cloud:intro
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
cloud:intro [2020/01/17 11:54] – kauffman | cloud:intro [2020/05/14 09:23] – trim text chudler | ||
---|---|---|---|
Line 1: | Line 1: | ||
=== SCOPE OF THIS DOCUMENT === | === SCOPE OF THIS DOCUMENT === | ||
- | This guide covers the common subset of tasks that users would need to perform to have a set of clustered computer instances and associated resources, isolated from others, and accessible to a project for any general purpose, both long-term and short. We are catering heavily to short-term and periodic usage, perhaps lasting no more than a few quarters. | + | This guide covers the common subset of tasks that users would need to perform to have a set of clustered computer instances and associated resources, isolated from others, and accessible to a project for any general purpose, both long-term and short. |
- | Some things that are not written about here but perhaps should be covered elsewhere | ||
- | |||
- | * Theory of operations (everything here is by example) | ||
- | * Accomplishing tasks from the Web Interface | ||
- | * Background and History | ||
- | * Alternative Services within CS and without | ||
- | * Organizational Policy, such as who can do what | ||
- | * Deployment Architecture | ||
- | * Systemic Limitations | ||
- | * Good Practices (because they are nascent, at best) | ||
- | * Cloud init, Fog, Terraform, Heat, and other operational tools | ||
- | * Network and Information Security | ||
- | * Backup and Restore | ||
- | |||
- | The list is not comprehensive. | ||
=== A WORD ABOUT SECURITY === | === A WORD ABOUT SECURITY === | ||
- | The security of the virtual computers that you launch is __your responsibility__. With this software you are able to create | + | The security of the virtual computers that you launch is __your responsibility__. With this software you are able to create insecure configurations that will be hacked, with no hope of recovering. This can put all of us at risk. The highest risk that you will encounter is to expose your computers to the Internet. Beware of the dangers associated with doing so! |
=== INTRODUCTION AND NOTES === | === INTRODUCTION AND NOTES === | ||
- | This cluster can spring into being computer resources, easily, and without the involvement of other personnel. The software has some exotic capabilities, | + | This cluster can spring into being computer resources without the involvement of other personnel. The software has some exotic capabilities, |
* L2 and L3 Network | * L2 and L3 Network | ||
Line 34: | Line 19: | ||
* Security groups (firewall service) | * Security groups (firewall service) | ||
- | Some want | ||
- | * Distributed/ | ||
- | The cloud can also manage resources on your behalf that are traditionally handled by a human operator. This is less common, and amounts to cognitive debt that you may eventually have to pay: | + | The cloud can also manage resources on your behalf that are traditionally handled by a human operator: |
* Load balancer | * Load balancer | ||
* NFS | * NFS | ||
- | * Rancher Kubernetes | + | |
- | * Lots more | + | |
+ | * Container Runtime | ||
== Web Access and Certificates == | == Web Access and Certificates == | ||
The cloud is named **Overcloud**. The web interface uses a non-public certificate authority and can be reached at [[https:// | The cloud is named **Overcloud**. The web interface uses a non-public certificate authority and can be reached at [[https:// | ||
- | |||
- | NOTE: Our cloud DNS service might not meet your needs. Please test it anyway if you know how (TODO: document) | ||
=== PROJECTS === | === PROJECTS === | ||
Openstack requires Users and their cloud resources to belong to a Project. Users have pre-defined Roles within that Project, such as Member or Admin. The Role, Project, and User together constitute in-context access control. So, when a user is in a certain Project, that User can read, modify, destroy the cloud resources in that Project, or even create new resources. All actions depend on the precise Role of the User in the project. Non-members of a project are not able to do anything with cloud resources of the project to which they are a non-member, including View Access. Users can belong to any number of Projects, and with potentially different Roles. Project Admins can modify the memberships of their own Projects. However, there is __not__ a Role known as Owner. | Openstack requires Users and their cloud resources to belong to a Project. Users have pre-defined Roles within that Project, such as Member or Admin. The Role, Project, and User together constitute in-context access control. So, when a user is in a certain Project, that User can read, modify, destroy the cloud resources in that Project, or even create new resources. All actions depend on the precise Role of the User in the project. Non-members of a project are not able to do anything with cloud resources of the project to which they are a non-member, including View Access. Users can belong to any number of Projects, and with potentially different Roles. Project Admins can modify the memberships of their own Projects. However, there is __not__ a Role known as Owner. | ||
- | |||
== Your Default Project == | == Your Default Project == | ||
Line 146: | Line 127: | ||
You are free to use the Network called __cloud__, if you don't need your hosts to be L2 isolated from other people, and you would like to proceed directly to creating servers. | You are free to use the Network called __cloud__, if you don't need your hosts to be L2 isolated from other people, and you would like to proceed directly to creating servers. | ||
Using the __cloud__ network cuts down your complexity significantly, | Using the __cloud__ network cuts down your complexity significantly, | ||
- | < | + | |
+ | < | ||
+ | openstack network list | ||
+ | </ | ||
[EDITOR NOTE: This section should be isolated from the main body] | [EDITOR NOTE: This section should be isolated from the main body] | ||
Line 213: | Line 197: | ||
Like other openstack activities, creating a server has __many__ complex options and scenarios. This is a simple and ordinary depiction, creating one server | Like other openstack activities, creating a server has __many__ complex options and scenarios. This is a simple and ordinary depiction, creating one server | ||
- | < | + | |
+ | < | ||
+ | openstack server create | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | </ | ||
The command executed asynchronously, | The command executed asynchronously, | ||
Line 266: | Line 260: | ||
As before, in the Network Gear section, get a campus IP address from our pool. | As before, in the Network Gear section, get a campus IP address from our pool. | ||
+ | |||
+ | Where do you want to create your floating IP? | ||
+ | < | ||
+ | openstack network list | ||
+ | </ | ||
+ | Use the network from the previous command: | ||
< | < | ||
- | openstack floating ip create | + | openstack floating ip create |
</ | </ | ||
+ | You now have an IP you can use: | ||
< | < | ||
- | openstack server add floating ip myserver | + | openstack server add floating ip myserver |
</ | </ | ||
Line 318: | Line 319: | ||
Q: What about containers (docker)? | Q: What about containers (docker)? | ||
- | A: We do not provide any support for them directly. We expect that you will want to manage this from inside the VMs that you create. We have no plans to deploy Magnum right now. | + | A: [[ cloud: |
Q: My servers are in ERROR state!!! | Q: My servers are in ERROR state!!! |
/var/lib/dokuwiki/data/pages/cloud/intro.txt · Last modified: 2021/04/15 17:50 by chudler