VIFIB DESCENTRALIZED CLOUD COMPUTING

SlapOS is a decentralized Cloud Computing technology that can automate the deployment and configuration of applications in a heterogeneous environment.

Installing a SlapOS Node

This tutorial will guide you through the process of installing a SlapOS node on a computer. This node is supposed to be the first node (COMP-0) to be created after installing the SlapOS Master (COMP-ROOT). It is required to provide the following services to the SlapOS Master and other nodes in the network (COMP-123):

  • Re6st Registry - a register to manage a network of nodes, provide IPv6 and issue access tokens
  • Frontend (Apache) - a gateway for user requests allowing to access network internal services via browser
  • SimcardDB - a database of registered simcards that can be queried by network nodes

Make sure to have read the generic SlapOS introduction and SlapOS architecture as well as system requirements to understand the relation between the SlapOS Master and nodes and what nodes are used for in a network.

For this tutorial you will require a SlapOS Master (install a SlapOS Master) to register your node with and another computer on which to install the SlapOS node. The tutorial will use an arbitrary GNU/Linux server from a cloud provider (Debian8, available for example from OVH or Online.net) with wget installed.

Table of Content

  • Install SlapOS Node
  • Provide Frontend (Apache)
  • Provide Re6st Registry
  • Install Re6st on SlapOS node
  • Add SimcardDB to Software Catalogue
  • Provide Simcard DB

Install SlapOS Node

This section will run through the steps of installing the software for the SlapOS COMP-0 node. Most of the steps for other nodes are similar - however due to required services not existing at this point, the order of steps differs.

Get SlapOS Master Token

SlapOS Node Installation - Request Association Token

Head to the SlapOS Dashboard at:

[instance-IPv4]/erp5/web_site_module/hostingjs/

and log in as a regular user (the zope username/password will not work, you should have created a user account on the SlapOS Dashboard while setting up the SlapOS Master). Click on the Servers link in the side to go to your list of servers.

When using the single line installer, you have to provide a X509 security token to identifiy your node with a SlapOS Master and enable it to manage the node within a network. To get such a token, in the subheader, click Token.

Association Token

SlapOS Node Installation - Association Token

Click Proceed to request a token. Once it's generated, copy the token for later. Note, that the token can only be used once. If the installation of SlapOS fails for whatever reason and you need to retry, you need to request a new token before.

Temporary IPv6 Address

sudo su

# include temporary IPv6 on lo
ip -6 addr add fc01::1/32 dev lo

Head to the terminal to access your server. As COMP-0 will later provide Re6st and IPv6 to the network there is no IPv6 at this point. We need to add a temporary IPv6 address range as shown in the code above.

More rationale: SlapOS requires an IPv6 network and uses Re6st for enabling IPv6 in heterogenous environments (distributed machines, different types).

To setup a Re6st node which can provide IPv6 connectivity, a Re6st Registry is required. It will be deployed on COMP-0 together with the first Re6st "gateway" node. But in order to deploy it, SlapOS needs to be installed and to install SlapOS, IPv6 is required. Hence a temporary IPv6 adress range until the Registry is available, at which point it will be removed again and before correctly installing Re6st with IPv6 automatically being added.

Single Line Installer

sudo su
# wget deploy.erp5.net/slapos && bash slapos

...

What is the url to the SlapOS Master API? [https://slap.vifib.com/]: 
What is the url to the SlapOS Master Website? [https://slapos.vifib.com/]: 
What is this computer name? [noname]:
If you have slapos token if you have? [notoken]:

Continue and use the single line installer. You will be asked a set of questions during the installation. As you are connecting to your own master, on the first question, please point to port 5443 of your master's IPv4 adress, so enter https://[IPv4]:5443 and on the second question, please add your SlapOS Master dashboard url: https://[IPv4]:443/erp5/web_site_module/hostingjs/

Choose a name for your computer to identity it in your network and finally enter the association token you have received earlier from your SlapOS Master. The installation can be repeated in case something goes wrong or you would like to change some of the entered parameters.

Once the installation has finished without errors, you should see:

...
PLAY RECAP *********************************************************************
127.0.0.1                  : ok=12   changed=4   unreachable=0   failed=0

In case installation fails and you want to start over, you need to request a new token as mentioned above and, depending on whether already created, remove any existing configuration in /etc/opt/slapos/slapos.cfg before restarting.

You can verify that SlapOS was installed by trying:

# slapos node
watchdog                   RUNNING   pid 13270, uptime 0:00:03

And (re)formatting the SlapOS node (formatting SlapOS nodes):

# slapos node format --now
2018-04-21 13:07:29 slapos[13279] INFO Updating Computer
2018-04-21 13:07:30 slapos.format[13279] INFO Partition resources saved to slappart0
2018-04-21 13:07:30 slapos.format[13279] INFO Partition resources saved to slappart1
2018-04-21 13:07:30 slapos.format[13279] INFO Partition resources saved to slappart2
2018-04-21 13:07:30 slapos.format[13279] INFO Partition resources saved to slappart3
2018-04-21 13:07:30 slapos.format[13279] INFO Partition resources saved to slappart4
2018-04-21 13:07:30 slapos.format[13279] INFO Partition resources saved to slappart5
2018-04-21 13:07:30 slapos.format[13279] INFO Partition resources saved to slappart6
2018-04-21 13:07:30 slapos.format[13279] INFO Partition resources saved to slappart7
2018-04-21 13:07:30 slapos.format[13279] INFO Partition resources saved to slappart8
2018-04-21 13:07:30 slapos.format[13279] INFO Partition resources saved to slappart9
2018-04-21 13:07:30 slapos[13279] INFO Posting information to 'https://54.37.31.108:
  5443/'
2018-04-21 13:07:30 slapos[13279] INFO slapos successfully prepared the computer.

