cloud:cli
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
cloud:cli [2020/05/14 09:36] – created chudler | cloud:cli [2020/05/14 10:13] – [Internet Addresses] chudler | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== CLI ACCESS ===== | + | ===== CLOUD CLI ACCESS ===== |
== INSTALL == | == INSTALL == | ||
- | It is installable in many ways. | + | Pip is preferred. The general CS infrastructure |
- | + | ||
- | Use your favorite package manager on your own computer. | + | |
Try: < | Try: < | ||
- | == PRELIMINARY SETUP == | + | ===== CONFIGURATION ===== |
- | Use environment variables | + | Use a clouds.yaml file to direct your client. Below is a canonical example, but you __will__ have to modify the variables according to your account. |
+ | '' | ||
< | < | ||
- | # Clear any old environment that may conflict. | + | clouds: |
- | for key in $( set | awk ' | + | |
- | export OS_NO_CACHE=True | + | auth: |
- | export COMPUTE_API_VERSION=1.1 | + | |
- | export OS_USERNAME=chudler | + | |
- | export no_proxy=overcloud.cs.uchicago.edu | + | |
- | export OS_REGION_NAME=regionOne | + | |
- | export OS_USER_DOMAIN_NAME=Default | + | |
- | export OS_VOLUME_API_VERSION=3 | + | |
- | export OS_CLOUDNAME=overcloud | + | |
- | export OS_AUTH_URL=https:// | + | |
- | export NOVA_VERSION=1.1 | + | |
- | export OS_IMAGE_API_VERSION=2 | + | |
- | export OS_PASSWORD=sekret | + | |
- | export OS_PROJECT_DOMAIN_NAME=Default | + | |
- | export OS_IDENTITY_API_VERSION=3 | + | |
- | export OS_PROJECT_NAME=chudler | + | |
- | export OS_AUTH_TYPE=password | + | |
- | export PYTHONWARNINGS=" | + | |
- | export OS_COMPUTE_API_VERSION=2.latest | + | |
</ | </ | ||
+ | The [[ cloud: | ||
- | You can also download a customized version of this data after you authenticate to the Web Interface (click API Access from the menu and then the button " | + | You can also download a customized version of this data after you authenticate to the Web Interface (click API Access from the menu and then the button " |
- | == USAGE == | + | ====== USAGE ====== |
First, Take note of a loose UX pattern that the client has: | First, Take note of a loose UX pattern that the client has: | ||
Line 47: | Line 39: | ||
For example< | For example< | ||
- | Once you have the software installed and the shell' | + | Once you have the software installed and the configuration file created, |
- | ==== Annotated Example ==== | + | ====== Annotated Example |
Read what has been written above before you read this. | Read what has been written above before you read this. | ||
- | Look around. The list could be empty, but we use this command a lot! | + | We use this command a lot |
< | < | ||
+ | |||
+ | ====Images==== | ||
Images are prebuilt disks that are used to launch instances. They are usually a few GB in size. A copy of the disk image is written into the instance' | Images are prebuilt disks that are used to launch instances. They are usually a few GB in size. A copy of the disk image is written into the instance' | ||
+ | |||
There are images that Techstaff provides, some of which are restricted-use. We can build images for you or you can build and upload your own. Our images are generic, bare bones, cloud enabled popular operating systems that are a firm foundation for you to customize from. They are often in RAW format, not qcow2, for performance reasons. | There are images that Techstaff provides, some of which are restricted-use. We can build images for you or you can build and upload your own. Our images are generic, bare bones, cloud enabled popular operating systems that are a firm foundation for you to customize from. They are often in RAW format, not qcow2, for performance reasons. | ||
+ | |||
< | < | ||
- | Openstack can hold a public key in its db, and insert it into instances when told. This is optional (your author does not use this) | + | ====SSH Keys==== |
+ | |||
+ | Openstack can hold a public key in its db, and insert it into instances when told. This is optional (your author does not use this capability) | ||
< | < | ||
- | A flavor is a pre-chosen size for resources that make up an instance. It is a mandatory parameter when creating instances. Look at the available flavors ,which your admins have created.\\ | + | ==== Flavors ==== |
- | Servers can grow after creation. For example, the disk-size attribute merely expresses the **minimum** size of the boot volume, and most cloud-enabled operating systems expand the root volume on first-boot. In spite of this, relying on dynamically resizing instances increases risk, and it is far better | + | A flavor is a pre-chosen size for resources that make up an instance. It is a mandatory parameter when creating instances. Look at the available flavors, which your admins have created.\\ |
