Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Fedcloud-tf:CloudscapeVDemo"

From EGIWiki
Jump to navigation Jump to search
Line 12: Line 12:
# Look up the image on the Marketplace
# Look up the image on the Marketplace
## --> demonstrate VM distribution and endorsement
## --> demonstrate VM distribution and endorsement
## --> demonstrate vmcatcher based image distribution
## http://marketplace.egi.eu/metadata
## http://marketplace.egi.eu/metadata
# using rOCCI client, deploy a number of WeNMR instance on selected RPs
# using rOCCI client, deploy a number of WeNMR instance on selected RPs

Revision as of 11:26, 19 February 2013


This Wiki entry describes the planned demonstration at Cloudscape V in Brussels (see FCTF Outreach section).

Demonstration script

  1. Check GOGDB for available Cloud endpoints
    1. --> demonstrates information system
    2. https://goc.egi.eu/portal/
  2. Check Nagios/SAM for status
    1. --> demonstrates monitoring
    2. https://cloudmon.egi.eu/nagios
  3. Look up the image on the Marketplace
    1. --> demonstrate VM distribution and endorsement
    2. --> demonstrate vmcatcher based image distribution
    3. http://marketplace.egi.eu/metadata
  4. using rOCCI client, deploy a number of WeNMR instance on selected RPs
    1. --> federated consistent access using OCCI
    2. tentative RPs: INFN, JUELICH, GWDG, CESNET, CESGA, Cyfronet, In2P3
    3. refer to WeNMR page for info on this demo phase
  5. Go to the accounting page
    1. --> demonstrate that we account for Cloud compute consumption
    2. http://goc-accounting.grid-support.ac.uk/cloudtest/cloudsites.html
    3. http://goc-accounting.grid-support.ac.uk/cloudtest/vmshour.html
    4. http://goc-accounting.grid-support.ac.uk/cloudtest/vms.html

TODOs

rOCCI client

DONE Get rOCCI client

This was quite a hassle for MAC OS X 10.8 (Mountain Lion). Here is what I did - including a WARNING that I might have to re-compile Ruby 1.9.3.

  • Install Xcode 4.6 (from developer.appe.com
  • Inside Xcode, download and install Xcode command line tools (Menu Xcode - Preferences - Downloads)
  • Install RVM
    Jewlery crashed on my system, so that was a dead end. The following command tried to compile Ruby 1.9.3 but failed with a warning on an unsupported CLANG feature. Looks like the gcc I used is the gcc-llvm from Apple... But tht at least installed RVM on my system...
$ curl -L https://get.rvm.io | bash -s stable --ruby
$ rvm install 1.9.3 --with-gcc=gcc
  • Installation went fine... So now on to installing OCCI...
gem install occi
[...]
Successfully installed antlr3-1.8.12
Successfully installed hashie-1.2.0
Successfully installed uuidtools-2.1.3
Successfully installed nokogiri-1.5.6
Successfully installed i18n-0.6.1
Successfully installed multi_json-1.5.0
Successfully installed activesupport-3.2.11
Successfully installed multi_xml-0.5.2
Successfully installed httparty-0.10.2
Successfully installed highline-1.6.15
Successfully installed eventmachine-1.0.0
Successfully installed amq-protocol-1.1.0
Successfully installed amq-client-0.9.11
Successfully installed amqp-0.9.8
Successfully installed occi-3.0.0
15 gems installed
[...]
$

Done! Does it blend? ;-)

$ occi --auth x509 --action list --resource storage --user-cred /Users/michel/.globus/usercred-des.pem --ca-path /Users/michel/FCTF/certificates --endpoint https://occi.cloud.gwdg.de:3100/ 

Enter a password or an auth. token: 
line 1:145 mismatched character "u"; expecting "k"
line 1:157 mismatched character "u"; expecting "k"

