Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Fedcloud-tf:CloudscapeVDemo"

From EGIWiki
Jump to navigation Jump to search
 
(20 intermediate revisions by the same user not shown)
Line 9: Line 9:
# Check Nagios/SAM for status
# Check Nagios/SAM for status
## --> demonstrates monitoring
## --> demonstrates monitoring
## https://fedcloud-mon.egi.eu
## http://cloudmon.egi.eu/myegi/
# Look up the image on the Marketplace
# Look up the image on the Marketplace
## --> demonstrate VM distribution and endorsement
## --> demonstrate VM distribution and endorsement
## --> demonstrate vmcatcher based image distribution
## http://marketplace.egi.eu/metadata
## http://marketplace.egi.eu/metadata
# using rOCCI client, deploy a number of WeNMR instance on selected RPs
# using rOCCI client, deploy a number of WeNMR instance on selected RPs
Line 23: Line 24:
## http://goc-accounting.grid-support.ac.uk/cloudtest/vms.html
## http://goc-accounting.grid-support.ac.uk/cloudtest/vms.html


= TODOs =
== <span style="color:green">rOCCI client</span> ==
====<span style="color:green">Get rOCCI client</span> ====
This was quite a hassle for MAC OS X 10.8 (Mountain Lion).  I finally managed getting rOCCI client running natively on Mac OS X - [[rOCCI client on Mac OS X Mountain Lion (10.8)|here is how I did it]].
<span style="color:red">Action rOCCI team</span> - document usage on Mac OS X (issue filed on Github) (see https://github.com/gwdg/rOCCI/issues/59)
====<span style="color:green">rOCCI client and my Grid certificate </span>====


= TODOs =
After sorting out the issues with Ruby and rOCCI client (see above), the certificate handling wasn't a problem anymore. However, I stand with my request to support PKCS#12 format for key and cert storage as this is *very* widely supported and does not need people to mess with OpenSSL cmd line hacking to get the authN sorted.
 
Any browser and OS key management supports PKCS#12 key management - no command line private key messing involved!


== rOCCI client ==
<span style="color:red">Action</span> - Please document '''in easy steps''' the whole process of acquiring a Grid certificate and how to configure command line systems (for PEM support)


The OCCI Java solution seem to be a dead horse. Somewhere in the toolchain my private key seem unacceptable except in plain PEM format.
==== <span style="color:Green;">Getting started with client</span> ====


JewleryBox was recommended for Mac people even by the core Ruby people - but that crashes on me.
Set up a couple of config scripts that make the command line very easy. See raw demo takes available at https://documents.egi.eu/document/1593)


Using RVM now, but that wants to compile Ruby 1.9.3 - and Mac OS X doesn't come with a C compiler... argh!
For longer term, a rOCCI client config file will be helpful.


So installing XCode to get the gcc, then run rvm again to finally get Ruby 1.9.3.
<span style="color:red">Action rOCCI team</span> - Support config files with endpoint profiling (https://github.com/gwdg/rOCCI/issues/46)


After that, try gemming OCCI...
== <span style="color:Orange;">RP status</span> ==


====<span style="color:green">DONE</span> Get rOCCI client====
==== <span style="color:Green;">Getting started with client</span> ====


* Install Java JRE or JDK
See  rOCCI client configuration. Endpoint queries are stable and promising. Focusing on OCCI endpont queries.
* Get Executable JAR file from rOCCI people.


<span style="color:red">Action GWDG</span> - provide direct download links to executables/ exec jar files on the project page
==== <span style="color:Orange;">Compute queries</span> ====


Need to make sure that I use the Client VM, not the Server VM, but that is a detail. <br>
The OCCI command is (omitting authentication parameters):
--> Can't do that for now. '''This impacts the startup times - currently 18s''' for "java -jar occi.jar --help"
occi --endpoint $ENDPOINT --resource compute --action list


====<span style="color:green">DONE</span> rOCCI client and my Grid certificate ====
RP status<br>
<span style="color:Green;">CESGA, CESNET, GWDG, GRIF</span><br>
<span style="color:Orange;">JUELICH, GRNET, IN2P3, IFCA</span> all authentication errors<br>
<span style="color:Red;">CYFRONET, INFN</span> both no endpoint in GOCDB) <br>


Done. Had to provide my grid certificate and private key in one PEM file. Instructions are on https://wiki.egi.eu/wiki/Fedcloud-tf:WorkGroups:_Federated_AAI:OpenNebula#OCCI_client but the whole process on grid certificates is not clear.
==== <span style="color:Orange;">Compute instantiations</span> ====
The OCCI command is (omitting authentication parameters):
occi --endpoint $ENDPOINT --resource compute --action create --mixin os_tpl#$TPL -t "title"


Good that I had one, but '''the CA certificate''' stuff (in layman's terms) is another irritating obstacle - the installation or usage of /etc/grid-security/certificates is something very opaque to non-Grid people!
RP status<br>
<span style="color:Green;">CESGA, CESNET, GWDG</span><br>
<span style="color:Orange;">GRIF</span> Fails to return resource identifier, no resource creatred<br>
<span style="color:Orange;">JUELICH, GRNET, IN2P3, IFCA</span> all authentication errors<br>
<span style="color:Red;">CYFRONET, INFN</span> both no endpoint in GOCDB) <br>


<span style="color:red">Action</span> - Please document '''in easy steps''' the whole process of acquiring a Grid certificate and how to configure command line systems.
<span style="color:red">Issue</span> - Even though Piotr could use his encrypted grid cert private key, I couldn't. I had to generate a PEM file with an unencrypted private key to gett the rOCCI client working. Using OpenSSL, this ensured that the passphrase was the correct one. However, Boris reported that there was an issue with OpenSSL and Java - maybe that is the reason...


