Difference between revisions of "rOCCI:ROCCI-cli AWS Examples"
Jump to navigation
Jump to search
(21 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
This page gives simple examples of using the OCCI gateway to Amazon Services as presented at the [https://indico.egi.eu/indico/event/3249/ 2017 EGI Conference and Indigo Summit]. You have been probably redirected here through a QR code. | This page gives simple examples of using the OCCI gateway to Amazon Services as presented at the [https://indico.egi.eu/indico/event/3249/ 2017 EGI Conference and Indigo Summit]. You have been probably redirected here through a QR code. | ||
= Prerequisites = | = Prerequisites = | ||
Line 5: | Line 6: | ||
You need: | You need: | ||
* a VOMS proxy certificate. The following examples expect it to be located in file <code>/tmp/x509up_u`id -u`</code> | * '''a VOMS proxy certificate'''. The following examples expect it to be located in file <code>/tmp/x509up_u`id -u`</code> | ||
* an OCCI client or an HTTP client | ** Access allowed for members of VOs <code>[https://voms01.ncg.ingrid.pt:8443/voms/indigo/ indigo]</code> and <code>[https://perun.metacentrum.cz/perun-registrar-cert/?vo=fedcloud.egi.eu fedcloud.egi.eu]</code> | ||
* an '''OCCI client''' or at least an '''HTTP client''' | |||
** Examples given here use the ''rOCCI-cli'' client (available either from the [https://appdb.egi.eu/store/software/rocci.cli EGI AppDB] or from [https://github.com/EGI-FCTF/rOCCI-cli GitHub]). | ** Examples given here use the ''rOCCI-cli'' client (available either from the [https://appdb.egi.eu/store/software/rocci.cli EGI AppDB] or from [https://github.com/EGI-FCTF/rOCCI-cli GitHub]). | ||
** Simple HTTPs client such as <code>curl</code> may also be used for rudimentary management. | ** Simple HTTPs client such as <code>curl</code> may also be used for rudimentary management. | ||
Line 14: | Line 16: | ||
== Listing Available Images == | == Listing Available Images == | ||
Note that the full list of images available from EC2 is extremely exhaustive. The EC2 backend for {{rOCCI:rOCCI logo}}-server supports filtering so that VO admins may limit the list of images that are displayed to theirs users. | |||
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource os_tpl | occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource os_tpl | ||
'''Or''' | |||
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/-/ | \ | curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/-/ | \ | ||
Line 23: | Line 29: | ||
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource resource_tpl | occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource resource_tpl | ||
'''Or''' | |||
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/-/ | \ | curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/-/ | \ | ||
grep 'occi/infrastructure#resource_tpl' | grep 'occi/infrastructure#resource_tpl' | ||
== Listing Available Networks == | |||
AWS EC2 does not attach your VM to a default network (VPC). You must choose one every time. | |||
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource network | |||
'''Or''' | |||
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/network/ | |||
== Creating a Virtual Machine == | == Creating a Virtual Machine == | ||
EC2 supports ''cloud-init'' but does not support simple setting of SSH keys. Therefore we need to go through the <code>--user-data</code> option and a ''cloud-init' file. | |||
printf "#cloud-config\nusers:\n - name: ubuntu\n ssh-authorized-keys:\n - `cat ~/.ssh/id_rsa.pub`\n" > /tmp/VMby${USER}.conf | |||
VMID=$(occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action create --resource compute \ | VMID=$(occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action create --resource compute \ | ||
--mixin os_tpl#ami-971238f1 --mixin resource_tpl#t2_micro --attribute occi.core.title="VMby${USER}" \ | --mixin os_tpl#ami-971238f1 --mixin resource_tpl#t2_micro --attribute occi.core.title="VMby${USER}" \ | ||
--context | --context user_data="file:///tmp/VMby${USER}.conf" --link /network/vpc-e2e4f686) | ||
'''Or''' | |||
printf "#cloud-config\nusers:\n - name: ubuntu\n ssh-authorized-keys:\n - `cat ~/.ssh/id_rsa.pub`\n" > /tmp/VMby${USER}.conf | |||
VMUUID=`uuidgen` | VMUUID=`uuidgen` | ||
LNKUUID=`uuidgen` | LNKUUID=`uuidgen` | ||
cat << EOF | curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/plain' - | VMID=$(cat << EOF | curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/plain' --data-binary @- -X POST https://awsocci.cesnet.cz:11443/compute/ | awk '{print $2}' | ||
Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind" | Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind" | ||
Category: t2_micro;scheme="http://schemas.ec2.aws.amazon.com/occi/infrastructure/resource_tpl#";class="mixin" | Category: t2_micro;scheme="http://schemas.ec2.aws.amazon.com/occi/infrastructure/resource_tpl#";class="mixin" | ||
Category: ami-971238f1;scheme="http://occi.awsocci.cesnet.cz/occi/infrastructure/os_tpl#";class="mixin" | Category: ami-971238f1;scheme="http://occi.awsocci.cesnet.cz/occi/infrastructure/os_tpl#";class="mixin" | ||
Category: user_data;scheme="http://schemas.openstack.org/compute/instance#";class="mixin";location="/mixin/user_data/";title="OS contextualization mixin" | |||
X-OCCI-Attribute: occi.core.id="${VMUUID}" | X-OCCI-Attribute: occi.core.id="${VMUUID}" | ||
