Accessing The Cloud¶
Resources on the JUSUF CLOUD Cloud are granted through the Fenix Research Initiative. By default, the Fenix AAI federated identity service is used to authenticate to JUSUF CLOUD Cloud.
If your Identity Provider is not part of the Fenix AAI, you can get part of this federated itendity service via applying for a JSC account here. This is a JSC only workflow and is a temporarily solution, which might be confusing. The workflow is different than the usual compute time project workflow for our HPC resources, while it is using the same management infrastructure.
For local users that do not get their resources from Fenix and/or PRACE, authentication via LDAP through our JUDOOR web portal can be offered as well.
In both cases the Acceptible use Policy needs to be accepted.
OpenStack API Endpoints¶
Go to the JUSUF OpenStack Dashboard
You will be forwarded the Fenix AAI where you can select your local Identity Provider. After authenticating you are send back to the OpenStack Dashboard.
Command Line Interface (CLI)¶
One very prominent interface to a OpenStack environment are comandline tools. These are available via pip within an Python environment, and come together with Python libraries to interact with openstack.
$ python3 -m venv openstack $ source openstack/bin/activate $ pip install python-openstackclient
The official OpenStack CLI documentation is available here
We are sorry, the authentication mechanism picked by Fenix, namely OIDC, is not supported by the CLI very well. You can circumvent that limitation via OpenStack specific Application Credentials.
Authenticate via the WebUI using your Fenix account
Click: Application Credentials
Click: Create Application Credential
You should limit that credential as much as possible!
When you used the JUSUF OpenStack Dashboard before switching to the CLI, you can download a credential file there.
Authenticate at the JUSUF OpenStack Dashboard
Click on Project
Click on API Access
Click on Download OpenStack RC File
Click on OpenStack RC File
Source the file to load the environment
Alternatively you can create the RC File on your own:
#!/usr/bin/env bash export OS_AUTH_URL=https://jusuf-cloud.fz-juelich.de:13000 export OS_PROJECT_NAME="YOUR_PROJECT" export OS_USER_DOMAIN_NAME="JUDOOR" export OS_USERNAME="YOUR_USER" # With Keystone you pass the keystone password. echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: " read -sr OS_PASSWORD_INPUT export OS_PASSWORD=$OS_PASSWORD_INPUT export OS_REGION_NAME="jusuf" export OS_INTERFACE=public export OS_IDENTITY_API_VERSION=3