accessing cloud systems from ws-pgrade/guse
DESCRIPTION
Accessing Cloud Systems from WS-PGRADE/gUSE. Zoltán Farkas MTA SZTAKI LPDS [email protected]. Outline. Aim of this presentation Generic portal administrator tasks Generic initial user tasks SaaS execution mode: Portal administrator tasks Workflow node configuration - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/1.jpg)
SCI-BUS is supported by the FP7 Capacities Programme under contract nr RI-283481
Accessing Cloud Systems from WS-PGRADE/gUSE
Zoltán FarkasMTA SZTAKI LPDS
![Page 2: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/2.jpg)
Outline• Aim of this presentation• Generic portal administrator tasks• Generic initial user tasks• SaaS execution mode:
– Portal administrator tasks– Workflow node configuration
• IaaS execution mode:– Portal administrator tasks– Workflow node configuration
• Generic user tasks (workflow cost estimate, submission, cost display)• Security aspects, using robot certificates
![Page 3: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/3.jpg)
Aim
• To show what are the necessary setup tasks on the portal side to cloud-enable a portal
• To show how the extension can be used• To introduce the security aspects of using
clouds in the portal
![Page 4: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/4.jpg)
Covered portal user roles
• Portal administrator– The one who is able to configure the portal
services• Workflow developer
– The one who is able to create and run workflows• End user
– The one who is able to use existing workflows
![Page 5: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/5.jpg)
Generic portal admin tasks I.
• Through the DCI Bridge Admin interface: http://foo.bar:8080/dci_bridge_service/conf
![Page 6: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/6.jpg)
Generic portal admin tasks II.
• Settings:– Enable plugin: set to „Enabled”– Number of threads: the plugin will manage at
most so many jobs in parallel– Number of resubmissions: the plugin will resubmit
a failed job at most so many times• Leave other settings unchanged
![Page 7: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/7.jpg)
Generic portal admin tasks III.
• Add access to CloudBroker Platform service– Name: users will see the resource using this name– URL: URL of the CBP service– Own executable: see IaaS execution mode later
![Page 8: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/8.jpg)
Status
• The portal administrator has enabled the CloudBroker plugin in the DCI Bridge, and all the CloudBroker services that users would like to use have been added
• These are set by default: CB plugin is enabled, Public and SCI-BUS CB services are added
![Page 9: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/9.jpg)
Generic initial user tasks
• If one would like to configure CBP jobs, proper CBP user credentials have to be set
• Make use of the Security / CloudBroker portlet
![Page 10: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/10.jpg)
Saas and IaaS execution modes
IaaS model SaaS model
Enables users to run their own executables Yes No
What has to be pre-deployed in the virtual machine image
A single wrapper application Every application that users would like to use
What has to be configured in the CloudBroker Platform
Only the wrapper application Applications for the different application
Level of security Low: user can run anything High: users can run only pre-registered, tested apps
Ease of use (user’s perspective) Easy: very similar to existing WS-PGRADE/gUSE interface
Easy: user simply selects from the pre-defined Software
Ease of use (portal administrator’s perspective)
Easy: only two additional properties have to be set
Very easy: no need to set additional properties
Ease of use (CloudBroker administrator’s perspective)
Easy: only one application has to be configured for each cloud resource
Hard: a number of applications have to be configured
Easy of use (cloud administrator’s perspective)
Easy: only one VM image has to be deployed Hard: either a number of VM images have to be deployed or one VM image must be updated a number of times.
![Page 11: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/11.jpg)
SaaS execution – Overview
• Enables portal users to run applications registered in the selected CBP service (for example AutoDock 1.0 Software and ad_worker.sh Executable)
• Thus, no executable, only input files have to be provided by the portal user
![Page 12: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/12.jpg)
SaaS execution „architecutre”
![Page 13: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/13.jpg)
SaaS – Portal admin tasks
• Nothing special• Only the generic portal admin tasks have to be
performed (configure CBP service access in DCI Bridge)
![Page 14: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/14.jpg)
SaaS – Workflow node configuration
• Set „Type” to „cloudbroker”, and „Name” to the CBP service to be used
• Afterwards, select Software, Executable, Resource, Region and Instance type for your job
• A cost estimate is displayed as well
![Page 15: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/15.jpg)
SaaS – Data cost estimate
• Depending on the selected resource, the data fee is displayed as well
![Page 16: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/16.jpg)
IaaS execution - Overview
• Enables to run executables uploaded by the user• A specially prepared wrapper application has to be
registered in the target CBP service (see Wrapper 1.0)
• This wrapper application must be configured the DCI Bridge plugin instance
• The portal will upload the user-provided executable as an input called „execute.bin” to the CloudBroker job, which will be started by the wrapper application
![Page 17: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/17.jpg)
IaaS execution „architecture”
![Page 18: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/18.jpg)
IaaS – Portal admin tasks
• The Software and Executable in the CBP enabling IaaS execution should be defined in the DCI Bridge
• Following Day 2’s hands-on these are:– Software: „Wrapper XY 1.0”– Executable: „Wrapper XY 1.0 guse_wrapper.sh”
![Page 19: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/19.jpg)
IaaS – Workflow node configuration
• Set „Type” to „cloudbroker”, and „Name” to the CBP service to be used
• Click „Enable own executable”• Afterwards, select Software, Executable, Resource, Region and
Instance type for your job• A cost estimate is displayed as well (note: no cost is assigned
to using the Resource below)
![Page 20: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/20.jpg)
IaaS – Data cost estimate
• Depending on the selected resource, the data fee is displayed as well (note: no cost is assigned to using the Storage below)
![Page 21: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/21.jpg)
Generic user tasks – Workflow cost estimate
• Once the workflow is fully configured, estimated cost can be calculated on-demand
• Simply click „Refresh” below the WF graph
![Page 22: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/22.jpg)
Generic user tasks – Workflow submission
• Once the workflow is ready, click „Submit” to submit a workflow instance
• After the workflow has been submitted, you can check its progress as usual
![Page 23: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/23.jpg)
Generic user tasks – Workflow cost display
• Cost of individual jobs can be checked
• Overall workflow cost can be checked as well
![Page 24: Accessing Cloud Systems from WS-PGRADE/gUSE](https://reader035.vdocuments.site/reader035/viewer/2022070503/5681558b550346895dc361bd/html5/thumbnails/24.jpg)
Security aspects• CloudBroker entity (Resource, Software) visibility:
– Private: only the user who defined the entity + admins can use it
– Protected: users of the organization where the defining user belongs to + admins can use it
– Public: every user of the CloudBroker Platform service can use it
• Robot certificates:– Can be assigned to CloudBroker jobs– Take care (EGI VO Portal Policy):
• Enable only for the SaaS model, or• Enable for IaaS model, but do not allow the users to upload their
executables