Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time

Table of Contents

  1. Installing
  2. Usage
    1. Configuration
    2. General
      1. --help
      2. --output
      3. --no-format
      4. version
      5. version upgrade
      6. Completions
        1. Bash
        2. Bash (macOS/Homebrew)
        3. Fish
        4. Zsh
    3. Group Commands
      1. group list
      2. group info
      3. group create
      4. group update
      5. group delete
      6. group list-allowed-clusters
    4. Cluster Commands
      1. cluster list
      2. cluster info
      3. cluster create
      4. cluster update
      5. cluster delete
      6. cluster list-allowed
      7. cluster allow-group
      8. cluster deny-group
      9. cluster list-group-allowed-apps
      10. cluster allow-group-app
      11. cluster deny-group-app
      12. cluster ping
    5. Application Commands
      1. app list
      2. app info
      3. app get-conf
      4. app install
      5. app versions
    6. Application Instance Commands
      1. instance list
      2. instance info
      3. instance restart
      4. instance delete
      5. instance logs
      6. instance scale
    7. User Commands
      1. whoami
      2. user list
      3. user info
      4. user update
      5. user groups
      6. user add-to-group
      7. user remove-from-group
      8. user delete
      9. user replace-token
    8. Secret Commands
      1. secret list
      2. secret create
      3. secret copy
      4. secret delete
      5. secret info
    9. Volume Commands
      1. volume list
      2. volume create
      3. volume delete
      4. volume info

Installing

Pre-built binaries are available for Linux and for Mac OS (versions >=10.9 are supported).

Usage

Configuration

slate expects to read your SLATE access token from the file $HOME/.slate/token (which should have permissions set so that it is only readable by you), and the address at which to contact the SLATE API server from $HOME/.slate/endpoint. (Both of these sources of input can be overridden by environment variables and command line options if you so choose.)

General

The SLATE client tool provides a hierarchy of subcommands for actions and categories of actions. Option values can follow a space or an equal (e.g. slate --width 80 or slate --width=80). Some options have both a short and a long form (e.g. slate -h or slate --help).

--help

A help message can be generated for each command and subcommand.

Examples:

$ slate --help
SLATE command line interface
Usage: slate [OPTIONS] SUBCOMMAND

Options:
  -h,--help                   Print this help message and exit
  --no-format                 Do not use ANSI formatting escape sequences in output
  --width UINT                The maximum width to use when printing tabular output
  --api-endpoint URL (Env:SLATE_API_ENDPOINT)
                              The endpoint at which to contact the SLATE API server
  --api-endpoint-file PATH (Env:SLATE_API_ENDPOINT_PATH)
                              The path to a file containing the endpoint at which to contact the SLATE API server. 	The contents of this file are overridden by --api-endpoint if that option is specified. Ignored if the specified 	file does not exist.
  --credential-file PATH (Env:SLATE_CRED_PATH)
                              The path to a file containing the credentials to be presented to the SLATE API server
  --output TEXT               The format in which to print output (can be specified as no-headers, json, jsonpointer, jsonpointer-file, custom-columns, or custom-columns-file)

Subcommands:
  version                     Print version information
  completion                  Print a shell completion script
  group                       Manage SLATE groups
  cluster                     Manage SLATE clusters
  app                         View and install SLATE applications
  instance                    Manage SLATE application instances
  secret                      Manage SLATE secrets

$ slate app --help
View and install SLATE applications
Usage: slate app [OPTIONS] SUBCOMMAND

Options:
  -h,--help                   Print this help message and exit

Subcommands:
  list                        List available applications
  get-conf                    Get the configuration template for an application
  install                     Install an instance of an application

--output

The output produced can be given in specified formats rather than the default tabular format, including in JSON format, in tabular format with custom columns, and as a single specified JSON Pointer value.

The supported option values are:

  • json - format output as JSON

Example:

$ slate --output json group list
[{"apiVersion":"v1alpha3","kind":"Group","metadata":{"id":"group_PTsReW02sI8","name":"slate-dev"}}]
  • custom-columns=column specification - format output in tabular form according to given column specification

The column specification must be given in the format:

Header:Attribute,Header:Attribute

Each attribute given must be in the form of a JSON Pointer.

Example:

$ slate --output custom-columns=Name:/metadata/name,ID:/metadata/id group list
Name      ID
slate-dev group_PTsReW02sI8
  • custom-columns-file=file with column specification - format output in tabular form according to the column specification in given file

File must be formatted with headings in the first line and the corresponding attribute in the form of a JSON Pointer beneath the header included in the file.

