Using CoreOS on vCloud Air OnDemand
This is a repost fromPaco Gómez’s personal blog.
CoreOSis a popular Linux distribution for applications that useDocker Containers. The following article describes the steps to install CoreOS on VMwarevCloud® Air™ OnDemand. The use ofvCloud Air Command Line Interfacemakes the process easier to document and more convenient to follow.
The guide assumes the following pre-requisites:
- An account onvCloud Air OnDemand, with a virtual data center created in one of the available instances (you can sign up and get $300 credit)
- vCloud Air Command Line Interface, vca-cli (version 0.9.1)
- ovftool
We are using a vCloud Air OnDemand account, but these instructions can also be applied to subscription-based vCloud Air accounts and to vCloud Air Network (vCloud Director), with some modifications on how to login to the service. In the next blog post I will describe how to use vca-cli to login to those other types of accounts.
In a nutshell, the process consists of the following steps:
- Download the CoreOS OVA to the local computer and upload it to vCloud Air as a template
- Create a CoreOS VM based on the template
- Customize a local cloud-config file, create an ISO file and upload it to vCloud Air
- Attach the ISO to the VM, boot it up and let CoreOS configure itself
- Configure the edge gateway to allow SSH access to the CoreOS VM
The transfer of the OVA template is a one-time operation. The template can be used to instantiate multiple VMs.
To install vca-cli version 0.9.1, run the command below. Please note that the documentation for this release (0.9.1) has not been updated yet. The documentation on the GitHub site is for the previous version (0.5).
pip install vca-cli==0.9.1
Log into the vCloud Air account and list the instances available:
vca login email@company.com --password supersecretpasswordvca instanceAvailable instances for user 'email@company.com' in 'default' profile:| Instance Id | Region | Plan Id ||--------------------------------------+-----------------------------------+--------------------------------------|| fbf278f0-065d-4028-96d4-6ece56789751 | us-virginia-1-4.vchs.vmware.com | feda2919-32cb-4efd-a4e5-c5953733df33 || c40ba6b4-c158-49fb-b164-5c66f90344fa | us-california-1-3.vchs.vmware.com | 41400e74-4445-49ef-90a4-98da4ccfb16c || 7d275413-bc0b-4bbf-8c7b-b9522777beec | uk-slough-1-6.vchs.vmware.com | 62155213-e5fc-448d-a46a-770c57c5dd31 |
Log in again to vCloud Air, this time indicating the instance where the virtual data center is located, in my case is the instance in ‘us-california-1-3…’ region:
vca login email@company.com --password supersecretpassword --instance c40ba6b4-c158-49fb-b164-5c66f90344fa
It might come in handy to create an alias for the login command, in case the authentication token expires.
alias vcalogin='vca login email@company.com --password supersecretpassword --instance c40ba6b4-c158-49fb-b164-5c66f90344fa'
At this point you can explore the organization and virtual data center:
vca orgAvailable Organizations for 'default' profile:| Instance Id | Region | Organization Id | Selected ||--------------------------------------+-----------------------------------+--------------------------------------+------------|| c40ba6b4-c158-49fb-b164-5c66f90344fa | us-california-1-3.vchs.vmware.com | a6545fcb-d68a-489f-afff-2ea055104cc1 | * | vca vdcAvailable Virtual Data Centers for 'default' profile:| Virtual Data Center | Selected ||-----------------------+------------|| VDC1 | || VDC2 | |vca vdc use --vdc VDC1Using vdc 'VDC1' in profile 'default'Virtual Data Center 'VDC1' for 'default' profile; details:| Type | Name ||--------------+------------------------|| edge gateway | gateway || network | default-routed-network |Compute capacity:| Resource | Allocated | Limit | Reserved | Used | Overhead ||-------------+-------------+---------+------------+--------+------------|| CPU (MHz) | 0 | 130000 | 0 | 5200 | 0 || Memory (MB) | 0 | 102400 | 0 | 1024 | 123 | Edge Gateways:| Name | External IPs | DHCP Service | Firewall Service | NAT Service | Internal Networks ||---------+--------------+----------------+--------------------+---------------+----------------------------|| gateway | [] | Off | On | Off | ['default-routed-network'] |
Thestatuscommand gives the URL of the vCloud Director instance that is required to upload the OVA template and ISO image:
vca statusStatus:| Property | Value ||-----------------+------------------------------------------------------|| gateway | || host | http://vmw.re/1DYFHVV || instance | c40ba6b4-c158-49fb-b164-5c66f90344fa || org | || org_url | http://vmw.re/1DYFIc9.. || service | || service_type | ondemand || service_version | 5.7 || session | active || session_token | 637c23fc3aa84785b072e5233ad705e4 || token | eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJmMmRjZmQ2Ny1jOTMxL.. || user | email@company.com || vdc | VDC1 |
First, download the OVA to the local disk. The CoreOS OVA template comes withopen-vm-toolsinstalled.
