FHNManager Installation
The Federated Hosting Node Manager (FHNM) is the core part of the gCube-FedCloud integration.
Contents
Usage
Maven coordinates
The maven artifact coordinates are:
<dependency> <groupId>org.gcube.resources.federation</groupId> <artifactId>fhn-manager-service</artifactId> <version>1.0.0-SNAPSHOT</version> <packaging>war</packaging> </dependency>
Deployment
Deploy the war file related to the service into the SmartGears Container (tomcat Webapp folder)
Authentication
In order to use the Federated Cloud, it is necessary to register a certificate to join a Virtual Organisation (VO) of the cloud. In case of integration with EGI it is necessary to generate a VOMS proxy in order to obtain authorization attributes to be embedded in X.509 proxy certificates, needed to access FedCloud sites.
Ideally, the VRE Manager should have to import the credentials related to own VRE directly from the gCube IS; actually the service foresees an interface for the future integration with the IS, but currently we're using VRE Manager certificates (actually a second-level proxy of the manager's cert. The first one is stored, encrypted, in the gCube information system; the second one is generated by the service just before accessing FedCloud and it's really short-lived; usually it is available at /tmp folder).
Most, if not all, gCube users do not own a x509 certificate; they access the gCube portal with username/password and the usage of external infrastructures is completely transparent to them. Basically the gCube Information System will contain the .pem certificated associated to each VRE or Infrastructure Manager. Such certificates will be used by the service to create a runtime VOMS proxy in order to interact with FedCloud. If any certificates is provided, no interaction with FedCloud will be allowed.
Details about the installation of VOMS clients for your system are available at [How to use the rOCCI Client]
Configuration Steps
For a correct configuration of the service, please refer to subsections below:
Target definition
First, it is necessary to configure the target cloud platforms to add to configuration. To achieve that, please edit vmproviders.yml file (available to ../classes/ folder) and insert data (a list if you desire to add multiple resources) as follows:
--- credentials: {type: x509, encodedCredentails: /tmp/x509up_u1004} endpoint: https://carach5.ics.muni.cz:11443/ id: 4-1 name: Cesnet-Metacloud resourceTemplates: nodeTemplates: - refId: 3-1 ---
Credentials will specify:
- the path to the second level Proxy certificate
- the typology (x509)
Other fields are related to:
- the endpoint (please refer to [AppDb] for a list of sites exposing occi and supporting gCube smartExecutor Virtual Appliance)
- the provider ID
- the provider name
- the reference to node template file
The resource templates describe the resources (in terms of memory, number of cores, etc..) In this case, it is left to blank; actually it is extracted directly from the fhn-occi-connector(and stored manually in ResourceTemplates.yml file as GUI requirement); In the next releases, the development of a caching system could be considered. An example of resource template representation is shown in the following:
<resourceTemplates> <resourceTemplate> <id>http://fedcloud.egi.eu/occi/compute/flavour/1.0#mem_small</id> <cores>1</cores> <memory>4294967296</memory> <name>Small Instance - 1 core and 4 GB RAM</name> <vmProvider refId="4-1"/> </resourceTemplate>
Define OSTemplate
Node Templates must be defined in nodetemplates.yml file (available to ../classes/ folder).
