Difference between revisions of "FAQ10 EGI Federated Cloud User"

From EGIWiki
Jump to: navigation, search
(Replaced content with "{{Template: Op menubar}} {{Template:Doc_menubar}} Category:Operations Manuals {{TOC_right}} {{Template:Block-comment | name=Warning | text=This FAQ is no longer ma...")
(Tag: Replaced)
 
(45 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{Fedcloud-tf:Menu}} {{TOC_right}}  
+
{{Template: Op menubar}}
 +
{{Template:Doc_menubar}}  
  
= EGI FedCloud Users FAQs =
+
[[Category:Operations Manuals]]
 +
{{TOC_right}}
  
== How can I get access to the EGI.eu Federated Cloud? ==
+
{{Template:Block-comment
The information is available [[Fedcloud-tf:Users#How_to_get_access_to_the_FedCloud|here]].
+
| name=Warning
 
+
| text=This FAQ is no longer maintained, please check the new documentation at https://egi-federated-cloud.readthedocs.io/en/latest/faq.html
== How can I register to the FedCloud VO? ==
+
  }}
You can register to the FedCloud VO following the instruction in [[Fedcloud-tf:CLI_Environment#Join_the_FedCloud_Virtual_Organisation|this page]]. Note that this VO is mainly for testing and demonstration purposes. For operational usage of the EGI Federated Cloud you will need to join an existing VO related to your own user community or create a new one. You can contact the [mailto:ucst@egi.eu EGI User Support Team] for more information.
 
 
 
== How can I install the rOCCI client? ==
 
You can setup the FedCloud User command line environment (which contains the rOCCI client) following the instructions in [[Fedcloud-tf:CLI_Environment|this page]].
 
 
 
== How can I get a proxy certificate (for authorization)? ==
 
You can get a proxy certificate with the following command (NOTE: you need to be registered to the FedCloud VO):
 
voms-proxy-init -voms fedcloud.egi.eu --rfc
 
 
 
== How can I choose which FedCloud site to use? ==
 
FedCloud sites offer their resources voluntary to users through Virtual Organisations (VO). Before you can access a Federated Cloud site you need to join a Virtual Organisation this site supports. Instructions on how to join an existing VO, or how to establish a new VO is available [[Fedcloud-tf:Users#Getting_access|here]].
 
 
 
== How can I start a VM? ==
 
In a command line environment, using the rOCCI client (a guide on how to install it is available [[Fedcloud-tf:CLI Environment|here]]), you can run the following command
 
 
 
occi --endpoint ''site_occi_endpoint'' --action create --resource compute --mixin ''os_template'' --mixin ''resource_template'' --attribute occi.core.title="My rOCCI VM" --auth x509 --user-cred ''proxy_certificate'' --voms
 
 
 
where ''site_occi_endpoint'' is the site OCCI endpoint, ''proxy_certificate'' is the path to your VOMS proxy certificate (obtained via the voms-proxy-init commands, see [[Fedcloud-tf:CLI Environment#Create_a_proxy_certificate|here]]), ''os_template'' is your VM OS image disk (e.x. os_tpl#debian6) and ''resource_template'' is your resource template (ex. resource_tpl#small).
 
 
 
The fastest way to get the ''site_occi_endpoint'', ''os_template'' and ''resource_template'' for your site, is to use the [http://appdb.egi.eu/browse/cloud EGI Application Database], as explained in [[#How can I get information about the available VM images?|How can I get information about the available VM images?]]
 
 
 
== How can I get the status of a VM? ==
 
 
 
In a command line environment, using the rOCCI client (a guide on how to install it is available [[Fedcloud-tf:CLI Environment|here]]), you can run the following command
 
 
 
occi --endpoint ''site_occi_endpoint'' --action describe --resource /compute/''VMID'' --auth x509 --user-cred ''proxy_certificate'' --voms
 
 
 
where ''site_occi_endpoint'' is the site OCCI endpoint, ''proxy_certificate'' is the path to your VOMS proxy certificate (obtained via the voms-proxy-init commands, see [[Fedcloud-tf:CLI Environment#Create_a_proxy_certificate|here]]) and ''VMID'' is the VMID obtained as output of the create VM action.
 
 
 
== How can I connect to a VM? ==
 
 
 
As first, you need to check that the VM is running and get its IP address. You can do that via a ''describe'' OCCI command (see [[#How can I get the status of a VM?]] for more info).
 
