Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

HOWTO11 How to use the rOCCI Client

From EGIWiki
Revision as of 15:26, 4 August 2015 by Enolfc (talk | contribs)
Jump to navigation Jump to search
Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators


rOCCI client

rOCCI client provides a command line client that you can use directly from the shell to interact with an OCCI endpoint supporting EGI FedCloud.


Installation

Linux

EGI provides a script for installation of the OCCI CLI and VOMS with a single command. Type this into your console to start the installation (with a user with sudo privileges): 

curl -L http://go.egi.eu/fedcloud.ui | sudo /bin/bash

or (directly as root): 

curl -L http://go.egi.eu/fedcloud.ui | /bin/bash


This script is known to work under Ubuntu 14, Ubuntu 12, RH6 derivatives (CentOS6, SL6). The script can also be used as user_data of a VM to contextualize a basic OS into a FedCloud client.

Mac OS X

Installation script also works under Mac OS X, although it has some prerequisites:

- Homebrew installed (used for installing fetch-crl and voms-clients) - Working ruby>=1.9.3 installation, if not available, check RVM for installation

Once you have those installed, open a terminal and type: 

curl -L http://go.egi.eu/fedcloud.ui | /bin/bash

It will ask for your password to gain root privileges to create VOMS configuration files.

Other Systems

rOCCI-cli is distributed as a Ruby gem, check rOCCI-cli github page for instructions. Packages for several Linux distributions are available at AppDB rOCCI CLI entry.

You will need to install also VOMS clients for your system in order to generate a proxy for accessing the EGI FedCloud resources. Follow VOMS documentation to install the software. Below you can find specific setup instructions for fedcloud.egi.eu: 

mkdir -p /etc/grid-security/vomsdir/fedcloud.egi.eu

cat > /etc/grid-security/vomsdir/fedcloud.egi.eu/voms1.egee.cesnet.cz.lsc << EOF 
/DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.egee.cesnet.cz
/C=NL/O=TERENA/CN=TERENA eScience SSL CA
EOF

cat > /etc/grid-security/vomsdir/fedcloud.egi.eu/voms2.grid.cesnet.cz << EOF 
/DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms2.grid.cesnet.cz
/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA eScience SSL CA 2
EOF

cat >> /etc/vomses <<EOF 
"fedcloud.egi.eu" "voms1.egee.cesnet.cz" "15002" "/DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.egee.cesnet.cz" "fedcloud.egi.eu" "24"
"fedcloud.egi.eu" "voms2.grid.cesnet.cz" "15002" "/DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms2.grid.cesnet.cz" "fedcloud.egi.eu" "24"
EOF


Credentials

In order to use the Federated Cloud, you will need to create a fedcloud.egi.eu VO (or another supported VO) proxy. The Federates Cloud User support page includes information on how to get a certificate if you don't have one and how to join this VO.

Proxy Generation

You can create a proxy with voms-proxy-init as follows, be sure to include the --rfc option: 

$ voms-proxy-init -voms fedcloud.egi.eu --rfc
Enter GRID pass phrase for this identity:

Created proxy in /tmp/x509up_u501.

Your proxy is valid until Thu Apr 04 04:02:38 CEST 2013

X509_USER_PROXY variable

In the commands below, the X509_USER_PROXY variable is used to reference your proxy. You can define it with the following command (sh shells) if you have a working proxy: 

$ export X509_USER_PROXY=\`voms-proxy-info -path\`

Common operations with rOCCI-cli

How to find out more about available options and defaults use

occi --help


How to list the compute resources available in a site

$ occi --endpoint https://prisma-cloud.ba.infn.it:8787/ --action list --resource os_tpl --auth x509 --user-cred $X509_USER_PROXY --voms
http://schemas.openstack.org/template/os#72ada03a-5694-4a79-8e7e-069516a31a59
http://schemas.openstack.org/template/os#d5b97735-747f-4f08-ab0b-1f84fe417714
http://schemas.openstack.org/template/os#ec4bb03e-d6df-4964-a490-ae0ef57536e7
http://schemas.openstack.org/template/os#d07a5f26-5f2e-453f-98f2-d0a8784ae980
http://schemas.openstack.org/template/os#f92e0a8b-1f34-424b-8682-1ba93799072d
http://schemas.openstack.org/template/os#39f2bed2-5a4f-419e-b4fb-33832e47d5af
http://schemas.openstack.org/template/os#f835d4a5-cb08-4350-b60e-3fdd0dc703a4
http://schemas.openstack.org/template/os#c0a2f9e0-081a-419c-b9a5-8cb03b1decb5
http://schemas.openstack.org/template/os#02f8cd09-7c79-4b3a-923a-51cd16496a6f
http://schemas.openstack.org/template/os#5364f77a-e1cb-4a6c-862e-96dc79c4ef67
http://schemas.openstack.org/template/os#7cfba655-f692-406f-a659-79b0224290cc
http://schemas.openstack.org/template/os#ff718bea-602b-4f13-91d2-58d134c45476
http://schemas.openstack.org/template/os#7664db29-e51f-4ab8-b4e7-3adfccee3150

