Differences

This shows you the differences between two versions of the page.

--- cloud:cli [2020/05/14 14:53] – [Mandatory Firewall Rules] chudler
+++ cloud:cli [2021/04/15 16:53] (current) – move Usage to new section chudler
@@ Line 8: / Line 8: @@
 ===== CONFIGURATION =====
-Use a clouds.yaml file to direct your client. Below is a canonical example, but you __will__ have to modify the variables according to your account.
+Use the ''~/.config/openstack/clouds.yaml'' file to direct your client.
-''$HOME/.config/clouds.yaml''
-<code>
-clouds:
-  openstack:
-    auth:
-      auth_url: https://overcloud.cs.uchicago.edu:5000
-      username: "CNetID"
-      password: "sekret"
-      project_name: "CNetID"
-      user_domain_name: "CS_LDAP"
-    region_name: "RegionOne"
-    interface: "public"
-    identity_api_version: 3
-</code>
-The [[ cloud:recipe:coding | Python Examples ]] use the same configuration, please read that document for detailed information about configuration and recommendations.
-You can also download a customized version of this data after you authenticate to the Web Interface (click API Access from the menu and then the button "Download Openstackrc File"). Make sure you read this file carefully in case you want to customize it. Your password is not included in the file by default.
+=== Generate New Credentials ===
-====== USAGE ======
+Instead of taking risks and storing your University credentials in the file, use the [[ https://overcloud.cs.uchicago.edu | Web Interface ]] to create an Application Credential. Click the menu on the left side, Identity→Application Credentials. On the right side of the top of the page, click "Create Application Credential". Complete the form and check the box for ''unrestricted access''. Save the ''clouds.yaml'' file in your configuration directory.
-First, Take note of a loose UX pattern that the client has:
+See the [[ cloud:recipe:coding | Python Examples Document ]] for detailed configuration recommendations.
-<code>
-openstack $resource $action $more_options_or_flags
-</code>
-take note and always use help for guidance <code>--help</code>
-For example<code>openstack server create --help</code>
-Once you have the software installed and the configuration file created, as above, you can start to use the client. What follows is an annotated example that will create an infrastructure of 10 Ubuntu hosts accessing the internet via a NAT device (SNAT), and with one of the hosts reachable at a separate pubic IP address (DNAT).
-====== Annotated Example ======
-Read what has been written above before you read this.
-We use this command a lot
-<code>openstack server list</code>
-====Images====
-Images are prebuilt disks that are used to launch instances. They are usually a few GB in size. A copy of the disk image is written into the instance's boot volume just before it starts running.
-There are images that Techstaff provides, some of which are restricted-use. We can build images for you or you can build and upload your own. Our images are generic, bare bones, cloud enabled popular operating systems that are a firm foundation for you to customize from. They are often in RAW format, not qcow2, for performance reasons.
-<code>openstack image list</code>
-====SSH Keys====
-Openstack can hold a public key in its db, and insert it into instances when told. This is optional (your author does not use this capability)
-<code>openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey</code>
-==== Flavors ====
-A flavor is a pre-chosen size for resources that make up an instance. It is a mandatory parameter when creating instances. Look at the available flavors, which your admins have created.\\
-Servers can grow after creation. For example, the ''disk-size'' attribute merely expresses the **minimum** size of the boot volume, and most cloud-enabled operating systems expand the root volume on first-boot. In spite of this, relying on dynamically resizing instances increases risk, and you should choose a size that is close to what you expect to use.
-<code>openstack flavor list</code>
-==== Networks =====
-Look at the Networks that are available. The meaning of an Openstack "Network" captures L2 semantics, and houses L3 subnets. IPv6 is in preview mode at this time, and is not fully supported on the UC campus.
-You are free to use the Network called __cloud__, if you don't need your hosts to be L2 isolated from other users, and you would like to proceed directly to creating servers.
-Using the __cloud__ network cuts down your complexity significantly, and can be changed later, or mixed with other modes at your leisure. Please talk with us if you want to attach a Router to the __cloud__ network.
+==Cloud Name==
+For convenience, export the cloud name to your environment. Otherwise, all commands must include the flag ''--os-cloud=openstack'':
 <code>
-openstack network list
+export OS_CLOUD=openstack
 </code>
-See also [[ cloud:recipe:networks | Advanced Networking ]] hints.
