Machine Learning Cloud Getting started guide

March 4th, 2020 Tübingen Outline • Who, what, how, … what again? o Our Cloud Infrastructure o Openstack, Storage, ... • General basics o SSH o DNS & TLS, … • Openstack basics: images, flavors, security groups, networks, floating IPs • Usage Terms, • VMs & Baremetal basics • How to create, connect and use • VM Hardening • Difference VM vs. Baremetal • GPUs (Driver, CUDA, within Docker) • Storage: Cinder, Quobyte, S3, WebDAV • Cloud-based services: Gitlab, Nextcloud, … • Docker • Support Who are we ...

[email protected] [email protected] [email protected] [email protected]

07071 - 29 70282 Openstack – ML-Cloud

Physical infrastructure ML-Cloud - TTR2 server room

• 14x 1G Switches & 10x 40G Switches • 2x Provisioningmachines • 2x Loadbalancer • 3x Openstack controllers

• 11x Storage servers (~1.8 PB, Quobyte software) • 12x GPU - Hypervisors with 4x Tesla V100 32GB RAM (NVLINK possible) • 7 Baremetal machines with 8x RTX 2080Ti 11GB RAM Insufficient cooling: Automatic server shutdown possibly without warning Openstack – what it is

Most used open source IaaS platform o based on python, sql, messaging, http REST APIs, … o started by NASA & Rackspace, currently involved Companies: Red Hat/Ubuntu/Mirantis/... o commercially used (Telekom, …): Projects, Quotas o 2 major releases a year

Multiple Services/Components o required: Keystone(Identity), Nova(Compute), Neutron(Network), Glance(Image) o optional: Horizon(Dashboard), Cinder(Blockstorage), Heat(Orchestration), Magnum(Container Orchestration), Barbican(Key Management), Swift(Objectstorage), …

Some cons … o complex installation & configuration o sometimes confusing documentation o updates & long term support (-->Sardina) Openstack – How it works Openstack – ML-Cloud Storage - Quobyte

LDAP

Load - balancers

Switches Openstack – how to use/access it

• WebGUI: https://mlcloud.uni-tuebingen.de

• Commandline tools: (apt|yum) install python-openstackclient openstack help

• python modules (python-openstacksdk)

• or the http API itself https://mlcloud.uni-tuebingen.de/identity/v3/auth/tokens POST { "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "admin", "domain": { "name": "Default" }, "password": "devstacker" } } } } } General Basics - SSH

• secure shell • connecting to remote machine • Being able to work on remote machine as you were sitting right in front of it • : $ ssh • Windows: use e.g Putty Client Generating ssh keys (Linux)

• If you are using a Linux machine, open a terminal and enter the following: • $ ssh-keygen -t rsa -b 2048 • This creates a new ssh key. When you're prompted to "Enter a file in which to save the key," press Enter. • > Enter a file in which to save the key (/home/you/.ssh/id_rsa): [ Press Enter ] • At the next prompt, type a secure passphrase. • > Enter passphrase (empty for no passphrase): [Type a passphrase] • > Enter same passphrase again: [Type passphrase again] • Now you have created a public ssh key which can be found in /home/you/.ssh/id_rsa.pub • The public key is pasted into Openstack. Generating ssh keys (Windows)

• If using Windows, use puttygen.exe to generate ssh keys. • Select "RSA" as type of key and enter "2048" or more for number of bits. • Click on generate. Generating ssh keys (Windows)

• Enter a secure passphrase. • Click on "Save public key" to save the key on your disk. • Click on "Save private key" to save it in .ppk format on your disk. • You will use these keys with Putty to open a ssh session. • Now copy the generated public key and paste it into Openstack. General Basics - SSH

You are using Windows: You are using Linux or MacOS:

1. Start Putty # generate key 2. Go to Session and type Hostname ssh-keygen -f cloud-key 3. Get IP from Openstack Dashboard 4. You can save a session and use it again # login ssh -i cloud-key centos@ 5. Click Open to start ssh session 6. Type in the password for your ssh keypair when prompted Putty session

