Difference between revisions of "Fedcloud-tf:ResourceProviders:OpenStack"

From EGIWiki
Jump to: navigation, search
(OpenStack Resource Provider Deployment guide)
(Redirected page to MAN10#OpenStack)
Line 1: Line 1:
{{Fedcloud-tf:Menu}} {{TOC_right}}
== OpenStack Resource Provider Deployment guide ==
This section describes steps necessary for new Resource Provider (RP) using Openstack middleware to join EGI Cloud Federation. It is strongly recommended using the last Openstack version. Specifically, the VOMS-enabled authentication will require Havana version of Keystone. The installation and configuration instructions for OpenStack are available online<ref>http://docs.openstack.org/install/</ref>.
The actual integration with the EGI Cloud Federation consists of the following steps:
# VOMS-enable Keystone installation and configuration
# OCCI installation and configuration
# Integration with accounting service APEL
# Integration with VM Image Management infrastructure
# Integration with information system
# Registration of deployed services in GOCDB (for details see [https://wiki.egi.eu/wiki/Fedcloud-tf:WorkGroups:Scenario5#GOCDB Scenario5-GOCDB])
Each of the above-mentioned steps is a requirement for every Resource Provider wishing to join the EGI Cloud Federation. Resource Providers are welcome to deploy and offer additional services such as object storage (CDMI) but this is not a requirement at this time. Detailed description of the listed steps is as follows.
=== VOMS-enable Keystone installation and configuration ===
The installation and configuration of VOMS-enable Keystone is available online<ref>http://ifca.github.io/keystone-voms/</ref>. That will enable X.509 authentication mechanism and allows users with valid VOMS proxy certificate to log in. The actual VO for EGI Cloud Federation fedcloud.egi.eu should be enabled in the configuration (details can be found here: [[Federated_AAI_Configuration|Federated AAI Configuration]]). There is an option for automatically creating new users for trusted VO on the fly.
=== OCCI installation and configuration ===
The steps of installation and configuration of OCCI is available online<ref>https://github.com/EGI-FCTF/occi-os/</ref>. The installation and configuration should be done on the machine with Nova server. Be aware of selecting the appropriate branch for your OpenStack installation.
For more information, detailed instructions for OpenStack Grizzly configuration/installation OCCI support, provided by INFN, are available [https://gilda.ct.infn.it/documents/26990/bee1363f-7444-4966-8cb2-f624e06542d6 here].
=== Integration with accounting service APEL ===
Like RP with OpenNebula, the client for accounting service APEL must be installed and configured. The details of installation and configuration of APEL for Openstack is available at<ref>https://wiki.egi.eu/wiki/Fedcloud-tf:WorkGroups:Scenario4</ref><ref>https://github.com/EGI-FCTF/osssm/wiki</ref>.
=== Integration with VM Image management infrastructure ===
Resource Providers are required to integrate their Openstack with an image management service used within the federation. Installation and configuration details are available online in the Wiki<ref>https://wiki.egi.eu/wiki/Fedcloud-tf:WorkGroups:Scenario8:Configuration#VMcatcher</ref>. This service ensures that all images are trusted and up-to-date for all Resource Providers across the federation.
In addition to vmcaster/vmcatcher, glancepush-vmcatcher<ref>https://github.com/EGI-FCTF/glancepush</ref> uses vmcatcher's event handler to signal glancepush that a new image was updated in vmcatcher's cache and glancepush will check and publish images from vmcatcher cache to glance service in Openstack.
=== Integration with information system LDAP/BDII ===
Integration with BDII for RP with Openstack is identical as in the OpenNebula case. The instructions are available online in the Wiki<ref>https://wiki.egi.eu/wiki/Fedclouds_BDII_instructions</ref>.
=== CDMI  installation and configuration ===
For the OpenStack Storage service (Swift) to work within the EGI Federated Cloud, the [https://github.com/osaddon/cdmi CDMI OpenStack addon] need to be installed. To do so, you can follow the instructions [https://github.com/osaddon/cdmi here].
''NOTE:'' If you are using OpenStack Havana stable branch (stable/havana) and you have <code>delay_auth_decision = 1</code> into your <code>/etc/swift/proxy-server.conf</code> file (which is required to support public access to files), ''www-authenticate'' is not sent correctly by the CDMI interface. To fix this, you need to apply, over a stable/havana distribution, first the following patch: <code>git fetch https://review.openstack.org/openstack/swift refs/changes/76/43476/14 && git checkout FETCH_HEAD</code> and then this patch: https://bugs.launchpad.net/swift/+bug/1349364
''NOTE:'' If you are using OpenStack Icehouse stable branch (stable/icehouse) and you have <code>delay_auth_decision = 1</code> into your <code>/etc/swift/proxy-server.conf</code> file (which is required to support public access to files), ''www-authenticate'' is not sent correctly by the CDMI interface for Keystone authentication. To fix this, you need to apply this patch: https://bugs.launchpad.net/swift/+bug/1349364 .
== References ==

Latest revision as of 09:47, 8 June 2015

Redirect to: