root / docs / admin-guide.rst @ 6d8a47d0
History | View | Annotate | Download (78 kB)
1 | bc055d09 | Constantinos Venetsanopoulos | .. _admin-guide: |
---|---|---|---|
2 | bc055d09 | Constantinos Venetsanopoulos | |
3 | bc055d09 | Constantinos Venetsanopoulos | Synnefo Administrator's Guide |
4 | bc055d09 | Constantinos Venetsanopoulos | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
5 | bc055d09 | Constantinos Venetsanopoulos | |
6 | bc055d09 | Constantinos Venetsanopoulos | This is the complete Synnefo Administrator's Guide. |
7 | bc055d09 | Constantinos Venetsanopoulos | |
8 | bc055d09 | Constantinos Venetsanopoulos | |
9 | 14267d89 | Constantinos Venetsanopoulos | .. _syn+archip: |
10 | bc055d09 | Constantinos Venetsanopoulos | |
11 | eab73849 | Constantinos Venetsanopoulos | General Synnefo Architecture |
12 | eab73849 | Constantinos Venetsanopoulos | ============================ |
13 | eab73849 | Constantinos Venetsanopoulos | |
14 | 14267d89 | Constantinos Venetsanopoulos | The following figure shows a detailed view of the whole Synnefo architecture |
15 | 14267d89 | Constantinos Venetsanopoulos | and how it interacts with multiple Ganeti clusters. We hope that after reading |
16 | 14267d89 | Constantinos Venetsanopoulos | the Administrator's Guide you will be able to understand every component and |
17 | 14267d89 | Constantinos Venetsanopoulos | all the interactions between them. |
18 | eab73849 | Constantinos Venetsanopoulos | |
19 | 301294a9 | Constantinos Venetsanopoulos | .. image:: images/synnefo-arch2.png |
20 | 16539dad | Kostas Papadimitriou | :width: 100% |
21 | 301294a9 | Constantinos Venetsanopoulos | :target: _images/synnefo-arch2.png |
22 | eab73849 | Constantinos Venetsanopoulos | |
23 | 14267d89 | Constantinos Venetsanopoulos | Synnefo also supports RADOS as an alternative storage backend for |
24 | 14267d89 | Constantinos Venetsanopoulos | Files/Images/VM disks. You will find the :ref:`corresponding figure |
25 | 14267d89 | Constantinos Venetsanopoulos | <syn+archip+rados>` later in this guide. |
26 | eab73849 | Constantinos Venetsanopoulos | |
27 | a1c707c9 | Constantinos Venetsanopoulos | |
28 | eab73849 | Constantinos Venetsanopoulos | Identity Service (Astakos) |
29 | eab73849 | Constantinos Venetsanopoulos | ========================== |
30 | f846d8df | Constantinos Venetsanopoulos | |
31 | f846d8df | Constantinos Venetsanopoulos | |
32 | eab73849 | Constantinos Venetsanopoulos | Authentication methods |
33 | 3a0ce98e | Constantinos Venetsanopoulos | ---------------------- |
34 | eab73849 | Constantinos Venetsanopoulos | |
35 | 3a0ce98e | Constantinos Venetsanopoulos | Astakos supports multiple authentication methods: |
36 | eab73849 | Constantinos Venetsanopoulos | |
37 | 3a0ce98e | Constantinos Venetsanopoulos | * local username/password |
38 | 3a0ce98e | Constantinos Venetsanopoulos | * LDAP / Active Directory |
39 | 3a0ce98e | Constantinos Venetsanopoulos | * SAML 2.0 (Shibboleth) federated logins |
40 | 3a0ce98e | Constantinos Venetsanopoulos | |
41 | 3a0ce98e | Constantinos Venetsanopoulos | |
42 | 3a0ce98e | Constantinos Venetsanopoulos | |
43 | eab73849 | Constantinos Venetsanopoulos | |
44 | eab73849 | Constantinos Venetsanopoulos | .. _shibboleth-auth: |
45 | eab73849 | Constantinos Venetsanopoulos | |
46 | eab73849 | Constantinos Venetsanopoulos | Shibboleth Authentication |
47 | 3a0ce98e | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~~~~~~~~~~~~~ |
48 | eab73849 | Constantinos Venetsanopoulos | |
49 | eab73849 | Constantinos Venetsanopoulos | Astakos can delegate user authentication to a Shibboleth federation. |
50 | eab73849 | Constantinos Venetsanopoulos | |
51 | eab73849 | Constantinos Venetsanopoulos | To setup shibboleth, install package:: |
52 | eab73849 | Constantinos Venetsanopoulos | |
53 | eab73849 | Constantinos Venetsanopoulos | apt-get install libapache2-mod-shib2 |
54 | eab73849 | Constantinos Venetsanopoulos | |
55 | eab73849 | Constantinos Venetsanopoulos | Change appropriately the configuration files in ``/etc/shibboleth``. |
56 | eab73849 | Constantinos Venetsanopoulos | |
57 | eab73849 | Constantinos Venetsanopoulos | Add in ``/etc/apache2/sites-available/synnefo-ssl``:: |
58 | eab73849 | Constantinos Venetsanopoulos | |
59 | eab73849 | Constantinos Venetsanopoulos | ShibConfig /etc/shibboleth/shibboleth2.xml |
60 | eab73849 | Constantinos Venetsanopoulos | Alias /shibboleth-sp /usr/share/shibboleth |
61 | eab73849 | Constantinos Venetsanopoulos | |
62 | fb814235 | Kostas Papadimitriou | <Location /ui/login/shibboleth> |
63 | eab73849 | Constantinos Venetsanopoulos | AuthType shibboleth |
64 | eab73849 | Constantinos Venetsanopoulos | ShibRequireSession On |
65 | eab73849 | Constantinos Venetsanopoulos | ShibUseHeaders On |
66 | eab73849 | Constantinos Venetsanopoulos | require valid-user |
67 | eab73849 | Constantinos Venetsanopoulos | </Location> |
68 | eab73849 | Constantinos Venetsanopoulos | |
69 | eab73849 | Constantinos Venetsanopoulos | and before the line containing:: |
70 | eab73849 | Constantinos Venetsanopoulos | |
71 | eab73849 | Constantinos Venetsanopoulos | ProxyPass / http://localhost:8080/ retry=0 |
72 | eab73849 | Constantinos Venetsanopoulos | |
73 | eab73849 | Constantinos Venetsanopoulos | add:: |
74 | eab73849 | Constantinos Venetsanopoulos | |
75 | eab73849 | Constantinos Venetsanopoulos | ProxyPass /Shibboleth.sso ! |
76 | f846d8df | Constantinos Venetsanopoulos | |
77 | eab73849 | Constantinos Venetsanopoulos | Then, enable the shibboleth module:: |
78 | eab73849 | Constantinos Venetsanopoulos | |
79 | eab73849 | Constantinos Venetsanopoulos | a2enmod shib2 |
80 | f846d8df | Constantinos Venetsanopoulos | |
81 | eab73849 | Constantinos Venetsanopoulos | After passing through the apache module, the following tokens should be |
82 | eab73849 | Constantinos Venetsanopoulos | available at the destination:: |
83 | eab73849 | Constantinos Venetsanopoulos | |
84 | eab73849 | Constantinos Venetsanopoulos | eppn # eduPersonPrincipalName |
85 | eab73849 | Constantinos Venetsanopoulos | Shib-InetOrgPerson-givenName |
86 | eab73849 | Constantinos Venetsanopoulos | Shib-Person-surname |
87 | eab73849 | Constantinos Venetsanopoulos | Shib-Person-commonName |
88 | eab73849 | Constantinos Venetsanopoulos | Shib-InetOrgPerson-displayName |
89 | eab73849 | Constantinos Venetsanopoulos | Shib-EP-Affiliation |
90 | eab73849 | Constantinos Venetsanopoulos | Shib-Session-ID |
91 | eab73849 | Constantinos Venetsanopoulos | |
92 | eab73849 | Constantinos Venetsanopoulos | Finally, add 'shibboleth' in ``ASTAKOS_IM_MODULES`` list. The variable resides |
93 | eab73849 | Constantinos Venetsanopoulos | inside the file ``/etc/synnefo/20-snf-astakos-app-settings.conf`` |
94 | eab73849 | Constantinos Venetsanopoulos | |
95 | e0975bbf | Sofia Papagiannaki | Twitter Authentication |
96 | 3a0ce98e | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~~~~~~~~~~ |
97 | e0975bbf | Sofia Papagiannaki | |
98 | e0975bbf | Sofia Papagiannaki | To enable twitter authentication while signed in under a Twitter account, |
99 | e0975bbf | Sofia Papagiannaki | visit dev.twitter.com/apps. |
100 | e0975bbf | Sofia Papagiannaki | |
101 | e0975bbf | Sofia Papagiannaki | Click Create an application. |
102 | e0975bbf | Sofia Papagiannaki | |
103 | e0975bbf | Sofia Papagiannaki | Fill the necessary information and for callback URL give:: |
104 | e0975bbf | Sofia Papagiannaki | |
105 | e0975bbf | Sofia Papagiannaki | https://node1.example.com/ui/login/twitter/authenticated |
106 | e0975bbf | Sofia Papagiannaki | |
107 | e0975bbf | Sofia Papagiannaki | Finally, add 'twitter' in ``ASTAKOS_IM_MODULES`` list. The variable resides |
108 | e0975bbf | Sofia Papagiannaki | inside the file ``/etc/synnefo/20-snf-astakos-app-settings.conf`` |
109 | e0975bbf | Sofia Papagiannaki | |
110 | e0975bbf | Sofia Papagiannaki | Google Authentication |
111 | 3a0ce98e | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~~~~~~~~~ |
112 | e0975bbf | Sofia Papagiannaki | |
113 | e0975bbf | Sofia Papagiannaki | To enable google authentication while signed in under a Google account, |
114 | e0975bbf | Sofia Papagiannaki | visit https://code.google.com/apis/console/. |
115 | e0975bbf | Sofia Papagiannaki | |
116 | e0975bbf | Sofia Papagiannaki | Under API Access select Create another client ID, select Web application, |
117 | e0975bbf | Sofia Papagiannaki | expand more options in Your site or hostname section and in Authorized |
118 | e0975bbf | Sofia Papagiannaki | Redirect URIs add: |
119 | e0975bbf | Sofia Papagiannaki | |
120 | e0975bbf | Sofia Papagiannaki | |
121 | e0975bbf | Sofia Papagiannaki | Fill the necessary information and for callback URL give:: |
122 | e0975bbf | Sofia Papagiannaki | |
123 | e0975bbf | Sofia Papagiannaki | https://node1.example.com/ui/login/google/authenticated |
124 | e0975bbf | Sofia Papagiannaki | |
125 | e0975bbf | Sofia Papagiannaki | Finally, add 'google' in ``ASTAKOS_IM_MODULES`` list. The variable resides |
126 | e0975bbf | Sofia Papagiannaki | inside the file ``/etc/synnefo/20-snf-astakos-app-settings.conf`` |
127 | e0975bbf | Sofia Papagiannaki | |
128 | eab73849 | Constantinos Venetsanopoulos | |
129 | eab73849 | Constantinos Venetsanopoulos | Working with Astakos |
130 | eab73849 | Constantinos Venetsanopoulos | -------------------- |
131 | eab73849 | Constantinos Venetsanopoulos | |
132 | 77186edf | Kostas Papadimitriou | User registration |
133 | 77186edf | Kostas Papadimitriou | ~~~~~~~~~~~~~~~~~ |
134 | f846d8df | Constantinos Venetsanopoulos | |
135 | 77186edf | Kostas Papadimitriou | When a new user signs up, he/she is not directly marked as active. You can see |
136 | 77186edf | Kostas Papadimitriou | his/her state by running (on the machine that runs the Astakos app): |
137 | f846d8df | Constantinos Venetsanopoulos | |
138 | f846d8df | Constantinos Venetsanopoulos | .. code-block:: console |
139 | f846d8df | Constantinos Venetsanopoulos | |
140 | 4404e02e | Ilias Tsitsimpis | $ snf-manage user-list |
141 | f846d8df | Constantinos Venetsanopoulos | |
142 | 77186edf | Kostas Papadimitriou | More detailed user status is provided in the `status` field of the `user-show` |
143 | 77186edf | Kostas Papadimitriou | command: |
144 | f846d8df | Constantinos Venetsanopoulos | |
145 | 77186edf | Kostas Papadimitriou | .. code-block:: console |
146 | f846d8df | Constantinos Venetsanopoulos | |
147 | 77186edf | Kostas Papadimitriou | $ snf-manage user-show <user-id> |
148 | f846d8df | Constantinos Venetsanopoulos | |
149 | 77186edf | Kostas Papadimitriou | id : 6 |
150 | 77186edf | Kostas Papadimitriou | uuid : 78661411-5eed-412f-a9ea-2de24f542c2e |
151 | 77186edf | Kostas Papadimitriou | status : Accepted/Active (accepted policy: manual) |
152 | 77186edf | Kostas Papadimitriou | email : user@synnefo.org |
153 | 77186edf | Kostas Papadimitriou | .... |
154 | f846d8df | Constantinos Venetsanopoulos | |
155 | 3a0ce98e | Constantinos Venetsanopoulos | Based on the `astakos-app` configuration, there are several ways for a user to |
156 | 3a0ce98e | Constantinos Venetsanopoulos | get verified and activated in order to be able to login. We discuss the user |
157 | 3a0ce98e | Constantinos Venetsanopoulos | verification and activation flow in the following section. |
158 | 77186edf | Kostas Papadimitriou | |
159 | 77186edf | Kostas Papadimitriou | User activation flow |
160 | eab73849 | Constantinos Venetsanopoulos | ```````````````````` |
161 | eab73849 | Constantinos Venetsanopoulos | |
162 | 77186edf | Kostas Papadimitriou | A user can register for an account using the astakos signup form. Once the form |
163 | 77186edf | Kostas Papadimitriou | is submited successfully a user entry is created in astakos database. That entry |
164 | 77186edf | Kostas Papadimitriou | is passed through the astakos activation backend which handles whether the user |
165 | 77186edf | Kostas Papadimitriou | should be automatically verified and activated. |
166 | 77186edf | Kostas Papadimitriou | |
167 | 77186edf | Kostas Papadimitriou | Email verification |
168 | 77186edf | Kostas Papadimitriou | `````````````````` |
169 | 77186edf | Kostas Papadimitriou | |
170 | 77186edf | Kostas Papadimitriou | The verification process takes place in order to ensure that the user owns the |
171 | 77186edf | Kostas Papadimitriou | email provided during the signup process. By default, after each successful |
172 | 77186edf | Kostas Papadimitriou | signup astakos notifies user with an verification url via email. |
173 | 77186edf | Kostas Papadimitriou | |
174 | 77186edf | Kostas Papadimitriou | At this stage: |
175 | 77186edf | Kostas Papadimitriou | |
176 | 77186edf | Kostas Papadimitriou | * subsequent registrations invalidate and delete the previous registrations |
177 | 77186edf | Kostas Papadimitriou | of the same email address. |
178 | 77186edf | Kostas Papadimitriou | |
179 | 77186edf | Kostas Papadimitriou | * in case user misses the initial notification, additional emails can be |
180 | 77186edf | Kostas Papadimitriou | send either via the url which is prompted to the user if he tries to |
181 | 77186edf | Kostas Papadimitriou | login, or by the administrator using the ``snf-manage user-activation-send |
182 | 77186edf | Kostas Papadimitriou | <userid>`` command. |
183 | 77186edf | Kostas Papadimitriou | |
184 | 77186edf | Kostas Papadimitriou | * administrator may also enforce a user to get verified using the |
185 | 77186edf | Kostas Papadimitriou | ``snf-manage user-modify --verify <userid>`` command. |
186 | 77186edf | Kostas Papadimitriou | |
187 | 77186edf | Kostas Papadimitriou | Account activation |
188 | 77186edf | Kostas Papadimitriou | `````````````````` |
189 | 77186edf | Kostas Papadimitriou | |
190 | 3a0ce98e | Constantinos Venetsanopoulos | Once the user gets verified, it is time for Astakos to decide whether or not to |
191 | 77186edf | Kostas Papadimitriou | proceed through user activation process. If ``ASTAKOS_MODERATION_ENABLED`` |
192 | 77186edf | Kostas Papadimitriou | setting is set to ``False`` (default value) user gets activated automatically. |
193 | 77186edf | Kostas Papadimitriou | |
194 | 3a0ce98e | Constantinos Venetsanopoulos | In case the moderation is enabled Astakos may still automatically activate the |
195 | 77186edf | Kostas Papadimitriou | user in the following cases: |
196 | 77186edf | Kostas Papadimitriou | |
197 | 77186edf | Kostas Papadimitriou | * User email matches any of the regular expressions defined in |
198 | 77186edf | Kostas Papadimitriou | ``ASTAKOS_RE_USER_EMAIL_PATTERNS`` (defaults to ``[]``) |
199 | 77186edf | Kostas Papadimitriou | * User used a signup method (e.g. ``shibboleth``) for which automatic |
200 | 77186edf | Kostas Papadimitriou | activation is enabled (see |
201 | 77186edf | Kostas Papadimitriou | :ref:`authentication methods policies <auth_methods_policies>`). |
202 | 77186edf | Kostas Papadimitriou | |
203 | 3a0ce98e | Constantinos Venetsanopoulos | If all of the above fail to trigger automatic activation, an email is sent to |
204 | 3a0ce98e | Constantinos Venetsanopoulos | the persons listed in ``HELPDESK``, ``MANAGERS`` and ``ADMINS`` settings, |
205 | 3a0ce98e | Constantinos Venetsanopoulos | notifing that there is a new user pending for moderation and that it's up to |
206 | 3a0ce98e | Constantinos Venetsanopoulos | the administrator to decide if the user should be activated. The UI also shows |
207 | 3a0ce98e | Constantinos Venetsanopoulos | a corresponding 'pending moderation' message to the user. The administrator can |
208 | 3a0ce98e | Constantinos Venetsanopoulos | activate a user using the ``snf-manage user-modify`` command: |
209 | 77186edf | Kostas Papadimitriou | |
210 | 77186edf | Kostas Papadimitriou | .. code-block:: console |
211 | 77186edf | Kostas Papadimitriou | |
212 | 77186edf | Kostas Papadimitriou | # command to activate a pending user |
213 | 77186edf | Kostas Papadimitriou | $ snf-manage user-modify --accept <userid> |
214 | 77186edf | Kostas Papadimitriou | |
215 | 77186edf | Kostas Papadimitriou | # command to reject a pending user |
216 | 77186edf | Kostas Papadimitriou | $ snf-manage user-modify --reject --reject-reason="spammer" <userid> |
217 | 77186edf | Kostas Papadimitriou | |
218 | 3a0ce98e | Constantinos Venetsanopoulos | Once the activation process finishes, a greeting message is sent to the user |
219 | 3a0ce98e | Constantinos Venetsanopoulos | email address and a notification for the activation to the persons listed in |
220 | 3a0ce98e | Constantinos Venetsanopoulos | ``HELPDESK``, ``MANAGERS`` and ``ADMINS`` settings. Once activated the user is |
221 | 3a0ce98e | Constantinos Venetsanopoulos | able to login and access the Synnefo services. |
222 | 77186edf | Kostas Papadimitriou | |
223 | 77186edf | Kostas Papadimitriou | Additional authentication methods |
224 | 77186edf | Kostas Papadimitriou | ````````````````````````````````` |
225 | 77186edf | Kostas Papadimitriou | |
226 | 77186edf | Kostas Papadimitriou | Astakos supports third party logins from external identity providers. This |
227 | 77186edf | Kostas Papadimitriou | can be usefull since it allows users to use their existing credentials to |
228 | 77186edf | Kostas Papadimitriou | login to astakos service. |
229 | 77186edf | Kostas Papadimitriou | |
230 | 77186edf | Kostas Papadimitriou | Currently astakos supports the following identity providers: |
231 | 77186edf | Kostas Papadimitriou | |
232 | 77186edf | Kostas Papadimitriou | * `Shibboleth <http://www.internet2.edu/shibboleth>`_ (module name |
233 | 77186edf | Kostas Papadimitriou | ``shibboleth``) |
234 | 77186edf | Kostas Papadimitriou | * `Google <https://developers.google.com/accounts/docs/OAuth2>`_ (module |
235 | 77186edf | Kostas Papadimitriou | name ``google``) |
236 | 77186edf | Kostas Papadimitriou | * `Twitter <https://dev.twitter.com/docs/auth>`_ (module name ``twitter``) |
237 | 77186edf | Kostas Papadimitriou | * `LinkedIn <http://developer.linkedin.com/documents/authentication>`_ |
238 | 77186edf | Kostas Papadimitriou | (module name ``linkedin``) |
239 | 77186edf | Kostas Papadimitriou | |
240 | 77186edf | Kostas Papadimitriou | To enable any of the above modules (by default only ``local`` accounts are |
241 | 77186edf | Kostas Papadimitriou | allowed), retrieve and set the required provider settings and append the |
242 | 77186edf | Kostas Papadimitriou | module name in ``ASTAKOS_IM_MODULES``. |
243 | 77186edf | Kostas Papadimitriou | |
244 | 77186edf | Kostas Papadimitriou | .. code-block:: python |
245 | 77186edf | Kostas Papadimitriou | |
246 | 77186edf | Kostas Papadimitriou | # settings from https://code.google.com/apis/console/ |
247 | 77186edf | Kostas Papadimitriou | ASTAKOS_GOOGLE_CLIENT_ID = '1111111111-epi60tvimgha63qqnjo40cljkojcann3.apps.googleusercontent.com' |
248 | 77186edf | Kostas Papadimitriou | ASTAKOS_GOOGLE_SECRET = 'tNDQqTDKlTf7_LaeUcWTWwZM' |
249 | 77186edf | Kostas Papadimitriou | |
250 | 77186edf | Kostas Papadimitriou | # let users signup and login using their google account |
251 | 77186edf | Kostas Papadimitriou | ASTAKOS_IM_MODULES = ['local', 'google'] |
252 | 77186edf | Kostas Papadimitriou | |
253 | 77186edf | Kostas Papadimitriou | |
254 | 77186edf | Kostas Papadimitriou | .. _auth_methods_policies: |
255 | 77186edf | Kostas Papadimitriou | |
256 | 77186edf | Kostas Papadimitriou | Authentication method policies |
257 | 77186edf | Kostas Papadimitriou | `````````````````````````````` |
258 | 77186edf | Kostas Papadimitriou | |
259 | 77186edf | Kostas Papadimitriou | Astakos allows you to override the default policies for each enabled provider |
260 | 77186edf | Kostas Papadimitriou | separately by adding the approriate settings in your ``.conf`` files in the |
261 | 77186edf | Kostas Papadimitriou | following format: |
262 | 77186edf | Kostas Papadimitriou | |
263 | 77186edf | Kostas Papadimitriou | **ASTAKOS_AUTH_PROVIDER_<module>_<policy>_POLICY** |
264 | 77186edf | Kostas Papadimitriou | |
265 | 77186edf | Kostas Papadimitriou | Available policies are: |
266 | 77186edf | Kostas Papadimitriou | |
267 | 77186edf | Kostas Papadimitriou | * **CREATE** Users can signup using that provider (default: ``True``) |
268 | 77186edf | Kostas Papadimitriou | * **REMOVE/ADD** Users can remove/add login method from their profile |
269 | 77186edf | Kostas Papadimitriou | (default: ``True``) |
