Version 20 (modified by ibaldin, 8 years ago)


Deploying an Authority


This section covers deployment steps for different types of site authorities.

Deploying an Eucalyptus/NEuca authority

DOCUMENTATION IN PROGRESS !!! Please come back later

Setup Eucalyptus with NEuca

Follow instructions for setting up Eucalyptus with NEuca patches at Eucalyptus 2.x setup with NEuca. Follow instructions at NEuca-in-orca to use NEuca with ORCA. For an overview of NEuca functionality, read NEuca overview.


Set $ORCA_HOME. Use 'sudo' when needed. Change ownership of this directory to the user on whose behalf the euca site authority is going to run. 'geni-orca' is the user and 'nonrenci' is the group in this example.

$ mkdir /opt/orca 
$ export ORCA_HOME=/opt/orca 
$ chown -R geni-orca:nonrenci .

Make directories for storing Eucalyptus credentials, Euca site resource description files, ORCA actors' runtime credentials and ORCA configuration files.

$ mkdir $ORCA_HOME/ec2
$ mkdir $ORCA_HOME/ndl
$ mkdir $ORCA_HOME/runtime
$ mkdir $ORCA_HOME/config

Eucalyptus credentials

Unzip euca credentials zip file into $ORCA_HOME/ec2 . Assume that the downloaded euca credentials zip file is in the home directory.

$ cd $ORCA_HOME/ec2
$ cp $HOME/ .
$ unzip 

Comment out the first line in $ORCA_HOME/ec2/eucarc.

#EUCA_KEY_DIR=$(dirname $(readlink -f ${BASH_SOURCE}))

Generate a key-pair for Euca. The name of this keypair ('orca' in this example) is used later to populate the "ec2.ssh.key" property in file.

$ source $$ORCA_HOME/ec2/eucarc
$ euca-add-keypair orca
$ cat <output_previous_command> > $$ORCA_HOME/ec2/orca

Generate and store resource representations for the Eucalyptus Site

Generate the NDL resource description of the Eucalyptus site and store it in $ORCA_HOME/ndl. Example of an Eucalyptus site NDL resource description can be found here. Consult RENCI staff on how to generate this. Let ORCA_SRC be the root of the downloaded ORCA source.

$ cp $ORCA_SRC/network/src/main/resources/orca/network/rencivmsite.rdf $ORCA_HOME/ndl/.
$ cp $ORCA_SRC/network/src/main/resources/orca/network/renciNet.rdf $ORCA_HOME/ndl/.

ORCA actors' runtime credentials

Generate GUIDs and certificates for ALL the actors in your container. Store the guids, which will be used for configuring the actors. Let ORCA_SRC be the root of the downloaded ORCA source.

$ cd $ORCA_SRC/tools/config
$ ant guid
$ ant -Dactor=<guid_output_from_previous_command>

Store runtime credentials in $ORCA_HOME.

$ cp -r $ORCA_SRC/tools/config/runtime/* $ORCA_HOME/runtime/.

Image Proxy

ORCA provides the capability for the user to specify urls for the filesystem image, kernel (optional) and ramdisk (optional) in their resource request. The user images would then be used to stand up the vms across potentially multiple independent Eucalyptus sites under ORCA control. The Image proxy is used to serve this purpose. Follow instructions on to setup and run Image proxy. To configure ORCA to use the Image proxy, follow instructions on ImageProxy with ORCA.

Image Proxy with Eucalyptus/NEuca

ssh Proxy Tunneling and Using Shorewall

When you need access to vm instances created in a private address space separated from the public Internet, ssh proxy tunneling can be used. We support Shorewall-DNAT proxy for this purpose. Install and run Shorewall on a machine (the NAT host) that is accessible via the public internet by following instructions at Shorewall setup. To use Shorewall with ORCA, follow instructions for Shorewall configuration for ORCA.

DNAT Proxy



An example of a configuration file for a container with site authority actors managing an Eucalyptus/NEuca cluster and a network switch can be found here. Please modify this file to tailor to your installation. Remember to use unique GUIDs for each actor, which were generated in the last step. Name this file 'config.xml' and place it in $ORCA_HOME/config

$ cp $HOME/euca-m.renci.ben-config.xml $ORCA_HOME/config/config.xml

An example of '' for a container with site authority actors managing an Eucalyptus/NEuca cluster and a network switch can be found here. Please modify this file to tailor to your installation - change 'protocols.soapaxis2.url' and 'container.guid' properties to point to the correct soapaxis url and a new guid respectively. To make the actors in the container talk to the RENCI Actor Registry, follow instructions for configuring with registry. From Camano 3.0+, this is the recommended way to connect to other actors (Brokers, SMs). Name this file '' and place it in $ORCA_HOME/config

$ cp $HOME/ $ORCA_HOME/config/

Modify orca/trunk/handlers/ec2/ for your installation. For the shorewall proxy section, see shorewall-with-orca. For the Image proxy section, see "Handler Integration" in image-proxy-with-orca. Name this file '' and place it in $ORCA_HOME/config .

$ cp $HOME/ $ORCA_HOME/config/

Look up the "Credentials" sub-section of the section "Eucanet handler" to populate file and place it in $ORCA_HOME/config .

Set up tomcat

$ wget
$ tar zxvf tomcat.tar.gz
$ cd $ORCA_HOME/tomcat

Edit and to point to correct paths for ORCA_HOME and CATALINA_HOME. Example


# customize this to your setup
export ORCA_HOME=/opt/orca

# if you are using non-standard java, uncomment and change this
# export JAVA_HOME=/opt/java/jdk-1.6.20
export JAVA_HOME=/opt/java/jdk1.6.0_23
export PATH=$JAVA_HOME/bin:$PATH

export LD_LIBRARY_PATH=/usr/local/lib

# assuming tomcat is under $ORCA_HOME

# if you want to enable debugging, uncomment this line and comment out the following one. Default debug port is 11000
#declare -x CATALINA_OPTS="-ea -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=11000 -Xmx1024m"
declare -x CATALINA_OPTS="-Xmx1024m"

export ANT_HOME=
rm $CATALINA_HOME/logs/*
$CATALINA_HOME/bin/ start

Example of


# customize this to your install
export ORCA_HOME=/opt/orca

# uncomment and customize this if you are using non-standard Java install
export JAVA_HOME=/opt/java/jdk1.6.0_23
export PATH=$JAVA_HOME/bin:$PATH

# assuming tomcat lives under $ORCA_HOME

for x in `ps -ef | grep "org.apache.catalina.startup.Bootstrap" | awk '{print $2}'`; do kill -9 $x; done

Final Deployment

Now you are ready to deploy. Start tomcat on the Eucalyptus head node.

$ cd $ORCA_HOME/tomcat
$ ./ (if you want to kill an existing tomcat, or if you are doing a fresh container redeploy)
$ rm -f $ORCA_HOME/state_recovery.lock  (if you want a fresh redeploy)
$ ./

Deploy orca webapp by pointing to the machine where the tomcat server is running (euca-m.renci.ben in this example).

$ cd $ORCA_SRC
$ mvn clean install
$ cd $ORCA_SRC/webapp
$ mvn clean package
$ ant deploy

Some troubleshooting tips