-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added new docs for huaweicloud cpi #568
Changes from 5 commits
b543c69
627b62c
3c7c0bb
6116b77
c7dbe06
77b005a
b61a91d
12b6349
7e856b0
1c38ffc
b3b4386
f43cd3e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,141 @@ | ||
This topic describes cloud properties for different resources created by the HuaweiCloud CPI. | ||
|
||
## AZs {: #azs } | ||
|
||
Schema for `cloud_properties` section: | ||
|
||
* **availability_zone** [String, required]: Availability zone to use for creating instances. Example: `cn-north-1b`. | ||
|
||
Example: | ||
|
||
```yaml | ||
azs: | ||
- name: z1 | ||
cloud_properties: | ||
availability_zone: cn-north-1b | ||
``` | ||
|
||
--- | ||
## Networks {: #networks } | ||
|
||
Schema for `cloud_properties` section used by dynamic network or manual network subnet: | ||
|
||
* **subnet_id** [String, required]: Subnet ID belong to VPC and the instance will be created. | ||
* **security_groups** [Array, optional]: Array of security group names or UUIDs to apply for all VMs that are placed on this subnet. | ||
|
||
Example of manual network: | ||
|
||
```yaml | ||
networks: | ||
- name: default | ||
type: manual | ||
subnets: | ||
- range: 10.10.0.0/24 | ||
gateway: 10.10.0.1 | ||
cloud_properties: | ||
subnet_id: 3c8632e2-d9ff-41b1-aa0c-d455557314a0 | ||
security_groups: [huaweicloud-security-group] | ||
``` | ||
|
||
Example of dynamic network: | ||
|
||
```yaml | ||
networks: | ||
- name: default | ||
type: dynamic | ||
cloud_properties: | ||
subnet_id: 3c8632e2-d9ff-41b1-aa0c-d455557314a0 | ||
``` | ||
|
||
|
||
--- | ||
## VM Types / VM Extensions {: #resource-pools } | ||
|
||
Schema for `cloud_properties` section: | ||
|
||
* **instance_type** [String, required]: Type of the instance. Example: `s3.large.2`. | ||
* **availability_zone** [String, required]: Availability zone to use for creating instances. Example: `cn-north-1b`. | ||
* **security_groups** [Array, optional]: Array of security group names or UUIDs to apply for all VMs that are placed on this network. Defaults to security groups specified by `default_security_groups` in the global CPI settings unless security groups are specified on one of the VM networks. If security groups are specified on a resource pool and a network, the resource pool security groups takes precedence since CPI v34+. In older CPI versions prior v34, security groups can either be specified for a network or a resource pool. Security group UUIDs can be used since CPI v39+. | ||
* **key_name** [String, optional]: Key pair name. Defaults to key pair name specified by `default_key_name` in the global CPI settings. Example: `bosh`. | ||
|
||
Example of an `s3.large.2` instance: | ||
|
||
```yaml | ||
resource_pools: | ||
- name: default | ||
network: default | ||
stemcell: | ||
name: bosh-huaweicloud-kvm-ubuntu-trusty-go_agent | ||
version: latest | ||
cloud_properties: | ||
instance_type: s3.large.2 | ||
availability_zone: cn-north-1b | ||
``` | ||
|
||
--- | ||
## Global Configuration {: #global } | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Could you please provide a schema for this global configuration section? Similarly to how keys in the cloud_properties have descriptions, it would be nice to have descriptions in these keys as well. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done in commit 12. Thanks |
||
Example with HuaweiCloud message: | ||
|
||
```yaml | ||
auth_url: https://iam.cn-north-1.myhwclouds.com | ||
username: test | ||
api_key: test_password | ||
tenant: test | ||
region: cn-north-1 | ||
default_key_name: bosh | ||
default_security_groups: [bosh] | ||
``` | ||
|
||
--- | ||
## Example Cloud Config {: #cloud-config } | ||
|
||
```yaml | ||
azs: | ||
- name: z1 | ||
cloud_properties: | ||
availability_zone: cn-north-1a | ||
- name: z2 | ||
cloud_properties: | ||
availability_zone: cn-north-1b | ||
|
||
vm_types: | ||
- name: default | ||
cloud_properties: | ||
instance_type: s2.large.2 | ||
- name: large | ||
cloud_properties: | ||
instance_type: s2.xlarge.2 | ||
|
||
disk_types: | ||
- name: default | ||
disk_size: 3000 | ||
- name: large | ||
disk_size: 50_000 | ||
|
||
networks: | ||
- name: default | ||
type: manual | ||
subnets: | ||
- range: 10.10.0.0/24 | ||
gateway: 10.10.0.1 | ||
az: z1 | ||
dns: [8.8.8.8] | ||
cloud_properties: | ||
subnet_id: 3c8632e2-d9ff-41b1-aa0c-d455557314a0 | ||
- range: 10.10.1.0/24 | ||
gateway: 10.10.1.1 | ||
az: z2 | ||
dns: [8.8.8.8] | ||
cloud_properties: | ||
subnet_id: wu2b22e2-dl39-cl3m-340c-d4jdu839mda0 | ||
- name: vip | ||
type: vip | ||
|
||
compilation: | ||
workers: 5 | ||
reuse_compilation_vms: true | ||
az: z1 | ||
vm_type: large | ||
network: default | ||
``` |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
This document shows how to set up new [environment](terminology.md#environment) on HuaweiCloud Cloud (HuaweiCloud) | ||
## Step 1: Prepare an HuaweiCloud Account {: #prepare-HuaweiCloud } | ||
If you do not have an HuaweiCloud account, [create one](https://reg.huaweicloud.com/registerui/public/custom/register.html?locale=zh-cn#/register). | ||
To configure your HuaweiCloud account: | ||
* [Obtain HuaweiCloud credentials](#credentials) | ||
* [Create a Virtual Private Cloud (VPC)](#create-vpc) | ||
* [Create an Elastic IP](#create-eip) | ||
* [Create a Key Pair](#create-key-pair) | ||
* [Create and Configure Security Group](#create-security) | ||
--- | ||
### Obtain HuaweiCloud Credentials {: #credentials } | ||
Follow [Creating Users](https://console.huaweicloud.com/iam/#/myCredential) to obtain the username and account. | ||
--- | ||
### Create a Virtual Private Cloud (VPC) {: #create-vpc } | ||
1. Log on to the [VPC console](https://console.huaweicloud.com/vpc). | ||
1. Select the region of the VPC. The VPC and the cloud resources to deploy must be in the same region. | ||
1. Click Create VPC, configure the VPC according to the following information, and click OK. | ||
See [Create a VPC](https://console.huaweicloud.com/vpc/?region=cn-north-1&locale=en-us#/vpc/createVpc). | ||
--- | ||
### Create an Elastic IP {: #create-eip } | ||
1. On the VPC Dashboard, click **Elastic IPs** and click **Create EIP**. | ||
1. Configure the EIP according to the following information, and then click **Buy Now** to complete the payment. | ||
See [Create an EIP](https://www.huaweicloud.com/en-us/product/eip.html). | ||
--- | ||
### Create a Key Pair {: #create-key-pair } | ||
1. Log on to the [ECS console](https://auth.huaweicloud.com/authui/login.action?locale=en-us#/login). | ||
1. On the ECS Dashboard, In the left-side navigation pane, choose **Key Pairs**. | ||
1. On the Key Pairs page, click **Create Key Pair**. | ||
1. On the Create Key Pair page, enter a name for the key pair, and click **OK**. | ||
1. Save private key to `~/Downloads/bosh.pem`. | ||
See [Create an SSH key pair](https://support.huaweicloud.com/en-us/dew_faq/dew_01_0063.html) | ||
--- | ||
### Create and Configure Security Group {: #create-security } | ||
Log on to the VPC console. | ||
In the left-side navigation pane, select Network > > Virtual Private Cloud > > Security group. | ||
1. On the VPC Dashboard, select **Security group**. | ||
1. Select a region and then click **Create Security Group**. | ||
1. Complete the Create Security Group form with the following information: | ||
* **Security group name**: bosh | ||
* **Description**: BOSH deployed VMs | ||
