Get an ID and the token to reach the EOSC cloud.
This is done accessing the portal using ID Federation eduTEAMS. So your university/observatory should be part of eduTEAM/eduGAIN.
...
Choose your ID provider and go to it for authenticationOnce you identified yourself using ID federation. Identify using your federation ID.
- Copy from web interface : `client ID`, `client Secret` and `Refresh token` that are necessary for the following steps (copy and paste it somewhere locally).
- Copy and paste the curl command on a shell, and gather the access_token thus generated.
...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1886 0 1687 100 199 5531 652 --:--:-- --:--:-- --:--:-- 6163
{
"access_token": "XXXX",
"token_type": "Bearer",
"refresh_token": "XXXX",
"expires_in": 3599,
"scope": "openid profile eduperson_entitlement email",
"id_token": "XXXX"
}
Interact with Openstack to create a virtual machine using Python library
Create the Python virtual environment
Using fedcloud to help interacting with the federation. If you face any trouble restart from scratch using rm of ~/.my_venvs
mkdir ~/.my_venvs
python3 -m venv ~/.my_venvs/fedcloud
source ~/.my_venvs/fedcloud/bin/activate
Install fedcloud and configure
pip install fedcloud
sudo mkdir -p /etc/grid-security/certificates
CA_BUNDLE=https://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-classic.tar.gz
curl -s $CA_BUNDLE | sudo tar -xvz -C /etc/grid-security/certificates
cat /etc/grid-security/certificates/*.pem >> $(python -m requests.certs)export CHECKIN_CLIENT_ID= XXXX
export CHECKIN_CLIENT_SECRET=XXXXXX
export CHECKIN_REFRESH_TOKEN= XXXXXXXX
export ACCESS_TOKEN=XXXXXX
Taken from egifedcloud web page
Now make a VM at IN2P3
fedcloud endpoint list --site IN2P3-IRES
fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$ACCESS_TOKEN
...
pip install openstackclient
# Setup environment variables for IN2P3 endpoint
source env-VESPA-IN2P3.sh
# Interact with APIs
openstack network list
#create Create an openstack publick key openstack and security access
openstack keypair create --public-key ~/.ssh/id_rsa.pub my-key1
# Get a fresh token
fedcloud token list-vos --oidc-access-token $OS_ACCESS_TOKEN
# Check available OpenStack endpoints
fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$OS_ACCESS_TOKEN
...
openstack image list
Lists the avaialable available os :
openstack flavor image list
Lists the different machine sizes avaialable:
openstack flavor list
Check # verify if security group exist usingexists :
openstack security group show vespagroup
#ONLY IF VESPAGOUT VESPAGROUP DOESN'T EXIST , otherwise you will have to delete and restart because two security group with the same will generate a conflict.
### make security group that ONLY :
Build security group and open the necessary port
...
with the following commands:
It could answer that
...
security group
...
exists.
openstack security group create vespagroup --description "opening port 80 and 8080 for vespa"
openstack security group rule create vespagroup --protocol tcp --dst-port 80:80 --remote-ip 0.0.0.0/0
openstack security group rule create vespagroup --protocol tcp --dst-port 8080:8080 --remote-ip 0.0.0.0/0
openstack security group rule create vespagroup --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0w
If you have done these steps but security group already exists, you will have to delete and restart because two security group with the same name will generate a conflict.
We 0# we choose ubuntu image 18.04 and 2cpu 4G ram - Take the ubuntu image id and the flavour name found with openstack image/flavor list
IMAGE_ID=1d3d16c0-24b0-4960-80fe-64b9f4e1b4f1
FLAVOR=m1.medium
# test Test if network exist
openstack network list
if If not create it
openstack network create mynetwork
#I We take testpls as VM name
openstack server create --flavor $FLAVOR --image $IMAGE_ID \
--nic net-id=egi-vespa-net --security-group vespagroup \
--key-name mykey testpls