Configuring AWS for OSM Release TWO

From OSM Public Wiki
Jump to: navigation, search

Configure AWS for OSM

1. Get AWS_ACCESS_KEY_ID and AWS_SECRET_KEY for your AWS account (https://aws.amazon.com/)

AWS User-ID/Secret-key will be required at the time of creation of the data-center. These credentials need not to be updated after creation of the data-center.

2. Create/get key-pairs from your AWS management console. These key-pairs will be required later at point of deployment of NS

SSH key-pairs need to be specified in the VNF descriptors. This updation can be done via openmano CLI as well as OSM dashboard. SSH key-pars can only be created using the AWS mgmt console. OSM will get updated of any changes that occur in AWS console. OSM user is required to keep record of these key-pairs, for use in later cases.

3. Create a management network using AWS management console. If user doesn't specify any default mgmt interface OSM will create a default network that will be used for managing AWS instances.

Once the NS is deployed it will require a management interface (subnet) to apply configurations on the instances. User can manually create this mgmt interface using AWS console or leave it for OSM connector. The procedure of creating the interface from AWS is to create a subnet by specifying the appropriate CIDR block. This subnet is required to have DHCP enabled. AWS being a public cloud is accessible from OSM. The network is used by the VCA for configuring the VNFs once they are running.

4. Create a valid user

Default user in AWS has the rights to perform all operations of AWS instances, subnets, VPCs, key-pairs, etc. In case, you want to create a secondary user with limited set of rights, you can use AWS mgmt console. NOTE: Each user in AWS has a separate access-Key/secret-key which must be kept secure else new credentials must be generated. The preferred way is to create a user and assign it the role "admin". Another option is ensure that the user has all the rights required to operate in AWS environment.

5. Find and Select images

AWS has a repository of several images available to be used for instances. In case you require to create a custom image, you can use AWS console and create your own images. In case you decide to use a pre-built image you'll need to specify full mage path in VNF descriptor.

Instructions on how to convert qemu (.qcow2) images to run on AWS can be found on the web, e.g., here:Import qcow2 images into AWS

6. Security group

AWS provides a default security_group defining a set of rules that allow connection access to the instances that have this security_group. In case, you require a new security_group you can create a new group defining the conditions that are required by your use case.

Default security_group doesn't allow user to SSH into the instances. This behavior is not recommended by OSM, as VCA requires a path to interact with instances. Hence, it is recommended that you create a new group that contains the rules/conditions required to SSH into the instances deployed by this NS. You can also modify the default security group to allow TCP port 22 or, however, creation of a custom security_group is recommended.

Add AWS to OSM

To specify general guidelines at datacenter creation/association --config parameter is used. This information is communicated to openmano tenant.

openmano datacenter-create aws-site https://aws.amazon.com --type aws --description "AWS Site" --config '{region_name: us-west-2}' 
openmano datacenter-attach aws-site --user=AWS_USER_SECRET_KEY --password=AWS_USER_SECRET_ACCESS_KEY --vim-tenant-name=admin

The following configuration can be added:

  • region_name: Region to be used for the deployment
  • vpc_cidr_block: Default CIDR block for VPC
  • security_groups: Default security group for newly created instances

ADVANCED configuration:

  • key_pair: Key_pair specified here will be used default key_pair for newly created instances
  • flavor_info: AWS doesn't provide a mechanism to extract information regarding supported flavors. In order to get flavor information, user must specify a YAML file with the path such as: "@/usr/data/flavour_info.yaml" or user can specify a dictionary containing details of flavors to be used.

For specification of flavor info at time of datacenter creation use a parameter at --config called e.g. flavor_info: <content>. The content can be a dictionary or a string starting with '@' that contains the YAML file. Following are the 2 ways described above:

openmano datacenter-create aws-site https://aws.amazon.com --type aws --description "AWS Site" --config='{region_name: us-west-2, flavor_info: {m1.tiny: {cpus: 1, disk: 2, ram: 512}, m1.small: {cpus: 2, disk: 10, ram: 1024}, ...}}'
openmano datacenter-create aws-site https://aws.amazon.com --type aws --description "AWS Site" --config='{region_name: us-west-2, flavor_info: "@/home/user/aws/flavor_info.yaml", ...}}'

NOTE: Details on AWS flavors/instance types can be found at Amazon Web Services docs (https://aws.amazon.com/ec2/instance-types/). Flavors/instance types in AWS vary depending on the region of AWS account. Above mentioned link provides detials on all possible insatcne types. However to get details on the instance types available for your region, use your AWS management console.