towk/openchami-wiki
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openchami-wiki/Tutorial/OpenCHAMI Tutorial.md

119 lines
No EOL
4 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Welcome to the OpenCHAMI hands-on tutorial! This guide walks you through building a complete PXE-boot & cloud-init environment for HPC compute nodes using libvirt/KVM.
---
## 📋 Prerequisites
The cloud-based instance provided for this class is detailed in [AWS_Environment.md](/AWS_Environment.md). Your instance must meet these requirements before you begin:
- **OS & Kernel**:
- RHEL/CentOS/Rocky 9+ or equivalent
- Linux kernel ≥ 5.10 with cgroups v2 enabled
- **Packages** (minimum versions):
- QEMU 6.x, `virt-install` ≥ 4.x
- Podman 4.x
- **Networking**:
- Bridge device (e.g. `br0`)
- **Storage**:
- NFS (or equivalent) export for `/var/lib/ochami/images`
- MinIO (or S3) with credentials ready
- OCI Container registry with credentials ready
- **Tools**:
- `tcpdump`, `tftp`, `virsh`, `curl`
---
## 🗺️ Conceptual Data Flows
A quick snapshot of the data flows:
1. **Discovery**: Head node learns about virtual nodes via `ochami discover`.
2. **Image Build**: Containerized image layers → squashfs → organized with registry and served via S3.
3. **Provisioning**: PXE boot → TFTP pulls kernel/initrd → installer.
4. **Config & Join**: cloud-init applies user-data, finalizes OS.
---
## 🚀 Phased Tutorial Outline
> Each “Phase” is a self-contained lab with a checkpoint exercise.
### Phase I — Platform Setup
1. **Instance Preparation**
- Host packages, kernel modules, cgroups, bridge setup, nfs setup
- Deploy MinIO, nginx, and registry
- Checkpoints:
- `systemctl status minio`
- `systemctl status registry`
2. **OpenCHAMI & Core Services**
- Install OpenCHAMI RPMs
- Deploy internal Certificate Authority and import signing certificate
- Checkpoints:
- `ochami bss status`
- `systemctl list-dependencies openchami.target`
### Phase II — Boot & Image Infrastructure
3. **Static Discovery & SMD Population**
- Anatomy of `nodes.yaml`, `ochami discover`
- Checkpoint: `ochami smd component get | jq '.Components[] | select(.Type == "Node")'`
4. **Image Builder**
- Define base, compute, debug container layers
- Build & push to registry/S3
- Checkpoints:
- `s3cmd ls -Hr s3://boot-images/`
- `regctl tag ls demo.openchami.cluster:5000/demo/rocky-base`
5. **PXE Boot Configuration**
- `boot.yaml`, BSS parameters, virt-install examples
- Verify DHCP options & TFTP with `tcpdump`, `tftp`
- Checkpoint: Successful serial console installer
6. **Cloud-Init Configuration**
- Merging `cloud-init.yaml`, host-group overrides
- Customizing users, networking, mounts
- Checkpoint: Inspect `/var/log/cloud-init.log` on node
### Phase III — Post-Boot & Use Cases
7. **Virtual Compute Nodes & Demo**
- `virsh console`, node reboot workflows, cleanup scripts
- Scaling to multiple nodes with a looped script
- Checkpoint: Run a sample MPI job across two VMs
---
## 🔧 Troubleshooting & Tips
- **PXE ROM silent on serial**
- BIOS stage → VGA only; use `--extra-args 'console=ttyS0,115200n8 inst.text'`
- **No DHCP OFFER**
- Verify via `sudo tcpdump -i br0 port 67 or 68`
- **Service fails to start**
- Inspect `journalctl -u <service name>`, check port conflicts
- **Certficate Issues**
- Ensure the system cert contains our root cert `grep CHAMI /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem`
- **Token Issues**
- Tokens are only valid for an hour. Renew with `export DEMO_ACCESS_TOKEN=$(sudo bash -lc 'gen_access_token')` in each terminal windown
---
## 🔐 Security & Best Practices
- **Insecure default credentials** (MinIO, CoreDHCP admin).
- **Use TLS** for API endpoints and registry.
- **Isolate VLANs** for provisioning traffic.
- **Harden** cloud-init scripts: avoid embedding secrets in plaintext.
---
## 📖 Further Reading & Feedback
- **OpenCHAMI Docs**: https://openchami.org
- **cloud-init Reference**: https://cloudinit.readthedocs.io
- **PXE/TFTP How-To**: https://wiki.archlinux.org/title/PXE
- **Give Feedback**: [Issue Tracker or Feedback Form Link]
---
© 2025 OpenCHAMI Project · Licensed under Apache 2.0
LA-UR-25-25073
Reference in a new issue View git blame Copy permalink