Introduction
Cloud is a set of modules to enable Cloud orchestration: A Drupal-based Cloud dashboard for AWS, Kubernetes, OpenStack, VMware and Terraform Cloud as a one-stop portal to manage multiple cloud service providers.
Requirements
- PHP
8.0
or higher (128 MB
memory or higher) - MySQL
5.7
or higher OR MariaDB10.3
or higher - Drupal
9.5
or higher - Cloud
6.x
- This branch includes support for AWS, Kubernetes, OpenStack, VMware and Terraform Cloud
- Future support includes GCP and MS Azure
Limitations
-
The
aws_cloud
module does not support Classic EC2 instances (Non-VPC).Note: Classic instances (Non-VPC) are available for AWS accounts created before 2013-12-03.
aws_cloud
module is only tested for EC2-VPC instances.See also:
Installation
-
There are the following options to install
cloud
module as a Cloud Orchestrator distribution:- Use PHP composer:
composer create-project docomoinnovations/cloud_orchestrator cloud_orchestrator
- Launch Cloud Cloud Orchestrator
6.x-dev
from AWS Marketplace - Launch an Amazon EC2 instance of Cloud Orchestrator using AWS CloudFormation Template
- Download the module directly to an existing Drupal installation
- Use PHP composer:
Configuration
IAM Policy (AWS)
- Before you create a new AWS Cloud service provider, you may want to
configure IAM Policy as follows:
- Mandatory IAM policy for creating an AWS Cloud service provider
are:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Mandatory", "Effect": "Allow", "Action": [ "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeCarrierGateways", "ec2:DescribeFlowLogs", "ec2:DescribeImageAttribute", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeTransitGateways", "ec2:DescribeVolumes", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "iam:ListInstanceProfiles" ], "Resource": "*" } ] }
- Optional IAM policy for creating an AWS Cloud service provider are:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Optional", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateKeyPair", "ec2:CreateLaunchTemplate", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:GetConsoleOutput", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*" } ] }
- The resource field should limit to the AWS account number and target
resource e.g.
"Resource": "arn:aws:ec2:*:049876562615:key-pair/*"
. - See also: Example policies for working in the Amazon EC2 console
- Mandatory IAM policy for creating an AWS Cloud service provider
are:
Basic Setup (AWS)
-
Add a new AWS Cloud service provider based on your needs. Go to
Structure
>Cloud service providers
and click+ Add cloud service provider
for AWS Cloud -
Enter all required configuration parameters. The system will automatically set up all regions from your AWS account. There are three options for specifying AWS credentials:
-
Instance credentials - If cloud module is running on an EC2 instance and the EC2 instance has an IAM role attached, you have the option to check
Use Instance Credentials
. Doing so is secure and does not requireAccess key ID
andSecret access key
to be entered into Drupal. Please refer to this AWS tutorial about IAM role and EC2 Instance: -
Simple access - Specify
Access key ID
andSecret access key
to access a particular account's EC2 instances. -
Assume role - Specify
Access key ID
,Secret access key
and theAssume role
section. With this combination, thecloud
module can assume the role of another AWS account and access their EC2 instances. To learn more about setting up assume role setup, please read this AWS tutorial:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html
-
-
Run cron to update your specific Cloud region.
-
Use the links under
Cloud service providers
>[Cloud service provider]
to manage your Amazon EC2 entities. -
Import Images using the tab:
Cloud service providers
>[Cloud service provider]
|Images
- Click on
+ Import AWS Cloud image
- Search for images by AMI name. For example, to import
Anaconda
images based on Ubuntu, type inanaconda*ubuntu*
. Use the AWS Console onaws.amazon.com
to search for images to import
- Click on
-
Import
orAdd AWS Cloud key pair
. The key pair is used to log into any system you launch. Use the links under the tab:Cloud service providers
>[Cloud service provider]
|Key pair
- Use the
+ Import AWS Cloud key pair
button to import an existing key pair. You will be uploading your public key. - Use
+ Add AWS Cloud key pair
to have AWS generate a new private key. You will be prompted to download the key after it is created.
- Use the
-
Setup
Security groups
,Network interfaces
as needed.
Launching Instance
- Create a launch template under
Design
>Launch template
>[Cloud service provider]
- After creating a template, change the workflow status to
Approved
. - Click the
Launch
tab to launch it.
Permissions
- Configure permissions per your requirements.
Module Structure
cloud
is the heart of modules of the Cloud
and Cloud service provider
packages.
cloud
`-- modules
|-- cloud_budget
|-- cloud_cluster_worker
|-- cloud_dashboard
|-- cloud_service_providers
| |-- aws_cloud
| |-- cloud_cluster
| |-- docker
| |-- k8s
| |-- openstack
| |-- terraform
| `-- vmware
|-- gapps
`-- tools
|-- k8s_to_s3
`-- s3_to_k8s
Known Issues
- When adding a Metrics Server enabled Kubernetes cluster, the metrics
importing operation can potentially take a long time to complete.
During this process, there might be database corruption if the
aws_cloud
module is enabled. - As a workaround, enable
aws_cloud
when the server is idle and not processing anAdd cloud service provider
for Kubernetes operation.
License
Cloud Orchestrator is released under the terms of the GPLv2 license.
Maintainers
-
yas
(https://drupal.org/u/yas) -
baldwinlouie
(https://www.drupal.org/u/baldwinlouie) -
Kumiko Ono (kumikoono)
(https://www.drupal.org/u/kumikoono) -
Masami Suzuki (Masami)
(https://www.drupal.org/u/Masami) -
Ryo Yamashita
(https://www.drupal.org/u/ryo-yamashita) -
Takumaru Sekine (sekinet)
(https://www.drupal.org/u/sekinet) -
Xiaohua Guan
(https://www.drupal.org/u/xiaohua-guan)