Page tree
Skip to end of metadata
Go to start of metadata

Get an ID and the token to reach the EOSC cloud.

This is done accessing the portal using ID Federation eduTEAMS. So your university/observatory should be part of eduTEAM/eduGAIN.

Open https://aai.egi.eu/fedcloud/ in a (private) browser window and click `Authorise`

Choose your ID provider and go to it for authentication. Identify using your federation ID.

  • Copy from web interface : `client ID`, `client Secret` and `Refresh token` that are necessary for the following steps (copy and paste it somewhere locally).

  • Copy and paste the curl command on a shell, and gather the access_token thus generated.

(fedcloud) *****$ curl -X POST -u '****'  . . .


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1886    0  1687  100   199   5531    652 --:--:-- --:--:-- --:--:--  6163
{
    "access_token": "XXXX",
    "token_type": "Bearer",
    "refresh_token": "XXXX",
    "expires_in": 3599,
    "scope": "openid profile eduperson_entitlement email",
    "id_token": "XXXX"
}

Interact with Openstack to create a virtual machine using Python library

Create the Python virtual environment

Using fedcloud to help interacting with the federation. If you face any trouble restart from scratch using rm of ~/.my_venvs 

mkdir ~/.my_venvs

python3 -m venv ~/.my_venvs/fedcloud

source ~/.my_venvs/fedcloud/bin/activate

Install fedcloud and configure

pip install fedcloud
sudo mkdir -p /etc/grid-security/certificates
CA_BUNDLE=https://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-classic.tar.gz
curl -s $CA_BUNDLE | sudo tar -xvz -C /etc/grid-security/certificates
cat /etc/grid-security/certificates/*.pem >> $(python -m requests.certs)

export CHECKIN_CLIENT_ID= XXXX

export CHECKIN_CLIENT_SECRET=XXXXXX

export CHECKIN_REFRESH_TOKEN= XXXXXXXX

export ACCESS_TOKEN=XXXXXX

Taken from egifedcloud web page

Now make a VM at IN2P3

fedcloud endpoint list --site IN2P3-IRES

fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$ACCESS_TOKEN

Replace the project ID by its value

fedcloud endpoint env --site IN2P3-IRES --oidc-access-token=$ACCESS_TOKEN --project-id c8005e7c85ca4929bde70882ae1ec137 | tee env-VESPA-IN2P3.sh

Play all the export verify and replace the access_token value by yours

export OS_AUTH_URL="https://sbgcloud.in2p3.fr:5000/v3"
export OS_AUTH_TYPE="v3oidcaccesstoken"
export OS_IDENTITY_PROVIDER="egi.eu"
export OS_PROTOCOL="openid"

Replace the access token value by the one you have generated initially with the curl command

export OS_ACCESS_TOKEN=" XXXXX"
export OS_PROJECT_ID="c8005e7c85ca4929bde70882ae1ec137"
source ~/.my_venvs/fedcloud/bin/activate

you will have an egcli in your prompt

pip install openstackclient

Setup environment variables for IN2P3 endpoint

source env-VESPA-IN2P3.sh

Interact with APIs

openstack network list

Create an openstack publick key and security access

openstack keypair create --public-key ~/.ssh/id_rsa.pub my-key1

Get a fresh token

fedcloud token list-vos --oidc-access-token $OS_ACCESS_TOKEN

Check available OpenStack endpoints

fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$OS_ACCESS_TOKEN

Lists the available os :

openstack image list

Lists the different machine sizes avaialable:

openstack flavor list


Check if security group exists :

openstack security group show vespagroup

IF VESPAGROUP DOESN'T EXIST ONLY : 

Build security group and  open the necessary port with  the following commands:

 It could answer that security group exists.

    openstack security group create vespagroup --description "opening port 80 and 8080 for vespa"
    openstack security group rule create vespagroup --protocol tcp --dst-port 80:80 --remote-ip 0.0.0.0/0
    openstack security group rule create vespagroup --protocol tcp --dst-port 8080:8080 --remote-ip 0.0.0.0/0
    openstack security group rule create vespagroup --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0w

If you have done these steps but security group already exists, you will have to delete and restart because two security group with the same name will generate a conflict.


We choose ubuntu image 18.04 and 2cpu 4G ram - Take the ubuntu image id and the flavour name found with openstack image/flavor list

IMAGE_ID=1d3d16c0-24b0-4960-80fe-64b9f4e1b4f1
FLAVOR=m1.medium

Test if network exist

openstack network list


If not create it

openstack network create mynetwork

We take  testpls as VM name

openstack server create --flavor $FLAVOR --image $IMAGE_ID \
--nic net-id=egi-vespa-net --security-group vespagroup \
--key-name mykey testpls


  • No labels