EPAM Cloud Orchestrator - Maestro CLI User Guidel=i/cirg_1_maestro_… · 1.2 Getting Maestro CLI Help ... 15.15 Magento as a Service ... • Getting Started section gives the instructions

Legal Notice: This document is property of EPAM and may not be disclosed, distributed or reproduced without the prior

written permission of EPAM®.

EPAM Cloud Orchestrator

MAESTRO CLI USER GUIDE

User Guide

February 2021

CSUG-2

Version 19.11

EPAM Cloud Orchestrator - Maestro CLI User Guide

2 EPAM PUBLIC

CONTENTS

Preface .................................................................................................................................. 10

About this Guide ............................................................................................................ 10

Audience ........................................................................................................................ 10

The structure of the Guide ............................................................................................. 10

Documentation References ........................................................................................... 11

1 Getting Started ............................................................................................................... 12

1.1 Installing Maestro CLI ....................................................................................... 12

1.2 Getting Maestro CLI Help ................................................................................. 12

1.3 Setting the Credentials...................................................................................... 14

1.4 Checking the Maestro CLI Client Version ......................................................... 16

1.5 Maestro CLI Info ............................................................................................... 17

1.6 Updating the Maestro CLI Client ....................................................................... 19

1.7 Describe Projects .............................................................................................. 20

1.8 Describe Regions .............................................................................................. 21

2 Working With Instances ................................................................................................. 23

2.1 Determining Available Images .......................................................................... 23

2.2 Determining Available Shapes .......................................................................... 25

2.3 Running Instances ............................................................................................ 26

2.4 Stop (Pause) Instances..................................................................................... 30

2.5 Start (Resume) Instances ................................................................................. 31

2.6 Reboot Instances .............................................................................................. 32

2.7 Rebuild Instance ............................................................................................... 33

2.8 Terminate Instances ......................................................................................... 33

2.9 Lock Instance Termination ................................................................................ 34

2.10 Describe Existing Instances .............................................................................. 36

2.11 Changing Instance Shape ................................................................................ 38

2.12 Changing Instance Owner ................................................................................ 39

2.13 View Pool State ................................................................................................. 40

2.14 Describe VLANs ................................................................................................ 41


3 EPAM PUBLIC

2.15 Move Instance to VLAN .................................................................................... 42

2.16 Describe Subnets .............................................................................................. 43

2.17 Custom Instance Properties ( Launch Template) ............................................. 44

2.18 Describe Workspaces ....................................................................................... 46

3 Scheduling Instance Activities ....................................................................................... 46

3.1 Create Schedule ............................................................................................... 46

3.2 Describe Schedules .......................................................................................... 48

3.3 Add Instance to Schedule ................................................................................. 49

3.4 Remove Instance from Schedule ...................................................................... 50

3.5 Delete Schedule ................................................................................................ 51

3.6 Cron Reference ................................................................................................. 52

4 Instance Properties ........................................................................................................ 54

4.1 Set Instance Properties..................................................................................... 54

4.2 Describe Instance Properties ............................................................................ 56

4.3 Delete Instance Properties ............................................................................... 57

5 Creating Images ............................................................................................................ 58

5.1 Create an Image ............................................................................................... 58

5.2 Delete Image ..................................................................................................... 60

5.3 Preparing Instances for Image Creation ........................................................... 61

5.3.1 Windows OS Family .................................................................................. 61

5.3.2 Linux OS Family ........................................................................................ 65

6 Security and Connection ............................................................................................... 68

6.1 Create Key Pair ................................................................................................. 68

6.2 Import Key Pair ................................................................................................. 70

6.3 Describe Key Pairs ........................................................................................... 72

6.4 Delete Key Pair ................................................................................................. 73

6.5 Console ............................................................................................................. 74

6.6 Accessing AWS Management Console ............................................................ 76

6.7 IAM User Management ..................................................................................... 77

6.8 Accessing Azure Management Console ........................................................... 78

6.9 Accessing Google Management Console......................................................... 79

6.10 Decrypting Instance password .......................................................................... 80


4 EPAM PUBLIC

6.11 Allocating a Static IP for a Project .................................................................... 81

6.12 Assign a Static IP to a VM ................................................................................ 82

6.13 Describe Static IPs ............................................................................................ 83

6.14 Disassociate a Static IP from a VM .................................................................. 84

6.15 Release a Static IP ........................................................................................... 85

6.16 Register an Existing Instance on Luminate ...................................................... 86

6.17 Describe Public Permissions ............................................................................ 86

7 Working with Volumes ................................................................................................... 88

7.1 Create and Attach Volume ................................................................................ 88

7.2 Attach Volume ................................................................................................... 90

7.3 Detach Volume ................................................................................................. 91

7.4 Resize Volumes ................................................................................................ 92

7.5 Describe Volumes ............................................................................................. 93

7.6 Delete Volume .................................................................................................. 95

7.7 Finding the Device Parameter .......................................................................... 96

7.8 Mounting Storage Volumes .............................................................................. 97

7.8.1 Windows OS family ................................................................................... 97

7.8.2 Linux OS Family ........................................................................................ 98

8 Working with Checkpoints ............................................................................................. 99

8.1 Create Instance Checkpoint ........................................................................... 100

8.2 Describe Instance Checkpoints ...................................................................... 101

8.3 Go to Instance Checkpoint ............................................................................. 102

8.4 Revert to Instance Checkpoint ........................................................................ 103

8.5 Delete Instance Checkpoint ............................................................................ 104

9 Working with Hardware Servers .................................................................................. 105

9.1 Hardware Server Registration ........................................................................ 105

9.2 Hardware Server Unregistration ..................................................................... 107

9.3 Hardware Server Modification ........................................................................ 108

9.4 Hardware Report ............................................................................................. 110

10 Audit and Billing ........................................................................................................... 111

10.1 Project Report ................................................................................................. 112

10.2 Get Prices ....................................................................................................... 114


5 EPAM PUBLIC

10.3 Instance Audit ................................................................................................. 117

10.4 Working with EO Accounts ............................................................................. 119

11 Using Tags ................................................................................................................... 121

11.1 Set Tag ........................................................................................................... 121

11.2 Describe Tag ................................................................................................... 123

11.3 Delete Tag ...................................................................................................... 124

12 Working with Files ........................................................................................................ 125

12.1 Upload a New File ........................................................................................... 125

12.2 Delete a File .................................................................................................... 127

12.3 Describe Files ................................................................................................. 128

13 Security Scanning ........................................................................................................ 129

14 Automating Infrastructure Manipulation ....................................................................... 130

14.1 Terraform ........................................................................................................ 130

14.2 Amazon Cloud Formation ............................................................................... 131

14.2.1 Run AWS Stack ...................................................................................... 131

14.2.2 Describe AWS Stacks ............................................................................. 133

14.2.3 Describe AWS Stack Events ................................................................... 134

14.2.4 Describe AWS Stack Resources ............................................................ 135

14.2.5 Delete AWS Stack ................................................................................... 137

14.3 Maestro Stacks ............................................................................................... 138

14.3.1 Describe Maestro Stacks ........................................................................ 138

14.3.2 Run Maestro Stack .................................................................................. 139

14.3.3 Delete Maestro Stack .............................................................................. 141

14.3.4 Describe Stack Resources ...................................................................... 142

14.3.5 Validate Maestro Stack Template ........................................................... 143

14.3.6 Convert Maestro Stack Template ........................................................... 144

15 Services ....................................................................................................................... 145

15.1 Services Manipulation ..................................................................................... 146

15.1.1 Starting a Service .................................................................................... 146

15.1.2 Describing Project Services .................................................................... 148

15.1.3 Monitoring the Services ........................................................................... 150

15.2 Chef Server Service ........................................................................................ 151


6 EPAM PUBLIC

15.2.1 Set Chef Mode ........................................................................................ 152

15.2.2 Disabling Auto Configuration for Specific OS ......................................... 153

15.2.3 Retrieving Chef Information .................................................................... 154

15.2.4 Collecting Info on Chef Clients ................................................................ 155

15.3 Zabbix Monitoring Service .............................................................................. 156


15.3.2 Service Info ............................................................................................. 157

15.3.3 Start Monitoring an Instance ................................................................... 158

15.3.4 Stop Monitoring an Instance ................................................................... 159

15.3.5 Viewing Zabbix Data ............................................................................... 160

15.4 Telemetry as a Service ................................................................................... 162


15.4.2 Adding an Instance to Telemetry ............................................................ 163

15.4.3 Stop Collecting Telemetry from the Instance .......................................... 164

15.4.4 Describe Telemetry Agents ..................................................................... 165

15.4.5 Get Telemetry ......................................................................................... 166

15.5 CloudWatch and SSM Service ....................................................................... 167


15.5.2 Managing SSM and CloudWatch Agents on a VM ................................. 168

15.6 Log Aggregation Service ................................................................................ 168


15.6.2 Log Service Info ...................................................................................... 168

15.6.3 Start Collecting Logs from an Instance ................................................... 169

15.6.4 Stop Collecting Logs from an Instance ................................................... 170

15.6.5 Viewing the Collected Logs ..................................................................... 170

15.7 Load Balancing Service .................................................................................. 171

15.7.1 Starting and Managing the Service ......................................................... 171

15.7.2 Load Balancer Configuration................................................................... 171

15.7.3 Configure Balancing ................................................................................ 173

15.7.4 Configure Limits ...................................................................................... 173

15.7.5 Configure Bans ....................................................................................... 174

15.7.6 Configure Cache ..................................................................................... 175


7 EPAM PUBLIC

15.7.7 Describe Load Balancer Members .......................................................... 176

15.8 OpenShift as a Service ................................................................................... 177

15.8.1 Service Activation .................................................................................... 177

15.8.2 OpenShift Configuration .......................................................................... 177

15.9 Docker Service ................................................................................................ 179

15.9.1 Docker Container Images ....................................................................... 180

15.9.2 Manipulating an Application .................................................................... 182

15.9.3 Manipulating Volumes ............................................................................. 184

15.9.4 Creating a Docker Registry ..................................................................... 186

15.9.5 Manipulating Registry Images ................................................................. 186

15.9.6 Docker Service Info ................................................................................. 188

15.10 Kubernetes as a Service ................................................................................. 190

15.10.1 Starting the Kubernetes Service ............................................................. 190

15.10.2 Generating Inventory File for Ansible ...................................................... 191

15.11 Jenkins as a Service ....................................................................................... 192

15.11.1 Starting the service ................................................................................. 192

15.11.2 Creating a Jenkins Job ............................................................................ 193

15.11.3 Jenkins Plugins Management ................................................................. 194

15.11.4 Describing Existing Jenkins Jobs ............................................................ 196

15.11.5 Triggering a Jenkins Job ......................................................................... 197

15.11.6 Removing a Jenkins Job ......................................................................... 198

15.11.7 Configuration File Example ..................................................................... 199

15.12 Sonar as a Service .......................................................................................... 200


15.12.2 Service Manipulation ............................................................................... 200

15.12.3 Sonar Quality Profiles ............................................................................. 201

15.12.4 Sonar Rules ............................................................................................ 202

15.13 Artifactory as a Service ................................................................................... 204



15.14 Relational Database Service .......................................................................... 206

15.15 Magento as a Service ..................................................................................... 208


8 EPAM PUBLIC



15.16 Messaging as a Service .................................................................................. 209

15.16.1 Starting the service ................................................................................. 209

15.16.2 Getting Tokens ........................................................................................ 209

15.16.3 Queues Manipulation .............................................................................. 210

15.16.4 Messages Manipulation .......................................................................... 211

16 Ansible Usage .............................................................................................................. 212

16.1 Initializing Environment ................................................................................... 212

16.2 Ansbile Hosts .................................................................................................. 213

16.3 Ansible Groups ............................................................................................... 214

16.4 Ansible Group Properties ................................................................................ 215

16.5 Ansible Dynamic Inventory ............................................................................. 216

17 Troubleshooting ........................................................................................................... 217

Annex A - User Permissions ............................................................................................... 218

User Groups ................................................................................................................ 218

Default Project Roles ................................................................................................... 221

User Permissions customization for a Specific User ................................................... 224

Annex B – Client Versioning ................................................................................................ 225

Annex C – Instance Types and Their Shapes ..................................................................... 226

Annex D – Service Locations .............................................................................................. 227

EPAM Infrastructure .................................................................................................... 227

AWS Cloud Formation Regions ................................................................................... 230

Azure Regions ............................................................................................................. 231

Google Cloud Regions ................................................................................................ 232

Annex E – Logging in to Instances ...................................................................................... 233

Windows ...................................................................................................................... 233

Linux 233

AWS – Windows .......................................................................................................... 234

Azure 235

Google Cloud Regions - Windows ............................................................................... 236

Hardware MacOs ......................................................................................................... 237


9 EPAM PUBLIC

Virtual MacOs .............................................................................................................. 238

Annex F – Maestro CLI Commands List ............................................................................. 240

Annex G – PaaS Guest Operating Systems ....................................................................... 243

Table of Figures................................................................................................................... 244

Version history ..................................................................................................................... 250


10 EPAM PUBLIC

PREFACE

ABOUT THIS GUIDE

Maestro Command Line Interface (CLI) is intended to perform basic Orchestrator

commands via remote command line by sending server API requests using REST API without

the need to install 3rd party utilities. Maestro CLI commands are based on respective

commands for Amazon AWS. We picked a minimum required set of parameters for each

command. This way we were able to uniform the commands for different service providers.

This document provides detailed reference, including purpose, use case and syntax for each

of Maestro CLI commands.

The document is being constantly modified and updated. Please, feel free to contact us if

any questions or issues appear.

AUDIENCE

This guide is designed for EPAM Cloud users who create, manage and monitor their virtual

infrastructure using Maestro CLI.

THE STRUCTURE OF THE GUIDE

• Getting Started section gives the instructions on how to start working with Maestro

CLI, set credentials and see the regions and projects available for the user.

• Working With Instances section lists the commands dealing with the instance

manipulation and info.

• Scheduling Instance Activities section provides the commands to set up and

manipulate cron schedules

• Instance Properties section lists the commands dealing with instance properties

• Creating Images section gives image-related commands and the instructions on

preparing an instance for image creation.

• Security and Connection section describes keys and console commands

• Working with Volumes section lists the volume-related command and gives

instructions on volumes mounting and usage.

• Working with Checkpoints section lists checkpoint-related commands and tips.

• Audit and Billing section gives report, prices and audit-related commands.

• Using Tags section lists the tag-related commands

• Working with Files section lists files manipulation commands

• Automating Infrastructure Manipulation section gives the commands and

recommendations on working with Amazon Cloud Formation and Maestro Stacks.

• Services section gives the detailed instructions on working with the services

manipulated via Maestro CLI.

mailto:[email protected]


EPAM PUBLIC 11

DOCUMENTATION REFERENCES

EPAM Orchestration is described in details in a number of documents, oriented on different aspects of

Orchestration usage, and on different types of users.

You can find these documents on our Documentation page.

The answers to the most frequently asked questions can be found on the FAQ page.

EPAM Cloud terms and conditions are described in the EPAM Cloud Terms and Conditions. Please

take a look at this document in order to avoid misunderstandings and conflicts that may arise during the

service usage.

The terminology of EPAM Cloud and the related products can be found on the Glossary page.

Please email your comments and feedback to EPAM Cloud Consulting at

[email protected] to help us provide you with documentation that is as clear,

correct and readable as possible.

https://cloud.epam.com/site/learn/documentation

https://cloud.epam.com/site/learn/f=a=q

https://cloud.epam.com/site/about/terms_and_agreements/EPC_Policy.pdf

https://cloud.epam.com/site/learn/glossary


https://kb.epam.com/display/EPMCITFAQ/Documentation


EPAM PUBLIC 12

1 GETTING STARTED

This section provides you with the basic information on Maestro CLI installation and the basic commands

that allow you to get acquainted with the Orchestrator.

1.1 INSTALLING MAESTRO CLI

Maestro Command Line Interface (CLI) is a tool for performing Orchestrator commands via remote

command line. It can be easily installed and run by following the steps given below:

• Make sure you have Java Runtime Environment (JRE) installed (Java Developer’s Kit (JDK)

ver. 1.8). You can download the latest version of JRE/JDK from the official Oracle website.

• Having installed Java, make sure JAVA_HOME system variable points to JDK installation

folder, while Path contains a link to 'bin' folder of JDK.

• Download maestro-cli.zip archive.

• Unpack the archive. The target folder should not contain spaces. As a result, you will get a

'maestro-cli' folder containing two subfolders.

• Run Maestro CLI:

• For Windows: Run windows-console.cmd in ‘maestro-cli’ folder

• For Linux: go to the ‘maestro-cli/bin’ folder, where you will be able to select any of the available

scripts to run.

You can find a detailed guide on Maestro CLI installation and the full list of the necessary

Prerequisites in Maestro CLI Quick Start Guide.

1.2 GETTING MAESTRO CLI HELP

Maestro CLI needs precise specification of command parameters and their values.

Typically, users remember the most frequently used commands and parameters, and need to reference

documentation to clarify the details.

Maestro CLI provides a set of its own assistance facilities that allow to simplify the tool usage and

minimize the need to use additional resources:

• or2help command allows to see the list of all commands available in cloud or, when used with

the --region parameter, in a specified virtualization region. Additionally, the command can

contain the --project parameter to retrieve the list of commands available for the requesting

user in the specified project.

By default, the commands in the response go alphabetically with brief descriptions. In case you

need the commands with detailed parameters info, you can use the –full flag. For example:

or2help –r AWS-USEAST [--full]

• Automatic help: In case you miss a parameter at command run, or the given parameter or

parameter value is incorrect, Maestro CLI will inform you on the issue and provide with the list

of command parameters.

For example, the following command:

http://www.oracle.com/technetwork/java/javase/downloads/index.html

https://console.cloud.epam.com/site/develop/maestro_c=l=i/maestro-cli.zip

https://cloud.epam.com/site/develop/maestro_c=l=i/ciug_1_cli_setup.pdf


EPAM PUBLIC 13

Figure 1 - or2help Command Output

or2chow –p DEMOPRO

where not all necessary parameters are given, will result in the following output:

Figure 2 - Command help for incorrect parameters input

• Usage examples and related commands. You can get a full reference on a command,

including usage examples, parameters, and related commands, by calling the necessary

command with the --help parameter, for example:

or2dim --help


EPAM PUBLIC 14

The command response will include the following elements:

Figure 3 - Command response with --help option

Where:

1. Command description

2. The most typical examples of the command’s usage

3. The list of the commands, related to the target one, with examples

4. The list of parameters

1.3 SETTING THE CREDENTIALS

Running commands using Maestro CLI requires provision of user credentials.

The first thing you should do after going through installation is execute the or2access command and

enter your credentials when prompted.

Invoke: or2-get-access (or2access)

The command registers user domain credentials within Orchestrator and creates a ‘default.cr’ file.

When launched, it prompts to provide EPAM domain credentials (with or without ‘@epam.com’

respectively.) Specified credentials are checked for validity on Orchestrator side and a list of projects,

available to the user, is drawn and stored in local Orchestrator storage.

Passwords are never stored openly either on Orchestrator, or on Maestro CLI client side.

Currently, user credentials are cached by the or2access command to the %Maestro_CLI%/lib/default.cr

file. Thus, it is important to keep the %Maestro_CLI% in the directory that cannot be accessed from

outside.

We recommend to install Maestro CLI to your home directory (C:\Users\<your_name>).

The Company security policy implies changing user passwords every three months. Please, run the

or2access command again, specifying your new password each time you have it changed.


EPAM PUBLIC 15

Orchestrator allows Project Managers and Coordinators to customize user permissions in order to avoid

any unwanted actions from specific project members and keep a better track of project infrastructure.

Each project member is given access to a certain set of actions, depending on their current project role.

We have created a generic project role mapping matrix, which is used by default and gives you

something to start with. You can find it in Annex A.

Unlike most of commands, this one is performed on the Orchestrator level and does not use any

Virtualization Service Providers. You do not need to specify the -r and -p parameters to run it.

CLI Parameters

Parameter name Description Required

--force Force user update No

--full Show full command output instead of default basic one No

-P, --plain-output Use plain output instead of default table output No

--json Show command output in json format No

-s, --system Use system credentials. Uses domain credentials if not

specified. No

--help Display command help No

Response Elements

Name Description

Name User name

Pwd User password

Command Example

or2access

Response Example

Figure 4 - or2access Response Example

If you like to log in as another EPAM user, please run the or2access command again to overwrite

previously stored user credentials.


EPAM PUBLIC 16

1.4 CHECKING THE MAESTRO CLI CLIENT VERSION

Invoke: or2-check-version (or2check)

The command shows the version of Maestro CLI client currently installed on your machine. See Annex

B – Client Versioning for details.

Unlike most of CLI commands, this one requires no parameters to run.

CLI Parameters






Response Elements

Name Description

provided-cli-version Current version of Maestro CLI client installed on user machine

provided-api-version Current version of Maestro API installed on user machine

required-api-version Minimum version of Maestro API required to work with current

Orchestration framework

last-cli-version Latest available version of Maestro CLI

client-status Status of current client

Command Example

or2check

Response Example

Figure 5 - or2check Response Example


EPAM PUBLIC 17

1.5 MAESTRO CLI INFO

Invoke: or2-get-info (or2info)

This command allows obtaining information of Maestro CLI client configuration, the state of environment

variables as well as Freemarker FTL user templates utilized.

Unlike most of commands, this one is performed on the Maestro CLI Client level, does not require

connection to Orchestrator and does not use any Virtualization Service Providers. There are no required

parameters and execution result has no fixed elements.

CLI Parameters


-f, --file Use this parameter to send output to the specified file in the

‘/maestro-cli/out’ folder. No


The result of the ‘info’ command execution contains several sections:

• Current time – current GMT time on a client machine. This parameter is used when forming an

authorization key for each command and can be useful to determine reasons for failures.

• Parameter values within ‘cli-system.properties’. Users are unable to edit system parameters,

since ‘cli-system.properties’ is contained within ‘maestro-cli-full.jar’, while its contents are

crucial to determine reasons for command failures. One of the parameters within this file is

‘cli.version’, containing currently installed version of the CLI client.

• HTTP Client configuration values.

• Contents of the ‘default.cr’ file. In case this file contains a property password, it will not be

displayed for security concerns.

• Environment variable values, namely ‘ORCH_URL’, ‘MAESTRO_CLI_HOME’,

‘JAVA_HOME’.

• Contents of custom Freemarker Template, if defined as a value for the

‘custom.freemarker.template.file’ within ‘cli.properties’.

In case a parameter has no set value (e.g. ‘http.tcp.nodelay=’), it will not be included in the response

to the ‘or2info’ command execution.

Command Example

or2info


EPAM PUBLIC 18

Response Example

Figure 6 - or2info Response Example


EPAM PUBLIC 19

1.6 UPDATING THE MAESTRO CLI CLIENT

Invoke: or2-update-cli (or2update)

The command retrieves the newest version of Maestro CLI client available on the Internet.

1. Unlike most of CLI commands, this one requires no parameters to run.

2. Some older versions of Maestro CLI client do not support this command. If you encounter a problem

when running it, please download and update the client manually for once.

Command Example

or2update

Response Example

Figure 7 - or2update Response Example

https://orchestration.epam.com/site/develop/public_a=p=i_and_c=l=i/maestro-cli.zip


EPAM PUBLIC 20

1.7 DESCRIBE PROJECTS

Invoke: or2-describe-projects (or2dpro)

Describes all activated projects accessible by current user.

CLI Parameters





-p, --project Project abbreviation in UPSA. To describe several projects,

repeat the parameter: -p project1 –p project2 –p projectN No

-t, --type Region type [EPAM, AWS, AZURE, GOOGLE, Single region] No


Response Elements

Name Description

projectID Project abbreviation in UPSA

Zone Virtualization zone

zoneLocation Physical location of the region

Shapes Available shapes

projectState Current project state

activated Project activation date

deactivated Project deactivation date

defautOwner Email address of the user being the default owner of the project

If your project is not in the list returned by the command, it means, that it is not activated in Cloud. In

this case, before proceeding with other commands, please, address to your Project Manager to submit

a Service Request for activating your project in Cloud.