270 | 77186edf | Kostas Papadimitriou | * **AUTOMODERATE** Automatically activate users that signup using that |
271 | 77186edf | Kostas Papadimitriou | provider (default: ``False``) |
272 | 77186edf | Kostas Papadimitriou | * **LOGIN** Whether or not users can use the provider to login (default: |
273 | 77186edf | Kostas Papadimitriou | ``True``). |
274 | 77186edf | Kostas Papadimitriou | |
275 | 77186edf | Kostas Papadimitriou | e.g. to enable automatic activation for your academic users, while keeping |
276 | 77186edf | Kostas Papadimitriou | locally signed up users under moderation you can apply the following settings. |
277 | 77186edf | Kostas Papadimitriou | |
278 | 77186edf | Kostas Papadimitriou | .. code-block:: python |
279 | 77186edf | Kostas Papadimitriou | |
280 | 77186edf | Kostas Papadimitriou | ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_AUTOMODERATE_POLICY = True |
281 | 77186edf | Kostas Papadimitriou | ASTAKOS_AUTH_PROVIDER_SHIBBOLETH_REMOVE_POLICY = False |
282 | 77186edf | Kostas Papadimitriou | |
283 | 3a0ce98e | Constantinos Venetsanopoulos | User login |
284 | 3a0ce98e | Constantinos Venetsanopoulos | ~~~~~~~~~~ |
285 | 3a0ce98e | Constantinos Venetsanopoulos | |
286 | 3a0ce98e | Constantinos Venetsanopoulos | During the logging procedure, the user is authenticated by the respective |
287 | 3a0ce98e | Constantinos Venetsanopoulos | identity provider. |
288 | 3a0ce98e | Constantinos Venetsanopoulos | |
289 | 3a0ce98e | Constantinos Venetsanopoulos | If ``ASTAKOS_RECAPTCHA_ENABLED`` is set and the user fails several times |
290 | 3a0ce98e | Constantinos Venetsanopoulos | (``ASTAKOS_RATELIMIT_RETRIES_ALLOWED`` setting) to provide the correct |
291 | 3a0ce98e | Constantinos Venetsanopoulos | credentials for a local account, he/she is then prompted to solve a captcha |
292 | 3a0ce98e | Constantinos Venetsanopoulos | challenge. |
293 | 3a0ce98e | Constantinos Venetsanopoulos | |
294 | 3a0ce98e | Constantinos Venetsanopoulos | Upon success, the system renews the token (if it has expired), logins the user |
295 | 3a0ce98e | Constantinos Venetsanopoulos | and sets the cookie, before redirecting the user to the ``next`` parameter |
296 | 3a0ce98e | Constantinos Venetsanopoulos | value. |
297 | eab73849 | Constantinos Venetsanopoulos | |
298 | 2988ae31 | Georgios D. Tsoukalas | Setting quota limits |
299 | 2988ae31 | Georgios D. Tsoukalas | ~~~~~~~~~~~~~~~~~~~~ |
300 | 2988ae31 | Georgios D. Tsoukalas | |
301 | 075b91de | Giorgos Korfiatis | Set default quota |
302 | 075b91de | Giorgos Korfiatis | ````````````````` |
303 | f72ba65d | Giorgos Korfiatis | To inspect current default base quota limits, run:: |
304 | 2988ae31 | Georgios D. Tsoukalas | |
305 | f72ba65d | Giorgos Korfiatis | # snf-manage resource-list |
306 | 2988ae31 | Georgios D. Tsoukalas | |
307 | d61d6007 | Giorgos Korfiatis | You can modify the default base quota limit for all future users with:: |
308 | 2988ae31 | Georgios D. Tsoukalas | |
309 | d61d6007 | Giorgos Korfiatis | # snf-manage resource-modify <resource_name> --default-quota <value> |
310 | 2988ae31 | Georgios D. Tsoukalas | |
311 | 075b91de | Giorgos Korfiatis | Set base quota for individual users |
312 | 075b91de | Giorgos Korfiatis | ``````````````````````````````````` |
313 | 2988ae31 | Georgios D. Tsoukalas | |
314 | 075b91de | Giorgos Korfiatis | For individual users that need different quota than the default |
315 | 2988ae31 | Georgios D. Tsoukalas | you can set it for each resource like this:: |
316 | 2988ae31 | Georgios D. Tsoukalas | |
317 | 075b91de | Giorgos Korfiatis | # use this to display quota / uuid |
318 | 075b91de | Giorgos Korfiatis | # snf-manage user-show 'uuid or email' --quota |
319 | 2988ae31 | Georgios D. Tsoukalas | |
320 | 45112d5a | Giorgos Korfiatis | # snf-manage user-modify <user-uuid> --base-quota 'cyclades.vm' 10 |
321 | 45112d5a | Giorgos Korfiatis | |
322 | 45112d5a | Giorgos Korfiatis | You can set base quota for all existing users, with possible exceptions, using:: |
323 | 45112d5a | Giorgos Korfiatis | |
324 | 45112d5a | Giorgos Korfiatis | # snf-manage user-modify --all --base-quota cyclades.vm 10 --exclude uuid1,uuid2 |
325 | 2988ae31 | Georgios D. Tsoukalas | |
326 | 5a0f9d6c | Giorgos Korfiatis | All quota for which values different from the default have been set, |
327 | 5a0f9d6c | Giorgos Korfiatis | can be listed with:: |
328 | 5a0f9d6c | Giorgos Korfiatis | |
329 | 5a0f9d6c | Giorgos Korfiatis | # snf-manage quota-list --with-custom=True |
330 | 5a0f9d6c | Giorgos Korfiatis | |
331 | 2988ae31 | Georgios D. Tsoukalas | |
332 | 2988ae31 | Georgios D. Tsoukalas | Enable the Projects feature |
333 | 2988ae31 | Georgios D. Tsoukalas | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
334 | 2988ae31 | Georgios D. Tsoukalas | |
335 | 2988ae31 | Georgios D. Tsoukalas | If you want to enable the projects feature so that users may apply |
336 | 2988ae31 | Georgios D. Tsoukalas | on their own for resources by creating and joining projects, |
337 | 2988ae31 | Georgios D. Tsoukalas | in ``20-snf-astakos-app-settings.conf`` set:: |
338 | 2988ae31 | Georgios D. Tsoukalas | |
339 | 2988ae31 | Georgios D. Tsoukalas | # this will make the 'projects' page visible in the dashboard |
340 | 2988ae31 | Georgios D. Tsoukalas | ASTAKOS_PROJECTS_VISIBLE = True |
341 | 2988ae31 | Georgios D. Tsoukalas | |
342 | 9770ba6c | Giorgos Korfiatis | You can change the maximum allowed number of pending project applications |
343 | 9770ba6c | Giorgos Korfiatis | per user with:: |
344 | 827de879 | Giorgos Korfiatis | |
345 | d61d6007 | Giorgos Korfiatis | # snf-manage resource-modify astakos.pending_app --default-quota <number> |
346 | 9770ba6c | Giorgos Korfiatis | |
347 | 9770ba6c | Giorgos Korfiatis | You can also set a user-specific limit with:: |
348 | 9770ba6c | Giorgos Korfiatis | |
349 | 45112d5a | Giorgos Korfiatis | # snf-manage user-modify <user-uuid> --base-quota 'astakos.pending_app' 5 |
350 | 827de879 | Giorgos Korfiatis | |
351 | 2988ae31 | Georgios D. Tsoukalas | When users apply for projects they are not automatically granted |
352 | 2988ae31 | Georgios D. Tsoukalas | the resources. They must first be approved by the administrator. |
353 | 2988ae31 | Georgios D. Tsoukalas | |
354 | 2988ae31 | Georgios D. Tsoukalas | To list pending project applications in astakos:: |
355 | 2988ae31 | Georgios D. Tsoukalas | |
356 | 2988ae31 | Georgios D. Tsoukalas | # snf-manage project-list --pending |
357 | 2988ae31 | Georgios D. Tsoukalas | |
358 | 2988ae31 | Georgios D. Tsoukalas | Note the last column, the application id. To approve it:: |
359 | 2988ae31 | Georgios D. Tsoukalas | |
360 | 2988ae31 | Georgios D. Tsoukalas | # <app id> from the last column of project-list |
361 | 2988ae31 | Georgios D. Tsoukalas | # snf-manage project-control --approve <app id> |
362 | 2988ae31 | Georgios D. Tsoukalas | |
363 | 2988ae31 | Georgios D. Tsoukalas | To deny an application:: |
364 | 2988ae31 | Georgios D. Tsoukalas | |
365 | 2988ae31 | Georgios D. Tsoukalas | # snf-manage project-control --deny <app id> |
366 | 2988ae31 | Georgios D. Tsoukalas | |
367 | 827de879 | Giorgos Korfiatis | Users designated as *project admins* can approve, deny, or modify |
368 | 827de879 | Giorgos Korfiatis | an application through the web interface. In |
369 | 827de879 | Giorgos Korfiatis | ``20-snf-astakos-app-settings.conf`` set:: |
370 | 827de879 | Giorgos Korfiatis | |
371 | 827de879 | Giorgos Korfiatis | # UUIDs of users that can approve or deny project applications from the web. |
372 | 827de879 | Giorgos Korfiatis | ASTAKOS_PROJECT_ADMINS = [<uuid>, ...] |
373 | 2988ae31 | Georgios D. Tsoukalas | |
374 | 2988ae31 | Georgios D. Tsoukalas | |
375 | eab73849 | Constantinos Venetsanopoulos | Astakos advanced operations |
376 | eab73849 | Constantinos Venetsanopoulos | --------------------------- |
377 | eab73849 | Constantinos Venetsanopoulos | |
378 | eab73849 | Constantinos Venetsanopoulos | Adding "Terms of Use" |
379 | eab73849 | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~~~~~~~~~ |
380 | eab73849 | Constantinos Venetsanopoulos | |
381 | eab73849 | Constantinos Venetsanopoulos | Astakos supports versioned terms-of-use. First of all you need to create an |
382 | eab73849 | Constantinos Venetsanopoulos | html file that will contain your terms. For example, create the file |
383 | eab73849 | Constantinos Venetsanopoulos | ``/usr/share/synnefo/sample-terms.html``, which contains the following: |
384 | eab73849 | Constantinos Venetsanopoulos | |
385 | eab73849 | Constantinos Venetsanopoulos | .. code-block:: console |
386 | eab73849 | Constantinos Venetsanopoulos | |
387 | 3a0ce98e | Constantinos Venetsanopoulos | <h1>My cloud service terms</h1> |
388 | eab73849 | Constantinos Venetsanopoulos | |
389 | 3a0ce98e | Constantinos Venetsanopoulos | These are the example terms for my cloud service |
390 | eab73849 | Constantinos Venetsanopoulos | |
391 | eab73849 | Constantinos Venetsanopoulos | Then, add those terms-of-use with the snf-manage command: |
392 | eab73849 | Constantinos Venetsanopoulos | |
393 | eab73849 | Constantinos Venetsanopoulos | .. code-block:: console |
394 | eab73849 | Constantinos Venetsanopoulos | |
395 | eab73849 | Constantinos Venetsanopoulos | $ snf-manage term-add /usr/share/synnefo/sample-terms.html |
396 | eab73849 | Constantinos Venetsanopoulos | |
397 | eab73849 | Constantinos Venetsanopoulos | Your terms have been successfully added and you will see the corresponding link |
398 | eab73849 | Constantinos Venetsanopoulos | appearing in the Astakos web pages' footer. |
399 | eab73849 | Constantinos Venetsanopoulos | |
400 | 3a0ce98e | Constantinos Venetsanopoulos | During the account registration, if there are approval terms, the user is |
401 | 3a0ce98e | Constantinos Venetsanopoulos | presented with an "I agree with the Terms" checkbox that needs to get checked |
402 | 3a0ce98e | Constantinos Venetsanopoulos | in order to proceed. |
403 | 3a0ce98e | Constantinos Venetsanopoulos | |
404 | 3a0ce98e | Constantinos Venetsanopoulos | In case there are new approval terms that the user has not signed yet, the |
405 | 3a0ce98e | Constantinos Venetsanopoulos | ``signed_terms_required`` view decorator redirects to the ``approval_terms`` |
406 | 3a0ce98e | Constantinos Venetsanopoulos | view, so the user will be presented with the new terms the next time he/she |
407 | 3a0ce98e | Constantinos Venetsanopoulos | logins. |
408 | 3a0ce98e | Constantinos Venetsanopoulos | |
409 | a23251f4 | Constantinos Venetsanopoulos | Enabling reCAPTCHA |
410 | a23251f4 | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~~~~~~ |
411 | a23251f4 | Constantinos Venetsanopoulos | |
412 | a23251f4 | Constantinos Venetsanopoulos | Astakos supports the `reCAPTCHA <http://www.google.com/recaptcha>`_ feature. |
413 | a23251f4 | Constantinos Venetsanopoulos | If enabled, it protects the Astakos forms from bots. To enable the feature, go |
414 | a23251f4 | Constantinos Venetsanopoulos | to https://www.google.com/recaptcha/admin/create and create your own reCAPTCHA |
415 | a23251f4 | Constantinos Venetsanopoulos | key pair. Then edit ``/etc/synnefo/20-snf-astakos-app-settings.conf`` and set |
416 | a23251f4 | Constantinos Venetsanopoulos | the corresponding variables to reflect your newly created key pair. Finally, set |
417 | a23251f4 | Constantinos Venetsanopoulos | the ``ASTAKOS_RECAPTCHA_ENABLED`` variable to ``True``: |
418 | a23251f4 | Constantinos Venetsanopoulos | |
419 | a23251f4 | Constantinos Venetsanopoulos | .. code-block:: console |
420 | a23251f4 | Constantinos Venetsanopoulos | |
421 | a23251f4 | Constantinos Venetsanopoulos | ASTAKOS_RECAPTCHA_PUBLIC_KEY = 'example_recaptcha_public_key!@#$%^&*(' |
422 | a23251f4 | Constantinos Venetsanopoulos | ASTAKOS_RECAPTCHA_PRIVATE_KEY = 'example_recaptcha_private_key!@#$%^&*(' |
423 | a23251f4 | Constantinos Venetsanopoulos | |
424 | a23251f4 | Constantinos Venetsanopoulos | ASTAKOS_RECAPTCHA_ENABLED = True |
425 | a23251f4 | Constantinos Venetsanopoulos | |
426 | a23251f4 | Constantinos Venetsanopoulos | Restart the service on the Astakos node(s) and you are ready: |
427 | a23251f4 | Constantinos Venetsanopoulos | |
428 | a23251f4 | Constantinos Venetsanopoulos | .. code-block:: console |
429 | a23251f4 | Constantinos Venetsanopoulos | |
430 | a23251f4 | Constantinos Venetsanopoulos | # /etc/init.d/gunicorn restart |
431 | a23251f4 | Constantinos Venetsanopoulos | |
432 | a23251f4 | Constantinos Venetsanopoulos | Checkout your new Sign up page. If you see the reCAPTCHA box, you have setup |
433 | a23251f4 | Constantinos Venetsanopoulos | everything correctly. |
434 | a23251f4 | Constantinos Venetsanopoulos | |
435 | eab73849 | Constantinos Venetsanopoulos | |
436 | 3a0ce98e | Constantinos Venetsanopoulos | Astakos internals |
437 | 3a0ce98e | Constantinos Venetsanopoulos | ----------------- |
438 | 3a0ce98e | Constantinos Venetsanopoulos | |
439 | 3a0ce98e | Constantinos Venetsanopoulos | X-Auth-Token |
440 | 3a0ce98e | Constantinos Venetsanopoulos | ~~~~~~~~~~~~ |
441 | 3a0ce98e | Constantinos Venetsanopoulos | |
442 | 3a0ce98e | Constantinos Venetsanopoulos | Alice requests a specific resource from a cloud service e.g.: Pithos. In the |
443 | 3a0ce98e | Constantinos Venetsanopoulos | request she supplies the `X-Auth-Token` to identify whether she is eligible to |
444 | 3a0ce98e | Constantinos Venetsanopoulos | perform the specific task. The service contacts Astakos through its |
445 | 3a0ce98e | Constantinos Venetsanopoulos | ``/account/v1.0/authenticate`` api call (see :ref:`authenticate-api-label`) |
446 | 3a0ce98e | Constantinos Venetsanopoulos | providing the specific ``X-Auth-Token``. Astakos checkes whether the token |
447 | 3a0ce98e | Constantinos Venetsanopoulos | belongs to an active user and it has not expired and returns a dictionary |
448 | 3a0ce98e | Constantinos Venetsanopoulos | containing user related information. Finally the service uses the ``uniq`` |
449 | 3a0ce98e | Constantinos Venetsanopoulos | field included in the dictionary as the account string to identify the user |
450 | 3a0ce98e | Constantinos Venetsanopoulos | accessible resources. |
451 | 3a0ce98e | Constantinos Venetsanopoulos | |
452 | 3a0ce98e | Constantinos Venetsanopoulos | .. _authentication-label: |
453 | 3a0ce98e | Constantinos Venetsanopoulos | |
454 | 3a0ce98e | Constantinos Venetsanopoulos | Django Auth methods and Backends |
455 | 3a0ce98e | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
456 | 3a0ce98e | Constantinos Venetsanopoulos | |
457 | 3a0ce98e | Constantinos Venetsanopoulos | Astakos incorporates Django user authentication system and extends its User model. |
458 | 3a0ce98e | Constantinos Venetsanopoulos | |
459 | 3a0ce98e | Constantinos Venetsanopoulos | Since username field of django User model has a limitation of 30 characters, |
460 | 3a0ce98e | Constantinos Venetsanopoulos | AstakosUser is **uniquely** identified by the ``email`` instead. Therefore, |
461 | 3a0ce98e | Constantinos Venetsanopoulos | ``astakos.im.authentication_backends.EmailBackend`` is served to authenticate a |
462 | 3a0ce98e | Constantinos Venetsanopoulos | user using email if the first argument is actually an email, otherwise tries |
463 | 3a0ce98e | Constantinos Venetsanopoulos | the username. |
464 | 3a0ce98e | Constantinos Venetsanopoulos | |
465 | 3a0ce98e | Constantinos Venetsanopoulos | A new AstakosUser instance is assigned with a uui as username and also with a |
466 | 3a0ce98e | Constantinos Venetsanopoulos | ``auth_token`` used by the cloud services to authenticate the user. |
467 | 3a0ce98e | Constantinos Venetsanopoulos | ``astakos.im.authentication_backends.TokenBackend`` is also specified in order |
468 | 3a0ce98e | Constantinos Venetsanopoulos | to authenticate the user using the email and the token fields. |
469 | 3a0ce98e | Constantinos Venetsanopoulos | |
470 | 3a0ce98e | Constantinos Venetsanopoulos | Logged on users can perform a number of actions: |
471 | 3a0ce98e | Constantinos Venetsanopoulos | |
472 | 3a0ce98e | Constantinos Venetsanopoulos | * access and edit their profile via: ``/im/profile``. |
473 | 3a0ce98e | Constantinos Venetsanopoulos | * change their password via: ``/im/password`` |
474 | 3a0ce98e | Constantinos Venetsanopoulos | * send feedback for grnet services via: ``/im/send_feedback`` |
475 | 3a0ce98e | Constantinos Venetsanopoulos | * logout (and delete cookie) via: ``/im/logout`` |
476 | 3a0ce98e | Constantinos Venetsanopoulos | |
477 | 3a0ce98e | Constantinos Venetsanopoulos | Internal Astakos requests are handled using cookie-based Django user sessions. |
478 | 3a0ce98e | Constantinos Venetsanopoulos | |
479 | 3a0ce98e | Constantinos Venetsanopoulos | External systems should forward to the ``/login`` URI. The server, |
480 | 3a0ce98e | Constantinos Venetsanopoulos | depending on its configuration will redirect to the appropriate login page. |
481 | 3a0ce98e | Constantinos Venetsanopoulos | When done with logging in, the service's login URI should redirect to the URI |
482 | 3a0ce98e | Constantinos Venetsanopoulos | provided with next, adding user and token parameters, which contain the email |
483 | 3a0ce98e | Constantinos Venetsanopoulos | and token fields respectively. |
484 | 3a0ce98e | Constantinos Venetsanopoulos | |
485 | 3a0ce98e | Constantinos Venetsanopoulos | The login URI accepts the following parameters: |
486 | 3a0ce98e | Constantinos Venetsanopoulos | |
487 | 3a0ce98e | Constantinos Venetsanopoulos | ====================== ========================= |
488 | 3a0ce98e | Constantinos Venetsanopoulos | Request Parameter Name Value |
489 | 3a0ce98e | Constantinos Venetsanopoulos | ====================== ========================= |
490 | 3a0ce98e | Constantinos Venetsanopoulos | next The URI to redirect to when the process is finished |
491 | 3a0ce98e | Constantinos Venetsanopoulos | renew Force token renewal (no value parameter) |
492 | 3a0ce98e | Constantinos Venetsanopoulos | force Force logout current user (no value parameter) |
493 | 3a0ce98e | Constantinos Venetsanopoulos | ====================== ========================= |
494 | 3a0ce98e | Constantinos Venetsanopoulos | |
495 | 3a0ce98e | Constantinos Venetsanopoulos | External systems inside the ``ASTAKOS_COOKIE_DOMAIN`` scope can acquire the |
496 | 3a0ce98e | Constantinos Venetsanopoulos | user information by the cookie identified by ``ASTAKOS_COOKIE_NAME`` setting |
497 | 3a0ce98e | Constantinos Venetsanopoulos | (set during the login procedure). |
498 | 3a0ce98e | Constantinos Venetsanopoulos | |
499 | 3a0ce98e | Constantinos Venetsanopoulos | Finally, backend systems having acquired a token can use the |
500 | 3a0ce98e | Constantinos Venetsanopoulos | :ref:`authenticate-api-label` API call from a private network or through HTTPS. |
501 | 3a0ce98e | Constantinos Venetsanopoulos | |
502 | 3a0ce98e | Constantinos Venetsanopoulos | |
503 | eab73849 | Constantinos Venetsanopoulos | Compute/Network/Image Service (Cyclades) |
504 | eab73849 | Constantinos Venetsanopoulos | ======================================== |
505 | eab73849 | Constantinos Venetsanopoulos | |
506 | 6d8a47d0 | Christos Stavrakakis | Introduction |
507 | 6d8a47d0 | Christos Stavrakakis | ------------ |
508 | 6d8a47d0 | Christos Stavrakakis | |
509 | 6d8a47d0 | Christos Stavrakakis | Cyclades is the Synnefo component that implements Compute, Network and Image |
510 | 6d8a47d0 | Christos Stavrakakis | services and exposes the associated OpenStack REST APIs. By running Cyclades |
511 | 6d8a47d0 | Christos Stavrakakis | you can provide a cloud that can handle thousands of virtual servers and |
512 | 6d8a47d0 | Christos Stavrakakis | networks. |
513 | 6d8a47d0 | Christos Stavrakakis | |
514 | 6d8a47d0 | Christos Stavrakakis | Cyclades does not include any virtualization software and knows nothing about |
515 | 6d8a47d0 | Christos Stavrakakis | the low-level VM management operations, e.g. handling of VM creation or |
516 | 6d8a47d0 | Christos Stavrakakis | migrations among physical nodes. Instead, Cyclades is the component that |
517 | 6d8a47d0 | Christos Stavrakakis | handles multiple Ganeti backends and exposes the REST APIs. The administrator |
518 | 6d8a47d0 | Christos Stavrakakis | can expand the infrastructure dynamically either by adding more Ganeti nodes |
519 | 6d8a47d0 | Christos Stavrakakis | or by adding new Ganeti clusters. Cyclades issue VM control commands to Ganeti |
