The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "rOCCI:ROCCI-cli AWS Examples"
Jump to navigation
Jump to search
| (14 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
This page gives simple examples of using the OCCI gateway to Amazon Services as presented at the [https://indico.egi.eu/indico/event/3249/ 2017 EGI Conference and Indigo Summit]. You have been probably redirected here through a QR code. | This page gives simple examples of using the OCCI gateway to Amazon Services as presented at the [https://indico.egi.eu/indico/event/3249/ 2017 EGI Conference and Indigo Summit]. You have been probably redirected here through a QR code. | ||
= Prerequisites = | = Prerequisites = | ||
| Line 5: | Line 6: | ||
You need: | You need: | ||
* a VOMS proxy certificate. The following examples expect it to be located in file <code>/tmp/x509up_u`id -u`</code> | * '''a VOMS proxy certificate'''. The following examples expect it to be located in file <code>/tmp/x509up_u`id -u`</code> | ||
* an OCCI client or an HTTP client | ** Access allowed for members of VOs <code>[https://voms01.ncg.ingrid.pt:8443/voms/indigo/ indigo]</code> and <code>[https://perun.metacentrum.cz/perun-registrar-cert/?vo=fedcloud.egi.eu fedcloud.egi.eu]</code> | ||
* an '''OCCI client''' or at least an '''HTTP client''' | |||
** Examples given here use the ''rOCCI-cli'' client (available either from the [https://appdb.egi.eu/store/software/rocci.cli EGI AppDB] or from [https://github.com/EGI-FCTF/rOCCI-cli GitHub]). | ** Examples given here use the ''rOCCI-cli'' client (available either from the [https://appdb.egi.eu/store/software/rocci.cli EGI AppDB] or from [https://github.com/EGI-FCTF/rOCCI-cli GitHub]). | ||
** Simple HTTPs client such as <code>curl</code> may also be used for rudimentary management. | ** Simple HTTPs client such as <code>curl</code> may also be used for rudimentary management. | ||
| Line 14: | Line 16: | ||
== Listing Available Images == | == Listing Available Images == | ||
Note that the full list of images available from EC2 is extremely exhaustive. The EC2 backend for {{rOCCI:rOCCI logo}}-server supports filtering so that VO admins may limit the list of images that are displayed to theirs users. | |||
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource os_tpl | occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource os_tpl | ||
| Line 43: | Line 47: | ||
== Creating a Virtual Machine == | == Creating a Virtual Machine == | ||
EC2 supports ''cloud-init'' but does not support simple setting of SSH keys. Therefore we need to go through the <code>--user-data</code> option and a ''cloud-init' file. | |||
printf "#cloud-config\nusers:\n - name: ubuntu\n ssh-authorized-keys:\n - `cat ~/.ssh/id_rsa.pub`\n" > /tmp/VMby${USER}.conf | |||
VMID=$(occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action create --resource compute \ | VMID=$(occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action create --resource compute \ | ||
--mixin os_tpl#ami-971238f1 --mixin resource_tpl#t2_micro --attribute occi.core.title="VMby${USER}" \ | --mixin os_tpl#ami-971238f1 --mixin resource_tpl#t2_micro --attribute occi.core.title="VMby${USER}" \ | ||
--context | --context user_data="file:///tmp/VMby${USER}.conf" --link /network/vpc-e2e4f686) | ||
'''Or''' | '''Or''' | ||
printf "#cloud-config\nusers:\n - name: ubuntu\n ssh-authorized-keys:\n - `cat ~/.ssh/id_rsa.pub`\n" > /tmp/VMby${USER}.conf | |||
VMUUID=`uuidgen` | VMUUID=`uuidgen` | ||
LNKUUID=`uuidgen` | LNKUUID=`uuidgen` | ||
| Line 55: | Line 63: | ||
Category: t2_micro;scheme="http://schemas.ec2.aws.amazon.com/occi/infrastructure/resource_tpl#";class="mixin" | Category: t2_micro;scheme="http://schemas.ec2.aws.amazon.com/occi/infrastructure/resource_tpl#";class="mixin" | ||
Category: ami-971238f1;scheme="http://occi.awsocci.cesnet.cz/occi/infrastructure/os_tpl#";class="mixin" | Category: ami-971238f1;scheme="http://occi.awsocci.cesnet.cz/occi/infrastructure/os_tpl#";class="mixin" | ||
Category: | Category: user_data;scheme="http://schemas.openstack.org/compute/instance#";class="mixin";location="/mixin/user_data/";title="OS contextualization mixin" | ||
X-OCCI-Attribute: occi.core.id="${VMUUID}" | X-OCCI-Attribute: occi.core.id="${VMUUID}" | ||
X-OCCI-Attribute: occi.core.title="VMby${USER}" | X-OCCI-Attribute: occi.core.title="VMby${USER}" | ||
X-OCCI-Attribute: occi.compute.hostname="VMby${USER}" | X-OCCI-Attribute: occi.compute.hostname="VMby${USER}" | ||
X-OCCI-Attribute: org.openstack. | X-OCCI-Attribute: org.openstack.compute.user_data="`base64 -w 0 /tmp/VMby${USER}.conf`" | ||
Link: </network/vpc-e2e4f686>;rel="http://schemas.ogf.org/occi/infrastructure#network";self="/link/networkinterface/${LNKUUID}";category="http://schemas.ogf.org/occi/infrastructure#networkinterface";occi.core.id="${LNKUUID}";occi.core.target="/network/vpc-e2e4f686";occi.core.source="/compute/${VMUUID}" | Link: </network/vpc-e2e4f686>;rel="http://schemas.ogf.org/occi/infrastructure#network";self="/link/networkinterface/${LNKUUID}";category="http://schemas.ogf.org/occi/infrastructure#networkinterface";occi.core.id="${LNKUUID}";occi.core.target="/network/vpc-e2e4f686";occi.core.source="/compute/${VMUUID}" | ||
EOF | EOF | ||
Latest revision as of 09:52, 25 September 2017
This page gives simple examples of using the OCCI gateway to Amazon Services as presented at the 2017 EGI Conference and Indigo Summit. You have been probably redirected here through a QR code.