Command Example

or2dpro –t aws

Response Example

Figure 8 - or2dpro Response Example


EPAM PUBLIC 21

1.8 DESCRIBE REGIONS

Invoke: or2-describe-regions (or2dreg)

Describes available virtualization regions for provided project and user credentials.

CLI Parameters





-p, --project Project abbreviation in UPSA Yes

-t, --type Region type [EPAM, AWS, AZURE, GOOGLE] Yes

-i, --inactive Show inactive regions for the project No


Response Elements

Name Description

Name Virtualization region name

zoneLocation Physical location of the region

Access

EPAM Cloud access level of the user who called the command. There are four levels, each including a group of permitted actions:

• guest: READ, META, VM, STORAGE

• low: READ, META, VM, STORAGE, NEW_RESOURCES

• medium: READ, META, VM, STORAGE, NEW_RESOURCES, KILL_RESOURCES

• advanced: READ, META, VM, STORAGE, NEW_RESOURCES, KILL_RESOURCES, ADVANCED_MANAGEMENT

You can find the details on the actions, included to each group, on the User Permissions page.

virtType The region Virtualization type

orchType The type of orchestrator used

Status The current status of the region

monthSla The region availability statistics, based on the information gathered during the latest four weeks

Coefficient Region billing coefficient

quotaLimit The project quota limit in the region, if any

quotaPolicy Specifies whether quotas are applied to the project, or not

Command Example

This example describes available regions for the specified project.

or2dreg -p project –t aws

https://kb.epam.com/display/EPMCITFAQ/User+Permissions

https://kb.epam.com/display/EPMCITFAQ/User+Permissions


EPAM PUBLIC 22

Response Example

Figure 9 - or2dreg Response Example


EPAM PUBLIC 23

2 WORKING WITH INSTANCES

Instances are the main items of the infrastructure created by a user. To run an instance, you should

specify the following necessary instance parameters:

• The project to which the new instance will be assigned

• The region in which the new instance will be run

• The name of the image to be used to run the instance

• The shape of the image to be run

The image determines the basic configuration of the instance. This includes an Operation system, as

well as the set of default settings. The list of available images can be retrieved by or2-describe-images

command.

The instance shape specifies the capacity of the instance to be created. This includes vCPU number

and RAM memory size. Please, note that the selected shape influences the VM monthly cost.

2.1 DETERMINING AVAILABLE IMAGES

Invoke: or2-describe-images (or2dim)

Use this command to return information about images. If you specify one or more image IDs,

Orchestrator returns information for those images. If you do not specify image IDs, Orchestrator returns

information for all relevant images according to your access rights.

AWS-type regions: this command describes only ‘Project’ (‘Owned by me’) and ‘Enterprise’ images

CLI Parameters



-g, --group

Image group name. Available values: public,

enterprise, project. For several groups repeat the parameter.

Default behavior if not specified: show all groups

No

-i, --image

Image ID. For several images repeat the parameter

Default behavior if not specified: show all images

This parameter is case sensitive

No




-r, --region Virtualization region Yes


Response Elements

Name Description

Id Image ID

description Image description


EPAM PUBLIC 24

Group

Scope of availability for the image. Public typically stands for Linux-based images,

Enterprise – for Windows, and Project stands for custom images created by

project members and available within this project.

size_MB Image size in MB

State Current state of the image

Command Example

This example describes all images available to your user and project in the specified region.

or2dim -p project -r region

Response Example

Figure 10 - or2dim Response Example


EPAM PUBLIC 25

2.2 DETERMINING AVAILABLE SHAPES

Invoke: or2-describe-shapes (or2dshape)

The shape of the VM specifies its capacity, determined by the vCPU number and RAM memory size.

Run the command to find out available instance shapes for your project.

CLI Parameters








Response Elements

Name Description

name Shape name

cpu Shape CPU count

memory_MB Shape memory in MB

aws-type AWS shape indication (AWS-type regions only)

storage_GB Default storage size (only for OpenStack-based regions)

storage_gb The available system disk sizes (only for OpenStack-based regions)

The list of the shapes available in Cloud is given in Annex C – Instance Types and Their Shapes. Some

of these shapes may be not available for your project. To extend the list of the available shapes, please,

submit a corresponding Service Request to HelpDesk.

Command Example

This example describes available shapes for the specified project.

or2dshape -p project -r region

Response Example

Figure 11 - or2dshape Response Example (OpenStack-based region)

https://support.epam.com/


EPAM PUBLIC 26

2.3 RUNNING INSTANCES

Invoke: or2-run-instances (or2run)

Use this command to launch the specified number of instances with provided shape and image.

Instances will be created under Maestro project that is bound to the specified user credentials. Once an

instance is launched, a notification is sent to EPAM user’s e-mail and EPAM Cloud Consulting Team.

By default, each instance includes 100 GB Storage Volume for Windows Instances, 40 GB Storage

Volume for Linux Instances, and 60 GB Storage Volume for virtual MacOS. In a case when your needs

are above that (except MacOS), you can attach additional storage volumes.

The initial system disk is set up when you order a virtual instance. This is a part of the shape declaration,

which includes the combination of CPU and RAM, referenced by the shape name, and flavor:

SHAPE (CPU + RAM) . FLAVOR

RUN A VM = + IMAGE (OS + DISK)

The available flavors are 100 GB, 200 GB, 300GB, 500 GB. Once flavor is not specified, default system

storage size is used.

Although instance launching procedure is similar for all platforms EPAM Cloud works with, there are

some specifics on instance launch and login for each type of regions:

• EPAM regions:

o If you run Windows instances, use your domain credentials

([email protected]) to access them. This is also true for Linux instances.

o For Linux instances, use the SSH and/or your standard domain credentials

([email protected]).

o Both Windows and Linux instances accept credentials from all members of the specified

project (they are included in the ‘Administrators’ user group).

o Each machine image has a recommended shape. Users can now only run machine

images using recommended shapes (or larger ones).

• AWS regions:

o To connect to Windows instances running on Amazon, run the or2console command

specifying your instance ID, project and region. You will receive an email message

containing the encrypted password in an attached file. Save the attachment or its

content and run the or2dp command specifying the path to your private key and the

path to the file containing the encrypted password. The command will return the

password to use for logging in to your VM via the RDP connection.

o The connection to Linux instances on Amazon is performed only via SSH key

• Azure regions:

o When a VM (either Windows or Linux) creation is initiated, you, as the requesting user

(the instance owner), will get a letter containing credentials for access to this VM

remotely. These credentials are generated only once and will not be available for

reference anywhere except this letter. Please save them properly for further usage.

o Each virtual instance in Azure is created within a specific resource group, with the name,

matching the ID of the VM. The resource group includes the VM, system disk, network

interface.



EPAM PUBLIC 27

If you terminate an instance in Azure, and the name of the instance is the same as the

name of the resource group it is placed within, the whole resource group will be

terminated. The operation will also affect any attached additional volumes.

o Each virtual instance and volume, created in Azure via EPAM Orchestrator, are based

on Azure Managed Disks for better performance and usability.

• Google regions:

o For Linux instances, an SSH key is mandatory for VM launch and login. The usernames

depend on the VM image:

Image Username

CentOS7_64-bit centos

Debian9_64-bit debian

Ubuntu16.04_64-bit Ubuntu

o For Windows instances, SSH keys are not supported for VM launch. However, to login

to a Windows VM, use the or2console command specifying an SSH key. The key must

always be of 2048 size. You will receive an email message containing the encrypted

password in an attached file. Save the attachment or its content and run the or2dp

command specifying the path to your private key and the path to the file containing the

encrypted password. The command will return the password to use for logging in to

your VM via the RDP connection.

• EPAM-MAC region:

o Hardware Mac: use your MacOS IP address or DNS name in the VNC client. For

Authentication, use the uppercase abbreviation of your project in UPSA, then log in with

the user/user credentials.

We strongly recommend changing your credentials after the first login!

o Virtual Mac: connect to your VM via the VNC client using your project abbreviation in

UPSA as the password and log in with your domain credentials (without @epam.com).

Please note that the domain credentials are case sensitive.

We strongly recommend changing the default credentials after the first login and

enabling access via the VNC standalone client!

CLI Parameters


-g,

--ansible-group

Add instance to an existing Ansible group. For several

groups repeat the parameter:

-g groupName1 -g groupName2 -g groupNameN

No

-c, --count * Instances count. Maximum allowed value: 5. Default value if

not specified: 1 No

-d, --description Description property alias. Can be used to assign custom

instance descriptions displayed by the "or2din" command No

-e, --expiration **

A time point the instance will be stopped at. Use the ISO

8601 date format: ‘yyyy-MM-ddTHH:mm’ or shift in hours

‘hH’.

No


-i, --image Machine Image No

-a, --ip-address IP address. Applicable only for OpenStack zones No

-k, --key-name Name of an existing keypair to associate with this instance.

This option is mandatory for running Linux instances in AWS. No


EPAM PUBLIC 28

CLI Parameters

-u,

--launch-template

Launch template name. Applicable only for EPAM

OpenStack and AWS regions. No

--luminate Register instance on Luminate. No

--max-price Max price for the spot instance ($ per hour). Applicable only

for AWS zones. No

-n, --network

UUID of the network in which the instance(s) will be

launched. If not specified, the default network will be used.

Repeat the parameter to specify several networks (e.g. -n

networkUUID1 -n networkUUID2)

No

-P,

--plain-output Use plain output instead of default table output No




-t,

--script-name

Script to launch. To specify script parameters with their

values, use the following syntax:

-t "<scriptName>:value1#value2"

No

-S, --security-group

Name of the security groups in which the instance(s) will be

launched. If not specified, the default security group will be

used. Repeat the parameter to specify several security

groups (e.g. -S sg1 -S sg2)

No

-s, --shape***

Instance type in format <shapeName>.<flavor>.

(for example: MEDIUM.300) No

--spot

Request spot instance. Applicable only for AWS zones.

Default: false No


* Maximum count can be limited on Orchestrator side (Use system property "virt.max.instances.count", default value is 5) ** 1. To reset the expiration timer a user should restart the VM (or stop and start it again); 2. A VM can be launched with a new expiration parameter, if required. 3. If a user sends a command to reboot/shutdown a VM as a system user (via SSH or RDP) this timer will not be reset. ***In OpenStack regions, you can specify instance flavor – the size of the system disk (100, 200, 300, 500 GB), in case this facility is activated for the project by the previous request.

If you want to enable custom script to be executed on the instance after creation, please check that the

script titles are in a correct format. For Linux scripts, it is necessary to have a header that includes one

of the following: "bash", "bin/sh", "perl", Windows script files should have a ".ps1", ".cmd" or ".bat"

extension.

You can run instances under the personal projects. Such instances can be convenient for testing,

training, and estimations, and are free of charge. However, they have a number of limitations. The

details on personal project usage, their quotas and limitations are given in the Quick Start

Guide (Chapter 7: Personal Quotas and Projects).

https://cloud.epam.com/site/learn/quick_start/ciug_2_cli_quick_start.pdf

https://cloud.epam.com/site/learn/quick_start/ciug_2_cli_quick_start.pdf


EPAM PUBLIC 29

Response Elements

Name Description

instanceID Service provider specific instance ID

dnsName Instance DNS name

privateIP Private IP assigned to the instance

state instance state

guestOS Operating System running on the instance

owner Owner of the instance

image Template used to launch the instance (optional)

shape Hardware shape of the instance

In case you are running several instances at once and CLI returns an error (for example, you have reached

the project quota), it is possible, that some of the requested resources were still launched and you are set

as the owner of these resources. Please, use the or2din command to check it.

Command Example

This example runs one instance with specified image and shape. This instance will be tagged with

maestro:project-id according to the user’s credentials.

or2run -p project -i image -s medium -r region

If your instance encounters a problem during launch and remains in the ‘starting’ state for 5 hours, it is

terminated automatically.

Response Example

Figure 12 - or2run Response Example


2.4 STOP (PAUSE) INSTANCES

Invoke: or2-stop-instances (or2stop)

Use this command to stop the specified instances. You can only stop permitted instances, in accordance

with your project abbreviation in UPSA:

If you stop an instance, its expiration timer will be reset.

CLI Parameters


-c, --force Force to stop instances. Default: false No


-i, --instance Instance ID For several instances repeat the parameter: -

i ID1 -i ID2 -i IDN. Yes



-p, --project Project abbreviation in UPSA No*

-r, --region Virtualization region No*

--irg,

--instanceResourceGroup

Indicates the necessary resource group for work with

Azure No


*The ‘project’ and ‘region’ parameters are mandatory when several instance IDs are sent in the

command. When only one instance ID is sent, the ‘project’ and ‘region’ parameters may be omitted.

Response Elements

Name Description


dnsName DNS name assigned to the instance


state Instance state

requested Instance request timestamp

Command Example

This example shows the common case of stopping an instance.

or2stop -i instance_id -p project -r region

Response Example

Figure 13 - or2stop Example Response


2.5 START (RESUME) INSTANCES

Invoke: or2-start-instances (or2start)

Starts stopped instances. You can only start permitted instances, in accordance with your project

abbreviation in UPSA

CLI Parameters


-e, --expiration*

A time point the instance will be stopped at. Use the ISO

8601 date format: ‘yyyy-MM-ddTHH:mm’ or shift in hours

‘hH’.

This option is not available for AWS-type regions.

No








--irg,



Azure No


1. To reset the expiration timer a user should restart the VM (or stop and start it again). 2. A VM can be launched with a new expiration parameter, if required. 3. If a user sends a command to reboot/shutdown a VM as a system user (via SSH or RDP) this timer will not be reset.

*The ‘project’ and ‘region’ parameters are mandatory when several instance IDs are sent in the command. When only one instance ID is sent, the ‘project’ and ‘region’ parameters may be omitted

Response Elements

Name Description



Command Example

This example starts one instance with specified instance ID.

or2start -i instance_id -p project -r region

Response Example

Figure 14 - or2start Response Example


2.6 REBOOT INSTANCES

Invoke: or2-reboot-instances (or2reboot)

The command reboots specified instances. You can only reboot permitted instances, in accordance with

your project abbreviation in UPSA

1. If you reboot an instance, its expiration timer will be reset (this does not concern AWS-type regions).

2. or2reboot command is not supported in Google regions.

CLI Parameters


-c, --force Force to reset instances. Default: false No


-i, --instance Instance ID For several instances repeat the parameter:

-i ID1 -i ID2 -i IDN. Yes



-p,--project Project abbreviation in UPSA No*


--irg,



Azure No


*The ‘project’ and ‘region’ parameters are mandatory when several instance IDs are sent in the

command. When only one instance ID is sent, the ‘project’ and ‘region’ parameters may be omitted

Response Elements

Name Description

instanceID Service provider specific instance ID of the rebooted instance


privateIp Private IP assigned to the instance

state State of the instance (PoweredOn/PoweredOff/Rebooting)


Command Example

This example reboots one instance with specified instance ID.

or2reboot -i instance_id -p project -r region

Response Example

Figure 15 - or2reboot Response Example


2.7 REBUILD INSTANCE

Invoke: or2-rebuild-instance (or2ri)

Rebuilds an instance with new image in OpenStack regions. It is possible to rebuild an instance not only

from public and enterprise machine images but from project ones too.

Using this command has several limitations that include:

• rebuild is only possible for stopped (recommended) and running instances,

• machine images must be of the same OS type,

• volume size of the instance should not exceed 100 GB,

• the instance should not be under rebuilt process,

• the instance should not be under moving to another project.

• for Windows-based instances the rebuild can be performed only on images with the type

“project”, which were created from the instances prepared beforehand. You can find the

details about Windows instance image preparation in the respective section of this guide.

Admin CLI Parameters


-h, --help Display command help No

-p, --project Project ID Yes

-r, --region Virtualization Region Yes

-i, --instance Instance ID or Instance Name. Yes

-m, --imageId Image ID or Image Name. Yes

Command example:

or2rebuild-instance -i <instance ID> -m <image ID> -p <project>

-r <region>

Response example:

2.8 TERMINATE INSTANCES

Invoke: or2-terminate-instances (or2kill)

Use his command to terminate the specified instances. You can only terminate permitted instances, in

accordance with your project abbreviation in UPSA.

If you terminate an instance in Azure, and the name of the instance is the same as the name of the

resource group it is placed within (the default case for VMs created by EPAM Orchestrator), the whole

resource group will be terminated. The operation will also affect any attached additional volumes.

In AWS additional volumes are removed together with the related instance by default. EPAM

Orchestrator automatically sets this option to prevent additional costs resulting from volumes remaining

in the system after the corresponding instance termination. If your project needs require that additional


volumes remain available, detach them before terminating the instance with or2-detach-volume

(or2detvol) command and specify project, region and volume ID.

CLI Parameters









-y Automatic confirmation No

--permanently Terminates the instance permanently without an attempt

to place it in the Recycle Bin No

--irg,



Azure. No


Response Elements

Name Description






Command Example

This example shows the common case of terminating an instance with specified ID.

or2kill -i instance_id -p project -r region

Response Example

Figure 16 - or2kill Response Example

2.9 LOCK INSTANCE TERMINATION

Invoke: or2-lock-instance-termination (or2lock)

Use his command to prohibit termination of a specific instance. When called second time for the same

instance, the command will release the lock.


The command is available in private regions and in AWS.

CLI Parameters



-i, --instance The ID of the instance to be locked from termination Yes






Command Example

This example shows the common case of instance termination prohibition:

or2lock -i instance_id -p project -r region

Response Example

Figure 17 - or2lock Response Example

If the or2lock command specifies an AWS region and an AWS instance, the VM will be locked for

termination not only by the Orchestrator tools, but also by the native AWS tools.

or2lock –p project –r AWS-REGION –i instance_ID

The same command used on a locked instance will allow its termination again.

Figure 18 - or2lock command repeated to allow instance termination


2.10 DESCRIBE EXISTING INSTANCES

Invoke: or2-describe-instances (or2din)

Use this command to return information about instances that you own. If you specify one or more

instance IDs, Orchestrator returns information for those instances. If you do not specify instance IDs,

Orchestrator returns information for all relevant instances according to your access rights.

User will see only permitted instances. Permission rights are bound to the provided credentials. Usually,

remote resources are filtered by the -p (--project) parameter. This parameter will be resolved on the

Orchestrator side from the provided user credentials.

CLI Parameters


-a, --audit

Switches the output to Audit mode. The list of the VMs will be

accompanied by the following information: Instance ID and DNS

name, shape, state, description, requested date and time, the

owner, the date and time of the last event on the VM, the name of

the person who performed the latest change.

No

-d, --inSchedule Show only VMs present in the specified schedule No

-e, --

propertyExistence Show only instances with the specified key No

-c, --force Force to get instance information. Default: false No

--full Show full command output instead of default basic one. Full output

includes AWS availability zone No


-i, --instance Instance ID. For several instances repeat the parameter. No

-l, --property Show only instances with the provided ‘key=value’ properties. For

several properties repeat the parameter. No

-o, --onlyIds Show only instance IDs, one per line No



-p, --project Project abbreviation in UPSA No

-r, --region Virtualization region. Use several times to find information on

instances in several regions No

-S, --service Service name. To describe instances for all

services, type 'any'. No

-s, --

instanceState

Show only VMs with the provided state. For several states repeat

the parameter. No

-u, --output Show only the field specified as csv. No

-v, --vlan Show only instances within the specified VLAN No

-w, --owner Email or 'Name Surname' of instance owner for report generation. No

-x, --regexp

Show only instances with the provided ‘key=value’ properties. For

several properties repeat the parameter.

Values are treated like regular expressions.

No


Response Elements

Name Description


instanceName Instance name



state State of the instance

guestOS Instance OS*.

owner Owner of the instance

Image Template used to launch the instance (optional)

shape Hardware shape of the instance

description Custom instance description (See Set Instance Properties)

*This functionality is limited on AWS due API restrictions. You can only see, whether your instances

running in this region have Windows as guest OS or not.

Command Example

This example describes the current state of the instances mapped to your user ID.

or2din -p project -r region

Response Example

Figure 19 - or2din General Response Example

Command Example

This example describes only stopped instances of the specified owner:

or2din -p project -r region -i instance_id -s stopped -w

[email protected]

Response Example

Figure 20 - or2din Response Example with Filters


2.11 CHANGING INSTANCE SHAPE

Invoke: or2-change-shape (or2chshape)

Changes the instance shape to a larger or smaller one. The target VM should be stopped before you

initiate shape change.

CLI Parameters




-i, --instance The ID of the instance to change Yes





-s, --shape New shape Yes

This command is not available in Google Cloud regions.

Command Example

or2chshape -r region -p project -i instance_id -s MEDIUM

Response Example

Figure 21 - or2chshape Response Example

Command Example

This example expands the system disk of the existing instance

or2chshape -p demopro -r epam-by2 -i ecsc12312312 -s medium.500

Response Example

Figure 22 - or2chshape Shape Expand Response Example


2.12 CHANGING INSTANCE OWNER

Invoke: or2-change-owner (or2chow)

Changes the owner of an instance or file resource.

CLI Parameters


-e, --email New owner’s email, case-insensitive Yes



-f, --file-type File type for file resources [script, eo-template, cf-

template, zabbix-template, blueprint] No

-n, --resource-name Resource name [Instance ID (case-sensitive) or

Instance Name (case-insensitive), file name] Yes




-t, --resource-type Type of resource [instance, file]. Default: INSTANCE No

Response Elements

Name Description

instanceId Instance ID

name Instance name

zone Virtualization region

owner New owner of the instance


Command Example

or2chow -p project –n instance_name -e [email protected]

Response Example

Figure 23 - or2chow Response Example


2.13 VIEW POOL STATE

Invoke: or2-view-pool-state (or2vps)

To estimate the time needed for running a new instance, you can use the or2vps command. Creating

an instance from an image available in the pool will take less time than from the other images.

The or2-view-pool-state command shows current state of instance pool for the specified region.

CLI Parameters







Response Elements

Name Description

imageName Machine image name

quantity Number of instances available in the pool

Command Example

or2vps -r region

Response Example

Figure 24 - or2vps Response Example


2.14 DESCRIBE VLANS

Invoke: or2-describe-vlans (or2dvlans)

Describes Virtual Local Area Networks (VLAN) available for specified availability region and project

CLI Parameters








Response Elements

Name Description

name VLAN name

description VLAN description

Command Example

This example describes existing VLANs for the specified project and region:

or2dvlans -p project -r region

Response Example

Figure 25 - or2dvlans Response Example


2.15 MOVE INSTANCE TO VLAN

Invoke: or2-move-instance-to-vlan (or2mivlan)

Moves an instance to another VLAN activated for the current project and availability region. The CSA и

OpenStack regions are supported.

In order to move between VLANs instances must be in the ‘stopped’ state.

CLI Parameters



-i, --instance Instance ID Yes





-v, --vlan Target VLAN ID Yes

--help Display command help

Response Elements

Name Description

result States whether the command has been run successfully

Command Example

This command reads the specified template and stores it to the specified local file:

or2mivlan -p project -r region -i instance_ID -v vlan_id

Response Example

Figure 26 - or2mivlan Response Example


2.16 DESCRIBE SUBNETS

Invoke: or2-describe-subnets (or2dsn)

Describes subnets available for the specified project in the given region.

CLI Parameters







-s, --subnet-id Filter subnets. Repeat parameters to specify multiple subnets No


Response Elements

Name Description

subnetId The ID of the subnet available for the project

networkId The ID of the network to which the subnet belongs

cidr Subnet IP range

name The name of the subnet (the default internal EPAM network is named Server

Network

gatewayIp The default gateway in the subnet

dmz Specifies whether the parent network is placed in DMZ

Command Example

This example describes existing VLANs for the specified project and region:

or2dsn -p project -r region

Response Example

Figure 27 - or2dsn command response


2.17 CUSTOM INSTANCE PROPERTIES ( LAUNCH TEMPLATE)

Invoke: or2-launch-template (or2lt)

Allows managing launch templates, json files containing information on certain configuration of VMs

available for the existing infrastructure.

• The command can be executed only by members of Advanced Management Group and admins

• Available in AWS and Private OpenStack regions

CLI Parameters


-a, --action

Manage Launch Template action. Allowed values:

[describe, upload_template, upload_version, delete,

modify]

No

-f, --file Path to the Launch Template JSON file No

--full Show full command output No



-n, --name Launch Template name. No

-P, --plain-output Use plain output view No



-s, --source-version The version number of the Launch Template version on

which to base the new version Yes

-v, --version Launch Template version No

-d,

--version-description Launch Template version description No

Command Example

or2lt -a upload_template -p project -r region -n template_name

-f path_to_file -d version_description

Response Example

Figure 28 - or2lt Response Example

To run VM with a Launch Template use or2run Maestro CLI command and --launch-template (-u)

parameter.