Example file:

Name		ID
/metadata/name 	/metadata/id

Example (for file columns.txt as the above example file):

$ slate --output custom-columns-file=columns.txt group list
Name      ID
slate-dev group_PTsReW02sI8
  • no-headers - format output in default tabular form with headers suppressed

Example:

$ slate --output no-headers group list
slate-dev group_PTsReW02sI8
  • jsonpointer=pointer specification - output the value of given JSON Pointer

Example:

$ slate --output jsonpointer=/items/0/metadata/name group list
slate-dev
  • jsonpointer-file=file with pointer specification - output the value of the JSON Pointer in the given file

Example file:

/items/0/metadata/id

Example (for file pointer.txt as the above example file):

$ slate --output jsonpointer=pointer.txt group list
group_PTsReW02sI8

--no-format

This flag can be used to suppress the use of ANSI terminal codes for styled text in the default output format. Text styling is automatically disabled when slate detects that its output is not going to an interactive terminal.

version

This command simply prints version information and exits.

version upgrade

This command summarizes the current version information (exactly the same as version), checks for a newer version of slate, and optionally installs it if it is found.

Completions

The slate client comes bundled with completions for several different shells. These will allow you to "tab complete" each of the slate commands. Completions are bundled for Bash, Fish and Zsh, and are output to stdout by the slate completion subcommand. Where the completions are placed will depend on which shell and operating system you are using.

Here are common setups for the supported shells and operating systems.

Bash

You can temporarily test the completions by sourceing them.

$ source <(slate completion bash)

Completions for system commands are usually stored in /etc/bash_completion.d, but can also be stored in ~/.local/share/bash-completion/completions for user-specific commands. In order to have completions for slate autoloaded, run:

$ mkdir -p ~/.local/share/bash-completion/completions
$ slate completion bash > ~/.local/share/bash-completion/completions/slate

Note you will have to restart your shell for the changes to take affect.

$ exec bash

Bash (macOS/Homebrew)

Homebrew stores bash completion files within the Homebrew directory. With the bash-completion brew formula installed, run the command:

$ mkdir -p $(brew --prefix)/etc/bash_completion.d
$ slate completion bash > $(brew --prefix)/etc/bash_completion.d/slate.bash-completion

As before, you will have to restart your shell.

Fish

Fish completion files are commonly stored in ~/.config/fish/completions. You can source the completions for temporary use by running the command:

$ slate completion fish | source

Or to install them persistently run:

$ mkdir -p ~/.config/fish/completions
$ slate completion fish > ~/.config/fish/completions/slate.fish

And restart your shell.

Zsh

Zsh completions are commonly stored in any directory listed in your $fpath variable. To use these completions, you must either add the generated script to one of those directories, or add your own to this list.

Adding a custom directory is often the safest bet. For example, if you wish to use ~/.zfunc, first run:

$ mkdir ~/.zfunc

Then add the following lines to your .zshrc just before compinit:

fpath+=~/.zfunc

Now you can install the completion script using the following command:

$ slate completion zsh > ~/.zfunc/_slate

Then restart your shell.

Group Commands

These commands allow the user to create/list/delete vos on the SLATE platform. Group names and IDs are each, and may be used interchangeably.

group list

Lists the currently available groups.

Example:

$ slate group list
Name       ID
slate-dev  group_PTsReW02sI8
another-group group_NUKQUeNjMMo

group info

Displays more detailed information about a single group.

Example:

$ slate group info slate-dev
Name      Field             Email            Phone        ID            
slate-dev Resource Provider slate@slateci.io 312-555-5555 group_PTsReW02sI8
Description: SLATE platform development

group create

Creates a new group.

The --field option must be used to specify the field of science in which this group does its work. This can be 'Resource Provider' for groups which provide computing resources, rather than doing science research.

Example:

$ slate group create my-group --field chemistry
Successfully created group my-group with ID group_tHllvsT8fEk

group update

Update one or more of the properties of a group with new values. A group's contact email address, phone number, field of science, and description can be updated using this command.

Example:

$ slate group update my-group --email biochem@somewhere.edu --phone 773-555-5555 --field biochemistry --desc 'A biochemistry research group'
Successfully updated group my-group
$ slate group info my-vo
Name  Field        Email                 Phone        ID            
my-group Biochemistry biochem@somewhere.edu 773-555-5555 group_tHllvsT8fEk
Description: A biochemistry research group

group delete

Deletes a group.