==== <span style="color:Orange;">In progress</span> Getting started with client ====


In contact with OCCI developers on implementing config file support to make the command line invocations a lot easier.
==  <span style="color:Green;">GOC DB </span>==


== VO support ==
=====GocDB CA certificate =====


==== <span style="color:Red;">Stuck</span> Get my Grid Certificate registered in Fedcloud VO ====
Add UK E Science certificate from the trust bundle into my browser config. For Mac OS X that translates to key chain access fun (for Google Chrome)


Server Perun doesn't like me. CESNET is investigating.
==  <span style="color:Green;"> SAM / Monitoring </span> ==


==== Test-run OCCI commands against selected RPs ====
The SAM instance for FCTF is used: https://cloudmon.egi.eu/nagios


== SAM / Monitoring ==
My certificate is recognised, and the demo part for SAM is taken.


Make sure the production SAM is used: https://fedcloud-mon.egi.eu
== <span style="color:Green;">Accounting</span> ==


== Accointing ==
Done. Will take it, and cute the video to time shift.


== GOC DB ==
== VO support ==


===== GocDB CA certificate =====
No VO support for Cloudscape.


Certificate is not trusted. Where do I conveniently get the CA certificatge to add that to my stack?


[[Category:Technology]] [[Category:Fedcloud-tf]]
[[Category:Technology]] [[Category:Fedcloud-tf]]

Latest revision as of 13:36, 20 February 2013


This Wiki entry describes the planned demonstration at Cloudscape V in Brussels (see FCTF Outreach section).

Demonstration script

  1. Check GOGDB for available Cloud endpoints
    1. --> demonstrates information system
    2. https://goc.egi.eu/portal/
  2. Check Nagios/SAM for status
    1. --> demonstrates monitoring
    2. http://cloudmon.egi.eu/myegi/
  3. Look up the image on the Marketplace
    1. --> demonstrate VM distribution and endorsement
    2. --> demonstrate vmcatcher based image distribution
    3. http://marketplace.egi.eu/metadata
  4. using rOCCI client, deploy a number of WeNMR instance on selected RPs
    1. --> federated consistent access using OCCI
    2. tentative RPs: INFN, JUELICH, GWDG, CESNET, CESGA, Cyfronet, In2P3
    3. refer to WeNMR page for info on this demo phase
  5. Go to the accounting page
    1. --> demonstrate that we account for Cloud compute consumption
    2. http://goc-accounting.grid-support.ac.uk/cloudtest/cloudsites.html
    3. http://goc-accounting.grid-support.ac.uk/cloudtest/vmshour.html
    4. http://goc-accounting.grid-support.ac.uk/cloudtest/vms.html

TODOs

rOCCI client

Get rOCCI client

This was quite a hassle for MAC OS X 10.8 (Mountain Lion). I finally managed getting rOCCI client running natively on Mac OS X - here is how I did it.

Action rOCCI team - document usage on Mac OS X (issue filed on Github) (see https://github.com/gwdg/rOCCI/issues/59)

rOCCI client and my Grid certificate

After sorting out the issues with Ruby and rOCCI client (see above), the certificate handling wasn't a problem anymore. However, I stand with my request to support PKCS#12 format for key and cert storage as this is *very* widely supported and does not need people to mess with OpenSSL cmd line hacking to get the authN sorted.

Any browser and OS key management supports PKCS#12 key management - no command line private key messing involved!

Action - Please document in easy steps the whole process of acquiring a Grid certificate and how to configure command line systems (for PEM support)

Getting started with client

Set up a couple of config scripts that make the command line very easy. See raw demo takes available at https://documents.egi.eu/document/1593)

For longer term, a rOCCI client config file will be helpful.

Action rOCCI team - Support config files with endpoint profiling (https://github.com/gwdg/rOCCI/issues/46)

RP status

Getting started with client

See rOCCI client configuration. Endpoint queries are stable and promising. Focusing on OCCI endpont queries.

Compute queries

The OCCI command is (omitting authentication parameters): 

occi --endpoint $ENDPOINT --resource compute --action list

RP status
CESGA, CESNET, GWDG, GRIF
JUELICH, GRNET, IN2P3, IFCA all authentication errors
CYFRONET, INFN both no endpoint in GOCDB)

Compute instantiations

The OCCI command is (omitting authentication parameters): 

occi --endpoint $ENDPOINT --resource compute --action create --mixin os_tpl#$TPL -t "title"

RP status
CESGA, CESNET, GWDG
GRIF Fails to return resource identifier, no resource creatred
JUELICH, GRNET, IN2P3, IFCA all authentication errors
CYFRONET, INFN both no endpoint in GOCDB)


GOC DB

GocDB CA certificate

Add UK E Science certificate from the trust bundle into my browser config. For Mac OS X that translates to key chain access fun (for Google Chrome)

SAM / Monitoring

The SAM instance for FCTF is used: https://cloudmon.egi.eu/nagios

My certificate is recognised, and the demo part for SAM is taken.

Accounting

Done. Will take it, and cute the video to time shift.

VO support

No VO support for Cloudscape.

Retrieved from "https://wiki.egi.eu/w/index.php?title=Fedcloud-tf:CloudscapeVDemo&oldid=51915"