Synnefo

.. _quick-install-admin-guide:

Administrator's Quick Installation Guide

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This is the Administrator's quick installation guide.

It describes how to install the whole synnefo stack on two (2) physical nodes,

with minimum configuration. It installs synnefo from Debian packages, and

assumes the nodes run Debian Squeeze. After successful installation, you will

have the following services running:

 * Identity Management (Astakos)

 * Object Storage Service (Pithos+)

 * Compute Service (Cyclades)

 * Image Registry Service (Plankton)

and a single unified Web UI to manage them all.

The Volume Storage Service (Archipelago) and the Billing Service (Aquarium) are

not released yet.

If you just want to install the Object Storage Service (Pithos+), follow the guide

and just stop after the "Testing of Pithos+" section.

Installation of Synnefo / Introduction

======================================

We will install the services with the above list's order. Cyclades and Plankton

will be installed in a single step (at the end), because at the moment they are

contained in the same software component. Furthermore, we will install all

services in the first physical node, except Pithos+ which will be installed in

the second, due to a conflict between the snf-pithos-app and snf-cyclades-app

component (scheduled to be fixed in the next version).

For the rest of the documentation we will refer to the first physical node as

"node1" and the second as "node2". We will also assume that their domain names

are "node1.example.com" and "node2.example.com" and their IPs are "4.3.2.1" and

"4.3.2.2" respectively.

General Prerequisites

=====================

These are the general synnefo prerequisites, that you need on node1 and node2

and are related to all the services (Astakos, Pithos+, Cyclades, Plankton).

To be able to download all synnefo components you need to add the following

lines in your ``/etc/apt/sources.list`` file:

| ``deb http://apt.dev.grnet.gr squeeze main``

| ``deb-src http://apt.dev.grnet.gr squeeze main``

You also need a shared directory visible by both nodes. Pithos+ will save all

data inside this directory. By 'all data', we mean files, images, and pithos

specific mapping data. If you plan to upload more than one basic image, this

directory should have at least 50GB of free space. During this guide, we will

assume that node1 acts as an NFS server and serves the directory ``/srv/pithos``

to node2. Node2 has this directory mounted under ``/srv/pithos``, too.

Before starting the synnefo installation, you will need basic third party

software to be installed and configured on the physical nodes. We will describe

each node's general prerequisites separately. Any additional configuration,

specific to a synnefo service for each node, will be described at the service's

section.

Node1

-----

General Synnefo dependencies

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 * apache (http server)

 * gunicorn (WSGI http server)

 * postgresql (database)

 * rabbitmq (message queue)

You can install the above by running:

.. code-block:: console

   # apt-get install apache2 postgresql rabbitmq-server

Make sure to install gunicorn >= v0.12.2. You can do this by installing from

the official debian backports:

.. code-block:: console

   # apt-get -t squeeze-backports install gunicorn

On node1, we will create our databases, so you will also need the

python-psycopg2 package:

.. code-block:: console

   # apt-get install python-psycopg2

Database setup

~~~~~~~~~~~~~~

On node1, we create a database called ``snf_apps``, that will host all django

apps related tables. We also create the user ``synnefo`` and grant him all

privileges on the database. We do this by running:

.. code-block:: console

   root@node1:~ # su - postgres

   postgres@node1:~ $ psql

   postgres=# CREATE DATABASE snf_apps WITH ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0;

   postgres=# CREATE USER synnefo WITH PASSWORD 'example_passw0rd';

   postgres=# GRANT ALL PRIVILEGES ON DATABASE snf_apps TO synnefo;

We also create the database ``snf_pithos`` needed by the pithos+ backend and

grant the ``synnefo`` user all privileges on the database. This database could

be created on node2 instead, but we do it on node1 for simplicity. We will

create all needed databases on node1 and then node2 will connect to them.

.. code-block:: console

   postgres=# CREATE DATABASE snf_pithos WITH ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0;

   postgres=# GRANT ALL PRIVILEGES ON DATABASE snf_pithos TO synnefo;

Configure the database to listen to all network interfaces. You can do this by

editting the file ``/etc/postgresql/8.4/main/postgresql.conf`` and change

``listen_addresses`` to ``'*'`` :

.. code-block:: console

   listen_addresses = '*'

Furthermore, edit ``/etc/postgresql/8.4/main/pg_hba.conf`` to allow node1 and

node2 to connect to the database. Add the following lines under ``#IPv4 local

connections:`` :

.. code-block:: console

   host		all	all	4.3.2.1/32	md5

   host		all	all	4.3.2.2/32	md5

Make sure to substitute "4.3.2.1" and "4.3.2.2" with node1's and node2's

actual IPs. Now, restart the server to apply the changes:

.. code-block:: console

   # /etc/init.d/postgresql restart

Gunicorn setup