SlapOS Dashboard - Registered Servers

SlapOS - Server List

Head back to your SlapOS Dashboard and verify the list of servers now includes your SlapOS Node which was associated to your network using the token you had created. You may have to refresh the page for the server to show up.

Note, the entry has three clickable areas:

  • The line itself (click server name for example) points to the server configuration
  • Clicking the Computer button will open the monitor - the green color indicates the server is active and contacting the Master.
  • As this server does not have any computer partitions installed yet, the second button next to Computer is still missing.

Provide Frontend (Apache)

The first software to be installed on the COMP-0 node is an Frontend (Apache). To instantiate the Frontend, a wildcard SSL certificate is required. If you do not have a certificate, follow the steps in how to request a wildcard SSL certificate before continuing.

Frontends are available in SlapOS because they:

  • prevent end users from having to use IPv6
  • provide secure https connections with valid certificate
  • route access through a central, auditable entry point
  • give meaningful urls internally instead of only displaying IPv6 addresses

Supply Service Frontend

Slapos Dashboard - Supply Service Frontend Apache on COMP-0

Pick any of the available Slave nodes and click on the server (NOT the green buttons for monitoring the computer or its partitions). In our example we currently only have a single node registered without an partitions, so select this node to open it's configuration. You can see in the bottom table Supplied Software that this node does currently not provide any software.

To continue, click the Supply button in the subheader to open the list of available software (releases) that can be installed on this node. Note, the following process of installing and supplying a software is the the same for all softwares provided.

To install a software relase like Frontend (Apache) on a node, click on the node and in the subheader, click Supply.

Select Frontend Software Release

SlapOS Dashboard - Select Software Release to supply

Select the Frontend (Apache) software release. Note, that a default installation of a SlapOS Master already comes with several software releases preinstalled. The section on providing a SimcardDB will show how to add a custom software release to the catalogue of the SlapOS Master and then install this software on a node.

Select Frontend Software Release Version

SlapOS Dashboard - Select Software Release Version

Select the latest version.

Launch Frontend Software Release Installation

SlapOS Dashboard - Launch Software Release Installation

The subsequent dialog summarizes the software release to be installed as well as the computer it will be installed on. To continue, click Proceed in the header.

Wait for Frontend Installation

SlapOS Dashboard - Access Computer

After clicking Proceed you will be forwarded to the installation status page.

Installation will take some time depending on the software you are installing, so either refresh the current page or check installation status directly by either going to your Servers list and selecting the machine you chose during installation or clicking directly on Computer Reference.

Verify Frontend Installation

SlapOS Dashboard - Verify Installation Success

You can see the installed service is now available in the bottom list. The indicator will stay red until the software has finished compiling and installing. Once the installation status bar changes to green on a refresh of the page, the installation has finished. The node can then provide Frontend (Apache) or whichever software you requested to install.

You can follow the compilation by looking at the slapos-node-software.log using:

# tail /opt/slapos/log/slapos-node-software.log -f
in your terminal.

List of Instantiated Services

SlapOS Dashboard - Add Service

Head to the list of services by clicking on the Services button on the side menu. The list will show all services currently instantiated (not the software currently installed!). To create an instance of an installed software, click the Add button in the subheader.

Select Frontend Service

SlapOS Dashboard - Select Service

The list of available services is the same as the list of installable software releases used earlier when installing the service. Select Frontend (Apache) as this is the service we want to provide.

Select Frontent Service Version

SlapOS Dashboard - Select Service Version

As during installation, please choose the latest version.

Note, that this is an easy case, as there is only a single version installed on one node. More complex networks will likely have multiple versions of a software installed on different nodes.

Frontend Service Configuration

SlapOS Dashboard - Frontend Instance Configuration

You will reach the Frontend configuration menu and can see that it contains a form of software-specific parameters as well as a generic XML configuration field (hidden by default - click the button to display). NOTE: at point of writing, please ONLY USE THE XML PARAMETERS to pass instance configuration in case you want to request a FRONTEND.

Select Software-Type custom personal, then click the button to display the XML configuration. Give the Frontend an optional name and make sure you select the computer you created at the end of the form. Otherwise the SlapOS Master will look by itself on which node the instance should be created (not relevant in this case as there is only one computer).

