rOCCI:EC2 Backend
rOCCI-server's EC2 backend has been primarily developed with Amazon Web Services. It is expected to work with other CMFs implementing the EC2 interface, but this guide considers AWS.
Please note that for an overview of operations that each method in the backend performs within the AWS cloud, you may consult the RubyDoc documentation for the EC2 backend. It lists Server-side Effects for each public method that has any.
Installation
For the time being, the EC2 backend is only available with rOCCI-server source.
TODO: Is EC2 backend going to be included in a separate package?
Configuration
- You need an ASW Access Key, and an accompanying Secret Access Key, for a valid ASW account. Obviously, obtaining those is beyond the scope of this document.
- Edit Virtual Host configuration file
/etc/apache2/sites-available/occi-ssl
or/etc/httpd/conf.d/occi-ssl.conf
, respectively, and change the following:- attribute
ROCCI_SERVER_BACKEND
must be set toec2
as shown:SetEnv ROCCI_SERVER_BACKEND ec2
Note: Do not confuse with attribute
ROCCI_SERVER_HOOKS
; that has another purpose. - attribute
ROCCI_SERVER_ONE_PASSWD
must be set to give the password for therocci
user set up in the previous step:SetEnv ROCCI_SERVER_EC2_AWS_ACCESS_KEY_ID <actual_id_edited_out> SetEnv ROCCI_SERVER_EC2_AWS_SECRET_ACCESS_KEY <actual_key_edited_out>
- If necessary, modify your region and availability zone settings. The default configuration is for western Europe:
SetEnv ROCCI_SERVER_EC2_AWS_REGION eu-west-1 SetEnv ROCCI_SERVER_EC2_AWS_AVAILABILITY_ZONE eu-west-1a
For a list of applicable regions see the Amazon EC2 Regions list.
- To speed up interaction with AWS, consider also setting filters for images. This speeds up the composition and transfer of the OCCI model. There are two configuration variables to consider:
SetEnv ROCCI_SERVER_EC2_IMAGE_FILTERING_POLICY
– permissible values are:all
List all images contrary to recommendation only_owned
List only images you own only_listed
List only images specified in ROCCI_SERVER_EC2_IMAGE_FILTERING_IMAGE_LIST
owned_and_listed
List images you own plus additional images specified in ROCCI_SERVER_EC2_IMAGE_FILTERING_IMAGE_LIST
SetEnv ROCCI_SERVER_EC2_IMAGE_FILTERING_IMAGE_LIST
– A list of images to include in responses. Separate multiple images by whitespaces and enclose the whole list in double quotes. The use of this list is governed by optionROCCI_SERVER_EC2_IMAGE_FILTERING_POLICY
.
Note: Image filtering is implemented in the EC2 backend because there are thousands of images available from Amazon. Since constructing a list of available images is a very common operation, you get this option to limit the list.
- Network permissions
There are special options to specify permissions for handling AWS networks. If you already have virtual private clusters, gateways, elastic IPs and other network infrastructure components configured for your AWS account, you won't need to create new ones and neither will you wish to destroy them programmatically. Keep the following options set to
no
for the backend to behave most conservatively. Allow actions you really require, though.SetEnv ROCCI_SERVER_EC2_NETWORK_CREATE_ALLOWED
SetEnv ROCCI_SERVER_EC2_NETWORK_DESTROY_ALLOWED
SetEnv ROCCI_SERVER_EC2_NETWORK_DESTROY_VPN_GWS
- attribute
- Restart the WebServer. You may skip this step if you are going to configure GridSite next.
APT-based distributions (Debian, Ubuntu, …) RPM-based distributions (Scientific Linux, CentOS, …) service apache2 restart
service httpd restart
Tested in Debian 7 Wheezy Tested in SL 6.5 Carbon
TODO: AuthN options