~~~~~~~~~~~~~~

Create the file ``synnefo`` under ``/etc/gunicorn.d/`` containing the following:

.. code-block:: console

   CONFIG = {

    'mode': 'django',

    'environment': {

      'DJANGO_SETTINGS_MODULE': 'synnefo.settings',

    },

    'working_dir': '/etc/synnefo',

    'user': 'www-data',

    'group': 'www-data',

    'args': (

      '--bind=127.0.0.1:8080',

      '--workers=4',

      '--log-level=debug',

    ),

   }

.. warning:: Do NOT start the server yet, because it won't find the

    ``synnefo.settings`` module. We will start the server after successful

    installation of astakos. If the server is running::

       # /etc/init.d/gunicorn stop

Apache2 setup

~~~~~~~~~~~~~

Create the file ``synnefo`` under ``/etc/apache2/sites-available/`` containing

the following:

.. code-block:: console

   <VirtualHost *:80>

     ServerName node1.example.com

     RewriteEngine On

     RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]

     RewriteRule ^(.*)$ - [F,L]

     RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

   </VirtualHost>

Create the file ``synnefo-ssl`` under ``/etc/apache2/sites-available/``

containing the following:

.. code-block:: console

   <IfModule mod_ssl.c>

   <VirtualHost _default_:443>

     ServerName node1.example.com

     Alias /static "/usr/share/synnefo/static"

   #  SetEnv no-gzip

   #  SetEnv dont-vary

     AllowEncodedSlashes On

     RequestHeader set X-Forwarded-Protocol "https"

     <Proxy * >

       Order allow,deny

       Allow from all

     </Proxy>

     SetEnv                proxy-sendchunked

     SSLProxyEngine        off

     ProxyErrorOverride    off

     ProxyPass        /static !

     ProxyPass        / http://localhost:8080/ retry=0

     ProxyPassReverse / http://localhost:8080/

     RewriteEngine On

     RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]

     RewriteRule ^(.*)$ - [F,L]

     RewriteRule ^/login(.*) /im/login/redirect$1 [PT,NE]

     SSLEngine on

     SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem

     SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

   </VirtualHost>

   </IfModule>

Now enable sites and modules by running:

.. code-block:: console

   # a2enmod ssl

   # a2enmod rewrite

   # a2dissite default

   # a2ensite synnefo

   # a2ensite synnefo-ssl

   # a2enmod headers

   # a2enmod proxy_http

.. warning:: Do NOT start/restart the server yet. If the server is running::

       # /etc/init.d/apache2 stop

.. _rabbitmq-setup:

Message Queue setup

~~~~~~~~~~~~~~~~~~~

The message queue will run on node1, so we need to create the appropriate

rabbitmq user. The user is named ``synnefo`` and gets full privileges on all

exchanges:

.. code-block:: console

   # rabbitmqctl add_user synnefo "examle_rabbitmq_passw0rd"

   # rabbitmqctl set_permissions synnefo ".*" ".*" ".*"

We do not need to initialize the exchanges. This will be done automatically,

during the Cyclades setup.

