Skip to content

2.1 Managing cloud providers

Jump to bottom
robert-sanfeliu edited this page Sep 19, 2024 · 24 revisions

NebulOuS supports two cloud providers: OpenStack and AWS. Below you will find the details on how to register accounts for these cloud providers in NebulOuS so it can deploy applications using them.

OpenStack

Before you start

Acquire the OpenRC configuration file. This file is crucial as it contains the necessary settings and configurations

OVH: https://help.ovhcloud.com/csm/en-public-cloud-compute-set-openstack-environment-variables?id=kb_article_view&sysparm_article=KB0050920

OpenStack: https://docs.openstack.org/newton/user-guide/common/cli-set-environment-variables-using-openstack-rc.html

NebulOuS can only instantiate machines on OpenStack when they are based on an Ubuntu 22.04 image.

As a result to make sure that your images can be detected and used in the node candidate creation the following should be done:

  1. Create an image or copy one from an already existing image based on Ubuntu 22.04. (for example: GOLD Ubuntu 22.04 LTS)

While you can create an image from a running instance, it is often recommended to stop the instance to ensure that the image captures a consistent state.

openstack server stop <instance-id>

To create image, execute:

openstack server image create --name <image-name> <instance-id>
  1. Preferably, if you are creating the image from a running machine, we advice you to run:
sudo apt-get update
sudo unattended-upgrade -d
  1. In the /etc/ssh/sshd_config add the following at the end of the file:
PubkeyAcceptedAlgorithms=+ssh-rsa,ssh-rsa-cert-v01@openssh.com
HostKeyAlgorithms=+ssh-rsa,ssh-rsa-cert-v01@openssh.com

Registering OpenStack account:

Step 1: On the NebulOuS UI, go to the "Resources" section

image

Step 2: Click the "ADD RESOURCE" button

image

Step 3: Fill in the resource registration form

Zrzut ekranu z 2024-08-12 10-44-58

You must fill the following fields:

  • Name: A name for your cloud account. NebulOuS supports multiple cloud accounts from the same or different cloud providers. Choose a name that is descriptive enough.
  • Platform: OpenStack
  • In General section:
    • Auth URL: OS_AUTH_URL Mapped from openrc file.
    • Identity API Version: OS_IDENTITY_API_VERSION Mapped from openrc file.
    • Interface Type: OS_INTERFACE Mapped from openrc file.
    • add Security Group from your OpenStack account (Take into account that security group is used per region). To list all security groups one can execute command:
openstack security group list

To add security group one can execute command (https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/security-group.html):

openstack security group create
    [--description <description>]
    [--project <project> [--project-domain <project-domain>]]
    <name>

This version of NebulOuS requires that the cloud provider has all ports open. Make sure that you have a security group with rules that allow inbound and outbound traffic on all ports. To create such security group, one can execute:

openstack security group create allow-all --description "Security group with rules to allow all inbound and outbound traffic"

Also, one can add such rules to security group: Allow all inbound TCP traffic:

openstack security group rule create --proto tcp --dst-port 1:65535 allow-all

Allow all inbound UDP traffic:

openstack security group rule create --proto udp --dst-port 1:65535 allow-all

Allow all inbound ICMP traffic (e.g., ping):

openstack security group rule create --proto icmp allow-all
  • add Default Network from your OpenStack account. To list all networks, one can execute command:
openstack network list

To add network, one can execute command (https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/network.html):

openstack network list
    [--external | --internal]
    [--long]
    [--name <name>]
    [--enable | --disable]
    [--project <project> [--project-domain <project-domain>]]
    [--share | --no-share]
    [--status <status>]
    [--provider-network-type <provider-network-type>]
    [--provider-physical-network <provider-physical-network>]
    [--provider-segment <provider-segment>]
    [--agent <agent-id>]
    [--tags <tag>[,<tag>,...]] [--any-tags <tag>[,<tag>,...]]
    [--not-tags <tag>[,<tag>,...]] [--not-any-tags <tag>[,<tag>,...]]

  • In credentials section:

    • Username: OS_USERNAME Mapped from openrc file.

    • Password: OS_PASSWORD Mapped from openrc file.

    • Project Domain Name: OS_PROJECT_DOMAIN_NAME Mapped from openrc file

  • In SSH Credentials section

    • Username (e.g.: ubuntu), Key Pair Name and Key Private Key, you can define them in the "Key pair" section of your AWS account

AWS

Before you start

NebulOuS can only instantiate machines on AWS that fulfill the following conditions:

  1. Are owned by the account that is used in the cloud definition.
  2. Are tagged with: proactive-list-label:listed-in-proactive.
  3. Are based on an Ubuntu 22.04 image As a result to make sure that your images can be detected and used in the node candidate creation the following should be done: 1- Create an AMI or copy one from an already existing image based on Ubuntu 22.04 . 1.1- Preferably, if you are creating the image from a running EC2 machine, we advice you to run:
sudo apt-get update
sudo unattended-upgrade -d

1.2- In the /etc/ssh/sshd_config add the following at the end of the file:

PubkeyAcceptedAlgorithms=+ssh-rsa,ssh-rsa-cert-v01@openssh.com
HostKeyAlgorithms=+ssh-rsa,ssh-rsa-cert-v01@openssh.com

1.3- from the running instance save the image following this manual: 
           https://docs.aws.amazon.com/toolkit-for-visual-studio/latest/user-guide/tkv-create-ami-from-instance.html
2- Either at the creation step or after the image is created, add the tag to the AMI: 
image Please note that if the image should be present in different regions, then it can be copied from one region to another following this manual: 
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html#ami-copy-steps Security groups and open ports This version of NebulOuS requires that the cloud provider has all ports open. Make sure that you have a security group with rules that allow inbound and outbound traffic on all ports.

Registering AWS account:

Step 1: On the mNebulOuS UI, go to the "Resources" section

image

Step 2: Click the "ADD RESOURCE" button

image

Step 3: Fill in the resource registration form

image

You must fill the following fields:

  • Name: A name for your cloud account. NebulOuS supports multiple cloud accounts from the same or different cloud providers. Choose a name that is descriptive enough.
  • Platform: AWS
  • In General section:
    • add Security Group from your aws account (in EC2 Dashboard you can find default security groups or you can create your own)
  • In credentials section
    • Provide a value for Username and Secret. To obtain these value, go to the section "Access keys" in the "Security credentials" tab of AWS panel. Click "Create access key" on AWS panel to generate a new key, copy its Access key ID (to be used as "Username" in NebulOuS) and the Secret access key (to be used as "secret" in NebulOuS)
    • image
    • image
  • In SSH Credentials section
    • Username (e.g.: ubuntu), Key Pair Name and Key Private Key, you can define them in the "Key pair" section of your AWS account

image

Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the Directorate-General for Communications Networks, Content and Technology. Neither the European Union nor the granting authority can be held responsible for them.

© 2024 NEBULOUS. ALL RIGHTS RESERVED

Clone this wiki locally