How to request roles for Islet service on My DataLake Services
The Islet Service is a cloud computing service based on OpenStack that provides users with Infrastructure-as-a-Service (IaaS) solutions. You can
manage and deploy virtualized compute, network and storage resources;
manage virtual resources (e.g. Virtual Machines or Object Storage) with OpenStack Horizon GUI or CLI;
create your own Virtual Machines (VMs) and
use and create Kubernetes clusters.
Roles allow you to access different features of Destination Earth cloud. In this article, you will learn how to submit a request for roles for islet service.
What we are going to cover
Prerequisites
No. 1 Account
You need a profile on My DataLake Services: How to create a profile on My DataLake Services.
No. 2 Administrative privileges within a project
You need to be a member of a project and have administrative privileges in it. That project must be accepted by an operator of My DataLake Services.
To learn how to create a project, check How to create a project on My DataLake Services.
Alternatively, you can join an existing project and its admin can grant you admin privileges.
No. 3 Islet documentation
See Islet Service for Islet documentation.
No. 4 Additional users
For users in My DataLake Services see
How to invite a user to a project on My DataLake Services
How to manage users within a project on My DataLake Services
For users and projects in OpenStack, see
Dashboard Overview Project Quotas And Flavors Limits
Tip
Before requesting Islet roles, ensure:
Your project is approved.
You are a project admin.
You reviewed the Islet service documentation.
Summary table
Step 1: Request access role
Step 2: Request quota role
Step 3: Wait for approval
Step 4: Generate OpenStack account
Step 5: Create project
Note
There are two types of roles:
Access role: Grants permission to use the Islet service.
Quota role: Grants specific compute/storage quotas on OpenStack infrastructure.
Choosing which role to request
Sign in to My DataLake Services https://application.data.destination-earth.eu/.
Navigate to Role requests:
You should see page similar to this:
In this particular case, two services, s3-object-storage and eodata have already been approved, while hda, hook, islet, stack-dask and stack-jupyter can be requested. Assuming you do not already have access to islet, click on button Request access for service islet.
You should be transferred to page entitled Request access, with two sections: Access roles and Quota roles. You will need to fill both of these forms.
Access roles
For islet service, there is only one access role:
Role |
Description |
|---|---|
islet-access |
Access to the Islet Compute Service (SaaS). |
Although there is only one, you still have to click on Select role circle.
It is mandatory to enter text into field Description of planned activities.
Once you click on button Request role, another part of the screen scrolls up, this time to request quota role.
Quota roles
For islet service, there are three quota roles:
Role |
Resources |
Recommended for |
|---|---|---|
islet-low |
32 cores, 125 GiB RAM |
Up to 3 users |
islet-medium |
64 cores, 250 GiB RAM |
Up to 6 users |
islet-high |
128 cores, 500 GiB RAM |
Up to 12 users |
Click on Select role circle to choose.
It is mandatory to enter text into field Description of planned activities.
Finish with clicking on Request role and you will see a list of your requests.
List of pending role requests
You will now see a list of role requests. Here are the latest two, for islet service:
Buttons Details and Delete are described in detail in the later part of this article.
Operator approval
The next phase is waiting for the DEDL operator to approve (or disapprove) your requests. When approved, you will see it in the list of Active roles.
Once approved, the DEDL operator will assign your Islet project to a specific cloud provider or site.
Note
Role approvals are processed manually by DEDL operators. Processing may take up to 1–2 business days.
List active roles
With option Access -> Active roles from the left side menu, you can see the existing active roles. In this example, all roles are active but the situation may be very different in your case.
History of role requests
Option Role requests shows the history of requested roles:
Click on Details button to see the exact details of, say, islet role:
How to change roles for islet service
It is possible to change the role you already have for another one that is available for the service. If there was only one role to start with, it is not possible to change it for something else. Concretely, there is only one access role for islet service, so you cannot change it. However, there are three quota roles and there you can request for a change.
Let’s say that you have decided to start high with islet-high and that this is the state you see in option Active roles:
To try to change current quota from islet-high to islet-low, click on Role requests to see all active services and click on Edit access for row islet:
You will now be able to choose another available quota role for the Islet service:
There is a total of three quota roles and you already have the high one, so now you can choose from the other two, for low and medium access.
Click on the Select role column and enter text into field Description of planned activities. The Request role button will become active so click on it. A message will appear in the bottom right corner:
In the list of role requests, a new request to the operator will appear as PENDING:
There are two options now available for that request:
- Details
This is the standard option for all requests.
- Delete
This is the new option, with which you can delete the request before it is reviewed by the operator.
You will have a chance to cancel or confirm:
If you confirm, a message will appear in the bottom right corner of the browser window:
The request will become REJECTED and if you now click on Details, you will see that the reason for rejection is labeled as deleted directly.
If not deleted by the user, the request will in due time appear before the operator, who will approve it or reject it.
