search

grycap / im-client

IM - Infrastructure Manager client
http://www.grycap.upv.es/im
GNU General Public License v3.0
6 stars 2 forks source link

Error Getting Inf. List: No credentials provided for the InfrastructureManager. #83

Closed sebastian-luna-valero closed 2 years ago

sebastian-luna-valero commented 2 years ago

Hello,

I am testing im-client with:

# im_client.cfg
[im_client]
restapi_url=https://appsgrycap.i3m.upv.es:31443/im/
auth_file=auth.dat

and auth.dat:

id = egi; type = EGI; host = ULAKBIM; vo = vo.access.egi.eu; token = command(oidc-token OIDC_ACCOUNT)

Here is what I get:

$ im_client.py list
Secure connection with: https://appsgrycap.i3m.upv.es:31443/im/
ERROR listing then infrastructures: {"message": "Error Getting Inf. List: No credentials provided for the InfrastructureManager.", "code": 401}

Am I missing something basic?

Many thanks, Sebastian

micafer commented 2 years ago

Hi @sebastian-luna-valero,

You are missing the line of the Infrastructure Manager auth. You have to add this line to the auth.dat file:

id = im; type = InfrastructureManager; token = command(oidc-token OIDC_ACCOUNT)
sebastian-luna-valero commented 2 years ago

It works, thanks!

FYI, I took the EGI config from: https://imdocs.readthedocs.io/en/latest/client.html#examples

Not sure where to submit a PR ;)

micafer commented 2 years ago

In these examples you can see that the two first lines show the Infrastructure Manager auth lines. But I will try to check the docs to explain better that the Infrastructure Manager auth line must be allways in the auth file.

sebastian-luna-valero commented 2 years ago

That would be helpful, thanks. I didn't understand that when reading the docs. Does this mean that I need one line per site in the EGI federation where I want to create virtual infra with im-client?

micafer commented 2 years ago

You only need to add one line per each site/vo you want to access.

sebastian-luna-valero commented 2 years ago

Thanks!

If I now try to deploy a test with: https://github.com/grycap/im-client/blob/master/test/files/tosca.yml

I get:

$ im_client.py create tosca.yaml 
Secure connection with: https://appsgrycap.i3m.upv.es:31443/im/
ERROR creating the infrastructure: Error Creating Inf.: No correct VMRC auth data provided nor image URL

I have updated the auth.dat with:

id = im; type = InfrastructureManager; token = command(cat /var/run/secrets/egi.eu/access_token)
type = VMRC; host =  http://appsgrycap.i3m.upv.es:32080/vmrc/vmrc/; token = command(oidc-token OIDC_ACCOUNT)
id = egi; type = EGI; host = ULAKBIM; vo = vo.access.egi.eu; token = command(oidc-token OIDC_ACCOUNT)

and tosca.yaml with:

description: TOSCA test for the IM client

topology_template:

  node_templates:

    server:
      type: tosca.nodes.Compute
      capabilities:
        # Host container properties
        host:
         properties:
           num_cpus: 1
           mem_size: 1 GB
        # Guest Operating System properties
        os:
          properties:
            # host Operating System image properties
            type: linux
            distribution: ubuntu
            version: 20.04
micafer commented 2 years ago

You have to add an image of the VM, and change the compute node type:

    server:
      type: tosca.nodes.indigo.Compute
      capabilities:
        # Host container properties
        host:
         properties:
           num_cpus: 1
           mem_size: 1 GB
        # Guest Operating System properties
        os:
          properties:
            # host Operating System image properties
            type: linux
            distribution: ubuntu
            version: 20.04
            image: appdb://ULAKBIM/egi.ubuntu.20.04

The image uri has the following format:

appdb:///?, for FedCloud OpenStack or EGI connectors using AppDB info. In case of EGI connector the vo_name is not required as it will be get from auth data.

As commented here:

https://imdocs.readthedocs.io/en/latest/radl.html?highlight=appdb#system-features

micafer commented 2 years ago

I saw that the name of the site is not the one that is registered in the AppDB: it should be TR-FC1-ULAKBIM. So the image should be: appdb://TR-FC1-ULAKBIM/egi.ubuntu.20.04

sebastian-luna-valero commented 2 years ago

Many thanks!

Just a couple of final questions before closing the issue.

Q1: Can you achieve idempotency with TOSCA?

# i.e. running this
im_client.py create tosca.yaml 
# and this again without changes in tosca.yaml
im_client.py create tosca.yaml

will create two separate virtual infrastructures, right?

Q2: In order to improve the portability of deployments, instead of using an image URL for deployments

        os:
          properties:
            image: appdb://egi.ubuntu.20.04?vo.access.egi.eu

is it possible to use only:

        os:
          properties:
            type: linux
            distribution: ubuntu
            version: 20.04

The same way that we do for:

        host:
          properties:
            num_cpus: 2
            mem_size: 4 GB

Many thanks, Sebastian

micafer commented 2 years ago

Q1: Can you achieve idempotency with TOSCA?

# i.e. running this
im_client.py create tosca.yaml 
# and this again without changes in tosca.yaml
im_client.py create tosca.yaml

will create two separate virtual infrastructures, right?

Yes.

Q2: In order to improve the portability of deployments, instead of using an image URL for deployments

        os:
          properties:
            image: appdb://egi.ubuntu.20.04?vo.access.egi.eu

is it possible to use only:

        os:
          properties:
            type: linux
            distribution: ubuntu
            version: 20.04

The same way that we do for:

        host:
          properties:
            num_cpus: 2
            mem_size: 4 GB

It is not so easy. We are working to make it work as you commented searching the images in the AppDBIS instead of using our VMRC. But it is not available yet.

sebastian-luna-valero commented 2 years ago

Great, thanks again!