From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search

CernVM is a baseline Virtual Software Appliance for the participants of CERN LHC experiments. The Appliance represents complete, portable and easy to configure user environment for developing and running LHC data analysis locally and on the Grid, independently of Operating System software and hardware platform (Linux, Windows, MacOS). The goal is to remove a need for the installation of the experiment software and to minimize the number of platforms (compiler-OS combinations) on which experiment software needs to be supported and tested.



CernVM is distributed for KVM as a file that is already partitioned like a hard disk and has the operating system installed on it. You can download the file from here. There are a couple of different options available, the basic is probably fine.

Once you have downloaded the file (cernvm-basic-<VERSION>-x86_64.hdd.gz) extract it with gzip -d cernvm-basic-<VERSION>-x86_64.hdd.gz Note that this will replace the .hdd.gz file with just a .hdd file.

Setup with KVM

In order to setup a file like this with KVM you will need to use the virsh command since the virt-manager gui isn't flexible enough. Underneath the hood every virtual machine has an XML file specification, which is what you will need to feed KVM directly. Below is an example XML file you might call cern_vm_definition.xml. Although you probably will want to remove the interface section and add that with virt-manager to ensure it's setup correctly.

<domain type='kvm'>
    <type arch='x86_64' machine='rhel5.4.0'>hvm</type>
    <boot dev='hd'/>
  <clock offset='utc'>
    <timer name='pit' tickpolicy='delay'/>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw'/>
      <source file='/data/kvm/images/cernvm-basic-2.6.0-4-1-x86_64.hdd'/>
      <target dev='hda' bus='ide'/>
      <alias name='ide0-hd0'/>
      <address type='drive' controller='0' bus='0' unit='0'/>
    <controller type='ide' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    <interface type='bridge'>
      <mac address='54:52:00:60:db:a5'/>
      <source bridge='unhbr'/>
      <target dev='vnet2'/>
    <serial type='pty'>
      <source path='/dev/pts/2'/>
      <target port='0'/>
    <console type='pty' tty='/dev/pts/2'>
      <source path='/dev/pts/2'/>
      <target port='0'/>
    <input type='mouse' bus='ps2'/>
    <graphics type='vnc' port='5901' autoport='yes' keymap='en-us'/>
      <model type='cirrus' vram='9216' heads='1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>

Next we need to tell kvm about this new VM.

virsh define cern_vm_definition.xml

You can then either take over controlling the VM with virt-manager or run

virsh start farm-gw



This is not needed. You can configure root from the GUI

Right off the bad we need to hack into the VM since is seems they set the root password to a random string. As is suggested here "Unlike standard CernVM images Batch node images do not have the root password set to a random string..."

In order to do this, start up the VM and when you reach the grub screen press up or down to force it t allow you to select your menu item by hand. Once at the menu press 'e' to edit the configuration. Press 'e' on the kernel configuration line. Go to the end of the line and type 'single'. Then press enter and 'b' to boot this altered configuration. This will allow you to boot into 'single user mode', which essentially means you just get a root shell at login. From here you may change the root password to our default one and reboot. There is no need to change the grub config back as our alterations were temporary.


Now that we have successfully bypassed the limitations CERN seeks to impose on its users because of their perceived incompetence you can go ahead and configure the hostname and network as needed and specified in Client Configuration.

Several steps are still needed. First, log into the browser control screen, (probably use a proxy through Taro using ssh), and log in as "admin" with password. There is no need to setup a proxy, since this system can reach the outside world directly. You now need to change the default password for the web login, and also set the root password here. NO NEED to do fancy hacking maneuvers.

I noted that the sshd service did not run properly, so I reset it from the gui. Add emacs: "conary install emacs", also I added the afs filesystem: "conary install openafs", "conary install openafs-client", "echo '' >> /usr/vice/etc/ThisCell". Create a dir: "mkdir /afs" and "chown root:wheel /afs", and startup the service.