OCCI Service Configuration Guide 1.4
The OpenNebula OCCI is a web service that enables you to launch and manage virtual machines in your OpenNebula installation using the latest draft of the OGF OCCI API specification. The OpenNebula OCCI service is implemented upon the new OpenNebula Cloud API (OCA) layer that exposes the full capabilities of an OpenNebula private cloud; and Sinatra, a widely used light web framework.
The current implementation includes all the resource referenced in the latest draft of the OGF OCCI API specification, namely:
The following sections explain how to install and configure the OCCI service on top of a running OpenNebula cloud.
The OpenNebula distribution includes the tools needed to use the OpenNebula OCCI service
You must have an OpenNebula site properly configured and running to install the OpenNebula OCCI service, be sure to check the OpenNebula Installation and Configuration Guides to set up your private cloud first. This guide also assumes that you are familiar with the configuration and use of OpenNebula.
The OpenNebula OCCI service was installed during the OpenNebula installation, so you just need to install the following packages to meet the runtime dependencies:
<xterm>$ sudo gem install thin $ sudo gem install sinatra $ sudo gem install crack</xterm>
<xterm> $ sudo gem install sequel $ sudo gem install curb $ sudo gem install multipart-post $ apt-get install ruby-sqlite3 $ apt-get install libopenssl-ruby </xterm>
curb
is just neccessary to upload files faster. If not installed, upload file with occi-storage -M
that uses the multipart-post
library
The service is configured through the $ONE_LOCATION/etc/occi-server.conf
file, where you can set up the basic operational parameters for the OCCI service, namely:
oneadmin
account, mainly to check the identity of the cloud users. You have to specify the USER
and PASSWORD
of oneadmin
. oned
daemon; and the server and port for the OpenNebula OCCI service web server. This will be the URL of your cloud.DATABASE
and IMAGE_DIR
for this service.VM_TYPE
defines the name and the OpenNebula templates for each type of Compute, to enable different sizes of Computes.The following table summarizes the available options:
VARIABLE | VALUE |
---|---|
USER | name for the oneadmin account |
PASSWORD | oneadmin password |
ONE_XMLRPC | oned xmlrpc service, http://localhost:2633/RPC2 |
SERVER | FQDN for your cloud |
PORT | for incoming connections |
DATABASE | for the Storage repository |
IMAGE_DIR | to store cloud images |
BRIDGE | Name of the bridge needed to create Networks |
FS_FORMAT | to store cloud images |
VM_TYPE | The Computes types for your cloud |
SERVER
must be a FQDN, do not use IP's here
IMAGE_DIR
must be an existing directory
occi-server.conf
fileExample:
# OpenNebula administrator user USER=oneadmin PASSWORD=mypass # OpenNebula sever contact information ONE_XMLRPC=http://localhost:2633/RPC2 # Host and port where OCCI service will run SERVER=cloud.opennebula.org PORT=4567 # Configuration for the image repository DATABASE=/srv/cloud/one/var/occi.db IMAGE_DIR=/srv/cloud/images/ # Configuration for OpenNebula's Virtual Networks BRIDGE=eth0 # Default format for FS FS_FORMAT=ext3 # VM types allowed and its template file (inside templates directory) VM_TYPE=[NAME=small, TEMPLATE=small.erb] VM_TYPE=[NAME=medium, TEMPLATE=medium.erb] VM_TYPE=[NAME=large, TEMPLATE=large.erb]
OpenNebula OCCI runs natively just on normal HTTP connections. If the extra security provided by SSL is needed, a proxy can be set up to handle the SSL connection that forwards the petition to the OCCI Service and takes back the answer to the client.
This set up needs:
If you want to try out the SSL setup easily, you can find in the following lines an example to set a self-signed certificate to be used by a lighttpd configured to act as an HTTP proxy to a correctly configured OCCI Service.
Let's assume the server were the lighttpd proxy is going to be started is called cloudserver.org
. Therefore, the steps are:
We are going to generate a snakeoil certificate. If using an Ubuntu system follow the next steps (otherwise your milleage may vary, but not a lot):
ssl-cert
package<xterm> $ sudo apt-get install ssl-cert </xterm>
<xterm> $ sudo /usr/sbin/make-ssl-cert generate-default-snakeoil </xterm>
<xterm> $ sudo cat /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem > /etc/lighttpd/server.pem </xterm>
You will need to edit the /etc/lighttpd/lighttpd.conf
configuration file and
server.port = 8443
#### proxy module ## read proxy.txt for more info proxy.server = ( "" => ("" => ( "host" => "127.0.0.1", "port" => 4567 ) ) ) #### SSL engine ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/server.pem"
The host must be the server hostname of the computer running the OCCI Service, and the port the one that the OCCI Service is running on.
The econe.conf
needs to define the following:
# Host and port where OCA server will run SERVER=127.0.0.1 PORT=4567 # SSL proxy that serves the API (set if is being used) SSL_SERVER=cloudserver.org
Once the lighttpd server is started, OCCI petitions using HTTPS uris can be directed to https://cloudserver.org:8443
, that will then be unencrypted, passed to localhost, port 4567, satisfied (hopefully), encrypted again and then passed back to the client.
You can define as many Compute types as you want, just:
$ONE_LOCATION/etc/occi_templates
. This template will be completed with the data for each cloud occi-vm create request, and then submitted to OpenNebula. You can start by modifying the small.erb
example, to adjust it to your cloud:NAME = <%= @vm_info['NAME']%> CPU = 1 MEMORY = 1024 OS = [ kernel = /vmlinuz, initrd = /initrd.img, root = sda1, kernel_cmd = "ro xencons=tty console=tty1"] <% if vm_info['STORAGE'] vm_info['STORAGE'].each do |key, image| image=[image].flatten case key when "SWAP" image.each do |img| %> DISK = [ type = "swap", size=<%= img['size']%>, target=<%= img['dev']%> ] <% end when "DISK" image.each do |img| %> DISK = [ type = "disk", target=<%= img['dev']%>, source=<%= img['source']%>, image_id=<%= img['image']%> ] <% end when "FS" image.each do |img| %> DISK = [ type = "fs", target=<%= img['dev']%>, size=<%= img['size']%>, format=<%= @config[:fs_format]||"ext3"%> ] <% end %> <% end %> <% end %> <% end %> <% if vm_info['NETWORK'] and vm_info['NETWORK']['NIC'] %> <% vm_info['NETWORK']['NIC'].each do |nic| %> NIC = [ <% if nic['ip'] %> IP=<%= nic['ip'] %>, <% end %> NETWORK="<%= nic['network']%>", NETWORK_ID=<%= nic['network_id'] %> ] <% end %> <% end %> INSTANCE_TYPE = <%= vm_info[:instance_type ]%>
To start the OCCI service just issue the following command
<xterm>
occi-server start
</xterm>
You can find the econe server log file in $ONE_LOCATION/var/occi-server.log
if OpenNebula has been installed in standalone, or in /var/log/one/occi-server.log
if installed in system-wide.
To stop the OCCI service: <xterm> occi-server stop </xterm>
The cloud users have to be created in the OpenNebula system by oneadmin
using the oneuser
utility. Once a user is registered in the system, using the same procedure as to create private cloud users, they can start using the system. The users will authenticate using the HTTP basic authentication with user-ID
their OpenNebula's username and password
their OpenNebula's password.