How to get the description of a compute resource

$ occi --endpoint https://prisma-cloud.ba.infn.it:8787/ --action describe --resource os_tpl#72ada03a-5694-4a79-8e7e-069516a31a59 --auth x509 --user-cred $X509_USER_PROXY --voms
########################################################################################################################################################################################################
[[ http://schemas.openstack.org/template/os#72ada03a-5694-4a79-8e7e-069516a31a59 ]]
title:        Image: Ubuntu-14.04-amd64
term:         72ada03a-5694-4a79-8e7e-069516a31a59
location:     /72ada03a-5694-4a79-8e7e-069516a31a59/
########################################################################################################################################################################################################

How to get the list of available resource templates

$ occi --endpoint https://prisma-cloud.ba.infn.it:8787/ --action list --resource resource_tpl --auth x509 --user-cred $X509_USER_PROXY --voms
http://schemas.openstack.org/template/resource#1cpu-1gb-10dsk
http://schemas.openstack.org/template/resource#m1-xlarge
http://schemas.openstack.org/template/resource#2cpu-4gb-20dsk
http://schemas.openstack.org/template/resource#2cpu-4gb-50dsk
http://schemas.openstack.org/template/resource#16cpu-32gb-40dsk
http://schemas.openstack.org/template/resource#8cpu-8gb-30dsk
http://schemas.openstack.org/template/resource#16cpu-32gb-10dsk
http://schemas.openstack.org/template/resource#m1-large
http://schemas.openstack.org/template/resource#16cpu-32gb-20dsk
http://schemas.openstack.org/template/resource#1cpu-1gb-20dsk
http://schemas.openstack.org/template/resource#1cpu-4gb-10dsk
http://schemas.openstack.org/template/resource#8cpu-16gb-20dsk
http://schemas.openstack.org/template/resource#16cpu-32gb-60dsk
http://schemas.openstack.org/template/resource#8cpu-32gb-20dsk
http://schemas.openstack.org/template/resource#4cpu-8gb-20dsk
http://schemas.openstack.org/template/resource#m1-tiny
http://schemas.openstack.org/template/resource#16cpu-16gb-10dsk
http://schemas.openstack.org/template/resource#8cpu-8gb-20dsk
http://schemas.openstack.org/template/resource#medium
http://schemas.openstack.org/template/resource#16cpu-32gb-80dsk
http://schemas.openstack.org/template/resource#1cpu-2gb-50-dsk
http://schemas.openstack.org/template/resource#8cpu-8gb-50dsk
http://schemas.openstack.org/template/resource#extra_large
http://schemas.openstack.org/template/resource#m1-small
http://schemas.openstack.org/template/resource#8cpu-16gb-10dsk
http://schemas.openstack.org/template/resource#small
http://schemas.openstack.org/template/resource#4cpu-8gb-50dsk
http://schemas.openstack.org/template/resource#large
http://schemas.openstack.org/template/resource#4cpu-8gb-40dsk
http://schemas.openstack.org/template/resource#1cpu-512mb-25dsk
http://schemas.openstack.org/template/resource#4cpu-8gb-10dsk
http://schemas.openstack.org/template/resource#2cpu-2gb-10dsk
http://schemas.openstack.org/template/resource#8cpu-16gb-40dsk
http://schemas.openstack.org/template/resource#8cpu-8gb-10dsk
http://schemas.openstack.org/template/resource#m1-medium

How to get the description of a resource template

$ occi --endpoint https://prisma-cloud.ba.infn.it:8787/ --action describe --resource resource_tpl#2cpu-4gb-20dsk --auth x509 --user-cred $X509_USER_PROXY --voms
########################################################################################################################################################################################################
[[ http://schemas.openstack.org/template/resource#2cpu-4gb-20dsk ]]
title:        Flavor: 2cpu-4GB-20dsk 
term:         2cpu-4gb-20dsk
location:     /2cpu-4gb-20dsk/
########################################################################################################################################################################################################

How to create a key pair to access the VMs via SSH

In order to login into the server, you need to have a set of SSH keys. To generate a set of authentication keys, in a Linux machine, you can run 

ssh-keygen -t rsa -b 2048 -f tmpfedcloud

You can use the contextualisation to configure VMs with your SSH key.

