Re: [one-users] customizing tm_*.sh scripts for OpenVZ hypervisor [was $SCRIPTS_REMOTE_DIR in tm_*.sh scripts]
Hi, It looks like you could take adavantage of hooks [1]. This way you can perform preparative operations on create, running, etc., maybe storing some configurations files in $VAR_LOCATION/vm-id/ to be used later by your drivers. I'm sorry I can't dedicate enough time to write a more elaborated mail; but please ask any other questions that may arise. Regards. [1] http://opennebula.org/documentation:rel2.2:hooks -- Carlos Martín, MSc Project Major Contributor OpenNebula - The Open Source Toolkit for Cloud Computing www.OpenNebula.org http://www.opennebula.org/ | cmar...@opennebula.org On Sat, Jun 11, 2011 at 4:30 PM, kna...@gmail.com wrote: Tino Vazquez wrote on 09/06/11 13:52: Hi Nikolai, Hi Tino, I am not sure any longer that functionality I was going to implement can be done in tm_clone.sh script. Apart from possibility to be aware of $SCRIPT_REMOTE_DIR value the tm_clone.sh script needs to know the name of OS image to be used for VM deployment and that is a problem. Let me briefly explain what I mean. To create new VM on OpenVZ host there are two options: 1) one can specify using 'ostemplate' option the name of already existing so called OS template which has to be available in predefined dir set in TEMPLATE variable of OpenVZ global config file (by default it is /etc/vz/vz.conf). Normally TEMPLATE=/vz/template and OS template has to be available in $TEMPLATE/cache. There is no way to specify the absolute path to OS template (like --ostemplate=$VM_DIR/$VMID/images/disk.0 replacing the variables $VM_DIR and $VMID by their values e.g. --ostemplate=/vz/one/vm/55/images/disk.0). One of the example of a proper command could be as $ vzctl create 101 --ostemplate centos-5-x86 and OpenVZ expects the existence of the /vz/template/cache/centos-5-x86.tar.gz file with corresponding name. 2) one can skip --ostemplate option. Then OpenVZ will use the default OS template name defined in $DEF_OSTEMPLATE variable in /etc/vz/vz.conf. But that way is not very flexible (althrough it can be followed if all VMs are going to be deployed using only single OS template and thus its name can be redefined ones during initial OpenVZ host configuration). To follow the first option I would implement the logic as described below: 1) get the name of OS template specified in config file for given VM; 2) check if OS template with same name already exists in $TEMPLATE/cache dir. If it does then rename it, create a symlink (or one can copy it) from $VM_DIR/$VMID/images/disk.0 to $TEMPLATE/cache; 3) create VM; 4) remove symlinked OS template images from $TEMPLATE/cache dir. But tm_clone.sh script is executed before $SCRIPT_REMOTE_DIR/vmm/ovz/deploy script and hense the VM config file is not yet available to retrieve OS template name. Moreover the fourth step (OS template deletion from $TEMPLATE/cach dir) needs to be executed after VM creation. So all the steps described above needs to be implemented in $SCRIPT_REMOTE_DIR/vmm/ovz/deploy script although such approach in some sense mixes functionality which each script was initially intended for (as far as I understand it). Regards, Nikolay. ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] storage creation
Hi, On 10 June 2011 10:46, Michaël Van de Borne michael.vandebo...@cetic.be wrote: Hi there, It seems that is a storage element has to be used on the cloud, it has to be created prior, and then uploaded to the cloud. As I'd like to use empty storage elements (and fill them later on), I'd like to know how I could create (via CLI or OCCI) a storage volume in the cloud, without having to uploading it. You can define a DATABLOCK image that will create an empty disk, you should make it persistent in order to keep your changes. Using the CLI: $ oneimage create datablock.template $ cat datablock.template NAME = Experiment results TYPE = DATABLOCK # No PATH set, this image will start as a new empty disk SIZE = 2048 FSTYPE = ext3 PUBLIC = NO PERSISTENT = YES DESCRIPTION = Storage for my Thesis experiments. Using OCCI: $ occi-storage create datablock.xml $ cat datablock.xml STORAGE NAMEExperiment results/NAME DESCRIPTIONStorage for my Thesis experiments./DESCRIPTION TYPEDATABLOCK/TYPE SIZE2048/SIZE FSTYPEext3/FSTYPE PUBLICNO/PUBLIC PERSISTENTYES/PERSITENT /STORAGE Hope this helps. thank you, michaël -- Michaël Van de Borne RD Engineer, SOA team, CETIC Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli www.cetic.be, rue des Frères Wright, 29/3, B-6041 Charleroi ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Daniel Molina, Cloud Technology Engineer/Researcher Major Contributor OpenNebula - The Open Source Toolkit for Cloud Computing www.OpenNebula.org | dmol...@opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Problem with ldap authentication
