Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Legal Notice: This document contains privileged and/or confidential information and may not be disclosed, distributed or
reproduced without the prior written permission of EPAM®.
EPAM Cloud Infrastructure
Orchestrator ver.2.1.51
What’s New
September 2015
CI2WN-S48-51
Version 1.0
CONTENT
1 Overview ..................................................................................................................... 3
2 Ansible Introduction ..................................................................................................... 4
3 Cloud Infrastructure Information .................................................................................. 5
3.1 Reporting by Owner ............................................................................................. 5
3.2 Cloud Zones Information ...................................................................................... 5
3.3 Notifications tips................................................................................................... 6
4 Personal Projects For All ............................................................................................. 7
5 EO Services update .................................................................................................... 8
5.1 Platform Services Extension ................................................................................ 8
5.2 Jenkins as a Service ............................................................................................ 9
5.3 Services Wizard ................................................................................................... 9
6 Security Updates ....................................................................................................... 10
7 Education .................................................................................................................. 12
7.1 Training Sets ..................................................................................................... 12
7.2 Personal Trainings for Key Staff ......................................................................... 12
7.3 Test Drives for Clients ........................................................................................ 13
8 Documentation Simplification .................................................................................... 14
9 Other Updates........................................................................................................... 15
10 Thanks .................................................................................................................. 15
Table of Figures ............................................................................................................... 16
Version history .......................................................................................................... 17
1 OVERVIEW
EPAM Orchestration Framework version 2.1.51 was released on September 6, 2015. We are
glad to introduce the following new features and improvements:
• Ansible is introduced as another auto configuration tool
• EO Services are now available in Azure regions
• Reporting by resource Owner is introduced
• Cloud regions status info is provided for users
• Personal Projects are now available for all EPAMers, irrespectively of their projects
assignments
• Jenkins as a service is introduced
• A number of security improvements implemented
• EPAM Cloud education programs delivered and planned
• Documentation restructuring started
Late July Microsoft released Windows 10 operation system. Since that time, we got many
requests for Windows 10 image in Cloud. We are glad to announce that with the current
production update, we added it to our image library. This is an enterprise image, with id
Win10. Feel free to use it when you need a Windows 10 server to be run in Cloud:
or2run -p project -r region -s medium -i win10
Please note that Windows 10 image is not available in EPAM-MSQ3 region.
Our users often address us with the questions for EPAM Private Cloud SLA details and
clarifications. For you to be more acquainted with the subject and to prevent
misunderstandings and unexpected situations, we strongly recommend to review
EPAM Private Cloud Service Offering document.
2 ANSIBLE INTRODUCTION
There is a big amount of technologies
that allow DevOps engineers quickly
and easily get the necessary
infrastructure configuration results.
From the very beginning, EPAM Orchestrator supports such tools, starting from simple
configuration via scripts, SSH support for further login and manual configuration, and including
Chef facilities that can be used in three ways, depending on project needs:
• Using default Chef server, common for all production environment machines
• Using a project-specific Chef server, created by EPAM Orchestrator for a specific
project
• Using a project-specific Chef server, created and configured by the user.
Although these options provide quite a wide range of possibilities, we were receiving requests
from our users who needed more tools and options. Thus, with the current production update
we are glad to introduce Ansible supporting dynamic inventory restful API. Ansible becomes
another auto configuration tool, available to EPAM Cloud users by default.
To support working with Ansible, we have introduced and updated the following Maestro CLI
commands:
Command Description
or2-ansible-init (or2ai) Setups all the required Ansible configuration files in a current user directory
or2-ansible-group (or2ag) Manipulates Ansible groups
or2-ansible-hosts (or2ah) Manipulates hosts in groups; the default group is “default”
or2-ansible-group-properties (or2agp) Sets Ansible group properties
or2-audit (or2audit) --group acs Returns the events related to auto configuration changes, including Ansible manipulations
We have prepared a document that gives you the details on Ansible usage in EPAM Cloud.
The document is available by this link.
For more details on the given commands, please see Maestro CLI User Guide.
Please note that using Ansible is most effective together with applying Multiple CLI
workspaces approach.