520 | 6d8a47d0 | Christos Stavrakakis | via Ganeti's remote API and receive asynchronous notifications from Ganeti |
521 | 6d8a47d0 | Christos Stavrakakis | backends whenever the state of a VM changes, due to Synnefo- or |
522 | 6d8a47d0 | Christos Stavrakakis | administrator-initiated commands. |
523 | 6d8a47d0 | Christos Stavrakakis | |
524 | 6d8a47d0 | Christos Stavrakakis | Cyclades is the action orchestrator and the API layer on top of multiple Ganeti |
525 | 6d8a47d0 | Christos Stavrakakis | clusters. By this decoupled design, Ganeti cluster are self-contained and |
526 | 6d8a47d0 | Christos Stavrakakis | the administrator has complete control on them without Cyclades knowing about |
527 | 6d8a47d0 | Christos Stavrakakis | it. For example a VM migration to a different physical node is transparent |
528 | 6d8a47d0 | Christos Stavrakakis | to Cyclades. |
529 | 6d8a47d0 | Christos Stavrakakis | |
530 | 6d8a47d0 | Christos Stavrakakis | |
531 | eab73849 | Constantinos Venetsanopoulos | Working with Cyclades |
532 | eab73849 | Constantinos Venetsanopoulos | --------------------- |
533 | eab73849 | Constantinos Venetsanopoulos | |
534 | 6d8a47d0 | Christos Stavrakakis | Flavors |
535 | 6d8a47d0 | Christos Stavrakakis | ~~~~~~~ |
536 | 6d8a47d0 | Christos Stavrakakis | |
537 | 6d8a47d0 | Christos Stavrakakis | When creating a VM, the user must specify the `flavor` of the virtual server. |
538 | 6d8a47d0 | Christos Stavrakakis | Flavors are the virtual hardware templates, and provide a description about |
539 | 6d8a47d0 | Christos Stavrakakis | the number of CPUs, the amount of RAM, and the size of the disk of the VM. |
540 | 6d8a47d0 | Christos Stavrakakis | Besides the size of the disk, Cyclades flavors describe the storage backend |
541 | 6d8a47d0 | Christos Stavrakakis | that will be used for the virtual server. |
542 | 6d8a47d0 | Christos Stavrakakis | |
543 | 6d8a47d0 | Christos Stavrakakis | Flavors are created by the administrator and the user can select one of the |
544 | 6d8a47d0 | Christos Stavrakakis | available flavors. After VM creation, the user can dynamically resize his VM, |
545 | 6d8a47d0 | Christos Stavrakakis | by dynamically (hotplug-able) adding or removing CPU and RAM. |
546 | 6d8a47d0 | Christos Stavrakakis | |
547 | 6d8a47d0 | Christos Stavrakakis | Cyclades support different storage backends that are described by the disk |
548 | 6d8a47d0 | Christos Stavrakakis | template of the flavor, which is mapped to Ganeti's instance `disk template`. |
549 | 6d8a47d0 | Christos Stavrakakis | Currently the available disk templates are the following: |
550 | 6d8a47d0 | Christos Stavrakakis | |
551 | 6d8a47d0 | Christos Stavrakakis | * `file`: regulars file |
552 | 6d8a47d0 | Christos Stavrakakis | * `sharedfile`: regular files on a shared directory, e.g. NFS |
553 | 6d8a47d0 | Christos Stavrakakis | * `plain`: logical volumes |
554 | 6d8a47d0 | Christos Stavrakakis | * `drbd`: drbd on top of lvm volumes |
555 | 6d8a47d0 | Christos Stavrakakis | * `rbd`: rbd volumes residing inside a RADOS cluster |
556 | 6d8a47d0 | Christos Stavrakakis | * `ext`: disks provided by an external shared storage. |
557 | 6d8a47d0 | Christos Stavrakakis | |
558 | 6d8a47d0 | Christos Stavrakakis | - `ext_archipelago`: External shared storage provided by |
559 | 6d8a47d0 | Christos Stavrakakis | `Archipelago <http://www.synnefo.org/docs/archipelago/latest/index.html>`_. |
560 | 6d8a47d0 | Christos Stavrakakis | |
561 | 6d8a47d0 | Christos Stavrakakis | Flavors are created by the administrator using `snf-manage flavor-create` |
562 | 6d8a47d0 | Christos Stavrakakis | command. The command takes as argument number of CPUs, amount of RAM, the size |
563 | 6d8a47d0 | Christos Stavrakakis | of the disks and the disk templates and create the flavors that belong to the |
564 | 6d8a47d0 | Christos Stavrakakis | cartesian product of the specified arguments. For example, the following |
565 | 6d8a47d0 | Christos Stavrakakis | command will create two flavors of `40G` disk size with `drbd` disk template, |
566 | 6d8a47d0 | Christos Stavrakakis | `4G` RAM and `2` or `4` CPUs. |
567 | 6d8a47d0 | Christos Stavrakakis | |
568 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
569 | 6d8a47d0 | Christos Stavrakakis | |
570 | 6d8a47d0 | Christos Stavrakakis | snf-manage flavor-create 2,4 4096 40 drbd |
571 | 6d8a47d0 | Christos Stavrakakis | |
572 | 6d8a47d0 | Christos Stavrakakis | To see the available flavors, run `snf-manage flavor-list` command. Finally, |
573 | 6d8a47d0 | Christos Stavrakakis | the administrator can delete a flavor by using `flavor-modify` command: |
574 | 6d8a47d0 | Christos Stavrakakis | |
575 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
576 | 6d8a47d0 | Christos Stavrakakis | |
577 | 6d8a47d0 | Christos Stavrakakis | snf-manage flavor-modify --deleted=True <flavor_id> |
578 | 6d8a47d0 | Christos Stavrakakis | |
579 | 6d8a47d0 | Christos Stavrakakis | Images |
580 | 6d8a47d0 | Christos Stavrakakis | ~~~~~~ |
581 | 6d8a47d0 | Christos Stavrakakis | |
582 | 6d8a47d0 | Christos Stavrakakis | When creating a VM the user must also specify the `image` of the virtual |
583 | 6d8a47d0 | Christos Stavrakakis | server. Images are the static templates from which VM instances are |
584 | 6d8a47d0 | Christos Stavrakakis | initiated. Cyclades uses Pithos to store system and user-provided images, |
585 | 6d8a47d0 | Christos Stavrakakis | taking advantage of all Pithos features, like deduplication and syncing |
586 | 6d8a47d0 | Christos Stavrakakis | protocol. An image is a file stored to Pithos with additional metadata that |
587 | 6d8a47d0 | Christos Stavrakakis | are describing the image, e.g. the OS family or the root partition. To create |
588 | 6d8a47d0 | Christos Stavrakakis | a new image, the administrator or the user has to upload it a file to Pithos, |
589 | 6d8a47d0 | Christos Stavrakakis | and then register it as an Image with Cyclades. Then the user can use this |
590 | 6d8a47d0 | Christos Stavrakakis | image to spawn new VMs from it. |
591 | 6d8a47d0 | Christos Stavrakakis | |
592 | 6d8a47d0 | Christos Stavrakakis | Images can be private, public or shared between users, exactly like Pithos |
593 | 6d8a47d0 | Christos Stavrakakis | files. Since user-provided public images can be untrusted, the administrator |
594 | 6d8a47d0 | Christos Stavrakakis | can denote which users are trusted by adding them to the |
595 | 6d8a47d0 | Christos Stavrakakis | `UI_SYSTEM_IMAGES_OWNERS` setting in the |
596 | 6d8a47d0 | Christos Stavrakakis | `/etc/synnefo/20-snf-cyclades-app-ui.conf` file. Images of those users are |
597 | 6d8a47d0 | Christos Stavrakakis | properly displayed in the UI. |
598 | 6d8a47d0 | Christos Stavrakakis | |
599 | 6d8a47d0 | Christos Stavrakakis | When creating a new VM, Cyclades pass the location of the image and it's |
600 | 6d8a47d0 | Christos Stavrakakis | metadata to Ganeti. After Ganeti creates the instance's disk, `snf-image` |
601 | 6d8a47d0 | Christos Stavrakakis | will copy the image to the new disk and perform the image customization |
602 | 6d8a47d0 | Christos Stavrakakis | phase. During the phase, `snf-image` sends notifications to Cyclades about |
603 | 6d8a47d0 | Christos Stavrakakis | the progress of the image deployment and customization. Customization includes |
604 | 6d8a47d0 | Christos Stavrakakis | resizing the root file system, file injection (e.g. SSH keys) and setting |
605 | 6d8a47d0 | Christos Stavrakakis | a custom hostname. For better understanding of `snf-image` read the |
606 | 6d8a47d0 | Christos Stavrakakis | corresponding `documentation |
607 | 6d8a47d0 | Christos Stavrakakis | <http://www.synnefo.org/docs/snf-image/latest/index.html>`_. |
608 | 6d8a47d0 | Christos Stavrakakis | |
609 | 6d8a47d0 | Christos Stavrakakis | For passing sensitive data about the image to Ganeti, like the VMs password, |
610 | 6d8a47d0 | Christos Stavrakakis | Cyclades keeps all sensitive data in memory caches (memcache) and never allows |
611 | 6d8a47d0 | Christos Stavrakakis | them to hit the disk. The data are exposed to `snf-image` via an one-time URL |
612 | 6d8a47d0 | Christos Stavrakakis | that is exposed from the `vmapi` application. So, instead of passing sensitive |
613 | 6d8a47d0 | Christos Stavrakakis | data to `snf-image` via Ganeti, Cyclades pass an one-time configuration URL |
614 | 6d8a47d0 | Christos Stavrakakis | that contains a random UUID. After `snf-image` gets the sensitive data, the |
615 | 6d8a47d0 | Christos Stavrakakis | URL is invalidated so no one else can access them. |
616 | 6d8a47d0 | Christos Stavrakakis | |
617 | 6d8a47d0 | Christos Stavrakakis | The administrator can register images, exactly like users, using a system user |
618 | 6d8a47d0 | Christos Stavrakakis | (a user that is defined in the `UI_SYSTEM_IMAGES_OWNERS` setting). For |
619 | 6d8a47d0 | Christos Stavrakakis | example, the following command will register the |
620 | 6d8a47d0 | Christos Stavrakakis | `pithos://u53r-un1qu3-1d/images/debian_base-6.0-7-x86_64.diskdump` as an |
621 | 6d8a47d0 | Christos Stavrakakis | image to Cyclades: |
622 | 6d8a47d0 | Christos Stavrakakis | |
623 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
624 | 6d8a47d0 | Christos Stavrakakis | |
625 | 6d8a47d0 | Christos Stavrakakis | kamaki image register "Debian Base" \ |
626 | 6d8a47d0 | Christos Stavrakakis | pithos://u53r-un1qu3-1d/images/debian_base-6.0-7-x86_64.diskdump \ |
627 | 6d8a47d0 | Christos Stavrakakis | --public \ |
628 | 6d8a47d0 | Christos Stavrakakis | --disk-format=diskdump \ |
629 | 6d8a47d0 | Christos Stavrakakis | --property OSFAMILY=linux --property ROOT_PARTITION=1 \ |
630 | 6d8a47d0 | Christos Stavrakakis | --property description="Debian Squeeze Base System" \ |
631 | 6d8a47d0 | Christos Stavrakakis | --property size=451 --property kernel=2.6.32 --property GUI="No GUI" \ |
632 | 6d8a47d0 | Christos Stavrakakis | --property sortorder=1 --property USERS=root --property OS=debian |
633 | 6d8a47d0 | Christos Stavrakakis | |
634 | 6d8a47d0 | Christos Stavrakakis | Deletion of an image is done via `kamaki image unregister` command, which will |
635 | 6d8a47d0 | Christos Stavrakakis | delete the Cyclades Images but will leave the Pithos file as is (unregister). |
636 | 6d8a47d0 | Christos Stavrakakis | |
637 | 6d8a47d0 | Christos Stavrakakis | Apart from using `kamaki` to see and hangle the available images, the |
638 | 6d8a47d0 | Christos Stavrakakis | administrator can use `snf-manage image-list` and `snf-manage image-show` |
639 | 6d8a47d0 | Christos Stavrakakis | commands to list and inspect the available public images. Also, the `--user-id` |
640 | 6d8a47d0 | Christos Stavrakakis | option can be used the see the images of a specific user. |
641 | 6d8a47d0 | Christos Stavrakakis | |
642 | 6d8a47d0 | Christos Stavrakakis | Virtual Servers |
643 | 6d8a47d0 | Christos Stavrakakis | ~~~~~~~~~~~~~~~ |
644 | 6d8a47d0 | Christos Stavrakakis | |
645 | 6d8a47d0 | Christos Stavrakakis | As mentioned, Cyclades uses Ganeti for management of VMs. The administrator can |
646 | 6d8a47d0 | Christos Stavrakakis | handle Cyclades VMs just like any other Ganeti instance, via `gnt-instance` |
647 | 6d8a47d0 | Christos Stavrakakis | commands. All Ganeti instances that belong to Synnefo, are separated from |
648 | 6d8a47d0 | Christos Stavrakakis | others, by a prefix in their names. This prefix is defined in |
649 | 6d8a47d0 | Christos Stavrakakis | ``BACKEND_PREFIX_ID`` setting in |
650 | 6d8a47d0 | Christos Stavrakakis | ``/etc/synnefo/20-snf-cyclades-app-backend.conf``. |
651 | 6d8a47d0 | Christos Stavrakakis | |
652 | 6d8a47d0 | Christos Stavrakakis | Apart from handling Cyclades VM at the Ganeti level, the administrator can |
653 | 6d8a47d0 | Christos Stavrakakis | also use the `snf-manage server-*` commands. These command cover the most |
654 | 6d8a47d0 | Christos Stavrakakis | common tasks that are relative with VM handling. Below we describe come |
655 | 6d8a47d0 | Christos Stavrakakis | of them, but for more information you can use the `--help` option of all |
656 | 6d8a47d0 | Christos Stavrakakis | `snf-manage server-* commands`. These command cover the most |
657 | 6d8a47d0 | Christos Stavrakakis | |
658 | 6d8a47d0 | Christos Stavrakakis | The `snf-manage server-create` command can be used to create a new VM for some |
659 | 6d8a47d0 | Christos Stavrakakis | user. This command can be useful when the administrator wants to test Cyclades |
660 | 6d8a47d0 | Christos Stavrakakis | functionality without starting the API service, e.g. after an upgrade. Also, by |
661 | 6d8a47d0 | Christos Stavrakakis | using `--backend-id` option, the VM will be created in the specified backend, |
662 | 6d8a47d0 | Christos Stavrakakis | bypassing automatic VM allocation. |
663 | 6d8a47d0 | Christos Stavrakakis | |
664 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
665 | 6d8a47d0 | Christos Stavrakakis | |
666 | 6d8a47d0 | Christos Stavrakakis | snf-manage server-create --flavor-id=1 --image-id=fc0f6858-f962-42ce-bf9a-1345f89b3d5e \ |
667 | 6d8a47d0 | Christos Stavrakakis | --user-id=7cf4d078-67bf-424d-8ff2-8669eb4841ea --backend-id=2 \ |
668 | 6d8a47d0 | Christos Stavrakakis | --password='example_passw0rd' --name='test_vm' |
669 | 6d8a47d0 | Christos Stavrakakis | |
670 | 6d8a47d0 | Christos Stavrakakis | The above commnd will create a new VM for user |
671 | 6d8a47d0 | Christos Stavrakakis | `7cf4d078-67bf-424d-8ff2-8669eb4841ea` in the Ganeti backend with ID 2. By |
672 | 6d8a47d0 | Christos Stavrakakis | default this command will issue a Ganeti job to create the VM |
673 | 6d8a47d0 | Christos Stavrakakis | (`OP_INSTANCE_CREATE`) and return. As in other commands, the `--wait=True` |
674 | 6d8a47d0 | Christos Stavrakakis | option can be used in order to wait for the successful completion of the job. |
675 | 6d8a47d0 | Christos Stavrakakis | |
676 | 6d8a47d0 | Christos Stavrakakis | `snf-manage server-list` command can be used to list all the available servers. |
677 | 6d8a47d0 | Christos Stavrakakis | The command supports some useful options, like listing servers of a user, |
678 | 6d8a47d0 | Christos Stavrakakis | listing servers that exist in a Ganeti backend and listing deleted servers. |
679 | 6d8a47d0 | Christos Stavrakakis | Also, as in most of `*-list` commands, the `--filter-by` option can be used to |
680 | 6d8a47d0 | Christos Stavrakakis | filter the results. For example, the following command will only display the |
681 | 6d8a47d0 | Christos Stavrakakis | started servers of a specific flavor: |
682 | 6d8a47d0 | Christos Stavrakakis | |
683 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
684 | 6d8a47d0 | Christos Stavrakakis | |
685 | 6d8a47d0 | Christos Stavrakakis | snf-manage server-list --filter-by="operstate=STARTED,flavor=<flavor_id>" |
686 | 6d8a47d0 | Christos Stavrakakis | |
687 | 6d8a47d0 | Christos Stavrakakis | Another very useful command is the `server-inspect` command which will display |
688 | 6d8a47d0 | Christos Stavrakakis | all available information about the state of the server in DB and the state |
689 | 6d8a47d0 | Christos Stavrakakis | of the server in the Ganeti backend. The output will give you an easy overview |
690 | 6d8a47d0 | Christos Stavrakakis | about the state of the VM which can be useful for debugging. |
691 | 6d8a47d0 | Christos Stavrakakis | |
692 | 6d8a47d0 | Christos Stavrakakis | Also the administrator can `suspend` a user's VM, using the `server-modify` |
693 | 6d8a47d0 | Christos Stavrakakis | command: |
694 | 6d8a47d0 | Christos Stavrakakis | |
695 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
696 | 6d8a47d0 | Christos Stavrakakis | |
697 | 6d8a47d0 | Christos Stavrakakis | snf-manage server-modify --suspended=True <server_id> |
698 | 6d8a47d0 | Christos Stavrakakis | |
699 | 6d8a47d0 | Christos Stavrakakis | The user is forbidden to do any action on an administratively suspended VM, |
700 | 6d8a47d0 | Christos Stavrakakis | which is useful for abuse cases. |
701 | 6d8a47d0 | Christos Stavrakakis | |
702 | 6d8a47d0 | Christos Stavrakakis | Ganeti backends |
703 | 6d8a47d0 | Christos Stavrakakis | ~~~~~~~~~~~~~~~ |
704 | 0768a1df | Christos Stavrakakis | |
705 | a1c707c9 | Constantinos Venetsanopoulos | Since v0.11, Synnefo is able to manage multiple Ganeti clusters (backends) |
706 | a1c707c9 | Constantinos Venetsanopoulos | making it capable to scale linearly to tens of thousands of VMs. Backends |
707 | a1c707c9 | Constantinos Venetsanopoulos | can be dynamically added or removed via `snf-manage` commands. |
708 | 0768a1df | Christos Stavrakakis | |
709 | a1c707c9 | Constantinos Venetsanopoulos | Each newly created VM is allocated to a Ganeti backend by the Cyclades backend |
710 | a1c707c9 | Constantinos Venetsanopoulos | allocator. The VM is "pinned" to this backend, and can not change through its |
711 | a1c707c9 | Constantinos Venetsanopoulos | lifetime. The backend allocator decides in which backend to spawn the VM based |
712 | a1c707c9 | Constantinos Venetsanopoulos | on the available resources of each backend, trying to balance the load between |
713 | edd28bbf | Christos Stavrakakis | them. Also, Networks are created to all Ganeti backends, in order to ensure |
714 | edd28bbf | Christos Stavrakakis | that VMs residing on different backends can be connected to the same networks. |
715 | 0768a1df | Christos Stavrakakis | |
716 | edd28bbf | Christos Stavrakakis | A backend can be marked as `drained` in order to be excluded from automatic |
717 | edd28bbf | Christos Stavrakakis | servers allocation and not receive new servers. Also, a backend can be marked |
718 | edd28bbf | Christos Stavrakakis | as `offline` to denote that the backend is not healthy (e.g. broken master) |
719 | edd28bbf | Christos Stavrakakis | and avoid the penalty of connection timeouts. |
720 | edd28bbf | Christos Stavrakakis | |
721 | edd28bbf | Christos Stavrakakis | Finally, Cyclades is able to manage Ganeti backends with different enabled |
722 | edd28bbf | Christos Stavrakakis | hypervisors (`kvm`, `xen`), and different enabled disk templates. |
723 | 0768a1df | Christos Stavrakakis | |
724 | a1c707c9 | Constantinos Venetsanopoulos | Listing existing backends |
725 | a1c707c9 | Constantinos Venetsanopoulos | ````````````````````````` |
726 | a1c707c9 | Constantinos Venetsanopoulos | To list all the Ganeti backends known to Synnefo, we run: |
727 | 90c74332 | Christos Stavrakakis | |
728 | 0768a1df | Christos Stavrakakis | .. code-block:: console |
729 | 0768a1df | Christos Stavrakakis | |
730 | 0768a1df | Christos Stavrakakis | $ snf-manage backend-list |
731 | 0768a1df | Christos Stavrakakis | |
732 | 0768a1df | Christos Stavrakakis | Adding a new Ganeti backend |
733 | 90c74332 | Christos Stavrakakis | ``````````````````````````` |
734 | 0768a1df | Christos Stavrakakis | Backends are dynamically added under the control of Synnefo with `snf-manage |
735 | 0768a1df | Christos Stavrakakis | backend-add` command. In this section it is assumed that a Ganeti cluster, |
736 | a1c707c9 | Constantinos Venetsanopoulos | named ``cluster.example.com`` is already up and running and configured to be |
737 | a1c707c9 | Constantinos Venetsanopoulos | able to host Synnefo VMs. |
738 | 0768a1df | Christos Stavrakakis | |
739 | a1c707c9 | Constantinos Venetsanopoulos | To add this Ganeti cluster, we run: |
740 | 90c74332 | Christos Stavrakakis | |
741 | 0768a1df | Christos Stavrakakis | .. code-block:: console |
742 | 0768a1df | Christos Stavrakakis | |
743 | 0768a1df | Christos Stavrakakis | $ snf-manage backend-add --clustername=cluster.example.com --user="synnefo_user" --pass="synnefo_pass" |
744 | 0768a1df | Christos Stavrakakis | |
745 | 46ccbcb9 | Christos Stavrakakis | where ``clustername`` is the Cluster hostname of the Ganeti cluster, and |
746 | 46ccbcb9 | Christos Stavrakakis | ``user`` and ``pass`` are the credentials for the `Ganeti RAPI user |
747 | 46ccbcb9 | Christos Stavrakakis | <http://docs.ganeti.org/ganeti/2.2/html/rapi.html#users-and-passwords>`_. All |
748 | 46ccbcb9 | Christos Stavrakakis | backend attributes can be also changed dynamically using the `snf-manage |
749 | 46ccbcb9 | Christos Stavrakakis | backend-modify` command. |
750 | 0768a1df | Christos Stavrakakis | |
751 | edd28bbf | Christos Stavrakakis | ``snf-manage backend-add`` will also create all existing public networks to |
752 | a1c707c9 | Constantinos Venetsanopoulos | the new backend. You can verify that the backend is added, by running |