Example:

$ slate group delete my-group
Are you sure you want to delete group group_tHllvsT8fEk (my-group)? y/[n]: y
Successfully deleted group my-group

group list allowed clusters

Lists all clusters that can be accessed from a single group (includes clusters that allow any group)

Example

$ slate group list-allowed-clusters my-group
Cluster              ID               
my-cluster           group_XXXXXXXXXXX
permissible-cluster  *

Cluster Commands

These commands allow the user to manage the clusters available on the SLATE platform. Cluster names and IDs are each, and may be used interchangeably.

cluster list

List the currently available clusters. Optionally limit the list to clusters which a particular group is allowed on, using the --group flag.

Example:

$ slate cluster list
Name          Admin     ID                                          
umich-prod    slate-dev cluster_WRb0f8mH9ak
uchicago-prod slate-dev cluster_yZroQR5mfBk
utah-bunt     slate-dev cluster_AoP8UISHZqU
utah-coreos   slate-dev cluster_vnYqjHgT5o0

For a Group called utah-group that is only allowed on utah-bunt and utah-coreos:

$ slate cluster list --group utah-group 
Name        Admin     ID                                          
utah-bunt   slate-dev cluster_AoP8UISHZqU
utah-coreos slate-dev cluster_vnYqjHgT5o0

cluster info

Displays detailed information about one cluster.

Example:

$ slate cluster info my-cluster
Name       Admin    Owner          ID                 
my-cluster my-group My Institution cluster_AEcDl9lh8fE

cluster create

Add a kubernetes cluster to the SLATE platform.

By default, this command relies on picking up the cluster to add from your curent environment. Before running this command you should verify that you have the correct cluster selected. kubectl config current-context and kubectl cluster-info may be good starting points to ensure that your kubeconfig is what you expect it to be.

When using this subcommand, a group must be specified. This will be the group which administers the cluster within SLATE, and only members of that group will be able to manipulate (i.e. delete) it and manage access to it. Additionally, the organization which owns the cluster (i.e. purchased its hardware) must be specified.

Example:

$ slate cluster create --group my-group --org "My Institution" my-cluster
...
Successfully created cluster my-cluster with ID cluster_AEcDl9lh8fE

cluster update

Update one or more of the properties of a cluster with new values. A cluster's contact owning organization and list of geographical locations can be updated using this command. Additionally, this command can be used (with the -r option) to update the Kubernetes configuration used to contact the cluster. This is useful if a cluster has moved to a different IP address, or has been destroyed and recreated but you wish to present it as logically the same within SLATE.

Example:

$ slate cluster update my-cluster --org "Other Institution" --location 45.787,-108.537
Successfully updated cluster my-cluster
$ slate cluster info my-cluster
Name       Admin    Owner             ID                 
my-cluster my-group Other Institution cluster_AEcDl9lh8fE

Latitude Longitude
45.787   -108.537 

cluster delete

Remove a cluster from the SLATE platform.

Only members of the group which owns a cluster may remove it.

Example:

$ slate cluster delete my-cluster
Are you sure you want to delete cluster cluster_yZroQR5mfBk (my-cluster) belonging to group my-group? y/[n]: y
Successfully deleted cluster my-cluster

cluster list-allowed

List all groups allowed to run applications on a cluster.

By default only the group which owns a cluster may run applications on it. Additional groups may be granted access using the cluster allow-group command.

Example:

$ slate cluster list-allowed my-cluster
Name      ID
slate-dev group_PTsReW02sI8

cluster allow-vo

Grant a group access to use a cluster.

Only members of the group which owns a cluster can grant access to it. Granting access to the special group pseudo-ID * will allow any group (including subsequently created groups) to use the cluster.

Example:

$ slate cluster allow-group my-cluster another-vo
Successfully granted group another-group access to cluster my-cluster
$ slate cluster list-allowed my-cluster
Name       ID
slate-dev  group_PTsReW02sI8
another-group group_NUKQUeNjMMo

cluster deny-vo

Revoke a group's access to use a cluster.

Only members of the group which owns a cluster can revoke access to it. The owning group's access cannot be revoked. Revoking access for the group pseudo-ID * removes permission for groups not specifically granted access to use the cluster.

Example:

$ slate cluster deny-group my-cluster another-vo
Successfully revoked Group another-group access to cluster my-cluster
$ slate cluster list-allowed my-cluster
Name       ID
slate-dev  group_PTsReW02sI8

cluster list-group-allowed-apps

List applications a group is allowed to use on a cluster.