3 CLOUD INFRASTRUCTURE INFORMATION
Together with functional improvements, we introduced a number of facilities that make your
Cloud infrastructure information gathering more simple and effective:
• Billing reporting by resource owner
• Cloud zones status page
3.1 REPORTING BY OWNER
EPAM Cloud is designed to show high transparency in everything related to infrastructure
changes and costs.
We provide a range of possibilities to retrieve billing reports on your infrastructure, and these
reports can be of different detailing and cover different time periods. It is also possible to get
reports by resources - with the detailed pricing for each resource you own on your project, or
aggregated reports for a group of resources having the same tag.
The detailed audit allows to see which user performed which operation on infrastructure
resources, as well as when these event took place. However, there are cases when this is
not enough. We’ve received a number of requests from project and account managers who
need not only to know the details on infrastructure events and owners, but also about the
costs of resources created by this or that user.
In current production update, we are glad to announce that we added the -o/--owner property
to the or2report command which allows you to find the cost of resources by resources owner.
The -o/--owner property accepts both user’s EPAM e-mail address or “Name Surname”
specification.
The command can be used with or without the -p/--project parameter:
1. To find the report on all user’s resources in all projects, use:
or2report -o “Name Surname” -y 2015 -m 8
2. To find the report on all user’s resources in a specific project, use:
or2report -o [email protected] -y 2015 -m 8 -p DEMOPRO
3.2 CLOUD ZONES INFORMATION
EPAM Cloud is a service available 24/7. However, from time to time
it happens that some resources cannot be reached by users. One of
the most frequent reasons of this is unavailability of the virtualization
zone in which the resource is hosted.
With the current production update, we introduce the
Status Dashboard designed to provide real-time detailed information
on each of the Orchestrator zones (regions) availability and status.
For your convenience, zones are grouped by virtualization provider (OPEN STACK, AWS,
AZURE, CSA). If a zone cannot be reached for some reason, a warning mark is displayed
next to its name.
There are the following possible zone statuses:
• ACTIVE - zone is active and available
• INACTIVE - zone is deactivated and cannot be reached
• UNREACHABLE - zone cannot be reached die to some connection or infrastructure
issue
• MAINTENANCE - zone is under maintenance and cannot be reached
Thus, in case you have any issues with reaching your infrastructure, you can address the
Status Dashboard to check the availability of the respective zone. If the zone is active and
available, please leave a support request on EPAM Service Portal, and our support team will
assist you with solving the issue.
3.3 NOTIFICATIONS TIPS
Being designed to provide maximum transparency for its users, EPAM Orchestrator sends a
number of notifications on different events that take place in your Cloud infrastructure.
These notifications are sent from Auto Cloud Orchestrator user. In order to make the
notifications processing more effective, we would recommend to set up your Outlook so that
it filters Orchestrator messages and sends them to special dedicated folders. In current
release, we introduced a number of changes that may influence your existing filtering rules,
and can be useful in creating new ones:
• EPCloud topic part was changed to EPAM Cloud
• The [AR] (Action Required) tag was added to the topics of the following notifications:
o Instance Error.
o User schedule execution report.
o Checkpoints lifetime report.
o AWS images healthcheck report.
o Broken schedules
o Maestro Stack Execution Failed
o Quota update
The [AR] tag in the letter topic means that some event needs actions from your side:
this can be additional investigation, addressing to support team, changing the
infrastructure. Please be attentive to these letters, as ignoring them can have
unexpected and/or serious consequences on your infrastructure.
4 PERSONAL PROJECTS FOR ALL
It is widely known that EPAM Cloud provides not only billed computing capacities for project
needs, but also gives its user possibility to have personal resources for free, for educational
and training purposes.
We were creating EPAM cloud as a cloud, oriented on project needs, and personal projects
access was restricted, as this feature used to be available only for the EPAMers assigned to
at least one billable project, active in Cloud.
However, we are glad to announce that due to resource usage optimization and OpenStack-
based region activation, starting from the current release, personal projects are available to
any EPAMer, irrespective of their projects status in Cloud.
Please note, personal projects are run in EPAM-MSQ3 (Minsk) region only. Due to legislation
specifics, personal projects are not available for the users who are assigned to at least one
project registered in Canada.
To activate the personal project, make just two steps:
• Log in to Cloud Dashboard
• Click the new Activate Personal Project button:
Figure 1 - Personal Project button
After that, your personal project will be activated within minutes, and you will get a respective
email notification.
In case you do not need your personal project any more, you can easily deactivate it by
clicking the “Deactivate Personal Project” button on the Dashboard. Please note that before
that, you should remove all the existing resources from your project with the or2kill command:
or2kill -p personal -r EPAM-MSQ3 -i instance_id
If there are still any resources remaining on your personal project when you try to deactivate
it, deactivation will be rejected, and you’ll get a respective warning.
After the project deactivation, you can re-activate it at any moment.
5 EO SERVICES UPDATE
Traditionally, the new Orchestration release is accompanied by EPAM Cloud Services
updates. This times, we have three announcements to make.
5.1 PLATFORM SERVICES EXTENSION
EPAM Orchestration team do their best to make the user feel as few discomfort caused by
Cloud providers specifics, as possible, no matter whether they use bare metal, ESX,
OpenStack or AWS and Azure public clouds.
EPAM Orchestrator’s main task is to provide a unified tool that would allow to manipulate
resources in different clouds similarly. There are many techniques, used in order to perform
this task. For example, this is image aliasing, which allows user to select the necessary
image by a common name (alias), e.g., CentOS6_32-bit, and Orchestration automatically
selects a necessary image in the target cloud, depending on the specifics of the selected
region. Similar approach is used with shapes - by referencing the same shape name, the
user can run VMs with similar capacities in different Clouds, without need to care about the
actual VM configuration settings, all the necessary mapping is performed by EPAM
Orchestrator.
However, the unification of the or2run command is only a part of EPAM Orchestrator’s
unification capacities. It also provides similar control and monitoring for infrastructure in
different clouds (e.g., quotas, permissions, monitoring). A significant point here is the
versatile platform solutions, delivered to simplify your work with cloud and make it more
effective. This is about EPAM Cloud Services, provided to the users on self-service basis.
With the current production update we have significantly updated and remade the auto-
configuration system behind the platform services, so that it made possible to support them
in Azure regions. The following services can now be used there:
• Auto Configuration Service (ACS)
• Cloud Monitoring Service (CMS)
• Log Aggregation Service (LAS)
• Load Balancer Service (LBS)
• Docker Service (DOS)
• Infrastructure Scheduling Service (CRON)
• Jenkins (New. See below)
You can find the details on these services on the Services page.
5.2 JENKINS AS A SERVICE
EPAM Orchestrator was initially created, based on the concept of CI/CD
processes automation. EPAM Orchestration is intended to deliver Cloud for
developers, providing them with all the capabilities, necessary to build
effective CI/CD processes.
We are glad to announce, that with the current production update, we
introduce Jenkins as a service. When activated, the service installs Jenkins
from scratch, installs all the necessary plugins and starts collecting audit messages from
Jenkins (this information becomes available on the Audit page, without need to connect
Jenkins directly).
Please note that Jenkins as a service is available on AWS and Azure regions only!
As other auto-configuration based services, Jenkins is activated with the or2ms service:
or2ms -p project -r region -s jenkins --activate
The other service manipulation commands are:
Command Description
or2-describe-jenkins-jobs (or2djj) Describes the existing jobs
or2-trigger-jenkins-job (or2tjj) Triggers a Jenkins job execution
or2-create-jenkins-job (or2cjj) Creates a new Jenkins job
or2-remove-jenkins-job (or2rjj) Removes an existing Jenkins job
or2audit –p project –r region –g jenkins Retrieves the audit on Jenkins performance
The current implementation is the first step in providing Jenkins as a service. We are open for
your suggestions and ideas. If you have any, please feel free to contact our Consulting team.
For more details on the service commands and usage, please see Maestro CLI User Guide
and Cloud Services Guide.
