Accessing The Cloud¶
Prerequisites¶
Resources on the JUSUF CLOUD Cloud are granted through the Fenix Research Initiative. By default, the Fenix AAI federated identity service is used to authenticate to JUSUF CLOUD Cloud.
Important
If your Identity Provider is not part of the Fenix AAI, you can get part of this federated itendity service via applying for a JSC account here. This is a JSC only workflow and is a temporarily solution, which might be confusing. The workflow is different than the usual compute time project workflow for our HPC resources, while it is using the same management infrastructure.
For local users that do not get their resources from Fenix and/or PRACE, authentication via LDAP through our JUDOOR web portal can be offered as well.
In both cases the Acceptible use Policy needs to be accepted.
OpenStack API Endpoints¶
Service Name
Service Type
Enabled
Interface
URL
glance
image
True
public
keystone
identity
True
public
heat-cfn
cloudformation
True
public
cinderv3
volumev3
True
public
neutron
network
True
public
placement
placement
True
public
cinderv2
volumev2
True
public
heat
orchestration
True
public
nova
compute
True
public
WebUI¶
Fenix AAI¶
Go to the JUSUF OpenStack Dashboard
Authenticate using
Fenix AAI
You will be forwarded the Fenix AAI where you can select your local Identity Provider. After authenticating you are send back to the OpenStack Dashboard.
JUDOOR¶
Go to the JUSUF OpenStack Dashboard
Authenticate using
Keystone Credentials
Domain
JUDOOR Account
Command Line Interface (CLI)¶
One very prominent interface to a OpenStack environment are comandline tools. These are available via pip within an Python environment, and come together with Python libraries to interact with openstack.
$ python3 -m venv openstack
$ source openstack/bin/activate
$ pip install python-openstackclient
The official OpenStack CLI documentation is available here
Fenix AAI¶
We are sorry, the authentication mechanism picked by Fenix, namely OIDC, is not supported by the CLI very well. You can circumvent that limitation via OpenStack specific Application Credentials.
Authenticate via the WebUI using your Fenix account
Click: Identity
Click: Application Credentials
Click: Create Application Credential
You should limit that credential as much as possible!
JUDOOR¶
When you used the JUSUF OpenStack Dashboard before switching to the CLI, you can download a credential file there.
Authenticate at the JUSUF OpenStack Dashboard
Click on Project
Click on API Access
Click on Download OpenStack RC File
Click on OpenStack RC File
Source the file to load the environment
Alternatively you can create the RC File on your own:
#!/usr/bin/env bash
export OS_AUTH_URL=https://jusuf-cloud.fz-juelich.de:13000
export OS_PROJECT_NAME="YOUR_PROJECT"
export OS_USER_DOMAIN_NAME="JUDOOR"
export OS_USERNAME="YOUR_USER"
# With Keystone you pass the keystone password.
echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT
export OS_REGION_NAME="jusuf"
export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3