[email protected] General Basics - port tunneling (OpenSSH)

Route

Network A Network B some host/jumphost • IP = 134.2.168.180 • Ssh connect via [email protected] VM

Your workstation Machine/VM you want to login to --> localhost with Port 8444 open • Not in your network • IP = 192.168.212.46 • Connection to Website over HTTPS (Port 443)

ssh –L PORT_LOCALHOST:IP_YOU_WANT_TO_BE_CONNECTED_WITH:PORT_ON_THAT_MACHINE jumphost • ssh –L 8444:192.168.212.46:443 [email protected] • Open a browser & enter: https://localhost:8444 General Basics - port tunneling (Putty)

1. Start Putty. 2. Go to Session and type Hostname/IP of the jump host. 3. You can save a session and use it again later. 4. Go to Connection > SSH > Tunnels 5. Enter a port of your choice in Source Port 6. Enter the destination address (the machine accessible from the jump host but not your local machine) along with the port on the destination server. 7. Click Add to add it to the list of tunnels. 8. Click Open to start ssh tunnel. 9. Type in the password for your ssh keypair when prompted. General Basics - Shell

man manual page for whoami which user do I work as right now cd change directory ls list what is in present directory pwd print present working directory vim OR nano enter files and be able to edit them less enter file and just read cat concatenate files and print on the standard output sudo 'superuser do' for getting root privileges mv File or directory move cp file or directory copy rm remove a file mkdir make a new directory mount / umount mount/unmount a filesystem found on a device chmod / chown modify permissions/ownership of files or directories find find files in a directory hierarchy ip [a|r] print network adresse OR routes ... and many more Responsibilites

Users deploying VMs must take care of them:

VM owners must harden their VMs to avoid/prevent abuse.

No password or ssh-key sharing!

Errors, flaws or loopholes must be reported.

All illegal activities will lead to legal measures. General Basics – DNS/TLS

Domain Name Service

• Translates IP addresses to domain names and vice versa • Not 1 DNS but many hierarchically ordered: *.mlcloud.uni-tuebingen.de controlled by ZDV networkers (DFN: no wildcards) • domain records only make real sense with TLS certificates

Transport Layer Security

• Secures network traffic • Use TLS 1.2 or 1.3: previous versions are unsafe/deprecated • TLS certificates used for HTTPS and other protocols(not ssh) • Provides authentification (and starts encryption) • Certificate are associated with one or more domains (incl. wildcards) • requireDNS entries • DFN > lets-encrypt > own CA > self-signed > no encrytion General Basics - Security

SSH Keys • Use ssh keys with password, encrytion type = rsa and encryption depth ≥ 2048bit ssh-keygen -t rsa -b 4096 • Keep your private key secret! Do not share it with other people!

Networks & Firewalls • Use whitelistingin every context with firewalls (security groups) --> block everything and allow only connections from and to Ports / IP-address-ranges you need

Downloads • Downloads only from reliable sites, whenever possible use https • If available: check (GPG) signatures after downloadingrepos, software, etc.

Regularly perform security updates Stop and deactivate services and containers you no longer need Openstack Basics Projects

• Permissions • Users/Members • Ownership & Quotas

Flavors Images Hardware setup of your VM Software setup of your VM

• defines ressources --> • Linux distributionswe support: • CPUs • CentOS • GPUs (names) • Ubuntu LTS • RAM • we can create additional flavors on • Your own images demand. • Public/Private/Shared Openstack Basics - Networks local_network 192.168.0.0/24 We use ... • a physical 40G network: Openstack, Storage • VLANs for securing the physical network by dividing it into separate virtual networks. bmprov Openstack Networks 192.168.212.0/22 • VXLAN: self-service, storage limitations, no BM • FLAT/VLAN: provider - can be set up for groups and sensitive projects individually, fast qbstorage local (not routed) IPv4 networks 192.168.128.0/22 • 10.0.0.0/8: 10.0.0.0 – 10.255.255.255 • 172.16.0.0/12: 172.16.0.0 – 172.31.255.255 • 192.168.0.0/16: 192.168.0.0 – 192.168.255.255 osprovider public IPv4 network: osprovider 134.2.168.0/24 Openstack Basics - Access

