In this page:
early availability: 20/09/2021
start of pre-production:
start of production:
Model: Architecture: Cores:xx cores/node |
---|
The HPC cloud infrastructure, named ADA cloud is based on OpenStack Wallaby.
Provides:
This cloud infrastructure is tightly connected both to the LUSTRE storage of 20 PB raw capacity, and to the GSS storage of 6 PB seen by all other infrastructure. This setup enables the use of all available HPC systems (Tier-0 Marconi, Tier-1 Galileo100), addressing HPC workloads in conjunction with cloud resources.
From the user's perspective, ADA cloud can be seen as both a public cloud and a community cloud, with a federation of European data-centers providing features targeting specific scientific communities (i.e. the flagship Human Brain project). ADA cloud HPC infrastructure is a resource that CINECA already adopts in several internal projects and services. The deployment model is well represented by the picture below.
The ADA cloud HPC infrastructure integrates and completes the HPC ecosystem, providing a tightly-integrated infrastructure that covers both high performance and high flexible computing. We expect the flexibility of the cloud to better adapt to the diversity of user workloads, while still providing high-end computing power. If the need for High-Performance Computing increases, or scale beyond the ADA cloud HPC provision, the other world-class HPC systems (MARCONI, MARCONI100, GALILEO100) can be integrated into the workflow to cover all computing needs. For example, data can be stored on areas ($DRES ) that are seen by all HPC systems.
ADA cloud HPC infrastructure provides users an Infrastructure as a Service (IaaS). Along with all the advantages in terms of flexibility, there is an increased responsibility shifted from CINECA staff to users. A clear separation of roles in using the service is represented in the scheme below. This has to be understood by all actors accessing the service, even if we can provide assistance and share our expertise to help you set-up your application workflow.
There are clear benefits in using a CLOUD infrastructure with access to Virtual Machines (VMs) with respect to traditional our HPC resources. These benefits can be summarized in the table below:
Performance | Target the highest possible | depend on workload, but generally, virtualization has a small impact |
User access | CINECA staff authorization | Once a project is granted, it is managed by the user |
Operating System | It is chosen by CINECA staff given the HW constraints. Security updates are managed by CINECA. | Selected by the user. Security patch and updates are managed by the user. |
Software stack | Mostly installed by CINECA staff. Users can install their own without "root" privilege. The environment is provided "as is" | The user is root on the VMs and can install all the required software stack. Users can modify the environment to suit their needs. |
Snapshots of the environment | Cannot be done | User can save snapshot images of the VMs |
Running simulations | Users are provided with a job scheduler (SLURM) | Users can install a job scheduler or chose alternatives. |
A more flexible authentication method has been deployed in the CLOUD.HPC instance. It is based on OpenID (https://openid.net/connect/), and decouples authentication (access with credentials) from authorization (application permissions after user access), as represented in the schema below.
The Identity provider (IdP) can be internal (CINECA) or can be another trusted external service provider. This approach allows having in place federated identity, with a central (proxy) IdP servicing federated data-centers, as in the ICEI-Fenix model (https://fenix-ri.eu/).
In the context cloud HPC resources provisioning, CINECA acts accordingly to the following division of roles:
CINECA is responsible for administering the physical infrastructure and providing the virtualization layer (via Openstack)
“User Admins” and “Users” are roles acted by people external to CINECA staff (Exceptions are made for internal services). User Admins can create VM instances and configure the resources via dashboard; “Users” do not access the dashboard and are local to each VM instance (for example those added via adduser linux command).
Any user (“User Admins or “Users”) with administration privileges on IaaS resources (VMs) have the responsibility to maintain the security (security patch, fix) on those resources. Anyway, from the project management perspective, CINECA will interact only to “User Admins" (User Admins are user associated to the project in CINECA resource provising portal, https://userdb.hpc.cineca.it).
In order to create your own virtual machine you have to perform all the following eight steps
After subscribing, go to the OpenStack dashboard at https://adacloud.hpc.cineca.it, select "CINECA ldP" as Authentication method, then click on "cinsdai-idp.hpc.cineca.it:8443/auth/realms/CINECA_LDAP" and at the end insert your HPC-CINECA credetials to log in.
After the log in, on the top-right of the window is displayed your user name, while on the top-left. are listed in a menu all the Projects you are associated with.
### mettere un immagine
Projects are organizational units in the cloud. Each user is a member of one or more projects. Within a Project, a user can create and manage instances, security groups, volumes, images, and more.
In order to build and use virtual machine within a specific Project, it is mandatory the presence of the internal network, subnet and router.
Select the Project of interest and check the presence of such components click on tab Project → Network → Network Topology.
If it is present only the "external network", you must create network, subnet and router. Please, follow the instruction below:
Click on: Project -> Network -> Network Topology -> Create Network.
Then set:
Network name: <the name you want>
Enable Admin State: check
Create Subnet: check
Availability Zone Hints: set "nova"
MTU:set it blank. The default is 1450
Subnet name: <the name you want>
Network Address (eg. 192.168.0.0/24)
IP Version (IPv4)
Gateway IP (eg, the last address 192.168.0.254 for subnet 192.168.0.0/24)
Disable Gateway: disabled, uncheck
Enable DHCP: enabled, check
Allocation Pools: leave blank
Host Routers: leave blank
Finally, click on "create"
Click on: Project -> Network -> Routers -> Create Router.
Then set:
Router name: <the name you want>
Enable Admin State: check
External Network: select "externalNetwork"
Availability Zone Hints: leave "nova"
Finally, click on "create router".
Now, select the router just created and click on "Interfaces" and then on "Add interface"
subnet: select the subnet just created
IP address (write THE SAME IP ADDRESS of the gateway, in this example, it is 192.168.0.254)
Finally, click on "Submit".
Verify that the Status of router is “ACTIVE” and the Admin state is “UP”.
Keypairs are used to access virtual machines when:
You can set up a keypair in two ways. From "Project → Compute → Key Pairs" menu, you can:
Remember to modify the permission of the key file to 600 in order to avoid errors when you use it to login to your virtual machine.
The firewall of the virtual machine must be defined using the OpenStack Security Groups and Security Rules.
Inside the virtual machine, the firewall must be disabled.
A security rule defines which traffic is allowed to instances assigned to the security group.
A security group is a group of security rules that can be assigned to an instance.
The security groups and security rules can be created click on "Project → Network → Security Groups ".
Common default rules are:
Note: It is always possible to modify, add and remove security groups in a virtual machine after its creation.
Once your key pair and your security group are defined, proceed building the virtual machine.
The boot process can be followed on the instances screen. Once the VM is in state ACTIVE, you will be able to open the console and follow the boot process.
To follow the installation, you can access the graphical console using the browser once the VM is in BUILD state.
The console is accessed by selecting the "Instance Details" for the machine and then click on the tab "Console".
After the association of a Floating IP to your virtual machine, you can login using the default user and key ( if you have used a native default image for cloud), or using another username (if you have used your personal image with a custom user defined in it). Suppose you have used the default ubuntu cloud image, you can login as:
$ ssh -i MyKey.pem ubuntu@<floating IP address>