cloud:cli
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
cloud:cli [2020/05/14 09:52] – chudler | cloud:cli [2020/05/14 10:41] – [Creating an Instance] chudler | ||
---|---|---|---|
Line 17: | Line 17: | ||
username: " | username: " | ||
password: " | password: " | ||
- | project_id: YOUR PROJECT UUID | ||
project_name: | project_name: | ||
user_domain_name: | user_domain_name: | ||
Line 62: | Line 61: | ||
==== Flavors ==== | ==== Flavors ==== | ||
A flavor is a pre-chosen size for resources that make up an instance. It is a mandatory parameter when creating instances. Look at the available flavors, which your admins have created.\\ | A flavor is a pre-chosen size for resources that make up an instance. It is a mandatory parameter when creating instances. Look at the available flavors, which your admins have created.\\ | ||
- | Servers can grow after creation. For example, the disk-size attribute merely expresses the **minimum** size of the boot volume, and most cloud-enabled operating systems expand the root volume on first-boot. In spite of this, relying on dynamically resizing instances increases risk, and you should choose a size that is close to what you expect to use. | + | |
+ | Servers can grow after creation. For example, the '' | ||
< | < | ||
Line 76: | Line 76: | ||
</ | </ | ||
- | [EDITOR NOTE: This section should be isolated from the main body] | + | See also [[ cloud:recipe: |
- | === OPTIONALLY CREATING YOUR OWN NETWORK GEAR=== | + | ===== Creating an Instance ===== |
- | Should you want to create a network of your own that your hosts will be on, not all of these options are necessary | + | You now have all of the prerequisites for launching a virtual computer. These are the prerequisites: |
- | < | + | |
- | openstack network create mynet \ | + | |
- | --provider-network-type geneve \ | + | |
- | --enable-port-security \ | + | |
- | --internal | + | |
- | </ | + | |
- | + | ||
- | Now create a subnet for your network. This is mandatory for launching instances in the network that you just created. | + | |
- | + | ||
- | After this, we now consider you to be a Network Administrator, | + | |
- | + | ||
- | The cloud will **not** restrict your choices without cause. This means you can create impossible and insane situations that have no valid solution. There' | + | |
- | + | ||
- | You are now advised that there is no " | + | |
- | + | ||
- | < | + | |
- | openstack subnet create \ | + | |
- | --network mynet \ | + | |
- | --ip-version 4 \ | + | |
- | --subnet-range 192.168.222.0/ | + | |
- | --allocation-pool start=192.168.222.10, | + | |
- | --dns-nameserver 128.135.164.141 mysubnet \ | + | |
- | --gateway 192.168.222.1 \ | + | |
- | --dhcp | + | |
- | </ | + | |
- | + | ||
- | After creating your own network and subnet(s), a router is also needed. However, a router is **not** needed if your instances only talk to each other. The router will take the gateway of your subnet automatically, | + | |
- | + | ||
- | < | + | |
- | openstack router create --enable myrouter | + | |
- | </ | + | |
- | < | + | |
- | openstack router add subnet myrouter mysubnet | + | |
- | </ | + | |
- | + | ||
- | With the router created and attached to your own subnet, develop it further. You need to obtain a free IP address on the UC Campus. We call this network __campus37__. The Internet-connected subnet on that network is called __public37__. | + | |
- | + | ||
- | After this command, the router will have one leg in your subnet and one leg in the public campus network (and internet). | + | |
- | + | ||
- | Only you will be able to use this address until you destroy it. **DONT ever take more than you need and free this resource as soon as you project ends.** | + | |
- | + | ||
- | < | + | |
- | openstack router set myrouter \ | + | |
- | --external-gateway campus37 \ | + | |
- | --enable-snat | + | |
- | </ | + | |
- | + | ||
- | This is all that will be needed to launch instances. If you had used the network known as __cloud__, you can skip the steps for this custom network and subnet and router. | + | |
- | + | ||
- | === Finally Creating an Instance === | + | |
- | + | ||
- | If all of this worked, you now have all of the prerequisites for launching a virtual computer. These are the prerequisites: | + | |
- | * Properly prepared Network -- or use the one called | + | * Properly prepared Network -- or use the one called |
* Flavor Name | * Flavor Name | ||
* Image Name | * Image Name | ||
Line 144: | Line 92: | ||
< | < | ||
openstack server create \ | openstack server create \ | ||
- | --image | + | --image |
--boot-from-volume=32 \ | --boot-from-volume=32 \ | ||
- | --flavor m1.small \ | + | --flavor m1.medium |
--config-drive=true \ | --config-drive=true \ | ||
--user-data=/ | --user-data=/ | ||
- | --network | + | --network |
myserver | myserver | ||
</ | </ | ||