In case of approval, the role request will become APPROVED:
Click on Active roles to verify that the quota has changed to low:
If rejected, you will, under Details, see the message that the operator sent you. In this case it is “Not available” but it can be anything else the operator wants you know about the rejection:
Islet projects
Once you have the islet service approved, a new option in the main menu on the left side will appear, Islet projects, with sub-option, Active projects.
Projects in My DataLake Services and OpenStack are not the same
A project in My DataLake Services is the working environment for the user, while “islet projects” define project parameters under OpenStack, under which islet applications run. You can see these parameters through OpenStack Horizon command Project –> Computer –> Overview:
OpenStack user must have an account and the message indicates that account used to access DestinE does not have its counterpart in OpenStack, therefore, click on button Generate account should make one anew. A modal window will appear and ask for confirmation:
If everything goes well behind the curtain, there will be a message in the lower right corner that a new account on OpenStack was opened.
Since we are now connected to OpenStack, we can define how we want to distribute its resources. We are now ready to create a new My DataLake Services project, by clicking on button New project. Before that, let us take a look at the list of all resources we can distribute across one or more OpenStack accounts:
The middle column called Current allocation is mostly zero, meaning that, at the moment, none of the resources is allocated yet. That will change with each generation of new projects.
Create new My DataLake Services project
Click the New project button and get the following form:
Textual fields Project name and Description of planned activities are mandatory.
Quota type has two values, standard and custom. If it is standard, you have a drop-down field Project quota to choose from one of three options: low, medium or high. The value of low is the default state and corresponds to the figure above. Choosing value medium, however, produces errors:
The project quota of medium tries to have 512 gigabytes for backups, however, there is only 300 of those in the system. The values of islet project quota high would be similarly impractical.
Create islet project with low option
Start with islet-low service quota and select low project quota:
Then click on New project to create a new and immediately active islet project.
In the lower right corner there will be a message “An openstack project has been created”.
Two buttons are active:
- Details
Shows the exact parameters the islet project has been defined with.
- Users
Shows assignment of users to the project:
In this case, the admin of My DataLake Services project is the only user and is automatically tied to the existing islet project.
Again, you have to wait for the operator to approve of the project.
Custom low project:
The state of the resources
In the resources table, you see that all available quotas are 0 and in red color. For instance,
the max quota for backup gigabytes is 300 (the rightmost column),
current usage is also 300 and
there is 0 remaining available quotas for an eventual another project.
If you are sure that you want to have one and only one islet project, then this state might be adequate; your project will have most of all of the system parameters. If you, on the other hand, want to have two or more different projects, then the presence of red lines in resources table is a problem.
Create another project
You still have islet-low service quota and you have used it all up when generating the first islet project. If you again try to create a new project, you will see this:
There are red lines beneath each and every field, stating that there is no room to create a new islet project. If you increase service quota to islet-medium, there will be changes in table Resources for all projects:
If you raise service quota to islet-high (this will require operator approval), the table changes to this:
Except for a few parameters, this larger service quota did not free up the parameters that have already been maxed out. For example, the number of key pairs is 300 and has been maxed out since the generation of the very first islet project; increasing the service role did not increase the values of parameters for islet project.
How to change the existing islet project
To change the existing islet project, click on Details next to its name and choose custom Quota type. You will be able to set up each and every parameter to the value of you choice (inside the provided parameters, of course):
Here are the parameters entered – feel free to enter your own values (within permissible boundaries shown above each field):
Click on Submit. The status of islet project at first is QUOTA UPDATE PENDING and it will automatically turn on to ACTIVE a while later.
Looking at the table of resources for all projects, we see that there are no red warnings:
That means that the parameters for the new version of islet project are chosen realistically for the currently valid service quota, which is, as we remember, islet-high.
Create another islet project
Click on New project once again and see that the available maximum values are reduced by the amounts used for the existing islet project.
None of the standard islet quota types will be applicable now so, once again, use the custom quota option. The next window form will show the available range of parameters so take that into account and define a new islet project:
The second islet project is in status PENDING and a minute or so later, it will become ACTIVE.
Here is the state of the resources with service quota islet-high and two projects active:
The choices you made here should be visible in OpenStack Horizon under command Compute -> Overview. See Prerequisite No. 4.
How to remove access to a service on My DataLake Services
Warning
Once approved, a service cannot be removed through the GUI. Contact support for removal requests.
Once you are approved for access to a service, there is no option within My DataLake Services application to stop being attached to that service. You will have to ask Support for changes of that type.
Similarly, if you want to stop being an owner of a My DataLake Services account, ask the same Support to delete it for you.
What To Do Next
You should have access to all features associated with your new roles. In particular, you can start using islet page with the allocated quotas.
Also of interest:
How to invite a user to a project on My DataLake Services
How to manage users within a project on My DataLake Services