There is a VO available for 6 months piloting activities that any researcher in Europe can join. Just place an order into the EGI Marketplace.
Authentication via CLI or API requires a valid Check-in token. The FedCloud Check-in client allows you to get one as needed. Check the Authentication and Authorisation guide for more information.
OCCI is now deprecated as API for the EGI Cloud providers using OpenStack. Some providers still support OCCI (a list of active endpoints can be queried at GOCDB) but it should note be used for any new developments.
Migration from rOCCI CLI to OpenStack CLI is quite straightforward, we summarize the main commands in rOCCI and OpenStack equivalent in the table below:
Action | rOCCI | OpenStack |
---|---|---|
List images | occi -a list -r os_tpl | openstack image list |
Describe images | occi -a describe -r <image_id> | openstack image show <image_id> |
List flavors | occi -a list -r resorce_tpl | openstack flavor list |
Describe flavors | occi -a describe -r <template_id> | openstack flavor show <image_id> |
Create VM | occi -a create -r compute -t occi.core.title="MyFirstVM" -M <flavor id> -M <image id> -T user_data="file://<file>" | openstack server create --flavor <flavor> --image <image> --user-data <file> MyFirstVM |
Describe VM | occi -a describe -r <vm id> | openstack server show <vm id> |
Delete VM | occi -a delete -r <vm id> | openstack server delete <vm id> |
Create volume | occi -a create -r storage -t occi.storage.size='num(<site in GB>)' -t occi.core.title=<storage_resource_name> | openstack volume create --size <size in GB> <storage resource name> |
List volume | occi -a list -r storage | openstack volume list |
Attach volume | occi -a link -r <vm_id> -j <storage_resource_id> | openstack server add volume <vm id> <volume id> |
Dettach volume | occi -a unlink -r <storage_link_id> | openstack server remove volume <vm id> <volume id> |
Delete volume | occi -a delete -r <volume id> | openstack volume delete <volume id> |
Attach public IP | occi -a link -r <vm id> --link /network/public | openstack server add floating ip <vm id> <ip> |
If you still rely on OCCI for your access, please contact us at
support _at_ egi.eu
for support on the migration. OpenNebula sites still use
OCCI as main API, but its direct use is not recommended as the support will be
deprecated. Instead use an Orchestrator like IM for interacting with those
sites.
The list of certified providers is available in GOCDB. The
egicli endpoint list
command can help you to get that list:
$ egicli endpoint list
Site type URL
------------------ ------------------ ------------------------------------------------
IFCA-LCG2 org.openstack.nova https://api.cloud.ifca.es:5000/v3/
IN2P3-IRES org.openstack.nova https://sbgcloud.in2p3.fr:5000/v3
UA-BITP org.openstack.nova https://openstack.bitp.kiev.ua:5000/v3
RECAS-BARI org.openstack.nova https://cloud.recas.ba.infn.it:5000/v3
NCG-INGRID-PT org.openstack.nova https://nimbus.ncg.ingrid.pt:5000/v3
CLOUDIFIN org.openstack.nova https://cloud-ctrl.nipne.ro:443/v3
IISAS-GPUCloud org.openstack.nova https://keystone3.ui.savba.sk:5000/v3/
IISAS-FedCloud org.openstack.nova https://nova.ui.savba.sk:5000/v3/
UNIV-LILLE org.openstack.nova https://thor.univ-lille.fr:5000/v3
INFN-PADOVA-STACK org.openstack.nova https://egi-cloud.pd.infn.it:443/v3
CYFRONET-CLOUD org.openstack.nova https://api.cloud.cyfronet.pl:5000/v3/
SCAI org.openstack.nova https://fc.scai.fraunhofer.de:5000/v3
CESNET-MCC org.openstack.nova https://identity.cloud.muni.cz/v3
INFN-CATANIA-STACK org.openstack.nova https://stack-server.ct.infn.it:35357/v3
CESGA org.openstack.nova https://fedcloud-osservices.egi.cesga.es:5000/v3
100IT org.openstack.nova https://cloud-egi.100percentit.com:5000/v3/
The providers also generate dynamic information about their characteristics via the Argo Messaging System which is easily browsable from AppDB.
Sites offer their resources to users through Virtual Organisations (VO). First, you need to join a Virtual Organisation that matches your research interests, see authorisation section on how VOs work. AppDB shows the supported VOs and for each VO you can browse the resource providers that support it.
The Application Database contains information about the VM images available in the EGI Cloud. Within the AppDB Cloud Marketplace, you can look for a VM and get all the information about which VO the VM is associated, the sites where the VM is available and the endpoints and identifiers to use it in practice.
There are several ways to increase the disk space available at the VM. The fastest and easiest one is to use block storage, creating a new storage disk device and attaching it to the VM. Check the storage guide for more information.
After a VM has been stopped and unless backed up in a block storage volume, all data in the VM is destroyed and cannot be recovered. To ensure your data will be available after the VM is deleted, you need to use some form of persistent storage.
Some providers do not automatically assign a public IP address to a VM during the creation phase. In this case, you can attach a public IP by first allocating a new public IP and then assigning it to the VM.
If you need a domain name for your VMs, we offer a Dynamic DNS service that allows any EGI user to create names for VMs under the fedcloud.eu domain.
Just go to EGI Cloud nsupdate and login with your Check-in account. Once in, you can click on "Add host" to register a new hostname in an available domain.
Contextualisation is the process of installing, configuring and preparing software upon boot time on a pre-defined virtual machine image. This way, the pre-defined images can be stored as generic and small as possible, since customisations will take place on boot time.
Contextualisation is particularly useful for:
Contextualisation requires passing some data to the VMs on instantiation (the context) and handling that context in the VM.
The best way to login into the virtual server is to use SSH keys. If you don't
have one, you need to generate it with the ssh-keygen
command:
ssh-keygen -f fedcloud
This will generate two files:
fedcloud
, the private key. This file should never be sharedfedcloud.pub
, the public key. That will be sent to your VM.To inject the public SSH key into the VM you can use the key-name
option when
creating the VM in OpenStack. Check
keypair management
option in OpenStack documentation. This key will be available for the default
configured user of the VM (e.g. ubuntu
for Ubuntu, centos
for CentOS).
You can also create users with keys with a contextualisation file:
#cloud-config
users:
- name: cloudadm
sudo: ALL=(ALL) NOPASSWD:ALL
lock-passwd: true
ssh-import-id: cloudadm
ssh-authorized-keys:
- <paste here the contents of your SSH key pub file>
cloud-init
.If you have a contextualisation file, you can use it with the --user-data
option to server create
in OpenStack.
openstack server create --flavor <your-flavor> --image <your image> \
--user-data <your contextualisation file> \
<server name>
cloud-init
for
contextualisation. EGI images in AppDB do support cloud-init
. Check the
documentation for more information.EGI Cloud endpoints use HTTPS so information passed to contextualise the VMs can be assumed to be safe and only readable within your VM. However, take into account that anyone with access to the VM may be able to access also the contextualisation information.
Ansible relies on ssh for accessing the servers it will configure. VMs at EGI Cloud can be also accessed via ssh, just make sure you inject the correct public keys in the VMs to be able to access.
If you don't have public IPs for all the VMs to be managed, you can also use one as a gateway as described in the Ansible FAQ.