NEP52 Shared Software Repository

Overview

If you just want to use Shared Software Repository Service skip to the Shared Software Repository Test Drive section below.

VMs running on clouds often need access to relatively large static software applications (typically Gigabytes). This is especially true with large scientific and technical packages. Often only a tiny fraction of the binary files in a large software package are actually accessed, however all those files must be present in order for the application to be useful. When running a large number of VM this software is copied, transported over a network, and unpacked many times. In addition, a small change in a software package necessitates the creation of a new version of a multi-gigabyte VM image. This type of problem is usually solved via some type of network file system, typically NFS. NFS and most other network file systems assume that the machine mounting the file system can be trusted, and also do not work efficiently over long latency network connections. Most network file systems are also not designed to work at Web Scale. In order to address this problem the CERN Virtual Machine File System (CVMFS) was created by CERN.

CVMFS presents a remote HTTP directory as a local file system, in which the client has read access to all available files. On its first access request, a file is downloaded and cached locally. All downloaded pieces are verified with SHA-1. This RPI Software Repository service makes this file system available as a service bootable on the DAIR cloud. The figure below shows the relationship between the components.

Shared Software Repository Test Drive

You can use the software provided in this RPI project to easily distribute software on demand to virtual machines. The following examples will allow you to test drive this functionality quickly. In summary:

• "Running the sample application" will have you launch an instance of the CVMFS server image (NEP52-cvmfs-server) and an instance of an interactive client (NEP52-interactive-cvmfs-client). You will then log into the client VM, point it at your CVMFS instance and run the sample application. * To retrieve your EC2_ACCESS_KEY and EC2_SECRET_KEY from the Openstack dashboard.
• " Customizing the software repository" will have you create and publish a second sample application within the software repository. Subsequently, you will execute the new application from the interactive client.

In order to try the Shared Software Repository Test Drive, you will need the following:

• A DAIR login ID with a large enough quota to run the two concurrent demonstration instances. If you do not have a DAIR login ID, you may request an account by sending email to dair.admin@canarie.ca
• To create your own keypair and save the pem file locally (see the Openstack dashboard/documentation).

Preparation

The NEP52 Shared Software Repository service and the related NEP52 Batch Services service make use of the network and require specific ports to be open. These ports must be added to your OpenStack default security group by logging into the OpenStack dashboard, selecting the "Access & Security" tab and clicking "Edit Rules" beside the default security group. Use the "Add Rule" dialog at the bottom of the form and ensure that all the ports shown in the figure below are included before proceeding with the test drive:

Running the sample application

Login into the DAIR OpenStack Dashboard: https://nova-ab.dair-atir.canarie.ca . Select the alberta region. Refer to the OpenStack docs for all the details of booting and managing VMs via the dashboard.

Go to the 'Images and Snapshot' tab on the left of the page then click the button that says 'Launch' next to the NEP52-cvmfs-server image.

Fill in the form to look the same as the screen shot below substituting your username wherever you see the string "hepnet".

Next, you need to select your SSH key to associate with the instance so that you can login to the image. Click the access and security tab, pick your key, click "launch" (see screen shot below) and wait for the instance to become active.

Now associate a floating IP to the machine. Click on the instances tab on the left. From the "Actions" beside your newly started CVMFS server instance, choose "Associate Floating IP", complete the dialog and click "Associate" (we will use the IP address "208.75.74.18" for the CVMFS server).

Step 2: Launch an interactive client

Using the same procedure as for the CVMFS server image, launch an instance of NEP52-interactive-cvmfs-client. You may set the instance name to anything you like, but you must assign your keypair and associate a floating IP to the instance (we will use the IP address "208.75.74.84" for the interactive client).

Step 3: Log into the interactive client and run the sample application

Log into the interactive client and point it to the CVMFS server (again, substitute your username wherever you see the string "hepnet". ):

%STARTCONSOLE% ssh -i ~/.ssh/MyKey.pem root@208.75.74.84 PointToCVMFS hepnet %ENDCONSOLE%

Now switch to the guest account, list and run the application:

%STARTCONSOLE% su - guest ls -l /cvmfs/dair.cvmfs.server/* /cvmfs/dair.cvmfs.server/Hello %ENDCONSOLE%

N.B. The /cvmfs directory will be empty until you force CVMFS to populate it with either the "list" or the "Hello" commands as given above.

Adding an application to the CVMFS server

In this section we will show you how to modify the CVMFS server to distribute your own software.

Step 1: Log into the CVMFS server and create a second demonstration application

Log into the CVMS server, switch to the distributed software directory, and copy the "Hello" bash script to the file "Goodbye". Then edit the "Goodbye" script to echo a different message.

%STARTCONSOLE% ssh -i ~/.ssh/MyKey.pem root@208.75.74.18 cd /cvmfs/dair.cvmfs.server cp Hello Goodbye vi Goodbye %ENDCONSOLE%

When you have saved your changes to the Goodbye script, publish your newly changed script to the world via CVMFS:

%STARTCONSOLE% chown -R cvmfs.cvmfs /cvmfs/dair.cvmfs.server cvmfs-sync cvmfs_server publish %ENDCONSOLE%

Step 2: Use the interactive client to run the new application

If you are still logged into the interactive client as "guest", use the "PointToCVMFS" command to restart then CVMFS client and then list and run the new application (again, make sure you substitute your username wherever you see the string "hepnet". ):

%STARTCONSOLE% sudo /usr/local/bin/PointToCVMFS hepnet ls -l /cvmfs/dair.cvmfs.server/* /cvmfs/dair.cvmfs.server/Goodbye %ENDCONSOLE%

Otherwise, if you are not still logged into the interactive client, log in, restart the CVMFS client, switch to the guest account, and run the newly created application:

%STARTCONSOLE% ssh -i ~/.ssh/MyKey.pem root@208.75.74.84 PointToCVMFS hepnet su - guest ls -l /cvmfs/dair.cvmfs.server/* /cvmfs/dair.cvmfs.server/Goodbye %ENDCONSOLE%

Take snapshots of your customized images

If you followed all the steps above you have customized versions of the CVMFS server and the Interactve CVMFS client running. You can now use the OpenStack dashboard to snapshot these servers to save yourself the work of customizing them again.

• cvmfs_diagram.png:
  

Using the Software Repository, server and client, on private clouds

If you would like to use the Software Repository virtual machines on your own private cloud, you may retrieve the VM images from the DAIR repository for installation in your cloud's repository. DAIR is an OpenStack cloud with the Glance image repository. Assuming your private cloud is also an OpenStack cloud with a Glance repository, the process for copying the image from DAIR to your own repository would be:

• On a convenient workstation:
  • Install the glance client (eg. yum install python-glanceclient, apt-get install python-glanceclient, etc.).
  • Log into the DAIR cloud and download the RC file (ie. Settings->!OpenStack API->Download RC File).
  • Source the DAIR RC file (eg. source openrc-alberta.sh).
  • Download the image to your workstation, eg:
    • glance image-list
    • glance image-download --file {image-name-on-workstation} {image-ID-from-list-on-DAIR}
  • Log into your private cloud and download the RC file (ie. Settings->!OpenStack API->Download RC File).
  • Source your cloud's RC file (eg. source openrc-yourcloud.sh).
  • Upload the image to your private cloud, eg:
    • glance image-create --file {image-name-on-workstation} --name {image-name-on-your-cloud} --disk-format qcow2 --container-format bare