Floating IPs: "Direct" Access Jumphost: "Indirect" Access

• IP of specific network: public/bmprov • Specific VM with a public IP for access

• Quota: Each project has a limited amount • May have the only purpose of getting access to other VMs or baremetal machines you cannot • Can be allocated to a project reach directly for security or other reasons

• Can be associated and disassociated to VMs: • Different access methods: The VM doesnt know about it 1. ssh to Jumphost via Floating IP, then ssh to internal machine • Used for direct access from remote host / 2. port forwarding different network 3. proxy internal ports onto public ip of the jumphost • Not working for baremetal machines Openstack Basics - Security Groups

• Using security groups you restrict access to your VMs • A security group consists of multiple network access rules • A simplified firewall for VMs: filter source/protocols/ports

• When you launch an instance, you can assign one or more security groups to it. • If you do not specify security groups, new instances are automatically assigned to the default security group.

You are in charge to secure your VMs!

• Create new security groups. • Add or delete rules to existing security groups (be aware of other machines) • Whitelisting: Only allow what you really need, block the rest. Project > Network > Security Groups Security Groups

Protocol: e.g. TCP for SSH, ICMP for ping or UDP.

Destination port on virtual machine: Define a port range. To open a single port only, enter the same value twice. ICMP does not support ports; instead, you enter values to define the codes and types of ICMP traffic to be allowed.

Source of traffic: Enable traffic to instances from • Networks (IP Ranges) • Members of other security groups: Separate VMs within the same network Security Groups

• Security groups are project specific • The default security group contains ssh&icmp and is managed by admins

• VMs can use multiple security groups. It can cause problems if the rules of different security groups overlap: e.g. if outgoing IPv4 connections are allowed in multiple used security groups.

• We therefore recommended to use one base security group like default and additional extending security groups that add functionality: e.g. +http, https which would only whitelist tcp port 80 and 443. • Be descriptive, distinguish extending security groups from base groups e.g. add + to the name VM Basics

Login to Openstack https://mlcloud.uni-tuebingen.de/dashboard/auth/login/

Unified Identity Management • LDAP credentials for • Nextcloud • Gitlab • Openstack

• Use your LDAP credentials (initially set new password via Nextcloud) • Openstack: use Domain "ldap" Switch to English Adding ssh keys to Openstack

• Go to Project > Compute > Key Pairs • Click on "Import Public Key". • Either paste the public key manually or load it from the public key file you created. • /home/you/.ssh/id_rsa.pub VM Basics

• A VM behaves like a remote Linux machine • It is accessible through its public IP and ssh using keys VM Basics – how to create a VM

--> Project / Compute / Instances

• 'Launch Instance' • Details… • Source… • Flavor... • Networks... • Security Groups... • Key Pair... VM Basics – how to create a VM

--> Project / Compute / Instances

• 'Launch Instance' • Details --> VM Basics – how to create a VM

--> Project / Compute / Instances

• 'Launch Instance' • Source --> VM Basics – how to create a VM

--> Project / Compute / Instances

• 'Launch Instance' • Flavor --> VM Basics - How to create a VM

--> Project / Compute / Instances

• 'Launch Instance' • Networks --> VM Basics - How to create a VM

--> Project / Compute / Instances

• 'Launch Instance' • Security Groups --> VM Basics - How to create a VM

--> Project / Compute / Instances

• 'Launch Instance' • Key Pair --> VM Basics – how to create a VM

--> Project / Compute / Instances

• 'Launch Instance' • Details • Source • Flavor • Networks • Security Groups • Key Pair