By default, a group which has been granted access to a cluster may install any application there, but the cluster administrators may place restrictions on which applications the group may use. This command allows inspections of which restrictions, if any, are in effect.

Example:

$ slate cluster list-group-allowed-apps my-cluster my-vo
Name
<all>
$ slate cluster list-group-allowed-apps my-cluster another-vo
Name              
nginx             
osg-frontier-squid

cluster allow-group-app

Grant a group permission to use an application on a cluster.

By default, a group which has been granted access to a cluster may install any application there. Granting access to one or more specifically named applications replaces this universal permission with permission to use only the specific applications. Universal permission can be restored by granting permission for the special pseudo-application *.

Example:

$ slate cluster list-group-allowed-apps my-cluster another-vo
Name
<all>
$ ./slate cluster allow-group-app my-cluster another-group osg-frontier-squid
Successfully granted group another-group permission to use osg-frontier-squid on cluster my-cluster
$ slate cluster list-group-allowed-apps my-cluster another-vo
Name              
osg-frontier-squid
$ ./slate cluster allow-group-app my-cluster another-group '*'
Successfully granted Group another-group permission to use * on cluster my-cluster
$ ./slate cluster list-group-allowed-apps my-cluster another-vo
Name              
<all>

cluster deny-group-app

Remove a group's permission to use an application on a cluster.

By default, a group which has been granted access to a cluster may install any application there. This universal permission can be removed by denying permission for the special pseudo-application *, which also removes any permissions granted for specific applications. Permission can also be revoked for single applications.

Example:

$ slate cluster list-group-allowed-apps my-cluster another-vo
Name
<all>
$ ./slate cluster deny-group-app my-cluster another-group '*'
Successfully removed group another-group permission to use * on cluster my-cluster
$ slate cluster list-group-allowed-apps my-cluster another-vo
Name
$ ./slate cluster allow-group-app my-cluster another-group osg-frontier-squid
Successfully granted group another-group permission to use osg-frontier-squid on cluster my-cluster
$ ./slate cluster allow-group-app my-cluster another-group nginx
Successfully granted group another-group permission to use nginx on cluster my-cluster
$ ./slate cluster deny-group-app my-cluster another-group nginx
Successfully removed group another-group permission to use nginx on cluster my-cluster
$ slate cluster list-group-allowed-apps my-cluster another-vo
Name
osg-frontier-squid

cluster ping

Check whether the platform can connect to a cluster.

Example:

$ slate cluster ping cluster1
Cluster cluster1 is reachable
$ slate cluster ping cluster2
Cluster cluster2 is ot reachable

Application Commands

These commands allow the user to view available applications and install them on the SLATE platform.

app list

List the applications currently available for installation form the catalogue.

Example:

$ slate app list
Name               App Version Chart Version Description
jupyterhub         v0.8.1      v0.7-dev      Multi-user Jupyter installation                   
osiris-unis        1.0         0.1.0         Unified Network Information Service (UNIS)        
perfsonar          1.0         0.1.0         perfSONAR is a network measurement toolkit...

app info

Download the readme file for an application. The resulting data is written to stdout, although it can optionally be directed to a file.

Example:

./slate app info osg-frontier-squid
OSG Frontier Squid for Helm #

----
## Deployment
The application is packaged as osg-frontier-squid.

Deployments of this package will be labeled as `osg-frontier-squid-[Tag]`, where Tag is a required field in the values.yaml file.

Customization options are provided in the values.yaml file and can be overwritten by adjusting a copy of this file, and running `helm install osg-frontier-squid --values [myvalues].yaml` where myvalues is the name of your file.

For a comprehensive list of customization options and descriptions, please see the `values.yaml` file.

----
## Application
Frontier Squid is an HTTP cache, providing *quick access to recently downloaded data*.
...

app get-conf

Download the configuration file for an application for customization. The resulting data is written to stdout, it is useful in most cases to pipe it to a file where it can be edited and then used as an input for the app install command.

Example: $ slate app get-conf osg-frontier-squid # Instance to label use case of Frontier Squid deployment # Generates app name as "osg-frontier-squid-[Instance]" # Enables unique instances of Frontier Squid in one namespace Instance: global

Service:
  # Port that the service will utilize.
  Port: 3128
  # Controls whether the service is accessible from outside of the cluster.
  # Must be true/false
  ExternallyVisible: true

SquidConf:
  # The amount of memory (in MB) that Frontier Squid may use on the machine.
  # Per Frontier Squid, do not consume more than 1/8 of system memory with Frontier Squid
  CacheMem: 128
  # The amount of disk space (in MB) that Frontier Squid may use on the machine.
  # The default is 10000 MB (10 GB), but more is advisable if the system supports it.
  CacheSize: 10000

app install

Install an instance of an application to one of the clusters in the SLATE platform.

