Skip to content
Snippets Groups Projects
Name Last commit Last update
..
defaults
handlers
meta
tasks
vars
README.md

CPR

Deploy INDIGO CPR service using docker containers.
The tasks included in the role are based on the CPR deployment guide.

Requirements

Role Variables

Variable name Default Value Description
cpr_port 8081 CPR service port
cpr_image indigodatacloud/cloudproviderranker:indigo_2 Docker image used for running the service

Dependencies

indigo-dc.docker

Example Playbook

- hosts: servers
  roles:
     - { role: username.rolename, x: 42 }

Deployment as container

Image: Python:2

$ docker run -td --name cip python:2
$ docker exec -it cip bash
(container) $ apt update
(container) $ apt install git vim wget
(container) $ git clone https://github.com/maricaantonacci/cloud-info-provider-deep && cd cloud-info-provider-deep
(container) $ pip install -r requirements.txt
(container) $ pip install -e .
(container) $ cloud-info-provider-service -h
/usr/local/lib/python2.7/site-packages/OpenSSL/crypto.py:14: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
  from cryptography import utils, x509
usage: cloud-info-provider-service [-h] [--middleware MIDDLEWARE]
                                   [--format FORMAT] [--yaml-file YAML_FILE]
                                   [--template-dir TEMPLATE_DIR]
(container) $ pip install git+https://github.com/indigo-dc/bulksend2cmdb

Installation of grid-security certs

(container) $ cat /etc/apt/sources.list
...
#### #### EGI Trust Anchor Distribution ####
deb http://repository.egi.eu/sw/production/cas/1/current egi-igtf core
 
(container) $ wget -q -O - https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3 | apt-key add -
 
(container) $ apt-get update
(container) $ apt-get install ca-policy-egi-core
(container) $ ls /etc/grid-security/certificates/
-- list of certs
 
(container) $ cd /usr/local/share/ca-certificates
(container) $ for f in /etc/grid-security/certificates/*.pem ; do ln -s $f $(basename $f .pem).crt; done
(container) $ ls
-- list of certs
 
(container) $ update-ca-certificates

Installation of a new cert (es chain per Mesos)

(container) ### copy the certificate-chain.pem certs into /root/certs
(container) $ cp /root/certs/certificate-chain*.pem /usr/local/share/ca-certificates
(container) $ cd /usr/local/share/ca-certificates
(container) $ for f in /etc/grid-security/certificates/*.pem ; do ln -s $f $(basename $f .pem).crt; done
(container) $ update-ca-certificates
Updating certificates in /etc/ssl/certs...
x added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
 
(container) ### check certificates in /etc/ssl/certs

Populate CMDB from CIP

#Create configuration files

##Files for Cloud provider os.provider.yaml

(container) $ mkdir -p /root/provider/sites
(container) $ cat cat <<EOF >>/root/provider/sites/os.provider.yaml
site:
    name: Cloud
    id: provider_cloud
    is_public: false
    country: Italy
    country_code: IT
    roc: NGI_IT
    owner_contacts:
        -
    owner_contacts_iam:
        -
compute:
    total_cores: 0
    total_ram: 0
    max_dedicated_ram: 0
    min_dedicated_ram: 0
    accelerators_virt_type: UNKNOWN
    total_accelerators: 0
    max_accelerators: 0
    min_accelerators: 0
    hypervisor: UNKNOWN
    hypervisor_version: UNKNOWN
    service_production_level: production
    capabilities:
        - executionmanagement.dynamicvmdeploy
        - security.accounting
    failover: false
    live_migration: false
    vm_backup_restore: false
    endpoints:
        defaults:
            iam_enabled: true
            idp_protocol: openid
            region: sdds
            middleware_version: Rocky
            api_endpoint_technology: webservice
            api_authn_method: openid
            production_level: production
            federation:
              iotwins:
                issuer: https://iotwins-iam.cloud.cnaf.infn.it/
                protocol: openid
    shares:
        'ioTwins-TB01':
            auth:
                project_id: <>
                region_name: <>
            iam_organisation: TB01/cloud #IAM Group
            public_network_name: public
            private_network_name: tb01-net
    templates:
        defaults:
            platform: x86_64
            network: public
            network_in: undefined
            network_out: true
    images:
        defaults:
            os_type: Linux
            architecture: x86_64
            gpu_driver: 'NA'
            gpu_cuda_driver: 'NA'
            gpu_cudnn_driver: 'NA'
EOF

collect-push-cloud.sh

(container) $ cd /root/provider
(container) $ cat cat <<EOF >>collect-push-cloud.sh
#!/bin/bash
 
set -x
 
export CMDB_ENDPOINT_READ=
export CMDB_ENDPOINT_WRITE=
export CMDB_USER=
export CMDB_PASS=
 
################
##  Provider  ##
################
 
echo "***** Provider *****"
echo "Getting OpenStack data from Provider...."
 