753 | a1c707c9 | Constantinos Venetsanopoulos | `snf-manage backend-list`. |
754 | 0768a1df | Christos Stavrakakis | |
755 | a1c707c9 | Constantinos Venetsanopoulos | Note that no VMs will be spawned to this backend, since by default it is in a |
756 | edd28bbf | Christos Stavrakakis | ``drained`` state after addition in order to manually verify the state of the |
757 | edd28bbf | Christos Stavrakakis | backend. |
758 | a1c707c9 | Constantinos Venetsanopoulos | |
759 | edd28bbf | Christos Stavrakakis | So, after making sure everything works as expected, make the new backend active |
760 | edd28bbf | Christos Stavrakakis | by un-setting the ``drained`` flag. You can do this by running: |
761 | a1c707c9 | Constantinos Venetsanopoulos | |
762 | a1c707c9 | Constantinos Venetsanopoulos | .. code-block:: console |
763 | a1c707c9 | Constantinos Venetsanopoulos | |
764 | 46ccbcb9 | Christos Stavrakakis | $ snf-manage backend-modify --drained=False <backend_id> |
765 | 0768a1df | Christos Stavrakakis | |
766 | a1c707c9 | Constantinos Venetsanopoulos | Allocation of VMs in Ganeti backends |
767 | a1c707c9 | Constantinos Venetsanopoulos | ```````````````````````````````````` |
768 | a1c707c9 | Constantinos Venetsanopoulos | As already mentioned, the Cyclades backend allocator is responsible for |
769 | a1c707c9 | Constantinos Venetsanopoulos | allocating new VMs to backends. This allocator does not choose the exact Ganeti |
770 | a1c707c9 | Constantinos Venetsanopoulos | node that will host the VM but just the Ganeti backend. The exact node is |
771 | a1c707c9 | Constantinos Venetsanopoulos | chosen by the Ganeti cluster's allocator (hail). |
772 | 0768a1df | Christos Stavrakakis | |
773 | 0768a1df | Christos Stavrakakis | The decision about which backend will host a VM is based on the available |
774 | 0768a1df | Christos Stavrakakis | resources. The allocator computes a score for each backend, that shows its load |
775 | 0768a1df | Christos Stavrakakis | factor, and the one with the minimum score is chosen. The admin can exclude |
776 | a1c707c9 | Constantinos Venetsanopoulos | backends from the allocation phase by marking them as ``drained`` by running: |
777 | 90c74332 | Christos Stavrakakis | |
778 | 0768a1df | Christos Stavrakakis | .. code-block:: console |
779 | 0768a1df | Christos Stavrakakis | |
780 | 46ccbcb9 | Christos Stavrakakis | $ snf-manage backend-modify --drained=True <backend_id> |
781 | 0768a1df | Christos Stavrakakis | |
782 | 0768a1df | Christos Stavrakakis | The backend resources are periodically updated, at a period defined by |
783 | edd28bbf | Christos Stavrakakis | the ``BACKEND_REFRESH_MIN`` setting, or by running `snf-manage |
784 | edd28bbf | Christos Stavrakakis | backend-update-status` command. It is advised to have a cron job running this |
785 | edd28bbf | Christos Stavrakakis | command at a smaller interval than ``BACKEND_REFRESH_MIN`` in order to remove |
786 | edd28bbf | Christos Stavrakakis | the load of refreshing the backends stats from the VM creation phase. |
787 | 0768a1df | Christos Stavrakakis | |
788 | a1c707c9 | Constantinos Venetsanopoulos | Finally, the admin can decide to have a user's VMs being allocated to a |
789 | a1c707c9 | Constantinos Venetsanopoulos | specific backend, with the ``BACKEND_PER_USER`` setting. This is a mapping |
790 | a1c707c9 | Constantinos Venetsanopoulos | between users and backends. If the user is found in ``BACKEND_PER_USER``, then |
791 | 46ccbcb9 | Christos Stavrakakis | Synnefo allocates all his/hers VMs to the specific backend in the variable, |
792 | 46ccbcb9 | Christos Stavrakakis | even if is marked as drained (useful for testing). |
793 | 0768a1df | Christos Stavrakakis | |
794 | 09d07554 | Christos Stavrakakis | Allocation based on disk-templates |
795 | 09d07554 | Christos Stavrakakis | ********************************** |
796 | 09d07554 | Christos Stavrakakis | |
797 | 09d07554 | Christos Stavrakakis | Besides the available resources of each Ganeti backend, the allocator takes |
798 | 09d07554 | Christos Stavrakakis | into consideration the disk template of the instance when trying to allocate it |
799 | 09d07554 | Christos Stavrakakis | to a Ganeti backend. Specifically, the allocator checks if the flavor of the |
800 | 09d07554 | Christos Stavrakakis | instance belongs to the available disk templates of each Ganeti backend. |
801 | 09d07554 | Christos Stavrakakis | |
802 | 09d07554 | Christos Stavrakakis | A Ganeti cluster has a list of enabled disk templates |
803 | 09d07554 | Christos Stavrakakis | (`--enabled-disk-templates`) and a list of allowed disk templates for new |
804 | 09d07554 | Christos Stavrakakis | instances (`--ipolicy-disk-templates`). See the `gnt-cluster` manpage for more |
805 | 09d07554 | Christos Stavrakakis | details about these options. |
806 | 09d07554 | Christos Stavrakakis | |
807 | 09d07554 | Christos Stavrakakis | When Synnefo allocates an instance, it checks whether the disk template of the |
808 | 09d07554 | Christos Stavrakakis | new instance belongs both in the enabled and ipolicy disk templates. You can |
809 | 09d07554 | Christos Stavrakakis | see the list of the available disk-templates by running `snf-manage |
810 | 09d07554 | Christos Stavrakakis | backend-list`. This list should be updated automatically after changing |
811 | 09d07554 | Christos Stavrakakis | these options in Ganeti and it can also be updated by running `snf-manage |
812 | 09d07554 | Christos Stavrakakis | backend-update-status`. |
813 | 09d07554 | Christos Stavrakakis | |
814 | 09d07554 | Christos Stavrakakis | So the administrator, can route instances on different backends based on their |
815 | 09d07554 | Christos Stavrakakis | flavor disk template, by modifying the enabled or ipolicy disk templates of |
816 | 09d07554 | Christos Stavrakakis | each backend. Also, the administrator can route instances between different |
817 | 09d07554 | Christos Stavrakakis | nodes of the same Ganeti backend, by modifying the same options at the |
818 | 09d07554 | Christos Stavrakakis | nodegroup level (see `gnt-group` manpage for mor details). |
819 | 09d07554 | Christos Stavrakakis | |
820 | edd28bbf | Christos Stavrakakis | Removing an existing Ganeti backend |
821 | edd28bbf | Christos Stavrakakis | ``````````````````````````````````` |
822 | edd28bbf | Christos Stavrakakis | In order to remove an existing backend from Synnefo, you must first make |
823 | edd28bbf | Christos Stavrakakis | sure that there are not active servers in the backend, and then run: |
824 | edd28bbf | Christos Stavrakakis | |
825 | edd28bbf | Christos Stavrakakis | .. code-block:: console |
826 | edd28bbf | Christos Stavrakakis | |
827 | edd28bbf | Christos Stavrakakis | # snf-manage backend-remove <backend_id> |
828 | edd28bbf | Christos Stavrakakis | |
829 | edd28bbf | Christos Stavrakakis | |
830 | 6d8a47d0 | Christos Stavrakakis | Virtual Networks |
831 | 6d8a47d0 | Christos Stavrakakis | ~~~~~~~~~~~~~~~~ |
832 | 6d8a47d0 | Christos Stavrakakis | |
833 | 6d8a47d0 | Christos Stavrakakis | Cyclades also implements the Network service and exposes the Quantum Openstack |
834 | 6d8a47d0 | Christos Stavrakakis | API. Cyclades supports full IPv4 and IPv6 connectivity to the public internet |
835 | 6d8a47d0 | Christos Stavrakakis | for it's VMs. Also, Cyclades provides L2 and L3 virtual private networks, |
836 | 6d8a47d0 | Christos Stavrakakis | giving the user freedom to create arbitraty network topologies of |
837 | 6d8a47d0 | Christos Stavrakakis | interconnected VMs. |
838 | 6d8a47d0 | Christos Stavrakakis | |
839 | 6d8a47d0 | Christos Stavrakakis | Public networking is desployment specific and must be customized based on the |
840 | 6d8a47d0 | Christos Stavrakakis | specific needs of the system administrator. Private virtual networks can be |
841 | 6d8a47d0 | Christos Stavrakakis | provided by different network technologies which are exposed as different |
842 | 6d8a47d0 | Christos Stavrakakis | network flavors. For better understanding of networking please refer to the |
843 | 6d8a47d0 | Christos Stavrakakis | :ref:`Network <networks>` section. |
844 | 6d8a47d0 | Christos Stavrakakis | |
845 | 6d8a47d0 | Christos Stavrakakis | A Cyclades virtual network is an isolated Layer-2 broadcast domain. A network |
846 | 6d8a47d0 | Christos Stavrakakis | can also have an associated IPv4 and IPv6 subnet representing the Layer-3 |
847 | 6d8a47d0 | Christos Stavrakakis | characteristics of the network. Each subnet represents an IP address block |
848 | 6d8a47d0 | Christos Stavrakakis | that is used in order to assign addresses to VMs. |
849 | 6d8a47d0 | Christos Stavrakakis | |
850 | 6d8a47d0 | Christos Stavrakakis | To connect a VM to a network, a port must be created, which represent a virtual |
851 | 6d8a47d0 | Christos Stavrakakis | port on a network switch. VMs are connected to networks by attaching a virtual |
852 | 6d8a47d0 | Christos Stavrakakis | interface to a port. |
853 | 6d8a47d0 | Christos Stavrakakis | |
854 | 6d8a47d0 | Christos Stavrakakis | Cyclades also supports `floating IPs`, which are public IPv4 addresses that |
855 | 6d8a47d0 | Christos Stavrakakis | can dynamically(hotplug-able) be added and removed to VMs. Floating IPs are |
856 | 6d8a47d0 | Christos Stavrakakis | a quotable resource that is allocated to each user. Unlike other cloud |
857 | 6d8a47d0 | Christos Stavrakakis | platforms, floating IPs are not implemented using 1-1 NAT to a ports private |
858 | 6d8a47d0 | Christos Stavrakakis | IP. Instead, floating IPs are directly assigned to virtual interfaces of VMs. |
859 | 6d8a47d0 | Christos Stavrakakis | |
860 | 6d8a47d0 | Christos Stavrakakis | Exactly like VMS, networks can be handled as Ganeti networks via `gnt-network` |
861 | 6d8a47d0 | Christos Stavrakakis | commands. All Ganeti networks that belong to Synnefo are named with the prefix |
862 | 6d8a47d0 | Christos Stavrakakis | `${BACKEND_PREFIX_ID}-net-`. Also, there are a number of `snf-manage` commands |
863 | 6d8a47d0 | Christos Stavrakakis | for handling of `networks`, `subnets`, `ports` and `floating IPs`. Below |
864 | 6d8a47d0 | Christos Stavrakakis | we will present a use case scenario using some of these commands. For better |
865 | 6d8a47d0 | Christos Stavrakakis | understanding of these commands, refer to their help messages. |
866 | 6d8a47d0 | Christos Stavrakakis | |
867 | 6d8a47d0 | Christos Stavrakakis | Create a virtual private network for user |
868 | 6d8a47d0 | Christos Stavrakakis | `7cf4d078-67bf-424d-8ff2-8669eb4841ea` using the `PHYSICAL_VLAN` flavor, which |
869 | 6d8a47d0 | Christos Stavrakakis | means that the network will be uniquely assigned a phsyical VLAN. The network |
870 | 6d8a47d0 | Christos Stavrakakis | is assigned an IPv4 subnet, described by it's CIDR and gateway. Also, |
871 | 6d8a47d0 | Christos Stavrakakis | the `--dhcp=True` option is used, to make `nfdhcpd` respone to DHCP queries |
872 | 6d8a47d0 | Christos Stavrakakis | from VMs. |
873 | 09d07554 | Christos Stavrakakis | |
874 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
875 | 9492387a | Christos Stavrakakis | |
876 | 6d8a47d0 | Christos Stavrakakis | snf-manage network-create --owner=7cf4d078-67bf-424d-8ff2-8669eb4841ea --name=prv_net-1 \ |
877 | 6d8a47d0 | Christos Stavrakakis | --subnet=192.168.2.0/24 --gateway=192.168.2.1 --dhcp=True --flavor=PHYSICAL_VLAN |
878 | 9492387a | Christos Stavrakakis | |
879 | 6d8a47d0 | Christos Stavrakakis | Inspect the state of the network in Cyclades DB and in all the Ganeti backends: |
880 | 9492387a | Christos Stavrakakis | |
881 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
882 | 9492387a | Christos Stavrakakis | |
883 | 6d8a47d0 | Christos Stavrakakis | snf-manage network-inspect <network_id> |
884 | 9492387a | Christos Stavrakakis | |
885 | 6d8a47d0 | Christos Stavrakakis | Inspect the state of the network's subnet, containg an overview of the |
886 | 6d8a47d0 | Christos Stavrakakis | subnet's IPv4 address allocation pool: |
887 | 6d8a47d0 | Christos Stavrakakis | |
888 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
889 | 6d8a47d0 | Christos Stavrakakis | |
890 | 6d8a47d0 | Christos Stavrakakis | snf-manage subnet-inspect <subnet_id> |
891 | 6d8a47d0 | Christos Stavrakakis | |
892 | 6d8a47d0 | Christos Stavrakakis | Connect a VM to the created private network. The port will be automatically |
893 | 6d8a47d0 | Christos Stavrakakis | be assigned an IPv4 address from one of the network's available IPs. This |
894 | 6d8a47d0 | Christos Stavrakakis | command will result in sending an `OP_INSTANCE_MODIFY` Ganeti command and |
895 | 6d8a47d0 | Christos Stavrakakis | attaching a NIC to the specified Ganeti instance. |
896 | 9492387a | Christos Stavrakakis | |
897 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
898 | 6d8a47d0 | Christos Stavrakakis | |
899 | 6d8a47d0 | Christos Stavrakakis | snf-manage port-create --network=<network_id> --server=<server_id> |
900 | a653c059 | Christos Stavrakakis | |
901 | 6d8a47d0 | Christos Stavrakakis | Inspect the state of the the port in Cyclades DB and in the Ganeti backend: |
902 | a653c059 | Christos Stavrakakis | |
903 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
904 | a653c059 | Christos Stavrakakis | |
905 | 6d8a47d0 | Christos Stavrakakis | snf-manage port-inspect <port_id> |
906 | 6d8a47d0 | Christos Stavrakakis | |
907 | 6d8a47d0 | Christos Stavrakakis | Disconnect the VM from the network and delete the network: |
908 | 6d8a47d0 | Christos Stavrakakis | |
909 | 6d8a47d0 | Christos Stavrakakis | .. code-block:: console |
910 | 6d8a47d0 | Christos Stavrakakis | |
911 | 6d8a47d0 | Christos Stavrakakis | snf-manage port-remove <port_id> |
912 | 6d8a47d0 | Christos Stavrakakis | snf-manage network-remove <network_id> |
913 | a653c059 | Christos Stavrakakis | |
914 | 9c98c6fc | Christos Stavrakakis | Managing Network Resources |
915 | a1c707c9 | Constantinos Venetsanopoulos | `````````````````````````` |
916 | 9c98c6fc | Christos Stavrakakis | |
917 | a1c707c9 | Constantinos Venetsanopoulos | Proper operation of the Cyclades Network Service depends on the unique |
918 | a1c707c9 | Constantinos Venetsanopoulos | assignment of specific resources to each type of virtual network. Specifically, |
919 | a1c707c9 | Constantinos Venetsanopoulos | these resources are: |
920 | 9c98c6fc | Christos Stavrakakis | |
921 | a1c707c9 | Constantinos Venetsanopoulos | * IP addresses. Cyclades creates a Pool of IPs for each Network, and assigns a |
922 | a1c707c9 | Constantinos Venetsanopoulos | unique IP address to each VM, thus connecting it to this Network. You can see |
923 | 6d8a47d0 | Christos Stavrakakis | the IP pool of each network by running `snf-manage subnet-inspect |
924 | 6d8a47d0 | Christos Stavrakakis | <subnet_ID>`. IP pools are automatically created and managed by Cyclades, |
925 | a1c707c9 | Constantinos Venetsanopoulos | depending on the subnet of the Network. |
926 | 9492387a | Christos Stavrakakis | * Bridges corresponding to physical VLANs, which are required for networks of |
927 | a1c707c9 | Constantinos Venetsanopoulos | type `PRIVATE_PHYSICAL_VLAN`. |
928 | a1c707c9 | Constantinos Venetsanopoulos | * One Bridge corresponding to one physical VLAN which is required for networks of |
929 | a1c707c9 | Constantinos Venetsanopoulos | type `PRIVATE_MAC_PREFIX`. |
930 | 9c98c6fc | Christos Stavrakakis | |
931 | 4573511a | Christos Stavrakakis | IPv4 addresses |
932 | 4573511a | Christos Stavrakakis | ************** |
933 | 4573511a | Christos Stavrakakis | |
934 | 4573511a | Christos Stavrakakis | An allocation pool of IPv4 addresses is automatically created for every network |
935 | 9a1b6564 | Christos Stavrakakis | with an IPv4 subnet. By default, the allocation pool contains the range of IP |
936 | 9a1b6564 | Christos Stavrakakis | addresses that are included in the subnet, except from the gateway and the |
937 | 9a1b6564 | Christos Stavrakakis | broadcast address of the network. The range of IP addresses can be restricted |
938 | 9a1b6564 | Christos Stavrakakis | using the `--allocation-pool` option of `snf-manage network-create` command. |
939 | 9a1b6564 | Christos Stavrakakis | The admin can externally reserve IP addresses to exclude them from automatic |
940 | 4573511a | Christos Stavrakakis | allocation with the `--add-reserved-ips` option of `snf-manage network-modify` |
941 | 9a1b6564 | Christos Stavrakakis | command. For example the following command will reserve two IP addresses from |
942 | 9a1b6564 | Christos Stavrakakis | network with ID `42`: |
943 | 9c98c6fc | Christos Stavrakakis | |
944 | 4573511a | Christos Stavrakakis | .. code-block:: console |
945 | 4573511a | Christos Stavrakakis | |
946 | 4573511a | Christos Stavrakakis | snf-manage network-modify --add-reserved-ips=10.0.0.21,10.0.0.22 42 |
947 | 4573511a | Christos Stavrakakis | |
948 | 4573511a | Christos Stavrakakis | .. warning:: Externally reserving IP addresses is also available at the Ganeti. |
949 | 4573511a | Christos Stavrakakis | However, when using Cyclades with multiple Ganeti backends, the handling of |
950 | 4573511a | Christos Stavrakakis | IP pools must be performed from Cyclades! |
951 | 4573511a | Christos Stavrakakis | |
952 | 4573511a | Christos Stavrakakis | Bridges |
953 | 4573511a | Christos Stavrakakis | ******* |
954 | 4573511a | Christos Stavrakakis | |
955 | 4573511a | Christos Stavrakakis | As already mentioned Cyclades use a pool of Bridges that must correspond |
956 | 4573511a | Christos Stavrakakis | to Physical VLAN at the Ganeti level. A bridge from the pool is assigned to |
957 | 4573511a | Christos Stavrakakis | each network of flavor `PHYSICAL_VLAN`. Creation of this pool is done |
958 | 4573511a | Christos Stavrakakis | using `snf-manage pool-create` command. For example the following command |
959 | 4573511a | Christos Stavrakakis | will create a pool containing the brdiges from `prv1` to `prv21`. |
960 | 90c74332 | Christos Stavrakakis | |
961 | 9c98c6fc | Christos Stavrakakis | .. code-block:: console |
962 | 9c98c6fc | Christos Stavrakakis | |
963 | 9c98c6fc | Christos Stavrakakis | # snf-manage pool-create --type=bridge --base=prv --size=20 |
964 | 9c98c6fc | Christos Stavrakakis | |
965 | 9c98c6fc | Christos Stavrakakis | You can verify the creation of the pool, and check its contents by running: |
966 | 90c74332 | Christos Stavrakakis | |
967 | 9c98c6fc | Christos Stavrakakis | .. code-block:: console |
968 | 9c98c6fc | Christos Stavrakakis | |
969 | 9c98c6fc | Christos Stavrakakis | # snf-manage pool-list |
970 | 9c98c6fc | Christos Stavrakakis | # snf-manage pool-show --type=bridge 1 |
971 | 9c98c6fc | Christos Stavrakakis | |
972 | 4573511a | Christos Stavrakakis | Finally you can use the `pool-modify` management command in order to externally |
973 | 4573511a | Christos Stavrakakis | reserve the values from pool, extend or shrink the pool if possible. |
974 | 4573511a | Christos Stavrakakis | |
975 | 4573511a | Christos Stavrakakis | MAC Prefixes |
976 | 4573511a | Christos Stavrakakis | ************ |
977 | 4573511a | Christos Stavrakakis | |
978 | 4573511a | Christos Stavrakakis | Cyclades also use a pool of MAC prefixes to assign to networks of flavor |
979 | 4573511a | Christos Stavrakakis | `MAC_FILTERED`. Handling of this pool is done exactly as with pool of bridges, |
980 | 4573511a | Christos Stavrakakis | except that the type option must be set to mac-prefix: |
981 | 90c74332 | Christos Stavrakakis | |
982 | 9c98c6fc | Christos Stavrakakis | .. code-block:: console |
983 | 9c98c6fc | Christos Stavrakakis | |
984 | 9c98c6fc | Christos Stavrakakis | # snf-manage pool-create --type=mac-prefix --base=aa:00:0 --size=65536 |
985 | 9c98c6fc | Christos Stavrakakis | |
986 | 4573511a | Christos Stavrakakis | The above command will create a pool of MAC prefixes from ``aa:00:1`` to |
987 | 4573511a | Christos Stavrakakis | ``b9:ff:f``. The MAC prefix pool is responsible for providing only unicast and |
988 | 4573511a | Christos Stavrakakis | locally administered MAC addresses, so many of these prefixes will be |
989 | 4573511a | Christos Stavrakakis | externally reserved, to exclude from allocation. |
990 | 4573511a | Christos Stavrakakis | |
991 | 4573511a | Christos Stavrakakis | Pool reconciliation |
992 | 4573511a | Christos Stavrakakis | ******************* |
993 | 4573511a | Christos Stavrakakis | |
