|
|
| (76 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| This page includes pointers for application development on the EGI Federated Cloud
| | {{Fedcloud_Menu}} {{TOC_right}} |
| | [[Category:Federated_Cloud]] |
|
| |
|
| = OCCI =
| | Please check the new [https://egi-federated-cloud.readthedocs.io/ EGI Federated Cloud documentation] for more information. |
| | |
| OCCI is the standard API for accessing the EGI Federated Cloud resources.
| |
| | |
| == API ==
| |
| | |
| The [http://occi-wg.org/ Open Cloud Computing Interface (OCCI)] is a RESTful Protocol and API designed to facilitate interoperable access to, and query of, cloud-based resources across multiple resource providers and heterogeneous environments. The formal specification is maintained and actively worked on by OGF’s OCCI-WG.
| |
| | |
| EGI Federated Cloud uses v1.1 of OCCI's specification, which is defined in three documents:
| |
| * '''[http://ogf.org/documents/GFD.183.pdf OCCI Core]''' that describes the formal definition of the OCCI core model,
| |
| * '''[http://ogf.org/documents/GFD.185.pdf OCCI HTTP Rendering]''' defines how to interact with the OCCI Core Model using the RESTful OCCI API
| |
| * '''[http://ogf.org/documents/GFD.184.pdf OCCI Infrastructure]''' contains the definition of the OCCI Infrastructure extension for the IaaS domain
| |
| | |
| The OCCI Infrastructure is further extended with two new mixins for contextualization in EGI Federated Cloud:
| |
| | |
| {| class="wikitable"
| |
| |-
| |
| ! term !! scheme !! attributes
| |
| |-
| |
| | <code>user_data</code>
| |
| | <code><nowiki>http://schemas.openstack.org/compute/instance#</nowiki></code>
| |
| | <code>org.openstack.compute.user_data</code>: string that holds base64 encoded data to be available at the VM upon instantiation
| |
| |-
| |
| | <code>public_key</code>
| |
| | <code><nowiki>http://schemas.openstack.org/instance/credentials#</nowiki></code>
| |
| | <code>org.openstack.credentials.publickey.name</code>: string with the name of the public key (optional)<br/><code>org.openstack.credentials.publickey.data</code>: string with the public key
| |
| |}
| |
| | |
| The upcoming v1.2 of OCCI will be also supported on EGI resources.
| |
| | |
| | |
| == Authentication ==
| |
| | |
| OCCI does not enforce any authentication/authorization, each provider in the federation has its own mechanisms. To avoid dealing with the differences in authentication for each provider, the SDKs described below automatically handle the differences.
| |
| | |
| EGI Federated Cloud uses X.509 proxy certificates with VOMS extensions,
| |
| ; rOCCI server (OpenNebula)
| |
| : rOCCI expects that the connection is done with the user proxy as client-side certificate. rOCCI will authenticate/authorize the client with that certificate.
| |
| | |
| ; OCCI-OS/ooi/snf-occi (OpenStack/Synnefo)
| |
| : These systems expect that a valid token is sent to the endpoint in the <code>X-Auth-Token</code> header, if no valid token is found, the endpoint should return in the <code>WWW-Authenticate</code> header the URI of the Keystone service used to obtain the tokens in the folowing form: <code>WWW-Authenticate: Keystone uri=<KEYSTONE URI></code> where <KEYSTONE URI> is the location of the server (e.g. <code><nowiki>https://keystone.ifca.es:5000/</nowiki></code>). Keystone supports several authentication methods, see [[#Authentication_2 | how to get a token with a proxy certificate with Keystone]]
| |
| | |
| == SDKs ==
| |
| | |
| SDKs helps you to create applications that use the EGI Federated Cloud in the language of your choice. If your language or use case is not supported by the following SDKs, you can use directly the API. Requests for new SDKs are welcomed.
| |
| | |
| === Java ===
| |
| | |
| ; [https://github.com/EGI-FCTF/jOCCI-api jOCCI]
| |
| : jOCCI is an independent OCCI implementation by the authors of rOCCI. It satisfies the demand for a Java library, replacing the previous alternative based on JRuby. Currently in development, it is available as source from Github.
| |
| | |
| === Ruby ===
| |
| | |
| ; [https://github.com/EGI-FCTF/rOCCI-api rOCCI]
| |
| : rOCCI framework implements the OCCI class structure in Ruby, which allows developers to work with OCCI concepts natively. rOCCI-api takes care of transporting OCCI messages, currently supporting HTTP as transport protocol. rOCCI-api handles EGI Fedederated Cloud authentication on behalf of the developer.
| |
| | |
| = OpenStack =
| |
| | |
| OpenStack sites of the EGI Federated Cloud can provide access through the native OpenStack API.
| |
| | |
| == API ==
| |
| | |
| OpenStack API documentation is available at [http://developer.openstack.org/ OpenStack developer pages]. EGI Federated Cloud supports the usage of the [http://developer.openstack.org/api-ref-compute-v2.1.html Compute (nova) v2.1 API]. Using the nova API requires a valid token first, that can be obtained as described below.
| |
| | |
| == SDKs ==
| |
| | |
| '''TO BE COMPLETED'''
| |
| | |
| == Authentication ==
| |
| | |
| '''TO BE COMPLETED'''
| |
| | |
| [http://ifca.github.io/keystone-voms/ Keystone-VOMS] supports getting tokens with X.509 proxy certificates with proxy extensions. In order to get an unscoped token, you must '''POST''' a JSON request to <code>/v2.0/tokens</code> of your Keystone server with the proxy as client-side certificate and with the following body:
| |
| <pre>
| |
| {
| |
| "auth": {
| |
| "voms": "true"
| |
| }
| |
| }
| |
| </pre>
| |
| | |
| Unscoped tokens allow discovery of the supported tenants for the user (check [http://developer.openstack.org/api-ref-identity-v2.html#listTenants Keystone API v2, list tenants])
| |
| In order to get a scoped token, use instead the following JSON document:
| |
| <pre>
| |
| {
| |
| "auth": {
| |
| "voms": "true",
| |
| "tenantNane": "TenantForTheVo",
| |
| }
| |
| }
| |
| </pre>
| |
The wiki is deprecated and due to be decommissioned by the end of September 2022.