forked from cloudfoundry/docs-bosh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
aws-cpi.html.md.erb
236 lines (179 loc) · 10.5 KB
/
aws-cpi.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
---
title: AWS CPI
---
This topic describes cloud properties for different resources created by the AWS CPI.
## <a id='networks'></a> Networks
Schema for `cloud_properties` section used by dynamic network or manual network subnet:
* **subnet** [String, required]: Subnet ID in which instance will be created. Example: `subnet-9be6c3f7`.
* **security_groups** [Array, optional]: Array of security groups to apply for all VMs that are placed on this network. Defaults to security groups specified by `default_security_groups` in the global CPI settings. Consistently use either security group names or IDs.
Example of manual network:
```yaml
networks:
- name: default
type: manual
subnets:
- range: 10.10.0.0/24
gateway: 10.10.0.1
cloud_properties:
subnet: subnet-9be6c3f7
```
Example of dynamic network:
```yaml
networks:
- name: default
type: dynamic
cloud_properties:
subnet: subnet-9be6c6gh
```
Example of vip network:
```yaml
networks:
- name: default
type: vip
```
---
## <a id='resource-pools'></a> Resource Pools
Schema for `cloud_properties` section:
* **instance_type** [String, required]: Type of the [instance](http://aws.amazon.com/ec2/instance-types/). Example: `m1.small`.
* **availability_zone** [String, required]: Availability zone to use for creating instances. Example: `us-east-1a`.
* **key_name** [String, optional]: Key pair name. Defaults to key pair name specified by `default_key_name` in global CPI settings. Example: `bosh`.
* **spot\_bid\_price** [Float, optional]: Bid price in dollars for [AWS spot instance](http://aws.amazon.com/ec2/purchasing-options/spot-instances/). Using this option will slow down VM creation. Example: `0.03`.
* **spot\_ondemand\_fallback** [Boolean, optional]: Set to `true` to use an on demand instance if a spot instance is not available during VM creation. Defaults to `false`. Available in v36.
* **elbs** [Array, optional]: Array of ELB names that should be attached to created VMs. Example: `[prod-elb]`. Default is `[]`.
* **iam\_instance\_profile** [String, optional]: Name of an [IAM instance profile](aws-iam-instance-profiles.html). Example: `director`.
* **placement_group** [String, optional]: Name of a [placement group](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html). Example: `my-group`.
* **tenancy** [String, optional]: VM [tenancy](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/dedicated-instance.html) configuration. Example: `dedicated`. Default is `default`.
* **raw\_instance\_storage** [Boolean, optional]: Exposes all available [instance storage via labeled disks](aws-instance-storage.html).
* **ephemeral_disk** [Hash, optional]: EBS backed ephemeral disk of custom size for when instance storage is not large enough or not available for selected instance type.
* **size** [Integer, required]: Specifies the disk size in megabytes.
* **type** [String, optional]: Type of the [disk](http://aws.amazon.com/ebs/details/): `standard`, `gp2`. Defaults to `standard`.
* `standard` stands for EBS magnetic drives
* `gp2` stands for EBS general purpose drives (SSD)
* `io1` stands for EBS provisioned IOPS drives (SSD)
* **iops** [Integer, optional]: Specifies the number of I/O operations per second to provision for the drive.
* Only valid for `io1` type drive.
* Required when `io1` type drive is specified.
* **root_disk** [Hash, optional]: EBS backed root disk of custom size.
* **size** [Integer, required]: Specifies the disk size in megabytes.
* **type** [String, optional]: Type of the [disk](http://aws.amazon.com/ebs/details/): `standard`, `gp2`. Defaults to `standard`.
* `standard` stands for EBS magnetic drives
* `gp2` stands for EBS general purpose drives (SSD)
Example of a `m2.medium` instance:
```yaml
resource_pools:
- name: default
network: default
stemcell:
name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
version: latest
cloud_properties:
instance_type: m3.medium
availability_zone: us-east-1a
```
---
## <a id='disk-pools'></a> Disk Pools
Schema for `cloud_properties` section:
* **type** [String, optional]: Type of the [disk](http://aws.amazon.com/ebs/details/): `standard`, `gp2`. Defaults to `standard`.
* `standard` stands for EBS magnetic drives
* `gp2` stands for EBS general purpose drives (SSD)
* `io1` stands for EBS provisioned IOPS drives (SSD)
* **iops** [Integer, optional]: Specifies the number of I/O operations per second to provision for the drive.
* Only valid for `io1` type drive.
* Required when `io1` type drive is specified.
* **encrypted** [Boolean, optional]: Turns on [EBS volume encryption](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) for this persistent disk. VM root and ephemeral disk are not encrypted. Defaults to `false`.
EBS volumes are created in the availability zone of an instance that volume will be attached.
Example of 10GB disk:
```yaml
disk_pools:
- name: default
disk_size: 10_240
cloud_properties:
type: gp2
```
---
## <a id='global'></a> Global Configuration
The CPI can only talk to a single AWS region.
