Provisioning cloud instances on Amazon EC2
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides public cloud compute resources. Using orcharhino, you can interact with Amazon EC2’s public API to create cloud instances and control their power management states. Use the procedures in this chapter to add a connection to an Amazon EC2 account and provision a cloud instance.
Prerequisites for Amazon EC2 provisioning
The requirements for Amazon EC2 provisioning include:
- 
A orcharhino Proxy Server managing a network in your EC2 environment. Use a Virtual Private Cloud (VPC) to ensure a secure network between the hosts and orcharhino Proxy Server. 
- 
An Amazon Machine Image (AMI) for image-based provisioning. 
- 
Provide the installation medium for the operating systems that you want to use to provision hosts. For more information, see Syncing Repositories in Managing Content. 
- 
Provide an activation key for host registration. For more information, see Creating An Activation Key in Managing Content. 
Installing Amazon EC2 plugin
Install the Amazon EC2 plugin to attach an EC2 compute resource provider to orcharhino. This allows you to manage and deploy hosts to EC2.
- 
Install the EC2 compute resource provider on your orcharhino Server: $ orcharhino-installer --enable-foreman-compute-ec2
- 
Optional: In the orcharhino management UI, navigate to Administer > About and select the compute resources tab to verify the installation of the Amazon EC2 plugin. 
Using an HTTP proxy to communicate with Amazon EC2
If your Amazon EC2 requires an HTTP proxy to communicate with orcharhino, you have to setup and select the HTTP proxy in orcharhino. If you have configured an HTTP proxy for orcharhino in Administer > Settings, it takes precedence over the HTTP proxy for your compute resource.
- 
To add an HTTP proxy to orcharhino, see Adding an HTTP proxy in Managing Content. 
Adding an Amazon EC2 connection to the orcharhino Server
Use this procedure to add the Amazon EC2 connection in orcharhino Server’s compute resources. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
- 
An AWS EC2 user performing this procedure needs the AmazonEC2FullAccesspermissions. You can attach these permissions from AWS.
Amazon Web Services uses time settings as part of the authentication process.
Ensure that orcharhino Server’s time is correctly synchronized.
Ensure that an NTP service, such as ntpd or chronyd, is running properly on orcharhino Server.
Failure to provide the correct time to Amazon Web Services can lead to authentication failures.
- 
In the orcharhino management UI, navigate to Infrastructure > Compute Resources and in the Compute Resources window, click Create Compute Resource. 
- 
In the Name field, enter a name to identify the Amazon EC2 compute resource. 
- 
From the Provider list, select EC2. 
- 
In the Description field, enter information that helps distinguish the resource for future use. 
- 
Optional: From the HTTP proxy list, select an HTTP proxy to connect to external API services. You must add HTTP proxies to orcharhino before you can select an HTTP proxy from this list. For more information, see Using an HTTP proxy to communicate with Amazon EC2. 
- 
In the Access Key and Secret Key fields, enter the access keys for your Amazon EC2 account. For more information, see Managing Access Keys for your AWS Account on the Amazon documentation website. 
- 
Optional: Click Load Regions to populate the Regions list. 
- 
From the Region list, select the Amazon EC2 region or data center to use. 
- 
Click the Locations tab and ensure that the location you want to use is selected, or add a different location. 
- 
Click the Organizations tab and ensure that the organization you want to use is selected, or add a different organization. 
- 
Click Submit to save the Amazon EC2 connection. 
- 
Select the new compute resource and then click the SSH keys tab, and click Download to save a copy of the SSH keys to use for SSH authentication. If you require SSH keys at a later stage, follow the procedure in Connecting to an Amazon EC2 instance using SSH. 
- 
Create the connection with the hammer compute-resource createcommand. Use--userand--passwordoptions to add the access key and secret key respectively.$ hammer compute-resource create \ --description "Amazon EC2 Public Cloud` \ --locations "My_Location" \ --name "My_EC2_Compute_Resource" \ --organizations "My_Organization" \ --password "My_Secret_Key" \ --provider "EC2" \ --region "My_Region" \ --user "My_User_Name"
Creating an image for Amazon EC2
You can create images for Amazon EC2 from within orcharhino.
- 
In the orcharhino management UI, navigate to Infrastructure > Compute Resources. 
- 
Select your Amazon EC2 provider. 
- 
Click Create Image. - 
In the Name field, enter a meaningful and unique name for your EC2 image. 
- 
From the Operating System list, select an operating system to associate with the image. 
- 
From the Architecture list, select an architecture to associate with the image. 
- 
In the Username field, enter the username needed to SSH into the machine. 
- 
In the Image ID field, enter the image ID provided by Amazon or an operating system vendor. You can find the ID within Amazon AWS or on operating system specific pages such as debian.org or ubuntu.com. 
- 
Optional: Select the User Data check box to enable support for user data input. 
- 
Optional: Set an Iam Role for Fog to use when creating this image. 
- 
Click Submit to save your changes to orcharhino. 