--> Launch VM Basics – how to connect to a VM

1. Associate a Floating IP with your VM

2. Connect via ssh @IP e.g. [email protected] VM Basics – how to use the VM

Within a VM as ubuntu/centosuser you have passwordless sudo access

1. Update OS • CentOS: sudo yum update • Ubuntu: sudo apt-get update && sudo apt-get upgrade

2. Install software • CentOS: sudo yum install ... • Ubuntu: sudo apt-get install ...

3. Have a look on security groups and network/ports 1. Check Openstack security groups 2. Restrict everything and only allow what is necessary: White-listing

4. Make snapshots/backupsof your well-configured VM. (Be aware of databases.)

Once a VM is deployed we (the admins) cannot modify it: Everyone is responsible for her / his VMs! VM Hardening – some practices

• Secure your virtual machines just the way you would secure a physical server. • Regularly update • Do not open unsecure access points • Do not mess with default ssh settings, potentially use fail2ban • Do not leave sessions open unless required. • Do not store unprotected credentials on disk. • Disable/remove unused or unnecessary services/software in the OS. • Maintain proper logging to backtrack the origin of unusual activity. • For the paranoid: • Use log rotation to protect against DoS attacks that cause log files to grow. • Install antivirus agents, spyware filters, firewalls on the guest OS and keep them up to date. • Intrusion detection: tripwire, track /etc with signed git-commits, … Baremetal servers

What it is?

What is the differenceto a VM?

Why are we going to use it?

When are we going to use it?

First steps & how to create a baremetal instance

Attention for baremetal instances Differences VM vs. Baremetal

Type 2 Hypervisor: VMs deployed with libvirt/qemu-kvm Baremetal

VM 1 VM 2 VM 3

App 1 App 2 App 3

Host

Infrastructure Differences VM vs. Baremetal

VM (Virtual Machine) Baremetal

• Virtual instance --> Running on a • Physical machine --> physical instance Hypervisor managed by Openstack Nova • Apps are running directly on top of OS • Apps are running within VM • All resources of the machine are accessible • Owned by specific users for all users on that machine

• Created & managed by user • Owned by group of people

• Accessible via Floating IP • Created & managed by Openstack Ironic and admins

• Only accessible via JumpHost Baremetal

• Why are we using baremetal?

We will have Custom GPUs from NVIDIA

Custom GPUs (e.g. RTX 2080) from NVIDIA cannot be virtualized --> cannot be used within VMs!!!

+ Device pass-through prohibited by NVIDIA technically within virtualization environments + EULA restrictions for data-centers, not allowed to use Custom GPUs (GeForce)

• We use Openstack Ironic for realizing access to those GPUs / servers • Grown out of Openstack Nova service for VMs • For VMs are totally different in their structure the deployment process of baremetal nodes is partly problematic • Not established very well yet --> BUT getting better with time/releases Baremetal

When will baremetal servers be available?

Depends on following:

• servers will arrive earliest ~ April/May 2020

• configure time (~65 - 70 nodes need to be configured manually)

• Servers will be preconfigured from admins

• BIOS and firmware configuration for each server • ipmi user configuration • Ironic 1. step: Logical node creation for each server

• Done by users:

• Ironic 2. step: Instanziation of the logical nodes to baremetal instances via Dashboard • Copy ssh key from Admins to server How to create a baremetal instance

'Project' --> 'Compute' --> 'Instances' 'Launch Instance'

Details

• Availability Zone = ironic !!! How to create a baremetal instance

Source = Image

• Centos7BM for Centos • BionicBM for Ubuntu How to create a baremetal instance

Flavor

Only baremetal usable !!! How to create a baremetal instance

Network

Use bmprov as network Quobyte will be available there How to create a baremetal instance

Key Pair

Use your own Key

--> 'Launch Instance' --> launching baremetal instance needs some time! Please be patient and wait till the instance is up. First steps after creation of baremetal instance

1. Create separate small VM (=Jumphost) within bmprov network! 2. Attach a Floating IP to your newly Jump-VM-Host 3. Do $ ssh -A os_name@floating_IP , you are now logged into your Jump-VM 4. From there $ ssh os_name_baremetal@IP_baremetal_instance

--> Your logged into your baremetal server !

