Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Get an ID and the token to reach the EOSC cloud.

This is done accessing the portal using ID Federation eduTEAMS. So your university/observatory should be part of eduTEAM/eduGAIN.


Choose your ID provider and go to it for authenticationOnce you identified yourself using ID federation. Identify using your federation ID.

  • Copy from web interface : `client ID`, `client Secret` and `Refresh token` that are necessary for the following steps (copy and paste it somewhere locally).

  • Copy and paste the curl command on a shell, and gather the access_token thus generated.


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1886    0  1687  100   199   5531    652 --:--:-- --:--:-- --:--:--  6163
    "access_token": "XXXX",
    "token_type": "Bearer",
    "refresh_token": "XXXX",
    "expires_in": 3599,
    "scope": "openid profile eduperson_entitlement email",
    "id_token": "XXXX"

Interact with Openstack to create a virtual machine using Python library

Create the Python virtual environment

Using fedcloud to help interacting with the federation. If you face any trouble restart from scratch using rm of ~/.my_venvs 

mkdir ~/.my_venvs

python3 -m venv ~/.my_venvs/fedcloud

source ~/.my_venvs/fedcloud/bin/activate

Install fedcloud and configure

pip install fedcloud
sudo mkdir -p /etc/grid-security/certificates
curl -s $CA_BUNDLE | sudo tar -xvz -C /etc/grid-security/certificates
cat /etc/grid-security/certificates/*.pem >> $(python -m requests.certs)





Taken from egifedcloud web page

Now make a VM at IN2P3

fedcloud endpoint list --site IN2P3-IRES

fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$ACCESS_TOKEN


pip install openstackclient

# Setup environment variables for IN2P3 endpoint


# Interact with APIs

openstack network list

#create Create an openstack publick key openstack and security access

openstack keypair create --public-key ~/.ssh/ my-key1

# Get a fresh token

fedcloud token list-vos --oidc-access-token $OS_ACCESS_TOKEN

# Check available OpenStack endpoints

fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$OS_ACCESS_TOKEN


openstack image list

Lists the avaialable available os :

openstack flavor image list

Lists the different machine sizes avaialable# verify :

openstack flavor list

Check if security group exist usingexists :

openstack security group show vespagroup

#ONLY IF VESPAGOUT VESPAGROUP DOESN'T EXIST , otherwise you will have to delete and restart because two security group with the same will generate a conflict.
### make security group that ONLY : 

Build security group and  open the necessary port


with  the following commands:

 It could answer that


security group



    openstack security group create vespagroup --description "opening port 80 and 8080 for vespa"
    openstack security group rule create vespagroup --protocol tcp --dst-port 80:80 --remote-ip
    openstack security group rule create vespagroup --protocol tcp --dst-port 8080:8080 --remote-ip
    openstack security group rule create vespagroup --protocol tcp --dst-port 22:22 --remote-ip



If you have done these steps but security group already exists, you will have to delete and restart because two security group with the same name will generate a conflict.

We choose ubuntu image 18.04 and 2cpu 4G ram - Take the ubuntu image id and the flavour name found with openstack image/flavor list


# test Test if network exist

openstack network list

if If not create it

openstack network create mynetwork

#I We take  testpls as VM name

openstack server create --flavor $FLAVOR --image $IMAGE_ID \
--nic net-id=egi-vespa-net --security-group vespagroup \
--key-name mykey testpls