Newer
Older
Yas Naoi
committed
Introduction
============
Yas Naoi
committed
Cloud is a set of modules to enable Cloud orchestration: A Drupal-based
Cloud dashboard for _AWS_, _Kubernetes_, _OpenStack_, _VMware_ and _Terraform
Cloud_ as a one stop portal to manage multiple cloud service providers.
Yas Naoi
committed
Requirements
============
Yas Naoi
committed
- PHP `8.0` or higher (`128 MB` memory or higher)
- MySQL `5.7` or higher _OR_ MariaDB `10.3` or higher
- Drupal `9.3` or higher
Yas Naoi
committed
- Cloud `4.x`
- This branch includes support for _AWS_, _Kubernetes_, _OpenStack_,
_VMware_ and _Terraform Cloud_
- Future support includes _GCP_ and _MS Azure_
Yas Naoi
committed
Limitations
===========
Yas Naoi
committed
- The `aws_cloud` module does **not** support *Classic EC2 instances*
(_Non-VPC_).
Yas Naoi
committed
Yas Naoi
committed
**Note:** Classic instances (_Non-VPC_) are available for AWS accounts
created before *2013-12-03*.
`aws_cloud` module is only tested for _EC2-VPC_ instances.
Yas Naoi
committed
See also:
- [Default VPC and Default Subnets](
https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html
)
- [Discussion Forums: Launch a NON-VPC EC2 instance?](
Yas Naoi
committed
https://forums.aws.amazon.com/thread.jspa?threadID=182773
)
Yas Naoi
committed
Installation
============
Yas Naoi
committed
- There are the following options to install `cloud` module as a [Cloud
Orchestrator](https://www.drupal.org/project/cloud_orchestrator) distribution:
1. Use PHP composer: `composer create-project
docomoinnovations/cloud_orchestrator cloud_orchestrator`
2. Launch Cloud [Cloud Orchestrator](
https://www.drupal.org/project/cloud_orchestrator
) `4.x` from [AWS Marketplace](
https://aws.amazon.com/marketplace/pp/B08PN2Z6X6?ref_=srh_res_product_title
)
3. Launch an Amazon EC2 instance of Cloud Orchestrator using
[AWS CloudFormation Template](
https://cloud-orchestrator.s3.amazonaws.com/cfn/cloud_orchestrator_single.yaml
)
4. [Download the module](
https://www.drupal.org/project/cloud
) directly to an existing Drupal installation
git
committed
Yas Naoi
committed
Configuration
=============
Yas Naoi
committed
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
IAM Policy (AWS)
----------------
- Before you create a new _AWS Cloud service provider_, you may want to
configure _IAM Policy_ as follows:
- Mandatory _IAM policy_ for creating an _AWS Cloud service provider_
are:
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Mandatory",
"Effect": "Allow",
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeIamInstanceProfileAssociations",
"ec2:DescribeCarrierGateways",
"ec2:DescribeFlowLogs",
"ec2:DescribeImageAttribute",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"iam:ListInstanceProfiles"
],
"Resource": "*"
}
]
}
```
- Optional _IAM policy_ for creating an _AWS Cloud service provider_ are:
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Optional",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateKeyPair",
"ec2:CreateLaunchTemplate",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:GetConsoleOutput",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": "*"
}
]
}
```
- The resource field should limit to the AWS account number and target
resource e.g. `"Resource": "arn:aws:ec2:*:049876562615:key-pair/*"`.
- See also: [Example policies for working in the Amazon EC2 console](
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-ec2-console.html
)
Basic Setup (AWS)
-----------------
Yas Naoi
committed
Tamaki Fujino
committed
1. Add a new _AWS Cloud service provider_ based on your needs.
Yas Naoi
committed
Go to `Structure` > `Cloud service providers` and click
`+ Add cloud service provider` for _AWS Cloud_
2. Enter all required configuration parameters. The system will automatically
setup all regions from your AWS account. There are three options for
specifying AWS credentials:
baldwinlouie
committed
Yas Naoi
committed
1. Instance credentials - If cloud module is running on an EC2 instance and
the EC2 instance has an IAM role attached, you have the option to check
`Use Instance Credentials`. Doing so is secure and does not require
`Access Key ID` and `Secret Access Key` to be entered into Drupal.