Add a service title, then add the following XML configuration parameters:

<?xml version="1.0" encoding="utf-8"?>
<instance>
    <parameter id="public-ipv4">[IP_OF_YOUR_SERVER]</parameter>
    <parameter id="ip-read-limit">40</parameter>
    <parameter id="re6st-verification-url">https://www.erp5.com/getId</parameter>
    <parameter id="apache-key">[AAA]</parameter>
    <parameter id="apache-certificate">[BBB]</parameter>
    <parameter id="apache-ca-certificate">[CCC]</parameter>
    <parameter id="domain">[slaptest.erp5.net]</parameter>
    <parameter id="-frontend-quantity">1</parameter>
    <parameter id="-frontend-type">custom-personal</parameter>
    <parameter id="-sla-1-computer_guid">[COMP-XXXX]</parameter>
</instance>

with:

  • [IP_OF_YOUR_SERVER]: IPv4 address of your server (debian@xxx.this.one.xxx)
  • [AAA]: ssl key (privkey.pem)
  • [BBB]: ssl certificate (cert.pem)
  • [CCC]: ssl ca certificate (chain.pem)
  • [domain]: the domain you are using (slaptest.erp5.net)
  • [COMP-XXXX]: computer where the partition for this Frontend will be created.

Click Proceed to start instantitation.

Instantiation and Port Forwarding

SlapOS Dashboard - Socat Port Forwarding

Refresh the list of current services to show the new service and status.

You can follow the compilation progress by looking at the slapos-node-software.log using:

# tail /opt/slapos/log/slapos-node-software.log -f

The Frontend will be installed inside a computer partition (see SlapOS system requirements) and will listen on ports 8080 and 4443. As user permissions in Linux systems prevent accessing ports larger than 1024, incoming traffic on public ports 80 and 443 has to be forwarded to the correct ports the Frontend is listening on.

This can be done using a Firewall with NAT traversal or using Socat. We will use Socat, a relay for bidirectional data transfer between two independent data channels. Data channels can be files, pipes, devices (terminal or modem, etc.), or sockets (Unix, IP4, IP6 - raw, UDP, TCP), etc. For more information, please refer to the Free Software Directory).

To install socat, head to your terminal and:

sudo su
# sudo apt-get install socat

Find the IPv6 adresses used by the Frontend which is in its configuration folder:

root@slapostest2:/# cat /srv/slapgrid/slappart*/etc/apache_frontend.conf | grep "Listen"
Listen 10.0.176.4:8080
Listen 10.0.176.4:4443
Listen [2401:5180:0:42::xxxx]:8080
Listen [2401:5180:0:42::xxxx]:4443
ServerAdmin admin@example.com
DefaultType text/plain

Use the IPv6 adresses for ports 8080 and 4443.

Listen [2401:5180:0:42::d62a]:8080
Listen [2401:5180:0:42::d62a]:4443

Then call socat:

root@slapostest2:/# socat  TCP4-LISTEN:80,fork TCP6:[2401:5180:0:42::xxxx]:8080 &
socat TCP4-LISTEN:443,fork TCP6:[2401:5180:0:42::xxxx]:4443 &

To see whether your bindings are active, you can

root@slapostest2:/# ps aux | grep socat
debian    4299  0.0  0.0  12728  2208 pts/0    S+   11:04   0:00 grep socat
root     24449  0.0  0.0  19644  2696 ?        S    Mar20   0:00 socat 
  TCP4-LISTEN:80,fork TCP6:[2401:5180:0:42::xxxx]:8080
root     24674  0.0  0.0  19644  2604 ?        S    Mar20   0:00 socat 
  TCP4-LISTEN:443,fork TCP6:[2401:5180:0:42::xxxx]:4443

You can also verify that the port forwarding is working by accessing your frontend URL (in our case) foobar.slaptest.erp5.net in a browser. If successful, the listener should forward to the IPv6 address the Apache frontend is listening on.

In case the frontend is not or no longer accessible, you can check on your node by:

 

sudo su
# slapos node
slappart8:bootstrap-monitor                EXITED    May 22 04:16 PM
slappart8:certificate_authority-on-watch   RUNNING   pid 891, uptime 16:51:03
slappart8:crond-on-watch                   RUNNING   pid 883, uptime 16:51:03
slappart8:frontend-apache-safe-graceful    EXITED    May 22 04:16 PM
slappart8:frontend-nginx-safe-graceful     EXITED    May 22 04:16 PM
slappart8:frontend_apache-on-watch         RUNNING   pid 887, uptime 16:51:03
slappart8:frontend_nginx-on-watch          RUNNING   pid 889, uptime 16:51:03
slappart8:monitor-httpd-graceful           EXITED    May 22 04:16 PM
slappart8:monitor-httpd-on-watch           RUNNING   pid 885, uptime 16:51:03
slappart8:trafficserver-on-watch           RUNNING   pid 888, uptime 16:51:03
slappart8:trafficserver-reload             EXITED    May 22 04:16 PM
slappart9:bootstrap-monitor                EXITED    May 22 04:15 PM
slappart9:certificate_authority-on-watch   RUNNING   pid 681, uptime 16:52:02
slappart9:crond                            RUNNING   pid 684, uptime 16:52:02
slappart9:monitor-httpd-graceful           EXITED    May 22 04:15 PM
slappart9:monitor-httpd-on-watch           RUNNING   pid 680, uptime 16:52:02
watchdog                                   RUNNING   pid 26276, uptime 17:53:03

If the Frontend is running check if socat is working:

# ps aux | grep "socat"
root      3234  0.0  0.0  12728  2180 pts/0    S+   09:02   0:00 grep socat

Redo the socat binding in this case to reach the Frontend again.

