Difference between revisions of "Fedcloud-tf:ResourceProviders:OpenStack"
Line 37: | Line 37: | ||
For the OpenStack Storage service (Swift) to work within the EGI Federated Cloud, the [https://github.com/osaddon/cdmi CDMI OpenStack addon] need to be installed. To do so, you can follow the instructions [https://github.com/osaddon/cdmi here]. | For the OpenStack Storage service (Swift) to work within the EGI Federated Cloud, the [https://github.com/osaddon/cdmi CDMI OpenStack addon] need to be installed. To do so, you can follow the instructions [https://github.com/osaddon/cdmi here]. | ||
''NOTE:'' If you are using OpenStack Havana stable branch (stable/havana) and you have <code>delay_auth_decision = 1</code> into your <code>/etc/swift/proxy-server.conf</code> file, ''www-authenticate'' is not sent correctly by the CDMI interface. To fix this, you need to apply, over a stable/havana distribution, the following patch: <code>git fetch https://review.openstack.org/openstack/swift refs/changes/76/43476/14 && git checkout FETCH_HEAD</code> | ''NOTE:'' If you are using OpenStack Havana stable branch (stable/havana) and you have <code>delay_auth_decision = 1</code> into your <code>/etc/swift/proxy-server.conf</code> file (which is required to support public access to files), ''www-authenticate'' is not sent correctly by the CDMI interface. To fix this, you need to apply, over a stable/havana distribution, first the following patch: <code>git fetch https://review.openstack.org/openstack/swift refs/changes/76/43476/14 && git checkout FETCH_HEAD</code> and then this patch: https://bugs.launchpad.net/swift/+bug/1349364 | ||
''NOTE:'' If you are using OpenStack Icehouse stable branch (stable/icehouse) and you have <code>delay_auth_decision = 1</code> into your <code>/etc/swift/proxy-server.conf</code> file (which is required to support public access to files), ''www-authenticate'' is not sent correctly by the CDMI interface for Keystone authentication. To fix this, you need to apply this patch: https://bugs.launchpad.net/swift/+bug/1349364 . | |||
== References == | == References == | ||
<references/> | <references/> |
Revision as of 12:07, 29 July 2014
Main | Roadmap and Innovation | Technology | For Users | For Resource Providers | Media |
OpenStack Resource Provider Deployment guide
This section describes steps necessary for new Resource Provider (RP) using Openstack middleware to join EGI Cloud Federation. It is strongly recommended using the last Openstack version. Specifically, the VOMS-enabled authentication will require Havana version of Keystone. The installation and configuration instructions for OpenStack are available online[1].
The actual integration with the EGI Cloud Federation consists of the following steps:
- VOMS-enable Keystone installation and configuration
- OCCI installation and configuration
- Integration with accounting service APEL
- Integration with VM Image Management infrastructure
- Integration with information system
- Registration of deployed services in GOCDB
Each of the above-mentioned steps is a requirement for every Resource Provider wishing to join the EGI Cloud Federation. Resource Providers are welcome to deploy and offer additional services such as object storage (CDMI) but this is not a requirement at this time. Detailed description of the listed steps is as follows.
VOMS-enable Keystone installation and configuration
The installation and configuration of VOMS-enable Keystone is available online[2]. That will enable X.509 authentication mechanism and allows users with valid VOMS proxy certificate to log in. The actual VO for EGI Cloud Federation fedcloud.egi.eu should be enabled in the configuration (details can be found here: Federated AAI Configuration). There is an option for automatically creating new users for trusted VO on the fly.
OCCI installation and configuration
The steps of installation and configuration of OCCI is available online[3]. The installation and configuration should be done on the machine with Nova server. Be aware of selecting the appropriate branch for your OpenStack installation.
For more information, detailed instructions for OpenStack Grizzly configuration/installation OCCI support, provided by INFN, are available here.
Integration with accounting service APEL
Like RP with OpenNebula, the client for accounting service APEL must be installed and configured. The details of installation and configuration of APEL for Openstack is available at[4][5].
Integration with VM Image management infrastructure
Resource Providers are required to integrate their Openstack with an image management service used within the federation. Installation and configuration details are available online in the Wiki[6]. This service ensures that all images are trusted and up-to-date for all Resource Providers across the federation.
In addition to vmcaster/vmcatcher, glancepush-vmcatcher[7] uses vmcatcher's event handler to signal glancepush that a new image was updated in vmcatcher's cache and glancepush will check and publish images from vmcatcher cache to glance service in Openstack.
Integration with information system LDAP/BDII
Integration with BDII for RP with Openstack is identical as in the OpenNebula case. The instructions are available online in the Wiki[8].
CDMI installation and configuration
For the OpenStack Storage service (Swift) to work within the EGI Federated Cloud, the CDMI OpenStack addon need to be installed. To do so, you can follow the instructions here.
NOTE: If you are using OpenStack Havana stable branch (stable/havana) and you have delay_auth_decision = 1
into your /etc/swift/proxy-server.conf
file (which is required to support public access to files), www-authenticate is not sent correctly by the CDMI interface. To fix this, you need to apply, over a stable/havana distribution, first the following patch: git fetch https://review.openstack.org/openstack/swift refs/changes/76/43476/14 && git checkout FETCH_HEAD
and then this patch: https://bugs.launchpad.net/swift/+bug/1349364
NOTE: If you are using OpenStack Icehouse stable branch (stable/icehouse) and you have delay_auth_decision = 1
into your /etc/swift/proxy-server.conf
file (which is required to support public access to files), www-authenticate is not sent correctly by the CDMI interface for Keystone authentication. To fix this, you need to apply this patch: https://bugs.launchpad.net/swift/+bug/1349364 .
References
- ↑ http://docs.openstack.org/install/
- ↑ http://ifca.github.io/keystone-voms/
- ↑ https://github.com/IFCA/occi-os
- ↑ https://wiki.egi.eu/wiki/Fedcloud-tf:WorkGroups:Scenario4
- ↑ https://github.com/EGI-FCTF/osssm/wiki
- ↑ https://wiki.egi.eu/wiki/Fedcloud-tf:WorkGroups:Scenario8:Configuration#VMcatcher
- ↑ https://github.com/EGI-FCTF/glancepush
- ↑ https://wiki.egi.eu/wiki/Fedclouds_BDII_instructions