Pithos+ data directory setup

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As mentioned in the General Prerequisites section, there is a directory called

``/srv/pithos`` visible by both nodes. We create and setup the ``data``

directory inside it:

.. code-block:: console

   # cd /srv/pithos

   # mkdir data

   # chown www-data:www-data data

   # chmod g+ws data

You are now ready with all general prerequisites concerning node1. Let's go to

node2.

Node2

-----

General Synnefo dependencies

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 * apache (http server)

 * gunicorn (WSGI http server)

 * postgresql (database)

You can install the above by running:

.. code-block:: console

   # apt-get install apache2 postgresql

Make sure to install gunicorn >= v0.12.2. You can do this by installing from

the official debian backports:

.. code-block:: console

   # apt-get -t squeeze-backports install gunicorn

Node2 will connect to the databases on node1, so you will also need the

python-psycopg2 package:

.. code-block:: console

   # apt-get install python-psycopg2

Database setup

~~~~~~~~~~~~~~

All databases have been created and setup on node1, so we do not need to take

any action here. From node2, we will just connect to them. When you get familiar

with the software you may choose to run different databases on different nodes,

for performance/scalability/redundancy reasons, but those kind of setups are out

of the purpose of this guide.

Gunicorn setup

~~~~~~~~~~~~~~

Create the file ``synnefo`` under ``/etc/gunicorn.d/`` containing the following

(same contents as in node1; you can just copy/paste the file):

.. code-block:: console

   CONFIG = {

    'mode': 'django',

    'environment': {

      'DJANGO_SETTINGS_MODULE': 'synnefo.settings',

    },

    'working_dir': '/etc/synnefo',

    'user': 'www-data',

    'group': 'www-data',

    'args': (

      '--bind=127.0.0.1:8080',

      '--workers=4',

      '--log-level=debug',

      '--timeout=43200'

    ),

   }

.. warning:: Do NOT start the server yet, because it won't find the

    ``synnefo.settings`` module. We will start the server after successful

    installation of astakos. If the server is running::

