Get an ID and the token to reach the EOSC cloud.

This is done accessing the portal using ID Federation eduTEAMS. So your university/observatory should be part of eduTEAM/eduGAIN.

Open https://aai.egi.eu/fedcloud/ in a (private) browser window and click `Authorise`

Choose your ID provider and go to it for authentication. Identify using your federation ID.

(fedcloud) *****$ curl -X POST -u '****'  . . .


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1886    0  1687  100   199   5531    652 --:--:-- --:--:-- --:--:--  6163
{
    "access_token": "XXXX",
    "token_type": "Bearer",
    "refresh_token": "XXXX",
    "expires_in": 3599,
    "scope": "openid profile eduperson_entitlement email",
    "id_token": "XXXX"
}

Interact with Openstack to create a virtual machine using Python library

Create the Python virtual environment

Using fedcloud to help interacting with the federation. If you face any trouble restart from scratch using rm of ~/.my_venvs 

mkdir ~/.my_venvs

python3 -m venv ~/.my_venvs/fedcloud

source ~/.my_venvs/fedcloud/bin/activate

Install fedcloud and configure

pip install fedcloud
sudo mkdir -p /etc/grid-security/certificates
CA_BUNDLE=https://dist.eugridpma.info/distribution/igtf/current/accredited/igtf-preinstalled-bundle-classic.tar.gz
curl -s $CA_BUNDLE | sudo tar -xvz -C /etc/grid-security/certificates
cat /etc/grid-security/certificates/*.pem >> $(python -m requests.certs)

export CHECKIN_CLIENT_ID= XXXX

export CHECKIN_CLIENT_SECRET=XXXXXX

export CHECKIN_REFRESH_TOKEN= XXXXXXXX

export ACCESS_TOKEN=XXXXXX

Taken from egifedcloud web page

Now make a VM at IN2P3

fedcloud endpoint list --site IN2P3-IRES

fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$ACCESS_TOKEN

Replace the project ID by its value

fedcloud endpoint env --site IN2P3-IRES --oidc-access-token=$ACCESS_TOKEN --project-id c8005e7c85ca4929bde70882ae1ec137 | tee env-VESPA-IN2P3.sh

Play all the export verify and replace the access_token value by yours

export OS_AUTH_URL="https://sbgcloud.in2p3.fr:5000/v3"
export OS_AUTH_TYPE="v3oidcaccesstoken"
export OS_IDENTITY_PROVIDER="egi.eu"
export OS_PROTOCOL="openid"

Replace the access token value by the one you have generated initially with the curl command

export OS_ACCESS_TOKEN=" XXXXX"
export OS_PROJECT_ID="c8005e7c85ca4929bde70882ae1ec137"
source ~/.my_venvs/fedcloud/bin/activate

you will have an egcli in your prompt

pip install openstackclient

Setup environment variables for IN2P3 endpoint

source env-VESPA-IN2P3.sh

Interact with APIs

openstack network list

Create an openstack publick key and security access

openstack keypair create --public-key ~/.ssh/id_rsa.pub my-key1

Get a fresh token

fedcloud token list-vos --oidc-access-token $OS_ACCESS_TOKEN

Check available OpenStack endpoints

fedcloud endpoint projects --site IN2P3-IRES --oidc-access-token=$OS_ACCESS_TOKEN

Lists the available os :

openstack image list

Lists the different machine sizes avaialable:

openstack flavor list


Check if security group exists :

openstack security group show vespagroup

IF VESPAGROUP DOESN'T EXIST ONLY : 

Build security group and  open the necessary port with  the following commands:

 It could answer that security group exists.

    openstack security group create vespagroup --description "opening port 80 and 8080 for vespa"
    openstack security group rule create vespagroup --protocol tcp --dst-port 80:80 --remote-ip 0.0.0.0/0
    openstack security group rule create vespagroup --protocol tcp --dst-port 8080:8080 --remote-ip 0.0.0.0/0
    openstack security group rule create vespagroup --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0w

If you have done these steps but security group already exists, you will have to delete and restart because two security group with the same name will generate a conflict.


We choose ubuntu image 18.04 and 2cpu 4G ram - Take the ubuntu image id and the flavour name found with openstack image/flavor list

IMAGE_ID=1d3d16c0-24b0-4960-80fe-64b9f4e1b4f1
FLAVOR=m1.medium

Test if network exist

openstack network list


If not create it

openstack network create mynetwork

We take  testpls as VM name

openstack server create --flavor $FLAVOR --image $IMAGE_ID \
--nic net-id=egi-vespa-net --security-group vespagroup \
--key-name mykey testpls