Re: [DISCUSS] Graduation - Prepare Board Resolution
... will propose it on the general incubator list. The areas we need to work on are in bold. We need to define the project description and scope. I wrote this as dynamically provisioning and brokering remote access to compute resources. Thoughts? I'm not sure I would not really understand the scope of VCL from that statement. I agree more should be added. I kept it short since the example resolutions suggested on the graduation guide page are very short and general: ofbiz: open-source software related to enterprise automation Can we just use the description then?: open-source software related to a modular cloud computing platform which dynamically provisions and brokers remote access to compute resources I think this is reasonable - but have a *minor* quibble - The bulk of what the VCL does (auth/auth, reservations, image storage, image loading, ...) seems to me to be fall under the provisions concept - but brokers seems to be getting equal emphasis even though it is an added capability. It's an important added capability, but perhaps this slight revision might help: I don't have a strong opinion about this, but I have always understood provisioning to relate to the infrastructure for image storage, capture and loading while brokering relates to connecting the virtualization or blade back-end to a user's request, which would include such things as authentication, authorization, reservations, scheduling, etc. I think the two are pretty equal in importance. Just my $0.02 -Aaron C open-source software related to a modular cloud computing platform which dynamically provisions (and brokers) remote access to compute resources --henry ... smime.p7s Description: S/MIME cryptographic signature
Re: Deleting local user account
I have also encountered this. What I did was to alter the database schema so that deleting a user causes the relevant log entries to also be deleted. something like this: ALTER TABLE `log` ADD FOREIGN KEY (`userid`) REFERENCES `user` (`id`) ON DELETE CASCADE; ALTER TABLE `querylog` ADD FOREIGN KEY (`userid`) REFERENCES `user` (`id`) ON DELETE CASCADE; Then you should be able to simply remove a user from the database. Aaron On May 22, 2012, at 1:29 PM, James O'Dell wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I believe I've seen this before. It won't let you delete things that are referenced in the log/querylog (stored in the database). Have you tried zeroing out the log, and then removing the account? __Jim On 5/22/2012 10:16 AM, Mike Haudenschild wrote: Good afternoon, During our beta testing, I created a number of generic local accounts (using vcld --setup). Now that we're moving into production, we're using Shib and LDAP and I need to delete those local accounts. When I try manually removing the user from the vcl.user table, I get the following error: ERROR 1451 (23000): Cannot delete or update a parent row: a foreign key constraint fails (`vcl/querylog`, CONSTRAINT `querylog_ibfk_1` FOREIGN KEY (`userid`) REFERENCES `user` (`id`)) I'm hesitant to go poking about any further in the database. Is there a standard procedure for removing local users? (Note: I'm on 2.2.1.) Thanks, Mike -- *Mike Haudenschild* Education Systems Manager Longsight Group (740) 599-5005 x809 m...@longsight.com mailto:m...@longsight.com www.longsight.com http://www.longsight.com - -- Jim O'Dell Network Analyst California State University Fullerton Email: jod...@fullerton.edu Phone: (657) 278-2256 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+7zOUACgkQREVHAOnXPYTPggCgjf83JqEUgV96hdEZ8jRPM7JD kyAAmwUSA1zOKUMPDC3W92eoFsm4q4LN =DIEC -END PGP SIGNATURE-
Re: [DISCUSS] Graduation - Prepare Board Resolution
On May 18, 2012, at 10:06 AM, Andy Kurth wrote: I have created a Confluence page which we can use to work out the board resolution: https://cwiki.apache.org/confluence/display/VCL/Graduation+Board+Resolution Once we are comfortable with the resolution, one of the PPMC members will propose it on the general incubator list. The areas we need to work on are in bold. We need to define the project description and scope. I wrote this as dynamically provisioning and brokering remote access to compute resources. Thoughts? Thanks for writing this. It sounds great. Please check the list of initial members to make sure I didn't leave anyone out. This list includes both PPMC members and committers, correct? If we are in agreement that the list will be the committers after graduation, should the status file be changed now? The PPMC members also need to appoint a chair for the project. I would be willing to do this. Anyone else interested? I would support having Andy serve as chair. Also, 2 more issues regarding the status file: The stock bullets under Project info should be removed. The description is currently VCL is a management framework for building, dispensing and managing virtual machine images across a set of bare metal machines or systems with an installed virtual machine hypervisor. I don't think this is quite accurate. How about VCL is a modular cloud computing platform which dynamically provisions and brokers remote access to compute resources.? That sounds much better (though I believe a comma should precede 'which'). Aaron Coburn -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College acob...@amherst.edu smime.p7s Description: S/MIME cryptographic signature
Re: Install of Management Node
Arbin, I would suggest following the online documentation. Version 2.3 has not been released yet, so I would recommend following the instructions located here: https://cwiki.apache.org/confluence/display/VCL/VCL+2.2.1+Installation The documentation assumes that the management node is a RHEL or CentOS server. Aaron -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College acob...@amherst.edumailto:acob...@amherst.edu On May 16, 2012, at 8:41 PM, Sanders, Arbin D wrote: All, What packages are needed when installing CentOS for the management node? This will be my first time installing CentOS from scratch and I would like to know how you all install it. Thanks! Arbin Darren Sanders IT Manager – Academic Computing North Carolina Central University 712 Cecil Street Suite 3014 Durham, NC 27707 919.530.6307 919.530.5097 (Fax) For the Latest ITS Updates and Tips Join Us Online http://www.facebook.com/profile.php?id=66100342#!/pages/Durham-NC/NCCU-Eagle-Technical-Assistance-Center-ETAC/249508718552?v=info http://twitter.com/NCCUETAC CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this e-mail from your system. __ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com __
Re: [VOTE] Apache VCL Ready to Graduate
+1 -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College acob...@amherst.edumailto:acob...@amherst.edu On May 10, 2012, at 11:01 AM, Andy Kurth wrote: This vote is to determine if the Apache VCL community believes the project is ready to graduate from the incubator to a top level project. Everyone in the community is encouraged to vote. Please reply expressing one of the following: +1 : yes, Apache VCL is ready to graduate to a top level project 0 : ambivalent -1 : no, Apache VCL is not ready to graduate to a top level project This vote will be closed on Tuesday, May 15, 2012 at 5:00 pm EST. If this vote passes, the community will draft a board resolution and present it to the IPMC. Thank You, Andy Kurth
Re: Which version of Linux?