Syntax and template creation

All templates you upload for private regions, are stored on the Orchestrator side.

The templates should be saved in json format, and the syntax is quite close to that for AWS Launch

templates. In the current implementation, the following parameters can be specified in a launch template

for OpenStack regions:

• Image

• Instance shape

• Attached volumes

• Instance and volumes tags

• SSH Key

Below, you can find an example of how this can be done:

{ "blockDeviceMappings" : [ { --specifying additional

storage volumes

"diskInfo" : {

"volumeSize" : 20}

},{

"diskInfo" : {

"volumeSize" : 30}

}

],

"imageId" : "Ubuntu16.04_64-bit", --specifying image name

"instanceType" : "small.ssd.40", --specifying shape

"keyName" : "test_automation_key", --specifying key

"tagSpecifications" : [ { --setting tags

"resourceType" : "instance", --tags for instance

"tags" : [ {

"key" : "test",

"value" : "test" } ]

}, {

"resourceType" : "volume", --tags for volumes

"tags" : [ {

"key" : "test",

"value" : "test" } ]

} ]

}


2.18 DESCRIBE WORKSPACES

Invoke: or2-describe-workspaces (or2dw)

Describes a workspace in a project.

CLI Parameters 

Parameter name  Description  Required 

-h, --help  Display command help  No 

-p, --project    Project ID  Yes  

-i , --workspace_id Workspace ID. For several workspaces repeat the parameter: -i workspaceId1 -i workspaceId2 -i workspaceIdN

No



-p, --plain-output Use plain output view No

Command example:

or2-describe-workspaces -p project

3 SCHEDULING INSTANCE ACTIVITIES

EPAM Orchestrator allows scheduling instances manipulation so that their state is automatically

changed when neded, allowing to optimize the infrastructure load and costs.

The schedules are set up with cron expressions that are to be specified in the or2-create-schedule CLI

command according to the specific rules.

Maestro CLI allows you to create a schedule, retrieve its info and delete. All these action are performed

with different CLI commands described below in this section.

When working with cron and setting time values, GMT+0 time is used.

Schedules cannot be used for hardware MacMini instacnes and resources in Enterprise and Hardware

regions.

3.1 CREATE SCHEDULE

Invoke: or2-create-schedule (or2addsch)

Creates a new schedule to start or stop existing instances using cron expressions.

CLI Parameters


-a, --action An action to be performed by the schedule. ID of the

checkpoint to be deleted. Valid values: start, stop. Yes

--all Set schedule for all instances in a region. Default: false No

-c, --cronExpression Time point as cron expression Yes

-d, --description Schedule description No


-i, --instance ID of an instance affected by the schedule No

-n, --name Schedule name Yes






-t, --tag Set schedule for instances with tag. Tag format:

'prefix:key=value'. Default prefix is 'user', default key is 'tag' No


Response Elements

Name Description

name Schedule name

project UPSA abbreviation of the project the schedule is assigned to

region Virtualization region the schedule is active for

cron Time point as cron expression

action Action performed by the schedule

Command Example

The example below schedules the specified instance to start on January 1, 2014 at 0:00 am:

or2addsch -a start -c “0 0 0 1 1 ? 2014” -i instance_id -n sample_schedule

-p project -r region

Response Example

Figure 29 - or2addsch Response Example


3.2 DESCRIBE SCHEDULES

Invoke: or2-describe-schedules (or2dsch)

Describes previously created and available schedules.

In order to see the list of instances affected by a schedule, provide the --full parameter

CLI Parameters





-n, --name Schedule name. For several schedules, repeat the parameter:

-n sch1 -n sch2 -n schN No




Response Elements

Name Description

name Schedule name

project UPSA abbreviation of the project the schedule is assigned to

region Virtualization region the schedule is active for

cron Time point as cron expression

action Action performed by the schedule

creationTime Date and time of schedule creation

lastExecuteTIme Date and time of last schedule execution

owner Instance owner

type Schedule type (INSTANCE, REGION or TAG)

Command Example

This example describes available schedules for the specified project.

or2dsch -p project -r region

Response Example

Figure 30 - or2dsch Response Example


3.3 ADD INSTANCE TO SCHEDULE

Invoke: or2-schedule-add-instances (or2schaddi)

Adds an instance to the existing schedule.

CLI Parameters







-i, --instance Instance ID. For several instances, repeat the parameter Yes



Instances cannot be added to schedules created for the entire region (with the --all option) or for

instances with tags (with the -t/--tag) option.

Command Example

This command example adds the specified instance to the schedule.

or2schaddi -p project -r region -i instance_id -n schedule_name

Response Example

Figure 31 - or2schaddi Response Example


3.4 REMOVE INSTANCE FROM SCHEDULE

Invoke: or2-schedule-remove-instances (or2schremi)

Removes an instance from the existing schedule

CLI Parameters







-i, --instance Instance ID. For several instances, repeat the parameter Yes



Instances cannot be removed from schedules created for the entire region (with the --all option) or for

instances with tags (with the -t/--tag) option.

Command Example

This command example removes the specified instance from the schedule.

or2schremi -p project -r region -i instance_id -n schedule_name

Response Example

Figure 32 - or2schremi Response Example


3.5 DELETE SCHEDULE

Invoke: or2-delete-schedule (or2delsch)

Deletes a previously created schedule.

CLI Parameters



-n, --name Name of the schedule to be deleted Yes






Response Elements

Name Description

name Schedule name

status Current status of the schedule

Command Example

This command example deletes the specified schedule.

or2delsch -n sample_schedule -p project -r region

Response Example

Figure 33 - or2delsch Response Example


3.6 CRON REFERENCE

EPAM Cloud Orchestrator uses generic cron rules to specify time points for operation scheduling.

Below is an extract of cron rules, taken from the quartz-scheduler.org. For additional information, please

see the source page.

Cron expressions are comprised of 6 required fields and one optional field separated by white space.

The fields respectively are described as follows:

Field Name Allowed Values Allowed Special Characters

Seconds 0-59 , - * /

Minutes 0-59 , - * /

Hours 0-23 , - * /

Day-of-month 1-31 , - * ? / L W

Month 1-12 or JAN-DEC , - * /

Day-of-Week 1-7 or SUN-SAT , - * ? / L #

Year (Optional) empty, 1970-2199 , - * /

The '*' character is used to specify all values. For example, "*" in the minute field means "every minute".

The '?' character is allowed for the day-of-month and day-of-week fields. It is used to specify 'no specific

value'. This is useful when you need to specify something in one of the two fields, but not the other.

The '-' character is used to specify ranges. For example, "10-12" in the hour field means "the hours

10, 11 and 12".

The ',' character is used to specify additional values. For example, "MON,WED,FRI" in the day-of-week

field means "the days Monday, Wednesday, and Friday".

The '/' character is used to specify increments. For example, "0/15" in the seconds field means "the

seconds 0, 15, 30, and 45". And "5/15" in the seconds field means "the seconds 5, 20, 35, and 50".

Specifying '*' before the '/' is equivalent to specifying 0 is the value to start with. Essentially, for each

field in the expression, there is a set of numbers that can be turned on or off. For seconds and minutes,

the numbers range from 0 to 59. For hours 0 to 23, for days of the month 0 to 31, and for months 1 to

12. The "/" character simply helps you turn on every "nth" value in the given set. Thus "7/6" in the month

field only turns on month "7", it does NOT mean every 6th month, please note that subtlety.

The 'L' character is allowed for the day-of-month and day-of-week fields. This character is short-hand

for "last", but it has different meaning in each of the two fields. For example, the value "L" in the day-

of-month field means "the last day of the month" - day 31 for January, day 28 for February on non-

leap years. If used in the day-of-week field by itself, it simply means "7" or "SAT". But if used in

the day-of-week field after another value, it means "the last xxx day of the month" - for

example "6L" means "the last Friday of the month". You can also specify an offset from the last day

of the month, such as "L-3" which would mean the third-to-last day of the calendar month. When

using the 'L' option, it is important not to specify lists, or ranges of values, as you'll get

confusing/unexpected results.

The 'W' character is allowed for the day-of-month field. This character is used to specify

the weekday (Monday-Friday) nearest the given day. As an example, if you were to specify "15W" as

the value for the day-of-month field, the meaning is: "the nearest weekday to the 15th of the month".

So if the 15th is a Saturday, the trigger will fire on Friday the 14th. If the 15th is a Sunday, the trigger

https://quartz-scheduler.org/


will fire on Monday the 16th. If the 15th is a Tuesday, then it will fire on Tuesday the 15th. However, if

you specify "1W" as the value for day-of-month, and the 1st is a Saturday, the trigger will fire on Monday

the 3rd, as it will not 'jump' over the boundary of a month's days. The 'W' character can only be specified

when the day-of-month is a single day, not a range or list of days.

The 'L' and 'W' characters can also be combined for the day-of-month expression to yield 'LW', which

translates to "last weekday of the month".

The '#' character is allowed for the day-of-week field. This character is used to specify "the nth" XXX

day of the month. For example, the value of "6#3" in the day-of-week field means the third Friday of

the month (day 6 = Friday and "#3" = the 3rd one in the month). Other examples: "2#1" = the first

Monday of the month and "4#5" = the fifth Wednesday of the month. Note that if you specify "#5"

and there is not 5 of the given day-of-week in the month, then no firing will occur that month. If the '#'

character is used, there can only be one expression in the day-of-week field ("3#1,6#3" is not valid,

since there are two expressions).

The legal characters and the names of months and days of the week are not case sensitive.

NOTES:

Support for specifying both a day-of-week and a day-of-month value is not complete (you'll need to use

the '?' character in one of these fields).

Overflowing ranges is supported - that is, having a larger number on the left hand side than the right.

You might do 22-2 to catch 10 o'clock at night until 2 o'clock in the morning, or you might have NOV-

FEB. It is very important to note that overuse of overflowing ranges creates ranges that don't make

sense and no effort has been made to determine which interpretation CronExpression chooses. An

example would be "0 0 14-6? * FRI-MON".


4 INSTANCE PROPERTIES

The commands in this section are used to create and manipulate user-defined metadata, known as

properties.

4.1 SET INSTANCE PROPERTIES

Invoke: or2-set-instance-properties (or2setp)

Assigns user-defined metadata to instances.

If you would like to use default auto-configuration provided by Orchestrator for instances in AWS-type

regions, launched from Amazon EC2 console, please assign the following property to each of them:

op_orch_ip=https://config.orchestration.epam.com/orchestration

CLI Parameters


-a, --append Append the specified properties in case target instance already

has corresponding keys. Default: false No

-c, --chefattribute

Chef attribute property alias. Use “=” as a delimiter for

name=value format. For several chef attributes repeat the

parameter

No

-h, --chefrole

Chef role property alias. For several chef roles

repeat the parameter: --chefrole value1 --chefrole value2

--chefrole valueN.

No

-d, --description

Description property alias. Multiple values are not supported.

Can be used to assign custom instance descriptions to be

viewed using the "or2din" command (See Describe Instances)

No


-i, --instance Instance ID For several instances repeat the parameter: -i ID1

-i ID2 -i IDN. Yes




-t, --property

Property name=value pair. Use "=" as delimiter. For several

properties repeat the parameter: --property name1=value1 --

property name2=value2 --property nameN=valueN*

No


-s, --secure Marks the property as secure, so that its value will be hidden

when properties are described No

-v, --volume Volume ID. For several volumes repeat the parameter:

-v Vol1 -v Vol2 -v VolN No


When running the command, you should specify either the --property or --chefattribute and --chefrole

combination.


Response Elements

Name Description

status Property status

name Property name

value Property value

resource ID of the resource for which the property is set

resourceType Type of the resource for which the property is set

1. The following symbols are NOT accepted when used in key or value for this command: < > ( ) + &

^ * \ | "

2. If you use this command for a Windows instance, please, encase the ‘-t’ parameter in quotes i.e.

"key=value"

Command Example

This example sets several properties to an instance.

or2setp -p project -r region -i instance_id -t property1=1 -t property2=2

Response Example

The command returns a list of newly set instance properties.

Figure 34 - or2setp Response Example

Alias Usage

A command with chef alias can look as follows:

or2setp -i EVBYMINSD121CT3 -h java -c "version=1.7"


4.2 DESCRIBE INSTANCE PROPERTIES

Invoke: or2-describe-instance-properties (or2getp)

Retrieves user-defined metadata from instances.

CLI Parameters




-i ID2 -i IDN. Yes

-n, --name

Property name. For several properties repeat the parameter: -

n property-name1 -n property-name2 -n property-nameN. If not

specified, returns a list of all properties assigned.

Default: []

No





-v, --volume Volume ID. For several volumes repeat the parameter:

-v Vol1 -v Vol2 -v VolN No


Response Elements

Name Description

name Property name

value Property value

resource ID of the resource for which the property is set

resourceType Type of the resource for which the property is set

Command Example

This example requests the properties of the specified instance:

or2getp -p project -r region -i instance_id

Response Example

The command returns a list of properties assigned to an instance:

Figure 35 - or2getp Response Example


4.3 DELETE INSTANCE PROPERTIES

Invoke: or2-delete-instance-properties (or2delp)

Use this command to delete user-defined metadata from instances.

CLI Parameters


-a, --all Specify this parameter to delete all properties assigned to a

specified instance. Default: false. No



-i ID2 -i IDN. Yes

-n, --name

Property name. For several properties repeat the parameter: -

n property-name1 -n property-name2 -n property-nameN

Default: []

No





-v, --volume Volume ID. For several volumes, repeat the parameter: -v

volume ID1 -v volumeID2 -v volume IDN No


Command Example

This example deletes specific properties, assigned to an instance:

or2delp -p project -r region -i instance_id -n property_1 -n property_2 -n

property_3 -n property_4

Response Example

Figure 36 - or2delp Response Examples


5 CREATING IMAGES

EPAM Orchestrator allows to create images from the existing instances. This allows to save the

existing settings and data and to create the necessary number of copies.

5.1 CREATE AN IMAGE

Invoke: or2-create-image (or2cim)

Use this command to create an image based on the instance and its storages. The image can be used

later to run new identical instances.

1. The created image will only be available for a single project (the one you use to create it).

2. Make sure to stop the instance and perform all preliminary requirements for image creation

before creating its image. (See 5.3. Preparing Instances for Image Creation).

3. Image name length should be in range 3-63 and can only contain digits ('0-9'), letters ('a-z', 'A-

Z'), dashes ('-'), underscores ('_'), round parentheses (‘()’), square parentheses (‘[]’) and the at sign

(‘@’).

4. Image description should be in range 5-100 inclusive. A semicolon is not allowed.

5. In OpenStack regions, an image can be created only from instances that do not have additional

volumes.

6. In Google regions, you can use for image name lowercase letters ('a-z'), digits ('0-9') if not on the

first place and hyphens if not on first or last place.

7. All instances launched using the custom images will not be included in epam.com domain and

will be assigned a standard DNS name. You will only be able to login to these instances using their

IP addresses. To have your VM included in the epam.com domain, make a request to the

support.epam.com in the category EPAM Cloud -> Unspecified Request.

CLI Parameters


-d, --description Image description Yes



-n, --name Image name Yes*






* While still required for AWS-type regions, this parameter will be shown in EC2 Management Console as ‘Source’, while the ‘Name’ field will remain empty.

Response Elements

Name Description

id Image id


group Image availability scope

state Current state of the image

https://support.epam.com/esp/ess.do


Command Example

or2cim -r region -p project -i instance_id -n image_name –d description

Response Example

Figure 37 - or2cim Response Example

When the image is ready, it will be available in the list of machine images returned by the ‘or2dim’

command. The detailed description of the ‘or2dim’ command can be found in the respective section of

the Guide.


5.2 DELETE IMAGE

Invoke: or2-delete-image (or2delim)

Use this command to delete custom machine images.

In AWS-type regions this command is only available for ‘Project’ images.

CLI Parameters



-i, --image ID of the image to be deleted. Yes





-y Provide this parameter for automatic command confirmation No


Response Elements

Name Description

id Image id


group Image availability scope

state Current state of the image

Command Example

or2delim -i image_id -p project -r region -y

Response Example

Figure 38 - or2delim Response Example


5.3 PREPARING INSTANCES FOR IMAGE CREATION

The instruction below is actual for the instances in private regions and is not applicable for work in AWS

and Google Cloud regions.

Please see the information about virtual machines preparation in Microsoft Azure regions in the

respective sections describing workflows for Windows and Linux instances.

You can also import a custom image to your project from outside EPAM Cloud. For more instructions,

please see Importing External Custom Images to EPAM Cloud in this guide.

Virtual machines created from custom images by default are not added to the EPAM domain. Thus,

login to such a virtual machine is performed not via the domain credentials, but with the username and

password created during custom image preparation.

5.3.1 Windows OS Family

Remove static IP settings (if applicable), configure DHCP respectively.

Figure 39 - TCP/IP Configuration (Windows)

Create a user account and assign administrator privileges to it:

1. Click Start -> Control Panel

2. Click User Accounts

3. In a window that opens click Manage User Accounts

4. Move to the Advanced tab in the User Accounts window and click Advanced

5. Choose the Users group in the left part of the window that opens, then right-click on the right

part of the window and choose New user

https://cloud.epam.com/site/competency_center/e=p=c_services/csug_03_services.pdf


6. Provide the data requested in the New user window and click Create to complete creation

Figure 40 - Creating Local Windows User

7. Return to the User Accounts window and click Manage User Accounts

8. Select the newly created username in the User Accounts window and click Properties


9. Move to the Group Membership tab within the Properties window, choose the Administrator

option and click Apply.

Figure 41 - Assigning Administrator Privileges to a Windows User

Make sure you remember these credentials. You will only be able to login to all instances, launched on

the created template using them.


10. Open Control Panel -> System and Security -> System. Click Change Settings.

11. In the System Properties window, click Change for the To rename the computer or change

its domain or workgroup option.

12. Exclude guest OS from domain:

Figure 42 - Excluding Guest OS from Domain (Windows)

13. Rename guest OS by replacing digits at the end of its name with xxxx characters:

Figure 43 - Renaming Guest OS (Windows)

At this point, the system may prompt for reboot. Do not reboot the VM, continue with Step 15 instead.

14. Run the following command in Windows console

ipconfig /release && shutdown -s -t 0

5.3.1.1 Preparing VMs in Microsoft Azure Regions

For virtual machines running in Microsoft Azure regions, use the Windows console to change the

directory to %windir%\system32\sysprep, then run sysprep.exe.

Make the following settings in the System Preparation Tool dialog window:

1. In the System Cleanup Action field, select the Enter System Out-of-Box Experience

(OOBE) option and check the Generalize checkbox.

2. In the Shutdown Options field, select Shutdown.


Figure 44 - Rebooting a VM in Azure region

This procedure reboots and stops the VM. After the command execution, the VM is ready for image

creation.

5.3.2 Linux OS Family

1. Remove static IP and any hardware-related settings (e.g. MAC address), if applicable. Set up

DHCP by editing configuration file.

For example:

RHEL-family - /etc/sysconfig/network-scripts/ifcfg-eth0

Debian-family - /etc/network/interfaces

2. Create a local user account:

RHEL-family:

# useradd username

# passwd username

Debian-family:

# adduser username

Adding user `username' ...

Adding new group `groupname' (1003) ...

Adding new user `username' (1004) with group `groupname' ...

Creating home directory `/home/username' ...

Copying files from `/etc/skel' ...

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

Changing the user information for username


Enter the new value, or press ENTER for the default

Full Name []: <Full Name>

Room Number []: <room number>

Work Phone []: <Phone>

Home Phone []: <Phone>

Other []: <Other>

Is the information correct? [Y/n] Y

Add the administrator rights to the user by editing the /etc/sudoers file as follows:

username ALL=(ALL:ALL) ALL

3. Remove UDEV settings for network devices, if applicable, by deleting all strings from /etc/udev/rules.d/70-persistent-net.rules

4. Rename guest OS by replacing digits at the end of its name with xxxx characters.

For example:

RHEL-family - /etc/sysconfig/network

Debian-family - /etc/hostname

Please be aware that the path for CentOS7 is similar to the path for Debian.

5. Stop sssd daemon and clear cache:

systemctl stop sssd; (for Centos service sssd stop)

rm -rf /var/lib/sss/db/*

# remove file /etc/krb5.keytab

rm -f /etc/krb5.keytab

# remove file /etc/samba/smb.conf

rm -f /etc/samba/smb.conf

6. Modify guest OS name in DHCP client settings by replacing digits at the end of its name with

xxxx characters.

For example:

/etc/dhclient-eth0.conf.

7. Remove the following lines from the /etc/ssh/sshd_config file:

Match User maintenance

PasswordAuthentication no

sed -i -e "/^Match User maintenance/,+1d" /etc/ssh/sshd_config

For Fedora CoreOS and Ubuntu 20, enable password authentication in the

/etc/ssh/sshd_config file by changing PasswordAuthentication no to

PasswordAuthentication yes.


5.3.2.1 Preparing VMs in Microsoft Azure Regions

For virtual machines running in Microsoft Azure regions, perform the following steps:

1. Connect to your VM via SSH.

2. Type the following command in the SSH window:

sudo waagent -deprovision+user

The command output may vary depending on the utility version.

This command is used to clean the system and prepare it for image creation. The following

actions are performed:

- SSH host keys are removed

- nameserver configuration in /etc/resolvconf is cleared

- the root user’s password is removed from /etc/shadow

- cached DHCP client leases are removed

- the host name is reset to localhost.localdomain

- the last provisioned user account (obtained from /var/lib/waagent) and the associated

data is deleted

3. Type y to continue. To avoid this step, add the -force parameter to the command.

4. Type exit. This closes the SSH client.


6 SECURITY AND CONNECTION

This Section lists a set of commands used to connect to your VMs and to provide their security.

Please note that the commands related to Static IPs manipulation have different effect for AWS and

EPAM-based infrastructure. In AWS, they deal with public IPs, and the manipulations do not need the

VM to have any specific state. In EPAM Cloud, these commands deal with private IPs, and you will have

to stop your VM before initiating any IP changes.

6.1 CREATE KEY PAIR

Invoke: or2-create-keypair (or2addkey)

With this command you can create a key pair used to access instances without the need to provide login

credentials. Key pairs consist of a public key (stored in Orchestrator) and a private key, stored locally in

‘..\maestro-cli\out\{YOUR_PROJECT_NAME}\’ folder.

CLI Parameters



-k, --key-name Name of the key to be created Yes





-s, --size Key size, a positive integer specified in bits.

Default: 4096 No


2048 bits is the minimum available key size. If you specify a key size of 2048 bits or less, a 2048-bit key

will be created

Response Elements

Name Description

name Key pair name

owner Key pair owner

project Project the key pair belongs to


Command Example

or2addkey -p project -r region -k key_name

Response Example

Figure 45 - or2addkey Response Example


6.2 IMPORT KEY PAIR

Invoke: or2-import-keypair (or2ikey)

Imports the existing key to a specified region.

CLI Parameters




-k, --key-name

Key pair name (to describe a specific key pair). For

several key names repeat the parameter: -k keyname1

-k keyname2 -k keynameN

Yes




-f, --public-key-file Full path to the local public key No

-s, --source-region The region to which the key already exists No

-d, --destination-region The region to which the key should be imported Yes


Response Elements

Name Description

name Key pair name



If the key was created in EPAM Cloud, its public part is stored in Orchestration database, and all you

have to do is specify the region in which the key is already stored and the region where it should be

imported to:

or2ikey -p project -k key_name -s source_region

-d destination_region

If the key is created in AWS and you need to import it to a new AWS region, you will also have to specify

the path to the Public key. For the detailed guidelines on retrieving public AWS keys use the following

links:

o Linux o Windows

A key created with AWS tools will be referenced in EPAM Cloud with the same name that was assigned

to it during the creation.

You can import a key from one Cloud platform to another when needed.

The keys created before November 7, 2015 are incompatible with Azure.