+ | Servers can grow after creation. For example, the disk-size attribute merely expresses the **minimum** size of the boot volume, and most cloud-enabled operating systems expand the root volume on first-boot. In spite of this, relying on dynamically resizing instances increases risk, and you should choose a size that is close to what you expect to use. | ||
< | < | ||
- | Look at the Networks that are available | + | ==== Networks ===== |
+ | Look at the Networks that are available. The meaning of an Openstack " | ||
+ | |||
+ | You are free to use the Network called __cloud__, if you don't need your hosts to be L2 isolated from other users, and you would like to proceed directly to creating servers. | ||
- | You are free to use the Network called __cloud__, if you don't need your hosts to be L2 isolated from other people, and you would like to proceed directly to creating servers. | ||
Using the __cloud__ network cuts down your complexity significantly, | Using the __cloud__ network cuts down your complexity significantly, | ||
Line 75: | Line 76: | ||
</ | </ | ||
- | [EDITOR NOTE: This section should be isolated from the main body] | + | See also [[ cloud:recipe: |
- | + | ||
- | === OPTIONALLY CREATING YOUR OWN NETWORK GEAR=== | + | |
- | + | ||
- | Should you want to create a network of your own that your hosts will be on, not all of these options are necessary | + | |
- | < | + | |
- | openstack network create mynet \ | + | |
- | --provider-network-type geneve \ | + | |
- | --enable-port-security \ | + | |
- | --internal | + | |
- | </ | + | |
- | + | ||
- | Now create a subnet for your network. This is mandatory for launching instances in the network that you just created. | + | |
- | + | ||
- | After this, we now consider you to be a Network Administrator, | + | |
- | + | ||
- | The cloud will **not** restrict your choices without cause. This means you can create impossible and insane situations that have no valid solution. There' | + | |
- | + | ||
- | You are now advised that there is no " | + | |
- | + | ||
- | < | + | |
- | openstack subnet create \ | + | |
- | --network mynet \ | + | |
- | --ip-version 4 \ | + | |
- | --subnet-range 192.168.222.0/ | + | |
- | --allocation-pool start=192.168.222.10, | + | |
- | --dns-nameserver 128.135.164.141 mysubnet \ | + | |
- | --gateway 192.168.222.1 \ | + | |
- | --dhcp | + | |
- | </ | + | |
- | + | ||
- | After creating your own network and subnet(s), a router is also needed. However, a router is **not** needed if your instances only talk to each other. The router will take the gateway of your subnet automatically, | + | |
- | + | ||
- | < | + | |
- | openstack router create --enable myrouter | + | |
- | </ | + | |
- | < | + | |
- | openstack router add subnet myrouter mysubnet | + | |
- | </ | + | |
- | + | ||
- | With the router created and attached to your own subnet, develop it further. You need to obtain a free IP address on the UC Campus. We call this network __campus37__. The Internet-connected subnet on that network is called __public37__. | + | |
- | + | ||
- | After this command, the router will have one leg in your subnet and one leg in the public campus network (and internet). | + | |
- | + | ||
- | Only you will be able to use this address until you destroy it. **DONT ever take more than you need and free this resource as soon as you project ends.** | + | |
- | + | ||
- | < | + | |
- | openstack router set myrouter \ | + | |
- | --external-gateway campus37 \ | + | |
- | --enable-snat | + | |
- | </ | + | |
- | + | ||
- | This is all that will be needed to launch instances. If you had used the network known as __cloud__, you can skip the steps for this custom network and subnet and router. | + | |
- | === Finally | + | ===== Creating an Instance |
- | If all of this worked, you now have all of the prerequisites for launching a virtual computer. These are the prerequisites: | + | You now have all of the prerequisites for launching a virtual computer. These are the prerequisites: |
* Properly prepared Network -- or use the one called " | * Properly prepared Network -- or use the one called " | ||
Line 143: | Line 92: | ||
< | < | ||
openstack server create \ | openstack server create \ | ||
- | --image | + | --image |
--boot-from-volume=32 \ | --boot-from-volume=32 \ | ||
- | --flavor m1.small \ | + | --flavor m1.medium |