Prerequisites
You need:
- a VOMS proxy certificate. The following examples expect it to be located in file
/tmp/x509up_u`id -u`- Access allowed for members of VOs
indigoandfedcloud.egi.eu
- Access allowed for members of VOs
- an OCCI client or at least an HTTP client
- an SSH key pair (in case you really wish to log into your virtual machines). The following examples expect your public key to be located in
~/.ssh/id_rsa.pub
Examples
Listing Available Images
Note that the full list of images available from EC2 is extremely exhaustive. The EC2 backend for rOCCI-server supports filtering so that VO admins may limit the list of images that are displayed to theirs users.
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource os_tpl
Or
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/-/ | \ grep 'occi/infrastructure#os_tpl'
Listing Available Resource Sizes
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource resource_tpl
Or
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/-/ | \ grep 'occi/infrastructure#resource_tpl'
Listing Available Networks
AWS EC2 does not attach your VM to a default network (VPC). You must choose one every time.
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action list --resource network
Or
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET https://awsocci.cesnet.cz:11443/network/
Creating a Virtual Machine
EC2 supports cloud-init but does not support simple setting of SSH keys. Therefore we need to go through the --user-data option and a cloud-init' file.
printf "#cloud-config\nusers:\n - name: ubuntu\n ssh-authorized-keys:\n - `cat ~/.ssh/id_rsa.pub`\n" > /tmp/VMby${USER}.conf
VMID=$(occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action create --resource compute \
--mixin os_tpl#ami-971238f1 --mixin resource_tpl#t2_micro --attribute occi.core.title="VMby${USER}" \
--context user_data="file:///tmp/VMby${USER}.conf" --link /network/vpc-e2e4f686)
Or
printf "#cloud-config\nusers:\n - name: ubuntu\n ssh-authorized-keys:\n - `cat ~/.ssh/id_rsa.pub`\n" > /tmp/VMby${USER}.conf
VMUUID=`uuidgen`
LNKUUID=`uuidgen`
VMID=$(cat << EOF | curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/plain' --data-binary @- -X POST https://awsocci.cesnet.cz:11443/compute/ | awk '{print $2}'
Category: compute; scheme="http://schemas.ogf.org/occi/infrastructure#"; class="kind"
Category: t2_micro;scheme="http://schemas.ec2.aws.amazon.com/occi/infrastructure/resource_tpl#";class="mixin"
Category: ami-971238f1;scheme="http://occi.awsocci.cesnet.cz/occi/infrastructure/os_tpl#";class="mixin"
Category: user_data;scheme="http://schemas.openstack.org/compute/instance#";class="mixin";location="/mixin/user_data/";title="OS contextualization mixin"
X-OCCI-Attribute: occi.core.id="${VMUUID}"
X-OCCI-Attribute: occi.core.title="VMby${USER}"
X-OCCI-Attribute: occi.compute.hostname="VMby${USER}"
X-OCCI-Attribute: org.openstack.compute.user_data="`base64 -w 0 /tmp/VMby${USER}.conf`"
Link: </network/vpc-e2e4f686>;rel="http://schemas.ogf.org/occi/infrastructure#network";self="/link/networkinterface/${LNKUUID}";category="http://schemas.ogf.org/occi/infrastructure#networkinterface";occi.core.id="${LNKUUID}";occi.core.target="/network/vpc-e2e4f686";occi.core.source="/compute/${VMUUID}"
EOF
)
Describing a Virtual Machine
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action describe --resource ${VMID}
Or
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X GET ${VMID}
Deleting a Virtual Machine
occi --endpoint https://awsocci.cesnet.cz:11443/ --auth x509 --user-cred /tmp/x509up_u`id -u` --voms --action delete --resource ${VMID}
Or
curl --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` -H 'Content-Type: text/occi' -X DELETE ${VMID}