When using this subcommand, a group and a cluster must be specified. The group will be considered the owner of the resulting application instance (so only members of that group will be able to delete it), and the cluster is where the instance will be installed.

Details of how the application behaves can be customized by supplying a configuration file (with the --conf option), originally obtained using the app get-conf command.

To install more than one instance of the same application on the same cluster, a tag should be specified for at least one of them, by changing the value set for the Instance key in the configuration. This is simply a short, descriptive string which is appended to the instance name, both for uniqueness and convenience on the part of the user recognizing which instance is which.

After the instance is installed, it can be examined and manipulated using the instance family of commands.

Example:

$ slate app install --group my-group --cluster some-cluster osg-frontier-squid
Successfully installed application osg-frontier-squid as instance my-group-osg-frontier-squid-test with ID instance_UCqXH5OkMdo

In this case, the osg-frontier-squid application is installed with all configuration left set to defaults. The full instance name is the combination of the group name, the application name, and the user-supplied tag.

This command also has a second usage: To install a helm chart which is stored locally, rather than one published in the application catalog. This use is not permitted by default, but is enabled in testing environments like miniSLATE in order to allow application developers to test their charts. This special mode is triggered by using the --local option, which changes the interpretation of the specified application name from being a name to be looked up in the catalog to being a local filesystem path to the chart to be uploaded to the server and installed.

app versions

List all available versions of an application.

Example:

$ slate app versions nginx
1.2.0
1.10.11
1.10.10
1.10.9

The application versions reported by SLATE correspond to the underlying Helm Chart version. By default, the latest version of an application will be installed. It is possible to specify an older version during app installation by using --version.

Example:

$ slate app install --group my-group --cluster my-cluster nginx --version 1.10.11
Successfully installed application nginx as instance my-group-nginx-test with ID instance_MzqXfaHkpQi

Application Instance Commands

These commands allow the user to view and manipulate running application instances on the SLATE platform.

instance list

Lists the apllication instances which are currently running. At this time, commands which operate on particular instances require the instance ID, not the instance name.

Example:

$ slate instance list
Name                    Group     Cluster      ID
osg-frontier-squid-test slate-dev some-cluster instance_UCqXH5OkMdo

instance info

Get detailed information about a particular application instance.

Example:

./slate instance info instance_UCqXH5OkMdo
Name                    Started      Group    Cluster      ID
osg-frontier-squid-test 2018-Dec-03  my-group some-cluster instance_UCqXH5OkMdo
                        21:24:54 UTC                     

Services:
Name                    Cluster IP   External IP     ports         
osg-frontier-squid-test 10.98.10.193 192.170.227.240 3128:31052/TCP

Pods:
  osg-frontier-squid-test-5d58c88b5d-rj427
    Status: Running
    Created: 2018-12-03T21:24:55Z
    Host: some-node
    Host IP: 192.170.227.240
    Conditions: Initialized at 2018-12-03T21:24:56Z
                Ready at 2018-12-03T21:24:58Z
                ContainersReady at 2018-12-03T21:24:58Z
                PodScheduled at 2018-12-03T21:24:56Z
    Containers:
      fluent-bit
        State: running since 2018-12-03T21:24:57Z
        Ready: true
        Restarts: 0
        Image: fluent/fluent-bit:0.13.4
      osg-frontier-squid
        State: running since 2018-12-03T21:24:57Z
        Ready: true
        Restarts: 0
        Image: slateci/osg-frontier-squid:0.1

Configuration: (default)

instance restart

Stop and restart a running application instance.

Note that the 'start' time of the entire instance will not be changed, but the instance's pods and containers will all reflect the time at which it is restarted. However, the container restart count fetched from Kubernetes will not be incremented, rather it will be reset to zero, since technically the old containers were destroyed and entirely new ones created.