## [Provider] CIP:Openstack with OIDC token
cloud-info-provider-service \
  --insecure \
  --all-images \
  --select-flavors private \
  --os-auth-type v3oidcaccesstoken \
  --os-protocol openid \
  --os-identity-provider iotwins \ # IAM organization
  --os-access-token $IAM_ACCESS_TOKEN \
  --os-auth-url <CLOUD_PROVIDER_API_V3_URL> \
  --os-project-domain-name default \
  --middleware openstack \
  --format cmdb \
  --yaml-file /root/iotwins-providers/sites/os.provider.yaml \
  --template-dir /root/cloud-info-provider-deep/etc/templates/ | bulksend2cmdb --cmdb-read-endpoint $CMDB_ENDPOINT_READ \
                                                                               --cmdb-write-endpoint $CMDB_ENDPOINT_WRITE \
                                                                               --cmdb-db-user $CMDB_USER \
                                                                               --cmdb-db-pass $CMDB_PASS
EOF

Files for Mesos provider

mesos.provider.yaml

(container) $ cat cat <<EOF >>/root/provider/sites/mesos.provider.yaml 
site:
    name: mesos
    country: Italy
    country_code: IT
    is_public: False
    owner_contacts:
        -
    owner_contacts_iam:
        -
compute:
    accelerators:
        vendor: nvidia
        model: V100 # TITANX, TITANXSND
    endpoints:
        defaults:
            iam_enabled: true
            total_cores: 16
            federation:
              iotwins:
                issuer: https://iotwins-iam.cloud.cnaf.infn.it
                protocol: oidc
        https://<>/chronos:
            service_parent_id: https://<>/mesos
            local_volumes_host_base_path: /tmp
            # not GPU-enabled
            total_accelerators: 1
        https://<>/marathon:
            service_parent_id: https://<>/mesos
            load_balancer_ips: [<>]
            local_volumes_host_base_path: /tmp
            persistent_storage_drivers: []
            # not GPU-enabled
            total_accelerators: 1
EOF

collect-push-mesos.sh

(container) $ cd /root/provider
(container) $ cat <<EOF >>collect-push-mesos.sh
#!/bin/bash
 
set -x
 
export CMDB_ENDPOINT_READ=
export CMDB_ENDPOINT_WRITE=
export CMDB_USER=
export CMDB_PASS=
 
################
##  Provider  ##
################
 
echo "***** Provider *****"
echo "Getting Mesos data from Provider...."
 
## [Provider] CIP:Mesos with OIDC token
for endpoint in mesos marathon chronos; do
    echo "Getting Mesos data from https://<>/${endpoint}.."
    cloud-info-provider-service \
        --middleware mesos \
        --format cmdb \
        --mesos-cacert /etc/ssl/certs \
        --mesos-framework $endpoint \
        --mesos-endpoint https://<>/${endpoint} \
        --oidc-auth-bearer-token $IAM_ACCESS_TOKEN \
        --yaml-file /root/iotwins-providers/sites/mesos.provider.yaml \
        --template-dir /root/cloud-info-provider-deep/etc/templates/ | bulksend2cmdb --cmdb-read-endpoint $CMDB_ENDPOINT_READ \
                                                                                     --cmdb-write-endpoint $CMDB_ENDPOINT_WRITE \
                                                                                     --cmdb-db-user $CMDB_USER \
                                                                                     --cmdb-db-pass $CMDB_PASS
    echo ""
done
EOF

Populate CMDB

Generate IAM Access Token

Generate a proper IAM Access Token

Execute collect-push

(container) $ ./collect-push-mesos.sh
or
(container) $ ./collect-push-cloud.sh

Information

iotwins-infn-cloud-support@lists.cnaf.infn.it INFN Italy