Project

General

Profile

Task #7591

uncloud production checklist 2020-01

Added by Nico Schottelius 14 days ago. Updated 13 days ago.

Status:
In Progress
Priority:
Normal
Target version:
-
Start date:
01/09/2020
Due date:
% Done:

0%

Estimated time:
PM Check date:

Description

Objective

  • Migrate internal VMs to uncloud

Checklist

  • Can all required components be deployed (checking on server11) -- document the installation procedures
    • -api
    • -host
    • -network
  • Is the API secure from outside?
    • I am able to connect without otp at the moment
  • Is the client / cli usable?
    • Install, get seed, have fun?
  • Is there documentation on how to use or recreate the current installation?
  • Can networks be created?
  • Can VMs be migrated from one host to another?

Tests

Objective: test our components

uncloud-vmm

  • mock/create request entry in etcd
  • verify that uncloud-vmm creates a VM

Install instructions (2020-01)

  • git clone the repo
  • create venv
  • run python setup.py install

(should work on every distro with venv)

git clone https://code.ungleich.ch/uncloud/uncloud.git
cd uncloud
python3 -m venv venv
. ./venv/bin/activate
python setup.py install

History

#1

Updated by Nico Schottelius 14 days ago

  • Status changed from New to In Progress
  • Description updated (diff)
#2

Updated by Nico Schottelius 14 days ago

  • Description updated (diff)
#3

Updated by Ahmed Bilal 14 days ago

Installation/Setup

Allow etcd prefix for developer role

ungleich-etcdctl-root role grant-permission --prefix=true developer readwrite /server11/
ungleich-etcdctl-root role grant-permission --prefix=true developer readwrite /server12/

server{11,12}.place6

Replace server12 with server11 when setting up server11


# The following commands with ~# prompt are run as root
~# tmux
~# userdel -r uncloud -f
~# useradd -m uncloud

~# echo "uncloud ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
~# apt install python3-pip chrony qemu sudo
~# update-rc.d chrony enable

# Check whether time synchronization is successful
~# chronyc tracking

~# su - uncloud

# correcting prompt
exec bash

# Setting up uncloud
git clone https://code.ungleich.ch/uncloud/uncloud.git
cd uncloud
pip3 install .
echo "alias uncloud='/home/uncloud/.local/bin/uncloud'" >> ~/.bashrc
source ~/.bashrc

# Setting up etcd connection

# Creating directory for etcd certificates. Manually upload etcd certs into it
mkdir ~/certs

# Put your OTP credentials in following command where it says replace me
cat > /home/uncloud/uncloud/uncloud.conf <<EOF
[etcd]
url = etcd1.ungleich.ch
port = 2379
base_prefix = /server12/
ca_cert = /home/uncloud/certs/ca.pem
cert_cert = /home/uncloud/certs/developer.pem
cert_key = /home/uncloud/certs/developer-key.pem

[client]
name = replace_me
realm = replace_me
seed = replace_me
api_server = http://localhost:5000
EOF

# Configuring uncloud (OTP, Netbox, Storage, Network)
uncloud configure otp --verification-controller-url https://otp.ungleich.ch/ungleichotp/verify/ --auth-name replace_me --auth-realm ungleich-auth --auth-seed replace_me

uncloud configure netbox --url https://netbox.ungleich.ch/ --token replace_me

uncloud configure storage --file-dir /home/uncloud/backend/files/ filesystem --vm-dir /home/uncloud/backend/vms/ --image-dir /home/uncloud/backend/images/

uncloud configure network --prefix-length 64 --prefix 2a0a:e5c0:50::/48 --vxlan-phy-dev enp4s0f0

# Creating backend directories
mkdir -p /home/uncloud/backend/files/
mkdir -p /home/uncloud/backend/vms/
mkdir -p /home/uncloud/backend/images/

# Downloading alpine qcow2 file. We would make an image out of it.
mkdir -p /home/uncloud/backend/files/ahmedbilal-admin
wget https://cloud.ungleich.ch/s/qTb5dFYW5ii8KsD/download -O /home/uncloud/backend/files/ahmedbilal-admin/alpine-ucloud.qcow2

# Run filescanner to track our files
uncloud filescanner

# Create image store
python3 ~/uncloud/uncloud/api/create_image_store.py

# Run uncloud api
uncloud api

# Create image (replace uuid with uuid of your file)
uncloud cli image create --name alpine --uuid c3919922-3ff8-4557-a579-b6a7cdf5b654 --image-store images

# Run uncloud imagescanner
uncloud imagescanner

# Verify that the image is created successfully
uncloud cli image list

# Create host
uncloud cli host create --hostname server12.place6.ungleich.ch --cpu 64 --ram '64GB' --os-ssd '128GB'

# Start uncloud host
uncloud host --hostname server12.place6.ungleich.ch

# Create VM
uncloud cli vm create --vm-name meow --cpu 1 --ram '1gb' --os-ssd '4gb' --image images:alpine

# Create Network (non-global fd00:/8)
uncloud cli network create --network-name simple --network-type vxlan

# Create VM with non-global network
uncloud cli vm create --vm-name meow2 --cpu 1 --ram '1gb' --os-ssd '4gb' --image images:alpine --network simple

#4

Updated by Ahmed Bilal 14 days ago

Can all required components be deployed (checking on server11) -- document the installation procedures

Documented

Is the API secure from outside? I am able to connect without otp at the moment

I am not sure about what do you mean by it. You can connect to API from outside but you would need valid OTP credentials to perform most of authorized functions like create/deleting/starting/stopping/migrating vm etc.

Is the client / cli usable?
Yes

Is there documentation on how to use or recreate the current installation?
The instructions how to recreate current installations are mentioned above. For usage, see https://ungleich.ch/uncloud/ or ping ahmedbilal

Can networks be created?
Yes, but global won't work as no one make it routable and i don't know how to add ip prefix to a server correctly.

Can VMs be migrated from one host to another?
Yes, but I have setup server11 and server12 individually. It mean they cannot interact with each other. It is very easy to make them talk to each other. Just ping me and I would do it.

#5

Updated by Ahmed Bilal 14 days ago

Also, please note

uncloud deployed at server{11, 12}. There are still some issues that would be problem for reliably running uncloud for longer period of time. e.g
1. https://redmine.ungleich.ch/issues/7583 (As, soon as etcd leader changes or etcd become temporarily unavailable our uncloud components start dying ;)

Although, if a VM is running it wouldn't be hurt. Thanks, to our shiny new vmm.

Also, see https://redmine.ungleich.ch/issues/7590

#6

Updated by Nico Schottelius 13 days ago

  • Description updated (diff)
#7

Updated by Nico Schottelius 13 days ago

  • Description updated (diff)
#8

Updated by Nico Schottelius 13 days ago

  • Description updated (diff)

Also available in: Atom PDF