Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Acesse a máquina virtual criada, clone o repositório com os scripts de instalação do OMF6 e execute o script de instalação:

     


    Code Block
    sudo su
    cd
    apt-get update
    apt-get install git
    git config --global http.sslverify false
    git clone https://git.rnp.br/fibre/omf6-testbed.git -b fibre
    cd omf6-testbed
    git checkout fibre
    <Configurar o domínio no arquivo  variables.conf>
    sudo bash installer.sh -> selecionar a opção 1
    rabbitmq-plugins enable rabbitmq_federation
    rabbitmq-plugins enable rabbitmq_federation_management
    rabbitmq-plugins enable rabbitmq_management
    rabbitmqctl add_user testbed testbed
    rabbitmqctl set_user_tags testbed administrator
    rabbitmqctl set_permissions -p / testbed ".*" ".*" ".*"


...

  1. Rodar bash installer.sh e seleciona a opção 21.
  2. Rodar bash installer.sh e selecionar a opção 22.
  3. Comentar a linha "database: sqlite://inventory.db"
  4. Adicionar a linha: database: postgres://postgres:postgres@localhost/inventory
  5. Trocar o campo "Server" para o que foi configurado no variables.conf
  6. Trocar o campo "Password" pela senha do amqp (padrão: testbed)

     


Code Block
omf_sfa_am:
  # This is your testbed's domain. It will be used in the URNs
  # of the resources e.g. 'urn:publicid:IDN+domain+type+name'
  domain: fibre.ufba.br
  #operation mode for OmfCommon.init (development, production, etc)
  #operationMode: production
  operationMode: development
  debug: true
  #database info
  # postgres://user:password@localhost/my_db
  #database: sqlite://inventory.db
  database: postgres://postgres:master01@localhost/inventory
  endpoints:
    -
      type: xmlrpc
      port: 8001
      ssl:
        cert_chain_file: ~/.omf/am.pem
        private_key_file: ~/.omf/am.pkey
      trusted_roots: ~/.omf/trusted_roots
    -
      type: pubsub
      protocol: amqp
      user: testbed
      password: <senha_amqp>
      server: fibre.<sigla_ilha>.br
      pubsub_opt:
        :require: omf-sfa/am/am-amqp/am_amqp
        :constructor: OMF::SFA::AM::AMQP::AMController
      auth:
        :entity_cert: ~/.omf/am.pem
        :entity_key: ~/.omf/am.pkey
        :root_cert_dir: ~/.omf/trusted_roots

  security:
    trusted_roots: ~/.omf/trusted_roots

  rest_authorization:
    type: fibre

  mapping_submodule:
      require: omf-sfa/am/mapping_submodule
      constructor: MappingSubmodule

  am_liaison:
      require: omf-sfa/am/fibre_am_liaison
      constructor: OMF::SFA::AM::FibreAMLiaison
      additional_configs:
        central_broker_base_url: https://10.128.0.210:8001/

  am_policies:
      require: omf-sfa/am/am_policies
      constructor: OMF::SFA::AM::AMPolicies

  central_broker:
      enabled: false
      subauthorities:
          domain:  omf:nitos
          address: https://nitlab.inf.uth.gr:8001/
          cert:    /root/.omf/central_broker_certs/nitlab_user_cert.pem
          key:     /root/.omf/central_broker_certs/nitlab_user_cert.pkey

 


1.5 Configuração dos RCs

  1. Abra com seu editor de texto de preferência o arquivo "/etc/omf_rc/config.yml"
    1. vim /etc/omf_rc/config.yml
  2. Deixe o arquivo da seguinte maneira:

    Code Block
    ---
    # default topic name is this machine's hostname
    # this is to ensure that every RC has its own topic and AMQP account
    environment: development
    debug: true
    communication:
      url: amqp://fibre.<sigla_ilha>.br
      user: testbed
      passwordpass: testbed
      local_address: local-fed-fibre-<sigla_ilha>-br-urn:publicid:IDN+fibre.<sigla_ilha>.br+node+xen-<%= Process.pid %>
    
    
    credentials:
      root_cert_dir: /root/.omf/trusted_roots
      entity_cert: /root/.omf/am.pem
      entity_key: /root/.omf/am.pkey
    
    resources:
    - type: node
      uid: <%= Socket.gethostname %>
    - type: hypervisor
      uid: urn:publicid:IDN+fibre.<sigla_ilha>.br+node+xen
      federate: true
      domain: fibre-<sigla_ilha>-br
      image_directory: /data/vm_images
      img_builder: fibre
      omf_opts:
        server: amqp://fibre.<sigla_ilha>.br
        user: testbed
        password: testbed
        topic: <%= Socket.gethostname %>
      hypervisor: xen
      hypervisor_uri: xen+ssh://root@10.<id_ilha>.0.30:6622
      virt_install_path: /usr/bin/virt-install
      image_template_path: /data/images_templates
      image_final_path: /data/vm_images
      ssh_params:
        ip_address: "10.<id_ilha>.0.30"
        user: <ssh_user>
        port: <ssh_port>
        key_file: "/root/.ssh/id_rsa"
     