We use CentOS 5.6 and RHEL 6.2. There was an attempt some time ago to use Debian on a second management node; we got most of the way there, but in the end it was much easier to just use RHEL. -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College acob...@amherst.edumailto:acob...@amherst.edu On May 10, 2012, at 3:13 PM, Waldron, Michael H wrote: We are running RHEL 5.8 for both. Mike Waldron Systems Specialist ITS Research Computing University of North Carolina at Chapel Hill CB #3420, ITS Manning, Rm 2509 919-962-9778 From: Sanders, Arbin D [asand...@nccu.edumailto:asand...@nccu.edu] Sent: Thursday, May 10, 2012 3:07 PM To: 'vcl-...@incubator.apache.orgmailto:vcl-...@incubator.apache.org'; 'vcl-user@incubator.apache.orgmailto:vcl-user@incubator.apache.org' Subject: Which version of Linux? All, I am wondering what versions of Linux are you all running for your production management node and your development management node. Arbin Darren Sanders IT Manager – Academic Computing North Carolina Central University 712 Cecil Street Suite 3014 Durham, NC 27707 919.530.6307 919.530.5097 (Fax) For the Latest ITS Updates and Tips Join Us Online image001.pnghttp://www.facebook.com/profile.php?id=66100342#!/pages/Durham-NC/NCCU-Eagle-Technical-Assistance-Center-ETAC/249508718552?v=info image002.pnghttp://twitter.com/NCCUETAC CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this e-mail from your system. __ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com __
Re: [DISCUSS] Graduation
We began working with the VCL software about two years ago at Amherst College, and in that time, the community has grown well beyond its NCSU roots. I am seeing significantly more activity on the lists as well as more JIRA issues and contributed code from the wider community. I would also support a vote for graduation. As for the website, I agree that some design work would be really useful. I am assuming that ASF would provide a hosting arrangement, i.e. a domain like vcl.apache.orghttp://vcl.apache.org? Would that also include server space to run any type of CMS? Confluence is a nice all-in-one package, though if you are considering a complete overhaul of the site, I could also recommend a system like Drupal (MySQL + PHP). Drupal has a lot of bells and whistles that can make for a very nice, highly interactive site. The downside of drupal is that it is not specifically designed to handle software documentation. On the other hand, if we only need to serve static html pages that focus on documentation, etc, I can also recommend Sphinx. The downside of Sphinx is that it is really best for Python and C++ projects, and it doesn't support web-based updates -- it does create excellent sites, though. I am also a little unclear on the timeframe for modifying the website -- it this something that would be done prior to graduation or upon graduation? Aaron Coburn -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College acob...@amherst.edumailto:acob...@amherst.edu On May 2, 2012, at 9:14 AM, Aaron Peeler wrote: I feel we have meet our diversity issue and also expect to add more committers over the next couple of months. I would positively support a vote for graduation. I agree on the other points mentioned. Status page needs to be updated. We can work on this part easily. The web site needs to be migrated off confluence. Has anyone researched other CMS options for the website. I think this would be a good community discussion thread. Which CMS, the layout, (content, documentation, design ideas, etc.) Aaron On Tue, May 1, 2012 at 12:44 PM, Andy Kurth andy_ku...@ncsu.edumailto:andy_ku...@ncsu.edu wrote: This thread is to discuss whether the Apache VCL community feels that this incubating project is ready to proceed with the process to graduate to a top level ASF project. There are several requirements which must be met and steps completed in order to graduate. This discussion thread is the first step towards graduation. Please review the following pages. http://incubator.apache.org/guides/graduation.html http://incubator.apache.org/incubation/Incubation_Policy.html#Graduating+from+the+Incubator There are many items described in the ASF graduation documentation which we have obviously satisfied (create a release, etc). The following are issues that I feel either need to be addressed, would be concerned about regarding board/mentor approval, or have been brought up before. Please share your thoughts. Also, please review the ASF graduation documentation and bring up anything else which might be a concern. Status File: (https://svn.apache.org/repos/asf/incubator/public/trunk/content/projects/vcl.xml) This is not up to date and is missing information. Previous board reports need to be added. News items need to be added containing the string new committer. Doing this will cause the numberCommittersNew column on the Status of the Clutch page to turn green (http://incubator.apache.org/clutch.html). Also, the list of commiters in the status file and project page hasn't changed since Apache VCL started. The new committers obviously need to be added. I'm not sure how the original list was decided upon, but I feel several names should be removed since they have not contributed any code and some have not been involved in the community at all. I think the list should be Aaron Coburn, David Hutchins, Andy Kurth, James O'Dell, Aaron Peeler, Josh Thompson. Also, Brian Bouterse contributed some code a while ago. I'm not sure if he is still interested in being a committer. Diversity: ASF requirement: The project is not highly dependent on any single contributor (there are at least 3 legally independent committers and there is no single company or entity that is vital to the success of the project). This issue has been raised before. I feel we meet this requirement and that the community is generally diverse, can govern itself, and be self-sufficient. Website: This is not necessarily a requirement for graduation but I feel that it should be addressed prior to graduation. Our website/documentation is pretty rough and really should be redesigned. I'm guessing the board members will look at it prior to voting. In addition, there will likely be a press release if/when we graduate and website views will spike. This shouldn't hold up the graduation process, but I would like agreement that this should be completed by graduation. Thank You
Re: [DISCUSS] Graduation
I looked through a number of existing top-level ASF project websites, and they all appear to be serving up static HTML pages. Some of them use a wiki at http://wiki.apache.org/{project name}; otherwise, the sites appear to be generated by some sort of script/template combination. If there is a choice, I would recommend following this model: using static pages as much as possible will effectively eliminate almost all security and maintenance issues. Most ASF sites do not have a search feature, and those that do rely on third parties (e.g. google). It would be easy enough to follow that model, though if we use Sphinx, it has a built-in (javascript-based) search engine. There are a lot of template-based options for building sites, and I am completely unfamiliar with most of them. Velocity is another ASF project, but I have never worked with it. Several years ago I used Template::Toolkit quite a bit, which is written in perl. Since so much of the VCL uses perl, this might be a good option -- not that one actually needs to know perl to use it. It would also be possible to use an XSLT-based engine, but I XSL syntax can be very unforgiving. My current favorite is Sphinx, which relies on python to generate the HTML. Aaron Coburn On May 4, 2012, at 11:51 AM, Aaron Peeler wrote: As for the website, I agree that some design work would be really useful. I am assuming that ASF would provide a hosting arrangement, i.e. a domain like vcl.apache.org? Would that also include server space to run any type of CMS? Confluence is a nice all-in-one package, though if you are considering a complete overhaul of the site, I could also recommend a system like Drupal (MySQL + PHP). Drupal has a lot of bells and whistles that can make for a very nice, highly interactive site. The downside of drupal is that it is not specifically designed to handle software documentation. On the other hand, if we only need to serve static html pages that focus on documentation, etc, I can also recommend Sphinx. The downside of Sphinx is that it is really best for Python and C++ projects, and it doesn't support web-based updates -- it does create excellent sites, though. I believe we can run anything we like. ASF does provide the hosting and the top-level projects do have their own url projectname.apache.org. I'm not up-to speed yet on what our options are or what the other projects are using. The Apache infrastructure team is recommending projects to migrate away from confluence. Has anyone else had a chance to research which cms tools are available supported/recommended by ASF? I am also a little unclear on the timeframe for modifying the website -- it this something that would be done prior to graduation or upon graduation? I don't think it is a requirement, but ideally it would be nice to at least have a start on a new site by graduation time. Aaron Peeler
Re: Rework the Apache VCL website?