5. add the baremetal_admin public key to /home/OS_NAME/.ssh/authorized_keys of the baremetal server (you get the key from gitlab wiki --> Baremetal)

6. update your system --> Happy working Attention for baremetal instances

• You are NOT allowed to change any BMC settings

• You are NOT allowed to change any BIOS configurations

• You are responsiblefor all what happens on the machine

• Be aware of you are working with real hardware! E.g. Hard reboot of the machine may destroy settings

• Add our ssh-key (for zabbix-monitoring and emergencies) to the server! Otherwise we will stop the machine GPUs

Getting the drivers

CUDA – what it is

GPU usage within Docker GPUs – Driver CentOS Ubuntu • Check GPUs: $ sudo lshw -numeric -C display • Check GPUs: $ sudo lshw -numeric -C display • For Tesla V100 e.g: $ sudo wget • Download driver (RTX2080Ti): $ sudo wget http://us.download.nvidia.com/tesla/440.33.01/NVIDIA- http://us.download.nvidia.com/XFree86/Linux- Linux-x86_64-440.33.01.run x86_64/440.59/NVIDIA-Linux-x86_64-440.59.run For getting the link: You can just search for you GPU on the NVIDIA website and click • Update OS: $ sudo apt-get update youself until 'Agree and download' buttons appears. Now right click on button and copy Link.. $ sudo apt-get upgrade • Install prerequisits: $ sudo apt-get install linux-headers- • Update OS (centos): $ sudo yum update 4.15.0-70-generic • Install prerequisits: • Reboot your VM / Baremetal node 1. $ sudo yum install groupinstall "Development Tools" • Install driver: $ sudo bash NVIDIA-Linux-x86_64-* 2. $ sudo yum install kernel-devel epel-release • Test with $ sudo nvidia-smi --> GPUs should be listed within 3. $ sudo yum install dkms a table • Disable Nouveau Linux driver if it is enabled • Reboot your VM / Baremetal node • Install NVIDIA driver: $ sudo bash NVIDIA-Linux-x86_64-* • Test with $ sudo nvidia-smi --> GPUs should be listed within a table GPUs – CUDA - Compute Unified Device Architecture

What it is? • API and platform for NVIDIA GPUs and parallel Computing • Runtime-environment • Libraries • Development tools • Compiler • Allows usage of GPUs next to CPUs to let processes run in parallel on these GPUs and/or cores • C, C++, Python, Fortran... • Support for Tesla and GeForce cards

Advantages • Speed up processes by using GPUs • Optimum usage of ressources possible

Where to get? • Download from NVIDIA when not using Docker only • Docker images will have CUDA Toolkit installed (no need to install it on VM / host when only using Docker) GPUs – CUDA + Docker

• Since Docker version 19.03 NVIDIA GPUs are natively supported as Docker devices

• NVIDIA container toolkit • with Docker 19.03 + NVIDIA driver as prerequisits

• CUDA itself needs not to be installed on the VM / host itself

• Nvidia-docker2 users can upgrade to NVIDIA container toolkit Storage Infrastructure Backend: Quobyte • 11x storage servers • commercial XtreemFS fork • 2x 40G connections per server • 3x replicated OR some EC, stripes • ~1.7 PB HDD • Quotas/Locks/Georeplication • ~100 TB SSD • no encryption (yet) • (volume) access-management via certificates • maintenancejobs

Feature Cinder Native QB S3 (future) Nextcloud/ WebDAV shared ✓ ✓ ✓ docker image location ✓ hosts VM VM, BM public public self-managed volumes ✓ (probably) no ✓ ✓ backup manual: metadata snapshots metadata snapshots automatic snapshots many (small) files  ☹   Storage - Cinder (Openstack)

1. Openstack dashboard Project > Volumes > Volumes: Create Volume --> Use Type "quobyte"

2. Attach volume to specific VM Project > Volumes > Volumes: Manage Attachements or Project > Compute > Instances: Attach Volume

