Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Generate an empty VM with XEN

 

Install the xen-tools to automate  the creation of the VM template.

Code Block
apt-get install xen-tools

Edit the /etc/xen-tools/xen-tools.conf file and add the following line:

Code Block
dir = /data/vm_storage

Save the file and create the directory:

Code Block
mkdir -p /data/vm_storage

Generate a new VM image to be used as the default VM template for experiments.

Code Block
xen-create-image --install-method=debootstrap --dist wheezy --pygrub --password=openflow --ip 10.XXX.0.254 --netmask=255.255.0.0 --gateway=10.XXX.0.30 --bridge=br_control --hostname=fibre-default
Note
Note: Substitute the 'XXX' with your assigned island ID.
Warning

The default root password of the template VM should be "openflow"

 

Start the VM:
Code Block
xm create -c fibre-default.cfg
Note
Note: Login using the default root password: openflow

 

 Install the required packages on the created VM:
Code Block
apt-get update
apt-get install libpam-ldap nscd libnss-ldap vlan
Warning
Note: Use the default options when the package settings are requested. These will be configured manually later.
Note

Optionally install desired default packages:

Code Block
apt-get install vim less netcat-openbsd iperf htop
Warning
Note: Update the /etc/resolv.conf file to the DNS of your island or use the DNS server of the Fibre NOC (10.128.0.80)

Shutdown the VM:

Code Block
shutdown -h now

Configuring the LDAP authentication

Mount the VM template image to a directory:

Code Block
mount -o loop /data/vm_storage/domains/fibre-default/disk.img /mnt
cd /mnt


Update the folowing files inside the VM template image:


File #1: /mnt/etc/libnss-ldap.conf

The file should have the following contents:

base dc=fibre

uri ldap://ldap.INSTITUTION.fibre.org.br

ldap_version 3

nss_base_passwd dc=fibre?subtree?userEnable=TRUE


Note: The INSTITUTION field should be changed so that it suits the LDAP of your institution.

 

File #2: /mnt/etc/pam_ldap.conf

The file should have the following contents:

base dc=fibre

uri ldap://ldap.INSTITUTION.fibre.org.br

ldap_version 3

pam_password crypt

Note: The INSTITUTION field should be changed so that it suits the LDAP of your institution.

 

File #3: /mnt/etc/pam.d/common-auth

Append the following lines to the end of the file:

auth required    pam_access.so

auth sufficient pam_ldap.so use_first_pass

account [default=bad success=ok user_unknown=ignore authinfo_unavail=ignore] pam_ldap.so

password sufficient pam_ldap.so use_authtok

session optional pam_ldap.so

 

File #4: /mnt/etc/pam.d/common-session 

Append the following lines to the end of the file:

session required pam_mkhomedir.so skel=/etc/skel umask=0022

 

File #5: /mnt/etc/ldap/ldap.conf

The file should have the following contents:

BASE dc=fibre

URI ldap://ldap.INSTITUTION.fibre.org.br

Note: The INSTITUTION field should be changed so that it suits the LDAP of your institution.

 

File #6: /mnt/etc/security/access.conf

The file should have the following contents:

+:root:LOCAL

+:__projectId:ALL

-:ALL:ALL

 

File #7: /mnt/etc/nsswitch.conf

The file should have the following contents:

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       ldap

 

File #8: /mnt/etc/ssh/sshd_config

Edit the following line to disable root ssh access.

PermitRootLogin no


Packaging the Template:

Access the directory where the VM template image is mounted:

Code Block
cd /mnt

Compact the template image:

Code Block
tar pcfz default.tar.gz *


Move the image to the OXA template directory:

Code Block
mkdir /opt/ofelia/oxa/cache/templates/default
mv default.tar.gz /opt/ofelia/oxa/cache/templates/default/

 

Umount the VM image:

Code Block
cd
umount /mnt


Create the hash signature of the template:

Code Block
cd /opt/ofelia/oxa/cache/templates/default/
md5sum default.tar.gz > default.hash
cp default.hash .default.hash