X-OCCI-Attribute: occi.core.title="VMby${USER}" | X-OCCI-Attribute: occi.core.title="VMby${USER}" | ||
X-OCCI-Attribute: occi.compute.hostname="VMby${USER}" | X-OCCI-Attribute: occi.compute.hostname="VMby${USER}" | ||
X-OCCI-Attribute: org.openstack. | X-OCCI-Attribute: org.openstack.compute.user_data="`base64 -w 0 /tmp/VMby${USER}.conf`" | ||
Link: </network/vpc-e2e4f686>;rel="http://schemas.ogf.org/occi/infrastructure#network";self="/link/networkinterface/${LNKUUID}";category="http://schemas.ogf.org/occi/infrastructure#networkinterface";occi.core.id="${LNKUUID}";occi.core.target="/network/vpc-e2e4f686";occi.core.source="/compute/${VMUUID}" | Link: </network/vpc-e2e4f686>;rel="http://schemas.ogf.org/occi/infrastructure#network";self="/link/networkinterface/${LNKUUID}";category="http://schemas.ogf.org/occi/infrastructure#networkinterface";occi.core.id="${LNKUUID}";occi.core.target="/network/vpc-e2e4f686";occi.core.source="/compute/${VMUUID}" | ||
EOF | EOF | ||
) | |||
== Describing a Virtual Machine == | |||
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action describe --resource ${VMID} | |||
'''Or''' | |||
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET ${VMID} | |||
== Deleting a Virtual Machine == | == Deleting a Virtual Machine == | ||
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action delete --resource ${VMID} | occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action delete --resource ${VMID} | ||
'''Or''' | |||
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X DELETE ${VMID} | curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X DELETE ${VMID} |
Latest revision as of 09:52, 25 September 2017
This page gives simple examples of using the OCCI gateway to Amazon Services as presented at the 2017 EGI Conference and Indigo Summit. You have been probably redirected here through a QR code.
Prerequisites
You need:
- a VOMS proxy certificate. The following examples expect it to be located in file
/tmp/x509up_u`id -u`
- Access allowed for members of VOs
indigo
andfedcloud.egi.eu
- Access allowed for members of VOs
- an OCCI client or at least an HTTP client
- an SSH key pair (in case you really wish to log into your virtual machines). The following examples expect your public key to be located in
~/.ssh/id_rsa.pub
Examples
Listing Available Images
Note that the full list of images available from EC2 is extremely exhaustive. The EC2 backend for rOCCI-server supports filtering so that VO admins may limit the list of images that are displayed to theirs users.
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource os_tpl
Or
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/-/ | \ grep 'occi/infrastructure#os_tpl'
Listing Available Resource Sizes
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource resource_tpl
Or
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/-/ | \ grep 'occi/infrastructure#resource_tpl'
Listing Available Networks
AWS EC2 does not attach your VM to a default network (VPC). You must choose one every time.
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource network
Or
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/network/
Creating a Virtual Machine
EC2 supports cloud-init but does not support simple setting of SSH keys. Therefore we need to go through the --user-data
option and a cloud-init' file.
printf "#cloud-config\nusers:\n - name: ubuntu\n ssh-authorized-keys:\n - `cat ~/.ssh/id_rsa.pub`\n" > /tmp/VMby${USER}.conf VMID=$(occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action create --resource compute \ --mixin os_tpl#ami-971238f1 --mixin resource_tpl#t2_micro --attribute occi.core.title="VMby${USER}" \ --context user_data="file:///tmp/VMby${USER}.conf" --link /network/vpc-e2e4f686)
Or
printf "#cloud-config\nusers:\n - name: ubuntu\n ssh-authorized-keys:\n - `cat ~/.ssh/id_rsa.pub`\n" > /tmp/VMby${USER}.conf VMUUID=`uuidgen` LNKUUID=`uuidgen` VMID=$(cat << EOF | curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/plain' --data-binary @- -X POST https://awsocci.cesnet.cz:11443/compute/ | awk '{print $2}' Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind" Category: t2_micro;scheme="http://schemas.ec2.aws.amazon.com/occi/infrastructure/resource_tpl#";class="mixin" Category: ami-971238f1;scheme="http://occi.awsocci.cesnet.cz/occi/infrastructure/os_tpl#";class="mixin" Category: user_data;scheme="http://schemas.openstack.org/compute/instance#";class="mixin";location="/mixin/user_data/";title="OS contextualization mixin" X-OCCI-Attribute: occi.core.id="${VMUUID}" X-OCCI-Attribute: occi.core.title="VMby${USER}" X-OCCI-Attribute: occi.compute.hostname="VMby${USER}" X-OCCI-Attribute: org.openstack.compute.user_data="`base64 -w 0 /tmp/VMby${USER}.conf`" Link: </network/vpc-e2e4f686>;rel="http://schemas.ogf.org/occi/infrastructure#network";self="/link/networkinterface/${LNKUUID}";category="http://schemas.ogf.org/occi/infrastructure#networkinterface";occi.core.id="${LNKUUID}";occi.core.target="/network/vpc-e2e4f686";occi.core.source="/compute/${VMUUID}" EOF )
Describing a Virtual Machine
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action describe --resource ${VMID}
Or
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET ${VMID}
Deleting a Virtual Machine
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action delete --resource ${VMID}
Or
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X DELETE ${VMID}