3. Format and mount it within the VM: mkfs. /dev/vdb # once per volume mount /dev/vdb /mnt/cvolume01

Volumes can only be attached to one VM at a time! Storage - native Quobyte mount For a VM within the network "qbstorage.4005". Also requires a client cfg with certificate+key we provide

• Quobyte Storage mount echo "deb http://192.168.130.6/quobyte/apt bionic main" | sudo tee -a /etc/apt/sources.list wget -qO - http://192.168.130.6/quobyte/apt/pubkey.gpg | sudo apt-key add - sudo apt update sudo apt install quobyte-client

• QB mount prep (once per VM) echo "* hard nofile 65536" | sudo tee -a /etc/security/limits.conf echo "* soft nofile 32000" | sudo tee -a /etc/security/limits.conf logout # important! # login again ...

• QB mount sudo mkdir -vp /mnt/POINT0 sudo mount.quobyte 192.168.128.1:7861,192.168.128.2:7861,192.168.128.3:7861,192.168.128.4:7861/VOLUME_NAME /mnt/POINT0

• or add following line to/etc/fstab 192.168.128.1:7861,192.168.128.2:7861,192.168.128.3:7861,192.168.128.4:7861/VOLUME_NAME /mnt/POINT0 quobyte defaults,limit-nofile=32000 0 0 Storage - S3

Amazons Simple Storage Service protocol implemented by Quobyte

• Based on http REST API • Many clients (not all are compatible to the QB implementation) • File location is a URL https://s3.mlcloud.uni-tuebingen.de/bucket-name/prefix/to/file.suffix OR https://buckt-name.s3.mlcloud.uni-tuebingen.de/prefix/to/file.suffix • Can be used to host static web content • Good: requires extra S3 credentials generated by Openstack • 2 Modes: publish QB volumes or generate isolated buckets • ACLs (per Openstack project) on individual files

• Currently unavailable until some bug/feature is fixed WebDAV

[yum|apt-get] install davfs2 usermod -aG davfs2 user01 mkdir –vp ~/nextcloud ~/.davfs2 cp /etc/davfs2/secrets ~/.davfs2/secrets chown user01:user01 ~/.davfs2/secrets chmod 600 ~/.davfs2/secrets

Append nc.mlcloud.uni-tuebingen.de/nextcloud/remote.php/dav/files/USERNAME/ user01 to ~/.davfs2/secrets mount ~/nextcloud

This requires your main ML-Cloud credentials within hosts (VMs) which should be avoided Data Handling

• VM root disks: local, fast and (sometimes) not redundant

• many small files: slow QB maintenance tasks. Imagenet Workflow: cd /local/user01/data/ tar -xf /mnt/qb/group/user01/data.tar .

• Metadata/QB Updates • Avoid watch and constant refreshing • Avoid open shells ML-Cloud Services

Nextcloud • User "home" directory • Service currently used for password management • Many different clients on many different hosts (VMs, smartphones, …) • Additional apps/features enabled on request

Gitlab • External users: Domain whitelisting for registration, if you need collaborateurs • Potentially connected to compute resources (SLURM, k8s) for CI • Additional plugins/features enabled on request

Other services • k8s, jupyterhub • SLURM cluster • Suggestions?? DB servers for experiments Docker

• Docker is a tool that allows developers, sys-admins etc. to easily deploy their applications in a sandbox (called containers) to run on the host operating system. • The key benefit of Docker is that it allows users to package an application with all of its dependencies into a standardized unit for software development. • Docker isolates applications from each other on the same host. • Docker containers share the host OS resources. Docker - Containers vs. VMs

• Containers will only share the resources of the • VMs include a complete operating system. It will host machine in order to run its environments. work independently and act like a computer.

