Document Title: AutoBAHN System Deployment Guidelines SA2 Task5 Release 1.0.4
Document Title: AutoBAHN Cookbook for GEANT BoD
Document Details
Activity: / SA3Work Item: / Task1
Nature of Deliverable: / O
Author: / Kostas Stamos, Kim Kramaric
Dissemination: / PP (Project Participants)
Page 2
Document Title: AutoBAHN Cookbook for GEANT BoD
Table of Contents
Introduction 2
1 Setup cNIS 2
1.1 Install Java 3
1.2 Install Apache Tomcat 3
1.3 Install PostgreSQL 4
1.4 Create cNIS database 4
1.5 Install cNIS 4
1.6 Setup network topology in cNIS 5
1.6.1 Adding the connections to the external domains 5
1.6.2 Connections to end points 6
1.6.3 Multiple links attached to a single port 6
2 Setup AutoBAHN 6
2.1 Install NTP 7
2.2 Install Java 7
2.3 Install PostgreSQL 7
2.4 Create AutoBAHN database 7
2.5 Install AutoBAHN 7
2.6 Configure AutoBAHN 7
autobahn.properties (Configuration of general AutoBAHN parameters) 7
2.7 Configure TLS 8
3 How to start and shutdown AutoBAHN 8
4 Verify your installation is complete 9
5 Upgrading AutoBAHN 9
5.1.1 Using APT 9
5.1.2 Manually 9
Introduction
This is a Quick Start document for NRENs wishing to deploy AutoBAHN in order to take part in the GEANT BoD service. Detailed explanations and configuration options (in case the options described here do not apply to your case) are contained in the AutoBAHN installation guide. This document is exclusively geared towards setting up a domain for participation in the GEANT BoD service.
The following image presents an overview of the BoD service. Using this guide you will be setting up one of the Single AutoBAHN instances (grey box). GEANT (Dante) hosts a Topology Service (green box) and a BoD Portal (Web GUI orange box).
The guide also assumes that AutoBAHN installation takes place on a Debian system. If another Linux distribution is used, some Linux commands may have to be modified accordingly.
1 Setup cNIS
The Common Network Information Service (cNIS) is a tool that provides a unified repository of all relevant network information about a single administrative domain. It is used by AutoBAHN as the module that stores and fetches network topology information. Therefore, network topology of your domain (including links connecting with neighbouring domains) should be stored in cNIS which will then be retrieved by AutoBAHN.
The machine hosting cNIS is recommended to have 1GHz or faster processor, at least 2GB of memory and at least 5GB hard disk space.
Here are the main steps that need to be done:
· Install Java
· Install Apache Tomcat
· Install PostgreSQL
· Create cNIS database
· Install cNIS
· Setup network topology in cNIS
1.1 Install Java
Download Java 1.7. You may use either your preferred package manager (such as apt-get) or directly download and install it from Oracle/Sun website following the instructions there. Because of Oracle licensing restrictions you may first have to add a repository before being able to install Java 1.7.
Ubuntu/Debian Linux tip: In order to see if a package is currently known by your apt-get repository run:apt-cache search <package name>
For example,
apt-cache search java7
Below some examples are given, but situation may change in the future, so consult your distribution documentation.
For an Ubuntu system you may need to run:
add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java7-installer
For a Debian system you may need to run:
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu precise main" | tee -a /etc/apt/sources.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu precise main" | tee -a /etc/apt/sources.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EEA14886
apt-get update
apt-get install oracle-java7-installer
apt-get install oracle-java7-set-default
1.2 Install Apache Tomcat
Download Apache Tomcat 6 (http://tomcat.apache.org/download-60.cgi).
On a Debian / Ubuntu system you may run:
apt-get install tomcat6
Run the following command to increase Tomcat memory allocation:
export JAVA_OPTS="$JAVA_OPTS -Xmx512M -XX:PermSize=128M"
1.3 Install PostgreSQL
Install PostgreSQL 8.x or higher (You can download the latest release from http://www.postgresql.org/ and follow the installation instructions from the documentation, e.g. for Debian http://www.postgresql.org/download/linux/debian/).