Monitor Url Connection Parameter

SlapOS Dashboard - Service Frontend Apache Connection Parameters

After setting up port forwarding on your Dashboard, click on the Services menu and select the Frontend entry to re-open the configuration page (same as before click the service name, don't click the red/green computer status icon but the service name directly).

If port forwarding is set correctly, your instance should now have a green status.

Note, that after instantiation, the configuration page will contain additional sections at the bottom. Once the status turns green and instantiation finished successfully, there should be a number of connection parameters available when you scroll down beyond the configuration form. Open the monitor url to see if the frontend is accessible.

Verify Service Frontend Is Accessible

SlapOS Dashboard - Service Frontend Apache Accessability

If the Frontend is accessible you should get an XML output similar to the one being pictured. As mentioned you can try any wildcard-url based on the one declared before (slaptest.erp5.net) for which the ssl certificate was issued such as foobar.slaptest.erp5.net.

List of Instantiated Services

SlapOS Dashboard - Add Service

Next, we will create a second instance of the Frontend to create an easier to use url to access the SlapOS Dashboard. Head back to the Services menu and click Add again.

Select Frontend Service Instance

SlapOS Dashboard - Select Service

Select Frontend

Select Frontent Service Version

SlapOS Dashboard - Select Service Version

As during installation, please choose the latest version.

Frontend Slave Configuration Parameters

SlapOS Interface - Service Frontend Slave Configuration Parameters

Select Custom Personal (Slave) and give your Frontend a recognizable name. Then add the Backend Url you want this Frontend to connect to. In the screenshot pictured, it is the url to a SlapOS Master Dashboard. The backend url

https://54.37.31.10/erp5/web_site_module/hostingjs/

points to this Dashboard. Set Custom Domain AND Server Alias to the wildcard domain you want to use

master.slaptest.erp5.net

then scroll down to the bottom of the page and (don't forget) to select the computer to provide the Frontend slave.

Click Proceed to continue and request instantiation.

Frontend Slave Instantiation

SlapOS Interface - Instantiate Service Frontend Slave

You will be forwarded back to the list of deloyed services. Note that you might have to refresh the page for your new instance to appear. Once you can see it, click on entry to open the connection parameters. Also note, that the Frontend Slave will not have

Frontend Slave Connection Parameters

SlapOS Interface - Service Frontend Slave Connection Parameters

Note, it might take a few minutes for the instance to become available. Refresh the page from time to time until the connection parameter table displays parameteres. Once the Secure Access entry shows the requested URL, the Frontend Slave is setup and working.

Frontend Slave Running

SlapOS Interface - Verify Frontend Slave Accessability

If you go to your requested URL (master.slaptest.erp5.net) you can see that it points to the selected backend URL.

Should you have problems in loading the page, you try restarting the Frontend by ssh-ing into your node, locating the frontend_apache-on-watch process and restarting it.

sudo su
# slapos node 
slappart8:bootstrap-monitor                EXITED    Mar 20 02:28 PM
slappart8:certificate_authority-on-watch   RUNNING   pid 12137, uptime 0:33:54
slappart8:crond-on-watch                   RUNNING   pid 12125, uptime 0:33:54
slappart8:frontend-apache-safe-graceful    EXITED    Mar 20 02:28 PM
slappart8:frontend-nginx-safe-graceful     EXITED    Mar 20 02:28 PM
slappart8:frontend_apache-on-watch         EXITED    Mar 20 02:28 PM
slappart8:frontend_nginx-on-watch          RUNNING   pid 12136, uptime 0:33:54
slappart8:monitor-httpd-graceful           EXITED    Mar 20 02:28 PM
slappart8:monitor-httpd-on-watch           RUNNING   pid 12128, uptime 0:33:54
slappart8:trafficserver-on-watch           RUNNING   pid 12134, uptime 0:33:54
slappart8:trafficserver-reload             EXITED    Mar 20 02:28 PM
slappart9:bootstrap-monitor                EXITED    Mar 20 02:29 PM
slappart9:certificate_authority-on-watch   RUNNING   pid 11866, uptime 0:36:16
slappart9:crond                            RUNNING   pid 11867, uptime 0:36:16
slappart9:monitor-httpd-graceful           EXITED    Mar 20 02:29 PM
slappart9:monitor-httpd-on-watch           RUNNING   pid 11865, uptime 0:36:16
watchdog                                   RUNNING   pid 24426, uptime 7 days,...

To restart a service you can use slapos node restart slappart8:frontend_apache-on-watch.

Provide Re6st Registry

This section will cover the steps required to supply and instantiate a Re6st Registry.

