HOW TO CREATE A SLICE IN GENI?

HOW TO CREATE A SLICE IN GENI?

Computer Science, North Carolina State University July, 2012

*Notice that all the steps are tested on Ubuntu 10.04 platform only.

Step by step: How to create and use a GENI slice using

ORCA-Flukes GUI

1) On command line, first do “sudo apt-get install build-essential” to install basic packages.

2) Get a GENI credential from https://www.pgeni.gpolab.bbn.com/ via email to GENI GPO and advisor confirmation. Make sure all passwords are same. So that you will have an account and will be able to see the following page by logging into

https://www.pgeni.gpolab.bbn.com/

2) From “Download” link above you will have the SSL certificate and should be saved as a .pem file (acbabaog-ssl.pem). You can double check the X509 certificate via

Run “openssl x509 -text -in acbabaog-ssl.pem” on command line and you should see the credential belongs to you.

3) Java6SE needs to be installed. To install Java 6 JDK on Linux,

http://www.oracle.com/technetwork/java/javase/downloads/jdk6-downloads-1637591.html

Run a “sh jdk-6u33-linux-i586.bin” and copy the inflated directory /usr/java and set $JAVA_HOME to java executable and $PATH to Java bin. Type java -version to verify. 4) ORCA Flukes uses java key store (JKS) and in order to import certificate into it, a tool called Portecle is used. From http://portecle.sourceforge.net/ click on “Launch” to

download. This may not work if browser is not recognizing Java. In that case, download portecle.jnlp manually from http://portecle.sourceforge.net/webstart/portecle.jnlp . Run “javaws portecle.jnlp”.

4a) Click on “new keystore” and select JKS, and click OK.

4b) Click on “Import key pair”and select the downloaded .pem certificate file and enter the password for it. Click ok on the key pair and select the alias as your name (example: acbabaog)

4c) Save the keystore as a .jks file and enter the same password used before.

The 4a,b,c) steps can be also seen from the screen capture of how to import is shown below:

https://geni-orca.renci.org/trac/attachment/wiki/flukes/Creating%20Flukes%20keystore.mov

This may require a plugin and it can be automatically searched and installed.

5) Having imported the certificate and saved the file as acbabaog.jks, click on the red “link” label to download flukes.jnlp https://geni-orca.renci.org/trac/wiki/flukes

6) Notice that running the command with root account versus a user account DOES MATTER because ssh keys belong to the user account, therefore log in as your regular user name (such as “john”). Launch Flukes via “javaws flukes.jnlp”. From Help ->

Preferences, you will see the settings. These settings usually needs to be changed. Typical changes are JKS, SSH, XTERM, image and orca.xmlrpc address. In order to make the changes, create a file at $HOME/.flukes.properties and paste the following; # Path to XTerm executable on your system

xterm.path=/usr/bin/xterm

# Default comment character used in post-boot scripts script.comment.separator=#

# SSH Private Key to use to access VM instances(public will be installed into instances). You can use ~ to denote user home directory.

ssh.key=~/.ssh/id_dsa

# SSH Public key to install into VM instances ssh.pubkey=~/.ssh/id_dsa.pub

# Options for invoking SSH (the default set turns off checking .ssh/known_hosts ssh.options=-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no # URL of the ORCA actor registry to query

orca.registry.url=http://geni.renci.org:12080/registry/ # MD5 fingerprint of the certificate used by the registry

orca.registry.certfingerprint=78:B6:1A:F0:6C:F8:C7:0F:C0:05:10:13:06:79:E0:AC # Keystore containing your private key and certificate issued by GPO, Emulab or BEN user.keystore=~/.ssl/acbabaog.jks

# Comma-separated list of URLs of the ORCA XMLRPC controllers where you can submit slice requests

orca.xmlrpc.url=https://geni.renci.org:11443/orca/xmlrpc

# Name of a known image, you can add more images by adding image1.name, image2.name etc. To see defined images click on 'Client Images' button.

image.name=regression-i386-debian

# URL of a known image description file, you can add more images by adding image1.url, image2.url etc.

image.url=http://geni-images.renci.org/images/regression/regression-deb5-i386.xml # SHA-1 hash of the image description file, you can add more images by adding image1.hash, image2.hash etc.

7) Also, SSH keys need to be generated. On terminal (with regular user account), ssh public/private keys are created via “ssh-keygen -t dsa”. These are NOT related to Emulab account at step 1).

8) Now exit Flukes and start Flukes again. You can create node(s) by clicking on the panel and selecting a domain, then enter your slice name and click on “Submit” button. Once you have created the node and submitted slice request, click on “Manifest View” and after a few minutes, query the manifest with slice name. Slice should be in “active” status, and you can ssh into a node by right clicking and logging in via an xTerm

console. In addition, using the IP and Port number, a node can be also SSH’ed and SCP’ed to download files easily. You can get the details by right clicking on node details. (for example: ssh -p 30123 [email protected] or scp similarly). You should have a screen similar to below;

Step by step: How to create a GENI slice using

ProtoGENI-FLACK GUI

http://www.protogeni.net/trac/protogeni/wiki/GeniTutorial

1) Flack requires a browser with Adobe Flash (at least version 11) installed on your web browser. In order to install Adobe Flash 11 on Mozilla, on terminal do a “sudo apt-get install flashplugin-nonfree”, then close all Mozilla tabs and start Mozilla again. Another way is to install Chrome from Synaptic Manager (by searching Chrome) and it comes with Adobe Flash. Having install Adobe Flash Player, go to

http://www.protogeni.net/trac/protogeni/wiki/Flack website, as shown below;

2a) To create the SSH keys, on your desktop/laptop machine, do a

“ssh-keygen -f protogeni-key” to create a public key called acbabaog-protogeni-key.pub and private key called acbabaog-protogeni-key.