On May 4, 2012, at 1:00 PM, Andy Kurth wrote: On Fri, May 4, 2012 at 10:46 AM, Aaron Coburn acob...@amherst.edu wrote: As for the website, I agree that some design work would be really useful. I am assuming that ASF would provide a hosting arrangement, i.e. a domain like vcl.apache.org? Would that also include server space to run any type of CMS? Yes, ASF hosts all project websites and provides server space. If/when we graduate, the podling website will be moved to vcl.apache.org. Apache provides a CMS but it is up to the community whether to use it or something else as long as the content is static. More info is here: http://www.apache.org/dev/project-site.html -and- http://www.apache.org/dev/cms.html Thanks, I read about Apache's CMS, and I don't see any compelling reason not to use that. It supports both HTML and Markdown formats. Updates are managed by subversion, and it seems like it will be easy to use. Aaron Coburn Confluence is a nice all-in-one package, though if you are considering a complete overhaul of the site, I could also recommend a system like Drupal (MySQL + PHP). Drupal has a lot of bells and whistles that can make for a very nice, highly interactive site. The downside of drupal is that it is not specifically designed to handle software documentation. On the other hand, if we only need to serve static html pages that focus on documentation, etc, I can also recommend Sphinx. The downside of Sphinx is that it is really best for Python and C++ projects, and it doesn't support web-based updates -- it does create excellent sites, though. I also like Drupal but don't think it can be used due to the static requirement. We actually use this for NCSU's VCL front page. I'm not familiar with Sphinx. It looks like at least one other project is using Sphinx: http://chemistry.apache.org/python/docs/docs.html -Andy On Wed, Dec 7, 2011 at 7:54 AM, Aaron Peeler fapee...@ncsu.edu wrote: Yes, I agree the site needs to be updated. I'm fine to move to ASF CMS, especially if this the future direction. Aaron On Tue, Dec 6, 2011 at 3:58 PM, Andy Kurth andy_ku...@ncsu.edu wrote: The Apache VCL project website (https://cwiki.apache.org/VCL) could use some improving. It is automatically generated from the Confluence wiki site (https://cwiki.apache.org/confluence/display/VCL/Apache+VCL). I'm not sure exactly how this works but some things have never worked quite right... small details such as the left nav bar not showing up. I'd like to start reworking the site and would like ideas/help from anyone interested. The first step would be to decide on an underlying platform/CMS. I have nothing against Confluence but the ASF is moving away from it in favor of the ASF Content Management System. More information is here: http://www.apache.org/dev/cms.html http://www.apache.org/dev/cmsref.html Tools have been written to assist in migrating from Confluence to the ASF CMS. See the bottom of the wiki page: http://wiki.apache.org/general/ApacheCms2010 At first glance this seems like a logical path to pursue. Thoughts? -Andy -- Aaron Peeler Program Manager Virtual Computing Lab NC State University All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties.
Re: VCL 2.3
Dmitri, you can also set a default ItentityFile in the ssh configuration, i.e.: IdentityFile /etc/vcl/vcl.key Depending on how you want this set up (whether to apply only to certain hosts or to be globally applicable), you can put this in /etc/ssh/ssh_config or in /root/.ssh/config This can be a useful setting, especially for manually accessing VM nodes, since you can then entirely omit the -i flag. Aaron -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College acob...@amherst.edu On May 1, 2012, at 10:50 PM, Dmitri Chebotarov wrote: Andy $ssh_options doesn't have vcl.key. (ie. -i /path/to/vcl.key) I've changed the code to test it - added: $ssh_options = $ssh_options. -i /etc/vcl/vcl.key; right before $ssh object is created and it seemed to communicated with host OK this time: ... 2012-05-01 22:38:16|1097|435:427|reload|OS.pm:(eval)(1946)|created Net::SSH::Expect object to control VMHOST1 2012-05-01 22:38:16|1097|435:427|reload|OS.pm:(eval)(1947)|ssh_options: -o StrictHostKeyChecking=no -i /etc/vcl/vcl.key (-- before the change $ssh_option was just '-o StrictHostKeyChecking=no') 2012-05-01 22:38:19|1097|435:427|reload|VIM_SSH.pm:initialize(138)|VIM executable available on VM host: vim-cmd 2012-05-01 22:38:19|1097|435:427|reload|VIM_SSH.pm:initialize(140)|VCL::Module::Provisioning::VMware::VIM_SSH object initialized 2012-05-01 22:38:19|1097|435:427|reload|VMware.pm:get_vmhost_api_object(1522)|created API object: VCL::Module::Provisioning::VMware::VIM_SSH 2012-05-01 22:38:19|1097|435:427|reload|VMware.pm:initialize(312)|VM host VMHOST1 will be controlled using vim-cmd via SSH 2012-05-01 22:38:19|1097|435:427|reload|VMware.pm:initialize(327)|VMware OS and API objects created for VM host VMHOST1: |1097|435:427|reload| VM host OS object type: VCL::Module::OS::Linux |1097|435:427|reload| VMware API object type: VCL::Module::Provisioning::VMware::VIM_SSH 2012-05-01 22:38:19|1097|435:427|reload|VMware.pm:get_vmhost_product_name(6514)|VMware product being used on VM host VMHOST1: 'VMware ESXi 5.0.0 build-469512' 2012-05-01 22:38:19|1097|435:427|reload|VIM_SSH.pm:_run_vim_cmd(193)|vim-cmd call count: 1 (hostsvc/datastore/listsummary) 2012-05-01 22:38:19|1097|435:427|reload|VIM_SSH.pm:_run_vim_cmd(208)|executed command on VM host VMHOST1: vim-cmd hostsvc/datastore/listsummary … I've double checked the setting for vcl.key under management node and it's present. Thank you. -- Dmitri Chebotarov Virtual Computing Lab Systems Engineer, TSD - Ent Servers Messaging 223 Aquia Building, Ffx, MSN: 1B5 Phone: (703) 993-6175 Fax: (703) 993-3404 On Tuesday, May 1, 2012 at 21:47 , Dmitri Chebotarov wrote: Andy, Here is the full log. Thank you. VCL::new object could not be created and initialized time: 2012-05-01 16:54:28 caller: vcld:make_new_child(575) ( 0) vcld, make_new_child (line: 575) (-1) vcld, main (line: 350) management node: sand-vcl23 reservation PID: 16065 parent vcld PID: 15907 request ID: 433 reservation ID: 425 request state/laststate: reload/reload request start time: 2012-05-01 16:45:00 request end time: 2012-05-01 17:05:00 for imaging: no log ID: none computer: sandbox-vcl-4 computer id: 46 computer type: virtualmachine computer eth0 MAC address: 00:50:56:00:10:08 computer eth1 MAC address: 00:50:56:00:10:09 computer private IP address: private-.5.14 computer public IP address: public-.244 computer in block allocation: no provisioning module: VCL::Module::Provisioning::VMware::VMware vm host: VMHOST1 vm host ID: 5 vm host computer ID: 85 vm profile: VMware ESXi - local network storage vm profile VM path: /vmfs/volumes/local-datastore/runningImages vm profile repository path: undefined vm profile datastore path: /vmfs/volumes/sandbox-Image-Library/baseImages vm profile disk type: networkdisk image: vmwarelinux-CentOSxCat69-v0 image display name: CentOS 5.5 (persistent) image ID: 69 image revision ID: 72 image size: 8192 MB use Sysprep: no root access: yes image owner ID: 1 image owner affiliation: Local image revision date created: 2012-02-09 15:11:37 image revision production: yes OS module: VCL::Module::OS::Linux user: vclreload user name: vcl reload user ID: 2 user affiliation: Local RECENT LOG ENTRIES FOR THIS PROCESS: 2012-05-01 16:54:21|16065|433:425|reload|VMware.pm:initialize(267)|initializing VCL::Module::Provisioning::VMware::VMware object 2012-05-01 16:54:21|16065|433:425|reload|DataStructure.pm:_initialize(616)|computer ID argument was specified, retrieving data for computer ID: 85 2012-05-01 16:54:21|16065|433:425|reload|DataStructure.pm:_initialize(640