Storage locations:
	https://occi.cloud.gwdg.de:3100/storage/72666675-9e33-55c7-8205-b157e3c8e580
	https://occi.cloud.gwdg.de:3100/storage/ea4f06a8-3509-5cbf-9f3e-f76917d60e7d
	https://occi.cloud.gwdg.de:3100/storage/ed731887-2cd1-56ba-8f7c-1fa9ded7280e
	https://occi.cloud.gwdg.de:3100/storage/9167833e-f720-5e94-a884-3911a58fa127
	https://occi.cloud.gwdg.de:3100/storage/5778be67-1da0-55e0-99c9-469060e65d5c
	https://occi.cloud.gwdg.de:3100/storage/28a83f58-77a0-5424-b0bf-47bb54f39120
	https://occi.cloud.gwdg.de:3100/storage/2ebee24b-b268-5389-a22a-ea15a4cc8003
	https://occi.cloud.gwdg.de:3100/storage/62e31e68-fd09-5669-ae0c-e7eb1f783bb4
	https://occi.cloud.gwdg.de:3100/storage/a6b0bd70-8f42-5d9b-94ec-a6e0429f24e1
	https://occi.cloud.gwdg.de:3100/storage/fe61d5dc-174e-509b-aa5d-3a775e46945a

It blends! And it even works out of the box with encrypted private keys in PEM format (see commandline options above)

Action rOCCI team - document usage on Mac OS X (issue filed on Github)

DONE rOCCI client and my Grid certificate

After sorting out the issues with Ruby and rOCCI client (see above), the certificate handling wasn't a problem anymore. However, I stand with my request to support PKCS#12 format for key and cert storage as this is *very* widely supported and does not need people to mess with OpenSSL cmd line hacking to get the authN sorted.

Any browser and OS key management supports PKCS#12 key management - no command line private key messing involved!

Action - Please document in easy steps the whole process of acquiring a Grid certificate and how to configure command line systems (for PEM support)

Action rOCCI team - Support PKCS#12 (https://github.com/gwdg/rOCCI/issues/48)

In progress Getting started with client

Getting familiar with it. For demo purposes, long command line options are a killer, so some sort of configuration file with endpoint profiling would be good.

Action rOCCI team - Support config files with endpoint profiling (https://github.com/gwdg/rOCCI/issues/46)

RP status

In progress Getting started with client

Checking RP status for the demo. Checks include:

  • storage resource query checks against RPs without VO support

The OCCI command used to query the resource providers is this:

occi --auth x509 --user-cred /Users/michel/.globus/usercred-des.pem --ca-path /Users/michel/FCTF/certificates --password $PASSWD --action list --resource storage  --endpoint $ENDPOINT

Status:
CESGA, CESNET, GWDG
Cyfronet (no endpoint in GOCDB), INFN (no endpoint in GOCDB)
JUELICH (credentials rejected?), IN2P3 (service timeout)

  • storage resource queries against RPs with VO support
  • instantiate WeNMR image without VO support

The OCCI command used to query the resource providers is this:

occi --auth x509 --user-cred /Users/michel/.globus/usercred-des.pem --ca-path /Users/michel/FCTF/certificates --password $PASSWD --endpoint $ENDPOINT --resource compute --action create --mixin $MIXIN --resource-title "HelloWeNMR"

Status:
CESGA, CESNET, GWDG
Cyfronet (no endpoint in GOCDB), INFN (no endpoint in GOCDB), JUELICH (credentials rejected?), IN2P3 (service timeout)

VO support

Done Get my Grid Certificate registered in Fedcloud VO

Server Perun doesn't like me. CESNET is investigating.

Update - tried this morning again, and I could apply for fedcloud membership. Waiting for confirmation Email...

InProgress Get Proxy certificate tools

No idea yet...

Test-run OCCI commands against selected RPs

SAM / Monitoring

Make sure the production SAM is used: https://fedcloud-mon.egi.eu

Accointing

GOC DB

DONE GocDB CA certificate

Add UK E Science certificate from the trust bundle into my browser config. For Mac OS X that translates to key chain access fun (for Google Chrome)