Re6st is used in SlapOS to create a mesh network and route traffic through available nodes. To setup Re6st while configuring COMP-0, it is first required to instantiate a Re6st Registry - a register which manages Re6st nodes in a network and issues tokens for new nodes to join the network.

Install Re6st Software Release on Node

Slapos Dashboard - Supply Service Re6st Registry on COMP-0

Pick any of the available Slave nodes and click on the server (NOT the green buttons for monitoring the computer or its partitions). In our example we currently only have a single node registered without an partitions, so select this node to open it's configuration. You can see in the bottom table Supplied Software that this node now already provides Frontend (Apache). We will add Re6st in the same way.

To continue, click the Supply button in the subheader to open the list of available software (releases) that can be installed on this node.

Select Re6st Software Release

SlapOS Dashboard - Select Software Release to supply

Select the Re6st software release.

Select Re6st Software Release Version

SlapOS Dashboard - Select Software Release Version

Select the latest version.

Launch Re6st Software Release Installation

SlapOS Dashboard - Launch Software Release Installation

The subsequent dialog summarizes the software release to be installed as well as the computer it will be installed on. To continue, click Proceed in the header.

Wait for Re6st Installation

SlapOS Dashboard - Access Computer

After clicking Proceed you will be forwarded to the installation status page.

Installation will take some time depending on the software you are installing, so either refresh the current page or check installation status directly by either going to your Servers list and selecting the machine you chose during installation or clicking directly on Computer Reference.

Verify Re6st Installation

SlapOS Dashboard - Verify Installation Success

You can see the installed service now includes Re6st. The indicator will stay red until the software has finished compiling and installing. Once the installation status bar changes to green on a refresh of the page, the installation has finished.

You can follow the compilation by looking at the slapos-node-software.log using:

# tail /opt/slapos/log/slapos-node-software.log -f
in your terminal.

List of Instantiated Services

SlapOS Dashboard - Add Service

Head to the list of services by clicking on the Services button on the side menu. The list will show all services currently instantiated (not the software currently installed!). To create an instance of an installed software, click the Add button in the subheader.

Create New Res6st Registry Instance

SlapOS Dashboard - Select Service

The list of available services is the same as the list of installable software releases used earlier when installing the service. Select Re6st as this is the service we want to provide.

Select Re6st Service Version

SlapOS Dashboard - Select Service Version

As during installation, please choose the latest version.

Re6st Registry Configuration

SlapOS Dashboard - Re6st Registry Service Configuration Parameters

Give a name to your Registry (RE6IST_REGISTRY_ON_FIRST_NODE in the example) and then select Software Type Default which will load a form with instance-specific parameters.

Set the following parameters:

IPv6 prefix: fc01::/7
Default length of allocated prefix: 16

Don't forget to select your computer at the end of the form to prevent the SlapOS Master allocating the Registry on a computer of its choice.

Click Proceed to start instantitation. This will forward you to the list of current services.

Re6st Registry Port Forwarding

SlapOS Interface - Re6st Service Instantiation

Refresh the page to show your instance and installation status.

You can follow the compilation by looking at the slapos-node-software.log using:

# tail /opt/slapos/log/slapos-node-software.log -f

 

Since the Registry is listening on port 19201 and user permissions in Linux systems prevent accessing ports above 1024, traffic must be forwarded.

This can be done using a Firewall with NAT traversal or using Socat. We will use Socat, a relay for bidirectional data transfer between two independent data channels. Data channels can be files, pipes, devices (terminal or modem, etc.), or sockets (Unix, IP4, IP6 - raw, UDP, TCP), etc. For more information, please refer to the Free Software Directory).

To install socat in case needed, head to your terminal and:

sudo su
# apt-get install socat

Still in your terminal, start to see whether the Registry has finished installing (use # slapos node instance to follow installation):

# netstat -natp | grep 9201
tcp   0  0 10.0.27.44:9201       0.0.0.0:*          LISTEN       26027/python2.7
tcp   0  0 10.0.27.44:40706      10.0.27.44:9201    TIME_WAIT    -
tcp   0  0 10.0.27.44:40699      10.0.27.44:9201    TIME_WAIT    -
tcp   0  0 10.0.27.44.9201       10.0.27.44.:40655  TIME_WAIT    -
tcp   0  0 :::9201               :::*               LISTEN       26027/python2.7

Find the IP using:

# ifconfig eth0 | grep inet
            inet addr:167.114.246.26  Bcast:167.114.246.26  Mask:255.255.255.255

Then call Socat with the listening tcp entry and the inet addr:

# socat TCP4-LISTEN:9201,fork,bind=167.114.246.26 TCP4:10.0.27.44:9201 &

Note, that your Registry master-url in the example is 167.114.246.26:9201. SAVE THIS URL. You will need to provide it whenever you want to connect a new node to the network.