Re: Vcl and vmware HA
Yes, we are using vMotion with our ESX hosts. It involved writing a custom provisioning module which is slated to be part of the next VCL release. The short version is that all of the ESX hosts are put into a single vCenter host, and the VCL communicates only with that single host (even though there may be many physical hosts). Then when VMware vMotions a machine, the VCL neither knows nor cares that this happened. Aaron -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College acob...@amherst.edu On Mar 28, 2012, at 11:12 AM, Anu Chirinos wrote: Hello, Is anybody dealing with VCL and ESX Vmotion underneath? Has anybody done any research or work on this? Anu Chirinos UTS - Operations and Enterprise Systems Florida International University Office (305) 348-0275 Cell (786) 712-9025 smime.p7s Description: S/MIME cryptographic signature
Re: Creating a base image
Given that your VMhost is called vsphere, is it safe to assume that you plan to use the vSphere API to access the host? If that is the case, you need to make sure that the vSphere SDK for perl is installed. According to your logfile, the perl libraries are either not installed or not in perl's path (i.e. @INC). If you intend to use the perl SDK, you can install it from here: http://www.vmware.com/support/developer/viperltoolkit/ (be sure to select the release corresponding to your VMware version) If you are not going to use the vSphere API, then make sure to read through this page as you configure your VMhost: https://cwiki.apache.org/confluence/display/VCL/VMware+Configuration Aaron -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College (413) 542-5451 acob...@amherst.edu On Mar 16, 2012, at 1:13 PM, Aaron Bryant wrote: After seeing your suggestion, I have done the following changes to no avail: - Disabled Selinux - Changed the syntax of the hosts file from IP Address - Alias - Hostname, to IP Address - Hostname - Alias (Just to make sure this wasn't causing a problem) I can't seem to find any problems with permissions. I also could not find any valid reason for the cat to fail, although directly after it fails, it prints the output of the cat command in the log file. The problem is still occurring even after the simple changes I have made. Any additional suggestions? On 2/28/2012 4:21 PM, Dmitri Chebotarov wrote: Aaron The problem seems to be with your /etc/hosts file. 'cat /etc/hosts' failed with exit status 255, when exit status 0 is expected. B/c of this, vcl couldn't get private ip address and didn't attempt to connect to the host. I cannot think of any valid reasons why 'cat /etc/hosts' would fail... Can you double-check syntax, permission, selinux, ... ? ... |10951|20:20|image| WARNING |10951|20:20|image| 2012-02-28 13:32:34|10951|20:20|image|DataStructure.pm:get_computer_private_ip_address(1589)|failed to cat /etc/hosts on this management node, exit status: 255, output: |10951|20:20|image| 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 |10951|20:20|image| 192.168.0.101 1vsphere 1vsphere.upb.pitt.edu ... On Feb 28, 2012, at 13:28 , Aaron Bryant wrote: Greetings, I completed installing Cygwin SSHD and I'm attempting to run the vcld -setup command. My problem occurs in this step while creating a base image. I am able to get through all of the prompts and start the creation before the script crashes. I have checked the '/var/log/vcld.log' log file and this is a portion of the output: --- VCL::Module::Provisioning::VMware::vSphere_SDK |10951|20:20|image| WARNING |10951|20:20|image| 2012-02-28 13:32:34|10951|20:20|image|VMware.pm:initialize(273)|no methods are available to control VM host vsphere, the vSphere SDK cannot be used to control the VM host and the host OS cannot be controlled via SSH |10951|20:20|image| ( 0) VMware.pm, initialize (line: 273) |10951|20:20|image| (-1) Module.pm, new (line: 207) |10951|20:20|image| (-2) Module.pm, create_provisioning_object (line: 423) |10951|20:20|image| (-3) State.pm, initialize (line: 117) |10951| 20:20|image| (-4) Module.pm, new (line: 207) |10951|20:20|image| (-5) vcld, make_new_child (line: 564) |10951|20:20| image| WARNING |10951|20:20|image| 2012-02-28 13:32:34|10951|20:20|image| Module.pm:create_provisioning_object(431)|provisioning object could not be created, returning 0 |10951|20:20|image| ( 0) Module.pm, create_provisioning_object (line: 431) |10951|20:20|image| (-1) State.pm, initialize (line: 117) | 10951|20:20|image| (-2) Module.pm, new (line: 207) |10951|20:20|image| (-3) vcld, make_new_child (line: 564) |10951| - I have checked and am able to ssh between the management node and the virtual machines using key authentication. Please see the log file attached for more information. Thanks, Aaron Bryant Logfile.txt Thank you. - Dmitri Chebotarov dcheb...@gmu.edu 703-993-6175 - Logfile.txt smime.p7s Description: S/MIME cryptographic signature
Re: Creating a base image
It sounds like the issue is related to the communication between the management node and the VMware host. That, at least, is what the attached logs reflect. It is also unclear whether you are trying to access the VM Host via the vSphere API or via SSH. If it is the former, make sure that the vSphere perl modules have been installed and that the vmprofile is properly set up. If it is the latter, make sure that the ssh port is open on the VM host (there are instructions for how to do this here: https://cwiki.apache.org/confluence/display/VCL/VMware+Configuration ) and that the mgmt node is able to login successfully via ssh. As for ssh key authentication between the mgmt node and VMs, I would recommend using the gen-node-key.sh script described at the bottom of this page: https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=4589006 -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College (413) 542-5451 acob...@amherst.edu On Feb 28, 2012, at 3:45 PM, Josh Thompson wrote: You don't want to be able to ssh from the image to the management node - in fact that's a bad idea because it would allow anyone making a reservation for the image to ssh to your management node. Unfortunately, I can't speak to what is causing your problem. Josh On Tuesday, February 28, 2012 3:34:42 PM Aaron Bryant wrote: I have previously added each of the servers and clients into each others Know hosts to eliminate any problems there. I have discovered that I am able to use SSH key authentication between the Management node and the client, but not from the client back to the Management node. Password authentication will work for the SSH connection between the client and management node, but not key authentication. I have tried to copy the management node's private key, which I am assuming is /etc/vcl/vcl.key, to the client machine but to no avail. The client machine still prompts for a password when entering ssh Aaron On 2/28/2012 1:40 PM, Alexander Patterson wrote: Hello Aaron Can you log in into your Vsphere Client ESXI 4.1 Server the one hosting the images Go to Configurations Under Software Click on Security Profile Click on Properties Under Remote Access make sure you have Remote Teach Support SSH is Running and Automatically Turned on You should check if you can ssh without a password from the base image to the management node but also and vice versa. Also did you add in the IP range into trusted hosts? -Alex On Tue, Feb 28, 2012 at 10:28 AM, Aaron Bryantamb...