       # /etc/init.d/gunicorn stop

Apache2 setup

~~~~~~~~~~~~~

Create the file ``synnefo`` under ``/etc/apache2/sites-available/`` containing

the following:

.. code-block:: console

   <VirtualHost *:80>

     ServerName node2.example.com

     RewriteEngine On

     RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]

     RewriteRule ^(.*)$ - [F,L]

     RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

   </VirtualHost>

Create the file ``synnefo-ssl`` under ``/etc/apache2/sites-available/``

containing the following:

.. code-block:: console

   <IfModule mod_ssl.c>

   <VirtualHost _default_:443>

     ServerName node2.example.com

     Alias /static "/usr/share/synnefo/static"

     SetEnv no-gzip

     SetEnv dont-vary

     AllowEncodedSlashes On

     RequestHeader set X-Forwarded-Protocol "https"

     <Proxy * >

       Order allow,deny

       Allow from all

     </Proxy>

     SetEnv                proxy-sendchunked

     SSLProxyEngine        off

     ProxyErrorOverride    off

     ProxyPass        /static !

     ProxyPass        / http://localhost:8080/ retry=0

     ProxyPassReverse / http://localhost:8080/

     SSLEngine on

     SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem

     SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

   </VirtualHost>

   </IfModule>

As in node1, enable sites and modules by running:

.. code-block:: console

   # a2enmod ssl

   # a2enmod rewrite

   # a2dissite default

   # a2ensite synnefo

   # a2ensite synnefo-ssl

   # a2enmod headers

   # a2enmod proxy_http

.. warning:: Do NOT start/restart the server yet. If the server is running::

       # /etc/init.d/apache2 stop

We are now ready with all general prerequisites for node2. Now that we have

finished with all general prerequisites for both nodes, we can start installing

the services. First, let's install Astakos on node1.

Installation of Astakos on node1

================================

To install astakos, grab the package from our repository (make sure  you made

the additions needed in your ``/etc/apt/sources.list`` file, as described

previously), by running:

.. code-block:: console

   # apt-get install snf-astakos-app

After successful installation of snf-astakos-app, make sure that also

snf-webproject has been installed (marked as "Recommended" package). By default

Debian installs "Recommended" packages, but if you have changed your

configuration and the package didn't install automatically, you should

explicitly install it manually running:

.. code-block:: console

   # apt-get install snf-webproject

The reason snf-webproject is "Recommended" and not a hard dependency, is to give

the experienced administrator the ability to install synnefo in a custom made

django project. This corner case concerns only very advanced users that know

what they are doing and want to experiment with synnefo.

.. _conf-astakos:

Configuration of Astakos

========================

Conf Files

----------

After astakos is successfully installed, you will find the directory

``/etc/synnefo`` and some configuration files inside it. The files contain

commented configuration options, which are the default options. While installing

new snf-* components, new configuration files will appear inside the directory.

In this guide (and for all services), we will edit only the minimum necessary

configuration options, to reflect our setup. Everything else will remain as is.

After getting familiar with synnefo, you will be able to customize the software

as you wish and fits your needs. Many options are available, to empower the

administrator with extensively customizable setups.

For the snf-webproject component (installed as an astakos dependency), we

need the following:

Edit ``/etc/synnefo/10-snf-webproject-database.conf``. You will need to

uncomment and edit the ``DATABASES`` block to reflect our database:

.. code-block:: console

   DATABASES = {

    'default': {

        # 'postgresql_psycopg2', 'postgresql','mysql', 'sqlite3' or 'oracle'

        'ENGINE': 'postgresql_psycopg2',

         # ATTENTION: This *must* be the absolute path if using sqlite3.

         # See: http://docs.djangoproject.com/en/dev/ref/settings/#name

        'NAME': 'snf_apps',

        'USER': 'synnefo',                      # Not used with sqlite3.

        'PASSWORD': 'examle_passw0rd',          # Not used with sqlite3.

        # Set to empty string for localhost. Not used with sqlite3.

        'HOST': '4.3.2.1',

        # Set to empty string for default. Not used with sqlite3.

        'PORT': '5432',

    }