To verify whether port forwarding works, you can:

# ps aux | grep socat

root 1954  0.0  0.0  19648  1748 pts/1 S  12:46 0:00 socat TCP4-LISTEN
  :9201,fork,bind=167.114.246.26 TCP4:10.0.232.26:9201
root 1963  0.0  0.0  12728  2224 pts/1 S+ 12:46 0:00 grep socat
root 3309  0.0  0.0  19648  2688 pts/0 S  09:03 0:00 socat TCP4-LISTEN
  :80,fork TCP6:[fc01::b566]:8080
root 3310  0.0  0.0  19648  2740 pts/0 S  09:03 0:00 socat TCP4-LISTEN
  :443,fork TCP6:[fc01::b566]:4443

Before finishing make sure that any temporary IPv6 adress space added installation of the SlapOS node itself is removed. On your terminal, run:

sudo su
ip -6 addr del fc01::1/32 dev lo

IPv6 will be reset when the first (gateway) node is being created.

Verify Re6st Is Accessible

SlapOS Re6st Registry Service Accessability

Once port forwarding is setup, try accessing the registry over the Registry master-url 167.114.246.26:9201. Note down this URL, it needs to be provided every time Re6st is installed on a new server to be added to the network.

Install Re6st on SlapOS Node

This section will cover the steps required to install Re6st on a SlapOS node. This includes getting a Re6st access token and running the single line installer.

List of Instantiated Services

SlapOS Dashboard - Add Service

Head to the list of services by clicking on the Services button on the side menu. The list will show all services currently instantiated (not the software currently installed!). To create an instance of an installed software, click the Add button in the subheader.

Create New Res6st Token Instance

SlapOS Dashboard - Select Service

The list of available services is the same as the list of installable software releases used earlier when installing the service. Select Re6st as this is the service we want to provide. The differentiation between Registry and Token will be made via the configuration parameter Software-Type.

Select Re6st Service Version

SlapOS Dashboard - Select Service Version

As during installation, please choose the latest version.

Re6st Registry Configuration

SlapOS Dashboard - Re6st Token Service Configuration Parameters

Select Software Type Re6st Token which will load a form with instance-specific parameters. As mentioned, the token is actually a slave instance of the Registry (and in case of COMP-0 a first gateway node).

Every new node will require a token, so give this token a recognizable name (Re6st-LTE-Box-123 for example).

Select the Computer on which the Registry of your SlapOS Master was installed at the bottom of the page, then click Proceed to instantiate the service and be forwarded to the list of current services. Refresh the page, it may take a few minute for the node to be instantiated and the token to appear. It is a single use token to connect one other node to the network.

Instantiate Re6st Token

SlapOS Dashboard - Service Re6st Token Instantiation

Click Proceed to instantiate a new token. Refresh the list of instantiated services to make the token appear. Click on it to access the connection parameters.

Token Connection Parameters

SlapOS Interface - Re6st Token Connection Parameters

Locate the token in the Connection Parameters. It might require a few minutes to show up. Refresh the page to see whether the token has been instantiated.

You can now install Re6st on this machine. It will add back actual IPv6 after the temporary IPv6 has been removed previously.

Installing Re6st

sudo su
# wget https://deploy.erp5.net/re6st && bash re6st

SSH back into the terminal of COMP-0 and install Re6st using wget as shown above. At some point the script will ask you to:

What is the Url of the Re6st registry [https://re6stnet.nexedi.com]:
Please insert your re6stnet token [notoken]:

Provide the master_url noted earlier (http://[your_IPv4]:9201) along with the token created in the previous steps and continue. The setup should finish without errors:

...
PLAY RECAP *********************************************************************
127.0.0.1                  : ok=24   changed=7   unreachable=0   failed=0

Verify Files Created

sudo su
# ls /etc/re6stnet/
ca.crt     cert.cert     cert.key     re6stnet.conf     README

Verify that the configuration files were created.

Update Re6st Configuration File

sudo su
# nano /etc/re6stnet/re6stnet.conf
registry http://167.114.246.26:9201/
ca ca.crt
cert cert.crt
key cert.key
# increase re6stnet verbosity:
#verbose 3
# enable OpenVPN logging:
#ovpnlog
# increase OpenVPN verbosity:
#O--verb
#O3
O--socket-flags
O"TCP_NODELAY"
...

You need to add the master_url IPv4 adress to the Re6st configuraiton file as it is the first gateway node. In this example, add:

# added the following to the end of the file first node
ip 167.114.246.26
gateway

Then restart Re6st afterwards using service re6stnet restart.

Verify Re6st is Running

sudo su
# service re6stnet status

You can use the above command to see whether Re6st is working. The output should be similar to:

● re6stnet.service - (null)
   Loaded: loaded (/etc/init.d/re6stnet)
   Active: active (running) since Fri 2018-03-09 16:43:23 UTC; 6min ago
   Process: 26395 ExecStop=/etc/init.d/re6stnet stop (code=exited, status=0/SUCCESS)
   Process: 26423 ExecStart=/etc/init.d/re6stnet start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/re6stnet.service
           ├─26431 /opt/re6st/parts/python2.7/bin/python2.7 /usr/sbin/re6stnet 
@re6stnet.conf
           ├─26437 openvpn --dev-type tap --dev re6stnet-tcp --persist-tun --per
sist-key --script-security 2 --up /opt/re6st/eggs/re6stnet-0.485-py2.7.egg/re6st
/ovpn-client --tls-server --mode server --clien...
           ├─26444 babeld -h 15 -H 15 -L /var/log/re6stnet/babeld.log -S /var/li
b/re6stnet/babeld.state -I /var/run/re6stnet/babeld.pid -s -C ipv6-subtrees true
-C default max-rtt-penalty 5000 rtt-max 500 rt...
           ├─26537 openvpn --dev-type tap --dev re6stnet1 --persist-tun --persis
t-key --script-security 2 --up /opt/re6st/eggs/re6stnet-0.485-py2.7.egg/re6st/ov
pn-client --nobind --client --remote 163.172.45...
           └─26862 openvpn --dev-type tap --dev re6stnet2 --persist-tun --persis
t-key --script-security 2 --up /opt/re6st/eggs/re6stnet-0.485-py2.7.egg/re6st/ov
pn-client --nobind --client --remote 52.36.124....

  Mar 09 16:43:23 slapostest2 systemd[1]: Started (null).

Add SimcardDB to Software Catalogue

The third software to be installed on COMP-0 is SimcardDB. The software can be installed on a different node as well, but this tutorial will add it to the COMP-0 node. As this is not a standard software included in SlapOS, the software release has to be manually added to the software catalogue before being able to supply and instantiate it. The steps are the same for adding and updating(!) all software releases on SlapOS and will be walked through step by step on every occasion.

Zope Login to ERP5 Interface

ERP5 Interface - Zope Login Screen

Go to the ERP5 interface behind your SlapOS Master. If your master has a user-friendly url (like https://master.slaptest.erp5.net/), you can find the backend url in the Frontend Slave connection parameters (access Services menu, locate your Frontend Slave). Remove the web_site_module/hostingjs/ part of the URL and don't forget to logout of the SlapOS Dashboard so you can login on the underlying ERP5 interface with zope (superuser) credentials.

To provide software on a SlapOS Master, you need to create a software product and a software release. This requires a regular user (in person_module) with administrative permissions which we will create now.

Access Person Module

ERP5 Interface - Homescreen

Once logged in click on Persons or select Person Module from the Modules select field.

Find Specific User

ERP5 Interface - Person Module

Locate the person you want to give administrator rights to

Find Assignments of this User

ERP5 Interface - Assignments Tab

Once on the person, click on the Assignments tab.

Find Member Assignment

ERP5 Interface - Member Assignment

Find the Member Assignment and open it.

Associate Group with User

ERP5 Interface - Assign Group

In the right hand menu, update the Group field to SlapOs Company. This will give administrative rights to this user. Click the Save (disk) icon to update the assignment configuration.

Once saved, this user will be able to add new software products and releases besides being able to view accounting and consumption related data.

Logout Superuser

ERP5 Interface - Logout

Logout the superuser account.

Administrator Login to ERP5 Interface

ERP5 Interface - Login with Administrator Account

Now login with the user who just received administrator privileges.

Access Software Product Module

ERP5 Interface - Administrator Homescreen

Once logged in click on Software Products or select Software Product Module from the Modules select field.

Add Software Product

ERP5 Interface - Administrator Add Software Product SimcardDB

On the software product page, select Action and Add Software Product.

Define Software Product

ERP5 Interface - Administrator Define Software Product SimcardDB

Set Title and Reference to SimcardDB and simcarddb, then save by clicking the disk icon.

Publish Software Product

ERP5 Interface - Administrator Publish Software Product SimcardDB

The final step is to publish the Software Product. Select Action and Publish to change the workflow change.

Published Software Product

ERP5 Interface - Administrator Verify Published Software Product SimcardDB

Confirm and once you are back on the Software Product page and the state is changed to Published, click on the ERP5 breadcrumb to get back to the main homescreen.

Access Software Release Module

ERP5 Interface - Administrator Homescreen

Next click on Software Releases or select Software Release Module from the Modules select field.

Add Software Release

ERP5 Interface - Administrator Add Software Release SimcardDB

Repeat the steps, so once on the software release page, select Action and Add Software Release.

Note, that whenever you want to upgrade a software release, you have to create a new software release entry with the difference being the version and software.cfg being pointed to, which can both be set in the next steps.

Locate Software.Cfg Url

Gitlab - Software Release Software.cfg profile

Head over to the repository you are using to host software releases and locate the software.cfg file which contains the instructions for building your your software. Find the URL of this software release. Note, that you can use different releases, for example:

  • latest development:
    https://lab.node.vifib.com/nexedi/amarisoft/raw/master/slapos/software/simcarddb/software.cfg
  • latest tagged version:
    https://lab.node.vifib.com/nexedi/amarisoft/raw/[TAG]/slapos/software/simcarddb/software.cfg

[TAG] can be any value listed on the published releases, found on https://lab.node.vifib.com/nexedi/amarisoft/tags. Continue using the latest tagged version which is v0.2. Note down the following url:

https://lab.node.vifib.com/nexedi/amarisoft/raw/v0.2/slapos/software/simcarddb/software.cfg

Define Software Release

ERP5 Interface - Administrator Define Software Release SimcardDB

Fill the form as shown in the screenshot. Make sure to add the Software Product pointing to the SimcardDB product you just created (add the title of the software product). Title and reference can be the same as on the software product. Make sure define a version and select HTTP, then provide the url to your software.cfg. Once all fields have been filled out, click the disk icon to save.