@pitt.edu wrote: Greetings, I completed installing Cygwin SSHD and I'm attempting to run the vcld -setup command. My problem occurs in this step while creating a base image. I am able to get through all of the prompts and start the creation before the script crashes. I have checked the '/var/log/vcld.log' log file and this is a portion of the output: -- - VCL::Module::Provisioning::VMware::vSphere_SDK |10951|20:20|image| WARNING |10951|20:20|image| 2012-02-28 13:32:34|10951|20:20|image|VMware.pm:initialize(273)|no methods are available to control VM host vsphere, the vSphere SDK cannot be used to control the VM host and the host OS cannot be controlled via SSH |10951|20:20|image| ( 0) VMware.pm, initialize (line: 273) |10951|20:20|image| (-1) Module.pm, new (line: 207) |10951|20:20|image| (-2) Module.pm, create_provisioning_object (line: 423) |10951|20:20|image| (-3) State.pm, initialize (line: 117) |10951| 20:20|image| (-4) Module.pm, new (line: 207) |10951|20:20|image| (-5) vcld, make_new_child (line: 564) | | |10951|20:20| image| WARNING |10951|20:20|image| 2012-02-28 13:32:34|10951|20:20|image| Module.pm:create_provisioning_object(431)|provisioning object could not be created, returning 0 |10951|20:20|image| ( 0) Module.pm, create_provisioning_object (line: 431) |10951|20:20|image| (-1) State.pm, initialize (line: 117) 10951|20:20|image| (-2) Module.pm, new (line: 207) |10951|20:20|image| (-3) vcld, make_new_child (line: 564) |10951| -- --- I have checked and am able to ssh between the management node and the virtual machines using key authentication. Please see the log file attached for more information. Thanks, Aaron Bryant - -- - --- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu All electronic mail messages in connection with State business which are sent
Re: Shibboleth Authentication in VCL
Al, There are a variety of things to check. First, in .ht-inc/conf.php, make sure that you have an affiliation configured under $authMechs This might look something like this: $authMechs = array( Institution Name = array(type = redirect, affiliationid = 0, URL = /Shibboleth.sso/Login?target=%2Fshibauth ) ); Depending on how your SP is set up, you may or may not need additional information in the URL section of the configuration. For instance, you may want to extend the URI to include an entityID parameter that points to your IdP. Next, you will need to verify that the /shibauth directory is configured to perform Shibboleth authentication. In the /shibauth/index.php file you may want to add something like this (at the top of the file) for verification: foreach( array( eppn, sn, givenName, displayName) as $attr){ error_log(DEBUG $attr: . $_SERVER[$attr]); } Next, the users are added to the database with the updateShibUser function (called in the /shibauth/index.php file). You should check that this method is really being called. Finally, users are added to groups with the updateShibGroups function. By default, users are added to groups based on the value of $_SERVER['affiliation']. These groups tend to be prefixed with shib- and don't appear in the web UI. If you take a look at the .ht-inc/authmethods/shibauth.php file, you will see sample code in the updateShibGroups that has been commented out. If you wish to add everyone to an all users group, I would recommend using some similar code. You will just need to make sure that the group name you specify there is configured in the Privilege tree to have access to a certain image group. Aaron -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College (413) 542-5451 acob...@amherst.edu On Feb 23, 2012, at 3:56 PM, Evelio Quiros wrote: Ok, we see two affiliations in the database, Local Global. Both were set to 0. We are using Shibboleth without LDAP, since Shib uses LDAP in it's back end authentication. We set the Global shibonly field to 1 and tried it. It still behaves the same, no new users are entered in the database. Thanks, Al Quiros Florida International University On 2/23/12 3:08 PM, Josh Thompson josh_thomp...@ncsu.edu wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Al, Are you using Shibboleth by itself or in conjunction with LDAP? If not with LDAP, do you have affiliation.shibonly set to 1 for any affiliations logging in with Shibboleth? Josh On Thursday 23 February 2012 7:06:40 PM Evelio Quiros wrote: Hello, We are trying to configure Shibboleth for VCL. We have gotten to the point where a user is able to log in successfully, so the $_SERVER values are ok, but it does not add the new user into the database. Doing a search for that username shows nothing, even though we were able to login successfully. Consequently, the logged in user has no privileges, and cannot make reservations. Any ideas on what we may be missing ? Thanks, Al Quiros Florida International University - -- - --- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found at pgp.mit.edu All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk9GnL0ACgkQV/LQcNdtPQNvqACfeE54okUDqMmymEFZoA99MyS2 MfoAnjmhgE6Q3ZYUi9OVZZat1/U/8gmd =O91X -END PGP SIGNATURE-
Re: icon on the desktop access to VCL
Josh, One thing you may also want to consider is how you would handle api authentication for institutions that use Shibboleth. There are secure ways to do this, à-la the google 2-step verification or via an embedded browser, but that would involve some additional fields in the database and modification of the web front-end. The main question in my mind would be whether the application would store these access credentials and/or how a user logs out. I don't see this as a problem for users' personal machines, but if someone tried to use this in the context of a pubic or lab computer, I would be very concerned. If, as Art suggested below, the desktop app required users to authenticate and then be timed out after a set period, then what would be the advantage of a desktop app? Especially if a campus already has some type of web-based single sign on in place. In short, what exactly is the goal in developing a desktop app? If the goal is to bypass the standard VCL website and simplify access, you can use the existing API to do that. I have written several web-based alternate interfaces for our VCL that function well, including one that integrates with our campus' learning management system. They are easy to write and the developer has full control over how they look -- that would be harder to accomplish with a desktop application. The existing API is certainly more limited in its range of functions when compared to the full web site. On the other hand, it is capable of making and managing reservations, which constitute the vast majority of users' (esp. students') interactions with the VCL. You can see some screenshots here: https://vcl.ats.amherst.edu/remote_access/ On the other hand, if the goal is to eliminate the somewhat awkward transition between the VCL website and an active RDP connection, there are ways to deal with that, too. With the use of protocol handlers and a little bit of custom application development for Windows, we have a working one-click logon solution that works on all of the major browser-OS combinations (IE, FF, Safari, Chrome; Win7, WinXP, OS X, Ubuntu). And this pairs nicely with the remote interfaces mentioned above, making it really simple for users to connect. Aaron -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College (413) 542-5451 acob...