Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Get an ID and the token to reach the EOSC cloud.

This is done accessing the portal using ID Federation eduTEAMS. So your university/observatory should be part of eduTEAM/eduGAIN.

...

Choose your ID provider and go to it for authenticationOnce you identified yourself using ID federation. Identify using your federation ID.

  • Copy from web interface : `client ID`, `client Secret` and `Refresh token` that are necessary for the following steps (copy and paste it somewhere locally).

  • Copy and paste the curl command on a shell, and gather the access_token thus generated.

...

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1886    0  1687  100   199   5531    652 --:--:-- --:--:-- --:--:--  6163
{
    "access_token": "XXXX",
    "token_type": "Bearer",
    "refresh_token": "XXXX",
    "expires_in": 3599,
    "scope": "openid profile eduperson_entitlement email",
    "id_token": "XXXX"
}

Interact with Openstack to create a virtual machine using Python library

Create the Python virtual environment

Using fedcloud to help interacting with the federation. If you face any trouble restart from scratch using rm of ~/.my_venvs 

mkdir ~/.my_venvs

python3 -m venv ~/.my_venvs/fedcloud

source ~/.my_venvs/fedcloud/bin/activate

Install fedcloud and configure

pip install fedcloud
sudo mkdir -p /etc/grid-security/certificates
CA_BUNDLE=https://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-classic.tar.gz
curl -s $CA_BUNDLE | sudo tar -xvz -C /etc/grid-security/certificates
cat /etc/grid-security/certificates/*.pem >> $(python -m requests.certs)

export CHECKIN_CLIENT_ID= XXXX

export CHECKIN_CLIENT_SECRET=XXXXXX

export CHECKIN_REFRESH_TOKEN= XXXXXXXX

export ACCESS_TOKEN=XXXXXX

Taken from egifedcloud web page

Now make a VM at IN2P3

fedcloud endpoint list --site IN2P3-IRES

fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$ACCESS_TOKEN

...

pip install openstackclient

# Setup environment variables for IN2P3 endpoint

source env-VESPA-IN2P3.sh

# Interact with APIs

openstack network list

#create Create an openstack publick key openstack and security access

openstack keypair create --public-key ~/.ssh/id_rsa.pub my-key1

# Get a fresh token

fedcloud token list-vos --oidc-access-token $OS_ACCESS_TOKEN

# Check available OpenStack endpoints

fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$OS_ACCESS_TOKEN

...

openstack image list

Lists the avaialable available os :

openstack flavor image list

Lists the different machine sizes avaialable# verify :

openstack flavor list


Check if security group exist usingexists :

openstack security group show vespagroup

#ONLY IF VESPAGOUT VESPAGROUP DOESN'T EXIST , otherwise you will have to delete and restart because two security group with the same will generate a conflict.
### make security group that ONLY : 

Build security group and  open the necessary port

...

with  the following commands:

 It could answer that

...

security group

...

exists.

    openstack security group create vespagroup --description "opening port 80 and 8080 for vespa"
    openstack security group rule create vespagroup --protocol tcp --dst-port 80:80 --remote-ip 0.0.0.0/0
    openstack security group rule create vespagroup --protocol tcp --dst-port 8080:8080 --remote-ip 0.0.0.0/0
    openstack security group rule create vespagroup --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/

...

0w

If you have done these steps but security group already exists, you will have to delete and restart because two security group with the same name will generate a conflict.


We choose ubuntu image 18.04 and 2cpu 4G ram - Take the ubuntu image id and the flavour name found with openstack image/flavor list

IMAGE_ID=1d3d16c0-24b0-4960-80fe-64b9f4e1b4f1
FLAVOR=m1.medium

# test Test if network exist

openstack network list


if If not create it

openstack network create mynetwork

#I We take  testpls as VM name

openstack server create --flavor $FLAVOR --image $IMAGE_ID \
--nic net-id=egi-vespa-net --security-group vespagroup \
--key-name mykey testpls