Facility managers's manual
Only Perun admin is competent to work with facility in a full scope, but Facility manager is entitled to do following tasks:
- 1 Create facility
- 2 Add owner
- 3 Create a Resource
- 4 Assign service to Resource
- 5 Set attributes
- 6 Show destinations
- 7 How to monitor states of services
- 8 Services from the facility manager's point
VO MANAGER role needed
Please log in into the Perun system and then go to the Facility manager section.
On the left panel please click on Facilities. Now you can see the list of the facilities you can manage.
1. Create definition
- Fill Name of facility and her definition in box Description. The description should be brief for what purpose the device was created.
- At this moment facility has been created.
2. Add managers
- When creating facility, you will automatically become a facility manager.
- Click on Add button if you want to add another manager.
- If you want to remove the manager from required facility, mark manager and click on Remove button.
3. Add owners
You may skip this step.
- Click on Add button if you want to add owner.
- If you want to delete the owner from the required facility, mark the owner and click Remove button.
4. Add hosts
You may skip this step. Create a host if the facility is represented by a computer (physical or virtual).
- Fill hostname at window in left one host per line and click Add button.
- If you want to delete the hostname, mark the hostname and click Remove button.
- Click on Continue button.
5. Select services
- Select a set of services that will be managed by Perun throught this facility.
6. Configure services
- Fill in the values of each field.
7. Configure service destinations
- You can skip this step, but without setting destinations, Perun don‘t sent any configurations of services nowhere. We recommend setting destinations until you are satisfied with the facility and resource settings, destinations can be added at any time later.
- Here you add destinations for service configuration delivery.
- Select a destination type and enter value by type. Destination value can‘t be empty.
- The most common type is a host that transmits the configuration using SSH to target facility. In the case of a host type, it is not necessary to list the host manually.
- You can use the Use names of all facility hosts check-box.
- Service destination add by clicking Add button.
- You can also remove service destinations by selecting check-box and click on Remove button.
- Now your facility was created and configured.
Every facility must have his owner to know what organization is responsible for its utilization. There are list of owners in the page of selected facility in GUI. Click Owners in left menu. Buttons Add and Remove serve to add new owners or remove the old ones.
Create a Resource
FACILITY MANAGER role needed
Resource is a part of facility that serves for particular VO. Only Facility manager is allowed to create and delete a resource. Facility manager can only see which resources are connected to facility by selecting particular facility and clicking on Resources in the left menu. In the same place can be resource created or deleted.
Here is created bond of services and resources, if you want to add a group to a resource you must be a VO manager.
Please log in into the Perun system and then go to the Facility manager section. On the left panel please click on Select facility. If you have not created a facility yet, follow the Create facility manual.
- Use the filter window to locate the facility you created. Enter the facility name and search.
- Click on the facility to select the facility you want. On the Resource tab, click the Create button.
- In the small window, select the VO for which source you want to create.
- Fill Name and Description.
- Name - Please insert the desired resource name. Name of resource can be whatever, but you shall keep conventions in your VO.
- Description - Here you can insert your own resource description to specify its purpose.
- Click on Create button or cancel by clicking on Cancel button
Create resource: Assign and configure services
Select service you want to assign from drop-down Selected service of all services.
Service settings will be shown in table below.
Check-box Show assigned to show you the services already assigned to the resource.
- The Fill button automatically fills the service field and the Remove button deletes the selected service settings.
Services serve to synchronize state of facility (in real world) with its state configured in the Perun system. Assigning service to resource, facility manager allows VO connected with resource to utilize this service. Services are assigned to each resource separately because not every services are required by every VO. Service must be set on facility first, then on the resource.
It is essential to set all necessary attributes for proper utilization of facility. Attributes must be set in a good order. First attributes in the facility, then attributes in the resource. In addition, attributes in resources can be set only in scope of attributes in facility. Every service has required attributes that must be set for correct work of service.
Destinations are tightly connected with services. Only facility manager can assign services to destinations. Service destinations are available after clicking on button Service destinations in left menu of particular facility.
There are several types of Destinations:
- host - data will be sent to the machine using SSH
- url - data will be sent to the URL using POST
- email - data will be sent in the body of email to the given address
- semail - data will in the body of digitally signed email
How to monitor states of services
- GUI: select facility and click on Propagation status in left menu. Detail of service is obtained by clicking on the line with service.
- CLI: getTaskResultsForDestinations
- Perl: $propagationStatsReaderAgent->getTaskResultsForDestinations(destinations => \@destinations)
Services from the facility manager's point
Services are tools to keep real-life facilities synchronized with their settings in the Perun system. Most of services is realized by set of scripts:
- gen scripts serves to select data from database in Perun
- send scripts serves to send data from database to destinations (real-life facility)
- slave scripts serves to operate with data in the facilities
Facility and VO manager make an arrangement for services that facility utilize and for structure and type of data. Especially slave scripts are important for facility admin.
By clicking on the Service propagation in the left menu, list of services and their propagation status is obtained. By button Force propagation, propagation of particular service is queued. Dependig on the lenght of queue, it may take several seconds to propagate your task.
Slave scripts instalation
There are packages containing slave scripts for debian and RPM systems, prepared for facility managers. In a case of need, packages for other systems can be prepared. Scripts to gen, send and slave are available from Meta repository (package perun-slave). Perun is authorized to machine using SSH key. All scripts in the destination facility are available in /opt/perun/bin/. For facilities which are installed by puppet modules is prepared module described at https://forge.puppetlabs.com/ceritsc/perun
How to install scripts to facility
- For Debian based machines add MetaCentrum's package repository to your host.
- For RH based machines are packages available in RPM repository
- Install perun-slave-base package and then packages for the services you require, e.g. to support sshkeys service install perun-slave-process-sshkeys.
apt-get install perun-slave-base # then for each service apt-get install perun-slave-process-[service-name]
- If you wish, you can install packages for all services with this meta-package: perun-slave-full.
apt-get install perun-slave-full
- For MetaCentrum machines install perun-slave-meta-key package, which allow access from CESNET Perun instance. SSH key without use perun-slave-meta-key can be inserted manually: insert into
- Also install perun-slave-metacentrum to get basic set of services for Metacentrum.
apt-get install perun-slave-meta-key perun-slave-metacentrum
New edits of slave scripts are made concerned matching versions of gen scripts. Version number contains 3 digits:
- first is version of system Perun (now 3)
- second is changed when gen script changed and new version of slave scripts is necessary to install
- third is changed when gen script is changed, but slave script accept it
There is strong tendency to keep slave scripts same in all facilities, but sometimes facilities have specific requirements (e.g. settings of home directories, paths to scripts etc.). As a consequence, pre and post scripts are introduced. They differ in every facility and complement functionality of slave scripts. When slave script starts, it searchs for
pre_ script in the service directory and runs it before its own functionality starts. The same process is after slave script execution, the
post_ scripts are run.
All scripts are executed in the alphabetical order; therefore we recommend to name scripts according to pattern: pre_XX_name, where XX is number with two digits that specify order of script's execution. Pre and post scripts are created by facility managers. In addition, there is no need to create these scripts if facility manager is satisfied with default settings. Finally, there is a freedom in utilizing services thanks to customizable pre and post scripts.
Perun is installed to the machine (facility) with all possible slave scripts, but blacklisting and whitelisting of scripts depend on configuration in the Perun system. As far as whitelisting is concerned, no other service with an exception of the whitelisted ones will be executed. As for blacklisting, all services will be executed except of the blacklisted one.
Example of blacklisting /etc/perunv3.conf:
Example of whitelisting /etc/perunv3.conf:
Pushed synchronous propagation
When installation is complete, it is necessary to propagate services. Command remctl is available in package remctl-client in distributions.
remctl perun.ics.muni.cz perun propagate
Propagate all services defined in the machine.