For example, in a Debian / Ubuntu system you may run (https://wiki.postgresql.org/wiki/Apt):
echo " deb http://apt.postgresql.org/pub/repos/apt/ wheezy-pgdg main" | tee -a /etc/apt/sources.list.d/pgdg.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
apt-get update
apt-get upgrade
apt-get install postgresql-9.3 pgadmin3
Make sure that local access to the database is allowed (e.g. you can connect to PostgreSQL by running psql). In order to do that, you can perform the following steps:
/etc/init.d/postgresql start
Then try to connect to the database to make sure that local access has been opened. In order to connect you have to be a user that is registered in the database. So connect as the default user (postgres) user, for example by running:
su postgres
psql
To exit psql use the following command:
\q
1.4 Create cNIS database
Perform the following steps to connect to PostgreSQL and create a cnis database owned by cnis user:
su postgres
psql
postgres=# create user cnis with password ‘cnis’;
postgres=# create database cnis with owner cnis;
postgres=# \q
Finally, verify that the database was created by checking the output of the command:
psql -l
1.5 Install cNIS
Download cnis.war from https://forge.geant.net/forge/display/autobahn/Downloads and store it in Tomcat webapps folder.
Edit the WEB-INF/conf/as.properties file and set the alarm.service.url property to http://server.ip:server.port/autobahn/Alarm, where server.ip and server.port are the IP and port where AutoBAHN will be installed.
Please note that you can find the as.properties file and edit it either directly in cnis.war, or, if you have already started Tomcat, edit it in the webapps/cnis folder that Tomcat has produced from the WAR file.
Run (or restart) Tomcat, for example by running:
/etc/init.d/tomcat7 restart
Verify that cnis works by launching an internet browser and entering the following URL: http://<host>:<port>/cnis/AutobahnService?wsdl. If an xml file is displayed then your cNIS instance has been launched properly.
1.6 Setup network topology in cNIS
Launch cNIS UI in your internet browser, default credentials are admin/admin. Insert the information about network elements using web forms.
- Add the nodes(devices) of your domain (Navigation: ‘Ethernet’ Tab -> ‘Nodes’ \ ‘Add Node’)
o Specify the ‘name’ attribute of the node
o Specify the ‘IP address’ (management address) of the node
o Specify Vlan ranges available for ports on the given node. You can specify multiple ranges if the available vlans are not a continuous range.
· Add the interfaces (ports) for each of the nodes (Navigation: ‘Ethernet’ Tab -> ‘Nodes’ \ ‘Node list’ -> ‘view’ -> ‘Ports’ Tab -> ‘Add new port’)
o Fill in the following attributes:
§ Name
§ Status
§ Bandwidth
- Add the links between the interfaces of the connected nodes (Navigation: Ethernet Tab -> Add Link)
1.6.1 Adding the connections to the external domains
Choose the Ethernet tab and Add Link from the left menu labeled ‘External domains links’. Then a form should be displayed. Following information must be provided:
- External domain ID:
o Specify here the identifier of the external domain. This has to be the fully qualified name of your neighboring domain’s topology (for GEANT it is urn:ogf:network:geant.net:2013:topology). If your connection goes to an end point then you can put an arbitrary identifier (i.e. Client-domain).
- End port ID:
o Specify the public identifier of the terminating interface in the other domain. Only the actual STP name is required, not the fully qualified name (i.e. port-to-geant)
- Bandwidth:
o Specify here the capacity of the connection.
- Start node:
o Choose a node from the list. It is the node from your domain where the external link is attached.
- Start interface:
o Choose an interface from the list. It is the termination of the connection that belongs to your domain.
- VLAN ranges:
o Specify range of available VLAN identifiers on your side of the connection. (it can be a range or a single value or a combination i.e. 5,800-802,100-120)
After you have added the external link, click on the Start port name, then click on ‘Edit’ and in the input field ‘Public name’ put the port’s public name (e.g. p-to-dom2). The public name is the identifier that this port will be known to other domains (so that you do not have to announce internal identifiers to other domains).
1.6.2 Connections to end points
Client end points are treated similarly to neighboring domains. No separate node is needed to represent the client end host. In other words, all you have to add in cNIS is an external link (using the same steps shown above needed to create a connection to an external domain). The difference for client end points is that you also have to do the following step:
When you create the external link, you have to tick the checkbox for ‘Client’ in ‘General’ tab (mandatory). It is also preferable to give a description to this client through the ‘Description’ input box. The latter is optional, you can add for example ‘Data calculation cluster in Poznan’.
Click ‘Ok’ button to submit the data.
1.6.3 Multiple links attached to a single port
cNIS allows to define a topology where more than one links are attached to the same port. However, AutoBAHN will normally not allow such a topology: it will assume an insertion error and report it as such when reading the topology information from cNIS. In most cases this is desirable and helps the user identify insertion errors and correct the link and port definitions.
However, there may be cases where this scenario (having multiple links attached to the same port) is actually intended. In order to allow this, you have to find the relevant port in cNIS, click on ‘Edit’ in ‘General’ tab and tick the checkbox ‘Multiple links allowed’.
AutoBAHN will then make an exception for this specific port and allow it to have more than one links attached to it.
2 Setup AutoBAHN
The machine hosting cNIS is recommended to have 1GHz or faster processor, at least 2GB of memory and at least 5GB hard disk space. The machine should not be behind NAT.
AutoBAHN may be installed on the same machine as cNIS, but then 4GB of memory are recommended. If the same machine is used, then Java and PostgreSQL will already be installed, so these steps are skipped.
Here are the main steps that need to be done:
· Install NTP
· Install Java
· Install PostgreSQL
· Create AutoBAHN database
· Install AutoBAHN
· Configure AutoBAHN
2.1 Install NTP
It is very important for proper processing of requests, to keep the clock of the machine hosting AutoBAHN synchronized. For this you need to install NTP. For example on a Debian/Ubuntu run:
apt-get install ntp
2.2 Install Java
See Section 1.1.
2.3 Install PostgreSQL
See section 1.3.
2.4 Create AutoBAHN database
Perform the following steps to connect to PostgreSQL and create a database called abahn1 owned by a user called abahn with password geant:
su postgres
psql
postgres=# CREATE ROLE abahn ENCRYPTED PASSWORD 'geant' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;
postgres=# CREATE DATABASE abahn1 WITH OWNER abahn;
postgres=# \q
Finally, verify that the database was created by checking the output of the command:
psql -l
2.5 Install AutoBAHN
Download the latest autobahn.zip from https://forge.geant.net/forge/display/autobahn/Downloads.
Extract AutoBAHN.zip at the folder where you intend to install autobahn. The zip contains everything in a single folder named autobahn.
Run the following command to make sure all scripts are executable:
chmod +x *.sh
2.6 Configure AutoBAHN
Open the etc/autobahn.properties file and edit the following configuration options (leave the rest to their default values):
autobahn.properties (Configuration of general AutoBAHN parameters)
· domainName – The name of your domain (e.g. geant.net). This should be the same name that other IDMs use to refer to this domain.
· latitude, longitude – Coordinates of your IDM instance. Needed by AutoBAHN client portal to draw a map of IDMs
· topology.service=http://ts.ip:ts.port/topologyService
· server.ip – The globally accessible IP of the AutoBAHN server instance. It should not be a localhost, loopback or NAT address.
· server.abahnSecurePort – The secure port where AutoBAHN services will be listening. Make sure that this port is not already taken by another process (e.g. Tomcat if it also running on the same machine).
· cnis.address – The URL of the cNIS service.
· protocol=https
· keystore.pwd – The password of your keystore file (located at etc/security/tls/keystore.jks).
· key.pwd – The password of your private key inside the keystore file.
· truststore.pwd – The password of your truststore file (located at etc/security/tls/truststore.jks). No need to change if you use the truststore file provided (password: StorePass).
· tool.address – The Technology Proxy address where reservations requests will be sent for adding / removing the circuits.
· cmon.address – The CMon address where requests for monitoring of circuits will be sent. If set to none, no monitoring will be used.
· provider_url – Replace the localhost:8080 with your server’s ip:port.
· requester_url – Replace the localhost:8080 with your server’s ip:port.
· provider_nsa – Replace the “geant.net” part with your domain name.
· bearer_auth_enabled – Required if you have a peering with Surfnet domain. In you do peer with Surfnet, set this field to true.
2.7 Configure TLS
The official GEANT BoD service utilizes certificates that are provided by eduPKI.
Use keytool (command line) or KeyStore Explorer (GUI) to open the etc/security/tls/keystore.jks file (password of the default file: autobahn) and insert your private key and certificate, signed by eduPKI.
3 How to start and shutdown AutoBAHN
To start AutoBAHN, go to the folder where it has been installed and type: ./start.sh
If there are no mistakes in configuration or topology, you can see the log messages of the initialization process. You may also check whether the service is running by using a browser and accessing the URL:
https://server.ip:server.abahnSecurePort/autobahn/uap?wsdl
server.ip and server.abahnSecurePort are the corresponding values that you used in etc/autobahn.properties.