Publish Software Release Alive

ERP5 Interface - Administrator Publish Software Release Alive SimcardDB

The final step is to publish the Software Release Alive (publishing alive, will allow to edit the provided data in case necessary). Select Action and Publish Alive to change the workflow change.

Published Software Release

ERP5 Interface - Administrator Published Software Release SimcardDB

Confirm and once you are back on the Software Release page and the state is changed to Published Alive, click on the ERP5 breadcrumb to get back to the main homescreen.

Software Available in SlapOS Dashboard

SlapOS Interface - Published Software Release Available

Head over to the SlapOS Dashboard. If you pick a computer and click Supply, the newly defined software will now be on the list. We can continue and install the SimcardDB on this machine.

Select SimcardDB Software Release

SlapOS Dashboard - Select Software Release to supply

Select the SimcardDB software release.

Select SimcardDB Software Release Version

SlapOS Dashboard - Select Software Release Version

Select the latest version.

Launch SimcardDB Software Release Installation

SlapOS Dashboard - Launch Software Release Installation

Click Proceed in the header to start installation.

Wait for SimcardDB Installation

SlapOS Dashboard - Access Computer

After clicking Proceed you will be forwarded to the installation status page.

Installation will take some time depending on the software you are installing, so either refresh the current page or check installation status directly by either going to your Servers list and selecting the machine you chose during installation or clicking directly on Computer Reference.

Verify SimcardDB Installation

SlapOS Dashboard - Verify Installation Success

You can see the installed service is now available in the bottom list. The indicator will stay red until the software has finished compiling and installing. Once the installation status bar changes to green on a refresh of the page, the installation has finished.

You can follow the compilation by looking at the slapos-node-software.log using:

# tail /opt/slapos/log/slapos-node-software.log -f
in your terminal.

List of Instantiated Services

SlapOS Dashboard - Add Service

Head to the list of services by clicking on the Services button on the side menu.

Create New SimcardDB Instance

SlapOS Dashboard - Select Service

The list of available services is the same as the list of installable software releases used earlier when installing the service. Select SimcardDB as this is the service we want to provide.

Select SimcardDB Service Version

SlapOS Dashboard - Select Service Version

As during installation, please choose the latest version.

SimcardDB Configuration

SlapOS Dashboard - Service Configuration Parameters

Give your server a recognizable name (SimcardDB in the example), then select Software Type Server (you can later select Simcard to add Simcards to the database) which will load a form with instance-specific parameters.

Select the computer to install the SimcardDB on and at point of writing, please ONLY USE THE XML PARAMETERS form , so please click Show Parameter Form, then enter following (due to potential line breaks, please use the original file on Gitlab:


<instance>
  <parameter id="_">{
  "_ca": "-----BEGIN CERTIFICATE-----\nMIIC7TCCAdWgAwIBAgIJAKTKG4foe0w6MA0GCSqGS
    Ib3DQEBCwUAMA0xCzAJBgNV\nBAMMAkNBMB4XDTE4MDQxODA5MTc1OFoXDTIzMTA

    [...]

    n3t2tJ7oPLq24TMdnWw2U1I277WpHF1rQKGY5an/m/FRc\n-----END CERTIFICATE-----\n",
  "cluster": "simcarddb", 
  "_cert": "-----BEGIN CERTIFICATE----\nMIICkDCCAXgCAQEwDQYJKoZIhvcNAQELBQAwDTEL
    MAkGA1UEAwwCQ0EwHhcNMTgw\nNDE4MDkxNzU4WhcNMjMxMDA5MDkxNzU4WjAPMQ

    [...]

    hKX31AIOaHFqqpvnFXPjw/KafOdBSzzgTA9BAKWFVjuxk\n-----END CERTIFICATE-----\n",
  "_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSk
    AgEAAoIBAQCdTC5/41JcDQFb\nnZWptr925RCdek1uL7W/SB57SDUhws1l3nLtVx

    [...]

    4bfdzxOdIcalN8qFEWme\nVVto1bAf7ppZDjZEZWiFy8dx\n-----END PRIVATE KEY-----\n"
   }</parameter>
</instance>

Click Proceed to continue, then on the instantiation page, click on the SimcardDB entry to access your SimcardDB connection parameters while the instance is being created.

Token Connection Parameters

SlapOS Interface - SimcardDB Connection Parameters

Instantiation might take a few minutes to finish.

Once the SimcardDB is instantiated, the COMP-0 setup is completed and the administrative layer (COMP-ROOT and COMP-0) is setup. You can now add additional nodes to the network, install LTE and start providing simcards to users.

Thank You

Image Nexedi Office
  • Nexedi SA
  • 147 Rue du Ballon
  • 59110 La Madeleine
  • France