Please refer to this AWS tutorial about IAM role and EC2 Instance:
baldwinlouie
committed
Yas Naoi
committed
https://aws.amazon.com/blogs/security/easily-replace-or-attach-an-iam-role-to-an-existing-ec2-instance-by-using-the-ec2-console/
baldwinlouie
committed
Yas Naoi
committed
2. Simple access - Specify `Access Key ID` and `Secret Access Key` to access
a particular account's EC2 instances.
Yas Naoi
committed
3. Assume role - Specify `Access Key ID`, `Secret Access Key` and the
`Assume Role` section. With this combination, the `cloud` module can
assume the role of another AWS account and access their EC2 instances.
To learn more about setting up assume role setup, please read this AWS
tutorial:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html
baldwinlouie
committed
3. Run cron to update your specific Cloud region.
4. Use the links under `Cloud service providers` > `[Cloud service provider]`
to manage your Amazon EC2 entities.
5. Import Images using the tab:
`Cloud service providers` > `[Cloud service provider]` | `Images`
Tamaki Fujino
committed
- Click on `+ Import AWS Cloud image`
- Search for images by AMI name. For example, to import `Anaconda` images
based on Ubuntu, type in `anaconda*ubuntu*`.
Use the AWS Console on `aws.amazon.com` to search for images to import
Tamaki Fujino
committed
6. `Import` or `Add AWS Cloud key pair`. The key pair is used to log into any
system you launch. Use the links under the tab:
Tamaki Fujino
committed
`Cloud service providers` > `[Cloud service provider]` | `Key pair`
- Use the `+ Import AWS Cloud key pair` button to import an existing key
pair. You will be uploading your public key.
Tamaki Fujino
committed
- Use `+ Add AWS Cloud key pair` to have AWS generate a new private key.
You will be prompted to download the key after it is created.
Tamaki Fujino
committed
7. Setup `Security groups`, `Network interfaces` as needed.
Launching Instance
------------------
1. Create a launch template under
`Design` > `Launch template` > `[Cloud service provider]`
Yas Naoi
committed
2. After creating a template, change the workflow status to `Approved`.
3. Click the `Launch` tab to launch it.
Yas Naoi
committed
Permissions
Yas Naoi
committed
-----------
Yas Naoi
committed
- Configure permissions per your requirements.
- [The detail about permissions is here.](
Yas Naoi
committed
https://www.drupal.org/docs/8/modules/cloud/configuration
)
Module Structure
================
`cloud` is the heart of modules of the `Cloud` and `Cloud service provider`
packages.
Yas Naoi
committed
cloud
`-- modules
|-- cloud_budget
|-- cloud_cluster_worker
|-- cloud_service_providers
| |-- aws_cloud
| |-- cloud_cluster
| |-- docker
| |-- k8s
| |-- openstack
| |-- terraform
| `-- vmware
|-- gapps
`-- tools
|-- k8s_to_s3
`-- s3_to_k8s
Yas Naoi
committed
baldwinlouie
committed
Known Issues
============
Yas Naoi
committed
- When adding a Metrics Server enabled Kubernetes cluster, the metrics
importing operation can potentially take a long time to complete.
During this process, there might be database corruption if the `aws_cloud`
module is enabled.
- As a workaround, enable `aws_cloud` when the server is idle and not processing
Tamaki Fujino
committed
an `Add cloud service provider` for _Kubernetes_ operation.
Yas Naoi
committed
- `504 Gateway timeout` occurs while adding an _AWS Cloud service provider_
with all AWS regions.
- `504 Gateway timeout` occurs while adding a _K8s cloud service provider_ on
GCP.
Maintainers
===========
- `yas` (https://drupal.org/u/yas)
- `baldwinlouie` (https://www.drupal.org/u/baldwinlouie)
Yas Naoi
committed
- `Hiroki Moriya` (https://www.drupal.org/u/hiroki-moriya)
- `Kumiko Ono (kumikoono)` (https://www.drupal.org/u/kumikoono)
- `Lidia Matei (XLD)` (https://www.drupal.org/u/xld)
- `Masami Suzuki (Masami)` (https://www.drupal.org/u/Masami)
- `Ryo Yamashita` (https://www.drupal.org/u/ryo-yamashita)
- `Takumaru Sekine (sekinet)` (https://www.drupal.org/u/sekinet)
- `Tamaki Fujino (TamakiFujino)` (https://www.drupal.org/u/tamakifujino)
- `Tomohiro Ono (onotm)` (https://www.drupal.org/u/onotm)
- `Xiaohua Guan` (https://www.drupal.org/u/xiaohua-guan)
- `Yutong Li (yutong.li)` (https://www.drupal.org/u/yutongli)