994 | 4573511a | Christos Stavrakakis | The management command `snf-manage reconcile-pools` can be used that all the |
995 | 4573511a | Christos Stavrakakis | above mentioned pools are consistent and that all values that come from the |
996 | 4573511a | Christos Stavrakakis | pool are not used more than once. |
997 | 0768a1df | Christos Stavrakakis | |
998 | 426d4ae3 | Constantinos Venetsanopoulos | |
999 | eab73849 | Constantinos Venetsanopoulos | Cyclades advanced operations |
1000 | eab73849 | Constantinos Venetsanopoulos | ---------------------------- |
1001 | eab73849 | Constantinos Venetsanopoulos | |
1002 | eab73849 | Constantinos Venetsanopoulos | Reconciliation mechanism |
1003 | eab73849 | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~~~~~~~~~~~~ |
1004 | a1c707c9 | Constantinos Venetsanopoulos | |
1005 | 06e23415 | Christos Stavrakakis | On certain occasions, such as a Ganeti or RabbitMQ failure, the state of |
1006 | 06e23415 | Christos Stavrakakis | Cyclades database may differ from the real state of VMs and networks in the |
1007 | 06e23415 | Christos Stavrakakis | Ganeti backends. The reconciliation process is designed to synchronize |
1008 | 06e23415 | Christos Stavrakakis | the state of the Cyclades DB with Ganeti. There are two management commands |
1009 | 06e23415 | Christos Stavrakakis | for reconciling VMs and Networks |
1010 | 06e23415 | Christos Stavrakakis | |
1011 | a1c707c9 | Constantinos Venetsanopoulos | Reconciling Virtual Machines |
1012 | a1c707c9 | Constantinos Venetsanopoulos | ```````````````````````````` |
1013 | a1c707c9 | Constantinos Venetsanopoulos | |
1014 | 06e23415 | Christos Stavrakakis | Reconciliation of VMs detects the following conditions: |
1015 | a1c707c9 | Constantinos Venetsanopoulos | |
1016 | eab73849 | Constantinos Venetsanopoulos | * Stale DB servers without corresponding Ganeti instances |
1017 | eab73849 | Constantinos Venetsanopoulos | * Orphan Ganeti instances, without corresponding DB entries |
1018 | 06e23415 | Christos Stavrakakis | * Out-of-sync state for DB entries wrt to Ganeti instances |
1019 | eab73849 | Constantinos Venetsanopoulos | |
1020 | 06e23415 | Christos Stavrakakis | To detect all inconsistencies you can just run: |
1021 | 90c74332 | Christos Stavrakakis | |
1022 | eab73849 | Constantinos Venetsanopoulos | .. code-block:: console |
1023 | a1c707c9 | Constantinos Venetsanopoulos | |
1024 | a1c707c9 | Constantinos Venetsanopoulos | $ snf-manage reconcile-servers |
1025 | eab73849 | Constantinos Venetsanopoulos | |
1026 | 06e23415 | Christos Stavrakakis | Adding the `--fix-all` option, will do the actual synchronization: |
1027 | 90c74332 | Christos Stavrakakis | |
1028 | 06e23415 | Christos Stavrakakis | .. code-block:: console |
1029 | a1c707c9 | Constantinos Venetsanopoulos | |
1030 | e30c60eb | Stratos Psomadakis | $ snf-manage reconcile-servers --fix-all |
1031 | eab73849 | Constantinos Venetsanopoulos | |
1032 | e30c60eb | Stratos Psomadakis | Please see ``snf-manage reconcile-servers --help`` for all the details. |
1033 | eab73849 | Constantinos Venetsanopoulos | |
1034 | 06e23415 | Christos Stavrakakis | Reconciling Networks |
1035 | 90c74332 | Christos Stavrakakis | ```````````````````` |
1036 | a1c707c9 | Constantinos Venetsanopoulos | |
1037 | 06e23415 | Christos Stavrakakis | Reconciliation of Networks detects the following conditions: |
1038 | a1c707c9 | Constantinos Venetsanopoulos | |
1039 | 06e23415 | Christos Stavrakakis | * Stale DB networks without corresponding Ganeti networks |
1040 | 06e23415 | Christos Stavrakakis | * Orphan Ganeti networks, without corresponding DB entries |
1041 | 06e23415 | Christos Stavrakakis | * Private networks that are not created to all Ganeti backends |
1042 | 06e23415 | Christos Stavrakakis | |
1043 | 06e23415 | Christos Stavrakakis | To detect all inconsistencies you can just run: |
1044 | 90c74332 | Christos Stavrakakis | |
1045 | 06e23415 | Christos Stavrakakis | .. code-block:: console |
1046 | a1c707c9 | Constantinos Venetsanopoulos | |
1047 | 06e23415 | Christos Stavrakakis | $ snf-manage reconcile-networks |
1048 | 06e23415 | Christos Stavrakakis | |
1049 | 06e23415 | Christos Stavrakakis | Adding the `--fix-all` option, will do the actual synchronization: |
1050 | 90c74332 | Christos Stavrakakis | |
1051 | 06e23415 | Christos Stavrakakis | .. code-block:: console |
1052 | a1c707c9 | Constantinos Venetsanopoulos | |
1053 | 06e23415 | Christos Stavrakakis | $ snf-manage reconcile-networks --fix-all |
1054 | 06e23415 | Christos Stavrakakis | |
1055 | 06e23415 | Christos Stavrakakis | Please see ``snf-manage reconcile-networks --help`` for all the details. |
1056 | eab73849 | Constantinos Venetsanopoulos | |
1057 | 9a1b6564 | Christos Stavrakakis | Reconciling Pools |
1058 | 9a1b6564 | Christos Stavrakakis | ````````````````` |
1059 | 9a1b6564 | Christos Stavrakakis | |
1060 | 9a1b6564 | Christos Stavrakakis | Reconciliation of pools will check the consistency of available pools by |
1061 | 9a1b6564 | Christos Stavrakakis | checking that the values from each pool are not used more than once, and also |
1062 | 9a1b6564 | Christos Stavrakakis | that the only reserved values in a pool are the ones used. Pool reconciliation |
1063 | 9a1b6564 | Christos Stavrakakis | will check pools of bridges, MAC prefixes, and IPv4 addresses for all networks. |
1064 | 9a1b6564 | Christos Stavrakakis | |
1065 | 9a1b6564 | Christos Stavrakakis | .. code-block:: console |
1066 | 9a1b6564 | Christos Stavrakakis | |
1067 | 9a1b6564 | Christos Stavrakakis | $ snf-manage reconcile-pools |
1068 | 9a1b6564 | Christos Stavrakakis | $ snf-manage reconcile-pools --fix |
1069 | eab73849 | Constantinos Venetsanopoulos | |
1070 | 2467655e | Christos Stavrakakis | Helpdesk |
1071 | 2467655e | Christos Stavrakakis | -------- |
1072 | 2467655e | Christos Stavrakakis | |
1073 | 2467655e | Christos Stavrakakis | Helpdesk application provides the ability to view the virtual servers and |
1074 | 2467655e | Christos Stavrakakis | networks of all users, along with the ability to perform some basic actions |
1075 | 2467655e | Christos Stavrakakis | like administratively suspending a server. You can perform look-ups by |
1076 | 2467655e | Christos Stavrakakis | user UUID or email, by server ID (vm-$id) or by an IPv4 address. |
1077 | 2467655e | Christos Stavrakakis | |
1078 | 2467655e | Christos Stavrakakis | If you want to activate the helpdesk application you can set to `True` the |
1079 | 2467655e | Christos Stavrakakis | `HELPDESK_ENABLED` setting. Access to helpdesk views (under |
1080 | 2467655e | Christos Stavrakakis | `$BASE_URL/helpdesk`) is only to allowed to users that belong to Astakos |
1081 | 2467655e | Christos Stavrakakis | groups defined in the `HELPDESK_PERMITTED_GROUPS` setting, which by default |
1082 | 2467655e | Christos Stavrakakis | contains the `helpdesk` group. For example, to allow <user_id> |
1083 | 2467655e | Christos Stavrakakis | to access helpdesk view, you should run the following command in the Astakos |
1084 | 2467655e | Christos Stavrakakis | node: |
1085 | 2467655e | Christos Stavrakakis | |
1086 | 2467655e | Christos Stavrakakis | .. code-block:: console |
1087 | 2467655e | Christos Stavrakakis | |
1088 | 2467655e | Christos Stavrakakis | snf-manage group-add helpdesk |
1089 | 2467655e | Christos Stavrakakis | snf-manage user-modify --add-group=helpdesk <user_id> |
1090 | 2467655e | Christos Stavrakakis | |
1091 | 2467655e | Christos Stavrakakis | |
1092 | 426d4ae3 | Constantinos Venetsanopoulos | Cyclades internals |
1093 | 426d4ae3 | Constantinos Venetsanopoulos | ------------------ |
1094 | 426d4ae3 | Constantinos Venetsanopoulos | |
1095 | 426d4ae3 | Constantinos Venetsanopoulos | Asynchronous communication with Ganeti backends |
1096 | 426d4ae3 | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
1097 | 426d4ae3 | Constantinos Venetsanopoulos | Synnefo uses Google Ganeti backends for VM cluster management. In order for |
1098 | 426d4ae3 | Constantinos Venetsanopoulos | Cyclades to be able to handle thousands of user requests, Cyclades and Ganeti |
1099 | 426d4ae3 | Constantinos Venetsanopoulos | communicate asynchronously. Briefly, requests are submitted to Ganeti through |
1100 | 426d4ae3 | Constantinos Venetsanopoulos | Ganeti's RAPI/HTTP interface, and then asynchronous notifications about the |
1101 | 426d4ae3 | Constantinos Venetsanopoulos | progress of Ganeti jobs are being created and pushed upwards to Cyclades. The |
1102 | 426d4ae3 | Constantinos Venetsanopoulos | architecture and communication with a Ganeti backend is shown in the graph |
1103 | 426d4ae3 | Constantinos Venetsanopoulos | below: |
1104 | 426d4ae3 | Constantinos Venetsanopoulos | |
1105 | 426d4ae3 | Constantinos Venetsanopoulos | .. image:: images/cyclades-ganeti-communication.png |
1106 | 426d4ae3 | Constantinos Venetsanopoulos | :width: 50% |
1107 | 426d4ae3 | Constantinos Venetsanopoulos | :target: _images/cyclades-ganeti-communication.png |
1108 | 426d4ae3 | Constantinos Venetsanopoulos | |
1109 | 426d4ae3 | Constantinos Venetsanopoulos | The Cyclades API server is responsible for handling user requests. Read-only |
1110 | 426d4ae3 | Constantinos Venetsanopoulos | requests are directly served by looking up the Cyclades DB. If the request |
1111 | 426d4ae3 | Constantinos Venetsanopoulos | needs an action in the Ganeti backend, Cyclades submit jobs to the Ganeti |
1112 | 426d4ae3 | Constantinos Venetsanopoulos | master using the `Ganeti RAPI interface |
1113 | 426d4ae3 | Constantinos Venetsanopoulos | <http://docs.ganeti.org/ganeti/2.2/html/rapi.html>`_. |
1114 | 426d4ae3 | Constantinos Venetsanopoulos | |
1115 | 5135245b | Christos Stavrakakis | While Ganeti executes the job, `snf-ganeti-eventd`, and `snf-progress-monitor` |
1116 | 5135245b | Christos Stavrakakis | are monitoring the progress of the job and send corresponding messages to the |
1117 | 5135245b | Christos Stavrakakis | RabbitMQ servers. These components are part of `snf-cyclades-gtools` and must |
1118 | 5135245b | Christos Stavrakakis | be installed on all Ganeti nodes. Specially: |
1119 | 426d4ae3 | Constantinos Venetsanopoulos | |
1120 | 426d4ae3 | Constantinos Venetsanopoulos | * *snf-ganeti-eventd* sends messages about operations affecting the operating |
1121 | 426d4ae3 | Constantinos Venetsanopoulos | state of instances and networks. Works by monitoring the Ganeti job queue. |
1122 | 426d4ae3 | Constantinos Venetsanopoulos | * *snf-progress_monitor* sends messages about the progress of the Image deployment |
1123 | 426d4ae3 | Constantinos Venetsanopoulos | phase which is done by the Ganeti OS Definition `snf-image`. |
1124 | 426d4ae3 | Constantinos Venetsanopoulos | |
1125 | 426d4ae3 | Constantinos Venetsanopoulos | Finally, `snf-dispatcher` consumes messages from the RabbitMQ queues, processes |
1126 | 426d4ae3 | Constantinos Venetsanopoulos | these messages and properly updates the state of the Cyclades DB. Subsequent |
1127 | 426d4ae3 | Constantinos Venetsanopoulos | requests to the Cyclades API, will retrieve the updated state from the DB. |
1128 | 426d4ae3 | Constantinos Venetsanopoulos | |
1129 | 426d4ae3 | Constantinos Venetsanopoulos | |
1130 | e81ad3e5 | Constantinos Venetsanopoulos | Synnefo management commands ("snf-manage") |
1131 | e81ad3e5 | Constantinos Venetsanopoulos | ========================================== |
1132 | e81ad3e5 | Constantinos Venetsanopoulos | |
1133 | e81ad3e5 | Constantinos Venetsanopoulos | Each Synnefo service, Astakos, Pithos and Cyclades are controlled by the |
1134 | e81ad3e5 | Constantinos Venetsanopoulos | administrator using the "snf-manage" admin tool. This tool is an extension of |
1135 | e81ad3e5 | Constantinos Venetsanopoulos | the Django command-line management utility. It is run on the host that runs |
1136 | e81ad3e5 | Constantinos Venetsanopoulos | each service and provides different types of commands depending the services |
1137 | e81ad3e5 | Constantinos Venetsanopoulos | running on the host. If you are running more than one service on the same host |
1138 | e81ad3e5 | Constantinos Venetsanopoulos | "snf-manage" adds all the corresponding commands for each service dynamically, |
1139 | e81ad3e5 | Constantinos Venetsanopoulos | providing a unified admin environment. |
1140 | e81ad3e5 | Constantinos Venetsanopoulos | |
1141 | e81ad3e5 | Constantinos Venetsanopoulos | To run "snf-manage" you just type: |
1142 | e81ad3e5 | Constantinos Venetsanopoulos | |
1143 | e81ad3e5 | Constantinos Venetsanopoulos | .. code-block:: console |
1144 | e81ad3e5 | Constantinos Venetsanopoulos | |
1145 | e81ad3e5 | Constantinos Venetsanopoulos | # snf-manage <command> [arguments] |
1146 | e81ad3e5 | Constantinos Venetsanopoulos | |
1147 | e81ad3e5 | Constantinos Venetsanopoulos | on the corresponding host that runs the service. For example, if you have all |
1148 | e81ad3e5 | Constantinos Venetsanopoulos | services running on different physical hosts you would do: |
1149 | e81ad3e5 | Constantinos Venetsanopoulos | |
1150 | e81ad3e5 | Constantinos Venetsanopoulos | .. code-block:: console |
1151 | e81ad3e5 | Constantinos Venetsanopoulos | |
1152 | e81ad3e5 | Constantinos Venetsanopoulos | root@astakos-host # snf-manage <astakos-command> [argument] |
1153 | e81ad3e5 | Constantinos Venetsanopoulos | root@pithos-host # snf-manage <pithos-command> [argument] |
1154 | e81ad3e5 | Constantinos Venetsanopoulos | root@cyclades-host # snf-manage <cyclades-command> [argument] |
1155 | e81ad3e5 | Constantinos Venetsanopoulos | |
1156 | e81ad3e5 | Constantinos Venetsanopoulos | If you have all services running on the same host you would do: |
1157 | e81ad3e5 | Constantinos Venetsanopoulos | |
1158 | e81ad3e5 | Constantinos Venetsanopoulos | .. code-block:: console |
1159 | e81ad3e5 | Constantinos Venetsanopoulos | |
1160 | e81ad3e5 | Constantinos Venetsanopoulos | root@synnefo-host # snf-manage <{astakos,pithos,cyclades}-command> [argument] |
1161 | e81ad3e5 | Constantinos Venetsanopoulos | |
1162 | e81ad3e5 | Constantinos Venetsanopoulos | Note that you cannot execute a service's command on a host that is not running |
1163 | e81ad3e5 | Constantinos Venetsanopoulos | this service. For example, the following will return an error if Astakos and |
1164 | e81ad3e5 | Constantinos Venetsanopoulos | Cyclades are installed on different physical hosts: |
1165 | e81ad3e5 | Constantinos Venetsanopoulos | |
1166 | e81ad3e5 | Constantinos Venetsanopoulos | .. code-block:: console |
1167 | e81ad3e5 | Constantinos Venetsanopoulos | |
1168 | e81ad3e5 | Constantinos Venetsanopoulos | root@astakos-host # snf-manage <cyclades-command> [argument] |
1169 | e81ad3e5 | Constantinos Venetsanopoulos | Unknown command: 'cyclades-command' |
1170 | e81ad3e5 | Constantinos Venetsanopoulos | Type 'snf-manage help' for usage. |
1171 | e81ad3e5 | Constantinos Venetsanopoulos | |
1172 | e81ad3e5 | Constantinos Venetsanopoulos | This is the complete list of "snf-manage" commands for each service. |
1173 | e81ad3e5 | Constantinos Venetsanopoulos | |
1174 | e81ad3e5 | Constantinos Venetsanopoulos | Astakos snf-manage commands |
1175 | e81ad3e5 | Constantinos Venetsanopoulos | --------------------------- |
1176 | e81ad3e5 | Constantinos Venetsanopoulos | |
1177 | e81ad3e5 | Constantinos Venetsanopoulos | ============================ =========================== |
1178 | e81ad3e5 | Constantinos Venetsanopoulos | Name Description |
1179 | e81ad3e5 | Constantinos Venetsanopoulos | ============================ =========================== |
1180 | e81ad3e5 | Constantinos Venetsanopoulos | fix-superusers Transform superusers created by syncdb into AstakosUser instances |
1181 | 5e1ea6f7 | Giorgos Korfiatis | cleanup-full Cleanup sessions and session catalog |
1182 | a4451f59 | Giorgos Korfiatis | commission-list List pending commissions |
1183 | a4451f59 | Giorgos Korfiatis | commission-show Show details for a pending commission |
1184 | 252eef38 | Giorgos Korfiatis | component-add Register a component |
1185 | 252eef38 | Giorgos Korfiatis | component-list List components |
1186 | 252eef38 | Giorgos Korfiatis | component-modify Modify component attributes |
1187 | 6ef1e2eb | Giorgos Korfiatis | component-show Show component details |
1188 | e81ad3e5 | Constantinos Venetsanopoulos | project-control Manage projects and applications |
1189 | e81ad3e5 | Constantinos Venetsanopoulos | project-list List projects |
1190 | e81ad3e5 | Constantinos Venetsanopoulos | project-show Show project details |
1191 | a69ad12b | Giorgos Korfiatis | quota-list List user quota |
1192 | a69ad12b | Giorgos Korfiatis | quota-verify Check the integrity of user quota |
1193 | e81ad3e5 | Constantinos Venetsanopoulos | reconcile-resources-astakos Reconcile resource usage of Quotaholder with Astakos DB |
1194 | e81ad3e5 | Constantinos Venetsanopoulos | resource-list List resources |
1195 | 5e1ea6f7 | Giorgos Korfiatis | resource-modify Modify a resource's default base quota and boolean flags |
1196 | 90e7da53 | Giorgos Korfiatis | service-export-astakos Export Astakos services and resources in JSON format |
1197 | bd1f667b | Giorgos Korfiatis | service-import Register services |
1198 | e81ad3e5 | Constantinos Venetsanopoulos | service-list List services |
1199 | 5e1ea6f7 | Giorgos Korfiatis | service-show Show service details |
1200 | e81ad3e5 | Constantinos Venetsanopoulos | term-add Add approval terms |
1201 | e81ad3e5 | Constantinos Venetsanopoulos | user-activation-send Send user activation |
1202 | e81ad3e5 | Constantinos Venetsanopoulos | user-add Add user |
1203 | 9577d199 | Kostas Papadimitriou | authpolicy-add Create a new authentication provider policy profile |
1204 | 9577d199 | Kostas Papadimitriou | authpolicy-list List existing authentication provider policy profiles |
1205 | 9577d199 | Kostas Papadimitriou | authpolicy-remove Remove an authentication provider policy |
1206 | 9577d199 | Kostas Papadimitriou | authpolicy-set Assign an existing authentication provider policy profile to a user or group |
1207 | 9577d199 | Kostas Papadimitriou | authpolicy-show Show authentication provider profile details |
1208 | 9577d199 | Kostas Papadimitriou | group-add Create a group with the given name |
1209 | 9577d199 | Kostas Papadimitriou | group-list List available groups |
1210 | e81ad3e5 | Constantinos Venetsanopoulos | user-list List users |
1211 | e81ad3e5 | Constantinos Venetsanopoulos | user-modify Modify user |
1212 | e81ad3e5 | Constantinos Venetsanopoulos | user-show Show user details |
1213 | e81ad3e5 | Constantinos Venetsanopoulos | ============================ =========================== |
1214 | e81ad3e5 | Constantinos Venetsanopoulos | |
1215 | e81ad3e5 | Constantinos Venetsanopoulos | Pithos snf-manage commands |
1216 | e81ad3e5 | Constantinos Venetsanopoulos | -------------------------- |
1217 | e81ad3e5 | Constantinos Venetsanopoulos | |
1218 | e81ad3e5 | Constantinos Venetsanopoulos | ============================ =========================== |
1219 | e81ad3e5 | Constantinos Venetsanopoulos | Name Description |
1220 | e81ad3e5 | Constantinos Venetsanopoulos | ============================ =========================== |
1221 | 3506f6a0 | Sofia Papagiannaki | reconcile-commissions-pithos Display unresolved commissions and trigger their recovery |
1222 | 90e7da53 | Giorgos Korfiatis | service-export-pithos Export Pithos services and resources in JSON format |
1223 | 3506f6a0 | Sofia Papagiannaki | reconcile-resources-pithos Detect unsynchronized usage between Astakos and Pithos DB resources and synchronize them if specified so. |
1224 | e81ad3e5 | Constantinos Venetsanopoulos | ============================ =========================== |
1225 | e81ad3e5 | Constantinos Venetsanopoulos | |
1226 | e81ad3e5 | Constantinos Venetsanopoulos | Cyclades snf-manage commands |
1227 | e81ad3e5 | Constantinos Venetsanopoulos | ---------------------------- |
1228 | e81ad3e5 | Constantinos Venetsanopoulos | |
1229 | bf57a264 | Christos Stavrakakis | ============================== =========================== |
1230 | bf57a264 | Christos Stavrakakis | Name Description |
1231 | bf57a264 | Christos Stavrakakis | ============================== =========================== |
1232 | bf57a264 | Christos Stavrakakis | backend-add Add a new Ganeti backend |
1233 | bf57a264 | Christos Stavrakakis | backend-list List backends |
1234 | bf57a264 | Christos Stavrakakis | backend-modify Modify a backend |