It is impossible to import keys existing keys to Azure regions due to keys processing specifics: the

operation need providing the private key explicitly.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#retrieving-the-public-key

http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-key-pairs.html#retrieving-the-public-key


Command Example

This example imports a key from one region to another one.

or2ikey -p project -d destination_region -k key_name -f

path\to\public\key\file.pub

Response Example

Figure 46 - or2ikey Response Example


6.3 DESCRIBE KEY PAIRS

Invoke: or2-describe-keypairs (or2dkey)

Describes Orchestrator (not AWS) key pairs available for provided project and region

CLI Parameters



-k, --key-name Key name (to describe a specific key pair). For several key names

repeat the parameter: -k keyname1 -k keyname2 -k keynameN No






Response Elements

Name Description

name Key pair name



Command Example

This example describes the keypairs available for the specified project.

or2dkey -p project -r region

Response Example

Figure 47 - or2dkey Response Example


6.4 DELETE KEY PAIR

Invoke: or2-delete-keypair (or2delkey)

Deletes a specified key pair.

1. Once you delete a key pair, you will not be able to use it to launch new instances. You will still be

able to access launched instances using your private key.

2. The command only deletes public keys, stored in Orchestrator. If you like to delete private keys as

well, please do it manually. Private keys are stored in ‘..\maestro-

cli\out\{YOUR_PROJECT_NAME}\’ folder on your local machine.

CLI Parameters



-k, --key-name Name of the key pair to be deleted Yes






Response Elements

Name Description

name Name of the deleted key pair

owner Owner of the deleted key pair

project Name of the project, the key pair has been assigned to

deleted States whether the key pair has been deleted

Command Example

or2delkey -p project -r region -k key_name

Response Example

Figure 48 - or2delkey Response Example


6.5 CONSOLE

Invoke: or2-console (or2console)

This command allows activating instance console and getting access credentials for it. To activate the

console for a VM, just run this command and provide all the necessary parameters.

CLI Parameters


-a, --activate Activates access console for the instance No

-e, --expiration Expiration time in hours. Default -1. Max - 9 No








Command Example

or2console -i instance_id -p project -r region

The system responds with the following confirmation: ‘Email with credentials was sent to you’.

Response Example

Figure 49 - or2console Response Example

A message containing the console credentials and the link to the console host is sent to the instance

owner’s email.


Figure 50 - Console credentials


6.6 ACCESSING AWS MANAGEMENT CONSOLE

Invoke: or2-aws-management-console (or2awsmc)

The command returns a link by which you can login to AWS Management Console and get access to

AWS services (all but the IAM service).

CLI Parameters







Before you can run this command, please, ask your Project Coordinator to grant you respective

permissions in Manage Cloud wizard (available on Cloud Dashboard for project coordinators only).

Command Example

or2awsmc -p project

Response Example

Figure 51 - or2awsmc Response Example

https://cloud.epam.com/maestro2/ui/home


6.7 IAM USER MANAGEMENT

Invoke: or2-iam-users (or2iam)

The command allows to describe, delete and set owner for IAM users.

CLI Parameters


-a, --action Action to be performed [describe, delete, setOwner].

Default: describe No

-e, --email EPAM email of the IAM user’s owner for the ‘-a

setOwner’ action No






--reason IAM user deletion reason for the ‘a delete’ action No

-t, --type IAM user type. Allowed values : [aws, google] No

-u, --user-name IAM user name No



Response Elements

Name Description

userName IAM user name

type IAM user type

creationDate IAM user creation date

groupNames IAM user group names

mfaDevicesSerialNumbers Serial numbers of MFA devices

passwordLastUsed Date on which the password was last used

ownerEmail IAM user’s owner email

projectCode Project abbreviation in UPSA

Command Example

or2iam -p project

Response Example

Figure 52 – or2iam Response Example



6.8 ACCESSING AZURE MANAGEMENT CONSOLE

Invoke: or2-azure-management-console (or2azmc)

The command allows you to login to your project console on Azure Portal and sends you a notification

with login instructions.

CLI Parameters







Before running this command, please make sure that the project is activated in Azure.

Command Example

or2azmc -p project

Response Example

Figure 53 - or2azmc Response Example

https://portal.azure.com/


6.9 ACCESSING GOOGLE MANAGEMENT CONSOLE

Invoke: or2-google-management-console (or2goomc)

The command returns a link by which you can login to Google Management Console and get access to

Google Cloud Platform services.

CLI Parameters






Access to the console is provided for all projects activated in Google Cloud to which you are assigned.

When you access the Google Cloud Platform dashboard, you can select the project under which you

will be working.



Command Example

or2goomc



6.10 DECRYPTING INSTANCE PASSWORD

Invoke: or2-decrypt-password (or2dp)

Decrypts the password obtained in or2console mail message (for AWS and Google Cloud Platform).

CLI Parameters


--full Show full command output Default: false No

--help Display command help Default: false No

-e, --encrypted-password Full path to the file containing password to be

decrypted

Yes

-P, --plain-output Use plain output view Default: false No


-p, --private-key-file Path to the file containing private key Yes

-y Provide this parameter for automatic command

confirmation

No

Response Elements

Name Description

decrypted The decrypted password

Command Example

This example shows decrypting an encrypted password.

or2dp -p private-key-file-path -e encrypted-password-file-path


6.11 ALLOCATING A STATIC IP FOR A PROJECT

Invoke: or2-allocate-static-ip (or2alsip)

Allocates a static IP for the specified project in the given region.

CLI Parameters


-d, --domain Show Elastic IP addresses for use with instances in EC2-

Classic or instances in a VPC. Applicable only for AWS

regions. Available domain types: [STANDARD, VPC].

Default: VPC

No







Response Elements

Name Description

ipAddress The allocated IP address

isPublic The address Public status

domainType The domain type

Command Example

This example shows allocating a static IP to a project.

or2alsip -p project -r region

Response Example

Figure 54 - or2alsip Command Example

The ‘or2alsip’ command is not available in OpenStack regions.


6.12 ASSIGN A STATIC IP TO A VM

Invoke: or2-associate-static-ip (or2assip)

Assigns the specified static IP to the given VM.

Please note:

• Assigning a static IP can take some time. Meanwhile, the VM will be unavailable for Maestro

CLI commands.

• If a VM is hosted in an EPAM region, its DNS will not change when a static IP is assigned.

• After associating a static IP, no additional configuration of your VM is required.

CLI Parameters


--any-ip-address Use any free IP address from among the allocated ones. If no

such address is found, try to allocate another address and

associate the VM with it

No

-a, --ip-address The IP to be assigned to the VM Yes

--full Show full command output. Default: false No

-i, --instance Target Instance ID or Name Yes

--help Display command help. Default: false No

-P, --plain-output Use plain output view. Default: false No




Response Elements

Name Description




instanceID The ID of the instance to which the IP is assigned

ipState State of the IP address

Command Example

This example shows assigning a static IP to a VM.

or2assip -p project -r region -i instance_id -a ip_address

Response Example

Figure 55 - or2assip Command Example

The ‘or2assip’ command is not available in OpenStack regions.


6.13 DESCRIBE STATIC IPS

Invoke: or2-describe-static-ips (or2dsip)

Returns the list of static IPs available for the project in the given region.

CLI Parameters


-a, --ip-address IP-address. For several addresses, repeat the parameter

several times. No

-d, -- domain Show Elastic IP-addresses for use with instances in EC2-

Classic or instances in a VPC. Available domain types:

[STANDARD, VPC].

No

--full Show full command output Default: false No

-i, --instance Target Instance ID or Name. To get info about several

instances, repeat the parameter.

No






Response Elements

Name Description




instanceID The ID of the instance to which the IP is assigned

ipState State of the IP address

instanceName The name of the instance to which the IP is assigned

Command Example

This example returns the full list of the IPs allocated to the project

or2dsip -p project -r region

Response Example

Figure 56 - or2dsip Command Response Example


6.14 DISASSOCIATE A STATIC IP FROM A VM

Invoke: or2-disassociate-static-ip (or2dissip)

Disassociates the specified static IP from a VM.

Please note: when the operation is performed on a running VM in EPAM-UA1, EPAM-HU1, EPAM-HU2,

EPAM-RU2 regions, the VM is automatically shut down and is set to the STOPPED state.

CLI Parameters


-a, --ip-address The IP to be disassociated Yes







Response Elements

Name Description




instanceID The ID of the instance to which the IP is assigned (should be empty)

Command Example

This example shows disassociating a static IP from its VM.

or2dissip -p project -r region –a ip_address

Response Example

Figure 57 - or2dissip Command Response


6.15 RELEASE A STATIC IP

Invoke: or2-release-static-ip (or2relsip)

Removes the specific static IP from the project pool.

CLI Parameters


-a, --ip-address The IP to be released Yes







Command Example

This example shows removing a static IP from the project pool.

or2relsip -p project -r region -a ip_address

Response Example

Figure 58 - or2relsip Command Response


6.16 REGISTER AN EXISTING INSTANCE ON LUMINATE

Invoke: or2-register-on-luminate (or2lum)

Registers an existing instance on Luminate.

CLI Parameters




-i, --instance Instance ID or Instance Name. Yes





Command Example

This example shows registering an existing instance on Luminate.

or2lum -p project -r region -i instance

Response Example

Figure 59 - or2lum Command Response

6.17 DESCRIBE PUBLIC PERMISSIONS

Invoke: or2-describe-public-permissions (or2dpp)

Describes user`s permission policy in Public Cloud.

CLI Parameters


-e,--email User’s email address. Yes

--full Show full command output instead of default basic

one No




-p, --project Project ID No

Command Example

This example shows the full set of permissions assigned to a specified user in a Public Cloud.

or2-describe-user-permission -p <project> -e <email>


Response Example

Figure 60 - or2dpp Command Response


7 WORKING WITH VOLUMES

Each virtual machine created in EPAM Cloud has a default (system) storage volume or flavor (size of

the system disk) which you choose.

Based on the technical characteristics, the following recommendations on storage type selection can be

summed up:

• Using system disk is recommended when:

o The instance hosts a database or an application that needs high read/write speed

o You estimate that the whole storage volume assigned to the instance will be used

throughout its lifecycle

• Using attached volumes is recommended when:

o You need to store cold data and high read/write speed is not critical for your application.

o Using additional storage is a temporary measure and you plan to decrease storage

usage in future

The system disk is located on the same host as the instance, and shows higher read/write performance,

while attached volumes are treated as network ones, and some latency is typical for them.

The table below provides the details on technical difference between the two storage types:

Parameters Comparison

Parameter name System disk Volume

Has higher read/write speed Yes No

Can be easily extended Yes No

Needs additional steps for mounting No Yes

Can be removed or reattached to

another instance when needed No Yes

The described two options of storage management in OpenStack allow you to select the solution that

would be the best balance between the performance and cost effectiveness.

The described approach cannot be applied to instances in EPAM-MAC region.

Please, note, that the size of the used volume influences the infrastructure price. Active (on started

instances) and Passive (on stopped instances) volumes are billed in different ways. For more details on

EPAM Cloud billing policy, please, see the Account Management Guide.

7.1 CREATE AND ATTACH VOLUME

Invoke: or2-create-attach-volume (or2addattvol)

Creates and attaches a storage volume to the specified instance.

• Each project in EPAM Cloud has a storage volume quota. To update it leave a request at support.epam.com.

• You can create and attach volumes to your permitted instances, in accordance with your project abbreviation in UPSA.

https://cloud.epam.com/site/management/billing_and_quotas/ciug_7_billing.pdf



CLI Parameters


-d, --device System device to attach the volume Yes/No*







-s, --size Storage volume size in GB Yes

--irg,



Azure No


*-The device parameter is required for the AWS-type regions. For more details, please see this section.

Response Elements

Name Description

id Storage volume ID

system States whether the volume is a system one

size_MB Storage volume size in MB

instanceID Instance ID

state Current state of the volume

used States whether a storage volume is used at the time

usedSpace_MB Space used out of the attached volume

Command Example

This example creates and attaches new storage volume (1GB) to the specified instance hosted in an

AWS region.

or2addattvol -p project -r AWS-region -s 1 -i instance_id -d /dev/sdd

Response Example

Figure 61 - or2addattvol Response Example

When the created volume changes to the ‘ready’ status, you can use it for your project needs.


7.2 ATTACH VOLUME

Invoke: or2-attach-volume (or2attvol)

Attaches specified storage volume to the specified instance. Available for AWS, Azure and

OpenStack regions. The specified storage volume and instance must belong to the same availability

zone, (e. g. us-east-1a).

CLI Parameters


-d, --device System device to attach the volume. Yes/No*







--irg,



Azure No

-v, --volume Storage volume ID Yes

-vrg,

--volumeResourceGroup Volume Resource Group No


*-The device parameter is required for the AWS-type regions. For more details, please see this section.

Response Elements

Name Description


system States whether the volume is a system volume

size_MB Volume size in MB

instanceID Instance ID

usedSpace_MB Amount of volume space used



Command Example

This example attaches the specified volume to the specified instance.

or2attvol -d /dev/hdc -i instance_id -v volume_id -p project -r region

Response Example

Figure 62 - or2attvol Response Example


7.3 DETACH VOLUME

Invoke: or2-detach-volume (or2detvol)

Detaches a storage volume from the specified instance. Available for AWS, Azure and OpenStack

regions. You can only detach volumes from permitted instances, in accordance with your project

abbreviation in UPSA.

1. You can currently detach only one volume at a time.

2. Detaching volumes can currently only be performed for stopped instance. Please, use ‘or2stop’

before launching this command.

3. This command is not available for personal projects

CLI Parameters








-vrg,



Response Elements

Name Description


system States whether the volume is a system volume (only non-system volumes can

be detached)


instanceID ID of the VM from which the volume is detached



usedSpace_MB Amount of volume space used

Command Example

This example shows the common case of detaching a volume from an instance.

or2detvol -p project -r region -v volume_id

Response Example

Figure 63 - or2detvol Response Example


7.4 RESIZE VOLUMES

Invoke: or2-resize-volume (or2resvol)

Increases an earlier created storage volume to the specified size.

1. This command is not available in OpenStack, AWS, Azure and Google Cloud regions.

2. Current implementation only allows increasing the size of storage volumes, decreasing is

unavailable.

CLI Parameters







-s, --size Target storage volume size in GB Yes

-v, --volume ID of the volume to be resized Yes


Response Elements

Name Description




instanceID ID of the instance the volume is attached to



usedSpace_MB Space used out of the attached volume

Command Example

This example resizes an earlier created volume to 100 gigabytes:

or2resvol -p project -r region -v volume_id -s 100

Response Example

Figure 64 - or2resvol Response Example


7.5 DESCRIBE VOLUMES

Invoke: or2-describe-volumes (or2dvol)

Describes storage volumes belonging to the specified project.

CLI Parameters



-i, --instance Instance ID. For several instances repeat the parameter. No





-v, --volume Storage volume ID. For several Volume IDs repeat the parameter. No


Response Elements

Name Description



usedSpace_MB Space used out of the particular volume

instanceID In some cases, depending on virtual service provider, shows ID of the

instance to which the storage volume is attached



zone Volume availability zone (AWS-type regions only)

snapshot Volume snapshot ID, if present (AWS-type regions only)

type Volume type (AWS-type regions only)

device Volume device (AWS-type regions only)

system Specifies whether the volume is a system volume

deleteOnTermination States, whether the volume will be deleted on instance termination

(AWS-type regions only)

Command Example

This example describes existing storage volumes for specific instance.

or2dvol -p project -r region -i instance_id


Response Example

Figure 65 - or2dvol Response Example

Command Example

This example describes existing storage volumes. The ‘No volumes were found’ response means there

are no storage volumes for the project in the specified zone.

or2dvol -p project -r region

Response Example

Figure 66 - or2dvol Empty Response Example


7.6 DELETE VOLUME

Invoke: or2-delete-volume (or2delvol)

Deletes the specified storage volume. You can only delete permitted volumes, in accordance with your

project abbreviation in UPSA.

1. Currently you can only delete volumes one at a time.

2. The command deletes specified volumes even if they are attached to an instance.

3. Be careful when using in AWS-type regions. Make sure you do not accidentally delete your system

volume.

CLI Parameters








-vrg,


-y Provide this parameter for automatic command

confirmation No


Response Elements

Name Description

ID Storage volume ID



instanceID ID of the instance the volume is attached to



usedSpace_MB Space used out of the volume

Command Example

This example shows the common case of deleting a volume.

or2delvol -p project -r region -v volume_id

Response Example

Figure 67 - or2delvol Response Example


7.7 FINDING THE DEVICE PARAMETER

To obtain the --device parameter required for attaching volumes in AWS regions, log in to your VM and

run the ‘df-h’ command. The response to this command will contain the following information:

Figure 68 - df-h Response Example

Find the device name for the root mount point in the ‘Filesystem’ column (in the example above, the

device name is highlighted in bold and underlined). The device name can have one of the following

formats: ‘/dev/xvda1’ or ‘/dev/sda1’. Modify the device name by replacing the last character with any

letter following it alphabetically. For example, if the device name is ‘dev/xvda1’, the modified name may

have the ‘/dev/xvdd’ or ‘/dev/xvde’ forms; for ‘dev/sda1’ – ‘/dev/sdd’ or ‘/dev/sde’.

Use the modified device name in the ‘or2addattvol’ command:

or2addattvol -p project -r AWS-region -s 50 -i instance_id -d /dev/sdd


7.8 MOUNTING STORAGE VOLUMES

Once you attach a volume to an instance, it has to be mounted in order to be used. The procedure is

different for Windows and Linux instances.

7.8.1 Windows OS family

1. Login to the instance via RDP

2. Launch 'Start' -> 'All Programs' -> 'Administrative Tools' -> 'Computer Management' or

run compmgmt.msc

3. In the tree pane, double-click the Storage node, and select 'Disk Management'

4. Right-click 'Disk Management' and select 'Rescan Disks'.

Figure 69 - Computer Management in Windows 8

5. After the disk scan completes, scroll down in the tasks pane to locate the new disk that was just

added. Right-click the disk and select 'Online'.

6. The new disk will be listed as 'Unknown' and 'Not Initialized'. Right-click the disk and select

'Initialize Disk'.

7. When the 'Initialize Disk' window opens, check the disk or disks to initialize, and click the

'Option' button to create either an MBR or GPT type disk.

8. Format the disk.


7.8.2 Linux OS Family

1. Login to the instance by SSH.

2. Execute the following commands to make the system able to see a newly attached virtual disk:

sudo su -

echo "- - -" > /sys/class/scsi_host/host0/scan



echo "1" > /sys/class/scsi_device/2\:0\:0\:0/device/rescan

echo "1" > /sys/class/scsi_device/2\:0\:1\:0/device/rescan

3. Create a file system (ext3) on '/dev/sdb'

If you have already attached other disks, use 'sdX', where 'X' identifies your disk

mkfs.ext3 /dev/sdb

4. Create a folder and mount the disk into it:

mkdir /media/storage

mount /dev/sdb /media/storage/

5. Now you can see your attached disk in disk lists

df -h


8 WORKING WITH CHECKPOINTS

Checkpoints are instance recovery points, containing the data (storage, memory, other devices) of an

instance, including storage volumes at a specific point in time.

Each checkpoint is billed per each GB of storage it takes. The size of the checkpoint depends on the

changes you make to the VM storage. The more changes you make, the heavier your checkpoint is.

Please note that using checkpoints increases the infrastructure price. Active (on started instances) and

Passive (on stopped instances) checkpoints are billed in different ways. Meanwhile, 1GB active checkpoint

storage is about 3 times higher than the price of 1GB HDD running. For more details on EPAM Cloud billing

policy, please, see the Account Management Guide.

The table below compares the monthly price of a standard Linux VMs of different shapes with 20 GB

checkpoint (in EPAM-HU1 and EPAM-HU2 Regions):

Size Standard Price With Checkpoint

MINI $8.77 $20.77

SMALL $14.61 $26.61

MEDIUM $41.64 $53.64

LARGE $61.36 $73.36

XL $113.96 $125.96

3XL $227.92 $239.92

We strongly recommend to create checkpoints only before introducing critical changes to your VM, and

remove a checkpoint when it becomes clear that the changes are successful.

Checkpoints manipulations are available only in ESX-based EPAM regions and cannot be performed on

instances in OpenStack Regions, AWS, Azure, or Google clouds.

It is recommended to stop an instances before creating a checkpoint on it. This ensures seamless reverting

to the checkpoint. Otherwise, guest OS performance issues may occur.

It is advised not to use the Checkpoints during large periods of time. Long-living checkpoints significantly

increase the price of your VM, reverting to a checkpoint that is older than 30 days can have unpredicted

results.

The price of 1GB active checkpoint storage is significantly higher than the price of 1 GB of HDD running.

https://cloud.epam.com/site/management/billing_and_quotas/ciug_7_billing.pdf


8.1 CREATE INSTANCE CHECKPOINT

Invoke: or2-create-checkpoint (or2ccp)

Creates an instance recovery point, containing data (storage, memory, other devices) of a virtual machine,

including storage volumes at a specific point in time.

• To ensure seamless reverting to a checkpoint, it is recommended to stop the VM before running the

or2ccp command.

• All storage-related commands (or2attvol, or2addattvol, or2delvol, or2detvol) for the instance are

disabled once a checkpoint has been created.

CLI Parameters


-d, --description Checkpoint description No








Response Elements

Name Description

id Checkpoint ID

size_MB Checkpoint size

description Checkpoint description

processTime Checkpoint creation or update time

instanceID ID of the instance for which the checkpoint is created

current States whether the checkpoint represents current state of the instance

state Current state of checkpoint

Command Example

> or2ccp -r region -p project -i instance_id -d checkpoint_description

Response Example

Figure 70 - or2ccp Response Example


8.2 DESCRIBE INSTANCE CHECKPOINTS

Invoke: or2-describe-checkpoints (or2dcp)

Describes checkpoints created for the specified instance or all checkpoints in the specified project and

region.

CLI Parameters



-i, --instance Instance ID No






Response Elements

Name Description

id Checkpoint ID

instanceID ID of the instance for which the checkpoint was created

owner Instance owner


processState Checkpoint creation progress in percent



createdDate Checkpoint creation date

outdated States whether the checkpoint is outdated


Command Example

or2dcp -r region -p project -i instance_id

Response Example

Figure 71 - or2dcp Response Example


8.3 GO TO INSTANCE CHECKPOINT

Invoke: or2-go-to-checkpoint (or2gcp)

Reverts to the specified instance checkpoint.

CLI Parameters


-c, --checkpoint ID of the checkpoint to be used. Yes








Response Elements

Name Description

id Checkpoint ID



processTime Checkpoint creation or update time. This parameter initially shows the checkpoint

creation date and with each checkpoint update changes to the update time




Command Example

or2gcp -r region -p project -i SAMPLE -c

checkpoint-2012_12_11_12_02_18_EVBYMINSDSAMPLE

Response Example

Figure 72 - or2gcp Response Example


8.4 REVERT TO INSTANCE CHECKPOINT

Invoke: or2-revert-to-checkpoint (or2rcp)

Reverts instance to the latest available checkpoint.

CLI Parameters









Response Elements

Name Description

id Checkpoint ID



processTime Checkpoint creation or update time. This parameter initially shows the checkpoint

creation date and with each checkpoint update changes to the update time




Command Example

or2rcp -r region -p project -i instance_id

Response Example

Figure 73 - or2rcp Response Example


8.5 DELETE INSTANCE CHECKPOINT

Invoke: or2-delete-checkpoint (or2delcp)

Deletes specified instance checkpoints.

Deleting a checkpoint can take long time, even several hours. The parent VM is unavailable till the

deletion process is completed.

If your checkpoint ID contains spaces, encase the -c parameter value in double quotes

CLI Parameters


-c, --checkpoint ID of the checkpoint to be deleted. Yes







-y Provide this parameter for automatic command confirmation No


Response Elements

Name Description

id Checkpoint ID




Command Example

or2delcp -r region -p project -i instance_id -c

checkpoint-2012_12_11_12_02_18_EVBYMINSDSAMPLE

Response Example

Figure 74 - or2delcp Response Example


9 WORKING WITH HARDWARE SERVERS

EPAM Cloud supports adding hardware resources under the Orchestrator control for proper billing and

monitoring of hardware resources. Dedicated instances related to hardware resources are assigned to the

special hardware region, EPAM-HW1, and this name is to be specified when calling the hardware-related

commands.