Example:

$ date -u
Thu Dec 06 20:16:49 UTC 2018
$ slate instance restart instance_UCqXH5OkMdo
Successfully restarted instance instance_UCqXH5OkMdo
./slate instance info instance_UCqXH5OkMdo
Name                    Started      Group    Cluster      ID
osg-frontier-squid-test 2018-Dec-03  my-group some-cluster instance_UCqXH5OkMdo
                        21:24:54 UTC                     

Services:
Name                    Cluster IP   External IP     ports         
osg-frontier-squid-test 10.98.10.193 192.170.227.240 3128:31052/TCP

Pods:
  osg-frontier-squid-test-5d58c88b5d-rj427
    Status: Running
    Created: 2018-12-06T20:16:55Z
    Host: some-node
    Host IP: 192.170.227.240
    Conditions: Initialized at 2018-12-06T20:16:56Z
                Ready at 2018-12-06T20:16:58Z
                ContainersReady at 2018-12-06T20:16:58Z
                PodScheduled at 2018-12-06T20:16:56Z
    Containers:
      fluent-bit
        State: running since 2018-12-06T20:16:57Z
        Ready: true
        Restarts: 0
        Image: fluent/fluent-bit:0.13.4
      osg-frontier-squid
        State: running since 2018-12-06T20:16:57Z
        Ready: true
        Restarts: 0
        Image: slateci/osg-frontier-squid:0.1

Configuration: (default)

instance delete

Delete an application instance. This operation is permanent, and the system will forget all configuration information for the instance once it is deleted. If you need this information, you should make sure you have it recorded before running this command (the instance info command may be useful here).

Example:

$ slate instance delete instance_UCqXH5OkMdo
Are you sure you want to delete instance instance_UCqXH5OkMdo (osg-frontier-squid-test) belonging to group my-group from cluster some-cluster? y/[n]: y
Successfully deleted instance instance_UCqXH5OkMdo

instance logs

Get the logs (standard output) from the pods in an instance. By default logs are fetched for all containers belonging to all pods which are part of the instance, and the 20 most recent lines of output are fetched from each log. The --container option can be used to request the log form just a particular container, and the --max-lines option can be used to change how much of the log is fetched.

Example:

$ slate instance logs instance_UCqXH5OkMdo
========================================
Pod: osg-frontier-squid-test-5f6c578fcc-hlwrc Container: osg-frontier-squid
2018/12/03 21:24:59| HTCP Disabled.
2018/12/03 21:24:59| Squid plugin modules loaded: 0
2018/12/03 21:24:59| Adaptation support is off.
2018/12/03 21:24:59| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 17 flags=9
2018/12/03 21:24:59| Done scanning /var/cache/squid dir (0 entries)
========================================
Pod: osg-frontier-squid-test-5f6c578fcc-hlwrc Container: fluent-bit
[2018/12/03 21:24:57] [ info] [engine] started (pid=1)
[2018/12/03 21:24:57] [ info] [http_server] listen iface=0.0.0.0 tcp_port=2020

Here, the instance has one pod with two containers, but neither has yet written anything to its log.

instance scale

This command can be used to both query the current number of replicas an application instance has and to change the number of replicas requested. The --replicas option is used to specify a new target number of replicas; if it is omitted no change is made and the current number of replicas is returned. The --deployment option can be used to select a deployment to scale if the application contains more than one, or to filter the output give by the query mode.

Example:

$ slate instance scale instance_UCqXH5OkMdo
Deployment              Replicas
osg-frontier-squid-test 1
$ slate instance scale instance_UCqXH5OkMdo --replicas 3
Successfully scaled instance_UCqXH5OkMdo to 3 replicas.
Deployment              Replicas
osg-frontier-squid-test 3       

User Commands

These commands allow managing SLATE users. In most cases these commands can either only be performed by administrators or by user acting on themselves.

whoami

Fetch and display the profile of the current acting user.

Example:

$ slate whoami
Name	    ID			Email		 Phone
John Doe    user_6sIv5Jk1fh2	johnd@gmail.com  555-5555
Institution 	   Token	 Admin
Univerity of Utah  a654e6517645  false
Groups
my-example-group
$

user list

List the name, ID, and institution of users on the federation or in a specific group. If you wish to filter by group you must first obtain the groups ID. Suppose in the example below that the ID of secret-group was group_h2PQlajt3gs

Example:

$ slate user list --group group_h2PQlajt3gs
Name	ID		  Institution
Roe	user_xyB76izLkR0  Univeristy of Michigan
Sierra	user_aJKHIas_Bn7  Univeristy of Michigan
Harvey	user_Yiq8coOk36l  Univeristy of Michigan
$

user info

Fetch info about a user. The output format is the same as slate whoami. Only admins can look up the information of other users.

