Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @


From EGIWiki
Jump to navigation Jump to search
Main Roadmap and Innovation Technology For Users For Resource Providers Media

OpenStack Resource Provider Deployment guide

This section describes steps necessary for new Resource Provider (RP) using Openstack middleware to join EGI Cloud Federation. It is strongly recommended using the last Openstack version. Specifically, the VOMS-enabled authentication will require Grizzly version of Keystone. The installation and configuration instructions for OpenStack are available online[1].

The actual integration with the EGI Cloud Federation consists of the following steps:

  1. VOMS-enable Keystone installation and configuration
  2. OCCI installation and configuration
  3. Integration with accounting service APEL
  4. Integration with VM Image Management infrastructure
  5. Integration with information system
  6. Registration of deployed services in GOCDB

Each of the above-mentioned steps is a requirement for every Resource Provider wishing to join the EGI Cloud Federation. Resource Providers are welcome to deploy and offer additional services such as object storage (CDMI) but this is not a requirement at this time. Detailed description of the listed steps is as follows.

VOMS-enable Keystone installation and configuration

The installation and configuration of VOMS-enable Keystone is available online[2]. That will enable X.509 authentication mechanism and allows users with valid VOMS proxy certificate to log in. The actual VO for EGI Cloud Federation should be enabled in the configuration (details can be found here: Federated AAI Configuration). There is an option for automatically creating new users for trusted VO on the fly.

OCCI installation and configuration

The steps of installation and configuration of OCCI is available online[3]. The installation and configuration should be done on the machine with Nova server. Be aware of selecting the appropriate branch for your OpenStack installation.

For more information, detailed instructions for OpenStack Grizzly configuration/installation OCCI support, provided by INFN, are available here.

Integration with accounting service APEL

Like RP with OpenNebula, the client for accounting service APEL must be installed and configured. The details of installation and configuration of APEL for Openstack is available at[4][5].

Integration with VM Image management infrastructure

Resource Providers are required to integrate their Openstack with an image management service used within the federation. Installation and configuration details are available online in the Wiki[6]. This service ensures that all images are trusted and up-to-date for all Resource Providers across the federation.

In addition to vmcaster/vmcatcher, glancepush-vmcatcher[7] uses vmcatcher's event handler to signal glancepush that a new image was updated in vmcatcher's cache and glancepush will check and publish images from vmcatcher cache to glance service in Openstack.

Integration with information system LDAP/BDII

Integration with BDII for RP with Openstack is identical as in the OpenNebula case. The instructions are available online in the Wiki[8].