--- id: 3-1 os: name osVersion: name: description: version: diskSize: script: https://appdb.egi.eu/storage/cs/vapp/15819120-7ee4-4b85-818a-d9bd755a61f0/devsec-init osTemplateId: http://occi.carach5.ics.muni.cz/occi/infrastructure/os_tpl#uuid_gcubesmartexecutor_fedcloud_warg_139 serviceProfile: refId: 2-1
Fields of interest are the following:
- the Node template ID
- the URL of the contextualisation script that will be used to instantiate a virtual machine able to be monitored by the d4Science infrastructure
- the id related to the image of the OS template obtained by [AppDb] (in this case, just the one related to SmartExecutor is considered)
- the reference to service profile
Define Service Profile
According to domain model, the service profile defines the software specifications running on the instance. It must be defined in serviceprofiles.yml file (available to ../classes/ folder). An example of service profiles can be found below definition:
--- deployedSoftware: - refId: s2 description: gCube Smart Executor creationDate: 06-Oct-2015 version: 1.2.0 id: 2-1 minRam: 4294967296 minCores: 1 suggestedRam: 8589934592 suggestedCores: 2 ---
Edit properties file
Before starting, please edit the YAML service.properties file available in WEB.INF/classes folder and replace the STORAGE_DIR: /home/"user_name"/fhnmanager path with user home path (e.g., STORAGE_DIR: /home/ngalante/fhnmanager); such folder will contain the persistency of nodes created by using the service. An example of node created by the service and stored in nodes.yml file is shown below:
--- !!org.gcube.resources.federation.fhnmanager.api.type.Node hostname: hostname id: 4-1@https://carach5.ics.muni.cz:11443/compute/68051 nodeTemplate: {refId: 3-1} resourceTemplate: {refId: 'http://fedcloud.egi.eu/occi/compute/flavour/1.0#small'} serviceProfile: {refId: 2-1} status: waiting vmProvider: {refId: 4-1} workload: {allTimeAverageWorkload: 0.5, lastDayWorkload: 0.7, lastHourWorkload: 0.2, nowWorkload: 0.8} --- !!org.gcube.resources.federation.fhnmanager.api.type.Node hostname: stoor180.meta.zcu.cz id: 4-1@https://carach5.ics.muni.cz:11443/compute/68102 nodeTemplate: {refId: 3-1} resourceTemplate: {refId: 'http://fedcloud.egi.eu/occi/compute/flavour/1.0#small'} serviceProfile: {refId: 2-1} status: active vmProvider: {refId: 4-1} workload: {allTimeAverageWorkload: 0.5, lastDayWorkload: 0.7, lastHourWorkload: 0.2, nowWorkload: 0.8} --- --- !!org.gcube.resources.federation.fhnmanager.api.type.Node hostname: stoor154.meta.zcu.cz id: 4-1@https://carach5.ics.muni.cz:11443/compute/68942 nodeTemplate: {refId: 3-1} resourceTemplate: {refId: 'http://fedcloud.egi.eu/occi/compute/flavour/1.0#small'} serviceProfile: {refId: 2-1} status: suspended vmProvider: {refId: 4-1} #workload: null
Since the nodes are created/started/stopped/deleted via fhn-occi-connector, it could take time to retrieve consistent information (e.g., the status attribute, is initially populated as "waiting" and just actually later it becomes "active"). To solve this kind of issue, a mechanism of synchronization between the data retrieved from the connector and the persistency currently stored locally from the service has been implemented (in the future, such persistency will be stored directly in the gCube Information System repository).
Client installation
In order to test the functionalities proposed by the service, a rest client library has been developed.
Maven coordinates
<dependency> <groupId>org.gcube.resources.federation</groupId> <artifactId>fhn-manager-client</artifactId> <version>1.0.0-SNAPSHOT</version> </dependency>
Client Testing
The set of RestAPIs call can be performed by using the ClientTest.java class.
ScopeProvider.instance.set("/gcube/devsec"); //set the scope of interest here FHNManager client = FHNManagerProxy.getService(new URL("http://"hostname":"port"/fhn-manager-service/rest")).build(); FHNManagerClient client = FHNManagerProxy.getService().build(); client.allServiceProfiles(); client.createNode(vmProviderId, serviceProfileId, resourceTemplateId); client.findNodes(vmProviderId, serviceProfileId); client.findResourceTemplate(vmProviderid); client.findVMProviders(serviceProfileId); client.getNodeById(NodeId); client.getVMProviderbyId(vmProviderid); client.startNode(NodeId); client.stopNode(NodeId); client.deleteNode(NodeId);
Alternatively, it is possible to test the functionalities (that later will be provided by way of the GUI) directly from browser by accessing to:
http://hostname:port/fhn-manager-service/rest/serviceprofiles http://hostname:port/fhn-manager-service/rest/nodes/create?vmProviderId=""&serviceProfileId=""&resourceTemplateId="" http://hostname:port/fhn-manager-service/rest/nodes?vmProviderId=""&serviceProfileId="" http://hostname:port/fhn-manager-service/rest/resourceTemplate?vmProviderid="" http://hostname:port/fhn-manager-service/rest/vmproviders?serviceProfileId="" http://hostname:port/fhn-manager-service/rest/nodes/nodeId http://hostname:port/fhn-manager-service/rest/vmproviders/vmProviderid http://hostname:port/fhn-manager-service/rest/start?NodeId="" http://hostname:port/fhn-manager-service/rest/nodes/stop?NodeId="" http://hostname:port/fhn-manager-service/rest/delete?NodeId=""
An example of running service is available here: http://fedcloud.res.eng.it/fhn-manager-service/rest/*
Nodes Monitoring
The created instances will appear in [the https://next.d4science.org/web/guest/monitor D4Science Monitoring system]. Data collected is analysed to produce alarms and/or take countermeasures in case of problems with one or more resources.