2. Getting started

This tutorial explains how to quick-start with REANA-Cluster.

2.1. Deploy locally

Are you looking at installing and deploying REANA cluster locally on your laptop?

  1. Install kubectl (e.g. version 1.11.2) and minikube (e.g. version 0.28.2):

    $ sudo dpkg -i kubectl*.deb minikube*.deb
    
  2. Start Minikube virtual machine:

    $ minikube start --kubernetes-version="v1.11.2"
    
  3. Install REANA-Cluster sources. You probably want to use a virtual environment:

    $ # create new virtual environment
    $ virtualenv ~/.virtualenvs/myreana
    $ source ~/.virtualenvs/myreana/bin/activate
    $ # install reana-cluster utility
    $ pip install reana-cluster
    
  4. Start REANA cluster instance on Minikube:

    $ reana-cluster init
    
  5. Check the status of the REANA cluster deployment. (Note that it may take several minutes to pull the REANA component images for the first time.)

    $ reana-cluster status
    ...
    REANA cluster is ready.
    
  6. Display the commands to set up the environment for the user clients:

    $ reana-cluster env
    export REANA_SERVER_URL=http://192.168.99.100:32732
    $ eval $(reana-cluster env --include-admin-token)
    

    If you need to create more users you can:

    $ kubectl exec \
          -ti $(kubectl get pods -l=app=server -o jsonpath='{.items[0].metadata.name}') \
          -- flask users create \
                -e jane.doe@example.org \
                --admin-access-token $REANA_ACCESS_TOKEN
    User was successfully created.
    ID                                     EMAIL                  ACCESS_TOKEN
    09259d12-b06c-4a13-a696-ae8e57f1f0c9   jane.doe@example.org   dHYXgh5AXmukZrdWccZaSg
    
  7. You can now run REANA examples on the locally-deployed cluster using reana-client.

    Note that after you finish testing REANA, you can delete the locally-deployed cluster and the Minikube virtual machine as follows:

    $ reana-cluster down
    $ minikube stop
    

2.2. Deploy on CERN infrastructure

  1. Log into lxplus-cloud (CC7 subset of lxplus with recent OpenStack clients) and create a working directory for reana:

    $ ssh lxplus-cloud.cern.ch
    $ mkdir reana && cd reana
    
  2. Setup your OpenStack account and create a Kubernetes cluster following the official documentation.

Note

Make sure that the csi related components [csi-attacher, csi-provisioner, manila-provisioner, csi-cephfsplugin] are deployed in version 0.3.0 or higher:

$ kubectl get pods -n kube-system

Find the names for the pods and check for each one the deployed image with:

$ kubectl describe pod -n kube-system csi-attacher-0

For now, the traefik ingress needs to be amended so permissions are set correctly (once fixed in OpenStack this will come automatically.

$ kubectl -n kube-system edit ds/ingress-traefik
# add: `serviceAccountName: ingress-traefik` under
# `spec.template.spec`.
# Restart the Ingress controller so it uses the correct permissions.
$ get pods -n kube-system  | grep ingress
ingress-traefik-666ee                   1/1       Running   0          2m
$ kubectl delete ingress-traefik-666ee -n kube-system
  1. Load the configuration to connect to the Kubernetes cluster and wait for the pods to be created:

    $ $(openstack coe cluster config reana-cloud)
    $ kubectl get pods -w
    
  2. Set one of the nodes to be an ingress controller and create a landb alias:

    $ kubectl label node <node-name> role=ingress
    $ openstack server set --property landb-alias=<your-subdomain> <ingress-node>
    
  3. Create or add ssl secrets:

    $ openssl req -x509 -nodes -days 365 -newkey rsa:2048
          -keyout /tmp/tls.key -out /tmp/tls.crt
          -subj "/CN=<your-subdomain>.cern.ch"
    $ kubectl create secret tls reana-ssl-secrets
          --key /tmp/tls.key --cert /tmp/tls.crt
    
  4. Create the shared volume:

    $ manila create --share-type "Geneva CephFS Testing"
          --name reana cephfs 10
    $ # wait until gets created
    $ manila access-allow reana cephx reana-user
    $ manila share-export-location-list reana-dev
    +--------------------------------------+------------------------------------------------------------------------------------------------------------------+-----------+
    | ID                                   | Path                                                                                                             | Preferred |
    +--------------------------------------+------------------------------------------------------------------------------------------------------------------+-----------+
    | 455rc38d-c1d2-4837-abba-76c25505bc02 | 142.143.144.45:5565,142.143.144.46:5565,142.143.144.47:5565/<shared_volume/path>                                 | False     |
    +--------------------------------------+------------------------------------------------------------------------------------------------------------------+-----------+
    $ manila access-list reana-dev
    +--------------------------------------+-------------+------------+--------------+--------+------------------------------------------+----------------------------+----------------------------+
    | id                                   | access_type | access_to  | access_level | state  | access_key                               | created_at                 | updated_at                 |
    +--------------------------------------+-------------+------------+--------------+--------+------------------------------------------+----------------------------+----------------------------+
    | bf2b1e34-abba-4096-9e4e-1aa4aacdc6d0 | cephx       | user       | rw           | active | ABBAffyBbad7fdsaAfepl4MFKabbse2/UFOR1A== | 2018-06-12T22:22:15.000000 | 2018-06-12T22:22:17.000000 |
    +--------------------------------------+-------------+------------+--------------+--------+------------------------------------------+----------------------------+----------------------------+
    

    Create the secret which allows access to the manila share using the provided script from the kubernetes/cloud-provider-openstack repository

    $ git clone https://github.com/kubernetes/cloud-provider-openstack
    $ cd cloud-provider-openstack/examples/manila-provisioner
    $ ./generate-secrets.sh -n my-manila-secrets | ./filter-secrets.sh > ceph-secret.yaml
    $ kubectl create -f ceph-secret.yaml
    secret "ceph-secret" created
    

    Set the root_path variable in storageclasses/ceph.yaml to the created <share_volume/path>.

  5. Since Python3 does not come by default we have to use the slc command to activate it and we create a virtual environment for REANA:

    $ scl enable rh-python36 bash
    $ virtualenv reana
    $ source reana/bin/activate
    
  6. Install reana-cluster:

    (reana) $ pip install reana-cluster
    
  7. Instantiate REANA cluster:

    Edit reana-cluster.yaml adding the cephfs_monitors obtained in the step 5 and instatiate the cluster.

    (reana) $ reana-cluster -f reana-cluster.yaml --prod init
    
  1. Make REANA accessible from outside:

    (reana) $ curl http://reana.cern.ch/api/ping
    {"message": "OK", "status": "200"}
    

2.3. Next steps

For more information, please see:

  • Looking for a more comprehensive user manual? See User guide
  • Looking for tips how to develop REANA-Cluster component? See Developer guide
  • Looking for command-line API reference? See CLI API