Access to JSC Cloud
Prerequisites
Resources on the JSC Cloud are granted through the Fenix Research Initiative. By default, the Fenix AAI federated identity service is used to authenticate to JSC Cloud.
Important
If your Identity Provider is not part of the Fenix AAI, you can get part of this federated identity service applying for a JSC account via JUDOOR. This is a JSC only workflow and is a temporarily solution, which might be confusing. The workflow is different than the usual compute time project workflow for our HPC resources, while it is using the same management infrastructure.
For local users who do not get their resources from Fenix and/or PRACE, authentication via LDAP through our JUDOOR web portal can be offered as well.
In both cases the Acceptable use Policy needs to be accepted.
OpenStack API Endpoints
Service Name
Service Type
Enabled
Interface
URL
API Version
glance
image
True
public
v2.15 (2.0-2.15)
keystone
identity
True
public
v3.14
heat-cfn
cloudformation
True
public
v1.0
cinderv3
volumev3
True
public
v3.0 (3.0-3.70)
neutron
network
True
public
v2.0
octavia
load balancing
True
public
v2.26 (2.0-2.26)
placement
placement
True
public
v1.0 (1.0-1.39)
heat
orchestration
True
public
v1.0
nova
compute
True
public
v2.1 (2.1-2.93)
WebUI
WebUI using Fenix AAI
Go to the JSC Cloud OpenStack Dashboard
Authenticate using
Fenix AAI
You will be forwarded to the Fenix AAI where you can select your local Identity Provider. After authenticating you are send back to the OpenStack Dashboard.
WebUI using JUDOOR
Go to the JSC Cloud OpenStack Dashboard
Authenticate using
Keystone Credentials
Domain
JUDOOR Account
Command Line Interface (CLI)
One very prominent interface to an OpenStack environment are comandline tools. These are available via pip within a Python environment, and come together with Python libraries to interact with openstack.
$ python3 -m venv openstack
$ source openstack/bin/activate
$ pip install python-openstackclient
The official OpenStack CLI documentation is available here
CLI using Fenix AAI
We are sorry, the authentication mechanism picked by Fenix, namely OIDC, is not supported by the CLI very well. You can circumvent that limitation via OpenStack specific Application Credentials.
Authenticate via the WebUI using your Fenix account
Click: Identity
Click: Application Credentials
Click: Create Application Credential
You should limit this credential as much as possible!
CLI using JUDOOR
When you use the JSC Cloud OpenStack Dashboard before switching to the CLI, you can download a credential file there.
Authenticate at the JSC Cloud OpenStack Dashboard
Click on Project
Click on API Access
Click on Download OpenStack RC File
Click on OpenStack RC File
Source the file to load the environment
Alternatively you can create the RC File on your own:
#!/usr/bin/env bash
export OS_AUTH_URL=https://cloud.jsc.fz-juelich.de:5000
export OS_PROJECT_ID=<YOUR_PROJECT_ID>
export OS_PROJECT_NAME="<YOUR_PROJECT_NAME>"
export OS_USER_DOMAIN_NAME="LDAP"
export OS_USERNAME="YOUR_USER"
# With Keystone you pass the keystone password.
echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT
export OS_REGION_NAME="JSCCloud"
export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3