PlanetLab Europe Management-Level Documentation Set

OneLab Operations Team

UPMC, INRIA

This document presents the PlanetLab Europe management-level documentation set. It aims to document the management processes for a PlanetLab system (such as PlanetLab Europe or a private PlanetLab) based on the OneLab build software. The processes described include installation, platform updates and upgrades, and support procedures. This documentation set will be available online and will be updated regularly as procedures are created, tuned or rendered obsolete. This is a first draft which can be divided roughly into two sections, technical documentation (chapters 1-12) and policies and procedures (chapters 13-16). The documentation has been produced through collaboration between technical and administrative staff, using XML Mind Editor software to develop a DocBook document. This book has been designed to be available in easy-to-print and use PDF format, and is now available to download and consult on the Internet.

This documentation is licensed under the Creative Commons Attribution 3.0 Unported License, see Appendix A for details.


Table of Contents
1. Remote hosting
1.1. How to access OVH
1.2. Creation and management of a virtual server
1.2.1. Xen virtual machine creation tutorial
1.2.2. VServer virtual machine creation tutorial
1.2.3. Obtain and assign IP address/ domain
2. SSL certificates
2.1. Installation of SSL certificates
2.2. How to obtain SSL certificates
2.2.1. Self-signed SSL certificates
2.2.2. Certificates from GeoTrust (http://www.geotrust.com)
2.2.3. Certificates from GoDaddy (http://www.godaddy.com)
2.3. How to renew SSL certificates
2.3.1. Renewal of self-signed certificates
2.3.2. Renewal of GeoTrust certificates
2.3.3. Renewal of GoDaddy certificates
2.4. Security considerations
3. Domain name server (DNS)
3.1. Install and configure primary DNS
3.1.1. Distribution-based information
3.1.2. Installation
3.1.3. Configuration
3.1.4. Further DNS modifications
3.1.5. Service setup
3.1.6. Security considerations
3.1.7. Restoring backup
3.2. Install and configure secondary DNS
3.2.1. Distribution-based information
3.2.2. Installation
3.2.3. Configuration
3.2.4. Further adjustments
3.2.5. Service setup
3.2.6. Restoring backup
4. Web server configuration
4.1. Create a virtual host
4.2. Install and configure an SSL certificate in a web browser
4.2.1. Distribution-based information
4.2.2. Installation
4.2.3. Configuration
4.2.4. Service setup
5. Mail system
5.1. SMTP service
5.1.1. Distribution-based information
5.1.2. Installation
5.1.3. Configuration
5.1.4. Further adjustments
5.1.5. Service setup
5.1.6. Security considerations
5.1.7. Restoring backup
5.2. Postgrey: greylisting
5.2.1. Distribution-based information
5.2.2. Installation
5.2.3. Configuration
5.2.4. Service setup
5.2.5. Update: whitelisting our partners
5.2.6. Security considerations
5.3. SpamAssassin anti-spam
5.3.1. Distribution-based information
5.3.2. Installation
5.3.3. Configuration
5.3.4. Service setup
5.3.5. Security considerations
5.4. Amavisd-new
5.4.1. Distribution-based information
5.4.2. Installation
5.4.3. Configuration
5.4.4. Further adjustments
5.4.5. Additional notes for use in Debian 4
5.4.6. Service setup
5.4.7. Security considerations
5.4.8. Restoring backup
5.5. Mailman
5.5.1. Distribution-based information
5.5.2. Installation
5.5.3. Configuration
5.5.4. Further adjustments
5.5.5. Service setup
5.5.6. Security considerations
5.5.7. Restoring backup
6. Database
6.1. PosgreSQL installation process
6.1.1. Distribution-based information
6.1.2. Installation
6.1.3. Configuration
6.1.4. Further adjustments
6.1.5. Service setup
7. Management tools
7.1. Request Tracker (RT) system
7.1.1. Linux distribution-based information
7.1.2. Installation
7.1.3. Configuration
7.1.4. Restoring backup
7.2. TWiki
7.2.1. Dependencies
7.2.2. Installation
7.2.3. Configuration
7.2.4. Security considerations
7.2.5. Service setup
7.2.6. Upgrades/ updates
7.2.7. Recovering backup
8. MyPLC Users Guide
8.1. Overview
8.2. Historical Notes
8.3. Requirements
8.4. Installing and using MyPLC
8.4.1. Locating a build.
8.4.2. Note on IP addressing
8.4.3. Setting up yum
8.4.4. Installing MyPLC
8.4.5. Preparing for upgrades
8.4.6. Quick start
8.4.7. Changing the configuration
8.4.8. Login as a real user
8.4.9. Installing nodes
8.4.10. Administering nodes
8.4.11. Creating a slice
8.4.12. Understanding the startup sequence
8.4.13. Files and directories involved in MyPLC
8.4.14. Debugging the node manager
8.4.15. Rebuilding and customizing MyPLC
8.5. Configuration variables
8.5.1. Category PLC
8.5.2. Category PLC_NET
8.5.3. Category PLC_DNS
8.5.4. Category PLC_MAIL
8.5.5. Category PLC_DB
8.5.6. Category PLC_API
8.5.7. Category PLC_WWW
8.5.8. Category PLC_BOOT
8.5.9. Category PLC_PLANETFLOW
8.6. Back up and restore MyPLC
9. OneLab tutorial
9.1. Introduction
9.2. Requirements
9.3. Virtualize
9.3.1. Virtual network
9.3.2. Virtual machines
9.4. Final setup and adjustments