@amherst.edu On Feb 8, 2012, at 2:08 PM, Art Vandenberg wrote: Georgia State is likely interested in this IF it doesn't reduce security. I presume icon would be clickable and then one VIOLA, logged in? If so, there is presumably no login per se. Perhaps some time-out on the ICON would be valuable then - e.g. you have x minutes to click or else (something happens... goes away? expires? prompts for PW after all?) Maybe recommended only where there is at least some login (to VCL menu at least) so there is a reasonable accountability? I am going to send this to our engineers and ask for their input (I think the read the posts, but will be direct.) Art On Feb 8, 2012, at 11:56 AM, Josh Thompson wrote: I've been hearing interest in an icon on the desktop type of access to VCL. The idea being that you could have some kind of broker script/app that can be run which will interact with the VCL API to create a VCL reservation, wait on it to be deployed, and then connect to the reserved system (ideally without requiring the user to log in to the reserved system). That app could then just be launched through an icon to gain access to a VCL provisioned system. Several years ago, I wrote something along the lines of this in python/tk. That was more of a proof of concept and would need a good bit of work to be useful to others. I'm starting this thread to start gathering information on who is interested in this idea and what requirements you would have for it. I'd also like to know if anyone would be interested in helping with the development of it. So, if you have any interest in this, please reply to this thread with -requirements you would have -how you would envision it to work -any interest in development of it Thanks, Josh --- Josh Thompson VCL Developer North Carolina State University Art Vandenberg Account Manager/Research Function Customer Relations, IST Information Systems Technology Georgia State University avandenb...@gsu.edu +1 404 413 4743 MS Information Computer Science, Georgia Tech MVA Painting Drawing, Georgia State Web page: http://www.gsu.edu/ist/acs/25735.html
Re: xmlrpc
Mani,there is documentation for the XML RPC located here:http://people.apache.org/~jfthomps/xmlrpcdocs/xmlrpcWrappers_8php.htmlI have been using the remote API for some time now, and it works very well. To make things easier for me, I wrote a php class that encapsulates some of these functions (see attached). This class doesn't implement any of the group management features, but they would be easy to add.You can then use the class like this (if, for instance, you wanted to list the reservations for a particular user):$vcl = new VCL($userid, $password);if ($reservations = $vcl-getReservations()){ foreach ($reservations as $r){ print "p"; print "b{$r['imagename']}/b "; if ($status = $vcl-getRequestStatus($r['requestid'])){ switch ($status['status']){... } } print "/p"; }}The authentication piece is handed off to the appropriate affiliation function in the VCL code, so if you are using LDAP, the user's password would be verified in that way. Since we use Shibboleth with our VCL installation, the web application (neither the VCL nor any remote webapp) will know anything about what constitutes a valid password, so I ended up modifying the 'checkAccess()' function in .ht-inc/utils.php. If this is relevant for your installation, I can explain further how this is done.The remote API allows me, for instance, to embed the VCL inside other web applications (such as our campus learning management system), without requiring students to login to the main VCL site when they want to make and connect to their reservations.Best regards,Aaron?php class VCL { const VCLHOST = YOUR VCL HOST LOCATION HERE; public $errcode = 0; public $errmsg = ; public $message = ; private $username = ; private $password = ; public function __construct($username, $password){ $this-username = $username; $this-password = $password; } public function getImages(){ if($images = $this-rpc('XMLRPCgetImages', array())) if( count($images) ) return $images; return 0; } public function addReservation($imageid, $time, $duration){ if( $rc = $this-rpc('XMLRPCaddRequest', array($imageid, $time, $duration))){ $this-message = Successfully added reservation.; return 1; } else { return 0; } } public function extendReservation($id, $duration){ $this-reset(); if( $rc = $this-rpc(XMLRPCextendRequest, array($id, $duration))){ $this-message = Reservation successfully extended.; return 1; } else { return 0; } } public function deleteReservation($id){ $this-reset(); if( $rc = $this-rpc(XMLRPCendRequest, array($id))){ $this-message = Reservation successfully deleted.; return 1; } else { return 0; } } public function getRequestStatus($id){ $this-reset(); if( $rc = $this-rpc(XMLRPCgetRequestStatus, array($id))) return $rc; else return 0; } public function getConnectData($requestid, $remote_addr){ $this-reset(); if( $rc = $this-rpc(XMLRPCgetRequestConnectData, array($requestid, $remote_addr))){ if( $rc[status] == ready ){ return array( serverIP = $rc[serverIP], user = $rc[user], password = $rc[password] ); } else { $this-message = The connection is not yet ready.; } } return 0; } public function affiliations(){ $this-reset(); if($response = $this-rpc(XMLRPCaffiliations, array())){ if(count($response)){ return $response; } } return 0; } public function getReservations(){ $this-reset(); if($response = $this-rpc('XMLRPCgetRequestIds', array())) if( count( $response[requests] ) ) return $response[requests]; return 0; } private function reset(){ $this-errcode = 0; $this-errmsg = ; $this-message = ; } private function rpc($method, $args) { $request = xmlrpc_encode_request($method, $args); $header = Content-Type: text/xml\r\n; $header .= X-User: . $this-username . \r\n; $header .= X-Pass: . $this-password . \r\n; $header .= Cookie: . $_SERVER[HTTP_COOKIE] . \r\n; $header .= X-APIVERSION: 2; $context = stream_context_create( array( 'http' = array( 'method' = POST, 'header' = $header, 'content' = $request ) ) ); $location = ?mode= . ($method == XMLRPCaffiliations ?
Re: Linux base image on ESXi server?
Dmitri, If you go to the 'Computer Utilities' screen under manage computers, you will be able to change the computer's state. It sounds like you are trying to modify the state from the 'Edit Computer Information' page, which is not where that should be done. Aaron -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College On Nov 3, 2011, at 10:32 AM, Dmitri Chebotarov wrote: Hi After some progress yesterday I still got an error while creating an image. The error was: ... 2011-11-02 13:40:38|6392|14:3|image|vSphere_SDK.pm:_get_file_info(2005)|searching for matching file paths: base directory path: '[datastore1] vmwarelinux-238-v0', search pattern: 'vmwarelinux-238-v0.vmdk' 2011-11-02 13:40:40|6392|14:3|image|vSphere_SDK.pm:_get_file_info(2016)|base directory does not exist: '[datastore1] vmwarelinux-238-v0' 2011-11-02 13:40:40|6392|14:3|image|vSphere_SDK.pm:find_files(1753)|matching file count: 0 2011-11-02 13:40:40|6392|14:3|image|vSphere_SDK.pm:file_exists(1625)|file does not exist: [datastore1] vmwarelinux-238-v0/vmwarelinux-238-v0.vmdk 2011-11-02 13:40:40|6392|14:3|image|VMware.pm:does_image_exist(3915)|image does not exist in the non-persistent directory on the VM host |6392|14:3|image| WARNING |6392|14:3|image| 2011-11-02 13:40:40|6392|14:3|image|VMware.pm:_get_datastore_name(5848)|unable to determine datastore name from path: '/vclfile', path does not begin with any of the datastore paths: |6392|14:3|image| '[datastore1]' |6392|14:3|image| '/vmfs/volumes/datastore1' |6392|14:3|image| '/vmfs/volumes/4e72606b-01b8dc93-5cdb-0023aeae26d2' ... I'll figure out how to fix it, but have a related questions. Creating the image failed and during the process vm-00 was put in 'maintains' mode (stateid=10) and it stays in this mode after failure. It's not possible to change the mode to 'available' (get the message - Virtual machines can only be added in the maintenance state.) via web portal. Looks like I need to re-add vm-00 (have to use 'Add multiple' option) or to change stateid value in vcl.computer : UPDATE `vcl`.