Fed4FIRE

From Grid5000
Jump to navigation Jump to search

This page provides specific information about Grid'5000 for Fed4FIRE users.

Current Status (March 2020)

The Grid'5000 Aggregate Manager (AM) will soon be added to Fed4FIRE's jFed suite. Although integration is not complete yet this will allow users to perform basic tasks using only Fed4FIRE-standard APIs.

  • The Grid'5000 Aggregate Manager (am.grid5000.fr) advertises Grid'5000 resources
  • Fed4FIRE users can allocate and provision Grid'5000 resources from the Aggregate Manager. Using the AMv3 API.
  • New Grid'5000 accounts are automatically created by the AM for new users for 1 month. After which Fed4FIRE users will need to contact Grid'5000 support staff to validate and extend their account.
  • Fed4FIRE users can login to Grid'5000 frontends and to provisioned resources via SSH using their Fed4FIRE certificate private key.
  • Network-level function, such as internal and external vlans, are not yet available through the AM and require connected to Grid'5000 tools. See KaVLAN
  • Network-level interconnection using dedicated links with other Fed4FIRE testbed is functional. See Fed4FIRE_VLAN_Stitching. Network interconnection over the public Internet is functional (Grid'5000 nodes can access the public internet).

Grid'5000 Accounts

Access to any Grid'5000 resources requires a Grid'5000 account. Grid'5000 users who already have an account can link it to their Fed4Fire identity from their account management page:

  • go to the External identifiers and press the Add new identifier button,
  • select Fed4FIRE as External engine and your Fed4FIRE URN as External identifier.

The Fed4FIRE URN can be found in jFed tools once logged in, or by parsing the Fed4FIRE user certificate using openssl.

Fed4FIRE Users

Fed4FIRE users without a existing Grid'5000, or that fail to link their existing Grid'5000 account, will have a new one created for them the first time they allocate resources. These new accounts are be valid for a single month. Three emails will inform you of you account's expiry and retierment:

  • one week before the account's expiry
  • on the day of the account's expiry
  • on the day of the account's retirement, one week after account retirement.

Extending a valid or expired account

Users are welcome to request an account extension. To do so will need to create a password for your Grid'5000 account. Please not that (re)setting your password requires you to input the email associated with your account, which will be the one provided by the Fed4FIRE federation and not your institutional email.

Once you have set a password for you can access you account management page. From there users should be able to request an account prolongation from the actions menu on the account page.

Extending a retired account

One week after a automatically created account is expired it will become expired. Expired accounts can only be reopened by Grid'5000 staff, and users willing to do so should send an email to support-staff@lists.grid5000.fr. This email should provide the following information:

  • your Grid'5000 account name
  • your fed4fire email (to which Grid'5000 sent all previous emails) and your institutional email.
  • your institutionnal affiliation:
    • employer/reasearch institution
    • department/laboratory
    • team
  • a paragraph with your research topic
  • a paragraph or 2 (100 words) with your intended usage for Grid'5000
  • an expiration date for your account
  • acceptance of Grid'5000's Usage Policy

Contact information

  • Fed4FIRE contact points for Grid'5000:
    • Lucas Nussbaum (lucas.nussbaum@loria.fr)
    • David Margery (david.margery@inria.fr)
    • Luke Bertot (luke.bertot@inria.fr)
  • Grid'5000 support staff: see the Support page

FAQ

Limits for the duration of an experiment?

If experiment means project, there is no limit. Accounts are created with a short-term expiration date (one month or two months depending on the process used for account creation) but can be extended at will.

If experiment means resources reservation, the limits are described in the Grid'5000 Usage Policy. The philosophy behind the Usage Policy is that users should be able to find some resources to prepare experiments during the day, and then reserve resources in advance to do large-scale experiments during nights and week-ends. So the effective limits are 10 hours during the day (9h-19h), 14 hours during nights (19h-9h), and 62 hours during week-ends (Friday 19h -> Monday 9h). Users are therefore strongly encouraged to automate the setup of their experiments (using scripts or tools such as Ansible). If an experiment requires a longer reservation, a special request can be made, as described in the Grid'5000 Usage Policy.

Sharing one user account per experiment?

Even if several persons are going to collaborate on the same experiment, we strongly prefer that each person uses its own account, for traceability purposes. It is possible to share scripts etc using standard Unix mechanisms (directory permissions), or using an external Git service (which are accessible from Grid'5000 nodes).

Public IP Address for Grid'5000 nodes?

Grid'5000 nodes are on a private network. Interconnection to the Internet is achieved to a NAT, using a 10 Gbps link to RENATER (the french NREN).

We are in the process of:

  • Adding public IPv6 addresses to nodes
  • Adding a configurable firewall to allow reaching Grid'5000 nodes from the Internet using IPv6
  • Extending this to a set of IPv4 addresses (probably doing NAT from the public IPv4 address to the internal IPv4 addresses)

However, this is still work in progress.