     


    Exemplo de configuração utilizado na ilha UFRGS:

    Code Block
    ---
    # default topic name is this machine's hostname
    # this is to ensure that every RC has its own topic and AMQP account
    environment: development
    debug: true
    communication:
      url: amqp://fibre.ufrgs.br
      user: testbed
      passwordpass: testbed
      local_address: local-fed-fibre-ufrgs-br-urn:publicid:IDN+fibre.ufrgs.br+node+xen-<%= Process.pid %>
    
    
    credentials:
      root_cert_dir: /root/.omf/trusted_roots
      entity_cert: /root/.omf/am.pem
      entity_key: /root/.omf/am.pkey
    
    resources:
    - type: node
      uid: <%= Socket.gethostname %>
    - type: hypervisor
      uid: urn:publicid:IDN+fibre.ufrgs.br+node+xen
      federate: true
      domain: fibre-ufrgs-br
      image_directory: /data/vm_images
      img_builder: fibre
      omf_opts:
        server: amqp://fibre.ufrgs.br
        user: testbed
        password: testbed
        topic: <%= Socket.gethostname %>
      hypervisor: xen
      hypervisor_uri: xen+ssh://root@10.139.0.30:6622
      virt_install_path: /usr/bin/virt-install
      image_template_path: /data/images_templates
      image_final_path: /data/vm_images
      ssh_params:
        ip_address: "10.139.0.30"
        user: root
        port: 6622
        key_file: "/root/.ssh/id_rsa"
    
    


  3. Copiar a chave ssh da VM OMF para o Dom0

  4. Reinicie o serviço do RC

    1. restart omf_rc

...

  1. Abra com seu editor de preferência o arquivo "/etc/omf_rc/flowvisor_proxy_conf.yaml"
    1. nano /etc/omf_rc/flowvisor_proxy_conf.yaml
  2. Deixe-o da seguinte forma

    Code Block
    #details to be used for the connection to the pubsub server
    :pubsub:
      :protocol: amqp
      :federate: true
      :domain: fibre-<sigla_ilha>-br
      :username: <usuario>
      :password: <senha>
      :server: <endereco-do-rabbitmq-server>
    
    :debug: true
    :operationMode: development
    :uid: urn:publicid:IDN+fibre.<sigla_ilha>.br+node+flowvisor
    
    #The default arguments of the communication between this resource and the flowvisor instance
    :flowvisor:
      #The version of the flowvisor that this resource is able to control
      :version: "FV version=flowvisor-1.4.0"
      :host: "localhost"
      :path: "/xmlrc"
      :port: "8080"
      #proxy_host: ""
      #proxy_port: ""
      :user: "fvadmin"
      :password: "<Senha do fvadmin flowvisor>"
      :use_ssl: true
      :timeout: 60
    #The default parameters of a new slice. The openflow controller is assumed to be
    #in the same working station with flowvisor instance
    :slice:
      :passwd: "1234"
      :email: "nothing@nowhere"

     


    Exemplo de configuração utilizado na ilha UFRGS:

    Code Block
    #details to be used for the connection to the pubsub server
    :pubsub:
      :protocol: amqp
      :federate: true
      :domain: fibre-ufrgs-br
      :username: testbed
      :password: testbed
      :server: 10.139.11.206
    
    
    :operationMode: development
    :debug: true
    :uid: urn:publicid:IDN+fibre.ufrgs.br+node+flowvisor
    
    #The default arguments of the communication between this resource and the flowvisor instance
    :flowvisor:
      #The version of the flowvisor that this resource is able to control
      :version: "FV version=flowvisor-0.8.17"
      :host: "localhost"
      :path: "/xmlrc"
      :port: "8080"
      #proxy_host: ""
      #proxy_port: ""
      :user: "fvadmin"
      :password: "ofelia"
      :use_ssl: "true"
      :timeout: 60
    
    
    #The default parameters of a new slice. The openflow controller is assumed to be
    #in the same working station with flowvisor instance
    :slice:
      :passwd: "1234"
      :email: "nothing@nowhere"


  3. Inicie o serviço do RC

    1. chmod +x /etc/init.d/omf_flowvisor_rc
    2. /etc/init.d/omf_flowvisor_rc start

     

 



3. Configuração da VM template com RC OMF6

Dados úteis

UsuárioSenha
ufg-teaml4b0r4N#W

As VMs que irão subir utilizando o OMF6 deverão ter, necessariamente, um RC de máquina virtual configurado nelas e pronto para subir no boot, caso contrário isso irá gerar falhas no sistema. Para essa implantação disponibilizamos uma imagem que irá servir de base para esse template com os serviços já pré-configurados. Entretanto são necessários alguns ajustes, sendo assim, faça:

  1. Coloque-a no hipervisor no mesmo diretório configurado no RC do XEN no tópico 1.5 pela variável "image_template_path"
  2. Suba uma máquina virtual utilizando essa imagem template para modificarmos algumas configurações nela
  3. Modifique o arquivo "/etc/omf_rc/config.yml"
    1. Procure por:

      Code Block
      ---
      # default topic name is this machine's hostname
      # this is to ensure that every RC has its own topic and AMQP account
      environment: production
      #environment: development
      debug: true
      communication:
        url: amqp://10.<id_ilha>.11.206
        user: testbed
        password: testbed
        federate: true
        domain: fibre-<sigla_ilha>-br
      
      credentials:
        root_cert_dir: /root/.omf/trusted_roots
        entity_cert: /root/.omf/am.pem
        entity_key: /root/.omf/am.pkey
      resources:
      - type: virtual_node
        federate: true
        domain: fibre-ufrgs-br
        uid: <%= Mac.address %>
        if_name: eth0
        broker_topic_name: am_controller


    2. Substitua os valores entre <>, veja no exemplo utilizando a ilha da UFRGS que tem como id 139:

      Code Block
      ---
      # default topic name is this machine's hostname
      # this is to ensure that every RC has its own topic and AMQP account
      environment: production
      #environment: development
      debug: true
      communication:
        url: amqp://10.139.11.206
        user: testbed
        password: testbed
        federate: true
        domain: fibre-ufrgs-br
      
      credentials:
        root_cert_dir: /root/.omf/trusted_roots
        entity_cert: /root/.omf/am.pem
        entity_key: /root/.omf/am.pkey
      resources:
      - type: virtual_node
        federate: true
        domain: fibre-ufrgs-br
        uid: <%= Mac.address %>
        if_name: eth0
        broker_topic_name: am_controller


  4. Gere o certificado para a VM do OMF com o comando:

    omf_cert.rb -o /root/.omf/virtual_node.pem --email virtual_node@$DOMAIN --resource-type virtual_node --resource-id amqp://virtual_node@$XMPP_DOMAIN --root /root/.omf/trusted_roots/root.pem --duration 50000000 create_resource

  5. O comando acima, gera o arquivo /root/.omf/virtual_node.pem, o qual tem uma estrutura semelhante ao exemplo abaixo.

     

    Code Block
    -----BEGIN CERTIFICATE-----
    MIIEBDCCAuygAwIBAgIRAJRT1BAA+0Fim6xGNauVv0kwDQYJKoZIhvcNAQEFBQAw
    SzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ0wCwYDVQQKDARBQ01FMRMwEQYDVQQLDApSb2FkcnVubmVyMQswCQYDVQQDDAJzYTAeFw0xODA5MDYwMTUzMzlaFw0MDA0MDYxODQ2NTlaMIGlMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgBAoMBEFDTUUxEzARBgNVBAsMClJvYWRydW5uZXIxZTBjBgNVBAMMXGFtcXA6Ly92XJ0dWFsX25vZGVAZmlicmUucm5wLmJyL3R5cGU9dmlydHVhbF9ub2RlL3V1aWQ9
    ZTNkZTcyNmMtMDY1MS00YmEwLThhMG
    -----END CERTIFICATE-----
    -----BEGIN RSA PRIVATE KEY-----
    MIIEBDCCAuygAwIBAgIRAJRT1BAA+0Fim6xGNauVv0kwDQYJKoZIhvcNAQEFBQAw
    SzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ0wCwYDVQQKDARBQ01FMRMwEQYDVQQLDApSb2FkcnVubmVyMQswCQYDVQQDDAJzYTAeFw0xODA5MDYwMTUzMzlaFw0MDA0MDYxODQ2NTlaMIGlMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDTALBgBAoMBEFDTUUxEzARBgNVBAsMClJvYWRydW5uZXIxZTBjBgNVBAMMXGFtcXA6Ly92XJ0dWFsX25vZGVAZmlicmUucm5wLmJyL3R5cGU9dmlydHVhbF9ub2RlL3V1aWQ9
    ZTNkZTcyNmMtMDY1MS00YmEwLThhMG
    -----END RSA PRIVATE KEY-----


  6. Divida o conteúdo do arquivo em dois arquivos, deixando a primeira parte no arquivo /root/.omf/virtual_node.pem e a segunda parte no arquivo /root/.omf/virtual_node.pkey

  7. Na VM Template:  Os arquivos /root/.omf/virtual_node.pem e /root/.omf/virtual_node.pkey criados anteriormente deverão ser colocados no Template da VM, tornando-se os arquivos /root/.omf/cert.pem e /root/.omf/cert.pkey, respectivamente. Utilize a parte do certificado (e apenas a parte do certificado) dos arquivos /root/.omf/am.pem e /root/.omf/trusted_roots/root.pem na VM OMF para gerar os arquivos /root/.omf/trusted_roots/am.pem e /root/.omf/trusted_roots/root.pem, respectivamente, na VM template.

  8. Siga os passos a seguir para concluir o processo de configuração do template:

    1. Remover as bridges criadas no /etc/network/interfaces

    2. Alterar o hostname para vm-template

    3. Editar o arquivo /etc/omf_rc/config.yml

    4. Apagar authorized_keys e kown_hosts em /root/.ssh

    5. Limpar histórico do bash do usuário root:

      1. cat /dev/null > ~/.bash_history && history -c && exit

  9. Desligue a máquina e utilize essa VM de template para criação das VMS utilizando o RC do XEN.