`computer` SET `stateid` = '2' WHERE `computer`.`id` =36 Is it OK to do it this way? Or am I missing something? Thanks. On Wed, Nov 2, 2011 at 4:50 PM, Dmitri Chebotarov 4dim...@gmail.com wrote: Hi I got some progress on this issue. I tried to run vmware-cmd from vcl-server and got the same error - Server version unavailable at , which could mean SSL certificate is missing. Then found this post http://communities.vmware.com/message/1347703 and added these two lines to /usr/local/vcl/lib/VCL/Module/Provisioning/VMware/vSphere_SDK.pm after line 62 $ENV{SSL_verify_mode} = 0x00; $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0; This change allowed image creation to start successfully. VCLD connects to ESXi server OK and gets server version. It doesn't use ssh keys from /etc/vcl/vcl.key, but username/password configured in the profile. Thanks. On Wed, Nov 2, 2011 at 3:45 PM, Dmitri Chebotarov 4dim...@gmail.com wrote: Hello Got this link from one of the posts on this elist - https://sites.google.com/a/ncsu.edu/vcl-bootcamp/. I hope it helps me understand the VCL better... Can you recommend anything else to read about Apache VCL, besides https://cwiki.apache.org/VCL/ ? Thanks. On Tue, Nov 1, 2011 at 1:22 PM, Dmitri Chebotarov 4dim...@gmail.com wrote: Hi All I'm stuck on creating a base image (Linux) for newly deployed Apache VCL system and looking for help... This is the closes I got so far to a working system. I'm using ESXi 4.1 (60 days evaluation), ssh is enabled, ESXi server name is esxiServer01, added to the host file on VCL management server. Linux server being imaged is vm-00 running on esxiServer01. Added to the host file as well on VCL server. I can ping both and ssh -i key host works. Below is the full log for the process. These lines puzzle me: 2011-11-01 08:40:59|16965|20:20|image|OS.pm:is_ssh_responding(405)|esxiServer01 is NOT responding to SSH, SSH command failed, port 22: open, port 24: closed 2011-11-01 08:40:59|16965|20:20|image|VMware.pm:initialize(257)|unable to control OS of VM host esxiServer01 using VCL::Module::OS::Linux::UnixLab OS object because VM host is not responding to SSH since I can ping the VM host and 'ssh -i /etc/vcl/vcl.key esxiServer01' works fine. Also all http(s) links work fine when I access them from management server. Is there a way to create and register images manually? Can I use Veeam FastSCP or similar software to copy VMs to VCL server and register them? If there is way to do so, anyone has a link? I would appreciate any help. Thank you. Here is the full log file for the imaging process: VCL::image object could not be created and initialized time: 2011-11-01
Re: Base Image creation - problems - PLEASE HELP
Evelio, in our VCL setup and according to the docs on this page: https://cwiki.apache.org/confluence/display/VCL/Create+a+Windows+Base+Image you may want to try configuring your base image to use NIC 1 for the private network and NIC 2 for the public network. The sshd configuration script that you ran on your base image typically closes ssh access over the public network, but if the two networks are switched, you may have inadvertently cut off access over the private network. Aaron -- Aaron Coburn Systems Administrator and Programmer Academic Technology Services, Amherst College (413) 542-5451 acob...@amherst.edu On Nov 2, 2011, at 4:09 PM, Evelio Quiros wrote: Hello, Ok, I'm stumped. I continue to have issues creating a base image on our vcl setup. Here is my info: I have a single server running web, management node, and database. It has two interfaces, one on our private network, another on our public net. I have a single Vmware server, also with two interfaces. One interface, switch 0, is on our public net. It also has the VM management net. Another interface, switch 1, is on our private net. Each of these switches is labeled the same as in the Management node config. When I create the base image to capture, I create eth0 (nic1) on the public network, then I create eth1 (nic2) on the private network. I set them both to dhcp, and the dhcp server on the VCL server responds and gives it an address of an image in my database. I set the ssh key in the new image. I set the image in /etc/hosts so that the server can resolve it. I set the vcld to capture the image, It begins and copies the image to the management node directory, It deletes the image from the Vmware server, and re-creates the image All well and good. but then : When the recreated image comes up, The OTHER interface begins asking the dhcp server for addresses in the public network. The dhcp server denies it as non-authoritative, and the private interface never comes up. Even though it was able to dhcp previously. The image creation completes successfully, but the newly created image cannot connect to the vcl server. So, I eventually get a failure message from VCL. WHAT GIVES ??? Here is my error email: reservation failed on image6: process failed after trying to load or make available time: 2011-11-02 16:05:30 caller: State.pm:reservation_failed(213) ( 0) State.pm, reservation_failed (line: 213) (-1) new.pm, process (line: 298) (-2) vcld, make_new_child (line: 568) (-3) vcld, main (line: 346) management node: vcltst.fiu.edu reservation PID: 29777 parent vcld PID: 23341 request ID: 11 reservation ID: 11 request state/laststate: reload/image request start time: 2011-11-02 15:53:56 request end time: 2011-11-02 16:23:56 for imaging: no log ID: none computer: image6 computer id: 7 computer type: virtualmachine computer eth0 MAC address: 00:50:56:00:10:0a computer eth1 MAC address: 00:50:56:00:10:0b computer private IP address: 10.0.0.9 computer public IP address: 10.106.128.59 computer in block allocation: no provisioning module: VCL::Module::Provisioning::VMware::VMware vm host: vcldell01 vm host ID: 1 vm host computer ID: 1 vm profile: VMware ESX - local storage vm profile VM path: /vmfs/volumes/datastore1 vm profile repository path: /images vm profile datastore path: /vmfs/volumes/datastore1 vm profile disk type: localdisk image: vmwarelinux-redhatbase10-v0 image display name: redhatbase image ID: 10 image revision ID: 10 image size: 16384 MB use Sysprep: yes root access: yes image owner ID: 1 image owner affiliation: Local image revision date created: 2011-11-02 15:51:12 image revision production: yes OS module: VCL::Module::OS::Linux user: vclreload user name: vcl reload user ID: 2 user affiliation: Local RECENT LOG ENTRIES FOR THIS PROCESS: 2011-11-02 16:01:20|29777|11:11|reload|OS.pm:is_ssh_responding(386)|image6 is NOT responding to SSH, ports 22 or 24 are both closed 2011-11-02 16:01:20|29777|11:11|reload|Module.pm:code_loop_timeout(755)|attempt 24: code returned false, seconds elapsed/remaining: 360/240, sleeping for 15 seconds 2011-11-02 16:01:35|29777|11:11|reload|Module.pm:code_loop_timeout(759)|attempt 25: waiting for image6 to respond to SSH 2011-11-02 16:01:35|29777|11:11|reload|OS.pm:is_ssh_responding(386)|image6 is NOT responding to SSH, ports 22 or 24 are both closed 2011-11-02 16:01:35|29777|11:11|reload|Module.pm:code_loop_timeout(755)|attempt 25: code returned false, seconds elapsed/remaining: 375/225, sleeping for 15 seconds 2011-11-02 16:01:50|29777|11:11|reload|Module.pm:code_loop_timeout(759)|attempt 26: waiting for image6 to respond to SSH
Re: Base Image creation error - VMware host config
