This page describes the experience and lessons learned during the MEICAN testing in towards JRA2 T1 lab together with CESNET and their experimental environment.
General information
GIT repo of MEICAN | https://github.com/ufrgs-hyman/meican | Install guide: https://github.com/ufrgs-hyman/meican/blob/master/docs/guide/installation-ubuntu.md |
Hostname | okruhy.cesnet.cz | |
IP | 78.128.211.79 | |
Access | SSH using public key | Send request with pub key on: hazlinsky@cesnet.cz (Michal Hažlinský) |
MEICAN URL | http://okruhy.cesnet.cz/ | Currently default access via master user + user admin with password. (Ask Michal Hažlinský) |
Lab NSI service - aggregator | http://195.113.142.36:9443/NSI/services/CS2 | |
Lab NSI service - uPA over lab router | http://195.113.142.36:9444/NSI/lab1.nsi.new.lab.nml.xml |
BUG reports
1. Add user role for the domain the user
When new user is created. One has to add the user role for the domain. It cannot be done after fresh install, because the is no domain yet. I found no way how to create the domain without user which already has the role for Domains. (see notes bellow)
2. Meican is not sending any NSI requests
With latest version should be able to sent requests to OpenNSA. (should fix the problem with WSDL need which OpenNSA do not provide) But when I tried, no request has been sent out of MEICAN. See the log message in the notes bellow.
Install notes
Despite recommendation I am installing on ubuntu 16.04 with latest updates.
Problem to install all of this
apache2 mysql-server php5 curl php5-mysql php5-curl php5-xml php5-mbstring
FIX: need to use different (later) versions ...
Used git to clone latest version....
configured db access for the taas user with password granted privs. for meican DB
get and install composer OK
Problem with php composer.phar install .... cannot access DB over had to reconfigure mysql access method via localhost to older way (mysql_native_password) ... IMHO ubuntu 16.04 specific, NOT related to MEICAN ...
configure Apache ... OK
Initial configuration notes
No certificates yet ... is that a problem for function testing?
Configure CS under "circuits" .... point it to "lab" domain aggregator from table above
Operation notes and first try
Logged in as master .... master is in root group and root is the system group ... it seems that one need user with DOMAIN role to be abble to work with topologies....
Created user "admin" ... and now ... need to add "Roles for Domains"
Problem and IMHO a BUG: The dialogue window for adding the role requires to specify DOMAIN ... There is no DOMAIN created ye!! One must have a role for domains to be able to create domain, but DOMAIN needs to be specified to add role... Chicken and egg problem → DEADLOCK
(I did not hit this before in older version)
Work around: I injected the DOMAIN to mysql manually from the root console of the server and it works, domain is now available in meican to choose when adding role ... TODO: Report possible BUG
Role added OK , user "admin" now can manage topology
Domain already there in topology .... (because.... previous work around)
Dyscovery: use the topology service provided by lab1 uPA to discover the topology ... place it under the "lab" domain created before ....
topology discovered .... apply all ports found ...
OBSERVATION: This automatically created new domain called lab1.nsi.new.lab (fetched network id of the uPA). I do not want this. I need the topology of this uPA placed under the lab domain. Lets look at this later ... just ignore the created domain for now .... lets check ports and edit the domain ....
What is the semantic of Providers and Networks in MEICAN?? investigate later ....
Problem and IMHO a BUG: Cannot open the Ports section. Getting a error message: Error processing your request. Sorry. :( Debugging console provides log message: "PDOException: SQLSTATE[42S02]: Base table or view not found: 1146 Table 'meican.meican_device' doesn't exist in /home/taas/meican/vendor/yiisoft/yii2/db/Command.php:900" .
It looks like that meican is trying to query unexciting table in DB ... BUG? There was a Device section in topologies before in previous version of meican. Could this be related? Anyway ... cannot manage ports .... TODO: Report possible BUG
Try to reserve a circuit: Looks ports are there... I can choose them in the reservation form. Filling the form OK ... Reserving ...
Reserve state screen occurred: looks it hangs on something BUG? .... lets check aggregator .... NO request arrived .... does meican send anything at all?