Schema:
* **credentials_source** [String, optional]: Selects credentials source between credentials provided in this configuration, or from an [IAM instance profile](aws-iam-instance-profiles.html). Default: `static`.
* **access\_key\_id** [String, optional]: Accesss Key ID. Example: `AKI...`.
* **secret\_access\_key** [String, optional]: Secret Access Key. Example: `0kwh...`.
* **default\_key\_name** [String, required]: Name of the [Key Pair](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) that will be applied to all created VMs. Example: `bosh`
* **default\_security\_groups** [Array, required]: Name of the [Security Group](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) that will be applied to all created VMs. Consistently use either security group names or IDs. Example: `[bosh]`
* **default\_iam\_instance\_profile** [String, optional]: Name of the [IAM instance profile](aws-iam-instance-profiles.html) that will be applied to all created VMs. Example: `director`.
* **region** [String, required]: AWS region name. Example: `us-east-1`
* **max_retries** [Integer, optional]: The maximum number of times AWS service errors (500) and throttling errors (`AWS::EC2::Errors::RequestLimitExceeded`) should be retried. There is an exponential backoff in between retries, so the more retries the longer it can take to fail. Defaults to 2.
See [all configuration options](https://bosh.io/jobs/cpi?source=github.com/cloudfoundry-incubator/bosh-aws-cpi-release).
Example with hard-coded credentials:
```yaml
properties:
aws:
access_key_id: ACCESS-KEY-ID
secret_access_key: SECRET-ACCESS-KEY
default_key_name: bosh
default_security_groups: [bosh]
region: us-east-1
```
Example when [IAM instance profiles](aws-iam-instance-profiles.html) are used:
```yaml
properties:
aws:
credentials_source: env_or_profile
default_key_name: bosh
default_security_groups: [bosh]
default_iam_instance_profile: deployed-vm
region: us-east-1
```
---
## <a id='errors'></a> Errors
```
Stemcell does not contain an AMI for this region (us-west-2c)
```
Make sure that `region` specified in global CPI configuration is one of the [official AWS regions](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions). AWS regions typically end with a number, so in the example above region is erroneously specified (it's set to an AZ since each region is divided into multiple AZ which end with a letter.)
```
Network vpc-a09e18c5 is not attached to any internet gateway
```
You need to create and attach an internet gateway to your VPC so that VMs can connect to the Internet.
```
The subnet ID 'subnet-c3051fad' does not exist
```
Make sure that the `region` specified in the global CPI configuration matches the region where your specified subnet resides.
```
Signature expired: 20141106T010406Z is now earlier than 20141106T011252Z (20141106T011752Z - 5 min.)
```
This error is usually caused by out-of-sync system time. Use `ntpdate` to sync the clock on the machine where bosh-init is run: `sudo ntpdate pool.ntp.org`. Alternatively make sure that `ntpd` is correctly configured and running.
```
resource eipalloc-6a45950f is already associated with associate-id eipassoc-427beb26
```
This error indicates that elastic IP specified in the manifest to be associated to the VM is in use by another VM. Check AWS console and decide whether other VM should be deleted to make elastic IP available for use.
```
Specifying an IP address is only valid for VPC instances and thus requires a subnet in which to launch
```
Make sure that each manual network subnet has `cloud_properties` key and its contents include `subnet` key with the AWS Subnet ID. (You may have accidently specified `cloud_properites` on the network itself.)
```
Arguments are not correct
```
This error may be raised when:
- `instance_type` is missing from the compilation or one of the resource pools' `cloud_properties` section
- the deployment job instance is not assigned a static IP
```
Address 10.10.16.251 is in use.
```
This error indicates that unknown VM took up the IP that the Director is trying to assign to a new VM. Either let the Director know to not use this IP by including it in the reserved section of a subnet in your manual network, or make that IP available by terminating the unknown VM.
```
When specifying a security group you must specify a group id for each item.
```
Make sure all security groups in the CPI configuration and networks' `cloud_properties` sections are specified in the same format, as IDs (e.g. `sg-384fher`) or names (e.g. `cf-public`).
```
You are not authorized to perform this operation. Encoded authorization failure message: vHU-KncL6Yo4pG5J9p...
```
See [IAM instance profiles errors](aws-iam-instance-profiles.html#errors).
```
Non-Windows instances with a virtualization type of 'hvm' are currently not supported for this instance type.
```
You cannot use HVM stemcells with certain instance types. Review which instance type is specified in a referenced resource pool.
```
AWS::EC2::Errors::RequestLimitExceeded Request limit exceeded.
```
AWS API is throttling the number of request in your account. You can reduce the number of threads running in BOSH, or increase the value of `aws.max_retries` to let the AWS client library perform retries in a exponential backoff. Note that the more retries, the longer will take to fail.
---
Next: [Using IAM instance profiles](aws-iam-instance-profiles.html)