PlanetLab Europe Management-Level Documentation Set

OneLab Operations Team

UPMC, INRIA

This document presents the PlanetLab Europe management-level documentation set. It aims to document the management processes for a PlanetLab system (such as PlanetLab Europe or a private PlanetLab) based on the OneLab build software. The processes described include installation, platform updates and upgrades, and support procedures. This documentation set will be available online and will be updated regularly as procedures are created, tuned or rendered obsolete. This is a first draft which can be divided roughly into two sections, technical documentation (chapters 1-12) and policies and procedures (chapters 13-16). The documentation has been produced through collaboration between technical and administrative staff, using XML Mind Editor software to develop a DocBook document. This book has been designed to be available in easy-to-print and use PDF format, and is now available to download and consult on the Internet.

This documentation is licensed under the Creative Commons Attribution 3.0 Unported License, see Appendix A for details.

Table of Contents

1. Remote hosting

1.1. How to access OVH

1.2. Creation and management of a virtual server

1.2.1. Xen virtual machine creation tutorial
1.2.2. VServer virtual machine creation tutorial
1.2.3. Obtain and assign IP address/ domain

2. SSL certificates

2.1. Installation of SSL certificates

2.2. How to obtain SSL certificates

2.2.1. Self-signed SSL certificates
2.2.2. Certificates from GeoTrust (http://www.geotrust.com)
2.2.3. Certificates from GoDaddy (http://www.godaddy.com)

2.3. How to renew SSL certificates

2.3.1. Renewal of self-signed certificates
2.3.2. Renewal of GeoTrust certificates
2.3.3. Renewal of GoDaddy certificates

2.4. Security considerations

3. Domain name server (DNS)

3.1. Install and configure primary DNS

3.1.1. Distribution-based information
3.1.2. Installation
3.1.3. Configuration
3.1.4. Further DNS modifications
3.1.5. Service setup
3.1.6. Security considerations
3.1.7. Restoring backup

3.2. Install and configure secondary DNS

3.2.1. Distribution-based information
3.2.2. Installation
3.2.3. Configuration
3.2.4. Further adjustments
3.2.5. Service setup
3.2.6. Restoring backup

4. Web server configuration

4.1. Create a virtual host

4.2. Install and configure an SSL certificate in a web browser

4.2.1. Distribution-based information
4.2.2. Installation
4.2.3. Configuration
4.2.4. Service setup

5. Mail system

5.1. SMTP service

5.1.1. Distribution-based information
5.1.2. Installation
5.1.3. Configuration
5.1.4. Further adjustments
5.1.5. Service setup
5.1.6. Security considerations
5.1.7. Restoring backup

5.2. Postgrey: greylisting

5.2.1. Distribution-based information
5.2.2. Installation
5.2.3. Configuration
5.2.4. Service setup
5.2.5. Update: whitelisting our partners
5.2.6. Security considerations

5.3. SpamAssassin anti-spam

5.3.1. Distribution-based information
5.3.2. Installation
5.3.3. Configuration
5.3.4. Service setup
5.3.5. Security considerations

5.4. Amavisd-new

5.4.1. Distribution-based information
5.4.2. Installation
5.4.3. Configuration
5.4.4. Further adjustments
5.4.5. Additional notes for use in Debian 4
5.4.6. Service setup
5.4.7. Security considerations
5.4.8. Restoring backup

5.5. Mailman

5.5.1. Distribution-based information
5.5.2. Installation
5.5.3. Configuration
5.5.4. Further adjustments
5.5.5. Service setup
5.5.6. Security considerations
5.5.7. Restoring backup

6. Database

6.1. PosgreSQL installation process

6.1.1. Distribution-based information
6.1.2. Installation
6.1.3. Configuration
6.1.4. Further adjustments
6.1.5. Service setup

7. Management tools

7.1. Request Tracker (RT) system

7.1.1. Linux distribution-based information
7.1.2. Installation
7.1.3. Configuration
7.1.4. Restoring backup

7.2. TWiki

7.2.1. Dependencies
7.2.2. Installation
7.2.3. Configuration
7.2.4. Security considerations
7.2.5. Service setup
7.2.6. Upgrades/ updates
7.2.7. Recovering backup

8. MyPLC Users Guide

8.1. Overview

8.2. Historical Notes

8.3. Requirements

8.4. Installing and using MyPLC

8.4.1. Locating a build.
8.4.2. Note on IP addressing
8.4.3. Setting up yum
8.4.4. Installing MyPLC
8.4.5. Preparing for upgrades
8.4.6. Quick start
8.4.7. Changing the configuration
8.4.8. Login as a real user
8.4.9. Installing nodes
8.4.10. Administering nodes
8.4.11. Creating a slice
8.4.12. Understanding the startup sequence
8.4.13. Files and directories involved in MyPLC
8.4.14. Debugging the node manager
8.4.15. Rebuilding and customizing MyPLC

8.5. Configuration variables

8.5.1. Category PLC
8.5.2. Category PLC_NET
8.5.3. Category PLC_DNS
8.5.4. Category PLC_MAIL
8.5.5. Category PLC_DB
8.5.6. Category PLC_API
8.5.7. Category PLC_WWW
8.5.8. Category PLC_BOOT
8.5.9. Category PLC_PLANETFLOW