Example:

$ slate user info user_aJKHIas_Bn7
Name	    ID			Email		 	Phone
Sierra      user_aJKHIas_Bn7	bunnyhater@gmail.com    012-3456
Institution 	   	Token	      Admin
Univerity of Michigan   a654e6517645  false
Groups
general-group
secret-group
$

user update

Update a user's profile. If no ID is specified, then this command assumes you intend to act on your own profile.

Examples (suppose you are user_fGlhw5v_Mq1):

$ slate user update --institution SLATE
Updating user...
Sending user config to SLATE server...
Successfully updated user_fGlhw5v_Mq1 (You - YourOrganization)
$ slate user update user_aJKHIas_Bn7 --email bunnylover@gmail.com --phone 221-012-3456
Updating user...
Sending user config to SLATE server...
Successfully updated user_aJKHIas_Bn7 (Sierra - University of Michigan)
$

user groups

List the groups a user belongs to. If no ID is specified the command assumes you wish to list the groups you belong to.

Example:

$ slate user groups user_aJKHIas_Bn7
Listing groups of user_aJKHIas_Bn7 (Sierra - University of Michigan)
Name		ID
general-group   group_UCqXH5OkMdo
secret-group	group_h2PQlajt3gs
$

user add-to-group

Add a user to a given group. In this case the first argument must be the user's ID, and the second must be either the group's ID or name.

Example:

$ slate user add-to-group user_6sIv5Jk1fh2 secret-group
Successfully added user_6sIv5Jk1fh2 (John Doe - University of Utah) to secret-group
$

user remove-from-group

Remove a user from a given group. In this case the first argument must be the user's ID, and the second must be either the group's ID or name.

Example:

$ slate user remove-from-group user_6sIv5Jk1fh2 secret-group
Successfully removed user_6sIv5Jk1fh2 (John Doe - University of Utah) from secret-group
$

user delete

Delete a user. This command will require confirmation.

Example:

$ slate user delete user_6sIv5Jk1fh2
Are you sure you want to delete user John Doe (University of Utah)? [Y/n]: y
Deleting user...
Successfully deleted user John Doe (University of Utah)
$

user replace-token

Regenerate a new authentication token for the given user. If no ID is given, it assumes you intend to replace your own token. If you do so, it will additionally prompt you if you would like to have your slate credentials file overwritten to reflect the change.

Example:

$ slate user replace-token
Are you sure you want to replace the token of You (YourOrganization)? [Y/n]: y
Sending request to SLATE server...
Successfully renewed token of user_fGlhw5v_Mq1 (You - YourOrganization) with token 5f6c578fcc
Token self-overwrite detected. Would you like to update your credentials file automatically? [Y/n]: y
Successfully updated user credentials file
$

Secret Commands

These commands allow managing sensitive data as kubernetes secrets. This is the recommanded method for making data such as passwords and certificates available to application instances. Secrets are only accessible to members of the group which owns them. See the Kubernetes documentation for more details of how pods can use secrets. Secrets installed through SLATE are also persisted in the SLATE central storage in encrypted form.

secret list

List the secrets installed for a particular Group, optionally limiting scope to a particular cluster.

Example:

$ slate secret list --group my-vo
Name     Created                  Group    Cluster  ID                                         
mysecret 2018-Aug-09 20:19:51 UTC my-group cluster1 secret_1OaTkAMfpdM
a-secret 2018-Aug-15 17:12:56 UTC my-group cluster2 secret_7sIv5NR1fhk
$ slate secret list --group my-group --cluster cluster2
Name     Created                  Group    Cluster  ID                                         
a-secret 2018-Aug-15 17:12:56 UTC my-group cluster2 secret_7sIv5NR1fhk

secret create

Install a secret on a cluster. The owning group for the secret must be specified as well as the cluster on which it will be placed. Because secrets are namespaced per-group and per-cluster names may be reused; within one group the same secret name may be used on many clusters, and secret names chosen by other groups do not matter. Secrets are structured as key, value mappings, so several pieces of data can be stored in a single secret if they are all intended to be used together. Any number of key, value pairs may be specified, however, the total data size (including keys, values, and the metadata added by SLATE) is limited to 400 KB.

Keys and values may be specified one pair at a time using --from-literal key=value. Value data can also be read from a file using --from-file, where the file's name is taken as the key. By default the file's base name (omitting the enclosing directory path), but this can be overridden: --from-file key=/actual/file/path. This is particularly useful if the file's original name contains charcters not permitted by kubernetes in secret keys (the allowed characters are [a-zA-Z0-9._-]). If the argument to --from-file is a directory, that directory will be scanned and each file it contains whose name meets the kubernetes key requirements will be read and added as a value. Finally, key, value pairs may be read in from a file with lines structured as key=value using the --from-env-file option. Any number and any combination of these options may be used to input all desired data. If the same key is specified more than once the result is not defined; it is recommended that this should be avoided.

