Difference between revisions of "rOCCI:EC2 Backend"
Jump to navigation
Jump to search
Line 9: | Line 9: | ||
==== Configuration ==== | ==== Configuration ==== | ||
<OL> | |||
<LI>You need an ASW Access Key, and an accompanying Secret Access Key, for a valid ASW account. Obviously, obtaining those is beyond the scope of this document.</LI> | |||
<LI>Edit Virtual Host configuration file <code>/etc/apache2/sites-available/occi-ssl</code> or <code>/etc/httpd/conf.d/occi-ssl.conf</code>, respectively, and change the following: | |||
<OL> | |||
<LI>attribute <code>ROCCI_SERVER_BACKEND</code> must be set to <code>ec2</code> as shown: | |||
{| border="0" style="border-collapse:collapse" cellpadding="0" width="100%" | |||
| | |||
SetEnv ROCCI_SERVER_BACKEND ec2 | |||
|} | |||
''Note: Do not confuse with attribute <code>ROCCI_SERVER_HOOKS</code>; that has another purpose.'' | |||
</LI> | |||
<LI>attribute <code>ROCCI_SERVER_ONE_PASSWD</code> must be set to give the password for the <code>rocci</code> user set up in the previous step: | |||
{| border="0" style="border-collapse:collapse" cellpadding="0" width="100%" | |||
| | |||
SetEnv ROCCI_SERVER_EC2_AWS_ACCESS_KEY_ID <actual_id_edited_out> | |||
SetEnv ROCCI_SERVER_EC2_AWS_SECRET_ACCESS_KEY <actual_key_edited_out> | |||
|} | |||
</LI> | |||
<LI>'''If necessary''', modify your ''region'' and ''availability zone'' settings. The default configuration is for western Europe: | |||
{| border="0" style="border-collapse:collapse" cellpadding="0" width="100%" | |||
| | |||
SetEnv ROCCI_SERVER_EC2_AWS_REGION eu-west-1 | |||
SetEnv ROCCI_SERVER_EC2_AWS_AVAILABILITY_ZONE eu-west-1a | |||
|} | |||
</LI> | |||
<LI>'''To speed up interaction with AWS''', consider also setting filters for images. This speeds up the construction and transfer of the OCCI model. | |||
<OL> | |||
<LI><code>ROCCI_SERVER_IMAGE_FILTERING_POLICY</code></LI> | |||
<LI><code>ROCCI_SERVER_IMAGE_FILTERING_IMAGE_LIST</code></LI> | |||
<LI><code>ROCCI_SERVER_NETWORK_CREATE_ALLOWED</code></LI> | |||
<LI><code>ROCCI_SERVER_NETWORK_DESTROY_ALLOWED</code></LI> | |||
<LI><code>ROCCI_SERVER_NETWORK_DESTROY_VPN_GWS</code></LI> | |||
</OL> | |||
</LI> | |||
</OL> | |||
</OL> | |||
'''TODO:''' AuthN options | '''TODO:''' AuthN options |
Revision as of 16:45, 15 September 2014
rOCCI-server's EC2 backend has been primarily developed with Amazon Web Services. It is expected to work with other CMFs implementing the EC2 interface, but this guide considers AWS.
Please note that for an overview of operations that each method in the backend performs within the AWS cloud, you may consult the RubyDoc documentation for the EC2 backend. It lists Server-side Effects for each public method that has any.
Installation
TODO: Is EC2 backend going to be included in a separate package?
Configuration
- You need an ASW Access Key, and an accompanying Secret Access Key, for a valid ASW account. Obviously, obtaining those is beyond the scope of this document.
- Edit Virtual Host configuration file
/etc/apache2/sites-available/occi-ssl
or/etc/httpd/conf.d/occi-ssl.conf
, respectively, and change the following:- attribute
ROCCI_SERVER_BACKEND
must be set toec2
as shown:SetEnv ROCCI_SERVER_BACKEND ec2
Note: Do not confuse with attribute
ROCCI_SERVER_HOOKS
; that has another purpose. - attribute
ROCCI_SERVER_ONE_PASSWD
must be set to give the password for therocci
user set up in the previous step:SetEnv ROCCI_SERVER_EC2_AWS_ACCESS_KEY_ID <actual_id_edited_out> SetEnv ROCCI_SERVER_EC2_AWS_SECRET_ACCESS_KEY <actual_key_edited_out>
- If necessary, modify your region and availability zone settings. The default configuration is for western Europe:
SetEnv ROCCI_SERVER_EC2_AWS_REGION eu-west-1 SetEnv ROCCI_SERVER_EC2_AWS_AVAILABILITY_ZONE eu-west-1a
- To speed up interaction with AWS, consider also setting filters for images. This speeds up the construction and transfer of the OCCI model.
ROCCI_SERVER_IMAGE_FILTERING_POLICY
ROCCI_SERVER_IMAGE_FILTERING_IMAGE_LIST
ROCCI_SERVER_NETWORK_CREATE_ALLOWED
ROCCI_SERVER_NETWORK_DESTROY_ALLOWED
ROCCI_SERVER_NETWORK_DESTROY_VPN_GWS
- attribute
TODO: AuthN options