8.6. Back up and restore MyPLC

9. OneLab tutorial

9.1. Introduction

9.2. Requirements

9.3. Virtualize

9.3.1. Virtual network
9.3.2. Virtual machines

9.4. Final setup and adjustments

10. Federation

10.1. MyPLC federation

10.1.1. GPG cryptographic material
10.1.2. Cyclic invocation
10.1.3. Exposing peering logs
10.1.4. Database entries

10.2. Slice Federation Architecture (SFA)

10.2.1. Introduction
10.2.2. Installation
10.2.3. Configuring SFI tools

11. Monitoring tools

11.1. Nagios monitor

11.1.1. Server
11.1.2. Client (NRPE)
11.1.3. Backup restore

11.2. Cacti monitor

11.2.1. Client installation
11.2.2. Server installation
11.2.3. Operating Cacti
11.2.4. Backup restore

11.3. MyOps monitor

11.3.1. Requirements
11.3.2. Installation
11.3.3. Backup restore

11.4. OneLab stats website

11.4.1. Prerequisites
11.4.2. Installation
11.4.3. Configuration
11.4.4. List of files
11.4.5. Backup restore

12. Backup service

12.1. Distribution-based information

12.2. Installation

12.2.1. Server installation
12.2.2. Host installation (adding a new host)
12.2.3. Backup scripts

13. PLE member management

13.1. Registration of a new PlanetLab Europe member
13.2. Site migration from PlanetLab Central to PlanetLab Europe
13.3. Triennial contract renewal
13.4. Annual PLE invoices
13.5. Violation of membership agreement

14. User relations

14.1. Follow-up
14.2. E-mail etiquette
14.3. Coordination between authorities
14.4. Acknowledgement

15. Node management

15.1. Node monitoring

15.1.1. Management of node problems
15.1.2. E-mail notifications about hardware problems
15.1.3. Additional e-mail notifications about errors during the boot process
15.1.4. What makes a node "offline" or "down"?
15.1.5. Overriding and interacting with MyOps

15.2. Response to node problems

15.3. Response to node incidents

16. Server management

16.1. Server monitoring

16.1.1. Cacti monitor
16.1.2. Nagios monitor
16.1.3. Cacti and Nagios collaborative analysis
16.1.4. Conclusion

16.2. Response to server problems

16.3. Response to server attack

16.4. Backup Policy

16.4.1. Server Topology
16.4.2. Host types
16.4.3. Retention time

A. Creative Commons Attribution 3.0 Unported License

A.1. License

List of Tables
3-1. Primary DNS on CentOS/Fedora
3-2. Primary DNS on Debian
3-3. Primary DNS equivalent CentOS and Debian configuration files:
3-4. Secondary DNS on CentOS
3-5. Secondary DNS on Debian
4-1. Virtual host on CentOS/Fedora
5-1. Postfix on CentOS
5-2. Postfix on Debian
5-3. Postgrey on CentOS
5-4. Postgrey on Debian
5-5. SpamAssassin on CentOS and Debian
5-6. Amavisd-new on CentOS
5-7. Amavisd-new on Debian
5-8. Mailman on CentOS and Debian
6-1. PostgreSQL on Fedora Core
6-2. PostgreSQL on Debian 4
7-1. RT3 on Fedora Core X
7-2. RT site and mail configurations (parameters and description)
7-3. RT database configurations
7-4. HTTP server configuration for RT
7-5. RT miscellaneous configurations
12-1. Backup host
12-2. Backup server
14-1. RT reminder notice system
15-1. Managing node problems
15-2. E-mail notifications, hardware problems
15-3. E-mail notifications, boot process errors

List of Figures
3-1. How to modify the OVH domain configuration
3-2. How to modify the OVH domain configuration
5-1. The global schema of the complete mail server
7-1. Request Tracker workﬂow
8-1. MyPLC architecture
9-1. Tutorial infrastructure
9-2. Virtualization schema
13-1. PlanetLab Europe "New site registration form"

List of Examples
13-1. E-mail notification - new site automated response
13-2. E-mail notification - info request to compete membership agreement
13-3. E-mail notification - request for Steering Committee verification
13-4. E-mail notification - Sending membership agreement to PI
13-5. E-mail notification - Installation request
13-6. E-mail notification - Registration complete
13-7. E-mail notification - first contact for migration/ renewal request
13-8. E-mail notification - Request for Steering Committee verification
13-9. E-mail notification - sending membership agreement to PI
13-10. E-mail notification - informing PLC Support of the migration
13-11. E-mail notification - activation of user accounts on PLE
13-12. E-mail notification - inform member that migration is complete
13-13. E-mail notification - annual update (confirmation of exemption from dues)
15-1. E-mail notification - PCU missing
15-2. E-mail notification - PCU error
15-3. E-mail notification - PCU failed
15-4. E-mail notification - increase penalty
15-5. E-mail notification - node online
15-6. E-mail notification - node down
15-7. E-mail notification - cleared penalty
15-8. E-mail notification - update boot image
15-9. E-mail notification - bad hard drive or boot image
15-10. E-mail notification - no block device
15-11. Example e-mail 15.1.11: Minimal hardware
15-12. E-mail notification - update node configuration
15-13. E-mail notification - bad DNS
15-14. E-mail notification - blocked ports

		Next
		Remote hosting