There are two places where we can locate the configuration files. Our software will look into these places in the following order:
If you have installed FutureGrid Move using the tarball file (Using a source tarball) you will find the configuration sample files in /etc/futuregrid/. Otherwise, you can download them as a tarball or a ZIP file.
Server Side: The configuration file has to be renamed as fg-server.conf.
Client Side: The configuration file has to be renamed as fg-client.conf.
Note
If you configure several clients or servers in the same machine, the fg-client.conf or fg-server.conf must be the same file.
Note
In the Client Side, the path of the log files must be relative to each users. Using the $HOME directory is a good idea.
The authentication of our software is based on LDAP. So, we need to configure some options in the configuration files to make it possible.
We need to configure the [LDAP] section. This is going to be use by all servers. More information about this section of the server configuration file can be found in LDAP section.
[LDAP] LDAPHOST= ldap.futuregrid.org LDAPUSER= uid=rainadmin,ou=People,dc=futuregrid,dc=org LDAPPASS= passwordrainadmin log= ~/fg-auth.log
In this section we explain how to configure FG Move. FG Move is composed by a main server that orchestrates different FG Move controllers distributed among the different infrastructures head nodes. There controllers make sure that the machines are properly added or removed from the infrastructure.
First, we are going to configure the main server. We need to configure the [RainMoveServer] Section (see MoveServer section) in the fg-server.conf configuration file.
[RainMoveServer] port = 56795 proc_max=5 refresh=20 authorizedusers = adminuser1, adminuser2 protectedmachines = im1, 172.29.22.1, i50, 172.29.20.50, i135, 172.29.20.135, i136, 172.29.20.136, th1, i130, 172.29.20.130 log = moveserver.log log_level = debug ca_cert=/opt/futuregrid/futuregrid/etc/imdserver/cacert.pem certfile=/opt/futuregrid/futuregrid/etc/imdserver/imdscert.pem keyfile=/opt/futuregrid/futuregrid/etc/imdserver/privkey.pem Clientca_cert=/opt/futuregrid/futuregrid/etc/imdclient/cacert.pem Clientcertfile=/opt/futuregrid/futuregrid/etc/imdclient/imdccert.pem Clientkeyfile=/opt/futuregrid/futuregrid/etc/imdclient/privkey.pem dbaddress = localhost dbport = 23000 dbname = fg_move
Next we need to create sections for each one of the FG Move controllers (see Move Remote Site Controllers).
[Move-eucalyptus-indiaeuca] address=129.79.49.12 port=56804 [Move-openstack-indiaopenstack] address=129.79.49.13 port=56805 [Move-hpc-indiahpc] address=129.79.49.10 port=56806 [Move-nimbus-hotelnimbus] address=129.79.49.11 port=56807
Note
Make sure that port and address matches with those used by the Move controllers (see Move Site Server).
We can also create an inventory file to initialize our database. This file will describe the nodes, clusters and services. This file will be read by the RainMoveServer during its initialization (first time it is executed). The inventory information will be automatically stored in a MongoDB database. Therefore, this inventory file will not be needed anymore.
In the inventory file, the nodes are defined by its Id, hostname and IP. They have to be part of a cluster, which is defined by the CLUSTER: label followed by the name of the cluster. We also have services that contain the Id of the nodes that are allocated to each service. Services are defined with the SERVICE label, the type of service (OPENSTACK, NIMBUS, EUCALYPTUS, HPC).
This file looks like:
[CLUSTER:HOTEL] c01.hotel,c01,149.165.147.1 c02.hotel,c02,149.165.147.2 [CLUSTER:INDIA] i01.india,i01,149.165.148.1 i02.india,i02,149.165.148.2 i100.india,i200,149.165.148.100 i101.india,i101,149.165.148.101 i102.india,i102,149.165.148.102 [SERVICE:NIMBUS:HOTELNIMBUS] c01.hotel c02.hotel [SERVICE:EUCALYPTUS:INDIAEUCA] i100.india i102.india [SERVICE:OPENSTACK:INDIAOPENSTACK] i101.india [SERVICE:HPC:INDIAHPC] i01.india i02.india
Requirements
Once everything is set up (including Teefaa, MongoDB and pymongo), you can start the fg-move server as imageman user.
Note
We recommend to have a system user that run all the servers (i.e. imageman). In this way, it will be easier to manage the sudoers file when necessary.
In the client side, we need to configure the [RainMove] section in the fg-client.conf configuration file. More information about this section of the client configuration file can be found in Move section.
[RainMove] port = 56795 serveraddr=localhost log=~/clientrainmove.log log_level=debug ca_cert=/etc/futuregrid/imdclient/cacert.pem certfile=/etc/futuregrid/imdclient/imdccert.pem keyfile=/etc/futuregrid/imdclient/privkey.pem
Once you have everything set up, any user that is in the authorizedusers field of the section [RainMoveServer] will be able to use this service (see Rain Move Server). Of course, the user has to authenticate against LDAP too.
The executable file of this client is fg-move. More information about how to use FG Move can be found in the FG Move Manual.
Server Side (fg-server.conf) | Client Side (fg-client.conf) | |
---|---|---|
Requirement |
|
|
Configure |
|
|
Executables |
|
|
In this section, we explain how to configure the FG Move Site Controller. As we said previously, this service will make sure that the machines are properly added or removed from the infrastructure. Therefore, it has to run in the machine that controls the infrastructure (i.e. where Torque, OpenStack Nova manager or Eucalyptus cloud controller is installed). Our service controller is generic and works for every supported infrastructure, we only need to tune it up properly.
In the Server side we need to configure the [RainMoveSiteServer] Section (see RainMoveSiteServer section). Here, we have an example for a Cloud service (we have defined the ec2varfile option). In the case of HPC, we need to define the option hpcproperties instead (i.e. hpcproperties = compute).
[RainMoveSiteServer] port = 56796 proc_max = 5 refresh = 20 log = movesiteserver.log log_level = debug max_wait = 1000 ec2varfile = ~/eucarc ca_cert=/etc/futuregrid/imdserver/cacert.pem certfile=/etc/futuregrid/imdserver/imdscert.pem keyfile=/etc/futuregrid/imdserver/privkey.pem
Note
Make sure that the port specified here matches with the one specified in the sections defined when configuring the main FG Move server.
Next, we need to do specific configurations depending on the infrastructure we are targeting. Typically, you only need to do one of the following subsections per management machine.
Considering that imageman is the user that will run the service, we need to allow this user to execute the pbsnodes command and some other commands as root user.
Edit sudoers file by executing visudo as root user and add the following lines:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/opt/moab/bin:/opt/torque/bin imageman ALL=(ALL) NOPASSWD: /opt/moab/bin/mschedctl -R imageman ALL=(ALL) NOPASSWD: /opt/torque/bin/pbsnodes imageman ALL=(ALL) NOPASSWD: /opt/torque/bin/qmgr imageman ALL=(ALL) NOPASSWD: /opt/torque/bin/qdel
Eucalyptus Infrastructure
Here, we need to provide imageman with an Eucalyptus credentials of an admin user. This is basically needed to terminate instances when we use the --force option with fg-move. A good place to place the creadentials is the home directory of this user.
Next, we need to edit sudoers file by executing visudo as root user and add the following lines:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/opt/euca/bin imageman ALL=(ALL) NOPASSWD: /opt/euca/bin/euca_conf
OpenStack Infrastructure
Here, we need to provide imageman with an OpenStack credentials of an admin user. This is basically needed to terminate instances when we use the --force option with fg-move. A good place to place the creadentials is the home directory of this user.
Next, we need to edit sudoers file by executing visudo as root user and add the following lines:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/opt/openstack/bin imageman ALL=(ALL) NOPASSWD: /opt/openstack/bin/nova-manage
Nimbus Infrastructure
Not developed yet
OpenNebula Infrastructure
Not developed yet
Once everything is set up, you can start the server by execution RainMoveSiteServer.py as imageman user.
Server Side (fg-server.conf) | |
---|---|
Access to |
|
Configure |
|
Executables |
|