- | The command executed asynchronously, | + | The command executed asynchronously, |
< | < | ||
openstack server list --name myserver | openstack server list --name myserver | ||
</ | </ | ||
+ | |||
< | < | ||
openstack server show myserver | openstack server show myserver | ||
Line 165: | Line 114: | ||
< | < | ||
openstack server create \ | openstack server create \ | ||
- | --image | + | --image |
--boot-from-volume=32 \ | --boot-from-volume=32 \ | ||
- | --flavor m1.small \ | + | --flavor m1.medium |
--config-drive=true \ | --config-drive=true \ | ||
--user-data=/ | --user-data=/ | ||
- | --network | + | --network |
--min 10 \ | --min 10 \ | ||
--max 10 \ | --max 10 \ | ||
myserver | myserver | ||
</ | </ | ||
+ | |||
+ | ==== Mandatory Firewall Rules ==== | ||
+ | If you are using the default security groups, all ingress network communication is dropped. | ||
Here's a nasty thing I use to determine what the security group is for a server (it can be determined also by looking at security groups directly) [ITS BRITTLE, BEWARE] | Here's a nasty thing I use to determine what the security group is for a server (it can be determined also by looking at security groups directly) [ITS BRITTLE, BEWARE] | ||
Line 188: | Line 140: | ||
</ | </ | ||
- | If I learned the security group successfully, | + | If I learned the security group successfully, |
< | < | ||
Line 197: | Line 149: | ||
</ | </ | ||
- | In actual fact, all of the servers you create will be in the same security group. The above was attempting to suggest effective use of the tools, in combination. | + | In actual fact, all of the servers you create will be in the same security group. |
- | If everything so far has succeeded. | + | ==== Internet Addresses ==== |
- | If the server' | + | |
- | You could also use the web interface to access the console, but that's not quite the same. | + | |
- | As before, in the Network Gear section, get a campus IP address from our pool. | + | |
+ | If the server' | ||
+ | |||
+ | As in [[ cloud: | ||
Where do you want to create your floating IP? | Where do you want to create your floating IP? | ||
Line 209: | Line 161: | ||
openstack network list | openstack network list | ||
</ | </ | ||
+ | |||
Use the network from the previous command: | Use the network from the previous command: | ||
< | < | ||
- | openstack floating ip create | + | openstack floating ip create |
</ | </ | ||
+ | |||
You now have an IP you can use: | You now have an IP you can use: | ||
< | < | ||
Line 218: | Line 172: | ||
</ | </ | ||
- | Note that the command | + | At last, you can ssh into 128.135.37.XX. It is important for you to realize that your __local__ server IP does not change (no new interface is given to the instance). Instead, the router on the subnet simply performs DNAT on behalf of the clients. |
- | < | + | Here's another possibility: |
- | openstack server $action $subresource $more_options | + | |
- | </ | + | |
- | + | ||
- | At last, you can ssh into 128.135.37.XX. It is important for you to realize that your __local__ server IP does not change (no new interface is given to the instance). Instead, the router on the subnet simply performs DNAT on behalf of the clients. | + | |
< | < | ||
**Now** your server does have a **new** network interface attached to it, and will be served a DHCP address on it. You will almost certainly have to inform the OS about this manually; the cloud may not help you do that. | **Now** your server does have a **new** network interface attached to it, and will be served a DHCP address on it. You will almost certainly have to inform the OS about this manually; the cloud may not help you do that. | ||
- | This section added a floating ip address directly to the server. You must realize that a router was needed on the subnet for that to happen. | + | This section added a floating ip address directly to the server. You must realize that a router was needed on the subnet for that to happen. |
- | + | ||
- | == A WORD ABOUT CLOUD INIT == | + | |
- | Your author uses cloud init extensively | + | |
+ | ==== A WORD ABOUT CLOUD INIT ==== | ||
+ | Your author uses cloud init extensively and does not contemplate alternative. It is optional. A minimal cloud-init for a modern Ubuntu cloud OS might look like this | ||
+ | < | ||
+ | # | ||
+ | network: | ||
+ | version: 2 | ||
+ | ethernets: | ||
+ | net0: | ||
+ | match: | ||
+ | name: en* | ||
+ | dhcp4: true | ||
+ | preserve_hostname: | ||
+ | users: | ||
+ | - name: ubuntu | ||
+ | ssh-authorized-keys: | ||
+ | - CONTENTS OF YOUR ssh key .pub file | ||
+ | timezone: America/ | ||
+ | datasource: | ||
+ | | ||
+ | metadata_urls: | ||
+ | max_wait: -1 | ||
+ | timeout: 10 | ||
+ | retries: 5 | ||
+ | apply_network_config: | ||
+ | manage_etc_hosts: | ||
+ | manual_cache_clean: | ||
+ | </ |
/var/lib/dokuwiki/data/pages/cloud/cli.txt · Last modified: 2021/04/15 16:53 by chudler