
[rocci]$ git clone
https://github.com/gwdg/rOCCI-server.git
# install rOCCI-server’s dependencies
[rocci]$ cd /opt/rOCCI-server
[rocci]$ bundle install
# configure authentication with OpenNebula
[oneadmin]$ oneuser create rocci $RANDOM
--driver server_cipher
[oneadmin]$ oneuser chgrp rocci oneadmin

# provide default backend configuration
[rocci]$ cp etc/backend/opennebula/opennebula.json
etc/backend/default.json
# update credentials for the rocci user
[rocci]$ vim etc/backend/default.json
# start the passenger
[rocci]$ bundle exec passenger start

Appendix – rOCCI-cli
# install a few native dependencies
$ yum install expat-devel libxml2-devel libxslt-devel
# install the client itself
$ gem install occi-cli
# check whether it works
$ occi -d -v

EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (12)

Similar to EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial

Similar to EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial (20)

More from OpenNebula Project

More from OpenNebula Project (20)

Recently uploaded

Recently uploaded (20)

EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial