You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by aledsage <gi...@git.apache.org> on 2016/07/28 22:18:19 UTC
[GitHub] brooklyn-docs pull request #98: Improve location docs
GitHub user aledsage opened a pull request:
https://github.com/apache/brooklyn-docs/pull/98
Improve location docs
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/aledsage/brooklyn-docs improve-location-docs
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/brooklyn-docs/pull/98.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #98
----
commit 148e35cb5881b7a1727fb6767bdb755f2f83d1e5
Author: Aled Sage <al...@gmail.com>
Date: 2016-07-28T22:16:42Z
Fix some broken links
commit e762710f4bf26db138aaa11d2ef1c94e239516ba
Author: Aled Sage <al...@gmail.com>
Date: 2016-07-28T22:17:13Z
Improve location docs
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73240786
--- Diff: guide/ops/locations/_openstack.md ---
@@ -1,18 +1,66 @@
---
-section: Openstack
-title: Openstack
+section: OpenStack
+title: OpenStack
section_type: inline
section_position: 6
---
-## Openstack
+## OpenStack
### Apache jclouds
Support for OpenStack is provided by Apache jclouds. For more information, see their guide
[here](https://jclouds.apache.org/guides/openstack/).
+### Connection Details
+
+The endpoint URI is that of keystone (normally on port 5000).
+
+The identity normally consists of the tenant and username, colons-separated. The credential is
+the password. For example:
+
+ location:
+ jclouds:openstack-nova:
+ endpoint: http://x.x.x.x:5000/v2.0/
+ identity: "your-tenant:your-username"
+ credential: your-password
+
+OpenStack Nova access information can be downloaded from the openstack web interface, for example
--- End diff --
"openstack" -> "OpenStack"
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73240898
--- Diff: guide/ops/locations/_openstack.md ---
@@ -1,18 +1,66 @@
---
-section: Openstack
-title: Openstack
+section: OpenStack
+title: OpenStack
section_type: inline
section_position: 6
---
-## Openstack
+## OpenStack
### Apache jclouds
Support for OpenStack is provided by Apache jclouds. For more information, see their guide
[here](https://jclouds.apache.org/guides/openstack/).
+### Connection Details
+
+The endpoint URI is that of keystone (normally on port 5000).
+
+The identity normally consists of the tenant and username, colons-separated. The credential is
+the password. For example:
+
+ location:
+ jclouds:openstack-nova:
+ endpoint: http://x.x.x.x:5000/v2.0/
+ identity: "your-tenant:your-username"
+ credential: your-password
+
+OpenStack Nova access information can be downloaded from the openstack web interface, for example
+as an openrc.sh file. This file will normally contain the identity and credential.
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to OpenStack environments:
+
+* The `imageId` is the id of an image. For example,
--- End diff --
"id" -> "ID" here and below.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73241935
--- Diff: guide/ops/locations/_openstack.md ---
@@ -91,33 +143,95 @@ This is the same OpenStack location in a format that can be added to your
brooklyn.location.named.My\ OpenStack.securityGroups=your-security-group
brooklyn.location.named.My\ OpenStack.keyPair=your-keypair
-Chose a value of `your-flavor-id` from one of the defaults, or create your own flavor if
-you have administrator privileges.
-For for more information, see the
-[OpenStack flavors guide](http://docs.openstack.org/admin-guide/cli_manage_flavors.html).
-The default flavors are:
+### Troubleshooting
- +-----+-----------+-----------+------+
- | ID | Name | Memory_MB | Disk |
- +-----+-----------+-----------+------+
- | 1 | m1.tiny | 512 | 1 |
- | 2 | m1.small | 2048 | 20 |
- | 3 | m1.medium | 4096 | 40 |
- | 4 | m1.large | 8192 | 80 |
- | 5 | m1.xlarge | 16384 | 160 |
- +-----+-----------+-----------+------+
+#### Cloud Credentials Failing
-For an even more detailed example location configuration, consult the
-[template properties file](https://brooklyn.apache.org/v/latest/start/brooklyn.properties).
+If the cloud API calls return `401 Unauthorized` (e.g. in a `org.jclouds.rest.AuthorizationException`),
+then this could be because the credentials are incorrect.
+A good way to check this is to try the same credentials with the
+[OpenStack nova command line client](http://docs.openstack.org/user-guide/common/cli_install_openstack_command_line_clients.html).
-### Other features
-Consult jclouds' [Nova template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/openstack/nova/v2_0/compute/options/NovaTemplateOptions.html)
-for futher options when configuring Openstack locations.
+#### Unable to SSH: Wrong User
+
+If SSH authentication fails, it could be that the login user is incorrect. For most clouds, this
+is inferred from the image metadata, but if no (or the wrong) login user is specified then it will
+default to root. The correct login user can be specified using the configuration option `loginUser`.
+For example, `loginUser: ubuntu`.
+
+The use of the wrong login user can also result in the obscure error shown below, caused by
+an unexpected response saying to use a different user. For more technical information, see
+this [sshj github issue](https://github.com/hierynomus/sshj/issues/75):
+
+ Received message too long 1349281121
+
+
+#### I Want to Use my Own KeyPair
--- End diff --
"my" -> "My"
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73155420
--- Diff: guide/yaml/setting-locations.md ---
@@ -24,22 +29,98 @@ Private cloud systems including `openstack-nova` and `cloudstack` are also suppo
although for these you'll supply an `endpoint: https://9.9.9.9:9999/v2.0/`
(or `client/api/` in the case of CloudStack) instead of the `region`.
+
+### "Bring Your Own Nodes" Example
+
You can also specify pre-existing servers to use -- "bring-your-own-nodes".
-These can be a global pool or specific to a service.
-Both styles are shown here (though normally only one will be selected,
-<!-- TODO see #1377, currently it is *parent* location which is preferred typically -->
-depending on the blueprint):
+The example below shows a pool of machines that will be used by the entities within the
+application.
{% highlight yaml %}
{% readj example_yaml/simple-appserver-with-location-byon.yaml %}
{% endhighlight %}
-Note in this example that we've used JSON-style notation in the second `location` block.
-YAML supports this, and sometimes that makes more readable plans.
-(Although in this case a simple `location: localhost` is equivalent and even more succinct,
-but this is a tutorial.)
-For more information see the [Operations: Locations]({{ site.path.guide }}/ops/locations) section of the User Guide.
-This includes support for defining locations externally in a [brooklyn.properties]({{ brooklyn_properties_url_path }}) file,
-after which you can deploy to clouds or bring-your-own-nodes
-simply as `location: jclouds:aws-ec2:eu-west-1` or `location: named:my_cloudstack`.
+### Single Line and Multi Line Locations
+
+A simple location can be specified on a single line. Alternatively, it can be split to have one
+configuration option per line (recommended for all but the simplest locations).
+
+For example, the two examples below are equivalent:
+
+{% highlight yaml %}
+location: byon(name="my loc",hosts="1.2.3.4",user="bob",privateKeyFile="~/.ssh/bob_id_rsa")
+{% endhighlight %}
+
+{% highlight yaml %}
+location:
+ byon:
+ name: "my loc"
+ hosts:
+ - "1.2.3.4"
+ user: "bob"
+ privateKeyFile: "~/.ssh/bob_id_rsa"
+{% endhighlight %}
+
+
+### Specific Locations for Specific Entities
+
+One can define specific locations on specific entities within the blueprint (instead of, or as
+well as, defining the location at the top-level of the blueprint).
+
+The example below will deploy Tomcat and JBoss App Server to different Bring Your Own Nodes
+locations:
+
+{% highlight yaml %}
+{% readj example_yaml/simple-appserver-with-location-per-entity.yaml %}
+{% endhighlight %}
+
+The rules for precedence when defining a location for an entity are:
+
+* The location defined on that specific entity.
+* If no location, then the first ancestor that defines an explicit location.
+* If still no location, then the location defined at the top-level of the blueprint.
--- End diff --
If still no location is defined,
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73147172
--- Diff: guide/ops/locations/_AWS.md ---
@@ -19,21 +19,35 @@ and [AWS IAM instructions](http://docs.aws.amazon.com/IAM/latest/UserGuide/Manag
An example of the expected format is shown below:
- brooklyn.location.jclouds.aws-ec2.identity=ABCDEFGHIJKLMNOPQRST
- brooklyn.location.jclouds.aws-ec2.credential=abcdefghijklmnopqrstu+vwxyzabcdefghijklm
+ location:
+ jclouds:aws-ec2:
+ region: us-east-1
+ identity: ABCDEFGHIJKLMNOPQRST
+ credential: abcdefghijklmnopqrstu+vwxyzabcdefghijklm
+Users are strongly recommended to use
+[externalized configuration]({{ site.path.guide }}/ops/externalized-configuration.html) for better
+credential management, for example using [Vault](https://www.vaultproject.io/).
-### Tidying up after jclouds
-Security groups are not always deleted by jclouds. This is due to a limitation in AWS (see
-https://issues.apache.org/jira/browse/JCLOUDS-207). In brief, AWS prevents the security group
-being deleted until there are no VMs using it. However, there is eventual consistency for
-recording which VMs still reference those security groups: after deleting the VM, it can sometimes
-take several minutes before the security group can be deleted. jclouds retries for 3 seconds, but
-does not block for longer.
+### Common Configuration Options
-There is utility written by Cloudsoft for deleting these unused resources:
-http://www.cloudsoftcorp.com/blog/2013/03/tidying-up-after-jclouds.
+Below are examples of configuration options that use values specific to AWS EC2:
+
+* The `region` is the [AWS region code](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html).
+ For example, `region: us-east-1`. One can also in-line this value when such as `jclouds:aws-ec2:us-east-1`.
--- End diff --
"One can also in-line this value when such as" - needs rewording, perhaps:
You can in-line this value using the following format: `jclouds:aws-ec2:us-east-1`.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73150240
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
+section_type: inline
+section_position: 6
+---
+
+## CloudStack
+
+### Connection Details
+
+The endpoint URI will normally have the suffix `/client/api/`.
+
+The identity is the "api key" and the credential is the "secret key". These can be generated in
+the cloudstack gui: under accounts, select "view users", then "generate key".
+
+ location:
+ jclouds:cloudstack:
+ endpoint: https://cloud.acme.com/client/api
+ identity: abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghij
+ credential: mycred-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abc
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to CloudStack environments:
+
+* The `imageId` is the template id. For example,
+ `imageId: db0bcce3-9e9e-4a87-a953-2f46b603498f`.
+
+* The `region` is CloudStack zone id.
+ For example `region: 84539b9c-078e-458a-ae26-c3ffc5bb1ec9`..
+
+* `networkName` is the network id (within the given zone) to be used. For example,
+ `networkName: 961c03d4-9828-4037-9f4d-3dd597f60c4f`.
+
+For further configuration options, consult
+[jclouds CloudStack template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/cloudstack/compute/options/CloudStackTemplateOptions.html).
+These can be used with the **[templateOptions](#custom-template-options)** configuration option.
+
+
+### Using a Pre-existing Key Pair
+
+The configuration below uses a pre-existing key pair:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ loginUser: root
+ loginUser.privateKeyFile: /path/to/keypair.pem
+ keyPair: my-keypair
+
+
+### Using Pre-existing Security Groups
+
+To specify existing security groups, their ids must be used rather than their names (note this
+differs from the configuration on other clouds!).
+
+The configuration below uses a pre-existing security group:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ templateOptions:
+ generateSecurityGroup: false
+ securityGroupIds:
+ - 12345678-90ab-def0-1234-567890abcdef
+
+
+### Using Static NAT
+
+Assigning a public IP to a VM at provision-time is referred to as "static NAT" in CloudStack
+parlance. To give some consistency across different clouds, the configuration option is named
+`autoAssignFloatingIp`. For example, `autoAssignFloatingIp: false`.
+
+
+### Cloudmonkey CLI
+
+The [CloudStack Cloudmonkey CLI](https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI)
+is a very useful tool for validating that credentials are correct, and for querying the API to find the correct
+zone ids etc.
+
+Useful commands include:
+
+ # for finding the ids of the zones:
+ cloudmonkey api listZones
+
+ # for finding the ids of the networks.
+ cloudmonkey api listNetworks | grep -E "id =|name =|========="
+
+### CloudStack Troubleshooting
+
+These troubleshooting tips are more geared towards problems encountered in old test/dev
+CloudPlatform environment.
--- End diff --
What's "old test/dev CloudPlatform environment"?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by aledsage <gi...@git.apache.org>.
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73416291
--- Diff: guide/ops/locations/_openstack.md ---
@@ -1,18 +1,66 @@
---
-section: Openstack
-title: Openstack
+section: OpenStack
+title: OpenStack
section_type: inline
section_position: 6
---
-## Openstack
+## OpenStack
### Apache jclouds
Support for OpenStack is provided by Apache jclouds. For more information, see their guide
[here](https://jclouds.apache.org/guides/openstack/).
+### Connection Details
+
+The endpoint URI is that of keystone (normally on port 5000).
+
+The identity normally consists of the tenant and username, colons-separated. The credential is
+the password. For example:
+
+ location:
+ jclouds:openstack-nova:
+ endpoint: http://x.x.x.x:5000/v2.0/
+ identity: "your-tenant:your-username"
+ credential: your-password
+
+OpenStack Nova access information can be downloaded from the openstack web interface, for example
+as an openrc.sh file. This file will normally contain the identity and credential.
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to OpenStack environments:
+
+* The `imageId` is the id of an image. For example,
+ `imageId: RegionOne/08086159-8b0b-4970-b332-a7a929ee601f`.
+ These ids can be found from the the CLI or the web-console, for example in IBM Blue Box,
--- End diff --
I think this link is good enough. I don't think there is a good "public" OpenStack url to use for this (e.g. the rackspace user interface is completely different from the normal OpenStack UI). The advantage of the IBM Blue Box link is that it is a half-way house: it's enough like what a private OpenStack enterprise would have, but is also a public URL.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73152072
--- Diff: guide/ops/locations/_openstack.md ---
@@ -1,18 +1,66 @@
---
-section: Openstack
-title: Openstack
+section: OpenStack
+title: OpenStack
section_type: inline
section_position: 6
---
-## Openstack
+## OpenStack
### Apache jclouds
Support for OpenStack is provided by Apache jclouds. For more information, see their guide
[here](https://jclouds.apache.org/guides/openstack/).
+### Connection Details
+
+The endpoint URI is that of keystone (normally on port 5000).
+
+The identity normally consists of the tenant and username, colons-separated. The credential is
--- End diff --
The identity normally consists of a colon-seperated, tenant and username.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73243661
--- Diff: guide/yaml/setting-locations.md ---
@@ -24,22 +29,98 @@ Private cloud systems including `openstack-nova` and `cloudstack` are also suppo
although for these you'll supply an `endpoint: https://9.9.9.9:9999/v2.0/`
(or `client/api/` in the case of CloudStack) instead of the `region`.
+
+### "Bring Your Own Nodes" Example
+
You can also specify pre-existing servers to use -- "bring-your-own-nodes".
-These can be a global pool or specific to a service.
-Both styles are shown here (though normally only one will be selected,
-<!-- TODO see #1377, currently it is *parent* location which is preferred typically -->
-depending on the blueprint):
+The example below shows a pool of machines that will be used by the entities within the
+application.
{% highlight yaml %}
{% readj example_yaml/simple-appserver-with-location-byon.yaml %}
{% endhighlight %}
-Note in this example that we've used JSON-style notation in the second `location` block.
-YAML supports this, and sometimes that makes more readable plans.
-(Although in this case a simple `location: localhost` is equivalent and even more succinct,
-but this is a tutorial.)
-For more information see the [Operations: Locations]({{ site.path.guide }}/ops/locations) section of the User Guide.
-This includes support for defining locations externally in a [brooklyn.properties]({{ brooklyn_properties_url_path }}) file,
-after which you can deploy to clouds or bring-your-own-nodes
-simply as `location: jclouds:aws-ec2:eu-west-1` or `location: named:my_cloudstack`.
+### Single Line and Multi Line Locations
+
+A simple location can be specified on a single line. Alternatively, it can be split to have one
+configuration option per line (recommended for all but the simplest locations).
+
+For example, the two examples below are equivalent:
+
+{% highlight yaml %}
+location: byon(name="my loc",hosts="1.2.3.4",user="bob",privateKeyFile="~/.ssh/bob_id_rsa")
+{% endhighlight %}
+
+{% highlight yaml %}
+location:
+ byon:
+ name: "my loc"
+ hosts:
+ - "1.2.3.4"
+ user: "bob"
+ privateKeyFile: "~/.ssh/bob_id_rsa"
+{% endhighlight %}
+
+
+### Specific Locations for Specific Entities
+
+One can define specific locations on specific entities within the blueprint (instead of, or as
+well as, defining the location at the top-level of the blueprint).
+
+The example below will deploy Tomcat and JBoss App Server to different Bring Your Own Nodes
+locations:
+
+{% highlight yaml %}
+{% readj example_yaml/simple-appserver-with-location-per-entity.yaml %}
+{% endhighlight %}
+
+The rules for precedence when defining a location for an entity are:
+
+* The location defined on that specific entity.
+* If no location, then the first ancestor that defines an explicit location.
+* If still no location, then the location defined at the top-level of the blueprint.
+
+This means, for example, that if you define an explicit location on a cluster then it will be used
+for all members of that cluster.
+
+
+### Multiple Locations
+
+Some entities are written to expect a set of locations. For example, a `DynamicFabric` will
+create a member entity in each location that it is given. To supply multiple locations, simply
+use `locations` with a yaml list.
+
+In the example below, it will create a cluster of app-servers in each location:
--- End diff --
Since your example is a `DynamicFabric` (X) of `DynamicCluster`s (Y) of web servers (Z), you should clarify that one location is used for each entity Y, and that all entities Z inside of Y are in the same location. This was not readily apparent to me when I first used DF + DC with multiple locations.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73148994
--- Diff: guide/ops/locations/_GCE.md ---
@@ -43,4 +82,10 @@ For example, for dev/demo purposes an "everything" network could be created that
|| Source IP Ranges || 0.0.0.0/0 |
|| Allowed protocols and ports || tcp:0-65535 and udp:0-65535 |
+To configure the location to use this, you can include a location configuration option like
+`networkName: everything`.
+
+
+### Entropy
+GCE images often have little entropy. One option to work around this is to use `installDevUrandom: true`.
--- End diff --
Perhaps point at the entropy section elsewhere rather than repeating here?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73242134
--- Diff: guide/ops/locations/_openstack.md ---
@@ -91,33 +143,95 @@ This is the same OpenStack location in a format that can be added to your
brooklyn.location.named.My\ OpenStack.securityGroups=your-security-group
brooklyn.location.named.My\ OpenStack.keyPair=your-keypair
-Chose a value of `your-flavor-id` from one of the defaults, or create your own flavor if
-you have administrator privileges.
-For for more information, see the
-[OpenStack flavors guide](http://docs.openstack.org/admin-guide/cli_manage_flavors.html).
-The default flavors are:
+### Troubleshooting
- +-----+-----------+-----------+------+
- | ID | Name | Memory_MB | Disk |
- +-----+-----------+-----------+------+
- | 1 | m1.tiny | 512 | 1 |
- | 2 | m1.small | 2048 | 20 |
- | 3 | m1.medium | 4096 | 40 |
- | 4 | m1.large | 8192 | 80 |
- | 5 | m1.xlarge | 16384 | 160 |
- +-----+-----------+-----------+------+
+#### Cloud Credentials Failing
-For an even more detailed example location configuration, consult the
-[template properties file](https://brooklyn.apache.org/v/latest/start/brooklyn.properties).
+If the cloud API calls return `401 Unauthorized` (e.g. in a `org.jclouds.rest.AuthorizationException`),
+then this could be because the credentials are incorrect.
+A good way to check this is to try the same credentials with the
+[OpenStack nova command line client](http://docs.openstack.org/user-guide/common/cli_install_openstack_command_line_clients.html).
-### Other features
-Consult jclouds' [Nova template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/openstack/nova/v2_0/compute/options/NovaTemplateOptions.html)
-for futher options when configuring Openstack locations.
+#### Unable to SSH: Wrong User
+
+If SSH authentication fails, it could be that the login user is incorrect. For most clouds, this
+is inferred from the image metadata, but if no (or the wrong) login user is specified then it will
+default to root. The correct login user can be specified using the configuration option `loginUser`.
+For example, `loginUser: ubuntu`.
+
+The use of the wrong login user can also result in the obscure error shown below, caused by
+an unexpected response saying to use a different user. For more technical information, see
+this [sshj github issue](https://github.com/hierynomus/sshj/issues/75):
+
+ Received message too long 1349281121
+
+
+#### I Want to Use my Own KeyPair
+
+By default, jclouds will auto-generate a new [key pair](http://docs.openstack.org/user-guide/cli_nova_configure_access_security_for_instances.html)
+for the VM. This key pair will be deleted automatically when the VM is deleted.
+
+Alternatively, you can use a pre-existing key pair. If so, you must also specify the corresponding
+private key (pem file, or data) to be used for the initial login. For example:
+
+ location:
+ jclouds:clouds:openstack-nova:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ keyPair: "my-keypair"
--- End diff --
This name needs to match the name of the key pair that's already been added to OpenStack, correct?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73242356
--- Diff: guide/ops/locations/_openstack.md ---
@@ -91,33 +143,95 @@ This is the same OpenStack location in a format that can be added to your
brooklyn.location.named.My\ OpenStack.securityGroups=your-security-group
brooklyn.location.named.My\ OpenStack.keyPair=your-keypair
-Chose a value of `your-flavor-id` from one of the defaults, or create your own flavor if
-you have administrator privileges.
-For for more information, see the
-[OpenStack flavors guide](http://docs.openstack.org/admin-guide/cli_manage_flavors.html).
-The default flavors are:
+### Troubleshooting
- +-----+-----------+-----------+------+
- | ID | Name | Memory_MB | Disk |
- +-----+-----------+-----------+------+
- | 1 | m1.tiny | 512 | 1 |
- | 2 | m1.small | 2048 | 20 |
- | 3 | m1.medium | 4096 | 40 |
- | 4 | m1.large | 8192 | 80 |
- | 5 | m1.xlarge | 16384 | 160 |
- +-----+-----------+-----------+------+
+#### Cloud Credentials Failing
-For an even more detailed example location configuration, consult the
-[template properties file](https://brooklyn.apache.org/v/latest/start/brooklyn.properties).
+If the cloud API calls return `401 Unauthorized` (e.g. in a `org.jclouds.rest.AuthorizationException`),
+then this could be because the credentials are incorrect.
+A good way to check this is to try the same credentials with the
+[OpenStack nova command line client](http://docs.openstack.org/user-guide/common/cli_install_openstack_command_line_clients.html).
-### Other features
-Consult jclouds' [Nova template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/openstack/nova/v2_0/compute/options/NovaTemplateOptions.html)
-for futher options when configuring Openstack locations.
+#### Unable to SSH: Wrong User
+
+If SSH authentication fails, it could be that the login user is incorrect. For most clouds, this
+is inferred from the image metadata, but if no (or the wrong) login user is specified then it will
+default to root. The correct login user can be specified using the configuration option `loginUser`.
+For example, `loginUser: ubuntu`.
+
+The use of the wrong login user can also result in the obscure error shown below, caused by
+an unexpected response saying to use a different user. For more technical information, see
+this [sshj github issue](https://github.com/hierynomus/sshj/issues/75):
+
+ Received message too long 1349281121
+
+
+#### I Want to Use my Own KeyPair
+
+By default, jclouds will auto-generate a new [key pair](http://docs.openstack.org/user-guide/cli_nova_configure_access_security_for_instances.html)
+for the VM. This key pair will be deleted automatically when the VM is deleted.
+
+Alternatively, you can use a pre-existing key pair. If so, you must also specify the corresponding
+private key (pem file, or data) to be used for the initial login. For example:
+
+ location:
+ jclouds:clouds:openstack-nova:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ keyPair: "my-keypair"
+ loginUser: ubuntu
+ loginUser.privateKeyFile: /path/to/my/privatekey.pem
+
+
+#### Error "doesn't contain ... -----BEGIN"
+
+If using `loginUser.privateKeyFile` (or `loginUser.privateKeyData`), this is expected to be a .pem
+file. If a different format is used (e.g. a .ppk file), it will give an error like that below:
+
+ Error invoking start at EmptySoftwareProcessImpl{id=TrmhitVc}: chars
+ PuTTY-User-Key-File-2: ssh-rsa
+ ...
+ doesn't contain % line [-----BEGIN ]
+
+
+#### Warning Message: "Ignoring request to set..."
+
+If you see a warning log message like that below:
+
+ 2016-06-23 06:05:12,297 WARN o.a.b.l.j.JcloudsLocation [brooklyn-execmanager-XlwkWB3k-312]:
+ Ignoring request to set template option loginUser because this is not supported by
+ org.jclouds.openstack.nova.v2_0.compute.options.NovaTemplateOptions
+
+It can mean that the location configuration option is in the wrong place. The configuration under
+`templateOptions` must correspond to those options on the
+[jclouds Nova template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/openstack/nova/v2_0/compute/options/NovaTemplateOptions.html).
+However, template options such as `loginUser` are top-level configuration options that should not
+be inside the `templateOptions` section.
+
+
+#### HttpResponseException Accessing Compute Endpoint
+
+The Keystone endpoint is first queried to get the API access endpoints for the appropriate services.
+
+Some private OpenStack installs are (mis)configured such that the returned addresses are not always
+directly accessible. It could be that the service is behind a VPN, or that they rely on hostnames
+that are only in a private DNS.
+
+You can find the service endpoints in OpenStack, either using the CLI or the web-console. For
+example, in Blue Box the URL is https://tenant-region.openstack.blueboxgrid.com/project/access_and_security/.
--- End diff --
Same question as @andreaturli about whether we should use this non "public" cloud?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73155303
--- Diff: guide/yaml/setting-locations.md ---
@@ -24,22 +29,98 @@ Private cloud systems including `openstack-nova` and `cloudstack` are also suppo
although for these you'll supply an `endpoint: https://9.9.9.9:9999/v2.0/`
(or `client/api/` in the case of CloudStack) instead of the `region`.
+
+### "Bring Your Own Nodes" Example
+
You can also specify pre-existing servers to use -- "bring-your-own-nodes".
-These can be a global pool or specific to a service.
-Both styles are shown here (though normally only one will be selected,
-<!-- TODO see #1377, currently it is *parent* location which is preferred typically -->
-depending on the blueprint):
+The example below shows a pool of machines that will be used by the entities within the
+application.
{% highlight yaml %}
{% readj example_yaml/simple-appserver-with-location-byon.yaml %}
{% endhighlight %}
-Note in this example that we've used JSON-style notation in the second `location` block.
-YAML supports this, and sometimes that makes more readable plans.
-(Although in this case a simple `location: localhost` is equivalent and even more succinct,
-but this is a tutorial.)
-For more information see the [Operations: Locations]({{ site.path.guide }}/ops/locations) section of the User Guide.
-This includes support for defining locations externally in a [brooklyn.properties]({{ brooklyn_properties_url_path }}) file,
-after which you can deploy to clouds or bring-your-own-nodes
-simply as `location: jclouds:aws-ec2:eu-west-1` or `location: named:my_cloudstack`.
+### Single Line and Multi Line Locations
+
+A simple location can be specified on a single line. Alternatively, it can be split to have one
+configuration option per line (recommended for all but the simplest locations).
+
+For example, the two examples below are equivalent:
+
+{% highlight yaml %}
+location: byon(name="my loc",hosts="1.2.3.4",user="bob",privateKeyFile="~/.ssh/bob_id_rsa")
+{% endhighlight %}
+
+{% highlight yaml %}
+location:
+ byon:
+ name: "my loc"
+ hosts:
+ - "1.2.3.4"
+ user: "bob"
+ privateKeyFile: "~/.ssh/bob_id_rsa"
+{% endhighlight %}
+
+
+### Specific Locations for Specific Entities
+
+One can define specific locations on specific entities within the blueprint (instead of, or as
+well as, defining the location at the top-level of the blueprint).
+
+The example below will deploy Tomcat and JBoss App Server to different Bring Your Own Nodes
+locations:
+
+{% highlight yaml %}
+{% readj example_yaml/simple-appserver-with-location-per-entity.yaml %}
+{% endhighlight %}
+
+The rules for precedence when defining a location for an entity are:
+
+* The location defined on that specific entity.
+* If no location, then the first ancestor that defines an explicit location.
--- End diff --
If no location -> If no location is defined,
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73241436
--- Diff: guide/ops/locations/_openstack.md ---
@@ -32,12 +80,16 @@ Do this by setting the desired values id as an option in the
### Floating IPs
-Configuration of floating IPs is as networks; specify the pools to use as another
-[template option](#custom-template-options):
+The `autoAssignFloatingIp` option means that a [floating ip](https://www.mirantis.com/blog/configuring-floating-ip-addresses-networking-openstack-public-private-clouds/)
--- End diff --
You mention this value and what it does earlier (comment: [See comment below about this value]) -- perhaps create a small section that discusses this and both link to it?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs issue #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on the issue:
https://github.com/apache/brooklyn-docs/pull/98
A good update - thanks @aledsage! I've made some in-line comments about specific bits.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73239646
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
+section_type: inline
+section_position: 6
+---
+
+## CloudStack
+
+### Connection Details
+
+The endpoint URI will normally have the suffix `/client/api/`.
+
+The identity is the "api key" and the credential is the "secret key". These can be generated in
+the cloudstack gui: under accounts, select "view users", then "generate key".
+
+ location:
+ jclouds:cloudstack:
+ endpoint: https://cloud.acme.com/client/api
+ identity: abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghij
+ credential: mycred-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abc
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to CloudStack environments:
+
+* The `imageId` is the template id. For example,
+ `imageId: db0bcce3-9e9e-4a87-a953-2f46b603498f`.
+
+* The `region` is CloudStack zone id.
+ For example `region: 84539b9c-078e-458a-ae26-c3ffc5bb1ec9`..
+
+* `networkName` is the network id (within the given zone) to be used. For example,
+ `networkName: 961c03d4-9828-4037-9f4d-3dd597f60c4f`.
+
+For further configuration options, consult
+[jclouds CloudStack template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/cloudstack/compute/options/CloudStackTemplateOptions.html).
+These can be used with the **[templateOptions](#custom-template-options)** configuration option.
+
+
+### Using a Pre-existing Key Pair
+
+The configuration below uses a pre-existing key pair:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ loginUser: root
+ loginUser.privateKeyFile: /path/to/keypair.pem
+ keyPair: my-keypair
+
+
+### Using Pre-existing Security Groups
+
+To specify existing security groups, their ids must be used rather than their names (note this
+differs from the configuration on other clouds!).
+
+The configuration below uses a pre-existing security group:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ templateOptions:
+ generateSecurityGroup: false
+ securityGroupIds:
+ - 12345678-90ab-def0-1234-567890abcdef
+
+
+### Using Static NAT
+
+Assigning a public IP to a VM at provision-time is referred to as "static NAT" in CloudStack
+parlance. To give some consistency across different clouds, the configuration option is named
+`autoAssignFloatingIp`. For example, `autoAssignFloatingIp: false`.
+
+
+### Cloudmonkey CLI
+
+The [CloudStack Cloudmonkey CLI](https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI)
--- End diff --
It is marketed as Cloud**M**onkey
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73149481
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
--- End diff --
The title and section name should presumably be CloudStack not Openstack?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by bostko <gi...@git.apache.org>.
Github user bostko commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r72747048
--- Diff: guide/ops/locations/_openstack.md ---
@@ -91,33 +143,95 @@ This is the same OpenStack location in a format that can be added to your
brooklyn.location.named.My\ OpenStack.securityGroups=your-security-group
brooklyn.location.named.My\ OpenStack.keyPair=your-keypair
-Chose a value of `your-flavor-id` from one of the defaults, or create your own flavor if
-you have administrator privileges.
-For for more information, see the
-[OpenStack flavors guide](http://docs.openstack.org/admin-guide/cli_manage_flavors.html).
-The default flavors are:
+### Troubleshooting
- +-----+-----------+-----------+------+
- | ID | Name | Memory_MB | Disk |
- +-----+-----------+-----------+------+
- | 1 | m1.tiny | 512 | 1 |
- | 2 | m1.small | 2048 | 20 |
- | 3 | m1.medium | 4096 | 40 |
- | 4 | m1.large | 8192 | 80 |
- | 5 | m1.xlarge | 16384 | 160 |
- +-----+-----------+-----------+------+
+#### Cloud Credentials Failing
-For an even more detailed example location configuration, consult the
-[template properties file](https://brooklyn.apache.org/v/latest/start/brooklyn.properties).
+If the cloud API calls return `401 Unauthorized` (e.g. in a `org.jclouds.rest.AuthorizationException`),
+then this could be because the credentials are incorrect.
+A good way to check this is to try the same credentials with the
+[OpenStack nova command line client](http://docs.openstack.org/user-guide/common/cli_install_openstack_command_line_clients.html).
-### Other features
-Consult jclouds' [Nova template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/openstack/nova/v2_0/compute/options/NovaTemplateOptions.html)
-for futher options when configuring Openstack locations.
+#### Unable to SSH: Wrong User
+
+If SSH authentication fails, it could be that the login user is incorrect. For most clouds, this
+is inferred from the image metadata, but if no (or the wrong) login user is specified then it will
+default to root. The correct login user can be specified using the configuration option `loginUser`.
+For example, `loginUser: ubuntu`.
+
+The use of the wrong login user can also result in the obscure error shown below, caused by
+an unexpected response saying to use a different user. For more technical information, see
+this [sshj github issue](https://github.com/hierynomus/sshj/issues/75):
+
+ Received message too long 1349281121
+
+
+#### I Want to Use my Own KeyPair
+
+By default, jclouds will auto-generate a new [key pair](http://docs.openstack.org/user-guide/cli_nova_configure_access_security_for_instances.html)
+for the VM. This key pair will be deleted automatically when the VM is deleted.
+
+Alternatively, you can use a pre-existing key pair. If so, you must also specify the corresponding
+private key (pem file, or data) to be used for the initial login. For example:
+
+ location:
+ jclouds:clouds:openstack-nova:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ keyPair: "my-keypair"
+ loginUser: ubuntu
+ loginUser.privateKeyFile: /path/to/my/privatekey.pem
+
+
+#### Error "docesn't contain ... -----BEGIN"
--- End diff --
typo "doesn't"
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73150502
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
+section_type: inline
+section_position: 6
+---
+
+## CloudStack
+
+### Connection Details
+
+The endpoint URI will normally have the suffix `/client/api/`.
+
+The identity is the "api key" and the credential is the "secret key". These can be generated in
+the cloudstack gui: under accounts, select "view users", then "generate key".
+
+ location:
+ jclouds:cloudstack:
+ endpoint: https://cloud.acme.com/client/api
+ identity: abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghij
+ credential: mycred-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abc
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to CloudStack environments:
+
+* The `imageId` is the template id. For example,
+ `imageId: db0bcce3-9e9e-4a87-a953-2f46b603498f`.
+
+* The `region` is CloudStack zone id.
+ For example `region: 84539b9c-078e-458a-ae26-c3ffc5bb1ec9`..
+
+* `networkName` is the network id (within the given zone) to be used. For example,
+ `networkName: 961c03d4-9828-4037-9f4d-3dd597f60c4f`.
+
+For further configuration options, consult
+[jclouds CloudStack template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/cloudstack/compute/options/CloudStackTemplateOptions.html).
+These can be used with the **[templateOptions](#custom-template-options)** configuration option.
+
+
+### Using a Pre-existing Key Pair
+
+The configuration below uses a pre-existing key pair:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ loginUser: root
+ loginUser.privateKeyFile: /path/to/keypair.pem
+ keyPair: my-keypair
+
+
+### Using Pre-existing Security Groups
+
+To specify existing security groups, their ids must be used rather than their names (note this
+differs from the configuration on other clouds!).
+
+The configuration below uses a pre-existing security group:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ templateOptions:
+ generateSecurityGroup: false
+ securityGroupIds:
+ - 12345678-90ab-def0-1234-567890abcdef
+
+
+### Using Static NAT
+
+Assigning a public IP to a VM at provision-time is referred to as "static NAT" in CloudStack
+parlance. To give some consistency across different clouds, the configuration option is named
+`autoAssignFloatingIp`. For example, `autoAssignFloatingIp: false`.
+
+
+### Cloudmonkey CLI
+
+The [CloudStack Cloudmonkey CLI](https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI)
+is a very useful tool for validating that credentials are correct, and for querying the API to find the correct
+zone ids etc.
+
+Useful commands include:
+
+ # for finding the ids of the zones:
+ cloudmonkey api listZones
+
+ # for finding the ids of the networks.
+ cloudmonkey api listNetworks | grep -E "id =|name =|========="
+
+### CloudStack Troubleshooting
+
+These troubleshooting tips are more geared towards problems encountered in old test/dev
+CloudPlatform environment.
+
+#### Resource Garbage Collection Issues
+
+The environment may run out of resources, due to GC issues, preventing the user from creating new
+VMs or allocating IP addresses (May respond with this error message:
+`errorCode=INTERNAL_ERROR, errorText=Job failed due to exception Unable to create a deployment for VM`).
+There are two options worth checking it to enforce clearing up the zombie resources:
+
+* Goto the Accounts tab in the webconsole and tap on the Update Resource Count button.
+* Restart the VPC in question from the Network tab.
+
+
+#### Releasing Allocated Public IP Addresses
+
+Releasing allocated Public IP from the web console did not free up the resources. Instead
--- End diff --
Releasing allocated -> Releasing an allocated
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by aledsage <gi...@git.apache.org>.
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73409488
--- Diff: guide/ops/locations/_AWS.md ---
@@ -111,3 +125,15 @@ You can then deploy blueprints to the subnet, allowing VPC hardware instance typ
by specifying the subnet ID as the `networkName` in your YAML blueprint.
This is covered in the previous section, "Using Subnets".
+
+### Tidying up after jclouds
+
+Security groups are not always deleted by jclouds. This is due to a limitation in AWS (see
+https://issues.apache.org/jira/browse/JCLOUDS-207). In brief, AWS prevents the security group
+being deleted until there are no VMs using it. However, there is eventual consistency for
+recording which VMs still reference those security groups: after deleting the VM, it can sometimes
+take several minutes before the security group can be deleted. jclouds retries for 3 seconds, but
--- End diff --
Not sure I follow this rewording - I prefer the original. It is AWS's use of eventual consistency that causes the problem (rather than immediate consistency) - hence saying "However" rather than "Whilst there is eventual consistency...".
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73153896
--- Diff: guide/ops/locations/index.md ---
@@ -6,21 +6,13 @@ children:
check_directory_for_children: true
---
-Locations are the environments to which Brooklyn deploys applications, including:
+Locations are the environments to which Brooklyn deploys applications. Most commonly these
+are cloud services such as AWS, GCE, and IBM Softlayer. Brooklyn also supports deploying
+to a pre-provisioned network or to localhost (primarily useful for testing blueprints).
-Brooklyn supports a wide range of locations:
-
-* <a href="#clouds">Clouds</a>, where it will provision machines
-* <a href="#localhost">Localhost</a> (e.g. your laptop),
- where it will deploy via `ssh` to `localhost` for rapid testing
-* <a href="#byon">BYON</a>, where you "bring your own nodes",
- specifying already-existing hosts to use
-* And many others, including object stores and online services
-
-Configuration can be set in `~/.brooklyn/brooklyn.properties`, through the
-location wizard tool available within the web console
-or directly in YAML when specifying a location.
-On some entities, config keys determining matching selection and provisioning behavior
-can also be set in `provisioning.properties`.
+Also see the [Locations yaml guide]({{ site.path.guide }}/yaml/setting-locations.html),
+use within an entity of [provisioning.properties]({{ site.path.guide }}/yaml/entity-configuration.html#entity-provisioningproperties-overriding-and-merging),
+how to add location definitions to the [Catalog]({{ site.path.guide }}/ops/catalog/),
+and how to use [Externalized Configuration](({{ site.path.guide }}/ops/externalized-configuration.html).
--- End diff --
This link has one too many opening parentheses
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73240673
--- Diff: guide/ops/locations/_openstack.md ---
@@ -1,18 +1,66 @@
---
-section: Openstack
-title: Openstack
+section: OpenStack
+title: OpenStack
section_type: inline
section_position: 6
---
-## Openstack
+## OpenStack
### Apache jclouds
Support for OpenStack is provided by Apache jclouds. For more information, see their guide
[here](https://jclouds.apache.org/guides/openstack/).
+### Connection Details
+
+The endpoint URI is that of keystone (normally on port 5000).
+
+The identity normally consists of the tenant and username, colons-separated. The credential is
--- End diff --
Remove the semi-colon and then it looks good.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by bostko <gi...@git.apache.org>.
Github user bostko commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r72747191
--- Diff: guide/yaml/winrm/index.md ---
@@ -312,7 +312,7 @@ The script works for most of the Windows images out there version 2008 and later
Please ensure that Brooklyn's changes are compatible with your organisation's security policy.
-Check Microsoft Documentation for more information about [Negotiate authenticate mechanism on technet.microsoft.com](https://msdn.microsoft.com/en-us/library/windows/desktop/aa378748\(v=vs.85\).aspx)
+Check Microsoft Documentation for more information about [Negotiate authenticate mechanism on technet.microsoft.com](https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx)
--- End diff --
in Markdown brackets have to escaped for urls `\(\)`
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by aledsage <gi...@git.apache.org>.
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73412004
--- Diff: guide/ops/locations/_GCE.md ---
@@ -43,4 +82,10 @@ For example, for dev/demo purposes an "everything" network could be created that
|| Source IP Ranges || 0.0.0.0/0 |
|| Allowed protocols and ports || tcp:0-65535 and udp:0-65535 |
+To configure the location to use this, you can include a location configuration option like
+`networkName: everything`.
--- End diff --
Thanks for checking thoroughly/properly! I had an example kicking around in my catalog that said "networkName", but I hadn't tested it recently (ever?!). I'll change this to your example.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73241839
--- Diff: guide/ops/locations/_openstack.md ---
@@ -91,33 +143,95 @@ This is the same OpenStack location in a format that can be added to your
brooklyn.location.named.My\ OpenStack.securityGroups=your-security-group
brooklyn.location.named.My\ OpenStack.keyPair=your-keypair
-Chose a value of `your-flavor-id` from one of the defaults, or create your own flavor if
-you have administrator privileges.
-For for more information, see the
-[OpenStack flavors guide](http://docs.openstack.org/admin-guide/cli_manage_flavors.html).
-The default flavors are:
+### Troubleshooting
- +-----+-----------+-----------+------+
- | ID | Name | Memory_MB | Disk |
- +-----+-----------+-----------+------+
- | 1 | m1.tiny | 512 | 1 |
- | 2 | m1.small | 2048 | 20 |
- | 3 | m1.medium | 4096 | 40 |
- | 4 | m1.large | 8192 | 80 |
- | 5 | m1.xlarge | 16384 | 160 |
- +-----+-----------+-----------+------+
+#### Cloud Credentials Failing
-For an even more detailed example location configuration, consult the
-[template properties file](https://brooklyn.apache.org/v/latest/start/brooklyn.properties).
+If the cloud API calls return `401 Unauthorized` (e.g. in a `org.jclouds.rest.AuthorizationException`),
+then this could be because the credentials are incorrect.
+A good way to check this is to try the same credentials with the
+[OpenStack nova command line client](http://docs.openstack.org/user-guide/common/cli_install_openstack_command_line_clients.html).
-### Other features
-Consult jclouds' [Nova template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/openstack/nova/v2_0/compute/options/NovaTemplateOptions.html)
-for futher options when configuring Openstack locations.
+#### Unable to SSH: Wrong User
+
+If SSH authentication fails, it could be that the login user is incorrect. For most clouds, this
--- End diff --
This problem can also manifest itself with an endless hang on the first SSH command after VMs have been provisioned -- I believe I've seen this when using OpenStack with the wrong username (e.g. "centos" instead of "ubuntu").
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by aledsage <gi...@git.apache.org>.
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73412865
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
+section_type: inline
+section_position: 6
+---
+
+## CloudStack
+
+### Connection Details
+
+The endpoint URI will normally have the suffix `/client/api/`.
+
+The identity is the "api key" and the credential is the "secret key". These can be generated in
+the cloudstack gui: under accounts, select "view users", then "generate key".
+
+ location:
+ jclouds:cloudstack:
+ endpoint: https://cloud.acme.com/client/api
+ identity: abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghij
+ credential: mycred-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abc
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to CloudStack environments:
+
+* The `imageId` is the template id. For example,
+ `imageId: db0bcce3-9e9e-4a87-a953-2f46b603498f`.
+
+* The `region` is CloudStack zone id.
+ For example `region: 84539b9c-078e-458a-ae26-c3ffc5bb1ec9`..
+
+* `networkName` is the network id (within the given zone) to be used. For example,
+ `networkName: 961c03d4-9828-4037-9f4d-3dd597f60c4f`.
+
+For further configuration options, consult
+[jclouds CloudStack template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/cloudstack/compute/options/CloudStackTemplateOptions.html).
+These can be used with the **[templateOptions](#custom-template-options)** configuration option.
+
+
+### Using a Pre-existing Key Pair
+
+The configuration below uses a pre-existing key pair:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ loginUser: root
+ loginUser.privateKeyFile: /path/to/keypair.pem
+ keyPair: my-keypair
+
+
+### Using Pre-existing Security Groups
+
+To specify existing security groups, their ids must be used rather than their names (note this
+differs from the configuration on other clouds!).
+
+The configuration below uses a pre-existing security group:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ templateOptions:
+ generateSecurityGroup: false
+ securityGroupIds:
+ - 12345678-90ab-def0-1234-567890abcdef
+
+
+### Using Static NAT
+
+Assigning a public IP to a VM at provision-time is referred to as "static NAT" in CloudStack
+parlance. To give some consistency across different clouds, the configuration option is named
+`autoAssignFloatingIp`. For example, `autoAssignFloatingIp: false`.
+
+
+### Cloudmonkey CLI
+
+The [CloudStack Cloudmonkey CLI](https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI)
+is a very useful tool for validating that credentials are correct, and for querying the API to find the correct
+zone ids etc.
+
+Useful commands include:
+
+ # for finding the ids of the zones:
+ cloudmonkey api listZones
+
+ # for finding the ids of the networks.
+ cloudmonkey api listNetworks | grep -E "id =|name =|========="
+
+### CloudStack Troubleshooting
+
+These troubleshooting tips are more geared towards problems encountered in old test/dev
+CloudPlatform environment.
--- End diff --
Doh, "CloudPlatform" was the name of Citrix's offering (which was pretty much CloudStack with support, plus a slightly different release cycle for testing etc). I'll change to CloudStack!
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73152310
--- Diff: guide/ops/locations/_openstack.md ---
@@ -1,18 +1,66 @@
---
-section: Openstack
-title: Openstack
+section: OpenStack
+title: OpenStack
section_type: inline
section_position: 6
---
-## Openstack
+## OpenStack
### Apache jclouds
Support for OpenStack is provided by Apache jclouds. For more information, see their guide
[here](https://jclouds.apache.org/guides/openstack/).
+### Connection Details
+
+The endpoint URI is that of keystone (normally on port 5000).
+
+The identity normally consists of the tenant and username, colons-separated. The credential is
+the password. For example:
+
+ location:
+ jclouds:openstack-nova:
+ endpoint: http://x.x.x.x:5000/v2.0/
+ identity: "your-tenant:your-username"
+ credential: your-password
+
+OpenStack Nova access information can be downloaded from the openstack web interface, for example
+as an openrc.sh file. This file will normally contain the identity and credential.
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to OpenStack environments:
+
+* The `imageId` is the id of an image. For example,
+ `imageId: RegionOne/08086159-8b0b-4970-b332-a7a929ee601f`.
+ These ids can be found from the the CLI or the web-console, for example in IBM Blue Box,
--- End diff --
IBM Blue Box London
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73240077
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
+section_type: inline
+section_position: 6
+---
+
+## CloudStack
+
+### Connection Details
+
+The endpoint URI will normally have the suffix `/client/api/`.
+
+The identity is the "api key" and the credential is the "secret key". These can be generated in
+the cloudstack gui: under accounts, select "view users", then "generate key".
+
+ location:
+ jclouds:cloudstack:
+ endpoint: https://cloud.acme.com/client/api
+ identity: abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghij
+ credential: mycred-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abc
--- End diff --
Externalized config warning here?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/brooklyn-docs/pull/98
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73149250
--- Diff: guide/ops/locations/_GCE.md ---
@@ -43,4 +82,10 @@ For example, for dev/demo purposes an "everything" network could be created that
|| Source IP Ranges || 0.0.0.0/0 |
|| Allowed protocols and ports || tcp:0-65535 and udp:0-65535 |
+To configure the location to use this, you can include a location configuration option like
+`networkName: everything`.
--- End diff --
I couldn't get this to work, I ended up using:
```
templateOptions:
network: https://www.googleapis.com/compute/v1/projects/<project name>/global/networks/everything
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73240175
--- Diff: guide/ops/locations/_ibm-softlayer.md ---
@@ -7,6 +7,34 @@ section_position: 5
## IBM SoftLayer
+### Credentials
+
+Credentials can be obtained from the Softlayer API, under "administrative -> user administration -> api-access".
+
+For example:
+
+ location:
+ jclouds:softlayer:
+ region: ams01
+ identity: my-user-name
+ credential: 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
--- End diff --
Externalized config warning here?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73241286
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
+section_type: inline
+section_position: 6
+---
+
+## CloudStack
+
+### Connection Details
+
+The endpoint URI will normally have the suffix `/client/api/`.
+
+The identity is the "api key" and the credential is the "secret key". These can be generated in
+the cloudstack gui: under accounts, select "view users", then "generate key".
+
+ location:
+ jclouds:cloudstack:
+ endpoint: https://cloud.acme.com/client/api
+ identity: abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghij
+ credential: mycred-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abc
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to CloudStack environments:
+
+* The `imageId` is the template id. For example,
+ `imageId: db0bcce3-9e9e-4a87-a953-2f46b603498f`.
+
+* The `region` is CloudStack zone id.
+ For example `region: 84539b9c-078e-458a-ae26-c3ffc5bb1ec9`..
+
+* `networkName` is the network id (within the given zone) to be used. For example,
+ `networkName: 961c03d4-9828-4037-9f4d-3dd597f60c4f`.
+
+For further configuration options, consult
+[jclouds CloudStack template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/cloudstack/compute/options/CloudStackTemplateOptions.html).
+These can be used with the **[templateOptions](#custom-template-options)** configuration option.
+
+
+### Using a Pre-existing Key Pair
+
+The configuration below uses a pre-existing key pair:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ loginUser: root
+ loginUser.privateKeyFile: /path/to/keypair.pem
+ keyPair: my-keypair
+
+
+### Using Pre-existing Security Groups
+
+To specify existing security groups, their ids must be used rather than their names (note this
+differs from the configuration on other clouds!).
+
+The configuration below uses a pre-existing security group:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ templateOptions:
+ generateSecurityGroup: false
+ securityGroupIds:
+ - 12345678-90ab-def0-1234-567890abcdef
+
+
+### Using Static NAT
+
+Assigning a public IP to a VM at provision-time is referred to as "static NAT" in CloudStack
+parlance. To give some consistency across different clouds, the configuration option is named
+`autoAssignFloatingIp`. For example, `autoAssignFloatingIp: false`.
--- End diff --
[See comment below about this value]
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73239082
--- Diff: guide/ops/locations/_AWS.md ---
@@ -111,3 +125,15 @@ You can then deploy blueprints to the subnet, allowing VPC hardware instance typ
by specifying the subnet ID as the `networkName` in your YAML blueprint.
This is covered in the previous section, "Using Subnets".
+
+### Tidying up after jclouds
+
+Security groups are not always deleted by jclouds. This is due to a limitation in AWS (see
+https://issues.apache.org/jira/browse/JCLOUDS-207). In brief, AWS prevents the security group
+being deleted until there are no VMs using it. However, there is eventual consistency for
+recording which VMs still reference those security groups: after deleting the VM, it can sometimes
+take several minutes before the security group can be deleted. jclouds retries for 3 seconds, but
+does not block for longer.
+
+There is utility written by Cloudsoft for deleting these unused resources:
+http://www.cloudsoftcorp.com/blog/2013/03/tidying-up-after-jclouds.
--- End diff --
Does that mean we've lost all blog posts before [http://www.cloudsoft.io/blog/2015/01/gitlab-flow-ftw]?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73238334
--- Diff: guide/ops/locations/_AWS.md ---
@@ -19,21 +19,35 @@ and [AWS IAM instructions](http://docs.aws.amazon.com/IAM/latest/UserGuide/Manag
An example of the expected format is shown below:
- brooklyn.location.jclouds.aws-ec2.identity=ABCDEFGHIJKLMNOPQRST
- brooklyn.location.jclouds.aws-ec2.credential=abcdefghijklmnopqrstu+vwxyzabcdefghijklm
+ location:
+ jclouds:aws-ec2:
+ region: us-east-1
+ identity: ABCDEFGHIJKLMNOPQRST
+ credential: abcdefghijklmnopqrstu+vwxyzabcdefghijklm
+Users are strongly recommended to use
+[externalized configuration]({{ site.path.guide }}/ops/externalized-configuration.html) for better
+credential management, for example using [Vault](https://www.vaultproject.io/).
-### Tidying up after jclouds
-Security groups are not always deleted by jclouds. This is due to a limitation in AWS (see
-https://issues.apache.org/jira/browse/JCLOUDS-207). In brief, AWS prevents the security group
-being deleted until there are no VMs using it. However, there is eventual consistency for
-recording which VMs still reference those security groups: after deleting the VM, it can sometimes
-take several minutes before the security group can be deleted. jclouds retries for 3 seconds, but
-does not block for longer.
+### Common Configuration Options
-There is utility written by Cloudsoft for deleting these unused resources:
-http://www.cloudsoftcorp.com/blog/2013/03/tidying-up-after-jclouds.
+Below are examples of configuration options that use values specific to AWS EC2:
+
+* The `region` is the [AWS region code](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html).
+ For example, `region: us-east-1`. One can also in-line this value when such as `jclouds:aws-ec2:us-east-1`.
--- End diff --
+1
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by aledsage <gi...@git.apache.org>.
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73418206
--- Diff: guide/ops/locations/_openstack.md ---
@@ -32,12 +80,16 @@ Do this by setting the desired values id as an option in the
### Floating IPs
-Configuration of floating IPs is as networks; specify the pools to use as another
-[template option](#custom-template-options):
+The `autoAssignFloatingIp` option means that a [floating ip](https://www.mirantis.com/blog/configuring-floating-ip-addresses-networking-openstack-public-private-clouds/)
--- End diff --
Could do - but the two mentions are in CloudStack and OpenStack pages. We could do with a general description of the options available (rather than just calling out a small number of specific ones for each cloud). When we write that, then we'll include this description. But not in this PR.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73151662
--- Diff: guide/ops/locations/_localhost.md ---
@@ -7,30 +7,41 @@ section_type: inline
### Localhost
If passwordless ssh login to `localhost` and passwordless `sudo` is enabled on your
-machine, you should be able to deploy blueprints with no special configuration,
+machine, you should be able to deploy some blueprints with no special configuration,
just by specifying `location: localhost` in YAML.
If you use a passpharse or prefer a different key, these can be configured as follows:
-{% highlight bash %}
-brooklyn.location.localhost.privateKeyFile=~/.ssh/brooklyn_key
-brooklyn.location.localhost.privateKeyPassphrase=s3cr3tPASSPHRASE
-{% endhighlight %}
+ location:
+ localhost:
+ privateKeyFile=~/.ssh/brooklyn_key
+ privateKeyPassphrase=s3cr3tPASSPHRASE
+
Alternatively, you can create a specific localhost location through the location wizard tool available within the web console.
This location will be saved as a [catalog entry]({{ site.path.guide }}/ops/catalog/index.html#locations-in-catalog) for easy reusability.
--- End diff --
This is now #locations-in-the-catalog
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73149870
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
+section_type: inline
+section_position: 6
+---
+
+## CloudStack
+
+### Connection Details
+
+The endpoint URI will normally have the suffix `/client/api/`.
+
+The identity is the "api key" and the credential is the "secret key". These can be generated in
+the cloudstack gui: under accounts, select "view users", then "generate key".
--- End diff --
I would keep the capitalisation of CloudStack consistent
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73148099
--- Diff: guide/ops/locations/_AWS.md ---
@@ -111,3 +125,15 @@ You can then deploy blueprints to the subnet, allowing VPC hardware instance typ
by specifying the subnet ID as the `networkName` in your YAML blueprint.
This is covered in the previous section, "Using Subnets".
+
+### Tidying up after jclouds
+
+Security groups are not always deleted by jclouds. This is due to a limitation in AWS (see
+https://issues.apache.org/jira/browse/JCLOUDS-207). In brief, AWS prevents the security group
+being deleted until there are no VMs using it. However, there is eventual consistency for
+recording which VMs still reference those security groups: after deleting the VM, it can sometimes
+take several minutes before the security group can be deleted. jclouds retries for 3 seconds, but
--- End diff --
"However, there is eventual consistency for recording which VMs still reference those security groups: after deleting the VM, it can sometimes take several minutes before the security group can be deleted"
"Whilst there is eventual consistency for recording which VMs still reference security groups, after deleting a VM, it can sometimes take several minutes before the security group can be deleted"
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by andreaturli <gi...@git.apache.org>.
Github user andreaturli commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73162281
--- Diff: guide/ops/locations/_openstack.md ---
@@ -1,18 +1,66 @@
---
-section: Openstack
-title: Openstack
+section: OpenStack
+title: OpenStack
section_type: inline
section_position: 6
---
-## Openstack
+## OpenStack
### Apache jclouds
Support for OpenStack is provided by Apache jclouds. For more information, see their guide
[here](https://jclouds.apache.org/guides/openstack/).
+### Connection Details
+
+The endpoint URI is that of keystone (normally on port 5000).
+
+The identity normally consists of the tenant and username, colons-separated. The credential is
+the password. For example:
+
+ location:
+ jclouds:openstack-nova:
+ endpoint: http://x.x.x.x:5000/v2.0/
+ identity: "your-tenant:your-username"
+ credential: your-password
+
+OpenStack Nova access information can be downloaded from the openstack web interface, for example
+as an openrc.sh file. This file will normally contain the identity and credential.
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to OpenStack environments:
+
+* The `imageId` is the id of an image. For example,
+ `imageId: RegionOne/08086159-8b0b-4970-b332-a7a929ee601f`.
+ These ids can be found from the the CLI or the web-console, for example in IBM Blue Box,
--- End diff --
not sure it is a good example as it is not a "public" cloud
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73239894
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
+section_type: inline
+section_position: 6
+---
+
+## CloudStack
+
+### Connection Details
+
+The endpoint URI will normally have the suffix `/client/api/`.
+
+The identity is the "api key" and the credential is the "secret key". These can be generated in
+the cloudstack gui: under accounts, select "view users", then "generate key".
+
+ location:
+ jclouds:cloudstack:
+ endpoint: https://cloud.acme.com/client/api
+ identity: abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghij
+ credential: mycred-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abc
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to CloudStack environments:
+
+* The `imageId` is the template id. For example,
+ `imageId: db0bcce3-9e9e-4a87-a953-2f46b603498f`.
+
+* The `region` is CloudStack zone id.
+ For example `region: 84539b9c-078e-458a-ae26-c3ffc5bb1ec9`..
+
+* `networkName` is the network id (within the given zone) to be used. For example,
+ `networkName: 961c03d4-9828-4037-9f4d-3dd597f60c4f`.
+
+For further configuration options, consult
+[jclouds CloudStack template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/cloudstack/compute/options/CloudStackTemplateOptions.html).
+These can be used with the **[templateOptions](#custom-template-options)** configuration option.
+
+
+### Using a Pre-existing Key Pair
+
+The configuration below uses a pre-existing key pair:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ loginUser: root
+ loginUser.privateKeyFile: /path/to/keypair.pem
+ keyPair: my-keypair
+
+
+### Using Pre-existing Security Groups
+
+To specify existing security groups, their ids must be used rather than their names (note this
+differs from the configuration on other clouds!).
+
+The configuration below uses a pre-existing security group:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ templateOptions:
+ generateSecurityGroup: false
+ securityGroupIds:
+ - 12345678-90ab-def0-1234-567890abcdef
+
+
+### Using Static NAT
+
+Assigning a public IP to a VM at provision-time is referred to as "static NAT" in CloudStack
+parlance. To give some consistency across different clouds, the configuration option is named
+`autoAssignFloatingIp`. For example, `autoAssignFloatingIp: false`.
+
+
+### Cloudmonkey CLI
+
+The [CloudStack Cloudmonkey CLI](https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI)
+is a very useful tool for validating that credentials are correct, and for querying the API to find the correct
+zone ids etc.
+
+Useful commands include:
+
+ # for finding the ids of the zones:
+ cloudmonkey api listZones
+
+ # for finding the ids of the networks.
+ cloudmonkey api listNetworks | grep -E "id =|name =|========="
+
+### CloudStack Troubleshooting
+
+These troubleshooting tips are more geared towards problems encountered in old test/dev
+CloudPlatform environment.
+
+#### Resource Garbage Collection Issues
+
+The environment may run out of resources, due to GC issues, preventing the user from creating new
+VMs or allocating IP addresses (May respond with this error message:
+`errorCode=INTERNAL_ERROR, errorText=Job failed due to exception Unable to create a deployment for VM`).
+There are two options worth checking it to enforce clearing up the zombie resources:
+
+* Goto the Accounts tab in the webconsole and tap on the Update Resource Count button.
+* Restart the VPC in question from the Network tab.
+
+
+#### Releasing Allocated Public IP Addresses
+
+Releasing allocated Public IP from the web console did not free up the resources. Instead
+Cloudmonkey can be used to dissociate IPs and expunge VMs.
+
+Here is a cloudmonkey script to dissociate any zombie IPs:
+
+ cloudmonkey set display json;
+ cloudmonkey api listPublicIpAddresses | grep '"id":' > ips.txt;
+ sed -i -e s/' "id": "'/''/g ips.txt;
+ sed -i -e s/'",'/''/g ips.txt
+ for line in $(cat ips.txt); do cloudmonkey api disassociateIpAddress id="$line"; done
+ rm ips.txt;
+ cloudmonkey set display default;
+
+
+#### Restarting VPCs
+
+Errors have been encountered when a zone failed to provision new VMs, giving errors like:
--- End diff --
"giving errors like" -> "with messages like"
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs issue #98: Improve location docs
Posted by aledsage <gi...@git.apache.org>.
Github user aledsage commented on the issue:
https://github.com/apache/brooklyn-docs/pull/98
Thanks @drigodwin @andreaturli @mikezaccardo - I've incorporated those comments, and am merging now.
The only ones I didn't incorporate were:
* I left the Blue Box examples for OpenStack;
* The suggested wording of "Whilst there is eventual consistency..."; and
* The wrong-user problem manifesting itself as "endless hang on the first SSH command".
For the last one, I'd prefer if we could be more specific about the symptoms and reason. I wonder if it really is an endless hang, or just a lot of retries?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by aledsage <gi...@git.apache.org>.
Github user aledsage commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73140636
--- Diff: guide/yaml/winrm/index.md ---
@@ -312,7 +312,7 @@ The script works for most of the Windows images out there version 2008 and later
Please ensure that Brooklyn's changes are compatible with your organisation's security policy.