Al, if you plan to use the vSphere API, then you will need to install the vSphere SDK for Perl separately. The perl modules are available here -- just make sure that you download the release that matches your vCenter version. http://www.vmware.com/support/developer/viperltoolkit/ Aaron Coburn On Oct 25, 2011, at 10:03 AM, Evelio Quiros wrote: Thanks again Aaron. It seems we are taking baby steps here. Ok, next issue: When I click Configure Host in the vcl web interface, nothing happens. My Vmware server is listed there. It is in vmhostinuse state. I noticed some complaints below about the Vsphere perl module not being installed. I thought that was done in the install_perl_libraries script. Thanks again for all your help. Al Quiros On 10/25/11 9:43 AM, Aaron Peeler fapee...@ncsu.edu wrote: In the log output your missing the vmhost information. Make sure your vm host server have a correctly configured vmhost profile and you have assigned your vms to the virtual host server by using the Virtual Host interface. https://cwiki.apache.org/confluence/display/VCL/VCL+2.2.1+-+Further+Steps+ if+Using+VMware https://cwiki.apache.org/confluence/display/VCL/VMware+Configuration I'm not seeing the virtual host interface mentioned directly in the vcl 2.2.1 install guide. I'll added that to the first link. Here is a link from a bootcamp that you can review this morning while I work on adding the content to Apache VCL: https://sites.google.com/a/ncsu.edu/vcl-bootcamp/exercises/assign-a-vm-to- a-virtual-host Aaron On Tue, Oct 25, 2011 at 9:19 AM, Evelio Quiros evq...@fiu.edu wrote: Thank you Aaron. Ok, now it can resolve the name redhat64base to the private IP address 10.0.0.2. I tried to add the base image as the name linux64. It resides in the database as redhat64base, with the public IP of 10.106.128.53, and set as available. I'm not sure what this error message is telling meŠ VCL::image object could not be created and initialized time: 2011-10-25 09:30:44 caller: vcld:make_new_child(571) ( 0) vcld, make_new_child (line: 571) (-1) vcld, main (line: 346) management node: vcltst.fiu.edu reservation PID: 31318 parent vcld PID: 15838 request ID: 4 reservation ID: 4 request state/laststate: image/image request start time: 2011-10-25 09:30:37 request end time: 2011-10-25 10:30:37 for imaging: no log ID: none computer: redhat64base computer id: 12 computer type: blade computer eth0 MAC address: undefined computer eth1 MAC address: undefined computer private IP address: 10.0.0.2 computer public IP address: 10.106.128.53 computer in block allocation: no provisioning module: VCL::Module::Provisioning::VMware::VMware image: vmwarelinux-linux6414-v0 image display name: linux64 image ID: 14 image revision ID: 8 image size: 1450 MB use Sysprep: yes root access: yes image owner ID: 1 image owner affiliation: Local image revision date created: 2011-10-25 09:30:37 image revision production: yes OS module: VCL::Module::OS::Linux user: admin user name: vcl admin user ID: 1 user affiliation: Local RECENT LOG ENTRIES FOR THIS PROCESS: 2011-10-25 09:30:43|31318|4:4|image|VMware.pm:get_vmhost_api_object(1293)|attempting to load VMware control module: VCL::Module::Provisioning::VMware::vSphere_SDK 2011-10-25 09:30:43|31318|4:4|image|VMware.pm:get_vmhost_api_object(1299)|loaded VMware control module: VCL::Module::Provisioning::VMware::vSphere_SDK 2011-10-25 09:30:43|31318|4:4|image|Module.pm:new(172)|set 'vmhost_data' key for VCL::Module::Provisioning::VMware::vSphere_SDK object from arguments 2011-10-25 09:30:43|31318|4:4|image|Module.pm:new(172)|set 'vmhost_os' key for VCL::Module::Provisioning::VMware::vSphere_SDK object from arguments 2011-10-25 09:30:43|31318|4:4|image|Module.pm:create_mn_os_object(335)|management node OS object has already been created, address: 21956b8, returning 1 2011-10-25 09:30:43|31318|4:4|image|Module.pm:new(200)|VCL::Module::Provisioning::VM wa re::vSphere_SDK object created for computer redhat64base, address: 21e6980 2011-10-25 09:30:43|31318|4:4|image|vSphere_SDK.pm:initialize(1826)|vSphere SDK for Perl does not appear to be installed on this managment node, unable to load VMware vSphere SDK Perl modules 2011-10-25 09:30:43|31318|4:4|image|VMware.pm:get_vmhost_api_object(1313)|API object could not be created: VCL::Module::Provisioning::VMware::vSphere_SDK |31318|4:4|image| WARNING |31318|4:4|image| 2011-10-25 09:30:43|31318|4:4|image|DataStructure.pm:_automethod(812)|corresponding data has not been initialized for get_vmhost_computer_id: $self-request_data-{reservation}{4}{computer}{vmhost}{computerid} |31318|4:4|image| ( 0
Re: $_SERVER variables for use in Shibauth
Yanik, you should start by making sure that apache is configured to enable shibboleth authentication on the shibauth directory. For example: Location /shibauth AuthType shibboleth ShibRequestSetting requireSession 1 require valid-user /Location On Oct 14, 2011, at 12:54 PM, Yannick Charbonneau wrote: Thanks, I added at the top of shibauth/index.php (for debug purposes); mail(ERROREMAIL, DEBUG EMAIL, $_SERVER['SERVER_NAME'], '', $mailParams); and I get the correct value in an email sent to admin. But, again when I put; mail(ERROREMAIL, DEBUG EMAIL, $_SERVER[‘mail’], '', $mailParams); I get an empty email. So it looks like shibauth/index.php is getting some, but not all variables. I’m not sure if this is a vcl, php, apache or shib issue. Thanks for your help. Yanik From: Aaron Coburn [mailto:acob...@amherst.edu] Sent: Friday, October 14, 2011 12:46 PM To: vcl-user@incubator.apache.org Subject: Re: $_SERVER variables for use in Shibauth Yanik, what you describe is correct regarding how eppn is split on the @ character. It is possible to modify the shibauth/index.php script to use just $_SERVER['mail']; you will need to make a good number of modifications throughout the file, though. But I would really recommend asking the admin of your IdP to release the appropriate set of attributes to the SP running the VCL. That includes at a minimum: eppn, affiliation and mail, plus either sn and givenName or displayName. The IdP admin should be able to set up an AttributeFilterPolicy specifically for your application so it won't affect which attributes are released to any other SP. I would also be cautious about using the mail value in place of eppn -- at our institution, at least, I cannot rely on any necessary correspondence between the two (even though in most cases they are equivalent). Aaron On Oct 14, 2011, at 11:50 AM, Yannick Charbonneau wrote: Thanks. Here is what I’m trying to do; (I know, it’s ugly) Our IDP doesn’t return eppn, but returns “mail” (email address of authenticated user). I’ve modified the code (shibauth/index.php) to use $_SERVER[‘mail’] as opposed to $_SERVER[‘eppn’]. This is the only value I’m trying to get in shibauth/index.php, if I understand the code, it splits eppn in 2 using the @ and puts the first part in $username before inserting into user table. I get users with names of “@”, which causes all sorts of problems. My test php script displays $_SERVER[‘mail’] with the correct value in it, however, vcl does NOT appear to get this value. Yanik From: Aaron Coburn [mailto:acob...@amherst.edu] Sent: Friday, October 14, 2011 11:42 AM To: vcl-user@incubator.apache.org Subject: Re: $_SERVER variables for use in Shibauth Yanik, the shib-related $_SERVER vars will be empty outside the shib-protected directory (/shibauth). Are they empty in the /shibauth directory, too (i.e. the same directory you put your test PHP page)? Aaron On Oct 14, 2011, at 11:34 AM, Yannick Charbonneau wrote: Hi All, Still working on my Shibboleth integration. For some unknown reason within vcl my $_SERVER variables are empty. I have a php test page which displays the values and I can see them. But within VCL, empty. Anybody seen this before? Thanks Yanik