9.1 HARDWARE SERVER REGISTRATION

Invoke: or2-register-hardware-server (or2reghs)

This command registers a dedicated instance as a hardware server in EPAM Cloud. During registration,

the hardware server configuration is specified, so that it could be billed accordingly.

This command is available to zone administrators only.

CLI Parameters


-c, --cost-center Cost center Yes

-u, --cpu-count Number of physical processors. Positive integer in the range of 1-8.

Yes


-h, --hdd-space HDD space in GB. Positive integer Yes


-l, --location DC name, address of the actual server position No

-m, --memory-size RAM volume in MB. Positive integer in the range of 1024-1048576

Yes

-o, --ownership Server ownership. Available ownership values: [PROJECT, CUSTOMER, EPAM]

Yes





-d, --registration-date Date of hardware resource registration for chargeback. Should consist of date and time in the following format: yyyy-MM-ddTHH:mm. For example: 2015-05-01T10

Yes

-n, --server-name Hardware server name Yes

-e, --server-usage Server usage in percent. Positive integer, max 100%. Yes

-t, --units-count Units count. Positive integer in the range of 1-10 Yes

-w, --working-power Working power in kW No

Response Elements

Name Description

instanceId Instance ID of the hardware server

name Hardware server name

cpu Number of physical processors

memory RAM volume in MB


owner Server ownership

registrationDate Date of hardware resource registration for chargeback

workingPower Working power in kW

location DC name, address of the actual server position

Command Example

The following command registers a server owned by EPAM with 100% usage in a single project:

> or2reghs -c cost_center -u cpu_count -h hdd_space -m memory_size -o EPAM -p

project -r EPAM-HW1 -d yyyy-MM-ddTHH:mm -n server_name -e 100 -t units_count

The following command registers a server owned by Customer with 30% usage in a project:

> or2reghs -c cost_center -u cpu_count -h hdd_space -m memory_size -o CUSTOMER

-p project -r EPAM-HW1 -d yyyy-MM-ddTHH:mm -n server_name -e 30 -t

units_count

Response Example

Figure 75 - or2reghs Response Example


9.2 HARDWARE SERVER UNREGISTRATION

Invoke: or2-unregister-hardware-server (or2unreghs)

This command unregisters a dedicated instance that was previously registered as a hardware server in

EPAM Cloud.


CLI Parameters








-i, --instance Server instance ID No

Command Example:

>or2-unregister-hardware-server --project demopro --region demopro –instance

i-00000000

Response Example:

Figure 76 - or2unreghs Response Example


9.3 HARDWARE SERVER MODIFICATION

Invoke: or2-modify-hardware-server (or2modhs)

This command modifies the settings of an existing hardware server.


CLI Parameters


-u, --cpu-count Number of physical processors. Positive integer in the range of 1-8.

No


-h, --hdd-space HDD space in GB. Positive integer No


-i, --instance Dedicated instance ID of the server to be modified Yes

-l, --location DC name, address of the actual server position No

-m, --memory-size RAM size in MB. Positive integer in the range of 1024-1048576

No



-e, --server-usage Server usage in percent. Positive integer, max 100%. No

-t, --units-count Units count. Positive integer in the range of 1-10 No

-w, --working-power Working power in kW No

Even though all parameters except ‘--instance' are optional, at least one server parameter with a modified

value has to be specified. If no other parameters are sent, the command returns the following message:

‘No parameters to modify!’.

Response Elements

Name Description

instanceId Instance ID of the hardware server

name Hardware server name

cpu Number of physical processors

memory RAM volume in MB

hddSpace HDD space in GB

unitsCount Units count

serverUsage Server usage in percent

workingPower Working power in kW

location DC name, address of the actual server position


Command Example

or2modhs -i dedicated_instance_id -u cpu_count -h hdd_space -m memory_space -

t units_count

Response Example

Figure 77 - or2modhs Response Example


9.4 HARDWARE REPORT

Invoke: or2-hardware-report (or2hr)

This command generates a hardware server usage report and delivers it to the requesting user’s email in

.csv format.

CLI Parameters


-d, --day Day for which the report is to be retrieved No



-m, --month Month for which the report is to be retrieved No





-y, --year Year for which the report is to be retrieved No

Response Elements

Name Description

ServerName Hardware server name

State Current state of the hardware server

Zone Virtualization region in which the server is used

ProjectCode PMS code of the project for which the hardware server is used

CostCenter Cost center to which the hardware server is attached

HDDSpace HDD space of the server

UnitsCount Units count

ServerUsage Server usage in percent

MemoryMB RAM size in MB

CpuCount Number of physical processors

RegistrationDate Date of hardware server registration for chargeback

Location Physical location of the hardware server

WorkingPower Working power in kW

Command Example

or2hr -r region

Response Example:

Figure 78 - or2hr Response Example


10 AUDIT AND BILLING

EPAM Cloud Orchestrator utilizes a specifically designed flexible billing model. Striving to make EPAM

Cloud experience as comfortable for our customers as possible, we implemented an easy no contract model

not requiring any commitments from you: you pay only for utilized resources based on no contract pricing.

For the sake of easier comprehension, the billing model is presented on the following diagram and detailed

below:

Figure 79 - Price Breakdown

You can find the details on EPAM Cloud Service billing strategy, and instructions on project cost estimation

in our Account Management Guide.

https://cloud.epam.com/site/management/account_activity/csug_05_account_management.pdf


10.1 PROJECT REPORT

Invoke: or2-report (or2report)

The command prepares a monthly billing report for the specified project. This provides you the ability to

self-manage and control your infrastructure and keep track of expenses through various reports. This is

very useful for big projects with large infrastructure. Each report can be exported into *.csv file to supply

with an option to keep track of changes even in files.

CLI Parameters


-d, --day Day to retrieve report for No


-m, --month Month to prepare the report for (Accepted values: 1-12) Yes

-o, --owner Email or ‘Name Surname’ of a user to generate a report by the instances assigned to them

No




-r, --region

Virtualization region Can be specified as specific region name or region type (EPAM, AWS, AZURE, Google, ENTERPRISE, HARDWARE, WORKSPACE)

No

-g, --tag Specify a tag to collect only records with the tag. Must be specified as ‘-g user:tag=tag-name’ Default behavior: collect all records.

No

-t, --type

Report type. The following values are available: Total – total amount billed (default option) Subtotal – total amount billed split by categories Resource – total amount billed split by categories and instances Hourly – detailed report. Quota – current state of resource utilization quota

No

-y, --year Year to prepare the report for Yes

-a, --account-report Get a report by manager account No

-n, --account-name

Account name. Any account name part is allowed (Manager, Customer or Maestro). If this parameter is not specified and the report type is set as "account", report by Manager account is provided.

No

-i, --instance Instance ID. Only records by specified instances will be included to the report

No


The different types of reports have different output location. Total and Subtotal reports are displayed as

Maestro CLI response.

The resource and hourly reports will create a .csv file in the %MAESTRO_HOME%out/reports folder.

Please note that resource and hourly reports are not supported for Azure.


Response Elements

Name Description

type Report item type

project Project abbreviation in UPSA

zone Virtualization region

productCode Billable product code

productName Billable product name

usageType Method of product usage

quantity Billable product quantity

currency Report currency

total Total amount billed

quotaType Quota type

monthlyQuota Monthly resource quota

current (USD) Amount billed since the beginning of the month

utilization Monthly resource utilization quota percentage used since the beginning

of the current month

actionPlan Action to be taken upon quota depletion

status Quota status

Command Example

The command retrieves the total amount billed for the ‘Sample’ project for February 2013.

or2report -m 2 -y 2013 -p project –r region

Response Example

Figure 80 - or2report Response Example


10.2 GET PRICES

Invoke: or2-price (or2price)

Lists current monthly prices for EPAM Cloud Resources

The values returned by the command do not apply for AWS-type regions

CLI Parameters


-d, --day Get prices for a specific number of days

Acceptable values: positive integers > 0 No





-t, --resourceState Show prices for active/inactive resources only. Acceptable

values: ‘active’, ‘inactive’ No

-s, --shape

Show prices for specific shapes.

Acceptable values: ‘micro’, ‘mini’, ‘small’, ‘medium’, ‘large’,

‘xl’, ‘2xl’, ‘3xl’, ‘4xl’, ‘5xl’, ‘6xl’, ‘7xl’, ‘8xl’.

No


The response to the or2price command is broken down into the following price components:

Instance Price:

Response Elements

Name Description

Shape Instance Shape

OsType Operating system installed

Shape Instance Shape

soft&labor Base hourly cost of maintenance and software use

Memory price Price per 1 GB of RAM

vCoresPrice Price per 1 vCore

systemStoragePrice Price per GB of system storage

totalPrice Total price per instance

Checkpoint Price:

Response Elements

Name Description

activePricePer1GB Price per 1 GB of active checkpoint (on started instances)

inactivePricePer1GB Price per 1 GB of inactive checkpoint (on stopped instances)


Additional Storage Price:

Response Elements

Name Description

activePricePer1GB Price per 1 GB of active storage (on started instances)

inactivePricePer1GB Price per 1 GB of inactive storage (on stopped instances)

Machine Image Price:

Response Elements

Name Description

pricePer1GB Price per 1 GB of created machine image

For EPAM-BY1 region the ‘or2price’ command also returns the price for the RDB service with guaranteed

capacity, as this is the only region where such service is offered. The price consists of two components:

Service Creation Price – the one-time price of the RDB-MSSQL-CSA service creation

Service Attribute Prices – the price of RDB-MSSQL-CSA database depending on its size

Command Example

or2price -r region


Response Example

Figure 81 - or2price Response Example


10.3 INSTANCE AUDIT

Invoke: or2-audit (or2audit)

Views all relevant instance-related information for a specified period of time.

CLI Parameters


-d, --days Number of days to retrieve information for.

Default value: 3. The number must not exceed 100 No

-f, --from Starting date to retrieve information about an instance (yyyy-mm-dd)

Must not be earlier than 100 days before current date No


-g, --group

Audit events group. Available groups: [PROJECT, ACS,

HARDWARE, DOCKER, AEM, JENKINS, TERRAFORM, AWS,

ENTERPRISE, MACHINE_IMAGE]

No

-m/--image-id Image ID No

-i, --instance Instance ID No





-s, --stack The ID of the stack for which audit is to be retrieved No

-t, --to End date to retrieve information about an instance (yyyy-mm-dd) No


If you do not specify the -i/--instance parameter, the command response will include information

concerning all instances for the specified project.

Response Elements

Name Description

Date Date of event

User ID of the user, who launched an event

Action Event ID

instanceID ID of the instance

message Event description

region Virtualization region

project Project abbreviation in UPSA

Command Example

This example lists instance-related events for the specified period

or2audit -p project -r region -f 2016-03-01 -t 2016-04-01 -i instance_id

Response Example

Returns major events having occurred to the instance during the specified period of time


Figure 82 - or2audit Response Example


10.4 WORKING WITH EO ACCOUNTS

An EPC Account is a logical group of projects that can be associated to a cost-center. An account is

created by request to Consulting Team or to Help Desk , where you specify the following details:

• the account name

• the list of the projects to be included to the EPC Account

• the primary and secondary contacts

The people specified as the account contacts will get access to the EPC Account reporting information

even if they are not assigned to the projects associated with this account.

When the EPC Account is activated, you can use the or2report command with the -a/--account parameter:

or2report -m 03 -y 2016 -a account_ID -t total

The requested report will be mailed as a .csv file and contain the list of the user’s projects, the cost centers

in which they are priced (each cost center is bound to a virtualization region), the reporting period and the

cost:

Figure 83 - Account report

To see the details on EO Accounts assigned to you, use the or2-describe-eo-account (or2dacc).

The command provides the information on EO Accounts available to the user.

CLI Parameters


-c, --contacts Account contact email. For several contacts, repeat the

parameter Yes





Response Elements

Name Description

accountId The ID of the account assigned to the specified user

projectCodes The list of the projects included to the account

description Account description

contacts Account contacts




Command Example

This example lists instance-related events for the specified period

or2dacc -c [email protected]

Command Response

Figure 84 - or2dacc Command Example


11 USING TAGS

Tags are used to identify Cloud items, such as instances, checkpoints and volumes, for further easier

reference and manipulation. The tags are typically used in or2report command in order to retrieve the

information only on the specified group of resources.

The tag can also be used to filter the instances on Management page.

11.1 SET TAG

Invoke: or2-set-tag (or2settag)

Assigns custom tags to an instance or a volume for billing purposes to share costs between projects.

CLI Parameters








-t, --tag

Tag value. Multiple tags are supported. Allowed formats:

prefix1:key1=value1,prefix2:key2=value2

prefix1:key1=, prefix2key2=

key1=value1,key2=value2

value1,value2

Default prefix: empty. Default key: tag

Yes


1. Reports by tags take billing info starting from the moment of tag creation. The resource price that

existed before the tag was added, won’t be taken into account in a tag report.

2. The following symbols are NOT accepted when used in key or value for this command: < > ( ) + &

^_ * \ | "

3. If you use this command for a Windows instance, please, encase the ‘-t’ parameter in quotes i.e.

"tag"

4. 10 tags per resource are supported.

5. “eo” or “aws” cannot be used as prefixes.

6. If the or2settag command results in no change (for example, all tags sent in the command already

exist), an error response is returned. If only some tags exist, new tags will be set.

Command Example

This example assigns a tag to an instance.

or2settag -p project -r region -i instance_id -t prefix1:key1=value1

https://cloud.epam.com/maestro2/ui/management


Response Example

The command confirms tag assignment.

Figure 85 - or2settag Response Example


11.2 DESCRIBE TAG

Invoke: or2-describe-tag (or2dtag)

Retrieves custom tags, assigned to an instance or a volume for billing purposes.

CLI Parameters



-i, --instance Instance ID No/Yes*

-v, --volume Volume ID No/Yes*

-c, --checkpoint Checkpoint ID No






*Either --instance or --volume should be specified.

Response Elements

Name Description

resourceType Specifies, whether the resource is an instance or a volume

resourceId Resource ID

prefix Specifies, whether the tag has been added by a user

key Tag indication

value Tag value

Command Example

This example retrieves an assigned tag from an instance.

or2dtag -p project -r region -i instance_id

Response Example

Figure 86 - or2dtag Response Example


11.3 DELETE TAG

Invoke: or2-delete-tag (or2deltag)

Deletes a custom tag from an instance or a volume.

CLI Parameters








-t, --tag Tag value to be removed Yes


If the or2deltag command results in no change (for example, none of the tags sent in the command exist),

an error response is returned. If only some tags exist, they will be removed.

Response Elements

Name Description

resourceType Specifies, whether the resource is an instance or a volume

resourceId Resource ID

prefix Specifies, whether the tag has been added by a user

key Tag indication

value Tag value

Command Example

This example retrieves an assigned tag from an instance.

or2deltag -p project -r region -i instance_id -t tag_value

Response Example

Figure 87 - or2deltag Response Example


12 WORKING WITH FILES

EPAM Orchestrator allows to upload files to the Orchestration Server for further reference and usage.

12.1 UPLOAD A NEW FILE

Invoke: or2-upload-file (or2uf)

The command is used to upload a new file and save it in Orchestrator. The command can be used to upload

the following types of files:

• script files: any script file

• EO-template: Maestro Stack template files

• Zabbix-template: Files with templates for Zabbix Server

CLI Parameters





-p, --project Project abbreviation in UPSA. Upload the resource as system if this

parameter is absent. No

-d, --description Description of the file to be uploaded Yes

-t, --type File type [script, eo-template, zabbix-template, cf-template,

blueprint] Yes

-f, --file-path The local file path Yes

-n, --name Name under which the file will be uploaded (different from the name

in the file path) No

--help Show command help No

1. cf-template option is supposed to be used with confirmation files, however, this functionality is not

implemented yet.

2. If the --project parameter is not given in the command call, but is specified in default.properties file, it

will not be added automatically, because only obligatory parameters are applied this way, and --project

is optional here.

If you want to enable custom script to be executed on the instance after creation, please check that the

script titles are in a correct format. For Linux scripts, it is necessary to have a header that includes one of

the following: "bash", "bin/sh", "perl", Windows script files should have a ".ps1", ".cmd" or ".bat" extension.

Response Elements

Name Description

name file name

link file download link

size file size


Command Example

or2uf -p project -f d:\work\maestrostacks\test.json -t eo-template -d

testFileUpload

Response Example

Figure 88 - or2uf Response Example


12.2 DELETE A FILE

Invoke: or2-delete-file (or2delf)

Deletes a previously uploaded file from Orchestrator’s repository.

CLI Parameters






-n, --file-name Name of the file to be deleted Yes

-t, --type File type [script, eo-template, cf-template, zabbix-template,

blueprint] Yes

--help Display command help. Default: False No

Response Elements

Name Description

name File name

description File description

link The link to the file

size The file size

1. To delete a Maestro Stack template file, specify the file type as eo-template

2. The or2-delete-file command does not actually delete the file from the Orchestrator database, but

marks it as “deleted”, so that it becomes unavailable for further reference. To upload the same file

once more to the same region and project, you will need to change the file name.

Command Example

or2delf -n file1.json -p project -t eo-template

Response Example

Figure 89 - or2delf Response Example


12.3 DESCRIBE FILES

Invoke: or2-describe-files (or2df)

Describes uploaded and available files for the specified project.

CLI Parameters





-p, --project Project abbreviation in UPSA. If the parameter is absent, the

system resource will be described No

-n, --file-name File name No

-t, --type File type [script, eo-template, cf-template, zabbix-template,

blueprint] Yes


1. To describe a Maestro Stack template file, specify the file type as eo-template

2. cf-template option is supposed to be used with confirmation files, however, this functionality is not

implemented yet.

3. If the --project parameter is not given in the command call, but is specified in default.properties file, it

will not be added automatically, because only obligatory parameters are applied this way, and --

project is optional here.

Response Elements

Name Description

name Script name

description File description

link File download link

size File size

Command Example

or2df -p project -n test.json -t eo-template

Response Example

Figure 90 - or2df Response Example


EPAM PUBLIC 129

13 SECURITY SCANNING

As a main security measure, EPAM Orchestrator supports Qualys scanning which is used to identify VM

vulnerabilities. Qualys is an external security appliance which performs instance regular scanning on a daily

basis.

With the or2-security-check (or2sc) command you can obtain the latest security scanning report regarding

the selected instance.

The security scanning is performed automatically and cannot be initiated by a user. The report requested

by this command will return the result of a security scanning performed on the previous day.

EPAM performs security scanning in terms of self-service. You can review the results of scanning,

performed on instances related to projects to which you are assigned, via this link.

Invoke: or2-security-check (or2sc)

Initiates security scan of the specified resources.

CLI Parameters







-i, --instance Instance to be scanned No


--qualys Initiates Qualys scan No

Command Example

or2sc –p project_id -r region --qualys

Response Example:

Figure 91 - or2sc Response Example

The security scan report is sent to the user’s email.

https://mysecurity.epam.com/self-service/project/


EPAM PUBLIC 130

14 AUTOMATING INFRASTRUCTURE MANIPULATION

EPAM cloud Orchestrator supports mechanisms that allow to automate the process of infrastructure

creation and manipulation via special templates that aggregate the descriptions of sets of actions that are

to be performed.

There are two types of templates that can be processed by Orchestrator. They are Amazon Cloud

Formation Templates and Maestro Stacks.

14.1 TERRAFORM

Invoke: or2-terraform (or2ter)

Allows building, versioning and managing your infrastructure with the help of Terraform templates.

The service is activated with the standard or2ms command.

Terraform as a Service is available in public clouds only.

For the detailed instructions on Terraform service usage in via EPAM Orchestrator, see this guide.

CLI Parameters


-a, --action Terraform template action [describe, apply, plan, destroy,

upload, delete, validate]. Default: DESCRIBE No

-d, --description The description of the template No



-o, --override-existing-

template Override if a template with similar name exists. No

-g, --parameter-config Full path to the local variables file No



-r, --region Virtualization region No

-v, --skip-validation Skip validation for the uploaded template No

-n, --template-name Name of the template Default: [] No


Command example

The command below describes the existing templates

or2ter -a describe -p project_ID

http://cloud.epam.com/site/competency_center/e=p=c_services/terraform_as_a_service(=t=a=s)/csug_terraform.pdf


EPAM PUBLIC 131

Command output example

Figure 92 - or2ter Response Example

14.2 AMAZON CLOUD FORMATION

The detailed information about AWS Cloud Formation is given in Cloud Formation Service guide.

14.2.1 Run AWS Stack

Invoke: or2-run-aws-stack (or2rawss)

Runs a new AWS stack based on an existing template.

CLI Parameters







-s, --stack-name Name of the stack to run.

Must satisfy AWS naming rules: [a-zA-Z][-a-zA-Z0-9]* Yes

-t, --template-name Name of an existing template in Orchestrator storage Yes

-d, --default-parameters Run stack with default parameters No

-m, --timeout-in-minutes The amount of time during which the stack must be created,

otherwise stack creation considered as failed No

-b, --disable-rollback Disable stack rollback if the stack creation fails No

-c, --capability The list of the capabilities allowed in the stack. No

-n, --notification-ar-ns

The Simple Notification Service (SNS) topic ARNs to

publish stack related events. For several topic ARNs repeat

the parameter

No

-f, --on-failure

Specifies the action to be taken if stack creation fails.

Available actions: DO_NOTHING, ROLLBACK, DELETE.

Ignored if "--disable-rollback" parameter is set to "true"

No

-R, --parameter

Parameter name=value pair. Use "=" as delimiter. Repeat

for several parameters: --parameter name1=value1--

parameter name2=value2 --parameter nameN=valueN. If

you use Windows command line, please, encase the -r

No

https://cloud.epam.com/site/competency_center/e=p=c_services/cloud_formation_service_(=c=f=s)/csug_07_cloud_stacks.pdf


EPAM PUBLIC 132

CLI Parameters

parameter in quotes i.e. "name=value". Conditional: You

must pass the --parameter or --parameter-config . If both

are passed, only --parameter is used

Default: []

-g, --parameter-config

Full path to the stack parameters configuration file.

Conditional: You must pass --parameter or --parameter-

config. If both are passed, only --parameter is used

No


If you do not use either -d/--default-parameters, -R/--parameter, or -g/--parameter-config parameter,

you will be asked to specify additional information, depending on your template e.g. key, instance shape,

DB name/access credentials and root password for the instance.

Response Elements

Name Description

stackName Name of the stack

StackID Unique ID of the stack assigned by AWS

status Current state of the stack

Command Example 1

or2rawss -r aws-region -s stack_name -t template_name –p project

Response Example 1

Figure 93 - or2rsawss Response Example


EPAM PUBLIC 133

14.2.2 Describe AWS Stacks

Invoke: or2-describe-aws-stacks (or2dawss)

Describes one or more existing AWS stacks for the specified project and region.

CLI Parameters







-s, --stack-name

Name of the stack to retrieve information about.

For several stacks repeat the parameter: -n stackName1 -n

stackName2 -n stackName3

No


Response Elements

Name Description


stackID Unique ID of the stack assigned by AWS


description * The stack description

outputs*

Stack output, giving the information on the executed stack:

Instance ID – The ID of the newly created EC2 instance

PublicDNS – Public DNSName of the newly created EC2 instance

PublicIP – Public IP address of the newly created EC2 instance

parameters* Lists the parameters used within the specified stack

disableRollback* specifies whether the stack rollback in case of a failure is disabled

creationTime* The time when the stack was created

The options with the asterisk (*) are displayed only when the --full output mode is on

Command Example

or2dawss -r aws-region –p project –s stack_name

Response Example

Figure 94 - or2dawss Response Example


EPAM PUBLIC 134

14.2.3 Describe AWS Stack Events

Invoke: or2-describe-aws-stack-events (or2dawsse)

Returns the events related to the specified stack.

CLI Parameters







-s, --stack-name




Yes


Response Elements

Name Description

date The event date

logicalResourceId The logical name of the resource given in the template

resourceStatus The current resource status

resourceStatusReason The resource-associated message informing on the success or failure

physicalResourceId The resource physical instance unique identifier

stackName The name assigned to the stack

resourceType Type of the resource

Command Example

or2dawsse -s stack_name -r aws-region -p project --full

Response Example

Figure 95 - or2dawsse Response Example


EPAM PUBLIC 135

14.2.4 Describe AWS Stack Resources

Invoke: or2-describe-aws-stack-resources (or2dawssr)

Describes the resources for running and deleted stacks. one or more existing AWS stacks for the specified

project and region.