Hi Carlos, Let's try the driver by hand again, but also with the authentication part: # ruby -dw $ONE_LOCATION/lib/mads/one_auth_mad.rb AUTHENTICATE 0 -1 LDAP_DN - LDAP_DN:plain:LDAP_PASSWORD this will tell if the failure is in the driver or the core. Regards, -Tino -- Constantino Vázquez Blanco, MSc OpenNebula Major Contributor www.OpenNebula.org | @tinova79 On Mon, Jun 13, 2011 at 9:16 PM, Carlos A. cara...@upv.es wrote: Hi again, more on this! I managed to get a user without whitespaces and I have bad news: while stating a wrong DN/pass is almost instant to refuse connection by stating an authentication error, I cannot manage to authenticate using the proper DN/pass. I'm back to the original situation: the execution expired message. In the log I can see the following message for the wrong ID: Mon Jun 13 21:11:56 2011 [AuM][D]: Message received: AUTHENTICATE FAILURE 0 false Mon Jun 13 21:11:56 2011 [AuM][E]: Auth Error: false Mon Jun 13 21:11:56 2011 [ReM][E]: [VirtualMachinePoolInfo] User couldn't be authenticated, aborting call. But nothing for the right ID. Any idea on this? Regards. El 13/06/11 18:42, Carlos A. escribió: Hi Tino, finally I think that I got it. The problem is that my DN has spaces in the CN. So I think that the one_auth file is not properly handled and it results in a failure whenever an space is used in this file. That is why I got the same failure when changing the authentication method to simple or to even a nonexistent method. It is simply because the authentication method was not launched at all because of a previous error. The current problem is that I cannot authenticate because my DN has spaces ;) so I cannot use it whithin Open Nebula. But at least I do not get the expired time error and it outputs an authentication error. Any workaround on this? Regards, Carlos A. Mensaje citado por Carlos A.cara...@upv.es: Hi, i get the expected output -- Enviado desde mi teléfono Android con K-9 Mail. Disculpa mi brevedad Tino Vazqueztin...@opennebula.org escribió: Hi Carlos, Let's try executing the auth mad by hand (the error, from your input, seems not to be exclusive of the ldap addon, but rather of the auth module), to discard missing gems # $ONE_LOCATION/lib/mads/one_auth_mad after hitting return, it will wait for input, type INIT you should get INIT SUCCESS - - Regards, -Tino -- Constantino Vázquez Blanco, MSc OpenNebula Major Contributor www.OpenNebula.org | @tinova79 On Mon, Jun 13, 2011 at 1:29 PM, Carlos A.cara...@upv.es wrote: Hi Tino, more info on this. While using my test script to authenticate I can see the sucess in the ldap server, I cannot see any information when trying to authenticate using ONE El 13/06/11 12:43, Tino Vazquez escribió: Hi Carlos, This may be due to a eager timeout that the core imposes over the ldap driver. Please find attached a patch for the OpenNebula source code, please apply it, recompile and reinstall, we would appreciate feedback on wether this fixes the improper ldap plugin behavior or not. Regards, -Tino -- Constantino Vázquez Blanco, MSc OpenNebula Major Contributor www.OpenNebula.org | @tinova79 On Sat, Jun 11, 2011 at 10:22 AM, Carlos A.cara...@upv.es wrote: Hello, any help on this? is ldap addon supposed to work with opennebula 2.2? has anyone tried it? El 09/06/2011 10:46, Carlos A. escribió: Hello, first of all, thank you for your response. Once I have managed to make ldap_auth work, I found the following issue: root@keo01:/srv/cloud/one# onevm list execution expired I cannot manage to athenticate against my ldap server. I have tried the ldap authentication that is carried out by ONE require 'rubygems' require 'net/ldap' ldap = Net::LDAP.new ldap.host = my.ldap.server ldap.port = 389 ldap.auth my-dn, my-pass print ldap.bind It is properly working, as my server authenticates me. I have (of course) tried changing the password and it works as expected. Diving in the code It seems that there is some problem in the file src/um/UserPool.cc, at authm-trigger(AuthManager::AUTHENTICATE,ar); ar.wait(); Any idea? El 09/06/11 00:51, carsten.friedr...@csiro.au escribió: The official OpenNebula installation instructions for the ldap driver are incomplete and miss to mention some software packages that you have to install first. I don't remember which ones they were, but you can find out as follows: * cd to .../lib/ruby * execute 'ruby ldap_auth.rb'. * Ruby will complain about any missing packages. Install those until ruby is happy. Carsten Carsten Friedrich Research Team leader ICT Centre, GPO Box 664,Canberra, ACT 2601 Phone: +61 2 6216 7019 Email: carsten.friedr...@csiro.au Web: http://www.csiro.au/org/ICT.html -Original Message- From: users-boun...@lists.opennebula.org [mailto:users-boun...@lists.opennebula.org] On
Re: [one-users] Problem with ldap authentication