1235 | bf57a264 | Christos Stavrakakis | backend-update-status Update backend statistics for instance allocation |
1236 | bf57a264 | Christos Stavrakakis | backend-remove Remove a Ganeti backend |
1237 | d14155e3 | Giorgos Korfiatis | enforce-resources-cyclades Check and fix quota violations for Cyclades resources |
1238 | bf57a264 | Christos Stavrakakis | server-create Create a new server |
1239 | bf57a264 | Christos Stavrakakis | server-show Show server details |
1240 | bf57a264 | Christos Stavrakakis | server-list List servers |
1241 | bf57a264 | Christos Stavrakakis | server-modify Modify a server |
1242 | bf57a264 | Christos Stavrakakis | server-import Import an existing Ganeti VM into synnefo |
1243 | bf57a264 | Christos Stavrakakis | server-inspect Inspect a server in DB and Ganeti |
1244 | bf57a264 | Christos Stavrakakis | network-create Create a new network |
1245 | bf57a264 | Christos Stavrakakis | network-list List networks |
1246 | bf57a264 | Christos Stavrakakis | network-modify Modify a network |
1247 | bf57a264 | Christos Stavrakakis | network-inspect Inspect network state in DB and Ganeti |
1248 | bf57a264 | Christos Stavrakakis | network-remove Delete a network |
1249 | bf57a264 | Christos Stavrakakis | flavor-create Create a new flavor |
1250 | bf57a264 | Christos Stavrakakis | flavor-list List flavors |
1251 | bf57a264 | Christos Stavrakakis | flavor-modify Modify a flavor |
1252 | bf57a264 | Christos Stavrakakis | image-list List images |
1253 | bf57a264 | Christos Stavrakakis | image-show Show image details |
1254 | bf57a264 | Christos Stavrakakis | pool-create Create a bridge or mac-prefix pool |
1255 | bf57a264 | Christos Stavrakakis | pool-show Show pool details |
1256 | bf57a264 | Christos Stavrakakis | pool-list List pools |
1257 | bf57a264 | Christos Stavrakakis | pool-modify Modify a pool |
1258 | bf57a264 | Christos Stavrakakis | pool-remove Delete a pool |
1259 | f61f3fa7 | Christos Stavrakakis | port-create Create a port connecting a server to a network |
1260 | f61f3fa7 | Christos Stavrakakis | port-inspect Inspect the state of a port in DB and Ganeti |
1261 | f61f3fa7 | Christos Stavrakakis | port-list List ports |
1262 | f61f3fa7 | Christos Stavrakakis | port-remove Delete a port |
1263 | f61f3fa7 | Christos Stavrakakis | floating-ip-create Create a new floating IP |
1264 | f61f3fa7 | Christos Stavrakakis | floating-ip-attach Attach a floating IP to a server |
1265 | 6d86f5b3 | Christos Stavrakakis | floating-ip-detach Detach a floating IP from a server |
1266 | f61f3fa7 | Christos Stavrakakis | floating-ip-list List floating IPs |
1267 | f61f3fa7 | Christos Stavrakakis | floating-ip-remove Delete a floating IP |
1268 | bf57a264 | Christos Stavrakakis | queue-inspect Inspect the messages of a RabbitMQ queue |
1269 | bf57a264 | Christos Stavrakakis | queue-retry Resend messages from Dead Letter queues to original exchanges |
1270 | 90e7da53 | Giorgos Korfiatis | service-export-cyclades Export Cyclades services and resources in JSON format |
1271 | aab200c6 | Dionysis Grigoropoulos | subnet-create Create a subnet |
1272 | aab200c6 | Dionysis Grigoropoulos | subnet-inspect Inspect a subnet in DB |
1273 | aab200c6 | Dionysis Grigoropoulos | subnet-list List subnets |
1274 | aab200c6 | Dionysis Grigoropoulos | subnet-modify Modify a subnet |
1275 | bf57a264 | Christos Stavrakakis | reconcile-servers Reconcile servers of Synnefo DB with state of Ganeti backend |
1276 | bf57a264 | Christos Stavrakakis | reconcile-networks Reconcile networks of Synnefo DB with state of Ganeti backend |
1277 | bf57a264 | Christos Stavrakakis | reconcile-pools Check consistency of pool resources |
1278 | bf57a264 | Christos Stavrakakis | reconcile-commissions-cyclades Detect and resolve pending commissions to Quotaholder |
1279 | bf57a264 | Christos Stavrakakis | reconcile-resources-cyclades Reconcile resource usage of Astakos with Cyclades DB. |
1280 | bf57a264 | Christos Stavrakakis | ============================== =========================== |
1281 | e81ad3e5 | Constantinos Venetsanopoulos | |
1282 | 44cc2a6a | Constantinos Venetsanopoulos | |
1283 | 11716a83 | Giorgos Korfiatis | Astakos helper scripts |
1284 | 11716a83 | Giorgos Korfiatis | ====================== |
1285 | 11716a83 | Giorgos Korfiatis | |
1286 | 11716a83 | Giorgos Korfiatis | Astakos includes two scripts to facilitate the installation procedure. |
1287 | 11716a83 | Giorgos Korfiatis | Running: |
1288 | 11716a83 | Giorgos Korfiatis | |
1289 | 11716a83 | Giorgos Korfiatis | .. code-block:: console |
1290 | 11716a83 | Giorgos Korfiatis | |
1291 | b4109758 | Giorgos Korfiatis | snf-component-register [<component_name>] |
1292 | 11716a83 | Giorgos Korfiatis | |
1293 | 11716a83 | Giorgos Korfiatis | automates the registration of the standard Synnefo components (astakos, |
1294 | 11716a83 | Giorgos Korfiatis | cyclades, and pithos) in astakos database. It internally uses the script: |
1295 | 11716a83 | Giorgos Korfiatis | |
1296 | 11716a83 | Giorgos Korfiatis | .. code-block:: console |
1297 | 11716a83 | Giorgos Korfiatis | |
1298 | 11716a83 | Giorgos Korfiatis | snf-service-export <component_name> <base_url> |
1299 | 11716a83 | Giorgos Korfiatis | |
1300 | 11716a83 | Giorgos Korfiatis | which simulates the export of service and resource definitions of the |
1301 | 11716a83 | Giorgos Korfiatis | standard Synnefo components. |
1302 | 11716a83 | Giorgos Korfiatis | |
1303 | 44cc2a6a | Constantinos Venetsanopoulos | |
1304 | 3506f6a0 | Sofia Papagiannaki | Pithos managing accounts |
1305 | 3506f6a0 | Sofia Papagiannaki | ======================== |
1306 | 3506f6a0 | Sofia Papagiannaki | |
1307 | 3506f6a0 | Sofia Papagiannaki | Pithos provides a utility tool for managing accounts. |
1308 | 3506f6a0 | Sofia Papagiannaki | To run you just type: |
1309 | 3506f6a0 | Sofia Papagiannaki | |
1310 | 3506f6a0 | Sofia Papagiannaki | .. code-block:: console |
1311 | 3506f6a0 | Sofia Papagiannaki | |
1312 | 3506f6a0 | Sofia Papagiannaki | # pithos-manage-accounts <command> [arguments] |
1313 | 3506f6a0 | Sofia Papagiannaki | |
1314 | 3506f6a0 | Sofia Papagiannaki | This is the list of the available commands: |
1315 | 3506f6a0 | Sofia Papagiannaki | |
1316 | 3506f6a0 | Sofia Papagiannaki | ============================ =========================== |
1317 | 3506f6a0 | Sofia Papagiannaki | Name Description |
1318 | 3506f6a0 | Sofia Papagiannaki | ============================ =========================== |
1319 | 3506f6a0 | Sofia Papagiannaki | delete Remove an account from the Pithos DB |
1320 | 3506f6a0 | Sofia Papagiannaki | export-quota Export account quota in a file |
1321 | 3506f6a0 | Sofia Papagiannaki | list List existing/dublicate accounts |
1322 | 3506f6a0 | Sofia Papagiannaki | merge Move an account contents in another account |
1323 | 3506f6a0 | Sofia Papagiannaki | set-container-quota Set container quota for all or a specific account |
1324 | 3506f6a0 | Sofia Papagiannaki | ============================ =========================== |
1325 | 3506f6a0 | Sofia Papagiannaki | |
1326 | e81ad3e5 | Constantinos Venetsanopoulos | |
1327 | bc055d09 | Constantinos Venetsanopoulos | The "kamaki" API client |
1328 | eab73849 | Constantinos Venetsanopoulos | ======================= |
1329 | bc055d09 | Constantinos Venetsanopoulos | |
1330 | bc055d09 | Constantinos Venetsanopoulos | To upload, register or modify an image you will need the **kamaki** tool. |
1331 | bc055d09 | Constantinos Venetsanopoulos | Before proceeding make sure that it is configured properly. Verify that |
1332 | dd04efac | Stavros Sachtouris | *image.url*, *file.url*, *user.url* and *token* are set as needed: |
1333 | bc055d09 | Constantinos Venetsanopoulos | |
1334 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
1335 | bc055d09 | Constantinos Venetsanopoulos | |
1336 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki config list |
1337 | bc055d09 | Constantinos Venetsanopoulos | |
1338 | 73ebcd68 | Constantinos Venetsanopoulos | To change a setting use ``kamaki config set``: |
1339 | bc055d09 | Constantinos Venetsanopoulos | |
1340 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
1341 | bc055d09 | Constantinos Venetsanopoulos | |
1342 | 73ebcd68 | Constantinos Venetsanopoulos | $ kamaki config set image.url https://cyclades.example.com/image |
1343 | dd04efac | Stavros Sachtouris | $ kamaki config set file.url https://pithos.example.com/v1 |
1344 | dd04efac | Stavros Sachtouris | $ kamaki config set user.url https://accounts.example.com |
1345 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki config set token ... |
1346 | bc055d09 | Constantinos Venetsanopoulos | |
1347 | c0d88cf3 | Constantinos Venetsanopoulos | To test that everything works, try authenticating the current account with |
1348 | c0d88cf3 | Constantinos Venetsanopoulos | kamaki: |
1349 | dd04efac | Stavros Sachtouris | |
1350 | dd04efac | Stavros Sachtouris | .. code-block:: console |
1351 | dd04efac | Stavros Sachtouris | |
1352 | dd04efac | Stavros Sachtouris | $ kamaki user authenticate |
1353 | dd04efac | Stavros Sachtouris | |
1354 | c0d88cf3 | Constantinos Venetsanopoulos | This will output user information. |
1355 | dd04efac | Stavros Sachtouris | |
1356 | bc055d09 | Constantinos Venetsanopoulos | Upload Image |
1357 | bc055d09 | Constantinos Venetsanopoulos | ------------ |
1358 | bc055d09 | Constantinos Venetsanopoulos | |
1359 | c0d88cf3 | Constantinos Venetsanopoulos | By convention, images are stored in a container called ``images``. Check if the |
1360 | c0d88cf3 | Constantinos Venetsanopoulos | container exists, by listing all containers in your account: |
1361 | bc055d09 | Constantinos Venetsanopoulos | |
1362 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
1363 | bc055d09 | Constantinos Venetsanopoulos | |
1364 | dd04efac | Stavros Sachtouris | $ kamaki file list |
1365 | bc055d09 | Constantinos Venetsanopoulos | |
1366 | dd04efac | Stavros Sachtouris | If the container ``images`` does not exist, create it: |
1367 | bc055d09 | Constantinos Venetsanopoulos | |
1368 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
1369 | bc055d09 | Constantinos Venetsanopoulos | |
1370 | dd04efac | Stavros Sachtouris | $ kamaki file create images |
1371 | bc055d09 | Constantinos Venetsanopoulos | |
1372 | c0d88cf3 | Constantinos Venetsanopoulos | You are now ready to upload an image to container ``images``. You can upload it |
1373 | e5d8df8c | Constantinos Venetsanopoulos | with a Pithos client, or use kamaki directly: |
1374 | bc055d09 | Constantinos Venetsanopoulos | |
1375 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
1376 | bc055d09 | Constantinos Venetsanopoulos | |
1377 | dd04efac | Stavros Sachtouris | $ kamaki file upload ubuntu.iso images |
1378 | bc055d09 | Constantinos Venetsanopoulos | |
1379 | e5d8df8c | Constantinos Venetsanopoulos | You can use any Pithos client to verify that the image was uploaded correctly, |
1380 | c0d88cf3 | Constantinos Venetsanopoulos | or you can list the contents of the container with kamaki: |
1381 | bc055d09 | Constantinos Venetsanopoulos | |
1382 | dd04efac | Stavros Sachtouris | .. code-block:: console |
1383 | dd04efac | Stavros Sachtouris | |
1384 | dd04efac | Stavros Sachtouris | $ kamaki file list images |
1385 | bc055d09 | Constantinos Venetsanopoulos | |
1386 | bc055d09 | Constantinos Venetsanopoulos | The full Pithos URL for the previous example will be |
1387 | c0d88cf3 | Constantinos Venetsanopoulos | ``pithos://u53r-un1qu3-1d/images/ubuntu.iso`` where ``u53r-un1qu3-1d`` is the |
1388 | c0d88cf3 | Constantinos Venetsanopoulos | unique user id (uuid). |
1389 | bc055d09 | Constantinos Venetsanopoulos | |
1390 | bc055d09 | Constantinos Venetsanopoulos | Register Image |
1391 | bc055d09 | Constantinos Venetsanopoulos | -------------- |
1392 | bc055d09 | Constantinos Venetsanopoulos | |
1393 | e5d8df8c | Constantinos Venetsanopoulos | To register an image you will need to use the full Pithos URL. To register as |
1394 | bc055d09 | Constantinos Venetsanopoulos | a public image the one from the previous example use: |
1395 | bc055d09 | Constantinos Venetsanopoulos | |
1396 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
1397 | bc055d09 | Constantinos Venetsanopoulos | |
1398 | dd04efac | Stavros Sachtouris | $ kamaki image register Ubuntu pithos://u53r-un1qu3-1d/images/ubuntu.iso --public |
1399 | bc055d09 | Constantinos Venetsanopoulos | |
1400 | bc055d09 | Constantinos Venetsanopoulos | The ``--public`` flag is important, if missing the registered image will not |
1401 | dd04efac | Stavros Sachtouris | be listed by ``kamaki image list``. |
1402 | bc055d09 | Constantinos Venetsanopoulos | |
1403 | dd04efac | Stavros Sachtouris | Use ``kamaki image register`` with no arguments to see a list of available |
1404 | bc055d09 | Constantinos Venetsanopoulos | options. A more complete example would be the following: |
1405 | bc055d09 | Constantinos Venetsanopoulos | |
1406 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
1407 | bc055d09 | Constantinos Venetsanopoulos | |
1408 | dd04efac | Stavros Sachtouris | $ kamaki image register Ubuntu pithos://u53r-un1qu3-1d/images/ubuntu.iso \ |
1409 | bc055d09 | Constantinos Venetsanopoulos | --public --disk-format diskdump --property kernel=3.1.2 |
1410 | bc055d09 | Constantinos Venetsanopoulos | |
1411 | bc055d09 | Constantinos Venetsanopoulos | To verify that the image was registered successfully use: |
1412 | bc055d09 | Constantinos Venetsanopoulos | |
1413 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
1414 | bc055d09 | Constantinos Venetsanopoulos | |
1415 | dd04efac | Stavros Sachtouris | $ kamaki image list --name-like=ubuntu |
1416 | bc055d09 | Constantinos Venetsanopoulos | |
1417 | eab73849 | Constantinos Venetsanopoulos | |
1418 | eab73849 | Constantinos Venetsanopoulos | Miscellaneous |
1419 | eab73849 | Constantinos Venetsanopoulos | ============= |
1420 | eab73849 | Constantinos Venetsanopoulos | |
1421 | 08ad5b01 | Constantinos Venetsanopoulos | .. _branding: |
1422 | 9c2edbf1 | Olga Brani | |
1423 | 42e767d4 | Olga Brani | Branding |
1424 | 08ad5b01 | Constantinos Venetsanopoulos | -------- |
1425 | 9c2edbf1 | Olga Brani | |
1426 | 08ad5b01 | Constantinos Venetsanopoulos | Since Synnefo v0.14, you are able to adapt the Astakos, Pithos and Cyclades Web |
1427 | 08ad5b01 | Constantinos Venetsanopoulos | UI to your company’s visual identity. This is possible using the snf-branding |
1428 | 08ad5b01 | Constantinos Venetsanopoulos | component, which is automatically installed on the nodes running the API |
1429 | 08ad5b01 | Constantinos Venetsanopoulos | servers for Astakos, Pithos and Cyclades. |
1430 | 9c2edbf1 | Olga Brani | |
1431 | 9c2edbf1 | Olga Brani | Configuration |
1432 | 9c2edbf1 | Olga Brani | ~~~~~~~~~~~~~ |
1433 | 9c2edbf1 | Olga Brani | |
1434 | 77186edf | Kostas Papadimitriou | This can be done by modifing the settings provided by the snf-branding component |
1435 | 77186edf | Kostas Papadimitriou | to match your service identity. The settings for the snf-branding application |
1436 | 77186edf | Kostas Papadimitriou | can be found inside the configuration file ``/etc/synnefo/15-snf-branding.conf`` |
1437 | 77186edf | Kostas Papadimitriou | on the nodes that have Astakos, Pithos and Cyclades installed. |
1438 | 9c2edbf1 | Olga Brani | |
1439 | 08ad5b01 | Constantinos Venetsanopoulos | By default, the global service name is "Synnefo" and the company name is |
1440 | 08ad5b01 | Constantinos Venetsanopoulos | "GRNET". These names and their respective logos and URLs are used throughout |
1441 | 08ad5b01 | Constantinos Venetsanopoulos | the Astakos, Pithos and Cyclades UI. |
1442 | 9c2edbf1 | Olga Brani | |
1443 | 08ad5b01 | Constantinos Venetsanopoulos | **Names and URLs:** |
1444 | 9c2edbf1 | Olga Brani | |
1445 | 08ad5b01 | Constantinos Venetsanopoulos | The first group of branding customization refers to the service's and company's |
1446 | 08ad5b01 | Constantinos Venetsanopoulos | information. |
1447 | 9c2edbf1 | Olga Brani | |
1448 | 08ad5b01 | Constantinos Venetsanopoulos | You can overwrite the company and the service name and URL respectively by |
1449 | 08ad5b01 | Constantinos Venetsanopoulos | uncommenting and setting the following: |
1450 | 9c2edbf1 | Olga Brani | |
1451 | 77186edf | Kostas Papadimitriou | .. code-block:: python |
1452 | 77186edf | Kostas Papadimitriou | |
1453 | 77186edf | Kostas Papadimitriou | # setting used in Astakos Dashboard/Projects pages |
1454 | 77186edf | Kostas Papadimitriou | BRANDING_SERVICE_NAME = 'My cloud' |
1455 | 77186edf | Kostas Papadimitriou | BRANDING_SERVICE_URL = 'http://www.mycloud.synnefo.org/' |
1456 | 9c2edbf1 | Olga Brani | |
1457 | 77186edf | Kostas Papadimitriou | # settings used in Astakos, Pithos, Cyclades footer only if |
1458 | 77186edf | Kostas Papadimitriou | # BRANDING_SHOW_COPYRIGHT is set to True |
1459 | 77186edf | Kostas Papadimitriou | BRANDING_SHOW_COPYRIGHT = True |
1460 | 77186edf | Kostas Papadimitriou | BRANDING_COMPANY_NAME = 'Company LTD' |
1461 | 77186edf | Kostas Papadimitriou | BRANDING_COMPANY_URL = 'https://www.company-ltd.synnefo.org/' |
1462 | 9c2edbf1 | Olga Brani | |
1463 | 9c2edbf1 | Olga Brani | |
1464 | 97a096f1 | Olga Brani | **Copyright and footer options:** |
1465 | 9c2edbf1 | Olga Brani | |
1466 | 08ad5b01 | Constantinos Venetsanopoulos | By default, no Copyright message is shown in the UI footer. If you want to make |
1467 | 08ad5b01 | Constantinos Venetsanopoulos | it visible in the footer of Astakos, Pithos and Cyclades UI, you can uncomment |
1468 | 77186edf | Kostas Papadimitriou | and set to ``True`` the ``BRANDING_SHOW_COPYRIGHT`` setting: |
1469 | 9c2edbf1 | Olga Brani | |
1470 | 77186edf | Kostas Papadimitriou | .. code-block:: python |
1471 | 9c2edbf1 | Olga Brani | |
1472 | 9c2edbf1 | Olga Brani | #BRANDING_SHOW_COPYRIGHT = False |
1473 | 9c2edbf1 | Olga Brani | |
1474 | 77186edf | Kostas Papadimitriou | Copyright message defaults to 'Copyright (c) 2011-<current_year> |
1475 | 08ad5b01 | Constantinos Venetsanopoulos | <BRANDING_COMPANY_NAME>.' but you can overwrite it to a completely custom one by |
1476 | 08ad5b01 | Constantinos Venetsanopoulos | setting the following option: |
1477 | 9c2edbf1 | Olga Brani | |
1478 | 77186edf | Kostas Papadimitriou | .. code-block:: python |
1479 | 77186edf | Kostas Papadimitriou | |
1480 | 77186edf | Kostas Papadimitriou | BRANDING_COPYRIGHT_MESSAGE = 'Copyright (c) 2011-2013 GRNET' |
1481 | 9c2edbf1 | Olga Brani | |
1482 | 97a096f1 | Olga Brani | If you want to include a custom message in the footer, you can uncomment and |
1483 | 97a096f1 | Olga Brani | set the ``BRANDING_FOOTER_EXTRA_MESSAGE`` setting. You can use html markup. |
1484 | 97a096f1 | Olga Brani | Your custom message will appear above Copyright message at the Compute |
1485 | 97a096f1 | Olga Brani | templates and the Dashboard UI. |
1486 | 97a096f1 | Olga Brani | |
1487 | 97a096f1 | Olga Brani | .. code-block:: python |
1488 | 97a096f1 | Olga Brani | |
1489 | 97a096f1 | Olga Brani | #BRANDING_FOOTER_EXTRA_MESSAGE = '' |
1490 | 97a096f1 | Olga Brani | |
1491 | 9c2edbf1 | Olga Brani | |
1492 | 9c2edbf1 | Olga Brani | **Images:** |
1493 | 9c2edbf1 | Olga Brani | |
1494 | 08ad5b01 | Constantinos Venetsanopoulos | The Astakos, Pithos and Cyclades Web UI has some logos and images. |
1495 | 08ad5b01 | Constantinos Venetsanopoulos | |
1496 | 9c2edbf1 | Olga Brani | The branding-related images are presented in the following table: |
1497 | 9c2edbf1 | Olga Brani | |
1498 | 9c2edbf1 | Olga Brani | =============== ============================ ========= |
1499 | 9c2edbf1 | Olga Brani | Image Name/extension convention Usage |
1500 | 9c2edbf1 | Olga Brani | =============== ============================ ========= |
1501 | 9c2edbf1 | Olga Brani | Favicon favicon.ico Favicon for all services |
1502 | 9c2edbf1 | Olga Brani | Dashboard logo dashboard_logo.png Visible in all Astakos UI pages |
1503 | 9c2edbf1 | Olga Brani | Compute logo compute_logo.png Visible in all Cyclades UI pages |
1504 | 08ad5b01 | Constantinos Venetsanopoulos | Console logo console_logo.png Visible in the Cyclades Console Window |
1505 | 08ad5b01 | Constantinos Venetsanopoulos | Storage logo storage_logo.png Visible in all Pithos UI pages |
1506 | 9c2edbf1 | Olga Brani | =============== ============================ ========= |
1507 | 9c2edbf1 | Olga Brani | |