• Containers leverage OS-level virtualization. • VMs virtualize hardware for the guest OS. Docker - Advantages of Containers

• Containers are efficient in using host resources. • Containers are lightweight and fast. • Images are more portable. "Build once. Run Anywhere" • Images are easily shared among a community. Docker - Terminology

• Dockerfile - a file that describes your steps in order to create a Docker image. It's like a recipe with all ingredients and steps necessary in making your dish. • Image – The basis of a docker container. It is a template that contains the application, and all the dependencies required to run that application. • Container - The image when it is 'running'. The standard unit for app service. • Registry – Stores, distributes and manages docker images. Docker - Common commands

• docker build – build an image from a Dockerfile • docker images – list all docker images on the host • docker run – run a docker image • docker ps – list running containers • docker rm – remove containers • docker rmi – remove images Docker example – pull image from docker hub

• Pull the tensorflow image from docker hub docker pull tensorflow/tensorflow • Start a bash shell session within a TensorFlow-configured container docker run -it tensorflow/tensorflow bash

• To run a TensorFlow program developed on the host machine: docker run -it -v $PWD:/tmp -w /tmp tensorflow/tensorflow python ./script.py • -v maps host directory to the the directory inside the container (in this case /tmp) and –w specifies the working directory inside the container. Docker - build your own image

You can build your own images: • You need to create a Dockerfile that specifies what the image will contain. • using the following command docker build –t Docker – do's and don'ts

• Use official, popular, minimal base images. • Require images to be signed. • Run containers as users with least possible privileges. Try to avoid running containers as root. • Don’t store credentials in the image. Use environment variables to store credentials. • Don’t keep containers running for a long time without security updates. Build a fresh one regularly. • Limit the directories you map into the container. • Don’t bind container ports to 0.0.0.0 Open points

• User Management → map Working Groups → OpenStack Projects?

• Images: Standard Drivers & Software, Versions, Distributions (Ubuntu LTS, CentOS) → User Input

• Resource Distribution: dynamical? → Cloud Rat

• Baremetal Ironic servers → first get hardware

• SSD Usage → Tiering or just Cinder, Input Datasets?

• Backup → What and where? Don’t Panic! It is just like with an accident when calling 911 …

1. Who are you? • Login ID • a Phone number​ (If it is urgent and we have to work interactively)

2. Where are you? • Dashboard, VM (ID or name), elsewhere

3. What did you do? • Precise problem description • Commands​, Environment, Openstack Request ID • Logs & Error messages

4. What was the desired outcome​? • Be specific, not just "it should work"

5. When were you trying to do things? • Precise time information helps a lot when looking for errors Support & Documentation

Ask Admins [email protected] [email protected] [email protected] 07071 - 29 70282

Office hours in TTR2: Wednesday morning, room 40-7/A18

Public documentation on Gitlab wiki (… will be extended over time) https://gitlab.mlcloud.uni-tuebingen.de/doku/public/-/wikis/home

Please help: • add your own documentation to it • suggest additional topics • point out errors, improvements Backup Slides Docker example - build your own image

• Build the image (called installed_mongodb) from the Dockerfile. "." tells docker build to look for the dockerfile in the present directory docker build –t install_mongodb . • List all images to see if the image was built docker images • Run the image inside a container called mongodb_container docker run --name mongodb_container -i -t install_mongodb • List all containers to see if the container mongodb_container is up and running docker ps Docker example – build your own image

• In this Dockerfile, ubuntu is set as the base image. Then necessary commands and arguments are mentioned to install MongoDB. Port 27017 is exposed to MongoDB with default container command as usr/bin/mongodb # Set the base image to Ubuntu FROM ubuntu # Update the repository sources list and install gnupg2 RUN apt-get update && apt-get install -y gnupg2 # Add the package verification key RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 # Add MongoDB to the repository sources list RUN echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' > tee /etc/apt/sources.list.d/mongodb.list # Update the repository sources list RUN apt-get update # Install MongoDB package (.deb) RUN apt-get install -y mongodb # Create the default data directory RUN mkdir -p /data/db # Expose the default port EXPOSE 27017 # Default port to execute the entrypoint (MongoDB) CMD ["--port 27017"] # Set default container command ENTRYPOINT usr/bin/mongodb Agent forwarding using Pageant Agent forwarding using Pageant