Configuring AWS

From OSM Public Wiki
Jump to: navigation, search

Configure AWS for OSM

1. Get AWS_ACCESS_KEY_ID and AWS_SECRET_KEY for your AWS account (https://aws.amazon.com/)

AWS User-ID/Secret-key will be required at the time of creation of the data-center. These credentials need not to be updated after creation of the data-center.

2. Create/get key-pairs from your AWS management console. These key-pairs will be required later at point of deployment of NS

SSH key-pairs need to be specified in the VNF descriptors. This updation can be done via openmano CLI as well as OSM dashboard. SSH key-pars can only be created using the AWS mgmt console. OSM will get updated of any changes that occur in AWS console. OSM user is required to keep record of these key-pairs, for use in later cases.

3. Create a management network using AWS management console. If user doesn't specify any default mgmt interface OSM will create a default network that will be used for managing AWS instances.

Once the NS is deployed it will require a management interface (subnet) to apply configurations on the instances. User can manually create this mgmt interface using AWS console or leave it for OSM connector. The procedure of creating the interface from AWS is to create a subnet by specifying the appropriate CIDR block. This subnet is required to have DHCP enabled. AWS being a public cloud is accessible from OSM. The network is used by the VCA for configuring the VNFs once they are running.

4. Create a valid user

Default user in AWS has the rights to perform all operations of AWS instances, subnets, VPCs, key-pairs, etc. In case, you want to create a secondary user with limited set of rights, you can use AWS mgmt console. NOTE: Each user in AWS has a separate access-Key/secret-key which must be kept secure else new credentials must be generated. The preferred way is to create a user and assign it the role "admin". Another option is ensure that the user has all the rights required to operate in AWS environment.

5. Find and Select images

AWS has a repository of several images available to be used for instances. In case you require to create a custom image, you can use AWS console and create your own images. In case you decide to use a pre-built image you'll need to specify full mage path in VNF descriptor.

6. Security group

AWS provides a default security_group defining a set of rules that allow connection access to the instances that have this security_group. In case, you require a new security_group you can create a new group defining the conditions that are required by your use case.

Default security_group doesn't allow user to SSH into the instances. This behavior is not recommended by OSM, as VCA requires a path to interact with instances. Hence, it is recommended that you create a new group that contains the rules/conditions required to SSH into the instances deployed by this NS. You can also modify the default security group to allow TCP port 22 or, however, creation of a custom security_group is recommended.

Add AWS to OSM

To specify general guidelines at datacenter creation/association --config parameter is used:

osm vim-create —name aws-site —account_type aws \
   —auth_url https://aws.amazon.com \
   —user MyUser —password MyPassword —tenant admin \
   —description "AWS site, with your user" \
   —config '{region_name: eu-central-1, flavor_info: "{t2.nano: {cpus: 1, disk: 100, ram: 512}, t2.micro: {cpus: 1, disk: 100, ram: 1024}, t2.small: {cpus: 1, disk: 100, ram: 2048}}"}'

The following configuration can be added:

  • management_network_id, management_network_name: VIM management network id/name to use for the management VLD of NS descriptors. By default it uses same vim network name as VLD name. It can be set also at instantiation time.* region_name: Region to be used for the deployment
  • vpc_cidr_block: Default CIDR block for VPC
  • security_groups: Default security group for newly created instances

ADVANCED configuration:

  • key_pair: Key_pair specified here will be used default key_pair for newly created instances
  • flavor_info: AWS doesn't provide a mechanism to extract information regarding supported flavors. In order to get flavor information, user must specify a YAML file with the path such as: "@/usr/data/flavour_info.yaml" or user can specify a dictionary containing details of flavors to be used.

For specification of flavor info at time of datacenter creation use a parameter at --config called e.g. flavor_info: <content>. The content must be a string. It can be a file starting with '@' that contains the info in YAML format, or directly the yaml content.

NOTE: Details on AWS flavors/instance types can be found at Amazon Web Services docs (https://aws.amazon.com/ec2/instance-types/). Flavors/instance types in AWS vary depending on the region of AWS account. Above mentioned link provides details on all possible instance types. However to get details on the instance types available for your region, use your AWS management console.