Developers and administrators documentation¶
The following guides are provided by IT and fully document the services and infrastructure in use:
- OpenStack private cloud guide
- Config training
- Config documentation
- Batch documentation
- LXPLUS documentation
- Applications Gateway documentation
- EOS documentation
- CERNBox documentation
- Device and productivity software documentation
- Documentation how-to guide
- Monitoring documentation
- WebEOS documentation
Naming convention¶
This naming convention is meant to homogenize the creation of VMs in the Openstack project
- All names shall start with
mp-to identify them clearly as part of the OpenStack project and belonging to the hostgroup. - The full name of the subhostgroups hierarchy is used to identify the machine type (e.g.
mp-linux-ts-). - The machines are indexed sequentially with a two-digit suffix (e.g.
mp-linux-ts-01). The creator of the VM is encouraged to check in Foreman for available indices before using a new one.
Creation and lifecycle of managed VMs in the hostgroup¶
The administration is done via aiadm.
To create a VM, use ai-bs:
ai-bs --landb-responsible machine-protection-studies --nova-flavor m2.medium --cc7 -g machine_protection/{subhostgroup} mp-{subhostgroups}-{index}
ai-bs --landb-responsible machine-protection-studies --landb-mainuser machine-protection-studies-users --nova-flavor r2.xlarge --nova-boot-from-new-volume 250GB:type=io1 --nova-image "Windows 10 Professional" -g machine_protection/windows mp-win-01.cern.ch
Permanently deleting a VM
To permanently delete a VM use ai-kill:
ai-kill machine-name.cern.ch
nice list of machines openstack server list --long --format table --sort-column Name -c Name -c Image\ Name -c Flavor\ Name
For Windows:
- The LANDB responsible user e-group will be in the Windows Administrators groups
- The LANDB main user e-group will be in the Windows Administrators groups
- None of the e-groups will be explicitely added to the Remote Desktop Users group; however, the Administrators group has the right for Remote Desktop connection granted by default
The groups can be easily checked by running lusrmgr.msc in a Windows prompt, then navigating from there.
ROOT access for Linux VMs¶
See this config documentation page.
Remote Desktop Service Gateway¶
Connections using the Remote Desktop Service Gateway should be granted manually to the machine-protection-studies-users e-group using this page for every newly created Windows VM.
Main user and responsible users get administrator rights and remote desktop user rights.
CVMFS¶
The release manager for the repository is lxcvmfs114.cern.ch and is reachable via the alias 'cvmfs-bdsim'. Please, always use the alias to connect the release manager. As agreed, I have created an egroup named 'lxcvmfs-bdsim' whose members have access to the release manager. At the moment, the only members of the egroup are you (chernals) and Laurence (lnevay). The egorup is self-managed, meaning that new members can be added to it with members' approval.
Garbage collection is not enabled for now. Please, let me know if this is a feature that you need and, if so, how frequently garbage collection should run. Further documentation can be found here: https://cvmfs.readthedocs.io/en/stable/cpt-repo.html#repository-garbage-collection Consider that it will not be possible to run transactions on the repository for the whole duration of garbage collection.
Puppet known issues¶
As discussed on mattermost, there seemed to be an issue with the certificates installed by the puppet agent. The puppet agent imports during installation, the machine certificate and keys into the C:\ProgramData\puppetlabs\puppet\etc\ssl (certs,private_keys,public_keys) directories. Manually deleting these certificates and keys and re-running the agent configuration worked.
To re-run the agent configuration one can run in an administrator powershell window:
powershell -executionpolicy unrestricted -File \cern.ch\dfs\Services\Puppet\Scripts\puppet-configure.ps1 -ArgumentList -version "6.21.0"
yes, you have ai-foreman command.
For instance:
$ ai-foreman -l machine_protection showhost
+-------------------------+-------------------------------+-------------+--------------+
| Name | Hostgroup | Environment | OS |
+-------------------------+-------------------------------+-------------+--------------+
| mp-linux-01.cern.ch | machine_protection/linux/node | production | CentOS 7.9 |
| mp-linux-02.cern.ch | machine_protection/linux/node | production | CentOS 7.9 |
| mp-linux-gpu-01.cern.ch | machine_protection/linux/gpu | production | CentOS 7.9 |
| mp-linux-ts-01.cern.ch | machine_protection/linux/ts | production | CentOS 7.9 |
| mp-win-01.cern.ch | machine_protection/windows | production | windows 10.0 |
| mp-win-02.cern.ch | machine_protection/windows | production | None |
+-------------------------+-------------------------------+-------------+--------------+
or
$ ai-foreman --longtable showhost mp-linux-01.cern.ch +---------------------+-------------------------------+-------------+------------+--------+-------------------+--------+---------+---------------------------+ | Name | Hostgroup | Environment | OS | Arch | Model | Ptable | Comment | Last Report | +---------------------+-------------------------------+-------------+------------+--------+-------------------+--------+---------+---------------------------+ | mp-linux-01.cern.ch | machine_protection/linux/node | production | CentOS 7.9 | x86_64 | OpenStack Compute | None | None | 2021-06-03 11:08:48+02:00 | +---------------------+-------------------------------+-------------+------------+--------+-------------------+--------+---------+---------------------------+
https://clouddocs.web.cern.ch/containers/tutorials/registry.html
VM with GPU for Windows¶
ai-bs --landb-responsible machine-protection-studies --landb-mainuser machine-protection-studies-users --nova-flavor g2.xlarge --nova-boot-from-new-volume 250GB:type=io1 --nova-image "Windows 2019 Standard" -g machine_protection/windows mp-win-gpu-ts-01.cern.ch