5.3 SERVICES WIZARD
Traditionally, EPAM Cloud team spends a part of their effort to make EPAM Orchestrator
usage easier, more intuitive, effective and user friendly. That’s why, in current update, we
focused on services - the feature which is gaining more popularity while being available only
via sets of Maestro CLI commands.
Thus, this time we introduce the
Services Wizard that allow you to
activate and manipulate four most
popular EPAM Cloud services:
• Cloud Monitoring Service
• Log Aggregation Service
• Load Balancer Service
• Chef Service.
The wizard allows to perform all existing manipulations on the listed services.
Please note that the wizard is available for the users, who have access to services-related
operations. The users permissions mapping tables are given here.
6 SECURITY UPDATES
Providing a hybrid cloud means engaging public providers, which is an effective and a
called-for approach which, however, is a challenge in terms of enterprise security.
EPAM Cloud has many users who are not qualified enough to estimate security risks, but
they still have to use public cloud for their projects’ needs - development, demo, or any
other. Due to the fact that the number of EPAM Cloud users constantly grows, and all
resource provisioning is performed on self-service basis, the load on EPAM IT Security
group is always high.
In order to get to a situation, which would be most comfortable for both sides (developers
get all the necessary resources, and the security level is high enough), we introduced a
number of security-related changes to EPAM Cloud service.
• All AWS and Azure accounts are configured so that resources assigned to them
are available only from public IP addresses of EPAM offices. This means, that
EPAM employee can reach these resources when they are in office or connected to
EPAM VPN, while the infrastructures are not available to third-party users.
For AWS, there is a temporary access option that rules out the possibility to hack
your account, as it expires after one hour idle.
• All vulnerability reports coming from AWS are carefully reviewed by the IT
Security team. This allows them to react on alerts quickly, without waiting for
requests from users.
• The rights of AWS users are restricted - by default, they cannot create new users
or update security policies. In case there is a need to expand the rights of an AWS
user, you need to get approval from your Project manager and the IT Security
Group.
• Every week, EPAM Orchestrator creates a report on all created/deleted AWS IAM
users and on all users who got temporary access to AWS. The report is sent to
Cloud Support teams.
• EPAM Orchestrator creates project vulnerability reports. The report includes two
parts:
o The information on the resources assigned to people who were fired or
moved to another projects
o The information gathered by Nessus vulnerability scanner, which performs
additional security check and audit on AWS VMs, available via internet
(those having 0.0.0.0/0 destination IP).
We are planning to keep on expanding these reports for better risks detection and
pro-active issues solving.
7 EDUCATION
Summer is time of holidays and vacations. However, in EPAM, it is also time of knowledge
sharing and education. During the past three months, EPAM Cloud team made several steps
in Cloud expertise sharing with other EPAMers.
7.1 TRAINING SETS
During the past three month, EPAM Private Cloud team has delivered three trainings that
included 23 lecture events for over 200 EPAMers:
Training Audience Dates Course
Duration
EPAM Private Cloud Basics Project Managers Project Coordinators
June 8-26, 2015 8 hours
Cloud Computing and EPAM Cloud Introduction
Software developers Testing engineers
July 22, 2015 2 hours
EPAM Cloud for Functional Testers
Testing engineers August 10-19, 2015 10 hours
We would like to thank everyone who participated in these events. First of all, our attendees
who joined the courses, faced the tasks and provided their valuable feedbacks that allow us
to make our education program more effective and target-oriented. We would also like to
thank the CDP department for their assistance in trainings organization. And, of course, big
thanks for our production trainers Svitlana Ostnek, Ivan Trofymenko and Andrei Paulau, who
developed and delivered the trainings.
The links to all materials are available on the KB pages describing the trainings.
7.2 PERSONAL TRAININGS FOR KEY STAFF
Besides group trainings, our Consulting team started delivering personal trainings for
projects key staff (project managers, project coordinators, account managers). These
trainings are intended to share the knowledge on Cloud usage and project management in
Cloud within shortest terms. We concentrate exactly on the question and options important
for a specific person, develop a personal schedule, and are ready to answer any questions
appearing during and after the course.