 
 
To access the VM via the shell, you can use an SSH client and connect to the VM IP address, port 22, root user with your own authorization key.
 
 
 
NOTE: For all of the generic OS images and most of the custom images, no credentials are included within the image. The public key to access the VM can be setup using a cloud-init contextualization script (see [[#How can I inject my public SSH key into the machine?]])
 
 
 
== How can I inject my public SSH key into the machine? ==
 
Best way to login into the virtual server is to use SSH keys. To inject your public SSH key into the VM during startup, you can use CloudInit contextualization feature and contextualization (see [[#How can I use contextualization?]]). A sample user data script to setup an administrator user is
 
 
 
#cloud-config
 
users:
 
  - name: cloudadm
 
    sudo: ALL=(ALL) NOPASSWD:ALL
 
    lock-passwd: true
 
    ssh-import-id: cloudadm
 
    ssh-authorized-keys:
 
    - <your SSH key>
 
 
 
== How can I use contextualization? ==
 
If you have a contextualization script, you can run it using the following rOCCI command at VM creation:
 
 
 
occi --endpoint ''site_occi_endpoint'' --action describe --resource /compute/''VMID''  --context user_data="file://$PWD/contextulization_script.sh" --auth x509 --user-cred proxy_certificate --voms
 
 
 
NOTE: FedCloud supports [https://launchpad.net/cloud-init CloudInit] user data format. Using CloudInit you can easily inject your SSH private keys or run a set of deployment scripts. Full documentation about CloudInit is [http://cloudinit.readthedocs.org/ here].
 
 
 
== How can I get the list of running VM? ==
 
In a command line environment, using the rOCCI client (a guide on how to install it is available [[Fedcloud-tf:CLI Environment|here]]), you can run the following command
 
 
 
occi --endpoint ''site_occi_endpoint'' --action list --resource compute --auth x509 --user-cred ''proxy_certificate'' --voms
 
 
 
where ''site_occi_endpoint'' is the site OCCI endpoint and ''proxy_certificate'' is the path to your VOMS proxy certificate (obtained via the voms-proxy-init commands, see [[Fedcloud-tf:CLI Environment#Create_a_proxy_certificate|here]])
 
 
 
== How can I stop a VM? ==
 
 
 
In a command line environment, using the rOCCI client (a guide on how to install it is available [[Fedcloud-tf:CLI Environment|here]]), you can run the following command
 
 
 
occi --endpoint ''site_occi_endpoint'' --action delete --resource /compute/''VMID'' --auth x509 --user-cred ''proxy_certificate'' --voms
 
 
 
where ''site_occi_endpoint'' is the site OCCI endpoint, ''proxy_certificate'' is the path to your VOMS proxy certificate (obtained via the voms-proxy-init commands, see [[Fedcloud-tf:CLI Environment#Create_a_proxy_certificate|here]]) and ''VMID'' is the VMID obtained as output of the create VM action.
 
 
 
== How can I get information about the available VM images? ==
 
The [http://appdb.egi.eu/browse/cloud EGI Application Database] contains information about the VM images available in the EGI Federated Cloud. Within the [http://appdb.egi.eu/browse/cloud AppDB Cloud Marketplace], you can look for a VM and get all the information about which VO the VM is associated, the sites where the VM is available and the OCCI endpoint, resource template and OS template IDs to start the VMs. This information is present in the image "Availability and Usage" panel.
 
 
 
== How can I get the list of the resource templates available on a site? ==
 
In a command line environment, using the rOCCI client (a guide on how to install it is available [[Fedcloud-tf:CLI Environment|here]]), you can run the following command
 
 
 
occi --endpoint ''site_occi_endpoint'' --action list --resource resource_tpl --auth x509 --user-cred ''proxy_certificate'' --voms
 
 
 
where ''site_occi_endpoint'' is the site OCCI endpoint and ''proxy_certificate'' is the path to your VOMS proxy certificate (obtained via the voms-proxy-init commands, see [[Fedcloud-tf:CLI Environment#Create_a_proxy_certificate|here]])
 
 
 
If you need more information about the resource templates than the one available via the OCCI interface (eg. number of CPU available, quantity of memory available), you can use the EGI Information System (see [[#How can I get the list of the FedCloud sites?|How can I get the list of the FedCloud sites?]]), via the following LDAP query:
 
ldapsearch -x -H ldap://lcg-bdii.cern.ch:2170 -b GLUE2GroupID=cloud,GLUE2DomainID=''<site_name>'',GLUE2GroupID=grid,o=glue objectClass=GLUE2ExecutionEnvironment
 