 
- 
Adding Amazon EC2 images to orcharhino Server
Amazon EC2 uses image-based provisioning to create hosts. You must add image details to your orcharhino Server. This includes access details and image location.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
- 
In the orcharhino management UI, navigate to Infrastructure > Compute Resources and select an Amazon EC2 connection. 
- 
Click the Images tab, and then click Create Image. 
- 
In the Name field, enter a name to identify the image for future use. 
- 
From the Operating System list, select the operating system that corresponds with the image you want to add. 
- 
From the Architecture list, select the operating system’s architecture. 
- 
In the Username field, enter the SSH user name for image access. This is normally the rootuser.
- 
In the Password field, enter the SSH password for image access. 
- 
In the Image ID field, enter the Amazon Machine Image (AMI) ID for the image. This is usually in the following format: ami-xxxxxxxx.
- 
Optional: Select the User Data checkbox if the images support user data input, such as cloud-initdata. If you enable user data, the Finish scripts are automatically disabled. This also applies in reverse: if you enable the Finish scripts, this disables user data.
- 
Optional: In the IAM role field, enter the Amazon security role used for creating the image. 
- 
Click Submit to save the image details. 
- 
Create the image with the hammer compute-resource image createcommand. Use the--uuidfield to store the full path of the image location on the Amazon EC2 server.$ hammer compute-resource image create \ --architecture "My_Architecture" \ --compute-resource "My_EC2_Compute_Resource" \ --name "My_Amazon_EC2_Image" \ --operatingsystem "My_Operating_System" \ --user-data true \ --username root \ --uuid "ami-My_AMI_ID"
Adding Amazon EC2 details to a compute profile
You can add hardware settings for instances on Amazon EC2 to a compute profile.
- 
In the orcharhino management UI, navigate to Infrastructure > Compute Profiles and click the name of your profile, then click an EC2 connection. 
- 
From the Flavor list, select the hardware profile on EC2 to use for the host. 
- 
From the Image list, select the image to use for image-based provisioning. 
- 
From the Availability zone list, select the target cluster to use within the chosen EC2 region. 
- 
From the Subnet list, add the subnet for the EC2 instance. If you have a VPC for provisioning new hosts, use its subnet. 
- 
From the Security Groups list, select the cloud-based access rules for ports and IP addresses to apply to the host. 
- 
From the Managed IP list, select either a PublicIP or aPrivateIP.
- 
Click Submit to save the compute profile. 
- 
Set Amazon EC2 details to a compute profile: $ hammer compute-profile values create --compute-resource "My_Laptop" \ --compute-profile "My_Compute_Profile" \ --compute-attributes "flavor_id=1,availability_zone= My_Zone,subnet_id=1,security_group_ids=1,managed_ip=public_ip"
Creating image-based hosts on Amazon EC2
The Amazon EC2 provisioning process creates hosts from existing images on the Amazon EC2 server. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
- 
In the orcharhino management UI, navigate to Hosts > Create Host. 
- 
In the Name field, enter a name for the host. 
- 
Optional: Click the Organization tab and change the organization context to match your requirement. 
- 
Optional: Click the Location tab and change the location context to match your requirement. 
- 
From the Host Group list, select a host group that you want to assign your host to. That host group will populate the form. 
- 
From the Deploy on list, select the EC2 connection. 
- 
From the Compute Profile list, select a profile to use to automatically populate virtual machine-based settings. 
- 
Click the Interfaces tab, and on the interface of the host, click Edit. 
- 
Verify that the fields are populated with values. Note in particular: - 
orcharhino automatically assigns an IP address for the new host. 
- 
Ensure that the MAC address field is blank. Amazon EC2 assigns a MAC address to the host during provisioning. 
- 
The Name from the Host tab becomes the DNS name. 
- 
Ensure that orcharhino automatically selects the Managed, Primary, and Provision options for the first interface on the host. If not, select them. 
 
- 
- 
Click OK to save. To add another interface, click Add Interface. You can select only one interface for Provision and Primary. 
- 
Click the Operating System tab and confirm that all fields are populated with values. 
- 
Click the Virtual Machine tab and confirm that all fields are populated with values. 
- 
On the Parameters tab, click Add parameter. Add a parameter named kt_activation_keys, select the string type, and enter the name of the activation key as the value. The activation key has to belong to the same organization as your host. You can also enter a comma-separated list of multiple activation keys.
- 
Click Submit to save your changes. 
This new host entry triggers the Amazon EC2 server to create the instance, using the pre-existing image as a basis for the new volume.
- 
Create the host with the hammer host createcommand and include--provision-method imageto use image-based provisioning.$ hammer host create \ --compute-attributes="flavor_id=m1.small,image_id=TestImage,availability_zones=us-east-1a,security_group_ids=Default,managed_ip=Public" \ --compute-resource "My_EC2_Compute_Resource" \ --enabled true \ --hostgroup "My_Host_Group" \ --image "My_Amazon_EC2_Image" \ --interface "managed=true,primary=true,provision=true,subnet_id=EC2" \ --location "My_Location" \ --managed true \ --name "My_Host_Name_" \ --organization "My_Organization" \ --provision-method image
For more information about additional host creation parameters for this compute resource, enter the hammer host create --help command.