Hi Carsten, Thanks for the ldap plugins improvements, we are certainly evaluating them to include it in the next release. About the blog post, I'm going to get in touch with the community manager, since I'm sure it is interesting for the community. And last but not least, the session in ONE is something we have in our backlog, but it unfortunately won't make it for v3.0. Regards, -Tino -- Constantino Vázquez Blanco | dsa-research.org/tinova Virtualization Technology Engineer / Researcher OpenNebula Toolkit | opennebula.org On Tue, Jun 14, 2011 at 1:45 AM, carsten.friedr...@csiro.au wrote: I use the OpenNebula LDAP module against a corporate LDAP server (actually LDAP interface to an AD server). This works quite well, but I had to modify it quite a bit. If you search the mailing list archives you'll find an article on how I did this (it also works with DN names with spaces). There may also be an OpenNebula blog article describing it (I wrote it quite a while back, but I'm not sure if the OpenNebula team ever approved / released it). Time-outs are a big problem as OpenNebula currently doesn't handle this very gracefully in the authentication module (the limit is hardcoded and no retry strategies). I'm also concerned about all the hits on the LDAP server this produces, especially if you use some polling front-end which updates VM status etc. I hope OpenNebula will eventually get session id, so LDAP authentication has to be done less frequently. Carsten Carsten Friedrich Research Team leader ICT Centre, GPO Box 664,Canberra, ACT 2601 Phone: +61 2 6216 7019 Email: carsten.friedr...@csiro.au Web: http://www.csiro.au/org/ICT.html -Original Message- From: users-boun...@lists.opennebula.org [mailto: users-boun...@lists.opennebula.org] On Behalf Of Carlos A. Sent: Tuesday, 14 June 2011 5:16 To: Carlos A. Cc: users@lists.opennebula.org Subject: Re: [one-users] Problem with ldap authentication Hi again, more on this! I managed to get a user without whitespaces and I have bad news: while stating a wrong DN/pass is almost instant to refuse connection by stating an authentication error, I cannot manage to authenticate using the proper DN/pass. I'm back to the original situation: the execution expired message. In the log I can see the following message for the wrong ID: Mon Jun 13 21:11:56 2011 [AuM][D]: Message received: AUTHENTICATE FAILURE 0 false Mon Jun 13 21:11:56 2011 [AuM][E]: Auth Error: false Mon Jun 13 21:11:56 2011 [ReM][E]: [VirtualMachinePoolInfo] User couldn't be authenticated, aborting call. But nothing for the right ID. Any idea on this? Regards. El 13/06/11 18:42, Carlos A. escribió: Hi Tino, finally I think that I got it. The problem is that my DN has spaces in the CN. So I think that the one_auth file is not properly handled and it results in a failure whenever an space is used in this file. That is why I got the same failure when changing the authentication method to simple or to even a nonexistent method. It is simply because the authentication method was not launched at all because of a previous error. The current problem is that I cannot authenticate because my DN has spaces ;) so I cannot use it whithin Open Nebula. But at least I do not get the expired time error and it outputs an authentication error. Any workaround on this? Regards, Carlos A. Mensaje citado por Carlos A.cara...@upv.es: Hi, i get the expected output -- Enviado desde mi teléfono Android con K-9 Mail. Disculpa mi brevedad Tino Vazqueztin...@opennebula.org escribió: Hi Carlos, Let's try executing the auth mad by hand (the error, from your input, seems not to be exclusive of the ldap addon, but rather of the auth module), to discard missing gems # $ONE_LOCATION/lib/mads/one_auth_mad after hitting return, it will wait for input, type INIT you should get INIT SUCCESS - - Regards, -Tino -- Constantino Vázquez Blanco, MSc OpenNebula Major Contributor www.OpenNebula.org | @tinova79 On Mon, Jun 13, 2011 at 1:29 PM, Carlos A.cara...@upv.es wrote: Hi Tino, more info on this. While using my test script to authenticate I can see the sucess in the ldap server, I cannot see any information when trying to authenticate using ONE El 13/06/11 12:43, Tino Vazquez escribió: Hi Carlos, This may be due to a eager timeout that the core imposes over the ldap driver. Please find attached a patch for the OpenNebula source code, please apply it, recompile and reinstall, we would appreciate feedback on wether this fixes the improper ldap plugin behavior or not. Regards, -Tino -- Constantino Vázquez Blanco, MSc OpenNebula Major Contributor www.OpenNebula.org | @tinova79 On Sat, Jun 11, 2011 at 10:22 AM, Carlos A.cara...@upv.es wrote: Hello, any help on this? is ldap addon supposed to work
[one-users] Multiple VM instances using one persistent image
Hi, I set up ONE on a small cluster and got in trouble as I tried to use one persistent (live-cd) image by several VMs. The image is marked to be of type CDROM and is the VM's only disk. As the first VM is created, it boots properly and runs fine. When I try to create another instance of the same VM (template) I get an error printed on the terminal: Error: [VirtualMachineAllocate] Error trying to CREATE VM Could not get disk image for VM. This problem does not occur, if I set the image to public instead of persistent, i.e. the image is copied to VM_DIR instead of a symbolic link is being created. Why is it not possible to use one persistent image by multiple VMs? I thought persistent means (in some way) read-only. Thus, there should be no need to lock the image when it is used by a VM. Thanks in advance. Robert ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Problem with ldap authentication
Hello,
I have finally got it:
I have found 1 error in lib/mads/one_auth_mad.rb
...
def action_authenticate(request_id, user_id, user, password, token)
auth=@authenticate.auth(user_id, user, password, token)
if auth==true
send_message('AUTHENTICATE', RESULT[:success], request_id,
user, token)
else
send_message('AUTHENTICATE', RESULT[:failure],
request_id, auth)
end
end
...
the problem is the line
send_message('AUTHENTICATE', RESULT[:success], request_id,
user, token)
where there are 5 parameters while send_message needs only 4. If I leave
these 5 parameters, one fails and the one daemon dies, but when I remove
the last one (token), it works both for simple and ldap authentication.
Neither simple or ldap were working before because of the exception of
the send_message function.
The code that I am using (it works for me) is:
...
def action_authenticate(request_id, user_id, user, password, token)
auth=@authenticate.auth(user_id, user, password, token)
if auth==true
send_message('AUTHENTICATE', RESULT[:success], request_id,
user)
else
send_message('AUTHENTICATE', RESULT[:failure], request_id,
auth)
end
end
...
Regards,
Carlos A.
El 16/06/11 13:11, Tino Vazquez escribió:
Hi Carlos,
Let's try the driver by hand again, but also with the authentication part:
# ruby -dw $ONE_LOCATION/lib/mads/one_auth_mad.rb
AUTHENTICATE 0 -1 LDAP_DN - LDAP_DN:plain:LDAP_PASSWORD
this will tell if the failure is in the driver or the core.
Regards,
-Tino
--
Constantino Vázquez Blanco, MSc
OpenNebula Major Contributor
www.OpenNebula.org http://www.OpenNebula.org | @tinova79
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] storage creation
Hi, yes this helps. Is there any chance to create an empty OS type image, so that I can boot on it (with kickstart)? thanks, michaël Michaël Van de Borne RD Engineer, SOA team, CETIC Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli www.cetic.be, rue des Frères Wright, 29/3, B-6041 Charleroi Le 16/06/11 12:03, Daniel Molina a écrit : Hi, On 10 June 2011 10:46, Michaël Van de Bornemichael.vandebo...@cetic.be wrote: Hi there, It seems that is a storage element has to be used on the cloud, it has to be created prior, and then uploaded to the cloud. As I'd like to use empty storage elements (and fill them later on), I'd like to know how I could create (via CLI or OCCI) a storage volume in the cloud, without having to uploading it. You can define a DATABLOCK image that will create an empty disk, you should make it persistent in order to keep your changes. Using the CLI: $ oneimage create datablock.template $ cat datablock.template NAME = Experiment results TYPE = DATABLOCK # No PATH set, this image will start as a new empty disk SIZE = 2048 FSTYPE = ext3 PUBLIC = NO PERSISTENT = YES DESCRIPTION = Storage for my Thesis experiments. Using OCCI: $ occi-storage create datablock.xml $ cat datablock.xml STORAGE NAMEExperiment results/NAME DESCRIPTIONStorage for my Thesis experiments./DESCRIPTION TYPEDATABLOCK/TYPE SIZE2048/SIZE FSTYPEext3/FSTYPE PUBLICNO/PUBLIC PERSISTENTYES/PERSITENT /STORAGE Hope this helps. thank you, michaël -- Michaël Van de Borne RD Engineer, SOA team, CETIC Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli www.cetic.be, rue des Frères Wright, 29/3, B-6041 Charleroi ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