Found this in logs:
2018-02-21 11:26:25 [2001:718:1:2c::ffff:286c][2][8kq7l1vj88q3n9nc6u9g97vdt7][error][yii\base\ErrorException:1] yii\base\ErrorException: Class 'SoapClient' not found in /home/taas/meican/modules/nsi/ConnectionRequesterClient.php:19 Stack trace: #0 [internal function]: yii\base\ErrorHandler->handleFatalError() #1 {main} 2018-02-21 11:26:25 [2001:718:1:2c::ffff:286c][2][8kq7l1vj88q3n9nc6u9g97vdt7][info][application] $_POST = [ 'id' => '4' ] $_COOKIE = [ '_ga' => 'GA1.2.777503710.1506062609' '_csrf' => '5a78300fecad918122954a00773acd0e3e4525513bdbb83cd41abba8fb004e00a:2:{i:0;s:5:\"_csrf\";i:1;s:32:\"7RvuziPpcGYg4VXamOx7HBrvR7xjnvQT\";}' 'PHPSESSID' => '8kq7l1vj88q3n9nc6u9g97vdt7' '_identity' => '49a279c305e07e462198fb171a6bd902bf1a72c1e048280e62d5b4cfdccaf3f0a:2:{i:0;s:9:\"_identity\";i:1;s:44:\"[2,\"eVTZlcCp6dqNaLAPSMbUOeKOpbtRS9pt\",86400]\";}' ] $_SESSION = [ '__flash' => [] '__returnUrl' => '/' '__id' => 2 'auth_user' => '' 'auth_token' => '' ] $_SERVER = [ 'REDIRECT_STATUS' => '200' 'HTTP_HOST' => 'okruhy.cesnet.cz' 'HTTP_CONNECTION' => 'keep-alive' 'CONTENT_LENGTH' => '4' 'HTTP_ACCEPT' => '*/*' 'HTTP_ORIGIN' => 'http://okruhy.cesnet.cz' 'HTTP_X_CSRF_TOKEN' => 'dHhKVVdHZy1DKjwgLS43XRc/EzJjET9MGTcyYh8FFVsmTzI/OTE2eQ==' 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest' 'HTTP_USER_AGENT' => 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/64.0.3282.140 Chrome/64.0.3282.140 Safari/537.36' 'CONTENT_TYPE' => 'application/x-www-form-urlencoded; charset=UTF-8' 'HTTP_REFERER' => 'http://okruhy.cesnet.cz/circuits/reservation/create' 'HTTP_ACCEPT_ENCODING' => 'gzip, deflate' 'HTTP_ACCEPT_LANGUAGE' => 'cs-CZ,cs;q=0.9,en;q=0.8' 'HTTP_COOKIE' => '_ga=GA1.2.777503710.1506062609; _csrf=5a78300fecad918122954a00773acd0e3e4525513bdbb83cd41abba8fb004e00a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%227RvuziPpcGYg4VXamOx7HBrvR7xjnvQT%22%3B%7D; PHPSESSID=8kq7l1vj88q3n9nc6u9g97vdt7; _identity=49a279c305e07e462198fb171a6bd902bf1a72c1e048280e62d5b4cfdccaf3f0a%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22_identity%22%3Bi%3A1%3Bs%3A44%3A%22%5B2%2C%22eVTZlcCp6dqNaLAPSMbUOeKOpbtRS9pt%22%2C86400%5D%22%3B%7D' 'PATH' => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' 'SERVER_SIGNATURE' => '<address>Apache/2.4.18 (Ubuntu) Server at okruhy.cesnet.cz Port 80</address> ' 'SERVER_SOFTWARE' => 'Apache/2.4.18 (Ubuntu)' 'SERVER_NAME' => 'okruhy.cesnet.cz' 'SERVER_ADDR' => '2001:718:1:1f:50:56ff:feee:79' 'SERVER_PORT' => '80' 'REMOTE_ADDR' => '2001:718:1:2c::ffff:286c' 'DOCUMENT_ROOT' => '/var/www/meican' 'REQUEST_SCHEME' => 'http' 'CONTEXT_PREFIX' => '' 'CONTEXT_DOCUMENT_ROOT' => '/var/www/meican' 'SERVER_ADMIN' => 'webmaster@localhost' 'SCRIPT_FILENAME' => '/var/www/meican/index.php' 'REMOTE_PORT' => '43172' 'REDIRECT_URL' => '/circuits/reservation/confirm' 'GATEWAY_INTERFACE' => 'CGI/1.1' 'SERVER_PROTOCOL' => 'HTTP/1.1' 'REQUEST_METHOD' => 'POST' 'QUERY_STRING' => '' 'REQUEST_URI' => '/circuits/reservation/confirm' 'SCRIPT_NAME' => '/index.php' 'PHP_SELF' => '/index.php' 'REQUEST_TIME_FLOAT' => 1519212385.777 'REQUEST_TIME' => 1519212385 ]
Looks like something is wrong .... TODO: Report possible BUG