REANA
Reana is a software developed at CERN that focuses on the reproducibility and reanalysis of scientific results. It is deployed on the CERN VRE allowing users to run (and re-run) analysis pipelines on the VRE compute resources.
Reana supports various workflow systems (CWL, Serial, Snakemake and Yadage) and can be configured to offload the workflow to different compute backend (HTCondor, Kubernetes and Slurm). We refer the reader to the
official Reana documentation for futher details.
The VRE computing resources are limited and are designed to host the VRE services.
Please make responsible use of the computing power of the cluster. For heavy computing workflows, please use the official Reana deployment.
CERN VRE Reana deployment
- The current Reana Helm chart version deployed on the VRE cluster is shown on the badge at the top of this page.
- The Reana manifests deployed on the cluster can be found on the VRE repository - Reana deployment.
Installation of the REANA VRE instance
(Special thanks to Elena G. for the drafting of this documentation)
- Apply the Reana hel charts (the
reana-release.yamlmanifest on our repository. Please note that they are adapted to be compliant with flux" helm chart via flux), keeping the ingress disabled as the default Reana ingress is Traefik, while at CERN Openstack already deploys nginx as the ingress controller. - If you are using your own DB instance, change the configuration with DB name, host and port in the Helm chart, delete the secret
<your-reana-helm-release>-db-secrets which contains the username and password and re-apply your own as in theinfrastructure/scripts/create-reana-secrets.sh.
Note that the secret gets updated every time you helm update or apply the reana-release.yaml.
Make sure you check that the DB secret is your own and not the default one once you update or change the charts.
Initialise the DB as described in the helm chart. If you are using k9s, type :helm and press enter on the your-reana-helm-release name for instructions.
3. Once the helm chart is applied correctly, add the DNS name (reana-vre.cern.ch) as a label to the ingress nodes, like you should have done with during the jhub deployment as well:
openstack server set --property landb-alias=jhub-vre--load-1-,reana-vre--load-1- vre-xxxxxxxxxxxx-node-0
openstack server set --property landb-alias=jhub-vre--load-2-,reana-vre--load-2- vre-xxxxxxxxxxxx-node-1
openstack server set --property landb-alias=jhub-vre--load-3-,reana-vre--load-3- vre-xxxxxxxxxxxx-node-2
- Apply the
reana-ingress.yamlmanually. Theletsencryptannotation should create the secretcert-manager-tls-ingress-secret-reanaautomatically. - Configure Reana to use your identity provider. For this, follow the instructions on the Reana official docs.
For the ESCAPE IAM idP the OpenID configuration is can be found here.
The secrets of the IAM client acting on behalf of the application are stored in the
reana-vre-iam-clientsecrets, deployed by thecreate-reana-secrets.sh(link to the script on the VRE repo). You can then see that the users get created in the DB, also the charts has an option to specify email notification whenever a new user requests a token.
Some useful Reana commands to deal with users:
$ export REANA_ACCESS_TOKEN=$(kubectl get secret reana-admin-access-token -n reana -o json | jq -r '.data | map_values(@base64d) | .ADMIN_ACCESS_TOKEN')
$ echo $REANA_ACCESS_TOKEN
# LIST USERS
$ kubectl exec -i -t deployment/reana-server -n reana -- flask reana-admin user-list --admin-access-token $REANA_ACCESS_TOKEN
# CREATING USER
kubectl exec -i -t deployment/reana-server -n reana -- flask reana-admin user-create --email <user-email> --admin-access-token $REANA_ACCESS_TOKEN
# GRANTING TOKEN TO NEW USER
kubectl exec -i -t deployment/reana-server -n reana -- flask reana-admin token-grant -e <user-email> --admin-access-token $REANA_ACCESS_TOKEN
- Navigate to
reana-vre.cern.chand log in with your IAM credentials.