cloud:cli
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
cloud:cli [2020/05/14 10:13] – [Internet Addresses] chudler | cloud:cli [2021/04/15 16:53] (current) – move Usage to new section chudler | ||
---|---|---|---|
Line 8: | Line 8: | ||
===== CONFIGURATION ===== | ===== CONFIGURATION ===== | ||
- | Use a clouds.yaml file to direct your client. Below is a canonical example, but you __will__ have to modify | + | Use the '' |
- | '' | + | |
- | < | + | |
- | clouds: | + | |
- | openstack: | + | |
- | auth: | + | |
- | auth_url: https:// | + | |
- | username: " | + | |
- | password: " | + | |
- | project_id: YOUR PROJECT UUID | + | |
- | project_name: | + | |
- | user_domain_name: | + | |
- | region_name: | + | |
- | interface: " | + | |
- | identity_api_version: | + | |
- | </ | + | |
- | The [[ cloud: | + | |
- | You can also download a customized version of this data after you authenticate to the Web Interface (click API Access from the menu and then the button " | + | === Generate New Credentials === |
- | ====== USAGE ====== | + | Instead of taking risks and storing your University credentials in the file, use the [[ https:// |
- | First, Take note of a loose UX pattern that the client has: | + | See the [[ cloud:recipe: |
- | < | + | |
- | openstack $resource $action $more_options_or_flags | + | |
- | </ | + | |
- | + | ||
- | take note and always use help for guidance < | + | |
- | + | ||
- | For example< | + | |
- | + | ||
- | Once you have the software installed and the configuration | + | |
- | + | ||
- | ====== Annotated Example ====== | + | |
- | Read what has been written above before you read this. | + | |
- | + | ||
- | We use this command a lot | + | |
- | < | + | |
- | + | ||
- | ====Images==== | + | |
- | + | ||
- | Images are prebuilt disks that are used to launch instances. They are usually a few GB in size. A copy of the disk image is written into the instance' | + | |
- | + | ||
- | There are images that Techstaff provides, some of which are restricted-use. We can build images for you or you can build and upload your own. Our images are generic, bare bones, cloud enabled popular operating systems that are a firm foundation for you to customize from. They are often in RAW format, not qcow2, for performance reasons. | + | |
- | + | ||
- | < | + | |
- | + | ||
- | ====SSH Keys==== | + | |
- | + | ||
- | Openstack can hold a public key in its db, and insert it into instances when told. This is optional (your author does not use this capability) | + | |
- | < | + | |
- | + | ||
- | ==== Flavors ==== | + | |
- | A flavor is a pre-chosen size for resources that make up an instance. It is a mandatory parameter when creating instances. Look at the available flavors, which your admins have created.\\ | + | |
- | Servers can grow after creation. For example, the disk-size attribute merely expresses the **minimum** size of the boot volume, and most cloud-enabled operating systems expand the root volume on first-boot. In spite of this, relying on dynamically resizing instances increases risk, and you should choose a size that is close to what you expect to use. | + | |
- | < | + | |
- | + | ||
- | ==== Networks ===== | + | |
- | Look at the Networks that are available. The meaning of an Openstack " | + | |
- | + | ||
- | You are free to use the Network called __cloud__, if you don't need your hosts to be L2 isolated from other users, and you would like to proceed directly to creating servers. | + | |
- | + | ||
- | Using the __cloud__ network cuts down your complexity significantly, | + | |
+ | ==Cloud Name== | ||
+ | For convenience, | ||
< | < | ||
- | openstack | + | export OS_CLOUD=openstack |
</ | </ | ||
- | See also [[ cloud: | + | ====== |
- | + | ||
- | ===== Creating an Instance | + | |
- | + | ||
- | You now have all of the prerequisites for launching a virtual computer. These are the prerequisites: | + | |
- | + | ||
- | * Properly prepared Network -- or use the one called " | + | |
- | * Flavor Name | + | |
- | * Image Name | + | |
- | + | ||