2b) Go to pgeni.gpolab.bbn.com/ and log in using your GENI credentials. Upload ONLY the public key (not private key) generated at 2a) to pgeni.gpolab.bbn.com/ site as shown below. This will enable your public key to be downloaded automatically to VMs when you create a slice later. Notice that this public key is dependent on your local machine and its account, therefore when you use another machine, you may need to create a different public/private key pair.

3) Now at http://www.protogeni.net/trac/protogeni/wiki/Flack website, click “log in”. You can use your GENI credentials to simplify logging in, by first selecting the authorithy (pgeni.gpolab.bbn.com in this case) and it will show your pgeni.gpolab.bbn.com/ SSL certificate. Then enter your password and click “get user credential button”, as shown below;

4) You can click on your account name “acbabaog” in this case and verify your SSL certificates and SSH public key (on the right) are there.

5) To create a slice, select a slice name and drag resources and click “submit” as

shown below. Utah resources have worked fine so far. Detailed steps can be followed at

http://www.protogeni.net/trac/protogeni/wiki/GeniTutorial

6) To SSH into a machine, click on “i” (information) button, and you can see the hostname/portname of it. In this case, it’s pc403.emulab.net:30522 with username acbabaog. Web based “visit” or “ssh” links have not worked for me yet, so I use traditional linux terminal ssh in the next step.

7) To SSH into it from local machine, the SSH public/private key pair generated at step 2) must be put into /home/can/.ssh/ folder with names id_dsa.pub and id_dsa

respectively. Then we can ssh as follows: “ssh -p 30522

[email protected]”. If this does not work change id_dsa.pub and id_dsa to id_rsa.pub and id_rsa respectively.

Step by step: How to create a GENI slice by

OMNI Command-Line

Tool

* This is a simplified version and screenshots of OMNI at

http://groups.geni.net/geni/wiki/GENIExperimenter/ExperimentExample

1) OMNI tool (gcf 1.6.2) can be downloaded from http://www.gpolab.bbn.com/local-sw/

and extract it (no need to install).

2) Install packages via “sudo apt-get install python-m2crypto python-dateutil \ python-pyopenssl libxmlsec1 xmlsec1 \

libxmlsec1-openssl libxmlsec1-dev”

and then test OMNI as more detailed in http://trac.gpolab.bbn.com/gcf/wiki/QuickStart

3) Put your SSL certificate into $HOME/.ssl folder exactly as “geni_cert.pem” name and at omni gcf folder run “python src/omni-configure.py”. This will create a .gcf folder and omni_config file as well as ssh public/private key pair as shown below;

4) Now you are ready to run omni commands to manage your slice and slivers. First you need to have your resources. To retrieve Protogeni resources, do a “python

src/omni.py -a https://www.emulab.net/protogeni/xmlrpc/am -o -t ProtoGENI 2 listresources” . This will take a while to download a large xml file.

5) You can create a new slice via “python src/omni.py createslice your-new-slice”. * Notice that as of now, you can NOT delete a slice, you should delete its slivers

(resources) and slice will be removed automatically after it expires (typically a day). 6) In order to create a sliver (resource) in your slice, you need a rspec (resource specification). You may use the following sample rspec and copy/paste into a file called emulab.rspec <?xml version="1.0" ?> <!-- Resources at AM: URN: unspecified_AM_URN URL: https://www.emulab.net/protogeni/xmlrpc/am -->

<rspec type="request" xmlns="http://www.protogeni.net/resources/rspec/2" xmlns:emulab="http://www.protogeni.net/resources/rspec/ext/emulab/1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.protogeni.net/resources/rspec/2 http://www.protogeni.net/resources/rspec2/request.xsd http://www.protogeni.net/resources/rspec/ext/emulab/1 http://www.protogeni.net/resources/rspec/ext/emulab/1/ptop_extension.xsd"> <node client_id="geni1" exclusive="true"> <sliver_type name="raw-pc" /> </node> <node client_id="geni2" exclusive="true"> <sliver_type name="raw-pc" /> </node> </rspec>

7) Now you can use the rspec above and create a slice at Protogeni via “python src/omni.py -a https://www.emulab.net/protogeni/xmlrpc/am -o createsliver your-new-slice emulab.rspec”

8) You may check the sliver status via

“python src/omni.py -a https://www.emulab.net/protogeni/xmlrpc/am sliverstatus your-new-slice”.

The result is saved in a “.json” file in omni-gcf folder.

9) In order to log in to the slice machines, the sliver must be in “ready” state to be used. Check the .json file in 8) to see if it’s ready. Once you see it’s ready and assuming you have done “SSH key generation at step 2) and 7) of FLACK steps”. You should be

able to SSH into machines. You can find the IP addresses and username at .json file as follows; (for example below it can be ssh -p 22 [email protected])

* Normally it should recognize your SSH keys and be able to login without a password (or only at the first time).

10) You may also list all resources of your slice via

“python src/omni.py -a https://www.emulab.net/protogeni/xmlrpc/am -o -t ProtoGENI 2 listresources your-new-slice”

The result output file should be saved as “your-new-slice-rspec-www-emulab-net-protogeni.xml”

11) You may also delete a sliver via “python src/omni.py -a

https://www.emulab.net/protogeni/xmlrpc/am deletesliver your-new-slice”

12) You can also add PlanetLab resources into your slice. For more details about these steps, visit http://groups.geni.net/geni/wiki/GENIExperimenter/ExperimentExample