cloud:cli
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
cloud:cli [2020/05/14 09:36] – created chudler | cloud:cli [2020/05/14 10:41] – [Creating an Instance] chudler | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== CLI ACCESS ===== | + | ===== CLOUD CLI ACCESS ===== |
== INSTALL == | == INSTALL == | ||
- | It is installable in many ways. | + | Pip is preferred. The general CS infrastructure |
- | + | ||
- | Use your favorite package manager on your own computer. | + | |
Try: < | Try: < | ||
- | == PRELIMINARY SETUP == | + | ===== CONFIGURATION ===== |
- | Use environment variables | + | Use a clouds.yaml file to direct your client. Below is a canonical example, but you __will__ have to modify the variables according to your account. |
+ | '' | ||
< | < | ||
- | # Clear any old environment that may conflict. | + | clouds: |
- | for key in $( set | awk ' | + | |
- | export OS_NO_CACHE=True | + | auth: |
- | export COMPUTE_API_VERSION=1.1 | + | |
- | export OS_USERNAME=chudler | + | |
- | export no_proxy=overcloud.cs.uchicago.edu | + | |
- | export OS_REGION_NAME=regionOne | + | |
- | export OS_USER_DOMAIN_NAME=Default | + | |
- | export OS_VOLUME_API_VERSION=3 | + | |
- | export OS_CLOUDNAME=overcloud | + | |
- | export OS_AUTH_URL=https:// | + | |
- | export NOVA_VERSION=1.1 | + | |
- | export OS_IMAGE_API_VERSION=2 | + | |
- | export OS_PASSWORD=sekret | + | |
- | export OS_PROJECT_DOMAIN_NAME=Default | + | |
- | export OS_IDENTITY_API_VERSION=3 | + | |
- | export OS_PROJECT_NAME=chudler | + | |
- | export OS_AUTH_TYPE=password | + | |
- | export PYTHONWARNINGS=" | + | |
- | export OS_COMPUTE_API_VERSION=2.latest | + | |
</ | </ | ||
+ | The [[ cloud: | ||
- | You can also download a customized version of this data after you authenticate to the Web Interface (click API Access from the menu and then the button " | + | You can also download a customized version of this data after you authenticate to the Web Interface (click API Access from the menu and then the button " |
- | == USAGE == | + | ====== USAGE ====== |
First, Take note of a loose UX pattern that the client has: | First, Take note of a loose UX pattern that the client has: | ||
Line 47: | Line 38: | ||
For example< | For example< | ||
- | Once you have the software installed and the shell' | + | Once you have the software installed and the configuration file created, |
- | ==== Annotated Example ==== | + | ====== Annotated Example |
Read what has been written above before you read this. | Read what has been written above before you read this. | ||
- | Look around. The list could be empty, but we use this command a lot! | + | We use this command a lot |
< | < | ||
+ | |||
+ | ====Images==== | ||
Images are prebuilt disks that are used to launch instances. They are usually a few GB in size. A copy of the disk image is written into the instance' | Images are prebuilt disks that are used to launch instances. They are usually a few GB in size. A copy of the disk image is written into the instance' | ||
+ | |||
There are images that Techstaff provides, some of which are restricted-use. We can build images for you or you can build and upload your own. Our images are generic, bare bones, cloud enabled popular operating systems that are a firm foundation for you to customize from. They are often in RAW format, not qcow2, for performance reasons. | There are images that Techstaff provides, some of which are restricted-use. We can build images for you or you can build and upload your own. Our images are generic, bare bones, cloud enabled popular operating systems that are a firm foundation for you to customize from. They are often in RAW format, not qcow2, for performance reasons. | ||
+ | |||
< | < | ||
- | Openstack can hold a public key in its db, and insert it into instances when told. This is optional (your author does not use this) | + | ====SSH Keys==== |
+ | |||
+ | Openstack can hold a public key in its db, and insert it into instances when told. This is optional (your author does not use this capability) | ||
< | < | ||
- | A flavor is a pre-chosen size for resources that make up an instance. It is a mandatory parameter when creating instances. Look at the available flavors ,which your admins have created.\\ | + | ==== Flavors ==== |
- | Servers can grow after creation. For example, the disk-size attribute merely expresses the **minimum** size of the boot volume, and most cloud-enabled operating systems expand the root volume on first-boot. In spite of this, relying on dynamically resizing instances increases risk, and it is far better | + | A flavor is a pre-chosen size for resources that make up an instance. It is a mandatory parameter when creating instances. Look at the available flavors, which your admins have created.\\ |