+====== USAGE ======
-===== Creating an Instance =====
+For more tips and usage information, see the [[ cloud:annotated_example | Annotated Example Usage ]]
-You now have all of the prerequisites for launching a virtual computer. These are the prerequisites:
-  * Properly prepared Network -- or use the one called ''cloud'' if you don't mind sharing a broadcast domain, nor wish to control the source address of your NAT clients
-  * Flavor Name
-  * Image Name
-NOTE: you won't be able to SSH into the instance, because the NAT is SNAT. Down below you can read how to add a dedicated public ("floating") IP address to any server.
-Like other openstack activities, creating a server has __many__ complex options and scenarios. This is a simple and ordinary depiction, creating one server
-<code>
-openstack server create \
-  --image 20.04 \
-  --boot-from-volume=32 \
-  --flavor m1.medium \
-  --config-drive=true \
-  --user-data=/home/chudler/openstack/cluster_test/cloud-init.yml \
-  --network cloud \
-  myserver
-</code>
-The command executed asynchronously, check the status, or supply the ''--wait'' option next time:
-<code>
-openstack server list --name myserver
-</code>
-<code>
-openstack server show myserver
-</code>
-Here's an example for creating 10 of them, as promised (only the change at the end of the command)
-<code>
-openstack server create \
-  --image 20.04 \
-  --boot-from-volume=32 \
-  --flavor m1.medium \
-  --config-drive=true \
-  --user-data=/home/chudler/openstack/cluster_test/cloud-init.yml \
-  --network cloud \
-  --min 10 \
-  --max 10 \
-  myserver
-</code>
-==== Mandatory Firewall Rules ====
-If you are using the default security groups, all ingress network communication is dropped.
-Here's a nasty thing I use to determine what the security group is for a server (it can be determined also by looking at security groups directly) [ITS BRITTLE, BEWARE]
-<code>
-SEC_GROUP=$(openstack port list \
-  --server `openstack server show --format value --column id myserver` \
-  --long \
-  --column "Security Groups" \
-  --format json \
-  | jq '.[]."Security Groups"[]' \
-  | sed 's/"//g')
-</code>
-If I learned the security group successfully, I can let in SSH.
-<code>
-openstack security group rule create \
-  --ingress \
-  --dst-port 22 \
-  --protocol tcp $SEC_GROUP
-</code>
-In actual fact, all of the servers you create will be in the same security group, so you will not need to "discover" it more than once.
-==== Internet Addresses ====
-If the server's status shows "Active", you can assign it an additional IP address. When doing networking work, you might wish to connect to web interface to access the console of the virtual machine.
-As in [[ cloud:recipe:networks | Advanced Networking ]] get a campus IP address from our pool.
-Where do you want to create your floating IP?
-<code>
-openstack network list
-</code>
-Use the network from the previous command:
-<code>
-openstack floating ip create campus37
-</code>
-You now have an IP you can use:
-<code>
-openstack server add floating ip myserver <floating_ip_address>
-</code>
-At last, you can ssh into 128.135.37.XX. It is important for you to realize that your __local__ server IP does not change (no new interface is given to the instance). Instead, the router on the subnet simply performs DNAT on behalf of the clients.
-Here's another possibility:
-<code>$ openstack server add network myserver campus37</code>
-**Now** your server does have a **new** network interface attached to it, and will be served a DHCP address on it. You will almost certainly have to inform the OS about this manually; the cloud may not help you do that.
-This section added a floating ip address directly to the server. You must realize that a router was needed on the subnet for that to happen. On default subnets, your cloud admin has pre-created suitable routers. The command will fail if you are creating your own subnets and networks without taking similar steps.
-==== A WORD ABOUT CLOUD INIT ====
-Your author uses cloud init extensively and does not contemplate alternative. It is optional. A minimal cloud-init for a modern Ubuntu cloud OS might look like this
-<code>
-#cloud-config
-network:
-  version: 2
-  ethernets:
-    net0:
-      match:
-        name: en*
-      dhcp4: true
-preserve_hostname: false
-users:
-  - name: ubuntu
-    ssh-authorized-keys:
-      - CONTENTS OF YOUR ssh key .pub file
-timezone: America/Chicago
-datasource:
- OpenStack:
-  metadata_urls: ["http://169.254.169.254"]
-  max_wait: -1
-  timeout: 10
-  retries: 5
-  apply_network_config: true
-manage_etc_hosts: false
-manual_cache_clean: false
-</code>