-Check Microsoft Documentation for more information about [Negotiate authenticate mechanism on technet.microsoft.com](https://msdn.microsoft.com/en-us/library/windows/desktop/aa378748\(v=vs.85\).aspx)
+Check Microsoft Documentation for more information about [Negotiate authenticate mechanism on technet.microsoft.com](https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx)
--- End diff --
When I test locally with `jekyll serve`, it doesn't need the backslash before the bracket - and gives the wrong url with the backslash. For example, the old link points at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa378748/(v=vs.85/).aspx
Looking again, that is all that was wrong with the link (making it broken in the final docs - see http://brooklyn.apache.org/v/latest/yaml/winrm/index.html).
I'll change it back to the original link, with the backslashes removed.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73239440
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
+section_type: inline
+section_position: 6
+---
+
+## CloudStack
+
+### Connection Details
+
+The endpoint URI will normally have the suffix `/client/api/`.
+
+The identity is the "api key" and the credential is the "secret key". These can be generated in
+the cloudstack gui: under accounts, select "view users", then "generate key".
+
+ location:
+ jclouds:cloudstack:
+ endpoint: https://cloud.acme.com/client/api
+ identity: abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghij
+ credential: mycred-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abc
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to CloudStack environments:
+
+* The `imageId` is the template id. For example,
+ `imageId: db0bcce3-9e9e-4a87-a953-2f46b603498f`.
+
+* The `region` is CloudStack zone id.
+ For example `region: 84539b9c-078e-458a-ae26-c3ffc5bb1ec9`..
+
+* `networkName` is the network id (within the given zone) to be used. For example,
+ `networkName: 961c03d4-9828-4037-9f4d-3dd597f60c4f`.
+
+For further configuration options, consult
+[jclouds CloudStack template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/cloudstack/compute/options/CloudStackTemplateOptions.html).
+These can be used with the **[templateOptions](#custom-template-options)** configuration option.
+
+
+### Using a Pre-existing Key Pair
+
+The configuration below uses a pre-existing key pair:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ loginUser: root
+ loginUser.privateKeyFile: /path/to/keypair.pem
+ keyPair: my-keypair
+
+
+### Using Pre-existing Security Groups
+
+To specify existing security groups, their ids must be used rather than their names (note this
--- End diff --
"ids" -> "IDs"
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by andreaturli <gi...@git.apache.org>.
Github user andreaturli commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73162080
--- Diff: guide/ops/locations/_openstack.md ---
@@ -1,18 +1,66 @@
---
-section: Openstack
-title: Openstack
+section: OpenStack
+title: OpenStack
section_type: inline
section_position: 6
---
-## Openstack
+## OpenStack
### Apache jclouds
Support for OpenStack is provided by Apache jclouds. For more information, see their guide
[here](https://jclouds.apache.org/guides/openstack/).
+### Connection Details
+
+The endpoint URI is that of keystone (normally on port 5000).
+
+The identity normally consists of the tenant and username, colons-separated. The credential is
+the password. For example:
+
+ location:
+ jclouds:openstack-nova:
+ endpoint: http://x.x.x.x:5000/v2.0/
+ identity: "your-tenant:your-username"
+ credential: your-password
+
+OpenStack Nova access information can be downloaded from the openstack web interface, for example
--- End diff --
usually available from `API Access` tab in `Access & Security` section
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73238552
--- Diff: guide/ops/locations/_AWS.md ---
@@ -111,3 +125,15 @@ You can then deploy blueprints to the subnet, allowing VPC hardware instance typ
by specifying the subnet ID as the `networkName` in your YAML blueprint.
This is covered in the previous section, "Using Subnets".
+
+### Tidying up after jclouds
+
+Security groups are not always deleted by jclouds. This is due to a limitation in AWS (see
+https://issues.apache.org/jira/browse/JCLOUDS-207). In brief, AWS prevents the security group
--- End diff --
"...prevents the security group *+from* being deleted..."
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73150363
--- Diff: guide/ops/locations/_cloudstack.md ---
@@ -0,0 +1,138 @@
+---
+section: Openstack
+title: Openstack
+section_type: inline
+section_position: 6
+---
+
+## CloudStack
+
+### Connection Details
+
+The endpoint URI will normally have the suffix `/client/api/`.
+
+The identity is the "api key" and the credential is the "secret key". These can be generated in
+the cloudstack gui: under accounts, select "view users", then "generate key".
+
+ location:
+ jclouds:cloudstack:
+ endpoint: https://cloud.acme.com/client/api
+ identity: abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghij
+ credential: mycred-abcdefghijklmnopqrstuvwxyz01234567890-abcdefghijklmnopqrstuvwxyz01234567890-abc
+
+
+### Common Configuration Options
+
+Below are examples of configuration options that use values specific to CloudStack environments:
+
+* The `imageId` is the template id. For example,
+ `imageId: db0bcce3-9e9e-4a87-a953-2f46b603498f`.
+
+* The `region` is CloudStack zone id.
+ For example `region: 84539b9c-078e-458a-ae26-c3ffc5bb1ec9`..
+
+* `networkName` is the network id (within the given zone) to be used. For example,
+ `networkName: 961c03d4-9828-4037-9f4d-3dd597f60c4f`.
+
+For further configuration options, consult
+[jclouds CloudStack template options](https://jclouds.apache.org/reference/javadoc/1.9.x/org/jclouds/cloudstack/compute/options/CloudStackTemplateOptions.html).
+These can be used with the **[templateOptions](#custom-template-options)** configuration option.
+
+
+### Using a Pre-existing Key Pair
+
+The configuration below uses a pre-existing key pair:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ jclouds.openstack-nova.auto-generate-keypairs: false
+ loginUser: root
+ loginUser.privateKeyFile: /path/to/keypair.pem
+ keyPair: my-keypair
+
+
+### Using Pre-existing Security Groups
+
+To specify existing security groups, their ids must be used rather than their names (note this
+differs from the configuration on other clouds!).
+
+The configuration below uses a pre-existing security group:
+
+ location:
+ jclouds:cloudstack:
+ ...
+ templateOptions:
+ generateSecurityGroup: false
+ securityGroupIds:
+ - 12345678-90ab-def0-1234-567890abcdef
+
+
+### Using Static NAT
+
+Assigning a public IP to a VM at provision-time is referred to as "static NAT" in CloudStack
+parlance. To give some consistency across different clouds, the configuration option is named
+`autoAssignFloatingIp`. For example, `autoAssignFloatingIp: false`.
+
+
+### Cloudmonkey CLI
+
+The [CloudStack Cloudmonkey CLI](https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+cloudmonkey+CLI)
+is a very useful tool for validating that credentials are correct, and for querying the API to find the correct
+zone ids etc.
+
+Useful commands include:
+
+ # for finding the ids of the zones:
+ cloudmonkey api listZones
+
+ # for finding the ids of the networks.
+ cloudmonkey api listNetworks | grep -E "id =|name =|========="
+
+### CloudStack Troubleshooting
+
+These troubleshooting tips are more geared towards problems encountered in old test/dev
+CloudPlatform environment.
+
+#### Resource Garbage Collection Issues
+
+The environment may run out of resources, due to GC issues, preventing the user from creating new
+VMs or allocating IP addresses (May respond with this error message:
+`errorCode=INTERNAL_ERROR, errorText=Job failed due to exception Unable to create a deployment for VM`).
+There are two options worth checking it to enforce clearing up the zombie resources:
+
+* Goto the Accounts tab in the webconsole and tap on the Update Resource Count button.
--- End diff --
Goto -> Go to
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by mikezaccardo <gi...@git.apache.org>.
Github user mikezaccardo commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73242970
--- Diff: guide/yaml/setting-locations.md ---
@@ -24,22 +29,98 @@ Private cloud systems including `openstack-nova` and `cloudstack` are also suppo
although for these you'll supply an `endpoint: https://9.9.9.9:9999/v2.0/`
(or `client/api/` in the case of CloudStack) instead of the `region`.
+
+### "Bring Your Own Nodes" Example
--- End diff --
"Bring Your Own Nodes" Example -> "Bring Your Own Nodes" (BYON) Example
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] brooklyn-docs pull request #98: Improve location docs
Posted by drigodwin <gi...@git.apache.org>.
Github user drigodwin commented on a diff in the pull request:
https://github.com/apache/brooklyn-docs/pull/98#discussion_r73148373
--- Diff: guide/ops/locations/_AWS.md ---
@@ -111,3 +125,15 @@ You can then deploy blueprints to the subnet, allowing VPC hardware instance typ
by specifying the subnet ID as the `networkName` in your YAML blueprint.
This is covered in the previous section, "Using Subnets".
+
+### Tidying up after jclouds
+
+Security groups are not always deleted by jclouds. This is due to a limitation in AWS (see
+https://issues.apache.org/jira/browse/JCLOUDS-207). In brief, AWS prevents the security group
+being deleted until there are no VMs using it. However, there is eventual consistency for
+recording which VMs still reference those security groups: after deleting the VM, it can sometimes
+take several minutes before the security group can be deleted. jclouds retries for 3 seconds, but
+does not block for longer.
+
+There is utility written by Cloudsoft for deleting these unused resources:
+http://www.cloudsoftcorp.com/blog/2013/03/tidying-up-after-jclouds.
--- End diff --
This URL is no longer valid
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---