Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Fedcloud-tf:CloudscapeVDemo

From EGIWiki
Jump to navigation Jump to search


This Wiki entry describes the planned demonstration at Cloudscape V in Brussels (see FCTF Outreach section).

Demonstration script

  1. Check GOGDB for available Cloud endpoints
    1. --> demonstrates information system
    2. https://goc.egi.eu/portal/
  2. Check Nagios/SAM for status
    1. --> demonstrates monitoring
    2. http://cloudmon.egi.eu/myegi/
  3. Look up the image on the Marketplace
    1. --> demonstrate VM distribution and endorsement
    2. --> demonstrate vmcatcher based image distribution
    3. http://marketplace.egi.eu/metadata
  4. using rOCCI client, deploy a number of WeNMR instance on selected RPs
    1. --> federated consistent access using OCCI
    2. tentative RPs: INFN, JUELICH, GWDG, CESNET, CESGA, Cyfronet, In2P3
    3. refer to WeNMR page for info on this demo phase
  5. Go to the accounting page
    1. --> demonstrate that we account for Cloud compute consumption
    2. http://goc-accounting.grid-support.ac.uk/cloudtest/cloudsites.html
    3. http://goc-accounting.grid-support.ac.uk/cloudtest/vmshour.html
    4. http://goc-accounting.grid-support.ac.uk/cloudtest/vms.html

TODOs

rOCCI client

DONE Get rOCCI client

This was quite a hassle for MAC OS X 10.8 (Mountain Lion). I finally managed getting rOCCI client running natively on Mac OS X - here is how I did it.

Action rOCCI team - document usage on Mac OS X (issue filed on Github) (see https://github.com/gwdg/rOCCI/issues/59)

DONE rOCCI client and my Grid certificate

After sorting out the issues with Ruby and rOCCI client (see above), the certificate handling wasn't a problem anymore. However, I stand with my request to support PKCS#12 format for key and cert storage as this is *very* widely supported and does not need people to mess with OpenSSL cmd line hacking to get the authN sorted.

Any browser and OS key management supports PKCS#12 key management - no command line private key messing involved!

Action - Please document in easy steps the whole process of acquiring a Grid certificate and how to configure command line systems (for PEM support)

Done Getting started with client

Set up a couple of config scripts that make the command line very easy. See raw demo takes available at https://documents.egi.eu/document/1593)

For longer term, a rOCCI client config file will be helpful.

Action rOCCI team - Support config files with endpoint profiling (https://github.com/gwdg/rOCCI/issues/46)

RP status

In progress Getting started with client

Checking RP status for the demo. Checks include:

  • storage resource query checks against RPs without VO support

The OCCI command used to query the resource providers is this:

occi --auth x509 --user-cred /Users/michel/.globus/usercred-des.pem --ca-path /Users/michel/FCTF/certificates --password $PASSWD --action list --resource storage  --endpoint $ENDPOINT

Status:
CESGA, CESNET, GWDG
Cyfronet (no endpoint in GOCDB), INFN (no endpoint in GOCDB)
JUELICH (credentials rejected?), IN2P3 (service timeout)

  • storage resource queries against RPs with VO support
  • instantiate WeNMR image without VO support

The OCCI command used to query the resource providers is this:

occi --auth x509 --user-cred /Users/michel/.globus/usercred-des.pem --ca-path /Users/michel/FCTF/certificates --password $PASSWD --endpoint $ENDPOINT --resource compute --action create --mixin $MIXIN --resource-title "HelloWeNMR"

Status:
CESGA, CESNET, GWDG
Cyfronet (no endpoint in GOCDB), INFN (no endpoint in GOCDB), JUELICH (credentials rejected?), IN2P3 (service timeout)

VO support

Done Get my Grid Certificate registered in Fedcloud VO

Server Perun doesn't like me. CESNET is investigating.

Update - tried this morning again, and I could apply for fedcloud membership. Waiting for confirmation Email...

InProgress Get Proxy certificate tools

No idea yet...

Test-run OCCI commands against selected RPs

SAM / Monitoring

Make sure the production SAM is used: https://fedcloud-mon.egi.eu

Accointing

GOC DB

DONE GocDB CA certificate

Add UK E Science certificate from the trust bundle into my browser config. For Mac OS X that translates to key chain access fun (for Google Chrome)