CLI Parameters







-s, --stack-name




No

-l, --logical-id The logical name of the resource as specified in the template No

-h, --physical-id The name or unique identifier that corresponds to a physical

instance ID of a resource supported by AWS CloudFormation No


If the --stack-name parameter is specified, the command will return all the associated resources included

to the stack.

If the --physical-resource-id is specified, the command returns the resources of the stack to which the

resources belong.

If you specify both --stack-name and --physical-resource-id parameters in one command call, a validation

error will occur.

Response Elements

logicalId The logical name of the resource given in the template

status The stack status

physicalId The name or unique identifier that corresponds to a physical instance ID of a resource

supported by AWS CloudFormation

stackName The name assigned to the stack

The command returns only the first 100 resources.


EPAM PUBLIC 136

Command Example

or2dawssr -r aws-region -p project -s stack_name

Response Example

Figure 96 - or2dawssr Response Example


EPAM PUBLIC 137

14.2.5 Delete AWS Stack

Invoke: or2-delete-aws-stack (or2delawss)

Deletes an existing AWS stack.

CLI Parameters







-s, --stack-name




Yes

-y Provide this parameter for automatic command confirmation

Default: false No


Response Elements

Name Description


region Virtualization region

project Name of the project the stack is assigned to

StackID Unique ID of the stack assigned by AWS


Command Example

or2delawss -r aws-region -s stack_name -p project -y

Response Example

Figure 97 - or2delawss Response Example


EPAM PUBLIC 138

14.3 MAESTRO STACKS

The detailed information about Maestro Stack files creation and usage is given Cloud Formation Service

Guide.

14.3.1 Describe Maestro Stacks

Invoke: or2-describe-maestro-stacks (or2dmstack)

Describes one or more existing Maestro Stacks for the specified project and region.

CLI Parameters







-s, --stack-id


For several stacks repeat the parameter: -s stackName1 -s

stackName2 -s stackName3

No*


*Either --stack-id or --project and --region should be specified

Response Elements

Name Description

stackName The name of an existing stack

stackId The Id of the existing stack

Status The status of the stack

owner Stack owner

templateName The name of the template used to run the stack

Command Example

or2dmstack -r region –p project

Response Example

Figure 98 - or2dmstack Response Example




EPAM PUBLIC 139

14.3.2 Run Maestro Stack

Invoke: or2-run-maestro-stack (or2rmstack)

Runs a new Maestro Stack based on an existing template.

CLI Parameters







-R, --parameter

Parameter name=value pair.

To provide several parameters:

• Use "=" as delimiter. Repeat for several parameters:

-R name1=value1 -R name2=value2 -R nameN=valueN. If

you use Windows command line, please, encase the -r

parameter in quotes i.e. "name=value".

• Separate parameters with coma within one string:

-R "name1=value1,name2=value2,…nameN=valueN"

No

-s, --stack-name Name of the stack to run Yes

-b, --rollback

Roll back stack resources if stack creation failed. Note: 1.

Rollback influences only the issues created with this particular

stack.

2. Rollback does not work for CSA-Type regions

No

-t, --template-name Name of an existing template in Orchestrator storage No*

-m, --template-path Full path to the local Maestro Stack template No*


*Either ‘--template-name’ or ‘--template-path’ parameter should be specified.

or2-run-maestro-stack uses EO-template to search for the stack templates to run. If the specified template

is absent among project templates, it will be searched for among system ones.

Response Elements

Name Description


stackId The Id of the stack

status The current status of the stack

owner Stack owner

templateName The name of the used template

Command Example

or2rmstack -p project -r region -s scenario1 –m D:\Stacks\1scenario.json -b


EPAM PUBLIC 140

Response Example

Figure 99 - or2rmstack -m Response Example


EPAM PUBLIC 141

14.3.3 Delete Maestro Stack

Invoke: or2-delete-maestro-stack (or2delmstack)

Deletes a Maestro Stack previously run on Orchestration, including all the stack-related resources.

CLI Parameters







-s, --stack-id The id of the stack to be deleted Yes

-y Automatic command confirmation


Response Elements

Name Description


stackId The Id of the stack

Status The current status of the stack

Owner The user who run the stack

templateName The name of the used template

Command Example

or2delmstack -p project -r region -s stack_name

Response Example

Figure 100 - or2delmstack -m Response Example


EPAM PUBLIC 142

14.3.4 Describe Stack Resources

Invoke: or2-describe-maestro-stack-resources (or2dmsr)

Describes the resources created during the specified stack execution.

CLI Parameters





-s, --stack-id Name of the stack to retrieve information about. Yes


Response Elements

Name Description

resourceId The Id of an existing stack resource

resourceType The type of the stack-related resource

resourceState The current state of the stack-related resource

projectName The project abbreviation in UPSA

zoneName Virtualization region

Command Example

or2dmsr -s stack_id

Response Example

Figure 101 - or2dmsr Response Example


EPAM PUBLIC 143

14.3.5 Validate Maestro Stack Template

Invoke: or2-validate-maestro-stack-template (or2vmst)

Performs a Maestro Stack template validation by the following parameters:

• JSON and XML syntax validation

• Stack template Logic check

• Check for the template commands availability in the region

• Check for template commands permission for the user

The validation covers all errors in the specified Maestro Stack template file and returns the list of the errors.

CLI Parameters







-t, --template-name Name of the template No

-m, --template-path Full path to the local Maestro Sack template No


Response Elements

Name Description

Type Issue type

Message Issue description

Command Example

or2vmst -r region –p project -m template_path

Response Example

Figure 102 – or2vmst Response Example


EPAM PUBLIC 144

14.3.6 Convert Maestro Stack Template

Invoke: or2-convert-maestro-stack-template (or2cmst)

Converts a Maestro Stack template into a CloudFormation template.

CLI Parameters







-f, --input-file Path to the Maestro Stack template Yes

-d, --output-file Path to the generated CloudFormation stack template. If no

path is specified, the stack template is displayed in the console No


Command Example

or2cmst -p project -r region -f template_path -d output_path

Response Example

Figure 103 - or2cmst Response Example


EPAM PUBLIC 145

15 SERVICES

A service is a software solution that allows you to install and manipulate a component, necessary for your

project, with a simple set of Maestro CLI commands. The Services provide you with functionality that is

meant to simplify your work with Orchestrator and give you the additional infrastructure monitoring and

management tools.

Most services are started with the or2-manage-service command with the corresponding –service-name

flag specifying the service to start.

When running the services, Orchestrator creates instances with pre-defined settings. These instances are

used as servers for the started services. The corresponding or2-describe-<service> commands can

provide you with the necessary details on the instances involved into the service.

You can monitor the state and the performance of each service using the or2-audit command with --group

project flag. This command returns the list of the service events that take place in the specified project

during the current day. The details are given in this section.

Below, you can find the details on the general services-related commands, and the commands used to

manipulate the specific services.

The mapping table of the required images for EO PaaS services can be found in Annex G – PaaS Guest

Operating Systems.

The new services cannot be activated if the target project Chef mode was set to USER.

Platform services are not available in Google Cloud regions.


EPAM PUBLIC 146

15.1 SERVICES MANIPULATION

15.1.1 Starting a Service

Invoke: or2-manage-service (or2ms)

Activates/deactivates available services for a particular project

CLI Parameters


-a, --activate Activate service. Default: false Yes*

-c, --cluster-name Platform service cluster name Yes**

--customize Allows to customize parameters defined in service stack

template Yes/No****

-d, --deactivate Deactivate service. Default: false Yes*


--init-entry-point Refreshes the entrypoint information of the service in

default.properties file No


-i, --instance Instance ID. Can be used for service deactivation No

-k, --key-name Project SSH key name. Required for all services in AWS zones Yes***

-P, --plain-output Use plain output instead of default table output. Default: false No




-s, --service-name

Platform service name, mandatory for service activation.

Valid service names: monitoring, chef, log, load-balancer,

docker, ambari, jenkins, messaging, hybris, kubernetes, gerrit,

magento, terraform

Yes/No

-S, --service-id Platform service ID. This parameter can be used for service

deactivation No

-h, --shape Platform service Instance type No

-t, --stack Stack ID. This parameter can be used for service deactivation No

-v, --version The version of the application used within the service No

-y Provide this parameter for automatic command confirmation.

Default: false No

*Either activate or deactivate parameter should be specified

**Required for Ambari and Docker service activation

***Required for Ambari and most services in AWS zones

****Required for Hybris and Gerrit service activation


EPAM PUBLIC 147

The response depends on the activated/deactivated service.

Response Elements

Name Description

stackName Name of the Maestro Stack used to run the service

stackId The ID of the stack run to launch a VM with all the corresponding server settings

status Displays the current command execution stage and its status

Command Example

The command runs the Zabbix monitoring service:

or2ms -p project -r region -s monitoring -a

Response Example

Figure 104 - or2-manage-service Response Example


EPAM PUBLIC 148

15.1.2 Describing Project Services

Invoke: or2-describe-services (or2dser)

Describes the services activated for the given project in the given region.

CLI Parameters







-s, --service

Service name. Valid service names: monitoring, chef, log, load-

balancer, docker, ambari, jenkins, messaging, hybris,

kubernetes, gerrit

No


The response depends on the activated/deactivated service.

Response Elements

Name Description

serviceId Existing service ID

serviceName The name of an activated project

availability Service availability status

project The name of the project for which the service is activated

stackID The ID of the stack that was used to start the service

ip The IP of the service VM

dns The DNS of the service VM

keyName The name of the key to be used with the service

webUiUrl The URL you can use to connect to the service server, if possible

user The user name to connect to the service server, if possible

password The password to connect to the service server, if possible

Command Example

This command reads the specified template and stores it to the specified local file

or2dser -p project -r region


EPAM PUBLIC 149

Response Example

Figure 105 - or2dser Response Example (shown in 2 lines for better visibility)


EPAM PUBLIC 150

15.1.3 Monitoring the Services

Invoke: or2-audit –p <project> -r <region> -g PROJECT

The services-based events can be easily monitored by the or2-audit command with the

--group PROJECT property:

or2audit --group PROJECT

Such command will return the list of the service-related actions, invoked by the users or the system.

The following response elements are displayed:

• Date: The action date and time

• User: The user that invoked the action. Can be a Cloud User or System

• Action: The name of the performed action, e.g.:

|SERVICE_ACTIVATION_STARTED|

• Message: The message describing the action details, e.g.:

|Service LOAD-BALANCER activation started. See or2audit -s EPMC-

CLONginxServer-d55a2ece command for details.|

• Region: The virtualization region

• Project: The affected project

The command allows you to keep track of all the service-related events in your project.


EPAM PUBLIC 151

15.2 CHEF SERVER SERVICE

EPAM orchestration provides you with the possibility to run Chef Server as a service on you project, i.e., to

use a project-specific Chef-server, when needed. Currently Chef Infra v.13 server and Chef Infra Client

v.15.11.3 is supported by default based on Ubuntu 16.04_64-bit in all regions.

When the service is run, you can switch between the following ACS modes:

• Default mode – the default mode for all projects in the EPAM Cloud. In this case, a common Chef

server is used for all production environment machines.

• EPC mode – use project-specific Chef server, created by EPAM Orchestrator for the specified

project.

• User mode – use project-specific Chef server, created and properly configured by the user. When

switching to this mode, the user should provide Chef server’s instance ID (or instance IP) and

manually upload validation.pem file to the Orchestrator’s file storage. The user should also provide

the path to validation.pem file during the command invocation.

While working in the EPC mode you can use Chef 13, please consider specific details below:

• Chef 13 has improved security approaches, and using SSL encryption is obligatory.

• Chef 13 run on Azure needs the port 443 to be open on your project subscription.

• The 0.0.0.0/0 range should be prohibited.

• Chef 13 is available in all regions (including AWS, Azure, and GCP), except ESX-based ones.

• In case you want to have a project Chef Server in a public cloud, please submit a request for exposing

the server VM to Internet in order to enable access to it.

Setting the current Chef server on project will not apply any actions on the virtual machines. Re-

configuration of the software on instances is not allowed.

To apply auto-configuration changes, you need to re-register existing VMs on the new Chef server.

It is also recommended to remember that the creation of the project Chef Server is not an instant operation

and will take some time (up to one hour). These are the main conceptual limitations of the given

functionality.

It is possible to connect to Chef Server, created for EPC and USER modes, via HTTP connection and to

get the detailed information about the server.

The UI for the Default Chef server is not accessible

To get the URL to be used for connection, use the or2-describe-chef command. Use the server DNS name

to connect.

To login to an EPC Chef Server, use the following login and password:

Login: user

Password: chef-server

For initial login to a User Chef Server, use the login and password provided in the left corner of the login

page. It is highly advisable that you change these default credentials to custom ones. When you

successfully login, you will get access to Chef Server information. You can share an existing EPC Chef

server among several regions, projects and Cloud Platforms. To connect another region or project to an

https://support.epam.com/esp/ess.do?orderitem=caExposeAmazonAzureInternet

https://support.epam.com/esp/ess.do?orderitem=caExposeAmazonAzureInternet


EPAM PUBLIC 152

existing EPC Chef server, you will have to add its Service ID to the or2-manage-services command run

for the project/region you want to add:

or2cm –p <project> -r <region> -m epc -S <serviceid>

In case you are not assigned to the project hosting the existing Chef server, Project Coordinator should

provide you with the server service ID.

15.2.1 Set Chef Mode

Invoke: or2-chef-mode (or2cm)

Sets one of the available chef modes (default, epc, user) to the project.

CLI Parameters


-m, --mode The desired mode to switch to. Available values: default, epc, user Yes


-i, --instance ID of the instance where Chef is installed No

-v, --key-file Path to the validation.pem file of the Chef server No

-k, --key-name Project SSH key name. Required for EPC mode in AWS regions No





-s, --shape Instance type No



Default: false No

If you call the or2cm command, please make sure that the chef mode has changed (use or2dchef

command) before creating new instances on your project. In case you need to establish a cross-project

connection, make sure you have permissions to run the or2cm command in the project which you want to

connect to the Chef server. Chef mode change can take about 30 minutes. During this period, the Chef

service is in the ‘unavailable’ state.

Response Elements

Name Description

stackName The name of the stack executed to change the Chef mode

stackId The ID of the stack executed to change the Chef mode

Status The stack status

Command Example

This example sets the project chef mode to epc:


EPAM PUBLIC 153

or2cm –p project –r region –m epc

Response Example

The command returns a list of newly set instance properties.

Figure 106 - or2cm Response Example

Find more information about work with shared Chef server in the Cloud Services Guide

15.2.2 Disabling Auto Configuration for Specific OS

EPAM orchestrator allows to disable auto configuration for VMs with specific OS types, rather than for the

whole project.

This is done by adding the --customize parameter to the or2-manage-service (or2ms) command with the

--activate flag:

or2ms -a -s chef -p project -r region --customize

When run, the command prompts you for the ACS disable mode. As a response, specify the OS family for

which the auto configuration should be disabled (ALL, WINDOWS, LINUX):

Figure 107 - Disabling auto configuration for a specific OS

The information on the auto configuration on the project can be found in the or2-describe-chef (or2dchef)

command: the disableType column shows the OS for which the service is disabled:

Figure 108 - Reviewing information on the current status of the ACS

To enable auto configuration back, run the same or2ms command with the --customize parameter, and

select the NONE mode.

The new auto configuration disabling mode is applied only to the virtual instances that are launched after

the mode is changed. The virtual instances created earlier, will stick to the mode in which they were created.



EPAM PUBLIC 154

15.2.3 Retrieving Chef Information

Invoke: or2-describe-chef (or2dchef)

Describes the project’s Chef Server mode.

CLI Parameters








Response Elements

Name Description

chefMode The current Chef Mode of the project

chefServer Current Chef DNS name

active Chef server state

Command Example

or2dchef –p project –r region

Response Example

Figure 109 - or2dchef Response Example


EPAM PUBLIC 155

15.2.4 Collecting Info on Chef Clients

The or2-validate-chef (or2vchef) command allows the user to control and monitor the work of the service

indicating any errors occurred.

The command should be run in Maestro CLI on the target VM and does not need any parameters:

or2-validate-chef

The command output includes the following information:

Figure 110 - The or2-validate-chef command output


EPAM PUBLIC 156

15.3 ZABBIX MONITORING SERVICE

EPAM Cloud Orchestrator provides you with the ability to create a Zabbix server to monitor your

infrastructure performance. Currently Zabbix v.4.0 LTS is supported. You can specify which instances are

being monitored by Zabbix server and stop monitoring them when needed.

The default metrics covered by Zabbix monitoring service are given below.

For Windows systems:

• CPU Load

• Free Memory

• Free memory in %

For Linux systems:

• CPU Load

• Disk Read/Write Operations

The set of monitored metrics can be customized by specifying a custom template when adding the instance

to the monitoring list.

You can see the information gathered by Zabbix Server, either on Orchestration UI Monitoring Page, or by

connecting to the server via HTTP. For the details, please, see the Viewing Zabbix Data section.

The default parameters of a Zabbix Server VM are:

• Shape: MEDIUM

• Image: Ubuntu16.04_64-bit

For more details on Zabbix Monitoring service, please, see our Cloud Management Console guide.


Invoke: or2-manage-service –p <project> -r <region> -s monitoring --activate

This command starts and sets up a Zabbix Monitoring server.

Each project can have only one Zabbix server activated for it. If the server is already activated, you will get

the respective command response:

Execution error. code=20054, message='monitoring service already

activated.

If there is no Zabbix server activated for your project, a special stack will be run to launch a VM with all the

corresponding Zabbix Server settings.

The command response will give the ID of the executed stack.

https://cloud.epam.com/site/competency_center/tools_and_capabilities/epam_orchestration/csug_06_cloud_management_console.pdf


EPAM PUBLIC 157

15.3.2 Service Info

Invoke: or2-describe-monitoring (or2dmon)

Use the or2-describe-monitoring command to retrieve the information about the instances monitored by

Zabbix server, Zabbix monitoring templates and Zabbix agent availability.

Describes all activated projects accessible by current user.

CLI Parameters





-p, --project Project abbreviation in UPSA. To describe several projects,

repeat the parameter: -p project1 -p project2 -p projectN Yes

-r, --region Virtualization region name Yes


Response Elements

Name Description

monitoredInstanceId The IDs of the instances monitored by the described Server

zabbixServerInstanceId The ID of the Zabbix Server instance

monitoringtemplateNames The names of the monitoring templates used

zabbixAgentAvailability Zabbix Agent Availability status

Command Example

This command describes the Monitoring service for the specified project and region.

or2dmon –p project –r region

Response Example

Figure 111 - or2dmon Response Example


EPAM PUBLIC 158

15.3.3 Start Monitoring an Instance

Invoke: or2-start-monitoring (or2mon)

This command adds the instance to Zabbix Monitoring list and Zabbix Server starts collecting the

information about this instance.

CLI Parameters



-i, --instance Instance ID For several instances repeat the parameter: -i ID1 -

i ID2 -i IDN. Yes





-t, --template Zabbix template No


Response Elements

Name Description

monitoredInstanceID The ID of the instance added to the monitoring list

zabbixServerInstanceId| The ID of the Zabbix Server instance

monitoringTemplateName The name of the monitoring template

For the correct Zabbix Monitoring service performance, it is recommended to add the custom image based

instances to the monitoring list (or2-start-monitoring command) only after they come to the running state.

Otherwise, the custom image can be indicated incorrectly and will be monitored as a Linux image

(regardless of its real type).

Command Example

This example starts monitoring of the specified instance.

or2mon -r region -p project -i instance_id

Response Example

Figure 112 - or2mon Response Example


EPAM PUBLIC 159

15.3.4 Stop Monitoring an Instance

Invoke: or2-stop-monitoring (or2stopmon)

Stop monitoring the specified instance with Zabbix Monitoring Service.

CLI Parameters



-i, --instance Instance ID For several instances repeat the parameter: -i ID1 -

i ID2 -i IDN. Yes






Response Elements

Name Description


zabbixServerInstanceId| The ID of the Zabbix Server instance


Command Example

This example removes the specified instance from monitoring.

or2stopmon -r region -p project -i instance_id

Response Example

Figure 113 - or2stopmon Response Example


EPAM PUBLIC 160

15.3.5 Viewing Zabbix Data

There are two ways to view Zabbix Server monitoring data. They are:

• Viewing the statistics on the Monitoring page of Orchestration UI

• Logging to the server via HTTP connection

Viewing the statistics on Monitoring Page

After an instance is added to the monitoring list with the or2-start-monitoring command, its statistics can

be seen on the Monitoring page. To view the instance details, select the instance in the project instance list

and unfold the line with the Zabbix metrics, interesting to you:

Figure 114 - Zabbix metrics details on UI

Logging via HTTP Connection

The typical address template for connecting to Zabbix server is:

http://<ZabbixServerInstanceID>

To get the Zabbix Server Instance ID, you can use the or2-describe-monitoring command.

To login to Zabbix Server via web interface, please, use the following credentials:

• Login: user

• Password: zabbix

The accessed Zabbix Server web-interface provides you with the Zabbix server details, such as number of

hosts, their statistics,system status, the issues that occurred, hosts status, configuration details, etc. You

can also get the graphs on the selected hosts. Unlike the graphs on the Monitoring page, these graphs

provide you not only with the information on the specified metrics, but also allow you to zoom the data to

see the statistics for the specified time period.


EPAM PUBLIC 161

Figure 115 - Zabbix Graph in web Interface


EPAM PUBLIC 162

15.4 TELEMETRY AS A SERVICE

Telemetry as a Service allows monitoring the CPU utilization, disk Read/Write operations and network

traffic of your Linux instances. Support for Windows instances will be implemented later.

The service is based on Gnocchi, a metrics database platform, and collectd, a service collecting the

instance metrics and sending them to Gnocchi. Gnocchi version 4.3.2 and collectd version 1.7.1 are

supported.

Currently, Telemetry as a Service allows gathering and storing metrics from the following images:

• Ubuntu16 (except EPAM-BY2 and EPAM-US1)

• CentOS 7

Support of other images will be implemented later.

At the moment, Telemetry as a Service is supported only in EPAM regions.

The default parameters of a Telemetry Server VM are:

• Shape: MEDIUM


Telemetry as a Service is deployed in two steps:

1. Starting a Telemetry server with Gnocchi and PostgreSQL. The server comes already with installed

and configured Gnocchi and PostgreSQL as well as with a Gnocchi client (the Gnocchi shell utility

allowing server manipulations via the command line).

2. Adding instances to the Telemetry service. In each added instance Chef auto-configuration is

invoked assigning a special Chef role to the selected instance. As the result, collectd client will be

installed on the instance together with a Gnocchi plugin to enable proper integration. After successful

configuration, the instance will send its metrics to the Gnocchi server.

The gathered metrics will be available either on the Maestro CLI console or in the Monitoring screen of the

Cloud UI. The metrics to be returned can be filtered by name, granularity (metrics by minutes, hours and

days can be selected) or aggregation method (average, min, max, sum, count, standard). Also, you can set

the date range for which you would like to retrieve the instance metrics.


Invoke: or2-manage-service -p project -r region -s telemetry --activate

This command starts and configures a Telemetry server.

http://gnocchi.xyz/

https://collectd.org/index.shtml


EPAM PUBLIC 163

15.4.2 Adding an Instance to Telemetry

Invoke: or2-start-telemetry (or2starttel)

This command adds the instance to Telemetry and creates a Gnocchi client on it. The Gnocchi client starts

sending the instance metrics to the Telemetry server.

CLI Parameters









Response Elements

Name Description

instanceID The ID of the instance added to the monitoring list

serverInstanceId The ID of the Telemetry Server instance

Command Example

This example starts one instance with specified instance ID.

or2mon -r region -p project -i instance_id

Response Example

Figure 116 - or2starttel Response Example


EPAM PUBLIC 164

15.4.3 Stop Collecting Telemetry from the Instance

Invoke: or2-stop-telemetry (or2stoptel)

Stops collecting telemetry from the specified instance and removes the Gnocchi client.

