Red Cloud 2

Red Cloud 2 is an on-demand research cloud computing service maintained and supported by CAC. At present, Red Cloud is an Infrastructure as a Service (IaaS) based on OpenStack.

Getting Started on Red Cloud

To create and manage cloud resources, you need a CAC account in a project with a Red Cloud subscription. But you can create local accounts on your virtual servers or credentials for other users to access your project's cloud storage.

  1. If you don't have a CAC account in a project with a Red Cloud subscription, start a project or ask your PI to add you to their CAC project. When you are added to a CAC project, you will receive an e-mail confirming your Red Cloud access. You must change the automatically generated password immediately. Refer to the instructions for managing your password as needed. If you are a PI or a PI's proxy for a new project, verify you have added a subscription to your project; see the Manage Projects page. If you are not sure what your role is or what you can do, please review this page.
    NOTE: the e-mail address that is associated with your CAC account - needs to be the same one as used for globus in the next step
  2. Register Globus sub for your account in the "Globus Sub Registration" section of this page.
  3. Log into Horizon web console to get started.

Cloud Resources

  • Compute: Launch virtual servers ("instances") with various CPU and GPU configurations
  • Storage: Allocate storage accessible by your cloud instances and hosts external to the cloud.
  • Networking and Security: Configure access rules for your instances and storage.

User Interfaces

Red Cloud has 2 user interfaces: Horizon web console and Openstack CLI client

Horizon Web Console

All users should start here. The Horizon web console provides a user friendly grpahical interface for most basic cloud features. To use the CLI client, you will need to log into the Horizon web console to generate application credentials.

Single Sign On (SSO) via Globus Auth

Initially, you will need to log into the Horizon web console using Globus Auth. Unlike the previous version of Red Cloud, SSO via Globus Auth is the only accepted authentication method. You can no longer log in using your CAC user name and password.

Once logged in, access will be granted to all CAC projects to which the user belongs that have active Red Cloud subscriptions.

Log into Horizon Web Console

Before you can log into the Horizon web console, make sure to you have registered your Globus sub for your account in the "Globus Sub Registration" section of this page.

  1. Point your web browser to https://redcloud2.cac.cornell.edu. You might want to bookmark this URL for future use.
  2. Select "Globus Auth" for authentiction method and click on the Sign In button. Red Cloud 2 Sign In
  3. When signing into Globus Auth,
    • Cornell users should select Cornell University under Use your existing organizational login, or
    • Weill Cornell Medicine users should select Weill Cornell Medical College, Globus Login diagram and then click on the Continue button. You will get forwarded to the CUWebLogin (Cornell users) or WCM Web Login (Weill Cornell users) page. Log in using your NetID or CWID and password.
    • Non-Cornell or Weill users should select the home institution that you selected when registering your Globus sub.
  4. This is the initial Horizon web console screen. If your user is in more than one project, pull down the project menu in the upper left corner to select which project to acess. Horizon Initial Screen

CLI Client

The Openstack CLI client can be used in scripts or interactive shells for generating API calls to Red Cloud. It offers more features than Horizon web console so some operations can only be accomplished using the CLI client. The CLI client can be installed and run on any computer with python.

Requirements

Installing the Openstack CLI client requres python 3 with pip and venv. If you don't have python3 on your computer, use the following instructions to install python:

  • Rocky Linux: sudo dnf install python3 python3-pip python3-venv

  • Ubuntu Linux: sudo apt install gcc python3 python3-devel python3-pip python3-venv

  • macOS should have python3 installed by default. Open the Terminal app and run the python3 --version command to confirm. You might be prompted to install the "command line developer tools."

Install Openstack CLI Client

  1. If you are not yet using a python virtual environment, we suggest you do.

    python3 -m venv ~/openstackcli # create a python virtual environment in ~/openstackcli source ~/openstackcli/bin/activate # activate the new python virtual environment

  2. Install Openstack CLI client using pip:

    pip install python-openstackclient python-glanceclient python-manilaclient python-neutronclient python-swiftclient python-heatclient python-octaviaclient

Download Application Credential (openrc)

Openstack CLI client and Openstack SDK use application credentials to authenticate to Red Cloud. After logging into Horizon web console, you can create or revoke application credentials to be used with your CLI client or application. We now require API calls to authenticatte using application credentials to eliminate the need to embed (and possibly expose) user name and password in your code. Please note:

  • Your application credentials belong to your user, not your project. Within the same project, you cannot see other users' application credentials, nor can they yours.

  • If you belong to multiple Red Cloud projects, each application credential is project-specific. An application credential can be limited further in privileges and have an expiration date. Please use the Principle of Least Privilege when you create an application credential.

  • We recommend using a unique application credential for each CLI client installation or application to limit the impact of having to revoke a credential. Use a descriptive name when creating an application credential as the name cannot be modified later.

Follow these steps to download an application credential to your computer:

  1. Log into Horizon web console.

  2. Create and download an application credential in the openrc format. Save the openrc file somewhere save on your computer.

Getting Started with CLI Client

Open a new terminal session.

  1. If you are using a python virtual enviornment, activate it: source <path to virtual environment>/bin/activate

  2. Source the openrc file you downloaded in the previous section: source <openrc file>

  3. To confirm the CLI client can successfully reach and authenticate to the cloud, run the openstack project list command to see the list of projects you are in.

  4. Use the openstack command list command for the list of available commands.