- | NOTE: you won't be able to SSH into the instance, because the NAT is SNAT. Down below you can read how to add a dedicated public (" | + | |
- | + | ||
- | Like other openstack activities, creating a server has __many__ complex options and scenarios. This is a simple and ordinary depiction, creating one server | + | |
- | + | ||
- | < | + | |
- | openstack server create \ | + | |
- | --image 20.04 \ | + | |
- | --boot-from-volume=32 \ | + | |
- | --flavor m1.medium \ | + | |
- | --config-drive=true \ | + | |
- | --user-data=/ | + | |
- | --network cloud \ | + | |
- | myserver | + | |
- | </ | + | |
- | + | ||
- | The command executed asynchronously, | + | |
- | + | ||
- | < | + | |
- | openstack server list --name myserver | + | |
- | </ | + | |
- | + | ||
- | < | + | |
- | openstack server show myserver | + | |
- | </ | + | |
- | + | ||
- | Here's an example for creating 10 of them, as promised (only the change at the end of the command) | + | |
- | < | + | |
- | openstack server create \ | + | |
- | --image 20.04 \ | + | |
- | --boot-from-volume=32 \ | + | |
- | --flavor m1.medium \ | + | |
- | --config-drive=true \ | + | |
- | --user-data=/ | + | |
- | --network cloud \ | + | |
- | --min 10 \ | + | |
- | --max 10 \ | + | |
- | myserver | + | |
- | </ | + | |
- | + | ||
- | ==== Mandatory Firewall Rules ==== | + | |
- | If you are using the default security groups, all ingress network communication is dropped. | + | |
- | + | ||
- | Here's a nasty thing I use to determine what the security group is for a server (it can be determined also by looking at security groups directly) [ITS BRITTLE, BEWARE] | + | |
- | + | ||
- | < | + | |
- | SEC_GROUP=$(openstack port list \ | + | |
- | --server `openstack server show --format value --column id myserver` \ | + | |
- | --long \ | + | |
- | --column " | + | |
- | --format json \ | + | |
- | | jq ' | + | |
- | | sed ' | + | |
- | </ | + | |
- | + | ||
- | If I learned the security group successfully, | + | |
- | + | ||
- | < | + | |
- | openstack security group rule create \ | + | |
- | --ingress \ | + | |
- | --dst-port 22 \ | + | |
- | --protocol tcp $SEC_GROUP | + | |
- | </ | + | |
- | + | ||
- | In actual fact, all of the servers you create will be in the same security group. | + | |
- | + | ||
- | ==== Internet Addresses ==== | + | |
- | + | ||
- | If the server' | + | |
- | + | ||
- | As in [[ cloud: | + | |
- | + | ||
- | Where do you want to create your floating IP? | + | |
- | < | + | |
- | openstack network list | + | |
- | </ | + | |
- | + | ||
- | Use the network from the previous command: | + | |
- | < | + | |
- | openstack floating ip create campus37 | + | |
- | </ | + | |
- | + | ||
- | You now have an IP you can use: | + | |
- | < | + | |
- | openstack server add floating ip myserver < | + | |
- | </ | + | |
- | + | ||
- | At last, you can ssh into 128.135.37.XX. It is important for you to realize that your __local__ server IP does not change (no new interface is given to the instance). Instead, the router on the subnet simply performs DNAT on behalf of the clients. | + | |
- | + | ||
- | Here's another possibility: | + | |
- | < | + | |
- | + | ||
- | **Now** your server does have a **new** network interface attached to it, and will be served a DHCP address on it. You will almost certainly have to inform the OS about this manually; the cloud may not help you do that. | + | |
- | This section added a floating ip address directly to the server. You must realize that a router was needed on the subnet for that to happen. On default subnets, your cloud admin has pre-created suitable routers. The command will fail if you are creating your own subnets and networks without taking similar steps. | + | For more tips and usage information, |
- | ==== A WORD ABOUT CLOUD INIT ==== | ||
- | Your author uses cloud init extensively and does not contemplate alternative. It is optional. The file used in these examples is available on request, but you might wish to develop your own from scratch. |
/var/lib/dokuwiki/data/pages/cloud/cli.txt · Last modified: 2021/04/15 16:53 by chudler