eeb59ed080
Change-Id: I34cb1cdadc1a99d0d226441f1a6b180cb8b4b258 Signed-off-by: Galantsev, Dmitrii <dmitrii.galantsev@amd.com>
193 lines
5.6 KiB
ReStructuredText
193 lines
5.6 KiB
ReStructuredText
.. meta::
|
|
:description: documentation of the installation, configuration, and use of the ROCm Data Center tool
|
|
:keywords: ROCm Data Center tool, RDC, ROCm, API, reference, data type, support
|
|
|
|
.. _rdc-handbook:
|
|
|
|
***************************************************
|
|
Building and testing RDC
|
|
***************************************************
|
|
|
|
RDC is open source and available under the MIT License. This section is helpful for open source developers. Third-party integrators may also find this information useful.
|
|
|
|
Prerequisites for Building RDC
|
|
==============================
|
|
|
|
.. note::
|
|
RDC is tested on the following software versions. Earlier versions may not work.
|
|
|
|
* CMake 3.15
|
|
* g++ (5.4.0)
|
|
* AMD ROCm, which includes AMD AMDSMI Library
|
|
* gRPC and protoc
|
|
|
|
The following components are required to build the latest documentation:
|
|
|
|
* Doxygen (1.8.11)
|
|
* Latex (pdfTeX 3.14159265-2.6-1.40.16)
|
|
|
|
.. code-block:: shell
|
|
|
|
$ sudo apt install libcap-dev
|
|
$ sudo apt install -y doxygen
|
|
|
|
|
|
Build and Install RDC
|
|
=====================
|
|
|
|
To build and install, clone the RDC source code from GitHub and use CMake.
|
|
|
|
.. code-block:: shell
|
|
|
|
$ git clone <GitHub for RDC>
|
|
$ cd rdc
|
|
$ mkdir -p build; cd build
|
|
$ cmake -DROCM_DIR=/opt/rocm -DGRPC_ROOT="$GRPC_PROTOC_ROOT"..
|
|
$ make
|
|
#Install library file and header and the default location is /opt/rocm
|
|
$ make install
|
|
|
|
|
|
Build Documentation
|
|
-------------------
|
|
|
|
You can generate PDF documentation after a successful build. The reference manual, refman.pdf, appears in the latex directory.
|
|
|
|
.. code-block:: shell
|
|
|
|
$ make doc
|
|
$ cd latex
|
|
$ make
|
|
|
|
|
|
Build Unit Tests for RDC Tool
|
|
-----------------------------
|
|
|
|
.. code-block:: shell
|
|
|
|
$ cd rdc/tests/rdc_tests
|
|
$ mkdir -p build; cd build
|
|
$ cmake -DROCM_DIR=/opt/rocm -DGRPC_ROOT="$GRPC_PROTOC_ROOT"..
|
|
$ make
|
|
|
|
# To run the tests
|
|
|
|
$ cd build/rdctst_tests
|
|
$ ./rdctst
|
|
|
|
|
|
Test
|
|
----
|
|
|
|
.. code-block:: shell
|
|
|
|
# Run rdcd daemon
|
|
$ LD_LIBRARY_PATH=$PWD/rdc_libs/ ./server/rdcd -u
|
|
|
|
# In another console run the RDC command-line
|
|
$ LD_LIBRARY_PATH=$PWD/rdc_libs/ ./rdci/rdci discovery -l -u
|
|
|
|
|
|
Authentication
|
|
==============
|
|
|
|
RDC supports encrypted communications between clients and servers.
|
|
|
|
Generate Files for Authentication
|
|
---------------------------------
|
|
|
|
The communication between the client and server can be configured to be authenticated or unauthenticated. By default, authentication is enabled.
|
|
|
|
To disable authentication, when starting the server, use the "--unauth_comm" flag (or "-u" for short). You must also use “-u” in rdci to access unauth rdcd. The /lib/systemd/system/rdc.service file can be edited to pass arguments to rdcd on starting. On the client side, when calling rdc_channel_create(), the "secure" argument must be set to False.
|
|
|
|
Scripts
|
|
-------
|
|
|
|
RDC users manage their own keys and certificates. However, some scripts generate self-signed certificates in the RDC source tree in the authentication directory for test purposes. The following flowchart depicts how to generate the root certificates using the openssl command in 01gen_root_cert.sh:
|
|
|
|
A picture containing sign, drawing Description automatically generated
|
|
|
|
.. figure:: ../data/handbook_openssl.png
|
|
|
|
Generation of root certificates using openssl command
|
|
|
|
The section where the default responses to ``openssl`` questions can be specified is included in ``openssl.conf``. To locate the section look for the following comment line:
|
|
|
|
.. code-block:: shell
|
|
|
|
# < ** REPLACE VALUES IN THIS SECTION WITH APPROPRIATE VALUES FOR YOUR ORG. **>
|
|
|
|
|
|
It is helpful to modify this section with values appropriate for your organization if you expect to call this script many times. Additionally, you must replace the dummy values and update the ``alt_names`` section for your environment.
|
|
|
|
To generate the keys and certificates using these scripts, make the following calls:
|
|
|
|
.. code-block:: shell
|
|
|
|
$ 01gen_root_cert.sh
|
|
# provide answers to posed questions
|
|
$ 02gen_ssl_artifacts.sh
|
|
# provide answers to posed questions
|
|
|
|
|
|
At this point, the keys and certificates are in the newly created ``CA/artifacts`` directory.
|
|
|
|
.. important::
|
|
You must delete this directory if you need to rerun the scripts.
|
|
|
|
To install the keys and certificates, access the artifacts directory and run the ``install.sh`` script as root, specifying the install location. By default, RDC expects this to be in ``/etc/rdc``:
|
|
|
|
.. code-block:: shell
|
|
|
|
$ cd CA/artifacts
|
|
$ sudo install_<client|server>.sh /etc/rdc
|
|
|
|
|
|
These files must be copied to and installed on all client and server machines that are expected to communicate with one another.
|
|
|
|
Known Limitation
|
|
----------------
|
|
|
|
RDC has the following authentication limitations:
|
|
|
|
The client and server are hardcoded to look for the ``openssl`` certificate and key files in ``/etc/rdc``. There is no workaround available currently.
|
|
|
|
|
|
Verify Files for Authentication
|
|
===============================
|
|
|
|
Several SSL keys and certificates must be generated and installed on clients and servers for authentication to work properly. By default, the RDC server will look in the ``/etc/rdc`` folder for the following keys and certificates:
|
|
|
|
Client
|
|
------
|
|
|
|
.. code-block:: shell
|
|
|
|
$ sudo tree /etc/rdc
|
|
/etc/rdc
|
|
|-- client
|
|
|-- certs
|
|
| |-- rdc_cacert.pem
|
|
| |-- rdc_client_cert.pem
|
|
|-- private
|
|
|-- rdc_client_cert.key
|
|
|
|
|
|
.. note::
|
|
Machines that are clients and servers consist of both directory structures.
|
|
|
|
Server
|
|
------
|
|
|
|
.. code-block:: shell
|
|
|
|
$ sudo tree /etc/rdc
|
|
/etc/rdc
|
|
|-- server
|
|
|-- certs
|
|
| |-- rdc_cacert.pem
|
|
| |-- rdc_server_cert.pem
|
|
|-- private
|
|
|-- rdc_server_cert.key
|
|
|