   }

Edit ``/etc/synnefo/10-snf-webproject-deploy.conf``. Uncomment and edit

``SECRET_KEY``. This is a django specific setting which is used to provide a

seed in secret-key hashing algorithms. Set this to a random string of your

choise and keep it private:

.. code-block:: console

   SECRET_KEY = 'sy6)mw6a7x%n)-example_secret_key#zzk4jo6f2=uqu!1o%)'

For astakos specific configuration, edit the following options in

``/etc/synnefo/20-snf-astakos-app-settings.conf`` :

.. code-block:: console

   ASTAKOS_IM_MODULES = ['local']

   ASTAKOS_COOKIE_DOMAIN = '.example.com'

   ASTAKOS_BASEURL = 'https://node1.example.com'

   ASTAKOS_SITENAME = '~okeanos demo example'

   ASTAKOS_CLOUD_SERVICES = (

           { 'url':'https://node1.example.com/im/', 'name':'~okeanos home', 'id':'cloud', 'icon':'home-icon.png' },

           { 'url':'https://node1.example.com/ui/', 'name':'cyclades', 'id':'cyclades' },

           { 'url':'https://node2.example.com/ui/', 'name':'pithos+', 'id':'pithos' })

   ASTAKOS_RECAPTCHA_PUBLIC_KEY = 'example_recaptcha_public_key!@#$%^&*('

   ASTAKOS_RECAPTCHA_PRIVATE_KEY = 'example_recaptcha_private_key!@#$%^&*('

   ASTAKOS_RECAPTCHA_USE_SSL = True

``ASTAKOS_IM_MODULES`` refers to the astakos login methods. For now only local

is supported. The ``ASTAKOS_COOKIE_DOMAIN`` should be the base url of our

domain (for all services). ``ASTAKOS_BASEURL`` is the astakos home page.

``ASTAKOS_CLOUD_SERVICES`` contains all services visible to and served by

astakos. The first element of the dictionary is used to point to a generic

landing page for your services (cyclades, pithos). If you don't have such a

page it can be omitted. The second and third element point to our services

themselves (the apps) and should be set as above.

For the ``ASTAKOS_RECAPTCHA_PUBLIC_KEY`` and ``ASTAKOS_RECAPTCHA_PRIVATE_KEY``

go to https://www.google.com/recaptcha/admin/create and create your own pair.

If you are an advanced user and want to use the Shibboleth Authentication method,

read the relative :ref:`section <shibboleth-auth>`.

Servers Initialization

----------------------

After configuration is done, we initialize the servers on node1:

.. code-block:: console

   root@node1:~ # /etc/init.d/gunicorn restart

   root@node1:~ # /etc/init.d/apache2 restart

Database Initialization

-----------------------

Then, we initialize the database by running:

.. code-block:: console

   # snf-manage syncdb

At this example we don't need to create a django superuser, so we select

``[no]`` to the question. After a successful sync, we run the migration needed

for astakos:

.. code-block:: console

   # snf-manage migrate im

Finally we load the pre-defined user groups

.. code-block:: console

   # snf-manage loaddata groups

You have now finished the Astakos setup. Let's test it now.

Testing of Astakos

==================

Open your favorite browser and go to:

``http://node1.example.com/im``

If this redirects you to ``https://node1.example.com/im`` and you can see

the "welcome" door of Astakos, then you have successfully setup Astakos.

Let's create our first user. At the homepage click the "CREATE ACCOUNT" button

and fill all your data at the sign up form. Then click "SUBMIT". You should now

see a green box on the top, which informs you that you made a successful request

and the request has been sent to the administrators. So far so good, let's assume

that you created the user with username ``user@example.com``.

Now we need to activate that user. Return to a command prompt at node1 and run:

.. code-block:: console

   root@node1:~ # snf-manage listusers

This command should show you a list with only one user; the one we just created.

This user should have an id with a value of ``1``. It should also have an

"active" status with the value of ``0`` (inactive). Now run:

.. code-block:: console

   root@node1:~ # snf-manage modifyuser --set-active 1

This modifies the active value to ``1``, and actually activates the user.

When running in production, the activation is done automatically with different

types of moderation, that Astakos supports. You can see the moderation methods

(by invitation, whitelists, matching regexp, etc.) at the Astakos specific

documentation. In production, you can also manually activate a user, by sending

him/her an activation email. See how to do this at the :ref:`User

activation <user_activation>` section.

Now let's go back to the homepage. Open ``http://node1.example.com/im`` with

your browser again. Try to sign in using your new credentials. If the astakos