CLI Parameters









Response Elements

Name Description

instanceID The ID of the instance removed from the monitoring list

serverInstanceId The ID of the Telemetry Server instance

Command Example

This example removes the specified instance from Telemetry monitoring.

or2stoptel -r region -p project -i instance_id

Response Example

Figure 117 - or2stoptel Response Example


EPAM PUBLIC 165

15.4.4 Describe Telemetry Agents

Invoke: or2-describe-telemetry-agents (or2dtelag)

Describes the resources monitored by the Telemetry service.

CLI Parameters



-o, --original-resource-id Original Telemetry resource ID No






Response Elements

Name Description

originalResourceID ID of the instance generated by the Gnocchi client

serverInstanceId| The ID of the Telemetry Server instance

telemetryResourceID ID of the instance generated by the Gnocchi server

startedAt Date and time of instance inclusion to Telemetry monitoring

metrics Available metrics

state The state of the agent (Stopped/Running/Source_Unavailable)

Command Example

This example retrieves the list of all telemetry agents for the specified project and region.

or2dtelag -r region -p project

Response Example

Figure 118 - or2dtelag Response Example

If you specify the original resource ID in the or2dtelag command, the command will also return the list

of metrics available for that agent:

or2-describe-telemetry-agents -p project -r region –o original_resource_ID


EPAM PUBLIC 166

Figure 119 - Telemetry agent with available metrics

15.4.5 Get Telemetry

Invoke: or2-get-telemetry (or2tel)

Retrieves the resource metrics from the Telemetry server.

CLI Parameters



-o, --original-resource-id Original Telemetry resource ID Yes





-a, --aggregation Aggregation method for the described measures. Available

values: [average, min, max, sum, count, std] Default: AVERAGE No

-c, --count Message count in output, positive integer. Default: 100 No

-d, --days History days, positive integer. Default: 1 No

-h, --hours History hours, positive integer.

-f, --from From date (yyyy-MM-dd or yyyy-MM-ddTHH:mm) No

-t, --to To date (yyyy-MM-dd or yyyy-MM-ddTHH:mm) No

-g, --granularity Granularity of the described measures. Available values:

[minute, hour, day]. Default: HOUR No

-m, --metric-name Metric name. If empty, all available metrics will be returned Yes


If you are using the --from and --to parameters, make sure you enter the local time values. If you use GMT

values, the returned data will be inaccurate.

Response Elements

Name Description

metricName Name of the metric

aggregationMethod Aggregation method

granularity Metrics granularity

timestamp Date and time of metrics collection

measureValue Value of the metrics

Command Example

This example returns matric data with the one-minute granularity.

or2tel -r region -p project –o original_resource_id –m metrics –g minute

Response Example


EPAM PUBLIC 167

Figure 120 – or2tel Response Example

Telemetry as a Service returns metrics data in unnormalized form.

You can get the data visualized on Grafana-based web UI, by the URL given in the or2dser command

response.

15.5 CLOUDWATCH AND SSM SERVICE

CloudWatch Agent is integrated with EPAM Orchestrator to enable data collecting, analysis and

presentation to the user for virtual instances in private OpenStack regions.

The service collects the following data:

• CPU utilization

• Operation disk bites READ/WRITE

• Memory used

• Network bites

The service uses AWS Systems Management (SSM) Agent which is installed to target VMs on service

activation.


Invoke: or2-manage-ssm (or2ssm)

The command initiates the service activation. On command call, a record is created in EPAM Orchestrator

database containing the necessary configs and AWS credentials.

CLI Parameters


-a, --action Manage Amazon SSM action [describe, activate, deactivate]

Default: DESCRIBE No







Command Example

This example shows the common case of activating the SSM service.

or2ssm -p project -r region -a activate


EPAM PUBLIC 168

15.5.2 Managing SSM and CloudWatch Agents on a VM

Invoke: or2-cloud-watch-agent (or2cwag)

The command allows to review, install, or remove the CloudWatch and SSM agents on the target VM.

CLI Parameters


-a, --action Manage CloudWatch Agent action [describe, install, remove] Yes




-i, --instance The ID of the target instance Yes




Once the agent is installed, CloudWatch begins to collect data which can be reviewed as graphs on the

Monitoring page.

Command Example

This example shows the common case of installing agents to a VM.

or2cwag -p project -r region -i instance_id -a install

15.6 LOG AGGREGATION SERVICE

EPAM Cloud Orchestrator provides the users with a GrayLog-based Log Aggregator Service that collects

the logs from the specified instances and provides an easy and visual access to them via a web-interface.

The default parameters of a GrayLog Server VM are:

• Shape: MEDIUM

• Image: Ubuntu16.04_64-bit.

The service is not available for Microsoft Azure.


Invoke: or2-manage-service –p project -r region -s log --activate

This command runs a Maestro Stack that creates and sets up a VM with a GrayLog Server on it.

The GrayLog server setup is a complicated process and can take up to an hour.

15.6.2 Log Service Info

Invoke: or2-describe-logging (or2dlog)

The command gives the list of the logged instances and the DNS name of the GrayLog Server

https://cloud.epam.com/maestro2/ui/monitoring


EPAM PUBLIC 169

CLI Parameters








Command Example

This example shows the common case of describing the Log service on a project.

or2dlog -p project -r region

15.6.3 Start Collecting Logs from an Instance

Invoke: or2-start-logging (or2log)

Use this command to start collecting the logs from the specified instance.

CLI Parameters



-i, --instance Instance ID For several instances repeat the parameter: -i ID1 -i ID2

-i IDN. Yes

-l, --log Full path to the log file No






Response Elements

Name Description


grayServerInstanceId| The ID of the GrayLog Server instance


Command Example

This example starts monitoring of the instance with the specified instance ID.

or2log -r region -p project -i instance_id


EPAM PUBLIC 170

15.6.4 Stop Collecting Logs from an Instance

Invoke: or2-stop-logging (or2stoplog)

The command removes the instance from Logging Service list. The server stops collecting the instance log

data, but all the logs, previously aggregated, are kept.

Please note: the service cannot collect data from the server where it is hosted, in EPAM-BY2. EPAM-IN1,

EPAM-US2, and AWS regions, until the server is rebooted.

CLI Parameters



-i, --instance Instance ID For several instances repeat the parameter: -i ID1 -i ID2

-i IDN. Yes






Command Example

This command stops monitoring of the instance with the specified instance ID.

or2stoplog -i instance_id -p project -r region

15.6.5 Viewing the Collected Logs

You can view the collected logs by connecting to the Log Server via HTTP.

The typical address template for connecting to Log Server is:

http://<LogServerDNS>

Use the or2dser command to find the Log Server DNS, login and password to be used to login to the

server.

When you log in, you will get to GrayLog Web Interface that provides you with the full access to the gathered

data.


EPAM PUBLIC 171

15.7 LOAD BALANCING SERVICE

EPAM Cloud Orchestrator provides the users with a Nginx-based Load Balancing Service, that allows the

user to arrange load balancing with a set of CLI commands.

The default parameters of a Load Balancer Server VM are:

• Shape: MEDIUM


15.7.1 Starting and Managing the Service

To start the Load Balancer service, you should call the following command:

or2ms –p project -r region -s load-balancer --activate

The command runs a Maestro stack that creates and configures a Load Balancer VM. A project can have

only one Load Balancer.

15.7.2 Load Balancer Configuration

All the Load Balancer configuration actions are performed with or2-load-balancer-config (or2lbconf)

command.

The command deals with four configuration areas, each having its own set of properties or properties

behavior:

• Balancing – this area deals with Load Balancer Server, balancing members, the details on the

balancer connections.

• Limits – this area deals with the user connections and requests limits

• Bans – this area allows to ban specific URLs or user IPs

• Cache – this area allows to set up Load Balancer caching

When calling a command, you need to specify one configuration area and the necessary relative

parameters.

When used with --project and –region parameters only, the command displays the list of the configuration

settings applied to the Load Balancer.


EPAM PUBLIC 172

CLI Parameters

Parameter name Description Required G

enera

l -p, --project Project abbreviation in UPSA Yes






Bala

ncin

g

-b, --balancing Specifies the configuration area as “balancing” Yes/No

--balancerName FQDN of the Load Balancer No

-i, --instance The ID of the instance to be added or removed from the balancing members list

No

--port The port to route to. Default: 80 No

--permanent Enable/Disable “keep alive” feature: Nginx will open the specified number of connections with each host [0…]. Default 0.

No

--iphash Enable/disable “sticky session” [on/off] Default: on No

-d, --remove Remove a host from the balancing members list No

--removeAll Remove all hosts from the balancing members list No

Lim

its

-l, --limit Specifies the configuration area as “limit” Yes/No

--connections Specifies that the number of allowed simultaneous user connections should be set

No

--requests Specifies that the limit of requests per second should be set No

--perIp Sets the connections or requests limit for a given IP (set 0 to remove the limit)

No

--total Sets the connections or requests limit for the whole balancer No

Bans

--ban Specifies the configuration area as “ban” Yes/No

--ip Adds IP address to the ban list. Format: xxx.xxx.xxx.xxx No

--url Sets the URL to return failure status code No

--status Set status code for URL to return (Default: 403 Forbidden) No

--remove Removes ban from IP or URL No

--removeAll Removes all bans No

Cache

--cache Specifies the configuration area as “cache” Yes/No

--url Sets the URL to cache No

--extension Sets the extensions of files to be cached No

--expiration Sets the cache expiration time (in minutes) No

--remove Removes caching files or URLs No

--removeAll Disables caching No

Response Elements

Name Description

Area The name of the configured area

Item The type of manipulated item

Value The description of the performed operation


EPAM PUBLIC 173

15.7.3 Configure Balancing

General balancing settings are set with the --balancing flag of the or2lbconf command followed by next

parameters:

--balancerName <string> - FQDN of the Load Balancer

--instance <string> - instance id to add

--port <number> - (80 by default) the port to route to

--permanent <number> - the number of connections to keep alive with hosts within balancing, 0

turns off the feature

--iphash <on/off> - enable/disable "sticky session" on the Load Balancer

--remove <nothing> - removes instance from load balancing

--removeAll <nothing> - clears load balancing group

Below, you can see a set of command examples:

or2lbconf --balancing --instance <instance1> - adds instance1 to the

balancing group

or2lbconf --balancing --instance <instance1> --port 2752 - changes the port

of instance1 to 2752

or2lbconf --balancing --remove --instance <instance1> - removes instance1

from group

or2lbconf --balancing --permanent 10 - enables feature: caches 10 connections

to hosts

Response Example:

Figure 121 - or2lbconf –-balancing Response Example

15.7.4 Configure Limits

You can set up the balancer limits with the --limit flag of the or2lbconf command followed by the next

parameters:

--connections <nothing> - configures connection limits (number of allowed simultaneous

connections)

--requests <nothing> - configures request frequency limits (number of allowed requests per second)

--perIp <number> - sets limit per client IP (0 to turn off)

--total <number> - sets limit for the balancer (0 to turn off)


EPAM PUBLIC 174

The examples of the limits configuration are given below:

or2lbconf --limit --requests --total 50 - sets maximum requests per second to

balancer to 50

or2lbconf --limit --connections --perIp 10 --total 50 - sets maximum connections

from a unique IP to 10 and the overall maximum connections to balancer - to 50

Response Example:

Figure 122 - or2lbconf –-limit Response Example

15.7.5 Configure Bans

The balancer bans are set with the --ban flag of the or2lbconf command followed by the next parameters:

--ban <nothing> - configure bans

--ip <xxx.xxx.xxx.xxx> - add IP address to ban list

--url <string> - set URL to return failure status code

--status <number> - (403 Forbidden default) set status code for URL to return

--remove <nothing> - removes ban from IP or URL

--removeAll <nothing> - removes bans on IPs or URLs

or2lbconf --ban --ip 123.456.7.8 - adds 192.168.1.1 to banlist

or2lbconf --ban --url /maestro/ - sets /maestro/ to return 403 Forbidden status

or2lbconf --ban --url /maestro/ --status 404 - sets /maestro/ to return 404 Not

found

or2lbconf --ban --remove --ip 192.168.1.1 - removes 192.168.1.1 from IP banlist

or2lbconf --ban --removeAll --ip - clears IP banlist

Response Example:


EPAM PUBLIC 175

Figure 123 - or2lbconf –-ban Response Example

15.7.6 Configure Cache

The caching settings are set with the --ban flag of the or2lbconf command followed by the next parameters:

--cache <nothing> - configure caching

--url <string> - the URL to cache

--extension <string> - extensions of files to cache

--expiration <number> - sets cache expiration time (in minutes)

--remove <nothing> - removes caching files or URLs

--removeAll - disables caching.

or2lbconf --cache --url /images/ --expiration 10 - enables caching on /images/

with 10 minutes expiration

or2lbconf --cache --url /images/ --remove - removes /images/ caching

or2lbconf --cache --extension jpg --extension gif --expiration 30 - enables

caching on all ".jpg" and ".gif" files with 30 minutes expiration

or2lbconf --cache --removeAll - disables caching at all

Response Example

Figure 124 - or2lbconf –-cache --url --expiration Response Example


EPAM PUBLIC 176

15.7.7 Describe Load Balancer Members

Invoke: or2-describe-load-balancing (or2dlb)

The command shows the list of the hosts (instance IDs) in the Load Balancer group and their availability.

The instance reported as AVAILABLE is running and it is possible to connect to it via the port defined in

configuration.

The instance reported as UNAVAILABLE is not running or cannot be connected via HTTP.

CLI Parameters




-P, --plain-output Use plain output view. No




Response Elements

Name Description

host The Instance ID of the host in group

port The port used to connect to the host

availability Service availability status

description The description of the current host state

Command Example:

or2dlb –p project -r region

Response Example

Figure 125 - or2dlb Response Example


EPAM PUBLIC 177

15.8 OPENSHIFT AS A SERVICE

Red Hat OpenShift as a Service is a Kubernetes container platform with full-stack automated operations to

manage hybrid cloud and multicloud deployments. The service is optimized to improve developer

productivity and promote innovation as well as expands Kubernetes with full-stack automated ops to

manage hybrid cloud and multicloud deployments.

In EPAM Cloud, Red Hat OpenShift v.3.11 LTS is available as one of the services which can be quickly

deployed in EPAM Cloud in the self-service manner. It will be available till July 2022.

• Deploy automatization is based on official Red Hat tool – OpenShift Ansible. Ansible can be used

only on POSIX (any Linux, OS X, *BSD).

• For Windows 10 users, WSL can be used to install Linux locally for cluster configuration

• For OpenShift cluster configuration, please make sure that you have Java, Maestro CLI, and Ansible

installed on the workstation you use to deploy OpenShift as a service (inside WSL if you work on

Windows).

• Unification of the service deploy cluster configuration provides you with opportunity to activate cluster

v.3.11 or new releases till official Ansible playbook will be compatible.

15.8.1 Service Activation

The service activation starts with creating a cluster of pre-configured VMs. To do it, call the following

command:

or2ms -p project -r region -a -s open-shift -k key_name

The command launches four LARGE CenOS 7 64-bit instances, each with additional 40GB storage volume.

15.8.2 OpenShift Configuration

Invoke: or2-openshift-client (or2osc)

The command integrates Ansible client with Maestro CLI and configures the wildcard for OpenShift.

CLI Parameters


-a, --action OpenShift client preparing actions [install, configure] Yes





-r, --region Virtualization region No

https://github.com/openshift/openshift-ansible/tree/release-3.11

https://docs.microsoft.com/en-us/windows/wsl/install-win10


EPAM PUBLIC 178

The command response consists of action logs and, for wildcard configuration, host details.

Response Elements

Name Description

hostId The ID of the host in the OpenShift cluster

dnsName The DNS name of the host in the OpenShift cluster

ipAddress The IP address of the host in the OpenShift cluster

role The host role in the OpenShift cluster

Command Example 1:

This example installs Ansible client that will be used to configure the service VMs

or2osc -a install

Command Response 1:

Figure 126 - or2osc Command Response Example

Command Example 2:

This example compiles inventory file for OpenShift cluster configuration

or2-openshift-client -a configure -p project -r region

Figure 127 - or2osc Command Response Example for compiling inventory file


EPAM PUBLIC 179

15.9 DOCKER SERVICE

Orchestrator provides its users with Docker facilities that can be accessed as an EPAM Cloud service. The

Docker Service allows to create a node hosting a set of containers that share the node resources but are

independent in manipulation. This allows to distribute the resources of one VM (node) effectively, minimize

the infrastructure costs and facilitate its monitoring.

The default parameters of a Docker node VM are:

• Shape: MEDIUM

• Image: Ubuntu 18.04

Docker as a product is an open-source engine for automating applications deployment inside software

containers. This section describes how Docker is integrated into Cloud and the ways it can be used in this

context. To find out more details on Docker as a product, please visit the Official Docker Web-Site.

EPAM Cloud allows to have Docker as a Service for your project needs. Docker 19.03.1 version is

supported Starting the Service

As Docker uses multiple clusters, all Docker-related commands should specify the cluster name as the -

c or -cn parameter.

To activate Docker as EPAM Cloud platform service, call the following command:

or2ms –p project -r region -s docker –c cluster_name --activate

The default VM shape is MEDIUM. You can use the --shape parameter to specify another one.

The command runs a Maestro Stack that creates and configures a Docker Master VM. Docker Master will

later be used as an entry point to the Docker Cluster, and will allocate the requested containers

automatically to the nodes that have lower load.

Docker Master VM is also used as a node VM that hosts containers. If you need a new node to be added

to your Docker cluster, just repeat the or2-manage-service command.

To make the containers within the created node accessible only with SSH key, add the --key-name property

in the or2-manage-service command. The Property should be followed by the name of an SSH key,

previously created by or2-create-keypair command.

To remove a node, use the or2ms command with --deactivate and -i parameters. The -i parameter

specifies the ID of the node to be stopped.

https://www.docker.com/


EPAM PUBLIC 180

15.9.1 Docker Container Images

Invoke: or2-docker-image (or2di)

The command is designed to manipulate the Docker Swarm images available on node VMs for container

creation.

CLI Parameters


-a, --action Docker image action [describe, push, pull, commit, delete].

Default: describe. No

-c, --container Container ID. Mandatory for the commit action Yes/No

-cn, --cluster-name Cluster name Yes

-dr, --docker-registry

Docker registry instance ID. If not specified, the command

will pull the image from the public Docker Registry

(https://index.docker.io)

No

--full Show full command output instead of default basic one.

Default: false No

--help Display command help. Default: false No

--force Force delete Docker image. Default: false No

-i, --image-id Image ID No

-m, --message Commit message (will be seen only on direct API

“containers/inspect” call) No

-n, --name Image name No

-ns, --namespace Private Docker Registry namespace No

-nt, --new-tag-name Private Docker Registry Tag Name No





-R, --repository Private Docker Registry Repository name No

-t, --tag Image tag. Default: latest No


Default: false No

The command response consists of two parts: a string describing the action performance result and the

container details.

Response Elements

Name Description

host Host name of the parent hypervisor

id Image ID

name Image name

tag Image tag

https://index.docker.io/


EPAM PUBLIC 181

Command Example 1:

This example returns the list of available images:

or2di -p project -r region –cn cluster_name

Command Response 1:

Figure 128 - or2di Command Response Example

Command Example 2:

This example creates an image from the specified container:

or2di -p project -r region -a commit -c container_id -i image_name -nt

image_tag –cn cluster_name

Command Response 2:

Figure 129 - or2di -a Commit Response Example


EPAM PUBLIC 182

15.9.2 Manipulating an Application

Invoke: or2-docker-service (or2ds)

To deploy an application image when Docker Engine is in swarm mode, you need to create a service.

The services are manipulated with the or2-docker-service (or2ds) command, which allows to describe,

run, delete and update Docker services.

CLI Parameters


-a, --action Docker service action [describe, run delete, update] Default: describe

No

--add Use this flag to add or update a published port No


--full Show full command output Default: false

No

--help Display command help Default: false

No

-i, --image Docker image to use for run command (full image name image name <name:tag> or Docker image ID required)

No

--json Show command output in json format Default: false

No

-m, --mode Scheduling mode for service [replicated, global] Default value is ‘replicated’

No

-P, --plain-output Use plain output view Default: false

No

-p, --project Project ID Yes


--remove Use this flag to remove a published port No

-n, --replicas Number of replicas No

-s, --service Docker service name or ID No

-t, --tcp TCP service ports mapping FROM (Host port):TO (Container port). Multiple values could be separated with commas without spaces. Example “4857:22, 5541:80”

No

-u, --udp UDP service ports mapping FROM (Host port):TO (Container port). Multiple values could be separated with commas without spaces. Example”4257:44, 5842:132”

No

-v, version The version number of the service being updated No

-y, Provide this parameter for automatic command confirmation Default: false

No

Response Elements

Name Description

id Service ID

name Service name

version Service version

mode Service mode

replicas Number of replicas

mode Service mode (replicated / global)

created Creation date

image Image used for the service


EPAM PUBLIC 183

Command Example 1:

This example runs new service:

or2ds -p project -r region -cn cluster_name -a run -s service_name

-i image

Command Response 1:

Figure 130 - or2ds -a run Command Response

Command Example 2:

This example retrieves the list of all services available on a Docker Swarm:

or2-docker-service -cn <cluster-name> -p <project> -r <region>

-a describe

Command Response 2:

Figure 131 - or2ds -a describe Command Response


EPAM PUBLIC 184

15.9.3 Manipulating Volumes

Invoke: or2-docker-volume (or2dv)

The Docker Swarm volumes are manipulated with the or2-docker-volume command. The command

allows to create, delete and describe Docker Swarm volumes.

CLI Parameters


-a, --action Docker volume action [describe, create, delete]. Default value: describe

No








-v, --volume Volume name No

-y Automatic command confirmation. Default value: false No

Response Elements

Name Description

host The host on which the volume is mapped

id Volume ID

name Volume name

driver Volume driver

mountPoint Host directory to which the volume is mapped

Command Example 1:

The following command creates a Docker volume:

or2dv -p project -r region -a create –cn cluster_name –v volume

Command Response 1:

Figure 132 - or2dv Command Response


EPAM PUBLIC 185

Command Example 2:

The following command deletes the specified Docker volume:

or2dv -p project -r region -a delete –cn cluster_name –v volume

Command Response 2:

Figure 133 - Docker volume deletion


EPAM PUBLIC 186

15.9.4 Creating a Docker Registry

Invoke: or2-manage-service (or2ms)

To create a Docker registry, use the command with the -s docker-registry parameter.

This command runs a new VM on which the registry will be hosted. The VM has SMALL shape and is

based on Ubuntu16.04_64-bit image.

Command Example:

This example shows the Docker registry creation:

or2ms -p project -r region –s docker-registry -a

Command Response:

Figure 134 – Docker registry creation

15.9.5 Manipulating Registry Images

Invoke: or2-docker-registry-image (or2dri)

The command is used to describe and manage images within a specified registry.

CLI Parameters


-a, --action The action to be taken [describe, delete]


-q, --query Create a query to filter certain images by string No



-dr --docker-registry

Docker registry instance id. If not specified, will show all

images from each Docker registry on the project. For several

docker registries repeat the parameter: -dr dockerRegistry1 -

dr dockerRegistry2 -dr dockerRegistryN.

No

-ns, --namespace Private Docker Registry namespace No





-R, --repository Repository name No

-t, --type Docker Registry type. Allowed values: [public, private].

Default: private No

-y Automatic confirmation No


EPAM PUBLIC 187

When used with the -a delete action, the command removes the registry with ALL images existing in it.

Response Elements

Name Description

stackName The name of the stack used to create a Docker registry

stackId The ID of the stack used to create a Docker registry

status Registry stack status

Command Example 1:

This example shows the list of the images on a specified Docker registry:

or2dri -p project -r region -dr docker_registry_id -a describe

Command Response 1:

Figure 135 - or2dri -a describe Response Example

Command Example 2:

This example deletes a repository from Docker registry:

or2dri -p project -r region -dr docker_registry_id -R repository

-a delete

Command Response 2:

Figure 136 - or2dri -a delete Response Example


EPAM PUBLIC 188

15.9.6 Docker Service Info

Invoke: or2-describe-docker (or2dd)

The command gives the list of existing Docker elements and their details.

CLI Parameters









-t, --type Docker Type [cluster, nodes]. Default: nodes No

The command response for the Docker description includes the same elements as those returned by the

or2-describe-instances command.

