This is done accessing the portal using ID Federation eduTEAMS. So your university/observatory should be part of eduTEAM/eduGAIN.
Open https://aai.egi.eu/fedcloud/ in a (private) browser window and click `Authorise`
Choose your ID provider and go to it for authentication. Identify using your federation ID.
(fedcloud) *****$ curl -X POST -u '****' . . .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1886 0 1687 100 199 5531 652 --:--:-- --:--:-- --:--:-- 6163
{
"access_token": "XXXX",
"token_type": "Bearer",
"refresh_token": "XXXX",
"expires_in": 3599,
"scope": "openid profile eduperson_entitlement email",
"id_token": "XXXX"
}
Using fedcloud to help interacting with the federation. If you face any trouble restart from scratch using rm of ~/.my_venvs
mkdir ~/.my_venvs
python3 -m venv ~/.my_venvs/fedcloud
source ~/.my_venvs/fedcloud/bin/activate
pip install fedcloud
sudo mkdir -p /etc/grid-security/certificates
CA_BUNDLE=https://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-classic.tar.gz
curl -s $CA_BUNDLE | sudo tar -xvz -C /etc/grid-security/certificates
cat /etc/grid-security/certificates/*.pem >> $(python -m requests.certs)export CHECKIN_CLIENT_ID= XXXX
export CHECKIN_CLIENT_SECRET=XXXXXX
export CHECKIN_REFRESH_TOKEN= XXXXXXXX
export ACCESS_TOKEN=XXXXXX
Taken from egifedcloud web page
fedcloud endpoint list --site IN2P3-IRES
fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$ACCESS_TOKEN
Replace the project ID by its value
fedcloud endpoint env --site IN2P3-IRES --oidc-access-token=$ACCESS_TOKEN --project-id c8005e7c85ca4929bde70882ae1ec137 | tee env-VESPA-IN2P3.sh
Play all the export verify and replace the access_token value by yours
export OS_AUTH_URL="https://sbgcloud.in2p3.fr:5000/v3"
export OS_AUTH_TYPE="v3oidcaccesstoken"
export OS_IDENTITY_PROVIDER="egi.eu"
export OS_PROTOCOL="openid"
Replace the access token value by the one you have generated initially with the curl command
export OS_ACCESS_TOKEN=" XXXXX"
export OS_PROJECT_ID="c8005e7c85ca4929bde70882ae1ec137"
source ~/.my_venvs/fedcloud/bin/activate
you will have an egcli in your prompt
pip install openstackclient
Setup environment variables for IN2P3 endpoint
source env-VESPA-IN2P3.sh
Interact with APIs
openstack network list
Create an openstack publick key and security access
openstack keypair create --public-key ~/.ssh/id_rsa.pub my-key1
Get a fresh token
fedcloud token list-vos --oidc-access-token $OS_ACCESS_TOKEN
Check available OpenStack endpoints
fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$OS_ACCESS_TOKEN
Lists the available os :
openstack image list
Lists the different machine sizes avaialable:
openstack flavor list
Check if security group exists :
openstack security group show vespagroup
IF VESPAGROUP DOESN'T EXIST ONLY :
Build security group and open the necessary port with the following commands:
It could answer that security group exists.
openstack security group create vespagroup --description "opening port 80 and 8080 for vespa"
openstack security group rule create vespagroup --protocol tcp --dst-port 80:80 --remote-ip 0.0.0.0/0
openstack security group rule create vespagroup --protocol tcp --dst-port 8080:8080 --remote-ip 0.0.0.0/0
openstack security group rule create vespagroup --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0w
If you have done these steps but security group already exists, you will have to delete and restart because two security group with the same name will generate a conflict.
We choose ubuntu image 18.04 and 2cpu 4G ram - Take the ubuntu image id and the flavour name found with openstack image/flavor list
IMAGE_ID=1d3d16c0-24b0-4960-80fe-64b9f4e1b4f1
FLAVOR=m1.medium
Test if network exist
openstack network list
If not create it
openstack network create mynetwork
We take testpls as VM name
openstack server create --flavor $FLAVOR --image $IMAGE_ID \
--nic net-id=egi-vespa-net --security-group vespagroup \
--key-name mykey testpls