1508 | 08ad5b01 | Constantinos Venetsanopoulos | There are two methods available for replacing all, or individual, |
1509 | 263cb456 | Olga Brani | branding-related images: |
1510 | 9c2edbf1 | Olga Brani | |
1511 | 77186edf | Kostas Papadimitriou | 1. Create a new directory inside ``/usr/share/synnefo/static/`` (e.g. |
1512 | 77186edf | Kostas Papadimitriou | ``mybranding``) and place there some or all of your images. |
1513 | 9c2edbf1 | Olga Brani | |
1514 | 08ad5b01 | Constantinos Venetsanopoulos | If you want to replace all of your images, keep the name/extension |
1515 | 77186edf | Kostas Papadimitriou | conventions as indicated in the above table and change the |
1516 | 77186edf | Kostas Papadimitriou | ``BRANDING_IMAGE_MEDIA_URL`` setting accordingly: |
1517 | 9c2edbf1 | Olga Brani | |
1518 | 77186edf | Kostas Papadimitriou | .. code-block:: python |
1519 | 77186edf | Kostas Papadimitriou | |
1520 | 77186edf | Kostas Papadimitriou | # using relative path |
1521 | 77186edf | Kostas Papadimitriou | BRANDING_IMAGE_MEDIA_URL= '/static/mybranding/images/' |
1522 | 9c2edbf1 | Olga Brani | |
1523 | 77186edf | Kostas Papadimitriou | # or if you already host them in a separate domain (e.g. cdn) |
1524 | 77186edf | Kostas Papadimitriou | BRANDING_IMAGE_MEDIA_URL= 'https://cdn.synnefo.org/branding/images/' |
1525 | 9c2edbf1 | Olga Brani | |
1526 | 9c2edbf1 | Olga Brani | |
1527 | 08ad5b01 | Constantinos Venetsanopoulos | If you wish to replace individual images, **do not uncomment** |
1528 | 08ad5b01 | Constantinos Venetsanopoulos | ``BRANDING_IMAGE_MEDIA_URL``, but instead provide a relative path, pointing to |
1529 | 08ad5b01 | Constantinos Venetsanopoulos | the file inside your directory for each ``BRANDING_<image>_URL`` that you wish |
1530 | 08ad5b01 | Constantinos Venetsanopoulos | to replace. |
1531 | 9c2edbf1 | Olga Brani | |
1532 | 263cb456 | Olga Brani | 2. Upload some or all of your images to a server and replace each |
1533 | 08ad5b01 | Constantinos Venetsanopoulos | ``BRANDING_<image>_URL`` with the absolute url of the image (i.e. |
1534 | 77186edf | Kostas Papadimitriou | ``BRANDING_DASHBOARD_URL = 'https://www.synnefo.com/images/my_dashboard.jpg'``). |
1535 | 9c2edbf1 | Olga Brani | |
1536 | 77186edf | Kostas Papadimitriou | Note that the alternative text for each image tag inside html documents is |
1537 | 08ad5b01 | Constantinos Venetsanopoulos | alt=“BRANDING_SERVICE_NAME {Dashboard, Compute. Console, Storage}” respectively. |
1538 | 9c2edbf1 | Olga Brani | |
1539 | 42e767d4 | Olga Brani | .. note:: Retina optimized images: |
1540 | 9c2edbf1 | Olga Brani | |
1541 | 08ad5b01 | Constantinos Venetsanopoulos | Synnefo UI is optimized for Retina displays. As far as images are concerned, |
1542 | 08ad5b01 | Constantinos Venetsanopoulos | `retina.js <http://retinajs.com/>`_ is used. |
1543 | 9c2edbf1 | Olga Brani | |
1544 | 77186edf | Kostas Papadimitriou | Retina.js checks each image on a page to see if there is a high-resolution |
1545 | 08ad5b01 | Constantinos Venetsanopoulos | version of that image on your server. If a high-resolution variant exists, |
1546 | 08ad5b01 | Constantinos Venetsanopoulos | the script will swap in that image in-place. |
1547 | 9c2edbf1 | Olga Brani | |
1548 | 08ad5b01 | Constantinos Venetsanopoulos | The script assumes you use `Apple's prescribed high-resolution modifier (@2x) |
1549 | 08ad5b01 | Constantinos Venetsanopoulos | <http://developer.apple.com/library/ios/#documentation/2DDrawing/Conceptual/ |
1550 | 08ad5b01 | Constantinos Venetsanopoulos | DrawingPrintingiOS/SupportingHiResScreensInViews/SupportingHiResScreensInViews |
1551 | 08ad5b01 | Constantinos Venetsanopoulos | .html#//apple_ref/doc/uid/TP40010156-CH15-SW1>`_ to denote high-resolution |
1552 | 08ad5b01 | Constantinos Venetsanopoulos | image variants on your server. |
1553 | 9c2edbf1 | Olga Brani | |
1554 | 08ad5b01 | Constantinos Venetsanopoulos | For each of the images that you wish the script to replace, you must have a |
1555 | 08ad5b01 | Constantinos Venetsanopoulos | high-resolution variant in the same folder named correctly and it will be |
1556 | 08ad5b01 | Constantinos Venetsanopoulos | detected automatically. For example if your image is in <my_directory> and is |
1557 | 08ad5b01 | Constantinos Venetsanopoulos | named "my_image.jpg" the script will look in the same directory for an image |
1558 | 08ad5b01 | Constantinos Venetsanopoulos | named "my_image@2x.jpg". |
1559 | 9c2edbf1 | Olga Brani | |
1560 | 08ad5b01 | Constantinos Venetsanopoulos | In case that you don’t want to use a high-resolution image, the |
1561 | 08ad5b01 | Constantinos Venetsanopoulos | normal-resolution image will be visible. |
1562 | 9c2edbf1 | Olga Brani | |
1563 | 08ad5b01 | Constantinos Venetsanopoulos | More branding |
1564 | 08ad5b01 | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~ |
1565 | 9c2edbf1 | Olga Brani | |
1566 | 08ad5b01 | Constantinos Venetsanopoulos | Although, it is not 100% branding-related, further verbal customization is |
1567 | 08ad5b01 | Constantinos Venetsanopoulos | feasible. |
1568 | 9c2edbf1 | Olga Brani | |
1569 | 9c2edbf1 | Olga Brani | **EMAILS** |
1570 | 9c2edbf1 | Olga Brani | |
1571 | 77186edf | Kostas Papadimitriou | The output of all email `*`.txt files will be already customized to contain your |
1572 | 77186edf | Kostas Papadimitriou | company and service names but you can further alter their content if you feel it |
1573 | 77186edf | Kostas Papadimitriou | best fits your needs as simple as creasynnefo template. |
1574 | 017b7d20 | Olga Brani | |
1575 | 77186edf | Kostas Papadimitriou | In order to overwrite one or more email-templates you need to place your |
1576 | 77186edf | Kostas Papadimitriou | modified <email-file>.txt files respecting the following structure: |
1577 | 017b7d20 | Olga Brani | |
1578 | 77186edf | Kostas Papadimitriou | **/etc/synnefo/templates/** |
1579 | 77186edf | Kostas Papadimitriou | **im/** |
1580 | 017b7d20 | Olga Brani | | activation_email.txt |
1581 | 017b7d20 | Olga Brani | | email.txt |
1582 | 017b7d20 | Olga Brani | | invitation.txt |
1583 | 017b7d20 | Olga Brani | | switch_accounts_email.txt |
1584 | 017b7d20 | Olga Brani | | welcome_email.txt |
1585 | 77186edf | Kostas Papadimitriou | **projects/** |
1586 | 017b7d20 | Olga Brani | | project_approval_notification.txt |
1587 | 017b7d20 | Olga Brani | | project_denial_notification.txt |
1588 | 017b7d20 | Olga Brani | | project_membership_change_notification.txt |
1589 | 017b7d20 | Olga Brani | | project_membership_enroll_notification.txt |
1590 | 017b7d20 | Olga Brani | | project_membership_leave_request_notification.txt |
1591 | 017b7d20 | Olga Brani | | project_membership_request_notification.txt |
1592 | 017b7d20 | Olga Brani | | project_suspension_notification.txt |
1593 | 017b7d20 | Olga Brani | | project_termination_notification.txt |
1594 | 77186edf | Kostas Papadimitriou | **registration/** |
1595 | 017b7d20 | Olga Brani | | email_change_email.txt |
1596 | 017b7d20 | Olga Brani | | password_email.txt |
1597 | 017b7d20 | Olga Brani | |
1598 | 017b7d20 | Olga Brani | Feel free to omit any of the above files you do not wish to overwrite. |
1599 | 017b7d20 | Olga Brani | |
1600 | 9c2edbf1 | Olga Brani | Below is a list of all emails sent by Synnefo to users along with a short |
1601 | 9c2edbf1 | Olga Brani | description and a link to their content: |
1602 | 9c2edbf1 | Olga Brani | |
1603 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/email.txt`` |
1604 | 08ad5b01 | Constantinos Venetsanopoulos | Base email template. Contains a contact email and a “thank you” message. |
1605 | 08ad5b01 | Constantinos Venetsanopoulos | (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/email.txt>`_) |
1606 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/activation_email.txt`` Email sent to |
1607 | 08ad5b01 | Constantinos Venetsanopoulos | user that prompts him/her to click on a link provided to activate the account. |
1608 | 08ad5b01 | Constantinos Venetsanopoulos | Extends “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/activation_email.txt>`_) |
1609 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/invitation.txt`` Email sent to an |
1610 | 08ad5b01 | Constantinos Venetsanopoulos | invited user. He/she has to click on a link provided to activate the account. |
1611 | 08ad5b01 | Constantinos Venetsanopoulos | Extends “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/invitation.txt>`_) |
1612 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/switch_accounts_email.txt`` Email |
1613 | 08ad5b01 | Constantinos Venetsanopoulos | sent to user upon his/her request to associate this email address with a |
1614 | 08ad5b01 | Constantinos Venetsanopoulos | shibboleth account. He/she has to click on a link provided to activate the |
1615 | 08ad5b01 | Constantinos Venetsanopoulos | association. Extends “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/switch_accounts_email.txt>`_) |
1616 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/welcome_email.txt`` Email sent to |
1617 | 08ad5b01 | Constantinos Venetsanopoulos | inform the user that his/ her account has been activated. Extends “email.txt” |
1618 | 08ad5b01 | Constantinos Venetsanopoulos | (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/welcome_email.txt>`_) |
1619 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/registration/email_change_email.txt`` |
1620 | 08ad5b01 | Constantinos Venetsanopoulos | Email sent to user when he/she has requested new email address assignment. The |
1621 | 08ad5b01 | Constantinos Venetsanopoulos | user has to click on a link provided to validate this action. Extends |
1622 | 08ad5b01 | Constantinos Venetsanopoulos | “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/registration/email_change_email.txt>`_) |
1623 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/registration/password_email.txt`` Email |
1624 | 08ad5b01 | Constantinos Venetsanopoulos | sent for resetting password purpose. The user has to click on a link provided |
1625 | 08ad5b01 | Constantinos Venetsanopoulos | to validate this action. Extends “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/registration/password_email.txt>`_) |
1626 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/projects/project_approval_notification.txt`` |
1627 | 08ad5b01 | Constantinos Venetsanopoulos | Informs the project owner that his/her project has been approved. Extends |
1628 | 08ad5b01 | Constantinos Venetsanopoulos | “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/projects/project_approval_notification.txt>`_) |
1629 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/projects/project_denial_notification.txt`` |
1630 | 08ad5b01 | Constantinos Venetsanopoulos | Informs the project owner that his/her project application has been denied |
1631 | 08ad5b01 | Constantinos Venetsanopoulos | explaining the reasons. Extends “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/projects/project_denial_notification.txt>`_) |
1632 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/projects/project_membership_change_notification.txt`` |
1633 | 08ad5b01 | Constantinos Venetsanopoulos | An email is sent to a user containing information about his project membership |
1634 | 08ad5b01 | Constantinos Venetsanopoulos | (whether he has been accepted, rejected or removed). Extends “email.txt” (`Link |
1635 | 08ad5b01 | Constantinos Venetsanopoulos | <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/projects/project_membership_change_notification.txt>`_) |
1636 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/projects/project_membership_enroll_notification.txt`` |
1637 | 08ad5b01 | Constantinos Venetsanopoulos | Informs a user that he/she has been enrolled to a project. Extends |
1638 | 08ad5b01 | Constantinos Venetsanopoulos | “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/projects/project_membership_enroll_notification.txt>`_) |
1639 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/projects/project_membership_leave_request_notification.txt`` |
1640 | 08ad5b01 | Constantinos Venetsanopoulos | An email is sent to the project owner to make him aware of a user having |
1641 | 08ad5b01 | Constantinos Venetsanopoulos | requested to leave his project. Extends “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/projects/project_membership_leave_request_notification.txt>`_) |
1642 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/projects/project_membership_request_notification.txt`` |
1643 | 08ad5b01 | Constantinos Venetsanopoulos | An email is sent to the project owner to make him/her aware of a user having |
1644 | 08ad5b01 | Constantinos Venetsanopoulos | requested to join his project. Extends “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/projects/project_membership_request_notification.txt>`_) |
1645 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/projects/project_suspension_notification.txt`` |
1646 | 08ad5b01 | Constantinos Venetsanopoulos | An email is sent to the project owner to make him/her aware of his/her project |
1647 | 08ad5b01 | Constantinos Venetsanopoulos | having been suspended. Extends “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/projects/project_suspension_notification.txt>`_) |
1648 | 08ad5b01 | Constantinos Venetsanopoulos | * ``snf-astakos-app/astakos/im/templates/im/projects/project_termination_notification.txt`` |
1649 | 08ad5b01 | Constantinos Venetsanopoulos | An email is sent to the project owner to make him/her aware of his/her project |
1650 | 08ad5b01 | Constantinos Venetsanopoulos | having been terminated. Extends “email.txt” (`Link <https://code.grnet.gr/projects/synnefo/repository/revisions/master/changes/snf-astakos-app/astakos/im/templates/im/projects/project_termination_notification.txt>`_) |
1651 | 9c2edbf1 | Olga Brani | |
1652 | 9c2edbf1 | Olga Brani | .. warning:: Django templates language: |
1653 | 9c2edbf1 | Olga Brani | |
1654 | 9c2edbf1 | Olga Brani | If you choose to overwrite these email templates, be mindful of the necessary |
1655 | 263cb456 | Olga Brani | information contained in django template variables that must not be omitted, |
1656 | 263cb456 | Olga Brani | such as the activation link for activating one’s account and many more. |
1657 | 263cb456 | Olga Brani | These variables are contained into {{}} inside the templates. |
1658 | 9c2edbf1 | Olga Brani | |
1659 | 9c2edbf1 | Olga Brani | |
1660 | 9b659162 | Christos Stavrakakis | .. RabbitMQ |
1661 | a1c707c9 | Constantinos Venetsanopoulos | |
1662 | 9b659162 | Christos Stavrakakis | RabbitMQ Broker |
1663 | 9b659162 | Christos Stavrakakis | --------------- |
1664 | 9b659162 | Christos Stavrakakis | |
1665 | 9b659162 | Christos Stavrakakis | Queue nodes run the RabbitMQ sofware, which provides AMQP functionality. To |
1666 | 9b659162 | Christos Stavrakakis | guarantee high-availability, more than one Queue nodes should be deployed, each |
1667 | 9b659162 | Christos Stavrakakis | of them belonging to the same `RabbitMQ cluster |
1668 | a1c707c9 | Constantinos Venetsanopoulos | <http://www.rabbitmq.com/clustering.html>`_. Synnefo uses the RabbitMQ |
1669 | a1c707c9 | Constantinos Venetsanopoulos | active/active `High Available Queues <http://www.rabbitmq.com/ha.html>`_ which |
1670 | a1c707c9 | Constantinos Venetsanopoulos | are mirrored between two nodes within a RabbitMQ cluster. |
1671 | a1c707c9 | Constantinos Venetsanopoulos | |
1672 | a1c707c9 | Constantinos Venetsanopoulos | The RabbitMQ nodes that form the cluster, are declared to Synnefo through the |
1673 | a1c707c9 | Constantinos Venetsanopoulos | `AMQP_HOSTS` setting. Each time a Synnefo component needs to connect to |
1674 | a1c707c9 | Constantinos Venetsanopoulos | RabbitMQ, one of these nodes is chosen in a random way. The client that Synnefo |
1675 | a1c707c9 | Constantinos Venetsanopoulos | uses to connect to RabbitMQ, handles connection failures transparently and |
1676 | a1c707c9 | Constantinos Venetsanopoulos | tries to reconnect to a different node. As long as one of these nodes are up |
1677 | a1c707c9 | Constantinos Venetsanopoulos | and running, functionality of Synnefo should not be downgraded by the RabbitMQ |
1678 | a1c707c9 | Constantinos Venetsanopoulos | node failures. |
1679 | 9b659162 | Christos Stavrakakis | |
1680 | 9b659162 | Christos Stavrakakis | All the queues that are being used are declared as durable, meaning that |
1681 | a1c707c9 | Constantinos Venetsanopoulos | messages are persistently stored to RabbitMQ, until they get successfully |
1682 | a1c707c9 | Constantinos Venetsanopoulos | processed by a client. |
1683 | 9b659162 | Christos Stavrakakis | |
1684 | 9b659162 | Christos Stavrakakis | Currently, RabbitMQ is used by the following components: |
1685 | 9b659162 | Christos Stavrakakis | |
1686 | 5135245b | Christos Stavrakakis | * `snf-ganeti-eventd` and `snf-progress-monitor`: |
1687 | 9b659162 | Christos Stavrakakis | These components send messages concerning the status and progress of |
1688 | 9b659162 | Christos Stavrakakis | jobs in the Ganeti backend. |
1689 | a1c707c9 | Constantinos Venetsanopoulos | * `snf-dispatcher`: This daemon, consumes the messages that are sent from |
1690 | a1c707c9 | Constantinos Venetsanopoulos | the above components, and updates the Cyclades DB accordingly. |
1691 | 9b659162 | Christos Stavrakakis | |
1692 | e4404297 | Christos Stavrakakis | |
1693 | 9b659162 | Christos Stavrakakis | Installation |
1694 | 301294a9 | Constantinos Venetsanopoulos | ~~~~~~~~~~~~ |
1695 | 301294a9 | Constantinos Venetsanopoulos | |
1696 | a1c707c9 | Constantinos Venetsanopoulos | Please check the RabbitMQ documentation which covers extensively the |
1697 | a1c707c9 | Constantinos Venetsanopoulos | `installation of RabbitMQ server <http://www.rabbitmq.com/download.html>`_ and |
1698 | a1c707c9 | Constantinos Venetsanopoulos | the setup of a `RabbitMQ cluster <http://www.rabbitmq.com/clustering.html>`_. |
1699 | a1c707c9 | Constantinos Venetsanopoulos | Also, check out the `web management plugin |
1700 | a1c707c9 | Constantinos Venetsanopoulos | <http://www.rabbitmq.com/management.html>`_ that can be useful for managing and |
1701 | a1c707c9 | Constantinos Venetsanopoulos | monitoring RabbitMQ. |
1702 | 9b659162 | Christos Stavrakakis | |
1703 | 9b659162 | Christos Stavrakakis | For a basic installation of RabbitMQ on two nodes (node1 and node2) you can do |
1704 | a1c707c9 | Constantinos Venetsanopoulos | the following: |
1705 | 9b659162 | Christos Stavrakakis | |
1706 | a1c707c9 | Constantinos Venetsanopoulos | On both nodes, install rabbitmq-server and create a Synnefo user: |
1707 | 9b659162 | Christos Stavrakakis | |
1708 | 9b659162 | Christos Stavrakakis | .. code-block:: console |
1709 | 9b659162 | Christos Stavrakakis | |
1710 | 9b659162 | Christos Stavrakakis | $ apt-get install rabbitmq-server |
1711 | 9b659162 | Christos Stavrakakis | $ rabbitmqctl add_user synnefo "example_pass" |
1712 | 9b659162 | Christos Stavrakakis | $ rabbitmqctl set_permissions synnefo ".*" ".*" ".*" |
1713 | 9b659162 | Christos Stavrakakis | |
1714 | a1c707c9 | Constantinos Venetsanopoulos | Also guarantee that both nodes share the same cookie, by running: |
1715 | 9b659162 | Christos Stavrakakis | |
1716 | 9b659162 | Christos Stavrakakis | .. code-block:: console |
1717 | 9b659162 | Christos Stavrakakis | |
1718 | 9b659162 | Christos Stavrakakis | $ scp node1:/var/lib/rabbitmq/.erlang.cookie node2:/var/lib/rabbitmq/.erlang.cookie |
1719 | 9b659162 | Christos Stavrakakis | |
1720 | 9b659162 | Christos Stavrakakis | and restart the nodes: |
1721 | 9b659162 | Christos Stavrakakis | |
1722 | 9b659162 | Christos Stavrakakis | .. code-block:: console |
1723 | 9b659162 | Christos Stavrakakis | |
1724 | 9b659162 | Christos Stavrakakis | $ /etc/init.d/rabbitmq-server restart |
1725 | 9b659162 | Christos Stavrakakis | |
1726 | 9b659162 | Christos Stavrakakis | |
1727 | 9b659162 | Christos Stavrakakis | To setup the RabbitMQ cluster run: |
1728 | 9b659162 | Christos Stavrakakis | |
1729 | 9b659162 | Christos Stavrakakis | .. code-block:: console |
1730 | 9b659162 | Christos Stavrakakis | |
1731 | 9b659162 | Christos Stavrakakis | root@node2: rabbitmqctl stop_app |
1732 | 9b659162 | Christos Stavrakakis | root@node2: rabbitmqctl reset |
1733 | 9b659162 | Christos Stavrakakis | root@node2: rabbitmqctl cluster rabbit@node1 rabbit@node2 |
1734 | 9b659162 | Christos Stavrakakis | root@node2: rabbitmqctl start_app |