* **VPC**: Select the "bosh" VPC that you created in [Create a Virtual Private Cloud](#create-vpc). | ||
1. Select the created security group with group name "bosh", in the Actions column click Configure Rules. | ||
1. On the Security Group Rules page, click Add Security Group Rules. | ||
1. Fill out the Edit inbound rules form and click **Save**. | ||
!!! note | ||
It highly discouraged to run any production environment with <code>0.0.0.0/0</code> source or to make any BOSH management ports publicly accessible. | ||
<table border="1" class="nice"> | ||
<tr> | ||
<th>Type</th> | ||
<th>Port Range</th> | ||
<th>Source</th> | ||
<th>Purpose</th> | ||
</tr> | ||
<tr><td>Custom TCP Rule</td><td>22</td><td>(My IP)</td><td>SSH access from CLI</td></tr> | ||
<tr><td>Custom TCP Rule</td><td>6868</td><td>(My IP)</td><td>BOSH Agent access from CLI</td></tr> | ||
<tr><td>Custom TCP Rule</td><td>25555</td><td>(My IP)</td><td>BOSH Director access from CLI</td></tr> | ||
<tr><td>All TCP</td><td>0 - 65535</td><td>ID of this security group</td><td>Management and data access</td></tr> | ||
<tr><td>All UDP</td><td>0 - 65535</td><td>ID of this security group</td><td>Management and data access</td></tr> | ||
</table> | ||
See [Creating a Security Group](https://www.alibabacloud.com/help/doc-detail/25468.htm) | ||
See [Add security group rules](https://www.alibabacloud.com/help/doc-detail/25471.htm) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. These links link to Alicloud's documentation. Is this intentional? |
||
--- | ||
## Step 2: Deploy {: #deploy } | ||
1. Install [CLI v2](cli-v2.md). | ||
1. Use `bosh create-env` command to deploy the Director. | ||
```shell | ||
# Create directory to keep state | ||
$ mkdir bosh-1 && cd bosh-1 | ||
# Clone Director templates | ||
$ git clone https://github.com/cloudfoundry/bosh-deployment | ||
# Fill below variables (replace example values) and deploy the Director | ||
$ bosh create-env bosh-deployment/bosh.yml --state=state.json \ | ||
--vars-store=creds.yml \ | ||
-o bosh-deployment/huaweicloud/cpi.yml \ | ||
-v director_name=my-bosh \ | ||
-v internal_cidr=192.168.0.0/24 \ | ||
-v internal_gw=192.168.0.1 \ | ||
-v internal_ip=192.168.0.2 \ | ||
-v subnet_id=... \ | ||
-v default_security_groups=[bosh] \ | ||
-v region=cn-north-1 \ | ||
-v auth_url=https://iam.cn-north-1.myhwclouds.com/v3 \ | ||
-v az=cn-north-1a \ | ||
-v default_key_name=bosh \ | ||
-v huaweicloud_password=... \ | ||
-v huaweicloud_username=... \ | ||
-v huaweicloud_domain=... \ | ||
-v huaweicloud_project=cn-north-1 \ | ||
-v private_key=bosh.pem | ||
|
||
``` | ||
If running above commands outside of an HuaweiCloud VPC, refer to [Exposing environment on a public IP](init-external-ip.md) for additional CLI flags. | ||
See [HuaweiCloud CPI errors](HuaweiCloud-cpi-errors.md) for list of common errors and resolutions. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done Thanks |
||
1. Connect to the Director. | ||
```shell | ||
# Configure local alias | ||
$ bosh alias-env bosh-1 -e 10.0.0.6 --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca) | ||
# Log in to the Director | ||
$ export BOSH_CLIENT=admin | ||
$ export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password` | ||
# Query the Director for more info | ||
$ bosh -e bosh-1 env | ||
``` | ||
1. Save the deployment state files left in your deployment directory `bosh-1` so you can later update/delete your Director. See [Deployment state](cli-envs.md#deployment-state) for details. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We found this sentence to be slightly unclear, do you mean more like something along the lines of: "Subnet ID in which the instances will be created" ?