+ | |||
+ | Servers can grow after creation. For example, the '' | ||
< | < | ||
- | Look at the Networks that are available | + | ==== Networks ===== |
+ | Look at the Networks that are available. The meaning of an Openstack " | ||
+ | |||
+ | You are free to use the Network called __cloud__, if you don't need your hosts to be L2 isolated from other users, and you would like to proceed directly to creating servers. | ||
- | You are free to use the Network called __cloud__, if you don't need your hosts to be L2 isolated from other people, and you would like to proceed directly to creating servers. | ||
Using the __cloud__ network cuts down your complexity significantly, | Using the __cloud__ network cuts down your complexity significantly, | ||
Line 75: | Line 76: | ||
</ | </ | ||
- | [EDITOR NOTE: This section should be isolated from the main body] | + | See also [[ cloud:recipe: |
- | + | ||
- | === OPTIONALLY CREATING YOUR OWN NETWORK GEAR=== | + | |
- | + | ||
- | Should you want to create a network of your own that your hosts will be on, not all of these options are necessary | + | |
- | < | + | |
- | openstack network create mynet \ | + | |
- | --provider-network-type geneve \ | + | |
- | --enable-port-security \ | + | |
- | --internal | + | |
- | </ | + | |
- | + | ||
- | Now create a subnet for your network. This is mandatory for launching instances in the network that you just created. | + | |
- | + | ||
- | After this, we now consider you to be a Network Administrator, | + | |
- | + | ||
- | The cloud will **not** restrict your choices without cause. This means you can create impossible and insane situations that have no valid solution. There' | + | |
- | + | ||
- | You are now advised that there is no " | + | |
- | + | ||
- | < | + | |
- | openstack subnet create \ | + | |
- | --network mynet \ | + | |
- | --ip-version 4 \ | + | |
- | --subnet-range 192.168.222.0/ | + | |
- | --allocation-pool start=192.168.222.10, | + | |
- | --dns-nameserver 128.135.164.141 mysubnet \ | + | |
- | --gateway 192.168.222.1 \ | + | |
- | --dhcp | + | |
- | </ | + | |
- | + | ||
- | After creating your own network and subnet(s), a router is also needed. However, a router is **not** needed if your instances only talk to each other. The router will take the gateway of your subnet automatically, | + | |
- | + | ||
- | < | + | |
- | openstack router create --enable myrouter | + | |
- | </ | + | |
- | < | + | |
- | openstack router add subnet myrouter mysubnet | + | |
- | </ | + | |
- | + | ||
- | With the router created and attached to your own subnet, develop it further. You need to obtain a free IP address on the UC Campus. We call this network __campus37__. The Internet-connected subnet on that network is called __public37__. | + | |
- | + | ||
- | After this command, the router will have one leg in your subnet and one leg in the public campus network (and internet). | + | |
- | + | ||
- | Only you will be able to use this address until you destroy it. **DONT ever take more than you need and free this resource as soon as you project ends.** | + | |
- | + | ||
- | < | + | |
- | openstack router set myrouter \ | + | |
- | --external-gateway campus37 \ | + | |
- | --enable-snat | + | |
- | </ | + | |
- | + | ||
- | This is all that will be needed to launch instances. If you had used the network known as __cloud__, you can skip the steps for this custom network and subnet and router. | + | |
- | === Finally | + | ===== Creating an Instance |
- | If all of this worked, you now have all of the prerequisites for launching a virtual computer. These are the prerequisites: | + | You now have all of the prerequisites for launching a virtual computer. These are the prerequisites: |
- | * Properly prepared Network -- or use the one called | + | * Properly prepared Network -- or use the one called |
* Flavor Name | * Flavor Name | ||
* Image Name | * Image Name | ||
Line 143: | Line 92: | ||
< | < | ||
openstack server create \ | openstack server create \ | ||
- | --image | + | --image |
--boot-from-volume=32 \ | --boot-from-volume=32 \ | ||
- | --flavor m1.small \ | + | --flavor m1.medium |
--config-drive=true \ | --config-drive=true \ | ||
--user-data=/ | --user-data=/ | ||
- | --network | + | --network |
myserver | myserver | ||
</ | </ | ||
- | The command executed asynchronously, | + | The command executed asynchronously, |
< | < | ||
openstack server list --name myserver | openstack server list --name myserver | ||
</ | </ | ||
+ | |||
< | < | ||
openstack server show myserver | openstack server show myserver | ||