Example:

$ slate secret create --group mv-group --cluster cluster1 important-words --from-literal=foo=bar --from-literal=baz=quux
Successfully created secret important-words with ID secret_Ae7-Nndg-yw

secret copy

Copy an existing secret to a new name or a different cluster. The source secret to be copied from must be specified by its ID, and the new secret's name follows the same rules as for direct creation. As with creating a secret directly, the Group which will own the new secret and the cluster on which the secret will be placed must be specified.

Examples:

$ slate secret copy secret_Ae7-Nndg-yw copied-secret --cluster cluster2 --group mv-vo
Successfully created secret copied-secret with ID secret_t23HkWWkxmg

secret delete

Remove a previously installed secret. Only members of the group which owns the secret may delete it.

Example:

$ slate secret delete secret_t23HkWWkxmg
Are you sure you want to delete instance secret_t23HkWWkxmg (osg-frontier-squid-test) belonging to group my-group from cluster cluster2? y/[n]: y
Successfully deleted secret secret_t23HkWWkxmg

secret info

Fetch the contents of a secret and its metadata. Only members of the group which owns the secret may view it.

Example:

$ slate secret info secret_Ae7-Nndg-yw
Name            Created                  Group    Cluster  ID                                         
important-words 2018-Aug-15 20:41:09 UTC my-group cluster1 secret_Ae7-Nndg-yw

Contents:
Key Value
foo bar  
baz quux 

Volume Commands

These commands allow management of PersistentVolumeClaim objects within Kubernetes. This is the recommanded method for making data such logs, output files, and other stateful information an application instance stores persistent accross restarts and upgrades of the application instance. The Volume can also be claimed by a new instance of the application. This allows an application to be reconfigured and retain old state. See the Kubernetes documentation for more details of how pods can use PersistentVolumeClaims. Volumes installed through SLATE are also persisted in the SLATE central storage.

volume list

List the volumes installed, optionally limiting scope to a particular cluster or group.

Example:

$  slate volume list --group slate-dev
Name          Cluster  StorageClass ID
sample-volume utah-dev local-path   volume_DECHfalVXIo
shared-volume utah-dev local-path   volume_fnOMajjeshA

volume create

Install a volume on a cluster. The owning group for the volume must be specified as well as the cluster on which it will be placed. Because volumes are namespaced per-group and per-cluster names may be reused; within one group the same volume name may be used on many clusters, and volume names chosen by other groups do not matter. Volumes represent a slice of storage on the cluster. That storage is provided by the StorageClass, which must be installed in Kubernetes by the Cluster Administrator.

Several special flags are required for volume creation:

--size represents the maximum size of the volume and can be specified in T, G, M, K, Ti, Gi, Mi, or Ki. See the Kubernetes documentation for more information on resource quantities in Kubernetes.

--storageClass represents the StorageClass in Kubernetes that will be used to provision the volume.

Several optional flags are available:

--accessMode represents the AccessMode of the volume and can be any of {ReadWriteOnce, ReadOnlyMany, ReadWriteMany}. ReadWriteOnce is the default. See the Kubernetes documentation for more details about AccessModes.

--volumeMode Kubernetes supports two volumeModes of PersistentVolumes: Filesystem and Block. Filesystem is always the default. See the Kubernetes documentation for more details about VolumeMode.

Example:

$ slate volume create my-volume --cluster my-cluster --group my-group --size 1M --storageClass local-path
Creating volume...
...
...
Successfully created volume my-volume with ID volume_aq1C4SckwBU

volume delete

Remove a previously installed volume. Only members of the group which owns the volume may delete it.

Example:

$ slate volume delete volume_aq1C4SckwBU
Are you sure you want to delete volume volume_aq1C4SckwBU (my-volume) belonging to group my-group? y/[n]: y
Successfully deleted volume volume_aq1C4SckwBU

volume info

Fetch details and status of a volume.

Example:

$ slate volume info volume_DECHfalVXIo
Name          Created                         Group     Cluster  ID
sample-volume 2020-Nov-10 18:47:55.590634 UTC my-group my-cluster volume_DECHfalVXIo

Details:
Storage Request Access Mode   Volume Mode Storage Class
12Mi            ReadWriteOnce Filesystem  local-path

Status:
Status
Pending