1735 | 9b659162 | Christos Stavrakakis | |
1736 | 9b659162 | Christos Stavrakakis | You can verify that the cluster is set up correctly by running: |
1737 | 9b659162 | Christos Stavrakakis | |
1738 | 9b659162 | Christos Stavrakakis | .. code-block:: console |
1739 | 9b659162 | Christos Stavrakakis | |
1740 | 9b659162 | Christos Stavrakakis | root@node2: rabbitmqctl cluster_status |
1741 | 9b659162 | Christos Stavrakakis | |
1742 | 9b659162 | Christos Stavrakakis | |
1743 | bc055d09 | Constantinos Venetsanopoulos | Logging |
1744 | bc055d09 | Constantinos Venetsanopoulos | ------- |
1745 | bc055d09 | Constantinos Venetsanopoulos | |
1746 | bc055d09 | Constantinos Venetsanopoulos | Logging in Synnefo is using Python's logging module. The module is configured |
1747 | bc055d09 | Constantinos Venetsanopoulos | using dictionary configuration, whose format is described here: |
1748 | bc055d09 | Constantinos Venetsanopoulos | |
1749 | bc055d09 | Constantinos Venetsanopoulos | http://docs.python.org/release/2.7.1/library/logging.html#logging-config-dictschema |
1750 | bc055d09 | Constantinos Venetsanopoulos | |
1751 | 4be65f1f | Christos Stavrakakis | The logging configuration dictionary is defined in |
1752 | a1c707c9 | Constantinos Venetsanopoulos | ``/etc/synnefo/10-snf-webproject-logging.conf`` |
1753 | bc055d09 | Constantinos Venetsanopoulos | |
1754 | 6d8a47d0 | Christos Stavrakakis | The administrator can have logging control by modifying the ``LOGGING_SETUP`` |
1755 | 6d8a47d0 | Christos Stavrakakis | dictionary, and defining subloggers with different handlers and log levels. |
1756 | bc055d09 | Constantinos Venetsanopoulos | |
1757 | d189d11c | Constantinos Venetsanopoulos | |
1758 | 21d3d487 | Constantinos Venetsanopoulos | .. _scale-up: |
1759 | 21d3d487 | Constantinos Venetsanopoulos | |
1760 | bc055d09 | Constantinos Venetsanopoulos | Scaling up to multiple nodes |
1761 | bc055d09 | Constantinos Venetsanopoulos | ============================ |
1762 | bc055d09 | Constantinos Venetsanopoulos | |
1763 | 301294a9 | Constantinos Venetsanopoulos | Here we will describe how should a large scale Synnefo deployment look like. Make |
1764 | 301294a9 | Constantinos Venetsanopoulos | sure you are familiar with Synnefo and Ganeti before proceeding with this section. |
1765 | 301294a9 | Constantinos Venetsanopoulos | This means you should at least have already set up successfully a working Synnefo |
1766 | ff6ba888 | Constantinos Venetsanopoulos | deployment as described in the :ref:`Admin's Installation Guide |
1767 | 301294a9 | Constantinos Venetsanopoulos | <quick-install-admin-guide>` and also read the Administrator's Guide until this |
1768 | 301294a9 | Constantinos Venetsanopoulos | section. |
1769 | 2f6143c9 | Constantinos Venetsanopoulos | |
1770 | 301294a9 | Constantinos Venetsanopoulos | Graph of a scale-out Synnefo deployment |
1771 | 301294a9 | Constantinos Venetsanopoulos | --------------------------------------- |
1772 | 2f6143c9 | Constantinos Venetsanopoulos | |
1773 | 301294a9 | Constantinos Venetsanopoulos | Each box in the following graph corresponds to a distinct physical node: |
1774 | 2f6143c9 | Constantinos Venetsanopoulos | |
1775 | 301294a9 | Constantinos Venetsanopoulos | .. image:: images/synnefo-arch2-roles.png |
1776 | 301294a9 | Constantinos Venetsanopoulos | :width: 100% |
1777 | 301294a9 | Constantinos Venetsanopoulos | :target: _images/synnefo-arch2-roles.png |
1778 | 301294a9 | Constantinos Venetsanopoulos | |
1779 | 301294a9 | Constantinos Venetsanopoulos | The above graph is actually the same with the one at the beginning of this |
1780 | 301294a9 | Constantinos Venetsanopoulos | :ref:`guide <admin-guide>`, with the only difference that here we show the |
1781 | 301294a9 | Constantinos Venetsanopoulos | Synnefo roles of each physical node. These roles are described in the |
1782 | 301294a9 | Constantinos Venetsanopoulos | following section. |
1783 | 301294a9 | Constantinos Venetsanopoulos | |
1784 | 21d3d487 | Constantinos Venetsanopoulos | .. _physical-node-roles: |
1785 | 21d3d487 | Constantinos Venetsanopoulos | |
1786 | 301294a9 | Constantinos Venetsanopoulos | Physical Node roles |
1787 | 301294a9 | Constantinos Venetsanopoulos | ------------------- |
1788 | 301294a9 | Constantinos Venetsanopoulos | |
1789 | 301294a9 | Constantinos Venetsanopoulos | As appears in the previous graph, a scale-out Synnefo deployment consists of |
1790 | 301294a9 | Constantinos Venetsanopoulos | multiple physical nodes that have the following roles: |
1791 | 301294a9 | Constantinos Venetsanopoulos | |
1792 | 301294a9 | Constantinos Venetsanopoulos | * **WEBSERVER**: A web server running in front of gunicorn (e.g.: Apache, nginx) |
1793 | 301294a9 | Constantinos Venetsanopoulos | * **ASTAKOS**: The Astakos application (gunicorn) |
1794 | 301294a9 | Constantinos Venetsanopoulos | * **ASTAKOS_DB**: The Astakos database (postgresql) |
1795 | 301294a9 | Constantinos Venetsanopoulos | * **PITHOS**: The Pithos application (gunicorn) |
1796 | 301294a9 | Constantinos Venetsanopoulos | * **PITHOS_DB**: The Pithos database (postgresql) |
1797 | 301294a9 | Constantinos Venetsanopoulos | * **CYCLADES**: The Cyclades application (gunicorn) |
1798 | 301294a9 | Constantinos Venetsanopoulos | * **CYCLADES_DB**: The Cyclades database (postgresql) |
1799 | 301294a9 | Constantinos Venetsanopoulos | * **MQ**: The message queue (RabbitMQ) |
1800 | 301294a9 | Constantinos Venetsanopoulos | * **GANETI_MASTER**: The Ganeti master of a Ganeti cluster |
1801 | 301294a9 | Constantinos Venetsanopoulos | * **GANETI_NODE** : A VM-capable Ganeti node of a Ganeti cluster |
1802 | 2f6143c9 | Constantinos Venetsanopoulos | |
1803 | 301294a9 | Constantinos Venetsanopoulos | You will probably also have: |
1804 | 2f6143c9 | Constantinos Venetsanopoulos | |
1805 | 301294a9 | Constantinos Venetsanopoulos | * **CMS**: The CMS used as a frotend portal for the Synnefo services |
1806 | 21d3d487 | Constantinos Venetsanopoulos | * **NS**: A nameserver serving all other Synnefo nodes and resolving Synnefo FQDNs |
1807 | 301294a9 | Constantinos Venetsanopoulos | * **CLIENT**: A machine that runs the Synnefo clients (e.g.: kamaki, Web UI), |
1808 | 301294a9 | Constantinos Venetsanopoulos | most of the times, the end user's local machine |
1809 | 301294a9 | Constantinos Venetsanopoulos | |
1810 | 301294a9 | Constantinos Venetsanopoulos | From this point we will also refer to the following groups of roles: |
1811 | 301294a9 | Constantinos Venetsanopoulos | |
1812 | 301294a9 | Constantinos Venetsanopoulos | * **SYNNEFO**: [ **ASTAKOS**, **ASTAKOS_DB**, **PITHOS**, **PITHOS_DB**, **CYCLADES**, **CYCLADES_DB**, **MQ**, **CMS**] |
1813 | 301294a9 | Constantinos Venetsanopoulos | * **G_BACKEND**: [**GANETI_MASTER**, **GANETI_NODE**] |
1814 | 301294a9 | Constantinos Venetsanopoulos | |
1815 | 301294a9 | Constantinos Venetsanopoulos | Of course, when deploying Synnefo you can combine multiple of the above roles on a |
1816 | 301294a9 | Constantinos Venetsanopoulos | single physical node, but if you are trying to scale out, the above separation |
1817 | 301294a9 | Constantinos Venetsanopoulos | gives you significant advantages. |
1818 | 301294a9 | Constantinos Venetsanopoulos | |
1819 | 301294a9 | Constantinos Venetsanopoulos | So, in the next section we will take a look on what components you will have to |
1820 | 301294a9 | Constantinos Venetsanopoulos | install on each physical node depending on its Synnefo role. We assume the graph's |
1821 | 301294a9 | Constantinos Venetsanopoulos | architecture. |
1822 | 301294a9 | Constantinos Venetsanopoulos | |
1823 | 301294a9 | Constantinos Venetsanopoulos | Components for each role |
1824 | 301294a9 | Constantinos Venetsanopoulos | ------------------------ |
1825 | 2f6143c9 | Constantinos Venetsanopoulos | |
1826 | 301294a9 | Constantinos Venetsanopoulos | When deploying Synnefo in large scale, you need to install different Synnefo |
1827 | 301294a9 | Constantinos Venetsanopoulos | or/and third party components on different physical nodes according to their |
1828 | 301294a9 | Constantinos Venetsanopoulos | Synnefo role, as stated in the previous section. |
1829 | 301294a9 | Constantinos Venetsanopoulos | |
1830 | 301294a9 | Constantinos Venetsanopoulos | Specifically: |
1831 | 301294a9 | Constantinos Venetsanopoulos | |
1832 | 301294a9 | Constantinos Venetsanopoulos | Role **WEBSERVER** |
1833 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `None` |
1834 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: Apache |
1835 | 301294a9 | Constantinos Venetsanopoulos | Role **ASTAKOS** |
1836 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `snf-webproject`, `snf-astakos-app` |
1837 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: Django, Gunicorn |
1838 | 301294a9 | Constantinos Venetsanopoulos | Role **ASTAKOS_DB** |
1839 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `None` |
1840 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: PostgreSQL |
1841 | 301294a9 | Constantinos Venetsanopoulos | Role **PITHOS** |
1842 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `snf-webproject`, `snf-pithos-app`, `snf-pithos-webclient` |
1843 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: Django, Gunicorn |
1844 | 301294a9 | Constantinos Venetsanopoulos | Role **PITHOS_DB** |
1845 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `None` |
1846 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: PostgreSQL |
1847 | 301294a9 | Constantinos Venetsanopoulos | Role **CYCLADES** |
1848 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `snf-webproject`, `snf-cyclades-app`, `snf-vncauthproxy` |
1849 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: Django Gunicorn |
1850 | 301294a9 | Constantinos Venetsanopoulos | Role **CYCLADES_DB** |
1851 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `None` |
1852 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: PostgreSQL |
1853 | 301294a9 | Constantinos Venetsanopoulos | Role **MQ** |
1854 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `None` |
1855 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: RabbitMQ |
1856 | 301294a9 | Constantinos Venetsanopoulos | Role **GANETI_MASTER** |
1857 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `snf-cyclades-gtools` |
1858 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: Ganeti |
1859 | 301294a9 | Constantinos Venetsanopoulos | Role **GANETI_NODE** |
1860 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `snf-cyclades-gtools`, `snf-network`, `snf-image`, `nfdhcpd` |
1861 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: Ganeti |
1862 | 301294a9 | Constantinos Venetsanopoulos | Role **CMS** |
1863 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `snf-webproject`, `snf-cloudcms` |
1864 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: Django, Gunicorn |
1865 | 301294a9 | Constantinos Venetsanopoulos | Role **NS** |
1866 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `None` |
1867 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: BIND |
1868 | 301294a9 | Constantinos Venetsanopoulos | Role **CLIENT** |
1869 | 301294a9 | Constantinos Venetsanopoulos | * Synnefo components: `kamaki`, `snf-image-creator` |
1870 | 301294a9 | Constantinos Venetsanopoulos | * 3rd party components: `None` |
1871 | 301294a9 | Constantinos Venetsanopoulos | |
1872 | 301294a9 | Constantinos Venetsanopoulos | Example scale out installation |
1873 | 301294a9 | Constantinos Venetsanopoulos | ------------------------------ |
1874 | 301294a9 | Constantinos Venetsanopoulos | |
1875 | 301294a9 | Constantinos Venetsanopoulos | In this section we describe an example of a medium scale installation which |
1876 | 301294a9 | Constantinos Venetsanopoulos | combines multiple roles on 10 different physical nodes. We also provide a |
1877 | 301294a9 | Constantinos Venetsanopoulos | :ref:`guide <i-synnefo>` to help with such an install. |
1878 | 301294a9 | Constantinos Venetsanopoulos | |
1879 | 301294a9 | Constantinos Venetsanopoulos | We assume that we have the following 10 physical nodes with the corresponding |
1880 | 301294a9 | Constantinos Venetsanopoulos | roles: |
1881 | 301294a9 | Constantinos Venetsanopoulos | |
1882 | 301294a9 | Constantinos Venetsanopoulos | Node1: |
1883 | 301294a9 | Constantinos Venetsanopoulos | **WEBSERVER**, **ASTAKOS** |
1884 | 301294a9 | Constantinos Venetsanopoulos | Guide sections: |
1885 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apt <i-apt>` |
1886 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`gunicorn <i-gunicorn>` |
1887 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apache <i-apache>` |
1888 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-webproject <i-webproject>` |
1889 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-astakos-app <i-astakos>` |
1890 | 301294a9 | Constantinos Venetsanopoulos | Node2: |
1891 | 301294a9 | Constantinos Venetsanopoulos | **WEBSERVER**, **PITHOS** |
1892 | 301294a9 | Constantinos Venetsanopoulos | Guide sections: |
1893 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apt <i-apt>` |
1894 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`gunicorn <i-gunicorn>` |
1895 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apache <i-apache>` |
1896 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-webproject <i-webproject>` |
1897 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-pithos-app <i-pithos>` |
1898 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-pithos-webclient <i-pithos>` |
1899 | 301294a9 | Constantinos Venetsanopoulos | Node3: |
1900 | 301294a9 | Constantinos Venetsanopoulos | **WEBSERVER**, **CYCLADES** |
1901 | 301294a9 | Constantinos Venetsanopoulos | Guide sections: |
1902 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apt <i-apt>` |
1903 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`gunicorn <i-gunicorn>` |
1904 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apache <i-apache>` |
1905 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-webproject <i-webproject>` |
1906 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-cyclades-app <i-cyclades>` |
1907 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-vncauthproxy <i-cyclades>` |
1908 | 301294a9 | Constantinos Venetsanopoulos | Node4: |
1909 | 301294a9 | Constantinos Venetsanopoulos | **WEBSERVER**, **CMS** |
1910 | 301294a9 | Constantinos Venetsanopoulos | Guide sections: |
1911 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apt <i-apt>` |
1912 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`gunicorn <i-gunicorn>` |
1913 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apache <i-apache>` |
1914 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-webproject <i-webproject>` |
1915 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-cloudcms <i-cms>` |
1916 | 301294a9 | Constantinos Venetsanopoulos | Node5: |
1917 | 301294a9 | Constantinos Venetsanopoulos | **ASTAKOS_DB**, **PITHOS_DB**, **CYCLADES_DB** |
1918 | 301294a9 | Constantinos Venetsanopoulos | Guide sections: |
1919 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apt <i-apt>` |
1920 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`postgresql <i-db>` |
1921 | 301294a9 | Constantinos Venetsanopoulos | Node6: |
1922 | 301294a9 | Constantinos Venetsanopoulos | **MQ** |
1923 | 301294a9 | Constantinos Venetsanopoulos | Guide sections: |
1924 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apt <i-apt>` |
1925 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`rabbitmq <i-mq>` |
1926 | 301294a9 | Constantinos Venetsanopoulos | Node7: |
1927 | 301294a9 | Constantinos Venetsanopoulos | **GANETI_MASTER**, **GANETI_NODE** |
1928 | 301294a9 | Constantinos Venetsanopoulos | Guide sections: |
1929 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apt <i-apt>` |
1930 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`general <i-backends>` |
1931 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`ganeti <i-ganeti>` |
1932 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-cyclades-gtools <i-gtools>` |
1933 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-network <i-network>` |
1934 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-image <i-image>` |
1935 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`nfdhcpd <i-network>` |
1936 | 301294a9 | Constantinos Venetsanopoulos | Node8: |
1937 | 301294a9 | Constantinos Venetsanopoulos | **GANETI_NODE** |
1938 | 301294a9 | Constantinos Venetsanopoulos | Guide sections: |
1939 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`apt <i-apt>` |
1940 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`general <i-backends>` |
1941 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`ganeti <i-ganeti>` |
1942 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-cyclades-gtools <i-gtools>` |
1943 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-network <i-network>` |
1944 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`snf-image <i-image>` |
1945 | 301294a9 | Constantinos Venetsanopoulos | * :ref:`nfdhcpd <i-network>` |
1946 | 301294a9 | Constantinos Venetsanopoulos | Node9: |
1947 | 301294a9 | Constantinos Venetsanopoulos | **GANETI_NODE** |
1948 | 301294a9 | Constantinos Venetsanopoulos | Guide sections: |
1949 | 301294a9 | Constantinos Venetsanopoulos | `Same as Node8` |
1950 | 301294a9 | Constantinos Venetsanopoulos | Node10: |
1951 | 301294a9 | Constantinos Venetsanopoulos | **GANETI_NODE** |
1952 | 301294a9 | Constantinos Venetsanopoulos | Guide sections: |
1953 | 301294a9 | Constantinos Venetsanopoulos | `Same as Node8` |
1954 | 301294a9 | Constantinos Venetsanopoulos | |
1955 | 301294a9 | Constantinos Venetsanopoulos | All sections: :ref:`Scale out Guide <i-synnefo>` |
1956 | 547c78f6 | Constantinos Venetsanopoulos | |
1957 | bc055d09 | Constantinos Venetsanopoulos | |
1958 | bbcd3dd1 | Constantinos Venetsanopoulos | Upgrade Notes |
1959 | bbcd3dd1 | Constantinos Venetsanopoulos | ============= |
1960 | bc055d09 | Constantinos Venetsanopoulos | |
1961 | 457fe4fc | Georgios D. Tsoukalas | .. toctree:: |
1962 | 457fe4fc | Georgios D. Tsoukalas | :maxdepth: 1 |
1963 | 457fe4fc | Georgios D. Tsoukalas | |
1964 | 1cd3daa1 | Constantinos Venetsanopoulos | v0.12 -> v0.13 <upgrade/upgrade-0.13> |
1965 | 09974606 | Georgios D. Tsoukalas | v0.13 -> v0.14 <upgrade/upgrade-0.14> |
1966 | 15151f83 | Christos Stavrakakis | v0.14 -> v0.14.2 <upgrade/upgrade-0.14.2> |
1967 | 0d14df99 | Christos Stavrakakis | v0.14.5 -> v0.14.6 <upgrade/upgrade-0.14.6> |
1968 | d3840a05 | Constantinos Venetsanopoulos | v0.14.7 -> v0.14.8 <upgrade/upgrade-0.14.8> |
1969 | 0ab857d0 | Constantinos Venetsanopoulos | v0.14.9 -> v0.14.10 <upgrade/upgrade-0.14.10> |
1970 | 774f683b | Giorgos Korfiatis | v0.14 -> v0.15 <upgrade/upgrade-0.15> |
1971 | 457fe4fc | Georgios D. Tsoukalas | |
1972 | bbcd3dd1 | Constantinos Venetsanopoulos | |
1973 | 3045e739 | Constantinos Venetsanopoulos | Changelog, NEWS |
1974 | bbcd3dd1 | Constantinos Venetsanopoulos | =============== |
1975 | bbcd3dd1 | Constantinos Venetsanopoulos | |
1976 | 15151f83 | Christos Stavrakakis | |
1977 | 9a80de55 | Christos Stavrakakis | * v0.14.10 :ref:`Changelog <Changelog-0.14.10>`, :ref:`NEWS <NEWS-0.14.10>` |
1978 | 033321fb | Christos Stavrakakis | * v0.14.9 :ref:`Changelog <Changelog-0.14.9>`, :ref:`NEWS <NEWS-0.14.9>` |
1979 | 833880fd | Christos Stavrakakis | * v0.14.8 :ref:`Changelog <Changelog-0.14.8>`, :ref:`NEWS <NEWS-0.14.8>` |
1980 | 833880fd | Christos Stavrakakis | * v0.14.7 :ref:`Changelog <Changelog-0.14.7>`, :ref:`NEWS <NEWS-0.14.7>` |
1981 | 7a59cb8f | Christos Stavrakakis | * v0.14.6 :ref:`Changelog <Changelog-0.14.6>`, :ref:`NEWS <NEWS-0.14.6>` |
1982 | d6a19bac | Christos Stavrakakis | * v0.14.5 :ref:`Changelog <Changelog-0.14.5>`, :ref:`NEWS <NEWS-0.14.5>` |
1983 | 38be3b6e | Christos Stavrakakis | * v0.14.4 :ref:`Changelog <Changelog-0.14.4>`, :ref:`NEWS <NEWS-0.14.4>` |
1984 | cda13b21 | Christos Stavrakakis | * v0.14.3 :ref:`Changelog <Changelog-0.14.3>`, :ref:`NEWS <NEWS-0.14.3>` |
1985 | 15151f83 | Christos Stavrakakis | * v0.14.2 :ref:`Changelog <Changelog-0.14.2>`, :ref:`NEWS <NEWS-0.14.2>` |
1986 | a0f672f1 | Stratos Psomadakis | * v0.14 :ref:`Changelog <Changelog-0.14>`, :ref:`NEWS <NEWS-0.14>` |
1987 | bbcd3dd1 | Constantinos Venetsanopoulos | * v0.13 :ref:`Changelog <Changelog-0.13>`, :ref:`NEWS <NEWS-0.13>` |