Differences

This shows you the differences between two versions of the page.

--- cloud:cli [2020/05/14 10:17] – [A WORD ABOUT CLOUD INIT] chudler
+++ cloud:cli [2021/04/15 16:17] – chudler
@@ Line 9: / Line 9: @@
 Use a clouds.yaml file to direct your client. Below is a canonical example, but you __will__ have to modify the variables according to your account.
-''$HOME/.config/clouds.yaml''
+''$HOME/.config/openstack/clouds.yaml''
 <code>
 clouds:
@@ Line 16: / Line 16: @@
       auth_url: https://overcloud.cs.uchicago.edu:5000
       username: "CNetID"
-      password: "sekret"
+      password: "sekret" # don't store your credential on our servers
-      project_id: YOUR PROJECT UUID
       project_name: "CNetID"
       user_domain_name: "CS_LDAP"
@@ Line 24: / Line 23: @@
     identity_api_version: 3
 </code>
-The [[ cloud:recipe:coding | Python Examples ]] use the same configuration, please read that document for detailed information about configuration and recommendations.
-You can also download a customized version of this data after you authenticate to the Web Interface (click API Access from the menu and then the button "Download Openstackrc File"). Make sure you read this file carefully in case you want to customize it. Your password is not included in the file by default.
+**NOTE**
+The problem here is that you are taking risks by storing your University credentials in a file. Instead, you can use the API or [[ https://overcloud.cs.uchicago.edu | web interface ]] to create an Application Credential. For example,
+<code>
+openstack application credential create --secret sekret --role member --expiration 2020-10-10:10:10:10 --restricted myapp
+</code>
+See the [[ cloud:recipe:coding | Python Examples Document ]] for detailed configuration recommendations.
+=== Download Configuration File ===
+You can download a customized version of this data after you authenticate to the [[ https://overcloud.cs.uchicago.edu | Web Interface ]]. Click ''API Access'' from the menu and then the button ''Download Openstackrc File''). Make sure you read this file carefully in case you want to customize it. Your password is not included in the file by default.
+For convenience, export the cloud name to your environment. Otherwise, all commands must include the flag ''--os-cloud=openstack'':
+<code>
+export OS_CLOUD=openstack
+</code>
 ====== USAGE ======
@@ Line 49: / Line 62: @@
 ====Images====
-Images are prebuilt disks that are used to launch instances. They are usually a few GB in size. A copy of the disk image is written into the instance's boot volume just before it starts running.
+Images are prebuilt operating systems that are used to launch instances. It is equivalent to a live CD. They are usually a few GB in size. A copy of the disk image is written into the instance's boot volume just before it starts running.
-There are images that Techstaff provides, some of which are restricted-use. We can build images for you or you can build and upload your own. Our images are generic, bare bones, cloud enabled popular operating systems that are a firm foundation for you to customize from. They are often in RAW format, not qcow2, for performance reasons.
+There are images that Techstaff provides, some of which are restricted-use. We can build images for you or you can build and upload your own. Our images are generic, bare bones, cloud enabled, popular operating systems, that are a firm foundation for you to customize from. They are often in RAW format, not qcow2, for performance reasons.
+Beware of images that are used internally to provide cloud services. You should not usually launch these directly. You do have access to them for the use of a service, and are welcome to customize for advanced usage.
 <code>openstack image list</code>
@@ Line 58: / Line 73: @@
 Openstack can hold a public key in its db, and insert it into instances when told. This is optional (your author does not use this capability)
-<code>openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey</code>
+<code>openstack keypair create --public-key ~/.ssh/id_ed25519.pub mykey</code>
 ==== Flavors ====
 A flavor is a pre-chosen size for resources that make up an instance. It is a mandatory parameter when creating instances. Look at the available flavors, which your admins have created.\\
-Servers can grow after creation. For example, the disk-size attribute merely expresses the **minimum** size of the boot volume, and most cloud-enabled operating systems expand the root volume on first-boot. In spite of this, relying on dynamically resizing instances increases risk, and you should choose a size that is close to what you expect to use.
+Servers can grow after creation. For example, the ''disk-size'' attribute merely expresses the **minimum** size of the boot volume, and most cloud-enabled operating systems expand the root volume on first-boot. In spite of this, relying on dynamically resizing instances increases risk, and you should choose a size that is close to what you expect to use.
 <code>openstack flavor list</code>
@@ Line 82: / Line 98: @@
 You now have all of the prerequisites for launching a virtual computer. These are the prerequisites:
-  * Properly prepared Network -- or use the one called "cloud" if you don't care about the L2 boundary nor the source address of your NAT clients
+  * Properly prepared Network -- or use the one called ''cloud'' if you don't mind sharing a broadcast domain, nor wish to control the source address of your NAT clients
   * Flavor Name
   * Image Name
@@ Line 149: / Line 165: @@
 </code>
-In actual fact, all of the servers you create will be in the same security group.
+In actual fact, all of the servers you create will be in the same security group, so you will not need to "discover" it more than once.
 ==== Internet Addresses ====
-If the server's status shows "Active", you can assign it an additional IP address. When doing networking work, you might wish to connect to web interface to access the console of the virtual machine.
+If the server's status shows ''Active'', you can assign it an additional IP address. When doing networking work, you might wish to connect to web interface to access the console of the virtual machine.
 As in [[ cloud:recipe:networks | Advanced Networking ]] get a campus IP address from our pool.
@@ Line 181: / Line 197: @@
 This section added a floating ip address directly to the server. You must realize that a router was needed on the subnet for that to happen. On default subnets, your cloud admin has pre-created suitable routers. The command will fail if you are creating your own subnets and networks without taking similar steps.
+Mixing and matching these techniques will create hilarious disasters.
 ==== A WORD ABOUT CLOUD INIT ====
 Your author uses cloud init extensively and does not contemplate alternative. It is optional. A minimal cloud-init for a modern Ubuntu cloud OS might look like this