 
 
== How can I get the list of the OS templates available on a site? ==
 
In a command line environment, using the rOCCI client (a guide on how to install it is available [[Fedcloud-tf:CLI Environment|here]]), you can run the following command
 
 
 
occi --endpoint ''site_occi_endpoint'' --action list --resource os_tpl --auth x509 --user-cred ''proxy_certificate'' --voms
 
 
 
where ''site_occi_endpoint'' is the site OCCI endpoint and ''proxy_certificate'' is the path to your VOMS proxy certificate (obtained via the voms-proxy-init commands, see [[Fedcloud-tf:CLI Environment#Create_a_proxy_certificate|here]])
 
 
 
If you need more information about the resource templates than the one available via the OCCI interface (eg. number of CPU available, quantity of memory available), you can use the EGI Information System (see [[#How can I get the list of the FedCloud sites?|How can I get the list of the FedCloud sites?]]), via the following LDAP query:
 
ldapsearch -x -H ldap://lcg-bdii.cern.ch:2170 -b GLUE2GroupID=cloud,GLUE2DomainID=''<site_name>'',GLUE2GroupID=grid,o=glue objectClass=GLUE2ApplicationEnvironment
 
 
 
== How can I publish my own VM image? ==
 
Direct publish of custom VMs implies an authorization and verification phase. Your VM will need to be approved by the VO administrator and added to the VO image list, for the EGI sites to download it and make it available to the VO members.
 
 
 
More information on the process to create a custom VM and publish it is reported [[Fedcloud-tf:Users:ApplicationPortingHowTo#3._Custom_OS_image_2|here]]
 
 
 
== How can I get the list of the FedCloud sites? ==
 
The list of certified FedCloud sites is available [[Fedcloud-tf:ResourceProviders#Fully_integrated_Resource_Providers|in this page]].
 
 
 
The EGI Federated Cloud publishes also dynamic information about the sites (endpoints, available images, etc...) via the Federated Cloud information system, based on the [http://en.wikipedia.org/wiki/BDII BDII] technology. BDII has a standard LDAP interface, which you can query with any LDAP client. For example, on linux, you can execute the following commands to get the list of the EGI sites exposing respectively cloud IaaS resources (via OCCI) and cloud STaaS resources (via CDMI):
 
ldapsearch -x -H ldap://lcg-bdii.cern.ch:2170 -b GLUE2GroupID=grid,o=glue "GLUE2ServiceType=IaaS" | grep GLUE2ServiceAdminDomainForeignKey
 
  ldapsearch -x -H ldap://lcg-bdii.cern.ch:2170 -b GLUE2GroupID=grid,o=glue "GLUE2ServiceType=STaaS" | grep GLUE2ServiceAdminDomainForeignKey
 
 
 
== How can I get the FedCloud sites endpoints? ==
 
The endpoint information is available [[Fedcloud-tf:Users#How_to_get_access_to_the_FedCloud|here]], in the "Resource Endpoints" column of the table. Some site may expose only Infrastructure-as-a-Service (starting/stopping of VMs), which is served via the OCCI endpoint, while some other sites may expose only STorage-as-a-Service, served via the CDMI endpoint.
 
 
 
For the image management service, OCCI, it is also possible to get the list of the site supporting a given image with the endpoints and all the information about to start the image using the [https://appdb.egi.eu/browse/cloud EGI Application Database], browsing the list of images and checking the "Availability and Usage" page for the image.
 
 
 
It is also possible to query the site endpoints via the EGI Federated Cloud information management system (see [[#How can I get the list of the FedCloud sites?|How can I get the list of the FedCloud sites?]]), via the following LDAP queries (for respectively OCCI and CDMI endpoints):
 
 
 
ldapsearch -x -H ldap://lcg-bdii.cern.ch:2170 -b GLUE2DomainID=''<site_name>'',GLUE2GroupID=grid,o=glue GLUE2EndpointInterfaceName=OCCI | grep GLUE2EndpointURL
 
ldapsearch -x -H ldap://lcg-bdii.cern.ch:2170 -b GLUE2DomainID=''<site_name>'',GLUE2GroupID=grid,o=glue GLUE2EndpointInterfaceName=CDMI | grep GLUE2EndpointURL
 

Latest revision as of 15:39, 3 March 2020