Task #7591
closed
uncloud production checklist 2020-01
Added by Nico Schottelius over 4 years ago.
Updated over 2 years ago.
Description
Objective¶
- Migrate internal VMs to uncloud
Checklist¶
- Can all required components be deployed (checking on server11) -- document the installation procedures
- Is the API secure from outside?
- I am able to connect without otp at the moment
- Is the client / cli usable?
- Install, get seed, have fun?
- Is there documentation on how to use or recreate the current installation?
- Can networks be created?
- Can VMs be migrated from one host to another?
Tests¶
Objective: test our components
uncloud-vmm¶
- mock/create request entry in etcd
- verify that uncloud-vmm creates a VM
Install instructions (2020-01)¶
- git clone the repo
- create venv
- run python setup.py install
(should work on every distro with venv)
git clone https://code.ungleich.ch/uncloud/uncloud.git
cd uncloud
python3 -m venv venv
. ./venv/bin/activate
python setup.py install
- Description updated (diff)
- Status changed from New to In Progress
- Description updated (diff)
Installation/Setup¶
Allow etcd prefix for developer role
ungleich-etcdctl-root role grant-permission --prefix=true developer readwrite /server11/
ungleich-etcdctl-root role grant-permission --prefix=true developer readwrite /server12/
server{11,12}.place6
Replace server12 with server11 when setting up server11
# The following commands with ~# prompt are run as root
~# tmux
~# userdel -r uncloud -f
~# useradd -m uncloud
~# echo "uncloud ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
~# apt install python3-pip chrony qemu sudo
~# update-rc.d chrony enable
# Check whether time synchronization is successful
~# chronyc tracking
~# su - uncloud
# correcting prompt
exec bash
# Setting up uncloud
git clone https://code.ungleich.ch/uncloud/uncloud.git
cd uncloud
pip3 install .
echo "alias uncloud='/home/uncloud/.local/bin/uncloud'" >> ~/.bashrc
source ~/.bashrc
# Setting up etcd connection
# Creating directory for etcd certificates. Manually upload etcd certs into it
mkdir ~/certs
# Put your OTP credentials in following command where it says replace me
cat > /home/uncloud/uncloud/uncloud.conf <<EOF
[etcd]
url = etcd1.ungleich.ch
port = 2379
base_prefix = /server12/
ca_cert = /home/uncloud/certs/ca.pem
cert_cert = /home/uncloud/certs/developer.pem
cert_key = /home/uncloud/certs/developer-key.pem
[client]
name = replace_me
realm = replace_me
seed = replace_me
api_server = http://localhost:5000
EOF
# Configuring uncloud (OTP, Netbox, Storage, Network)
uncloud configure otp --verification-controller-url https://otp.ungleich.ch/ungleichotp/verify/ --auth-name replace_me --auth-realm ungleich-auth --auth-seed replace_me
uncloud configure netbox --url https://netbox.ungleich.ch/ --token replace_me
uncloud configure storage --file-dir /home/uncloud/backend/files/ filesystem --vm-dir /home/uncloud/backend/vms/ --image-dir /home/uncloud/backend/images/
uncloud configure network --prefix-length 64 --prefix 2a0a:e5c0:50::/48 --vxlan-phy-dev enp4s0f0
# Creating backend directories
mkdir -p /home/uncloud/backend/files/
mkdir -p /home/uncloud/backend/vms/
mkdir -p /home/uncloud/backend/images/
# Downloading alpine qcow2 file. We would make an image out of it.
mkdir -p /home/uncloud/backend/files/ahmedbilal-admin
wget https://cloud.ungleich.ch/s/qTb5dFYW5ii8KsD/download -O /home/uncloud/backend/files/ahmedbilal-admin/alpine-ucloud.qcow2
# Run filescanner to track our files
uncloud filescanner
# Create image store
python3 ~/uncloud/uncloud/api/create_image_store.py
# Run uncloud api
uncloud api
# Create image (replace uuid with uuid of your file)
uncloud cli image create --name alpine --uuid c3919922-3ff8-4557-a579-b6a7cdf5b654 --image-store images
# Run uncloud imagescanner
uncloud imagescanner
# Verify that the image is created successfully
uncloud cli image list
# Create host
uncloud cli host create --hostname server12.place6.ungleich.ch --cpu 64 --ram '64GB' --os-ssd '128GB'
# Start uncloud host
uncloud host --hostname server12.place6.ungleich.ch
# Create VM
uncloud cli vm create --vm-name meow --cpu 1 --ram '1gb' --os-ssd '4gb' --image images:alpine
# Create Network (non-global fd00:/8)
uncloud cli network create --network-name simple --network-type vxlan
# Create VM with non-global network
uncloud cli vm create --vm-name meow2 --cpu 1 --ram '1gb' --os-ssd '4gb' --image images:alpine --network simple
Can all required components be deployed (checking on server11) -- document the installation procedures
Documented
Is the API secure from outside? I am able to connect without otp at the moment
I am not sure about what do you mean by it. You can connect to API from outside but you would need valid OTP credentials to perform most of authorized functions like create/deleting/starting/stopping/migrating vm etc.
Is the client / cli usable?
Yes
Is there documentation on how to use or recreate the current installation?
The instructions how to recreate current installations are mentioned above. For usage, see https://ungleich.ch/uncloud/ or ping ahmedbilal
Can networks be created?
Yes, but global won't work as no one make it routable and i don't know how to add ip prefix to a server correctly.
Can VMs be migrated from one host to another?
Yes, but I have setup server11 and server12 individually. It mean they cannot interact with each other. It is very easy to make them talk to each other. Just ping me and I would do it.
Also, please note
uncloud deployed at server{11, 12}. There are still some issues that would be problem for reliably running uncloud for longer period of time. e.g
1. https://redmine.ungleich.ch/issues/7583 (As, soon as etcd leader changes or etcd become temporarily unavailable our uncloud components start dying ;)
Although, if a VM is running it wouldn't be hurt. Thanks, to our shiny new vmm.
Also, see https://redmine.ungleich.ch/issues/7590
- Description updated (diff)
- Description updated (diff)
- Description updated (diff)
- Status changed from In Progress to Rejected
Also available in: Atom
PDF