menu appears and you can see your profile, then you have successfully setup

Astakos.

Let's continue to install Pithos+ now.

Installation of Pithos+ on node2

================================

To install pithos+, grab the packages from our repository (make sure  you made

the additions needed in your ``/etc/apt/sources.list`` file, as described

previously), by running:

.. code-block:: console

   # apt-get install snf-pithos-app

After successful installation of snf-pithos-app, make sure that also

snf-webproject has been installed (marked as "Recommended" package). Refer to

the "Installation of Astakos on node1" section, if you don't remember why this

should happen. Now, install the pithos web interface:

.. code-block:: console

   # apt-get install snf-pithos-webclient

This package provides the standalone pithos web client. The web client is the

web UI for pithos+ and will be accessible by clicking "pithos+" on the Astakos

interface's cloudbar, at the top of the Astakos homepage.

.. _conf-pithos:

Configuration of Pithos+

========================

Conf Files

----------

After pithos+ is successfully installed, you will find the directory

``/etc/synnefo`` and some configuration files inside it, as you did in node1

after installation of astakos. Here, you will not have to change anything that

has to do with snf-common or snf-webproject. Everything is set at node1. You

only need to change settings that have to do with pithos+. Specifically:

Edit ``/etc/synnefo/20-snf-pithos-app-settings.conf``. There you need to set

only the two options:

.. code-block:: console

   PITHOS_BACKEND_DB_CONNECTION = 'postgresql://synnefo:example_passw0rd@node1.example.com:5432/snf_pithos'

   PITHOS_BACKEND_BLOCK_PATH = '/srv/pithos/data'

   PITHOS_AUTHENTICATION_URL = 'https://node1.example.com/im/authenticate'

   PITHOS_AUTHENTICATION_USERS = None

The ``PITHOS_BACKEND_DB_CONNECTION`` option tells to the pithos+ app where to

find the pithos+ backend database. Above we tell pithos+ that its database is

``snf_pithos`` at node1 and to connect as user ``synnefo`` with password

``example_passw0rd``.  All those settings where setup during node1's "Database

setup" section.

The ``PITHOS_BACKEND_BLOCK_PATH`` option tells to the pithos+ app where to find

the pithos+ backend data. Above we tell pithos+ to store its data under

``/srv/pithos/data``, which is visible by both nodes. We have already setup this

directory at node1's "Pithos+ data directory setup" section.

The ``PITHOS_AUTHENTICATION_URL`` option tells to the pithos+ app in which URI

is available the astakos authentication api. If not set, pithos+ tries to

authenticate using the ``PITHOS_AUTHENTICATION_USERS`` user pool.

Then we need to setup the web UI and connect it to astakos. To do so, edit

``/etc/synnefo/20-snf-pithos-webclient-settings.conf``:

.. code-block:: console

   PITHOS_UI_LOGIN_URL = "https://node1.example.com/im/login?next="

   PITHOS_UI_FEEDBACK_URL = "https://node1.example.com/im/feedback"

The ``PITHOS_UI_LOGIN_URL`` option tells the client where to redirect you, if

you are not logged in. The ``PITHOS_UI_FEEDBACK_URL`` option points at the

pithos+ feedback form. Astakos already provides a generic feedback form for all

services, so we use this one.

Then edit ``/etc/synnefo/20-snf-pithos-webclient-cloudbar.conf``, to connect the

pithos+ web UI with the astakos web UI (through the top cloudbar):

.. code-block:: console

   CLOUDBAR_LOCATION = 'https://node1.example.com/static/im/cloudbar/'

   PITHOS_UI_CLOUDBAR_ACTIVE_SERVICE = 'pithos'

   CLOUDBAR_SERVICES_URL = 'https://node1.example.com/im/get_services'

   CLOUDBAR_MENU_URL = 'https://node1.example.com/im/get_menu'

The ``CLOUDBAR_LOCATION`` tells the client where to find the astakos common

cloudbar.

The ``PITHOS_UI_CLOUDBAR_ACTIVE_SERVICE`` registers the client as a new service

served by astakos. It's name should be identical with the ``id`` name given at

the astakos' ``ASTAKOS_CLOUD_SERVICES`` variable. Note that at the Astakos "Conf

Files" section, we actually set the third item of the ``ASTAKOS_CLOUD_SERVICES``

list, to the dictionary: ``{ 'url':'https://nod...', 'name':'pithos+',

'id':'pithos }``. This item represents the pithos+ service. The ``id`` we set

there, is the ``id`` we want here.

The ``CLOUDBAR_SERVICES_URL`` and ``CLOUDBAR_MENU_URL`` options are used by the

pithos+ web client to get from astakos all the information needed to fill its

own cloudbar. So we put our astakos deployment urls there.

Servers Initialization

----------------------

After configuration is done, we initialize the servers on node2:

.. code-block:: console

   root@node2:~ # /etc/init.d/gunicorn restart

   root@node2:~ # /etc/init.d/apache2 restart

You have now finished the Pithos+ setup. Let's test it now.

Testing of Pithos+

==================

Open your browser and go to the Astakos homepage:

``http://node1.example.com/im``

Login, and you will see your profile page. Now, click the "pithos+" link on the

top black cloudbar. If everything was setup correctly, this will redirect you

to:

``https://node2.example.com/ui``

and you will see the blue interface of the Pithos+ application.  Click the

orange "Upload" button and upload your first file. If the file gets uploaded

successfully, then this is your first sign of a successful Pithos+ installation.

Go ahead and experiment with the interface to make sure everything works

correctly.

You can also use the Pithos+ clients to sync data from your Windows PC or MAC.

If you don't stumble on any problems, then you have successfully installed

Pithos+, which you can use as a standalone File Storage Service.

If you would like to do more, such as:

 * Spawning VMs

 * Spawning VMs from Images stored on Pithos+

 * Uploading your custom Images to Pithos+

 * Spawning VMs from those custom Images

 * Registering existing Pithos+ files as Images

 * Connect VMs to the Internet

 * Create Private Networks

 * Add VMs to Private Networks

please continue with the rest of the guide.

Cyclades (and Plankton) Prerequisites

=====================================

Before proceeding with the Cyclades (and Plankton) installation, make sure you

have successfully set up Astakos and Pithos+ first, because Cyclades depends

on them. If you don't have a working Astakos and Pithos+ installation yet,

please return to the :ref:`top <quick-install-admin-guide>` of this guide.

Besides Astakos and Pithos+, you will also need a number of additional working

prerequisites, before you start the Cyclades installation.

Ganeti

------

`Ganeti <http://code.google.com/p/ganeti/>`_ handles the low level VM management

for Cyclades, so Cyclades requires a working Ganeti installation at the backend.

Please refer to the

`ganeti documentation <http://docs.ganeti.org/ganeti/2.5/html>`_ for all the

gory details. A successful Ganeti installation concludes with a working

:ref:`GANETI-MASTER <GANETI_NODES>` and a number of :ref:`GANETI-NODEs

<GANETI_NODES>`.

The above Ganeti cluster can run on different physical machines than node1 and

node2 and can scale independently, according to your needs.

For the purpose of this guide, we will assume that the :ref:`GANETI-MASTER

<GANETI_NODES>` runs on node1 and is VM-capable. Also, node2 is a

:ref:`GANETI-NODE <GANETI_NODES>` and is Master-capable and VM-capable too.

We highly recommend that you read the official Ganeti documentation, if you are

not familiar with Ganeti. If you are extremely impatient, you can result with

the above assumed setup by running:

.. code-block:: console

   root@node1:~ # apt-get install ganeti2

   root@node1:~ # apt-get install ganeti-htools

   root@node2:~ # apt-get install ganeti2

   root@node2:~ # apt-get install ganeti-htools

We assume that Ganeti will use the KVM hypervisor. After installing Ganeti on

both nodes, choose a domain name that resolves to a valid floating IP (let's say

it's ``ganeti.node1.example.com``). Make sure node1 and node2 have root access

between each other using ssh keys and not passwords. Also, make sure there is an

lvm volume group named ``ganeti`` that will host your VMs' disks. Finally, setup

a bridge interface on the host machines (e.g:: br0). Then run on node1:

.. code-block:: console

   root@node1:~ # gnt-cluster init --enabled-hypervisors=kvm --no-ssh-init

                                   --no-etc-hosts --vg-name=ganeti

                                   --nic-parameters link=br0 --master-netdev eth0

                                   ganeti.node1.example.com

   root@node1:~ # gnt-cluster modify --default-iallocator hail

   root@node1:~ # gnt-cluster modify --hypervisor-parameters kvm:kernel_path=

   root@node1:~ # gnt-cluster modify --hypervisor-parameters kvm:vnc_bind_address=0.0.0.0

   root@node1:~ # gnt-node add --no-node-setup --master-capable=yes

                               --vm-capable=yes node2.example.com

For any problems you may stumble upon installing Ganeti, please refer to the

`official documentation <http://docs.ganeti.org/ganeti/2.5/html>`_. Installation

of Ganeti is out of the scope of this guide.

.. _cyclades-install-snfimage:

snf-image

---------

Installation