10. Federation
10.1. MyPLC federation
10.1.1. GPG cryptographic material
10.1.2. Cyclic invocation
10.1.3. Exposing peering logs
10.1.4. Database entries
10.2. Slice Federation Architecture (SFA)
10.2.1. Introduction
10.2.2. Installation
10.2.3. Configuring SFI tools
11. Monitoring tools
11.1. Nagios monitor
11.1.1. Server
11.1.2. Client (NRPE)
11.1.3. Backup restore
11.2. Cacti monitor
11.2.1. Client installation
11.2.2. Server installation
11.2.3. Operating Cacti
11.2.4. Backup restore
11.3. MyOps monitor
11.3.1. Requirements
11.3.2. Installation
11.3.3. Backup restore
11.4. OneLab stats website
11.4.1. Prerequisites
11.4.2. Installation
11.4.3. Configuration
11.4.4. List of files
11.4.5. Backup restore
12. Backup service
12.1. Distribution-based information
12.2. Installation
12.2.1. Server installation
12.2.2. Host installation (adding a new host)
12.2.3. Backup scripts
13. PLE member management
13.1. Registration of a new PlanetLab Europe member
13.2. Site migration from PlanetLab Central to PlanetLab Europe
13.3. Triennial contract renewal
13.4. Annual PLE invoices
13.5. Violation of membership agreement
14. User relations
14.1. Follow-up
14.2. E-mail etiquette
14.3. Coordination between authorities
14.4. Acknowledgement
15. Node management
15.1. Node monitoring
15.1.1. Management of node problems
15.1.2. E-mail notifications about hardware problems
15.1.3. Additional e-mail notifications about errors during the boot process
15.1.4. What makes a node "offline" or "down"?
15.1.5. Overriding and interacting with MyOps
15.2. Response to node problems
15.3. Response to node incidents
16. Server management
16.1. Server monitoring
16.1.1. Cacti monitor
16.1.2. Nagios monitor
16.1.3. Cacti and Nagios collaborative analysis
16.1.4. Conclusion
16.2. Response to server problems
16.3. Response to server attack
16.4. Backup Policy
16.4.1. Server Topology
16.4.2. Host types
16.4.3. Retention time
A. Creative Commons Attribution 3.0 Unported License
A.1. License
List of Tables
3-1. Primary DNS on CentOS/Fedora
3-2. Primary DNS on Debian
3-3. Primary DNS equivalent CentOS and Debian configuration files:
3-4. Secondary DNS on CentOS
3-5. Secondary DNS on Debian
4-1. Virtual host on CentOS/Fedora
5-1. Postfix on CentOS
5-2. Postfix on Debian
5-3. Postgrey on CentOS
5-4. Postgrey on Debian
5-5. SpamAssassin on CentOS and Debian
5-6. Amavisd-new on CentOS
5-7. Amavisd-new on Debian
5-8. Mailman on CentOS and Debian
6-1. PostgreSQL on Fedora Core
6-2. PostgreSQL on Debian 4
7-1. RT3 on Fedora Core X
7-2. RT site and mail configurations (parameters and description)
7-3. RT database configurations
7-4. HTTP server configuration for RT
7-5. RT miscellaneous configurations
12-1. Backup host
12-2. Backup server
14-1. RT reminder notice system
15-1. Managing node problems
15-2. E-mail notifications, hardware problems
15-3. E-mail notifications, boot process errors
List of Figures
3-1. How to modify the OVH domain configuration
3-2. How to modify the OVH domain configuration
5-1. The global schema of the complete mail server
7-1. Request Tracker workflow
8-1. MyPLC architecture
9-1. Tutorial infrastructure
9-2. Virtualization schema
13-1. PlanetLab Europe "New site registration form"
15-1. A flowchart representing the response to node problems
15-2. A flowchart representing the response to node incidents
16-1. A flowchart for response to server problems procedure
16-2. A flowchart for response to server attack procedure
16-3. Schema of backup main messages and operations
List of Examples
13-1. E-mail notification - new site automated response
13-2. E-mail notification - info request to compete membership agreement
13-3. E-mail notification - request for Steering Committee verification
13-4. E-mail notification - Sending membership agreement to PI
13-5. E-mail notification - Installation request
13-6. E-mail notification - Registration complete
13-7. E-mail notification - first contact for migration/ renewal request
13-8. E-mail notification - Request for Steering Committee verification
13-9. E-mail notification - sending membership agreement to PI
13-10. E-mail notification - informing PLC Support of the migration
13-11. E-mail notification - activation of user accounts on PLE
13-12. E-mail notification - inform member that migration is complete
13-13. E-mail notification - annual update (confirmation of exemption from dues)
15-1. E-mail notification - PCU missing
15-2. E-mail notification - PCU error
15-3. E-mail notification - PCU failed
15-4. E-mail notification - increase penalty
15-5. E-mail notification - node online
15-6. E-mail notification - node down
15-7. E-mail notification - cleared penalty
15-8. E-mail notification - update boot image
15-9. E-mail notification - bad hard drive or boot image
15-10. E-mail notification - no block device
15-11. Example e-mail 15.1.11: Minimal hardware
15-12. E-mail notification - update node configuration
15-13. E-mail notification - bad DNS
15-14. E-mail notification - blocked ports