Fedcloud-tf:CloudscapeVDemo
This Wiki entry describes the planned demonstration at Cloudscape V in Brussels (see FCTF Outreach section).
Demonstration script
- Check GOGDB for available Cloud endpoints
- --> demonstrates information system
- https://goc.egi.eu/portal/
- Check Nagios/SAM for status
- --> demonstrates monitoring
- https://fedcloud-mon.egi.eu
- Look up the image on the Marketplace
- --> demonstrate VM distribution and endorsement
- http://marketplace.egi.eu/metadata
- using rOCCI client, deploy a number of WeNMR instance on selected RPs
- --> federated consistent access using OCCI
- tentative RPs: INFN, JUELICH, GWDG, CESNET, CESGA, Cyfronet, In2P3
- refer to WeNMR page for info on this demo phase
- Go to the accounting page
- --> demonstrate that we account for Cloud compute consumption
- http://goc-accounting.grid-support.ac.uk/cloudtest/cloudsites.html
- http://goc-accounting.grid-support.ac.uk/cloudtest/vmshour.html
- http://goc-accounting.grid-support.ac.uk/cloudtest/vms.html
TODOs
rOCCI client
DONE Get rOCCI client
This was quite a hassle for MAC OS X 10.8 (Mountain Lion). Here is what I did - including a WARNING that I might have to re-compile Ruby 1.9.3.
- Install Xcode 4.6 (from developer.appe.com
- Inside Xcode, download and install Xcode command line tools (Menu Xcode - Preferences - Downloads)
- Install RVM
Jewlery crashed on my system, so that was a dead end. The following command tried to compile Ruby 1.9.3 but failed with a warning on an unsupported CLANG feature. Looks like the gcc I used is the gcc-llvm from Apple... But tht at least installed RVM on my system...
$ curl -L https://get.rvm.io | bash -s stable --ruby
- Read up on some discussions on this here: http://stackoverflow.com/questions/14592945/cannot-compile-ruby-1-9-3
- Try again compiling Ruby with a different approach (mentioned in that thread. That compiled Ruby 1.9.3 fine, though with the warning on CLANG. So I am still using gcc-llvm
$ rvm install 1.9.3 --with-gcc=gcc
- Installation went fine... So now on to installing OCCI...
gem install occi [...] Successfully installed antlr3-1.8.12 Successfully installed hashie-1.2.0 Successfully installed uuidtools-2.1.3 Successfully installed nokogiri-1.5.6 Successfully installed i18n-0.6.1 Successfully installed multi_json-1.5.0 Successfully installed activesupport-3.2.11 Successfully installed multi_xml-0.5.2 Successfully installed httparty-0.10.2 Successfully installed highline-1.6.15 Successfully installed eventmachine-1.0.0 Successfully installed amq-protocol-1.1.0 Successfully installed amq-client-0.9.11 Successfully installed amqp-0.9.8 Successfully installed occi-3.0.0 15 gems installed [...] $
Done! Does it blend? ;-)
$ occi --auth x509 --action list --resource storage --user-cred /Users/michel/.globus/usercred-des.pem --ca-path /Users/michel/FCTF/certificates --endpoint https://occi.cloud.gwdg.de:3100/ Enter a password or an auth. token: line 1:145 mismatched character "u"; expecting "k" line 1:157 mismatched character "u"; expecting "k" Storage locations: https://occi.cloud.gwdg.de:3100/storage/72666675-9e33-55c7-8205-b157e3c8e580 https://occi.cloud.gwdg.de:3100/storage/ea4f06a8-3509-5cbf-9f3e-f76917d60e7d https://occi.cloud.gwdg.de:3100/storage/ed731887-2cd1-56ba-8f7c-1fa9ded7280e https://occi.cloud.gwdg.de:3100/storage/9167833e-f720-5e94-a884-3911a58fa127 https://occi.cloud.gwdg.de:3100/storage/5778be67-1da0-55e0-99c9-469060e65d5c https://occi.cloud.gwdg.de:3100/storage/28a83f58-77a0-5424-b0bf-47bb54f39120 https://occi.cloud.gwdg.de:3100/storage/2ebee24b-b268-5389-a22a-ea15a4cc8003 https://occi.cloud.gwdg.de:3100/storage/62e31e68-fd09-5669-ae0c-e7eb1f783bb4 https://occi.cloud.gwdg.de:3100/storage/a6b0bd70-8f42-5d9b-94ec-a6e0429f24e1 https://occi.cloud.gwdg.de:3100/storage/fe61d5dc-174e-509b-aa5d-3a775e46945a
It blends! And it even works out of the box with encrypted private keys in PEM format (see commandline options above)
Action rOCCI team - document usage on Mac OS X (issue filed on Github)
DONE rOCCI client and my Grid certificate
After sorting out the issues with Ruby and rOCCI client (see above), the certificate handling wasn't a problem anymore. However, I stand with my request to support PKCS#12 format for key and cert storage as this is *very* widely supported and does not need people to mess with OpenSSL cmd line hacking to get the authN sorted.
Any browser and OS key management supports PKCS#12 key management - no command line private key messing involved!
Action - Please document in easy steps the whole process of acquiring a Grid certificate and how to configure command line systems (for PEM support)
Action rOCCI team - Support PKCS#12 (https://github.com/gwdg/rOCCI/issues/48)
In progress Getting started with client
Getting familiar with it. For demo purposes, long command line options are a killer, so some sort of configuration file with endpoint profiling would be good.
Action rOCCI team - Support config files with endpoint profiling (https://github.com/gwdg/rOCCI/issues/46)
RP status
In progress Getting started with client
Checking RP status for the demo. Checks include:
- storage resource query checks against RPs without VO support
- storage resource queries against RPs with VO support
- instantiate WeNMR image
INFN, JUELICH, GWDG, CESNET, CESGA, Cyfronet, In2P3
VO support
Done Get my Grid Certificate registered in Fedcloud VO
Server Perun doesn't like me. CESNET is investigating.
Update - tried this morning again, and I could apply for fedcloud membership. Waiting for confirmation Email...
InProgress Get Proxy certificate tools
No idea yet...
Test-run OCCI commands against selected RPs
SAM / Monitoring
Make sure the production SAM is used: https://fedcloud-mon.egi.eu
Accointing
GOC DB
GocDB CA certificate
Certificate is not trusted. Where do I conveniently get the CA certificatge to add that to my stack?