Connecting to an Amazon EC2 instance using SSH
You can connect remotely to an Amazon EC2 instance from orcharhino Server using SSH. However, to connect to any Amazon Web Services EC2 instance that you provision through orcharhino, you must first access the private key that is associated with the compute resource in the Foreman database, and use this key for authentication.
- 
To locate the compute resource list, on your orcharhino Server base system, enter the following command, and note the ID of the compute resource that you want to use: $ hammer compute-resource list 
- 
Connect to the Foreman database as the user postgres:$ su - postgres -c psql foreman
- 
Select the secret from key_pairswherecompute_resource_id = 3:$ select secret from key_pairs where compute_resource_id = 3; secret
- 
Copy the key from after -----BEGIN RSA PRIVATE KEY-----until-----END RSA PRIVATE KEY-----.
- 
Create a .pemfile and paste your key into the file:$ vim Keyname.pem
- 
Ensure that you restrict access to the .pemfile:$ chmod 600 Keyname.pem
- 
To connect to the Amazon EC2 instance, enter the following command: ssh -i Keyname.pem ec2-user@example.aws.com
Configuring a finish template for an Amazon Web Service EC2 environment
You can use orcharhino finish templates during the provisioning of Linux instances in an Amazon EC2 environment.
If you want to use a Finish template with SSH, orcharhino must reside within the EC2 environment and in the correct security group. orcharhino currently performs SSH finish provisioning directly, not using orcharhino Proxy Server. If orcharhino Server does not reside within EC2, the EC2 virtual machine reports an internal IP rather than the necessary external IP with which it can be reached.
- 
In the orcharhino management UI, navigate to Hosts > Templates > Provisioning Templates. 
- 
In the Provisioning Templates page, enter Kickstart default finishinto the search field and click Search.
- 
On the Kickstart default finish template, select Clone. 
- 
In the Name field, enter a unique name for the template. 
- 
In the template, prefix each command that requires root privileges with sudo, except foryumor equivalent commands, or add the following line to run the entire template as thesudouser:sudo -s << EOS _Template_ _Body_ EOS 
- 
Click the Association tab, and associate the template with a Amazon Linux operating system that you want to use. 
- 
Click the Locations tab, and add the the location where the host resides. 
- 
Click the Organizations tab, and add the organization that the host belongs to. 
- 
Make any additional customizations or changes that you require, then click Submit to save your template. 
- 
In the orcharhino management UI, navigate to Hosts > Operating systems and select the operating system that you want for your host. 
- 
Click the Templates tab, and from the Finish Template list, select your finish template. 
- 
In the orcharhino management UI, navigate to Hosts > Create Host. 
- 
In the Name field, enter a name for the host. 
- 
Optional: Click the Organization tab and change the organization context to match your requirement. 
- 
Optional: Click the Location tab and change the location context to match your requirement. 
- 
From the Host Group list, select a host group that you want to assign your host to. That host group will populate the form. 
- 
Click the Parameters tab and navigate to Host parameters. 
- 
In Host parameters, click Add Parameter two times to add two new parameter fields. Add the following parameters: - 
In the Name field, enter activation_keys. In the corresponding Value field, enter your activation key.
- 
In the Name field, enter remote_execution_ssh_user. In the corresponding Value field, enterec2-user.
 
- 
- 
Click Submit to save the changes. 
Deleting a virtual machine on Amazon EC2
You can delete virtual machines running on Amazon EC2 from within orcharhino.
- 
In the orcharhino management UI, navigate to Infrastructure > Compute Resources. 
- 
Select your Amazon EC2 provider. 
- 
On the Virtual Machines tab, click Delete from the Actions menu. This deletes the virtual machine from the Amazon EC2 compute resource while retaining any associated hosts within orcharhino. If you want to delete an orphaned host, navigate to Hosts > All Hosts and delete the host manually. 
- 
You can configure orcharhino to remove the associated virtual machine when you delete a host. For more information, see Removing a virtual machine upon host deletion. 
Uninstalling Amazon EC2 plugin
If you have previously installed the Amazon EC2 plugin but do not use it anymore to manage and deploy hosts to EC2, you can uninstall it from your orcharhino Server.
- 
Uninstall the EC2 compute resource provider from your orcharhino Server: $ dnf remove foreman-ec2 $ orcharhino-installer --no-enable-foreman-compute-ec2
- 
Optional: In the orcharhino management UI, navigate to Administer > About and select the Available Providers tab to verify the removal of the Amazon EC2 plugin. 
More information about Amazon Web Services and orcharhino
For information about how to install and use the Amazon Web Service Client on Linux, see Install the AWS Command Line Interface on Linux in the Amazon Web Services documentation.
For information about importing and exporting virtual machines in Amazon Web Services, see VM Import/Export in the Amazon Web Services documentation.
| The text and illustrations on this page are licensed by ATIX AG under a Creative Commons Attribution Share Alike 4.0 International ("CC BY-SA 4.0") license. This page also contains text from the official Foreman documentation which uses the same license ("CC BY-SA 4.0"). |