wget http://bit.ly/1DYFK41
Then, upload it to vCloud Air using ovftool, using the URL from thestatuscommand and the org id from thevca orgcommand:
ovftool coreos_production_vmware_ova.ova \ "http://vcloudemail@company.com:supersecretpassword@us-california-1-3.vchs.vmware.com:?org=a6545fcb-d68a-489f-afff-2ea055104cc1&vdc=VDC1&catalog=default-catalog&vappTemplate=coreos_template"
Next step is to create the VM and connect it to the network. We are not starting the VM just yet, but we’ll take note of the IP assigned to the VM.
vca vapp create --vapp coreos1 --template coreos_template --catalog default-catalog --network default-routed-network --mode POOLvca vmAvailable VMs in 'VDC1' for 'default' profile:| VM | vApp | Status | IPs | Networks | vCPUs | Memory (GB) | CD/DVD | OS | Owner ||------------------------------+---------+----------- -+-------------------+----------------------------+---------+---------------+--------+----------------------------+-------------------|| coreos_production_vmware_ova | coreos1 | Powered off | ['192.168.109.2'] | ['default-routed-network'] | 2 | 1 | [] | Other 2.6.x Linux (64-bit) | email@company.com |
The IP address is used in thecreateiso.shscript to generate thecloud-configISO that the CoreOS will use to configure itself. Thanks to William Lam for providing theoriginal script. I have modified it to have CoreOS configure the static IP assigned by vCloud Air. It can be customized to configure additionalservices and settings.
Modify the file based on your preferences. At the very least, make sure to specify the IP address and the public ssh key:
# IP Address of CoreOS InstanceCORE_OS_IP_ADDRESS=192.168.109.2CORE_OS_AUTHORIZED_KEYS='AAAAB3NzaC1yc2EAAAADAQAB....'
Then create the ISO file and upload it to vCloud Air:
./createiso.shovftool --sourceType='ISO' coreos1-config.iso \ "http://vcloudemail@company.com:supersecretpassword@us-california-1-3.vchs.vmware.com:?org=a6545fcb-d68a-489f-afff-2ea055104cc1&vdc=VDC1&catalog=default-catalog&media=coreos1-config.iso"
Attach the ISO to the VM and boot it up:
vca vapp insert --vapp coreos1 --vm coreos_production_vmware_ova --catalog default-catalog --media coreos1-config.isovca vapp power.on --vapp coreos1
It is required to reboot the VM to activate the changes:
sleep 25vca vapp power.off --vapp coreos1vca vapp power.on --vapp coreos1
The final step is to configure the gateway to be able to ssh into the VM. If you haven’t added a public IP address to the virtual data center, you can do it now. Thevca gatewaycommand will show the allocated IP.
vca gatewayEdge Gateways:| Name | External IPs | DHCP Service | Firewall Service | NAT Service | Internal Networks ||---------+--------------------+----------------+--------------------+---------------+----------------------------|| gateway | ['107.189.93.162'] | Off | On | On | ['default-routed-network'] |
Then, disable the firewall and create the corresponding NAT rules. On another post, I will explain how to configure firewall rules with vca-cli.
vca firewall disablevca nat add --rule_type DNAT --original_ip 107.189.93.162 --original_port 22 --translated_ip 192.168.109.2 --translated_port 22 --protocol tcpvca nat add --rule_type SNAT --original_ip 192.168.109.0/24 --translated_ip 107.189.93.162vca nat| Rule ID | Enabled | Type | Original IP | Original Port | Translated IP | Translated Port | Protocol | Applied On ||-----------+-----------+--------+------------------+-----------------+-----------------+-------------------+------------+--------------|| 65538 | True | SNAT | 192.168.109.0/24 | any | 107.189.93.162 | any | any | d2p3v29-ext || 65539 | True | DNAT | 107.189.93.162 | 22 | 192.168.109.2 | 22 | tcp | d2p3v29-ext |
The VM is now ready to accept ssh connections. Log into the machine with the private key:
ssh -i id_rsa_coreos vcauser@107.189.93.162
Summary
vCloud Air provides a feature-rich cloud service with advanced virtual data center options. This guide will help CoreOS users to quickly deploy servers on vCloud Air and customize the instances using the nativecloud-configmechanism.
For more information about vCloud Air, visitvcloud.vmware.com.
Be sure to subscribe to thethe vCloud blogwith your favorite RSS reader, or follow our social channels at@http://bit.ly/1nVl0GQ the latest updates.
from VMware Blogs http://bit.ly/1APAulA