We would like to express special thanks to Richard Thieme and Pavel Romanov, who showed
special and deep interest in EPAM Cloud, paid much effort to investigate our product and
provided a big number of valuable comments and suggestions that were turned into new
features and improvements tickets.
If you are one of the project’s key staff, and you need to get a personal training on EPAM
Cloud (usage, monitoring, resource optimization, billing and cost reduction, etc.), feel free to
address EPAM Cloud Consulting with the respective request.
7.3 TEST DRIVES FOR CLIENTS
EPAM Cloud is a cloud, built for development. Some clients who have their own virtual
infrastructures show their interest in EPAM’s expertise in building enterprise cloud, and ask
for assistance in building one on their own data centers.
We are glad to announce that we have a new service: EPAM Test Drive, which we have
successfully tested this August.
The Test Drive is performed in two directions:
• We activate a AWS region for a client who uses EPAM Cloud, and provide them with
a limited access to infrastructure manipulations, so that they can see how EPAM
Cloud works, on their own experience.
• We provide four one-hour long lectures on EPAM Cloud usage (based on the
Managers’ Cloud training. The training format can be adjusted according to the
client’s needs and schedule.
In case you need such a test drive to be delivered, please address our Consulting team.
Please note that such activities should be scheduled in 2-3 weeks before start, as Consulting
team’s capacities are limited.
8 DOCUMENTATION SIMPLIFICATION
The other big change starting with Orchestration v.2.1.51 release is the start of
Documentation update and restructuring.
As EPAM Private cloud is a self-service, it needs to be documented in details. From very
beginning, we’ve been creating and maintaining documents, which describe EPAM Cloud
from different points of view, targeted on different audiences - users, administrators,
managers, beginners and experts in Cloud technologies.
With the lapse of time, the amount of documentation grew significantly. In order to make the
knowledge base more comprehensive and to minimize time and effort necessary to maintain
and synchronize all the resources, we started the documentation simplification and
restructuring process.
With the current update, we are glad to introduce two renewed documents, that inherited the
information from five different sources:
• Maestro CLI: Quick Start (Maestro CLI Quick Start + Maestro CLI Setup + Personal
Quotas + CLI Customization)
• Maestro CLI User Guide (Maestro CLI Reference Guide + Multiple Workspaces +
New Commands)
The links to the outdated documents will be redirected to the new ones.
Please feel free to provide your feedback on documentation to our Consulting team or to
Svitlana Ostnek directly.
9 OTHER UPDATES
Apart from the new features that are covered above in this document, there is also a set of
improvements that are also worth mentioning:
• Personal projects reporting improved
• The quota level for PM level 1 is increased.
• ACS. Chef servers were updated to the latest version
• Azure. Azure processes were improved
• AWS. Stacks processing was improved
• CLI. Instance name now can be used to delete properties from instance
• CLI. ChangeOwner operation permissions are restricted. Now, it is available only for
PM/PC users
• CLI. Responses optimized
• CLI. Now, it is possible to filter AZURE, EPAM and AWS regions in or2dpro and
or2dreg commands
• Maestro-utility. Utility output brought to Maestro CLI standards
• Mail. A number of informational and layout improvements are introduced to email
notifications
• Mail. Mailing policies updated
• Reporting. Managers’ report updated with checkpoints analytics.
• UI. Dashboard. The Manage EPC button is renamed to “Manage EPAM Cloud”
• UI. Forms. Schedules wizard can be used to schedule personal resources
management
• UI. Management. Sorting for search results is added
• UI. Monitoring. Project tree now lists all active regions
10 THANKS
We have always encouraged our users to provide their feedback, complaints and suggestions
on EPAM Cloud. We are glad to know that there are those of you who find time for deep
investigation of our product, for analysis and discussions with our support teams.
We highly appreciate every comment and suggestion you share with us. With any ideas,
please feel free to address our Consulting team.
TABLE OF FIGURES
Figure 1 - Personal Project button ....................................................................................... 7
VERSION HISTORY
Version Date Summary
1.0 September 6, 2015 First published