--config-drive=true \ | --config-drive=true \ | ||
--user-data=/ | --user-data=/ | ||
- | --network | + | --network |
myserver | myserver | ||
</ | </ | ||
- | The command executed asynchronously, | + | The command executed asynchronously, |
< | < | ||
openstack server list --name myserver | openstack server list --name myserver | ||
</ | </ | ||
+ | |||
< | < | ||
openstack server show myserver | openstack server show myserver | ||
Line 164: | Line 114: | ||
< | < | ||
openstack server create \ | openstack server create \ | ||
- | --image | + | --image |
--boot-from-volume=32 \ | --boot-from-volume=32 \ | ||
- | --flavor m1.small \ | + | --flavor m1.medium |
--config-drive=true \ | --config-drive=true \ | ||
--user-data=/ | --user-data=/ | ||
- | --network | + | --network |
--min 10 \ | --min 10 \ | ||
--max 10 \ | --max 10 \ | ||
myserver | myserver | ||
</ | </ | ||
+ | |||
+ | ==== Mandatory Firewall Rules ==== | ||
+ | If you are using the default security groups, all ingress network communication is dropped. | ||
Here's a nasty thing I use to determine what the security group is for a server (it can be determined also by looking at security groups directly) [ITS BRITTLE, BEWARE] | Here's a nasty thing I use to determine what the security group is for a server (it can be determined also by looking at security groups directly) [ITS BRITTLE, BEWARE] | ||
Line 187: | Line 140: | ||
</ | </ | ||
- | If I learned the security group successfully, | + | If I learned the security group successfully, |
< | < | ||
Line 196: | Line 149: | ||
</ | </ | ||
- | In actual fact, all of the servers you create will be in the same security group. The above was attempting to suggest effective use of the tools, in combination. | + | In actual fact, all of the servers you create will be in the same security group. |
- | If everything so far has succeeded. | + | ==== Internet Addresses ==== |
- | If the server' | + | |
- | You could also use the web interface to access the console, but that's not quite the same. | + | |
- | As before, in the Network Gear section, get a campus IP address from our pool. | + | |
+ | If the server' | ||
+ | |||
+ | As in [[ cloud: | ||
Where do you want to create your floating IP? | Where do you want to create your floating IP? | ||
Line 208: | Line 161: | ||
openstack network list | openstack network list | ||
</ | </ | ||
+ | |||
Use the network from the previous command: | Use the network from the previous command: | ||
< | < | ||
- | openstack floating ip create | + | openstack floating ip create |
</ | </ | ||
+ | |||
You now have an IP you can use: | You now have an IP you can use: | ||
< | < | ||
Line 217: | Line 172: | ||
</ | </ | ||
- | Note that the command | + | At last, you can ssh into 128.135.37.XX. It is important for you to realize that your __local__ server IP does not change (no new interface is given to the instance). Instead, the router on the subnet simply performs DNAT on behalf of the clients. |
- | < | + | Here's another possibility: |
- | openstack server $action $subresource $more_options | + | |
- | </ | + | |
- | + | ||
- | At last, you can ssh into 128.135.37.XX. It is important for you to realize that your __local__ server IP does not change (no new interface is given to the instance). Instead, the router on the subnet simply performs DNAT on behalf of the clients. | + | |
< | < | ||
**Now** your server does have a **new** network interface attached to it, and will be served a DHCP address on it. You will almost certainly have to inform the OS about this manually; the cloud may not help you do that. | **Now** your server does have a **new** network interface attached to it, and will be served a DHCP address on it. You will almost certainly have to inform the OS about this manually; the cloud may not help you do that. | ||
- | This section added a floating ip address directly to the server. You must realize that a router was needed on the subnet for that to happen. | + | This section added a floating ip address directly to the server. You must realize that a router was needed on the subnet for that to happen. |
- | + | ||
- | == A WORD ABOUT CLOUD INIT == | + | |
- | Your author uses cloud init extensively | + | |
+ | ==== A WORD ABOUT CLOUD INIT ==== | ||
+ | Your author uses cloud init extensively and does not contemplate alternative. It is optional. The file used in these examples is available on request, but you might wish to develop your own from scratch. |
/var/lib/dokuwiki/data/pages/cloud/cli.txt · Last modified: 2021/04/15 16:53 by chudler