Accessing The Cloud

Prerequisites

Resources on the JUSUF CLOUD Cloud are granted through the Fenix Research Initiative. By default, the Fenix AAI federated identity service is used to authenticate to JUSUF CLOUD Cloud.

Important

If your Identity Provider is not part of the Fenix AAI, you can get part of this federated itendity service via applying for a JSC account here. This is a JSC only workflow and is a temporarily solution, which might be confusing. The workflow is different than the usual compute time project workflow for our HPC resources, while it is using the same management infrastructure.

For local users that do not get their resources from Fenix and/or PRACE, authentication via LDAP through our JUDOOR web portal can be offered as well.

In both cases the Acceptible use Policy needs to be accepted.

OpenStack API Endpoints

Service Name

Service Type

Enabled

Interface

URL

glance

image

True

public

https://jusuf-cloud.fz-juelich.de:13292

keystone

identity

True

public

https://jusuf-cloud.fz-juelich.de:13000

heat-cfn

cloudformation

True

public

https://jusuf-cloud.fz-juelich.de:13005/v1

cinderv3

volumev3

True

public

https://jusuf-cloud.fz-juelich.de:13776/v3/%(tenant_id)s

neutron

network

True

public

https://jusuf-cloud.fz-juelich.de:13696

placement

placement

True

public

https://jusuf-cloud.fz-juelich.de:13778/placement

cinderv2

volumev2

True

public

https://jusuf-cloud.fz-juelich.de:13776/v2/%(tenant_id)s

heat

orchestration

True

public

https://jusuf-cloud.fz-juelich.de:13004/v1/%(tenant_id)s

nova

compute

True

public

https://jusuf-cloud.fz-juelich.de:13774/v2.1

WebUI

Fenix AAI

  1. Go to the JUSUF OpenStack Dashboard

  2. Authenticate using

  3. Fenix AAI

You will be forwarded the Fenix AAI where you can select your local Identity Provider. After authenticating you are send back to the OpenStack Dashboard.

JUDOOR

  1. Go to the JUSUF OpenStack Dashboard

  2. Authenticate using

  3. Keystone Credentials

  4. Domain

  5. JUDOOR Account

Command Line Interface (CLI)

One very prominent interface to a OpenStack environment are comandline tools. These are available via pip within an Python environment, and come together with Python libraries to interact with openstack.

$ python3 -m venv openstack
$ source openstack/bin/activate
$ pip install python-openstackclient

The official OpenStack CLI documentation is available here

Fenix AAI

We are sorry, the authentication mechanism picked by Fenix, namely OIDC, is not supported by the CLI very well. You can circumvent that limitation via OpenStack specific Application Credentials.

  1. Authenticate via the WebUI using your Fenix account

  2. Click: Identity

  3. Click: Application Credentials

  4. Click: Create Application Credential

You should limit that credential as much as possible!

JUDOOR

When you used the JUSUF OpenStack Dashboard before switching to the CLI, you can download a credential file there.

  1. Authenticate at the JUSUF OpenStack Dashboard

  2. Click on Project

  3. Click on API Access

  4. Click on Download OpenStack RC File

  5. Click on OpenStack RC File

  6. Source the file to load the environment

Alternatively you can create the RC File on your own:

#!/usr/bin/env bash
export OS_AUTH_URL=https://jusuf-cloud.fz-juelich.de:13000
export OS_PROJECT_NAME="YOUR_PROJECT"
export OS_USER_DOMAIN_NAME="JUDOOR"
export OS_USERNAME="YOUR_USER"
# With Keystone you pass the keystone password.
echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT
export OS_REGION_NAME="jusuf"
export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3