Line 164: | Line 114: | ||
< | < | ||
openstack server create \ | openstack server create \ | ||
- | --image | + | --image |
--boot-from-volume=32 \ | --boot-from-volume=32 \ | ||
- | --flavor m1.small \ | + | --flavor m1.medium |
--config-drive=true \ | --config-drive=true \ | ||
--user-data=/ | --user-data=/ | ||
- | --network | + | --network |
--min 10 \ | --min 10 \ | ||
--max 10 \ | --max 10 \ | ||
myserver | myserver | ||
</ | </ | ||
+ | |||
+ | ==== Mandatory Firewall Rules ==== | ||
+ | If you are using the default security groups, all ingress network communication is dropped. | ||
Here's a nasty thing I use to determine what the security group is for a server (it can be determined also by looking at security groups directly) [ITS BRITTLE, BEWARE] | Here's a nasty thing I use to determine what the security group is for a server (it can be determined also by looking at security groups directly) [ITS BRITTLE, BEWARE] | ||
Line 187: | Line 140: | ||
</ | </ | ||
- | If I learned the security group successfully, | + | If I learned the security group successfully, |
< | < | ||
Line 196: | Line 149: | ||
</ | </ | ||
- | In actual fact, all of the servers you create will be in the same security group. The above was attempting to suggest effective use of the tools, in combination. | + | In actual fact, all of the servers you create will be in the same security group. |
- | If everything so far has succeeded. | + | ==== Internet Addresses ==== |
- | If the server' | + | |
- | You could also use the web interface to access the console, but that's not quite the same. | + | |
- | As before, in the Network Gear section, get a campus IP address from our pool. | + | |
+ | If the server' | ||
+ | |||
+ | As in [[ cloud: | ||
Where do you want to create your floating IP? | Where do you want to create your floating IP? | ||
Line 208: | Line 161: | ||
openstack network list | openstack network list | ||
</ | </ | ||
+ | |||
Use the network from the previous command: | Use the network from the previous command: | ||
< | < | ||
- | openstack floating ip create | + | openstack floating ip create |
</ | </ | ||
+ | |||
You now have an IP you can use: | You now have an IP you can use: | ||
< | < | ||
Line 217: | Line 172: | ||
</ | </ | ||
- | Note that the command | + | At last, you can ssh into 128.135.37.XX. It is important for you to realize that your __local__ server IP does not change (no new interface is given to the instance). Instead, the router on the subnet simply performs DNAT on behalf of the clients. |
- | < | + | Here's another possibility: |
- | openstack server $action $subresource $more_options | + | |
- | </ | + | |
- | + | ||
- | At last, you can ssh into 128.135.37.XX. It is important for you to realize that your __local__ server IP does not change (no new interface is given to the instance). Instead, the router on the subnet simply performs DNAT on behalf of the clients. | + | |
< | < | ||
**Now** your server does have a **new** network interface attached to it, and will be served a DHCP address on it. You will almost certainly have to inform the OS about this manually; the cloud may not help you do that. | **Now** your server does have a **new** network interface attached to it, and will be served a DHCP address on it. You will almost certainly have to inform the OS about this manually; the cloud may not help you do that. | ||
- | This section added a floating ip address directly to the server. You must realize that a router was needed on the subnet for that to happen. | + | This section added a floating ip address directly to the server. You must realize that a router was needed on the subnet for that to happen. |
- | + | ||
- | == A WORD ABOUT CLOUD INIT == | + | |
- | Your author uses cloud init extensively | + | |
+ | ==== A WORD ABOUT CLOUD INIT ==== | ||
+ | Your author uses cloud init extensively and does not contemplate alternative. It is optional. A minimal cloud-init for a modern Ubuntu cloud OS might look like this | ||
+ | < | ||
+ | # | ||
+ | network: | ||
+ | version: 2 | ||
+ | ethernets: | ||
+ | net0: | ||
+ | match: | ||
+ | name: en* | ||
+ | dhcp4: true | ||
+ | preserve_hostname: | ||
+ | users: | ||
+ | - name: ubuntu | ||
+ | ssh-authorized-keys: | ||
+ | - CONTENTS OF YOUR ssh key .pub file | ||
+ | timezone: America/ | ||
+ | datasource: | ||
+ | | ||
+ | metadata_urls: | ||
+ | max_wait: -1 | ||
+ | timeout: 10 | ||
+ | retries: 5 | ||
+ | apply_network_config: | ||
+ | manage_etc_hosts: | ||
+ | manual_cache_clean: | ||
+ | </ |
/var/lib/dokuwiki/data/pages/cloud/cli.txt · Last modified: 2021/04/15 16:53 by chudler