~~~~~~~~~~~~

For :ref:`Cyclades <cyclades>` to be able to launch VMs from specified Images,

you need the :ref:`snf-image <snf-image>` OS Definition installed on *all*

VM-capable Ganeti nodes. This means we need :ref:`snf-image <snf-image>` on

node1 and node2. You can do this by running on *both* nodes:

.. code-block:: console

   # apt-get install snf-image-host

Now, you need to download and save the corresponding helper package. Please see

`here <https://code.grnet.gr/projects/snf-image/files>`_ for the latest package. Let's

assume that you installed snf-image-host version 0.3.5-1. Then, you need

snf-image-helper v0.3.5-1 on *both* nodes:

.. code-block:: console

   # cd /var/lib/snf-image/helper/

   # wget https://code.grnet.gr/attachments/download/1058/snf-image-helper_0.3.5-1_all.deb

.. warning:: Be careful: Do NOT install the snf-image-helper debian package.

             Just put it under /var/lib/snf-image/helper/

Once, you have downloaded the snf-image-helper package, create the helper VM by

running on *both* nodes:

.. code-block:: console

   # ln -s snf-image-helper_0.3.5-1_all.deb snf-image-helper.deb

   # snf-image-update-helper

This will create all the needed files under ``/var/lib/snf-image/helper/`` for

snf-image-host to run successfully.

Configuration

~~~~~~~~~~~~~

snf-image supports native access to Images stored on Pithos+. This means that

snf-image can talk directly to the Pithos+ backend, without the need of providing

a public URL. More details, are described in the next section. For now, the only

thing we need to do, is configure snf-image to access our Pithos+ backend.

To do this, we need to set the corresponding variables in

``/etc/default/snf-image``, to reflect our Pithos+ setup:

.. code-block:: console

   PITHOS_DB="postgresql://synnefo:example_passw0rd@node1.example.com:5432/snf_pithos"

   PITHOS_DATA="/srv/pithos/data"

If you have installed your Ganeti cluster on different nodes than node1 and node2 make

sure that ``/srv/pithos/data`` is visible by all of them.

If you would like to use Images that are also/only stored locally, you need to

save them under ``IMAGE_DIR``, however this guide targets Images stored only on

Pithos+.

Testing

~~~~~~~

You can test that snf-image is successfully installed by running on the

:ref:`GANETI-MASTER <GANETI_NODES>` (in our case node1):

.. code-block:: console

   # gnt-os diagnose

This should return ``valid`` for snf-image.

If you are interested to learn more about snf-image's internals (and even use

it alongside Ganeti without Synnefo), please see

`here <https://code.grnet.gr/projects/snf-image/wiki>`_ for information concerning

installation instructions, documentation on the design and implementation, and

supported Image formats.

snf-image's actual Images

-------------------------

Now that snf-image is installed successfully we need to provide it with some

Images. :ref:`snf-image <snf-image>` supports Images stored in ``extdump``,

``ntfsdump`` or ``diskdump`` format. We recommend the use of the ``diskdump``

format. For more information about snf-image's Image formats see `here

<https://code.grnet.gr/projects/snf-image/wiki/Image_Format>`_.

:ref:`snf-image <snf-image>` also supports three (3) different locations for the

above Images to be stored:

 * Under a local folder (usually an NFS mount, configurable as ``IMAGE_DIR`` in

   :file:`/etc/default/snf-image`)

 * On a remote host (accessible via a public URL e.g: http://... or ftp://...)

 * On Pithos+ (accessible natively, not only by its public URL)

For the purpose of this guide, we will use the `Debian Squeeze Base Image

<https://pithos.okeanos.grnet.gr/public/9epgb>`_ found on the official

`snf-image page

<https://code.grnet.gr/projects/snf-image/wiki#Sample-Images>`_. The image is

of type ``diskdump``. We will store it in our new Pithos+ installation.

To do so, do the following:

a) Download the Image from the official snf-image page (`image link

   <https://pithos.okeanos.grnet.gr/public/9epgb>`_).

b) Upload the Image to your Pithos+ installation, either using the Pithos+ Web UI

   or the command line client `kamaki

   <http://docs.dev.grnet.gr/kamaki/latest/index.html>`_.