A basic contextualization script is needed to configure your access credentials into the server. You can use the following commands to create the script 

cat > tmpfedcloud.login << EOF
#cloud-config
users:
  - name: cloudadm
    sudo: ALL=(ALL) NOPASSWD:ALL
    lock-passwd: true
    ssh-import-id: cloudadm
    ssh-authorized-keys:
      - `cat tmpfedcloud.pub`
EOF

How to create a compute resource with mixins use

$ occi --endpoint https://prisma-cloud.ba.infn.it:8787/ --action create --resource compute --attribute occi.core.title="MyFirstVM" --mixin os_tpl#72ada03a-5694-4a79-8e7e-069516a31a59 --mixin resource_tpl#2cpu-4gb-20dsk --context user_data="file://$PWD/tmpfedcloud.login" --auth x509 --user-cred $X509_USER_PROXY --voms
https://prisma-cloud.ba.infn.it:8787/compute/86ae3606-d753-4421-b415-e697b1670879

How to get the description of a compute resource

$ occi --endpoint https://prisma-cloud.ba.infn.it:8787 --action describe --resource https://prisma-cloud.ba.infn.it:8787/compute/86ae3606-d753-4421-b415-e697b1670879 --voms  --auth x509 --user-cred $X509_USER_PROXY
########################################################################################################################################################################################################
[[ http://schemas.ogf.org/occi/infrastructure#compute ]]
>> location: /compute/86ae3606-d753-4421-b415-e697b1670879
occi.core.id = 86ae3606-d753-4421-b415-e697b1670879
occi.compute.architecture = x86
occi.compute.cores = 2
occi.compute.hostname = myfirstvm
occi.compute.memory = 4.0
occi.compute.speed = 0.0
occi.compute.state = active
org.openstack.compute.console.vnc = http://prisma-cloud.ba.infn.it:6080/vnc_auto.html?token=c495f33c-3eb4-4558-9eba-4608ae152080
org.openstack.compute.state = active

Links:

    [[ http://schemas.ogf.org/occi/infrastructure#networkinterface ]]
    >> location: /network/interface/18047596-098d-4ce4-af75-ca7f908fbc09
    occi.networkinterface.gateway = 90.147.102.1
    occi.networkinterface.mac = fa:16:3e:c9:b1:a0
    occi.networkinterface.interface = eth0
    occi.networkinterface.state = active
    occi.networkinterface.allocation = static
    occi.networkinterface.address = 90.147.102.223
    occi.core.source = /compute/86ae3606-d753-4421-b415-e697b1670879
    occi.core.target = /network/admin
    occi.core.id = /network/interface/18047596-098d-4ce4-af75-ca7f908fbc09

Mixins:

    [[ http://schemas.openstack.org/compute/instance#os_vms ]]
    title:        
    term:         os_vms
    location:     /os_vms/

    [[ http://schemas.openstack.org/template/os#72ada03a-5694-4a79-8e7e-069516a31a59 ]]
    title:        Image: Ubuntu-14.04-amd64
    term:         72ada03a-5694-4a79-8e7e-069516a31a59
    location:     /72ada03a-5694-4a79-8e7e-069516a31a59/

Actions:

    [[ http://schemas.ogf.org/occi/infrastructure/compute/action#stop ]]

    [[ http://schemas.ogf.org/occi/infrastructure/compute/action#suspend ]]

    [[ http://schemas.ogf.org/occi/infrastructure/compute/action#restart ]]
########################################################################################################################################################################################################

How to attach a public ip address to a compute resource

Some sites do not automatically assign a public IP address to a VM during the creation phase. In this case, you could need to attach it to the VM after the creation. 

occi --endpoint <site_endpoint> --action link --resource <vm_id> --link /network/public --auth x509 --user-cred <path_to_your_proxy> --voms

How to access the compute resource through SSH

$ ssh -i tmpfedcloud cloudadm@90.147.102.223
The authenticity of host '90.147.102.223 (90.147.102.223)' can't be established.
RSA key fingerprint is 31:76:97:09:d1:6b:3f:c0:21:02:36:9e:63:b5:f6:06.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '90.147.102.223' (RSA) to the list of known hosts.
Enter passphrase for key 'tmpfedcloud': 
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Fri Jun 13 11:19:46 UTC 2014

  System load:  0.08              Processes:           79
  Usage of /:   55.4% of 1.32GB   Users logged in:     0
  Memory usage: 2%                IP address for eth0: 90.147.102.223
  Swap usage:   0%

  Graph this data and manage this system at:
    https://landscape.canonical.com/

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.



The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

$

How to delete the compute resource

$ occi --endpoint https://prisma-cloud.ba.infn.it:8787/ --action delete --resource https://prisma-cloud.ba.infn.it:8787/compute/86ae3606-d753-4421-b415-e697b1670879 --auth x509 --user-cred $X509_USER_PROXY --voms

References

For more information, please, visit the rOCCI client GitHub repository

Retrieved from "https://wiki.egi.eu/w/index.php?title=HOWTO11_How_to_use_the_rOCCI_Client&oldid=82454"