|Main||Roadmap and Innovation||Technology||For Users||For Resource Providers||Media|
OpenStack Resource Provider Deployment guide
This section describes steps necessary for new Resource Provider (RP) using Openstack middleware to join EGI Cloud Federation. It is strongly recommended using the last Openstack version. Specifically, the VOMS-enabled authentication will require Havana version of Keystone. The installation and configuration instructions for OpenStack are available online.
The actual integration with the EGI Cloud Federation consists of the following steps:
- VOMS-enable Keystone installation and configuration
- OCCI installation and configuration
- Integration with accounting service APEL
- Integration with VM Image Management infrastructure
- Integration with information system
- Registration of deployed services in GOCDB (for details see Scenario5-GOCDB)
Each of the above-mentioned steps is a requirement for every Resource Provider wishing to join the EGI Cloud Federation. Resource Providers are welcome to deploy and offer additional services such as object storage (CDMI) but this is not a requirement at this time. Detailed description of the listed steps is as follows.
VOMS-enable Keystone installation and configuration
The installation and configuration of VOMS-enable Keystone is available online. That will enable X.509 authentication mechanism and allows users with valid VOMS proxy certificate to log in. The actual VO for EGI Cloud Federation fedcloud.egi.eu should be enabled in the configuration (details can be found here: Federated AAI Configuration). There is an option for automatically creating new users for trusted VO on the fly.
OCCI installation and configuration
The steps of installation and configuration of OCCI is available online. The installation and configuration should be done on the machine with Nova server. Be aware of selecting the appropriate branch for your OpenStack installation.
For more information, detailed instructions for OpenStack Grizzly configuration/installation OCCI support, provided by INFN, are available here.
Integration with accounting service APEL
Integration with VM Image management infrastructure
Resource Providers are required to integrate their Openstack with an image management service used within the federation. Installation and configuration details are available online in the Wiki. This service ensures that all images are trusted and up-to-date for all Resource Providers across the federation.
In addition to vmcaster/vmcatcher, glancepush-vmcatcher uses vmcatcher's event handler to signal glancepush that a new image was updated in vmcatcher's cache and glancepush will check and publish images from vmcatcher cache to glance service in Openstack.
Integration with information system LDAP/BDII
Integration with BDII for RP with Openstack is identical as in the OpenNebula case. The instructions are available online in the Wiki.
CDMI installation and configuration
NOTE: If you are using OpenStack Havana stable branch (stable/havana) and you have
delay_auth_decision = 1 into your
/etc/swift/proxy-server.conf file (which is required to support public access to files), www-authenticate is not sent correctly by the CDMI interface. To fix this, you need to apply, over a stable/havana distribution, first the following patch:
git fetch https://review.openstack.org/openstack/swift refs/changes/76/43476/14 && git checkout FETCH_HEAD and then this patch: https://bugs.launchpad.net/swift/+bug/1349364
NOTE: If you are using OpenStack Icehouse stable branch (stable/icehouse) and you have
delay_auth_decision = 1 into your
/etc/swift/proxy-server.conf file (which is required to support public access to files), www-authenticate is not sent correctly by the CDMI interface for Keystone authentication. To fix this, you need to apply this patch: https://bugs.launchpad.net/swift/+bug/1349364 .