Skip to content

Developers and administrators documentation

The following guides are provided by IT and fully document the services and infrastructure in use:

Naming convention

This naming convention is meant to homogenize the creation of VMs in the Openstack project

  1. All names shall start with mp- to identify them clearly as part of the OpenStack project and belonging to the hostgroup.
  2. The full name of the subhostgroups hierarchy is used to identify the machine type (e.g. mp-linux-ts-).
  3. The machines are indexed sequentially with a two-digit suffix (e.g. mp-linux-ts-01). The creator of the VM is encouraged to check in Foreman for available indices before using a new one.

Creation and lifecycle of managed VMs in the hostgroup

The administration is done via aiadm.

To create a VM, use ai-bs:

ai-bs --landb-responsible machine-protection-studies --nova-flavor m2.medium --cc7 -g machine_protection/{subhostgroup} mp-{subhostgroups}-{index}
ai-bs --landb-responsible machine-protection-studies --landb-mainuser machine-protection-studies-users --nova-flavor r2.xlarge --nova-boot-from-new-volume 250GB:type=io1 --nova-image "Windows 10 Professional" -g machine_protection/windows

Permanently deleting a VM

To permanently delete a VM use ai-kill:


nice list of machines openstack server list --long --format table --sort-column Name -c Name -c Image\ Name -c Flavor\ Name

For Windows:

  • The LANDB responsible user e-group will be in the Windows Administrators groups
  • The LANDB main user e-group will be in the Windows Administrators groups
  • None of the e-groups will be explicitely added to the Remote Desktop Users group; however, the Administrators group has the right for Remote Desktop connection granted by default

The groups can be easily checked by running lusrmgr.msc in a Windows prompt, then navigating from there.

ROOT access for Linux VMs

See this config documentation page.

Remote Desktop Service Gateway

Connections using the Remote Desktop Service Gateway should be granted manually to the machine-protection-studies-users e-group using this page for every newly created Windows VM.

Main user and responsible users get administrator rights and remote desktop user rights.


The release manager for the repository is and is reachable via the alias 'cvmfs-bdsim'. Please, always use the alias to connect the release manager. As agreed, I have created an egroup named 'lxcvmfs-bdsim' whose members have access to the release manager. At the moment, the only members of the egroup are you (chernals) and Laurence (lnevay). The egorup is self-managed, meaning that new members can be added to it with members' approval.

Garbage collection is not enabled for now. Please, let me know if this is a feature that you need and, if so, how frequently garbage collection should run. Further documentation can be found here: Consider that it will not be possible to run transactions on the repository for the whole duration of garbage collection.

Puppet known issues

As discussed on mattermost, there seemed to be an issue with the certificates installed by the puppet agent. The puppet agent imports during installation, the machine certificate and keys into the C:\ProgramData\puppetlabs\puppet\etc\ssl (certs,private_keys,public_keys) directories. Manually deleting these certificates and keys and re-running the agent configuration worked.

To re-run the agent configuration one can run in an administrator powershell window:

powershell -executionpolicy unrestricted -File \\dfs\Services\Puppet\Scripts\puppet-configure.ps1 -ArgumentList -version "6.21.0"

yes, you have ai-foreman command. For instance: $ ai-foreman -l machine_protection showhost +-------------------------+-------------------------------+-------------+--------------+ | Name | Hostgroup | Environment | OS | +-------------------------+-------------------------------+-------------+--------------+ | | machine_protection/linux/node | production | CentOS 7.9 | | | machine_protection/linux/node | production | CentOS 7.9 | | | machine_protection/linux/gpu | production | CentOS 7.9 | | | machine_protection/linux/ts | production | CentOS 7.9 | | | machine_protection/windows | production | windows 10.0 | | | machine_protection/windows | production | None | +-------------------------+-------------------------------+-------------+--------------+


$ ai-foreman --longtable showhost +---------------------+-------------------------------+-------------+------------+--------+-------------------+--------+---------+---------------------------+ | Name | Hostgroup | Environment | OS | Arch | Model | Ptable | Comment | Last Report | +---------------------+-------------------------------+-------------+------------+--------+-------------------+--------+---------+---------------------------+ | | machine_protection/linux/node | production | CentOS 7.9 | x86_64 | OpenStack Compute | None | None | 2021-06-03 11:08:48+02:00 | +---------------------+-------------------------------+-------------+------------+--------+-------------------+--------+---------+---------------------------+

VM with GPU for Windows

ai-bs --landb-responsible machine-protection-studies --landb-mainuser machine-protection-studies-users --nova-flavor g2.xlarge --nova-boot-from-new-volume 250GB:type=io1 --nova-image "Windows 2019 Standard" -g machine_protection/windows