Skip to content

Integration with EGI

EGI is a federation of many cloud providers and hundreds of data centres, spread across Europe and worldwide that delivers advanced computing services to support scientists, multinational projects and research infrastructures.

Deployment on the EGI Federated Cloud

The EGI Federated Cloud is an IaaS-type cloud, made of academic private clouds and virtualised resources and built around open standards. Its development is driven by requirements of the scientific communities.

The OSCAR platform can be deployed on the EGI Federated Cloud resources through the IM Dashboard.

You can follow EGI's IM Dashboard documentation or the OSCAR's IM Dasboard documentation.

OSCAR on IM

Integration with EGI Datahub (Onedata)

EGI DataHub, based on Onedata, provides a global data access solution for science. Integrated with the EGI AAI, it allows users to have Onedata spaces supported by providers across Europe for replicated storage and on-demand caching.

EGI DataHub can be used as an output storage provider for OSCAR, allowing users to store the resulting files of their OSCAR services on a Onedata space. This can be done thanks to the FaaS Supervisor. Used in OSCAR and SCAR, responsible for managing the data Input/Output and the user code execution.

To deploy a function with Onedata as output storage provider you only have to specify an identifier, the URL of the Oneprovider host, your access token and the name of your Onedata space in the "Storage" tab of the service creation wizard:

Onedata provider

And the path where you want to store the files in the "OUTPUTS" tab:

Onedata output

This means that scientists can store their output files on their Onedata space in the EGI DataHub for long-time persistence and easy sharing of experimental results between researchers.

Integration with EGI Check-In (OIDC)

OSCAR API supports OIDC (OpenID Connect) access tokens to authorize users since release v2.5.0. By default, OSCAR clusters deployed via the IM Dashboard are configured to allow authorization via basic auth and OIDC tokens using the EGI Check-in issuer. From the IM Dashboard deployment window, users can add one EGI Virtual Organization to grant access for all users from that VO.

oscar-ui.png

Accessing from OSCAR UI

The static web interface of OSCAR has been integrated with EGI Check-in and published in ui.oscar.grycap.net to facilitate the authorization of users. To login through EGI Check-In using OIDC tokens, users only have to put the endpoint of its OSCAR cluster and click on the "EGI CHECK-IN" button.

im-dashboard-oidc.png

Integration with OSCAR-CLI via OIDC Agent

Since version v1.4.0 OSCAR CLI supports API authorization via OIDC tokens thanks to the integration with oidc-agent.

Users must install oidc-agent following its instructions and create a new account configuration for the https://aai.egi.eu/auth/realms/egi/ issuer.

After that, clusters can be added with the command oscar-cli cluster add specifying the oidc-agent account name with the --oidc-account-name flag.

Obtaining an Access Token

Once logged in via EGI Check-In you can obtain an Access Token with one of this approaches:

  • From the command-line, using oidc-agent with the following command:

    sh oidc-token <account-short-name> where account-short-name is the name of your account configuration.

  • From the EGI Check-In Token Portal: https://aai.egi.eu/token

egi-checkin-token-portal.png