In one command call, you can either get the description of the Docker service and the list of the existing

nodes or the details of the specified container.

Response Elements

Name Description Described

Element

instanceId The ID of the Docker node

Docker

dnsName Docker node DNS

privateIp Docker node privateIp

state The current state of the Docker node

CPU The number of CPU in the node VM

memory The RAM volume in the node VM

description The node description

containerId The Id of the container

Node/

Container

containerName The automatically assigned name of the container

status The current status of the container

sshPort SSH port to be used to connect to the container

portMappings The port mappings of the container

image The image used to run the Container

command The command to be executed on the container start

filters Filters to display the host

strategy Balancing strategy

nodesCount Number of nodes in the cluster

containersCount Number of containers in the cluster


EPAM PUBLIC 189

Command Example 1:

This example shows the Docker service description example:

or2dd -p project -r region –cn cluster_name

Command Response 1:

Figure 137 - or2dd Command Response


EPAM PUBLIC 190

15.10 KUBERNETES AS A SERVICE

Kubernetes is an open-source container management platform delivered by Google. In a containerized

infrastructure, applications are deployed as isolated, independent entities, the so-called containers.

Containerization has multiple benefits over the traditional deployment – faster and more efficient

installation, environment consistency, portability, security.

EPAM Cloud provides installation of the latest Kubernetes version supported by the community.

For more details on Kubernetes, please visit the Official Kubernetes Website.

In EPAM Cloud, by default, Kubernetes cluster includes two virtual machines function as master nodes,

and one worker node.

• Master node manages the workload and provides communication within the cluster as well as

contains information about state of the cluster. Availability of two master nodes and more enables

high service performance and ensures faultless operation.

• Worker node subordinates to the master node and serves as runner.

Application containers can be run on both master and worker nodes.

You can make any changes in the predefined cluster configuration by changing Ansible inventory file

generated by or2kc Maestro CLI command.

15.10.1 Starting the Kubernetes Service

Kubernetes as a Service can only be activated in OpenStack private regions.

Kubernetes as a Service can be managed only from POSIX compatible workstations. If you use Windows

OS on your workstation, run any Linux-based virtual instance to proceed.

Before you start Kubernetes Service, you need have the following on your workstation:

1. Ansible

2. Git

3. Python-pip

4. Python-jinja2

5. Python-netaddr

6. kubectl

7. kubespray repository

The details on the installation are given in the Kubernetes as a Service section of EPAM Cloud Services

Guide.

To start the Kubernetes Service, use the or2-manage-service (or2ms) command with the following

parameters:

or2ms -p project -r region -s k8s -k key_name –activate

You can check service activation completion with the or2dmstack command using the stack ID retrieved

by or2dser command.

https://github.com/kubernetes-sigs/kubespray

http://kubernetes.io/




EPAM PUBLIC 191

15.10.2 Generating Inventory File for Ansible

Invoke: or2-kubernetes-client (or2kc)

The command generates Ansible inventory.

CLI Parameters







Response Elements

Name Description

hostId The host ID of the node

dnsName The DNS of the node

ipAddress The IP address of the node

role The node role

Command Example

This example shows the common case of Ansible inventory generation.

or2kc -p project -r region

Response Example

Figure 138 - or2kc response example


EPAM PUBLIC 192

15.11 JENKINS AS A SERVICE

EPAM Orchestrator was initially created on the basis of the concept of CI/CD processes automation. EPAM

Orchestration is intended to deliver Cloud for developers, providing them with all the capabilities, necessary

to build effective CI/CD processes.

Jenkins as a service, when activated, installs Jenkins v. 2.235.1 LTS from scratch, installs all the necessary

plugins and starts collecting audit messages from Jenkins (this information becomes available on the Audit

page, without need to connect to Jenkins directly).

The default parameters of a Jenkins Server VM are:

• Shape: MEDIUM


15.11.1 Starting the service

To start the Jenkins service, run the or2-manage-service (or2ms) command with --activate (-a), --

service-name (-s) Jenkins and other necessary flags:

or2ms -p project -r region -a -s jenkins -k key_name

where:

-k (--key-name) the SSH key name that will be used to run the service VM. The key is necessary for running

the service in AWS, and is not obligatory for Azure.

The service when activated, by default starts a Jenkins server VM with the following configuration:

• OS: Ubuntu18.04_64-bit

• Shape: MEDIUM

To create a Jenkins cluster, repeat the or2ms command to start Jenkins slaves. Repeat the command as

many times as you need slave instances. The Jenkins slave instances will have the same configuration as

the master instance (MEDIUM Ubuntu18.04_64-bit). All integrations between the master and the slaves will

be performed automatically.

https://cloud.epam.com/maestro2/ui/events


EPAM PUBLIC 193

15.11.2 Creating a Jenkins Job

Invoke: or2-create-jenkins-job (or2cjj)

The command is used to create a new Jenkins Job.

CLI Parameters


-c, --config Path to the Job XML config file Yes



-j, --job Jenkins Job name Yes



--noaudit Do not use EPC audit No



Response Elements

Name Description

jobName The name of the created job

result Action result

Command Example:

This example shows a Jenkins job creation:

or2cjj -j "new job" -p project -r region --config [path to job XML config

file]*

*see the Configuration File Example page.

The or2cjj command verifies whether all required for the selected configuration are available. If one or

several plugins are missing, the job is not created, and the system returns an error message listing the

missing plugins:

Figure 139 - List of missing plugins


EPAM PUBLIC 194

15.11.3 Jenkins Plugins Management

Invoke: or2-manage-jenkins-plugins (or2mjp)

The command is used to describe, install or uninstall Jenkins plugins.

CLI Parameters


-a, --action Manage Jenkins plugins action. Allowed values: [describe,

install, uninstall]. Default: DESCRIBE No





-n, --plugin-name Plugin short name, required for install/uninstall actions No



Response Elements

Name Description

name Jenkins plugin name

shortName Short name of the plugin

version Jenkins plugin version

Command Example:

This command describes the available Jenkins plugins:

or2mjp -p project -r region

Response Example:

Figure 140 - List of Jenkins plugins


EPAM PUBLIC 195

To install or uninstall a plugin, send the same command with the -a/--action parameter set to “install” or

“uninstall”, respectively, and the plugin name:

or2mjp -p project -r region -a uninstall -n plugin-name

The command execution will be confirmed with a message that the plugin has been queued for installing

or uninstalling.

Figure 141 - Jenkins plugin uninstallation


EPAM PUBLIC 196

15.11.4 Describing Existing Jenkins Jobs

Invoke: or2-describe-jenkins-jobs (or2djj)

The command is used to get the list of the existing Jenkins jobs.

CLI Parameters






-j, --job Jenkins job name No



Response Elements

Name Description

name Job name

lastBuildState The status of the last job build

currentBuildState The current state of the build if the job was triggered

url The job url

nextBuildNumber The number of the next build

Command Example:

This example shows the Jenkins jobs description:

or2djj -p project -r region


EPAM PUBLIC 197

15.11.5 Triggering a Jenkins Job

Invoke: or2-trigger-jenkins-job (or2tjj)

The command is used to trigger one of the existing Jenkins jobs.

CLI Parameters




-j, --job Jenkins job name Yes

-t, --parameter

Used for parameterized job. Parameter name=value pair. Use

"=" as delimiter. For several parameters repeat: --parameter

name1=value1 --parameter name2=value2 –parameter

nameN=valueN. If you use Windows command line, encase

the –t parameter in quotes i.e. "name=value".

No





Response Elements

Name Description



Command Example:

This example shows the Jenkins jobs triggering:

or2tjj -p project -r region -j “tewt”


EPAM PUBLIC 198

15.11.6 Removing a Jenkins Job

Invoke: or2-remove-jenkins-job (or2rjj)

The command is used to remove one of the existing Jenkins jobs.

CLI Parameters




-j, --job Jenkins job name Yes





-y Provide this parameter for automatic confirmation No

Response Elements

Name Description



Command Example:

This example shows the Jenkins jobs triggering:

or2rjj -p project -r region -j “tewt”


EPAM PUBLIC 199

15.11.7 Configuration File Example

Below, you can find an example of an XML configuration file to be used during the Jenkins job creation.

<?xml version='1.0' encoding='UTF-8'?>

<project>

<actions/>

<description></description>

<keepDependencies>false</keepDependencies>

<properties/>

<scm class="hudson.scm.NullSCM"/>

<canRoam>true</canRoam>

<disabled>false</disabled>

<blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuild

ing>

<blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>

<triggers/>

<concurrentBuild>false</concurrentBuild>

<builders>

<hudson.tasks.Shell>

<command>#!/bin/bash

echo "START"

sleep 15

echo "END"</command>

</hudson.tasks.Shell>

</builders>

<publishers/>

<buildWrappers/>

</project>


EPAM PUBLIC 200

15.12 SONAR AS A SERVICE

Sonar as a Service is based on SonarQube, an open-source code quality inspection component. Together

with Jenkins and Gerrit, it forms a complete CI/CD environment.

Sonar as a Service supports SonarQube versions 7.

For more details on working with SonarQube, visit the official SonarQube website.

The table below provides the list of service-related commands and their descriptions.

Please note that Sonar as a Service is not supported in AWS-type regions.


To activate Sonar as a Service, use the or2-manage-service (or2ms) command with the -a/--activate flag

and the -s/--service-name parameter with sonar value:

or2ms -p project -r region -a –s sonar

By default, the service starts SonarQube version 5.6. To start version 5.2, add the -v/--version parameter

to the or2ms command:

or2ms -p project -r region -a –s sonar v 5.2

This command creates a Sonar server based on the virtual machine with the following parameters:

Image: Ubuntu16.04_64-bit

Shape: MEDIUM

During the service activation, a PostgreSQL database is installed on the same virtual machine.

To deactivate the service, run the same command with the -d/--deactivate flag:

or2ms –p project -r region -d –s sonar

15.12.2 Service Manipulation

As soon as the service gets activated, its data can be retrieved using the or2-describe-services (or2dser)

command.

or2dser –p project -r region –s sonar

Figure 142 – Sonar Service Info (shown in two lines for better visibility)

http://www.sonarqube.org/


EPAM PUBLIC 201

You can find the details on the VMs created within the service activation, by calling the or2-describe-

instances (or2din) or command with -S sonar parameter:

or2din –p project -r region –S sonar

15.12.3 Sonar Quality Profiles

After activating Sonar as a Service, you can set up a Sonar quality profile for your project and populate it

with rules by which the code quality will be verified.

To set up a Sonar quality profile, use the or2-sonar-quality-profiles (or2sqp) command with the -a create

option. Specify the project and region to which the quality profile is to apply, the quality profile name and

the profile language:

or2sqp -p project -r region –a create –n profile_name –l language

CLI Parameters


-a, --action

Manage Sonar quality profiles action. Allowed values:

[describe, create, delete, activate-rules, deactivate-rules].

Default: describe

No





-l, --language Profile language. Allowed values: [java]. Default: java No

-n, --name Quality profile name No

-q, --quality-profile-key Quality profile key No



-R, --rule-key Rule key. For several rules repeat the parameter: -R rule1 -R

rule2 -R ruleN No


Default: false No

Response Elements

Name Description

key Quality profile key

name Quality profile name

languageName Language to which the quality profile applies

defaultProfile Indicates whether the profile is the default one

activeRuelsCount The number of active Sonar rules


EPAM PUBLIC 202

Command Example:

This example creates a Sonar quality profile:

or2sqp -p project -r region –a create –n profile_name –l language

Response Example:

Figure 143 – or2sqp Command Response

You can use the same command to retrieve the list of all quality profiles set for the project and region (just

send the -p project and -r region parameters) or delete a quality profile (send the -a delete parameter and

specify the key of the profile to be deleted).

To activate Sonar rules for a quality profile, use the or2-sonar-quality-profiles (or2sqp) command with

the -a activate-rules parameter. The command should contain one or several keys of the rules to be

activated:

or2sqp -p project -r region –a activate-rules –q quality_profile_key –R

rule_key1 –R rule_key2

Figure 144 - Rules activation for Sonar quality profile

The same command with the -a deactivate-rules parameter will deactivate the rules with the specified

keys.

15.12.4 Sonar Rules

To retrieve the Sonar rules from a repository or a quality profile, use the or2-sonar-rules(or2sr) command.

or2sr -p project -r region –R repository –n page_number

CLI Parameters


-a, --action Manage Sonar rules action. Allowed values: [search]. Default:

search No






EPAM PUBLIC 203

-n, --page-number Page number to retrieve. Min value: 1. Max value: 1000000.

Default: 1 No

-s, --page-size Page size. Min value: 10. Max value: 50. Default: 20 No

-q, --quality-profile-key Quality profile key No

-R, --repository Rules repository. For example: squid, common-java etc. No

-t, --tag Rule tag. For example: java8, security, bug etc. For several tags

repeat the parameter: -t tag1 –t tag2 -t tagN No



-R, --rule-key Rule key. For several rules repeat the parameter: -R rule1 -R

rule2 -R ruleN No


Default: false No

Response Elements

Name Description

key Sonar rule key

name Sonar rule name

severity Rule severity

Command Example:

This command retrieves Sonar rules from a repository:

or2sr -p project -r region –R repository –n page_number

Figure 145 – or2sr Command Response

To retrieve Sonar rules from a quality profile, send the -q quality_profile_key parameter instead of -R

repository.


EPAM PUBLIC 204

15.13 ARTIFACTORY AS A SERVICE

An artifact repository is one of the important components of the CI/CD flow storing artifact collections and

metadata. Artifactory as a Service is a cloud-based platform service which, together with Jenkins, Gerrit

and SonarQube, forms a consistent CI/CD environment.

Artifactory as a Service is based on Artifactory version 4.15.0. Each Sonar server has the following

configuration:

• Image: CentOS7_64-bit

• Shape: MEDIUM

• Additional storage: 300 GB

For more details on working with Artifactory, visit the official Artifactory website.

The table below provides the list of service-related commands and their descriptions.

Command Description or2-manage-service...-s artifactory -a Activates the Artifactory service in the specified project

and region

or2-describe-instances… -S artifactory Displays the details of VMs created during the service activation

or2-describe-services… -s artifactory Describes the Artifactory service activated in the specified project and region


To activate Artifactory as a Service, use the or2-manage-service (or2ms) command with the -a/--activate

flag and the -s/--service-name parameter with artifactory value:

or2ms -p project -r region -a –s artifactory

After the command is sent, the system requests an admin password. The password created by the user

starting the service is then used to access the Artifactory server. This is an additional security measure

protecting the repositories in the storage.

This command creates an Artifactory server with an additional storage volume.

All artifacts are stored on the additional disk. No root disk space is used for artifact storage which

guarantees reliable performance and availability.


or2ms –p project -r region -d –s artifactory


As soon as the service is activated, its data can be retrieved using the or2-describe-services (or2dser)

command.

or2dser –p project -r region –s artifactory

https://www.jfrog.com/artifactory/


EPAM PUBLIC 205

Figure 146 – Artifactory Service Info (shown in two lines for better visibility)


instances (or2din) or command with -S artifactory parameter:

or2din –p project -r region –S artifact


EPAM PUBLIC 206

15.14 RELATIONAL DATABASE SERVICE

The Relational Database (RDB) service automatically creates a PostgreSQL/MySQL/MariaDB/Oracle/MS

SQL Server database entity for your project. It is possible to create several entities within one project/region.

The RDB service is available only in EPAM regions.

The default parameters of the DB instance are:

• Shape: MEDIUM

• Image: Ubuntu18.04_64-bit (for PostgreSQL, MySQL, MariaDB), OracleLinux7 64-bit (for Oracle),

W2019Std (for MS SQL Server)

The service is manipulated with the or2-manage-rdb (or2rdb) command with different --action/-a

parameter values (describe, install, remove):

CLI Parameters


-a, --action Manage RDB action [describe, install, remove] Default: describe

No

--assign-static-ip Specifies whether a static IP should be used on the DB instance (allowed in AWS only)

No

-n, --db-name The name of the database. If not specified, will be generated automatically

No

-pwd,--db-password The password to be created to login to the created database. If not specified, a random one will be generated.

No

-d, --description The brief description of the database No

-u, --user Name of the database user No

-f, --file-path The path to the init script file used for database configuration. No



-k, --key-name Project SSH key name. Required for AWS zones Yes/No





-S, --service-id Service ID (for service deactivation) No

-t, --type Relational database type [mysql,mssql, postgresql, oracle, mariadb]

Yes

-y Provide this parameter for automatic confirmation No

The command response depends on the selected action.

Command example 1:

The example below describes existing RDB servers:

or2rdb -p project -r region

Response Example 1:


EPAM PUBLIC 207

Figure 147 - the or2rdb [-a describe] Response Example

Command Example 2

This command starts a new RDB server:

or2rdb -p project -a install -t mysql -r region -u username -k keyname

-n db_name -f “D:\example\path.xml”

Command Response 2

Figure 148 - or2rdb -a install Response Example

Command Example 3

This command removes an RDB server:

or2rdb -p project -r region -a remove -S serviceId

Response Example 3:

Figure 149 - or2rdb -a remove Response Example


EPAM PUBLIC 208

15.15 MAGENTO AS A SERVICE

Magento is an open-source e-commerce platform allowing to quickly build unique shopping websites both

for the B2B and B2C industries. Now Magento is available for EPAM developers as a Cloud service based

on Magento 2.3.

Each Magento server has the following configuration:

• Image: CentOS7

• Shape: MEDIUM

For more details on Magento platform, visit the official Magento website.


To activate Magento as a Service, use the or2-manage-service (or2ms) command with the -a/--activate

flag and the -s/--service-name parameter with magento value:

or2ms –p project -r region -a –s magento


or2ms –p project -r region -d –s magento


As soon as the service gets activated, its data can be retrieved using the or2-describe-services (or2dser)

command.

or2dser –p project -r region –S magento

Figure 150 - Magento service info (shown in two lines for better visibility)


instances (or2din) or command with -S magento parameter:

or2din –p project -r region –S magento

https://magento.com/


EPAM PUBLIC 209

15.16 MESSAGING AS A SERVICE

The Messaging Service allows to set up a RabbitMQ server (v.3.1.5) for message exchange. The service

is similar to Amazon SQS and is available in EPAM regions only.

The default parameters of the instance are:

• Shape: MEDIUM


15.16.1 Starting the service

To start the Messaging service, run the or2-manage-service (or2ms) command with --activate (-a), --

service-name (-s) messaging parameters:

or2ms -p project -r region -a -s messaging

The service when activated, starts a RabbitMQ server VM with the following configuration:

• OS: Ubuntu16.04_64-bit

• Shape: MEDIUM

15.16.2 Getting Tokens

EPAM Private Cloud provides a special entry point in the Messaging service that may be used for

communication between AWS SDK and the service.

In both cases, to use the service, you need to create a token that will be used to reach the RabbitMQ

server. The token is created by the or2-manage-service (or2ms) command with the --init-entry-point

flag:

or2ms –p project –r region –s messaging --init-entry-point

For each project-region combination, there should be a special token created. The token is stored in the

default.properties file, and has the following structure:

messaging.demopro.demoreg.access=http://service_VM_DNS:5673#token

http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/Welcome.html


EPAM PUBLIC 210

15.16.3 Queues Manipulation

Invoke: or2-manage-queues (or2mq)

The command is used to create and manage queues within the Messaging service.

CLI Parameters


-a, --action The action to be taken [describe, create, purge, delete]







-q, --queue-name Name of a queue No

-qp, --queue-name-prefix Queue name prefix (case-sensitive). Use for filtering the

results of the DESCRIBE action. No


-v, --visibility-timeout Visibility timeout of a queue to be created (in seconds).

Should be in range [30, 43200]. Default: 30 No

-y Provide the parameter for automatic command confirmation No

Response Elements

Name Description

queueName The name of the queue

visibilityTimeout Queue visibility timeout

creationDate The date and time when the queue was created

created/purged/deleted Action execution status

messagesCount The number of messages in the queue

Command Example:

This example shows a queue creation:

or2mq –p project –r region –q queue_name –v 45

Command Response:

Figure 151 - or2mq -a create Response Example


EPAM PUBLIC 211

15.16.4 Messages Manipulation

Invoke: or2-manage-messages (or2mm)

The command is used to create and manage messages within the Messaging service.

CLI Parameters


-a, --action The action to be taken [send, receive, delete]

Default: receive No

-c, --count The number of messages to retrieve [1-10] No



-m, --message-content

Content of a message to be send (maximum 256 KB in size).

Specify 'file:' prefix to retrieve content from the file on a disk.

For example: file:D:/message.txt

No

-i, --message-id ID of a message No




-q, --queue-name Name of a queue Yes


-w, --wait-time Time for messages (in seconds). If a message is available, it

will return sooner [1-120] No

-y Provide the parameter for automatic command confirmation No

Response Elements

Name Description

content Message content

id Message ID

timestamp Time identifier of the message

Command Example:

This example shows messages sending:

or2mm –p project –r region –q queue_name –m “message” –c 5 –a send

Command Response:

Figure 152 - or2mm -a send Command Response


EPAM PUBLIC 212

16 ANSIBLE USAGE

Apart from Chef-based auto configuration, EPAM Cloud includes Ansible facilities supporting dynamic

inventory restful API.

Ansible is set up and configured via Maestro CLI.

On Windows, if you have already used Maestro CLI, before starting Ansible download the Maestro CLI

installation archive manually and install it. The or2update command will not be sufficient to load all

required Ansible resources, particularly, the /lib/ansible/ folder necessary to work with Ansible.

It is strongly recommended to use workspaces for Ansible-related commands.

16.1 INITIALIZING ENVIRONMENT

Invoke: or2-ansible-init (or2ai)

Initializes Ansible environment for the specified project and zone.

The command sets up all required configuration files in the current user directory:

• ansible.cfg – Ansible configuration file

• default.properties – contains default values for the required CLI parameters

• ansible_hosts.sh – executable script to get Ansible dynamic inventory

CLI Parameters








Command Example

This example initializes an Ansible environment

or2ai -p project -r region

Response Example:

Figure 153 - or2ai Response Example

https://cloud.epam.com/site/develop/public_a=p=i_and_c=l=i/maestro-cli.zip

https://cloud.epam.com/site/develop/public_a=p=i_and_c=l=i/maestro-cli.zip

https://kb.epam.com/display/EPMCITFAQ/Maestro+CLI+Tips+and+Tricks


EPAM PUBLIC 213

16.2 ANSBILE HOSTS

Invoke: or2-ansible-hosts (or2ah)

Is used to manage Ansible hosts.

CLI Parameters


-a, --action Action (include/exclude*/describe). Default: describe No


-g, --group Name of the group (for several groups repeat the parameter) No


-h, --host Host ID (for several host ids repeat the parameter) No






*You cannot exclude host(s) from a ‘default’ group. A warning message will appear if you try to exclude host(s) from ‘default’ group.

Response Elements

Name Description

hostId Host ID

host Host name

groups Engaged groups

groupName Group name on Describe action

properties Group properties on Describe action

Command Example

This example adds a host to a specified group

or2ah -p project -r region -h host_id1 -h host_id2 -g group_name

-a include

Response Example:

Figure 154 - or2ah Response Example


EPAM PUBLIC 214

16.3 ANSIBLE GROUPS

Invoke: or2-ansible-groups (or2ag)

Is used to manage Ansible groups.

CLI Parameters


-a, --action Action (create/delete*/describe). Default: describe No









*You cannot delete the ‘default’ group. A warning message will appear if you try to delete the ‘default’ group.

Command Example

This example creates a new Ansible group

or2ag -p project -r region -g group_name -a create

Response Example:

Figure 155 - or2ag Response Example


EPAM PUBLIC 215

16.4 ANSIBLE GROUP PROPERTIES

Invoke: or2-ansible-group-properties (or2agp)

Is used to manipulate Ansible groups properties.

CLI Parameters


-a, --action Action (set/delete/describe). Default: describe No

--all Deletes all properties. Default: all No

--append Append new properties if the current group already has corresponding keys

No




-h, --host Host ID (for several host ids repeat the parameter) No

-r. --region Virtualization region Yes


-t, --property

Property to add in a name=value way. Use "=" as the delimiter. For several properties repeat the parameter: --property name1=value1 --property name2=value2 --property nameN=valueN. If you use Windows command line, please, encase the -t parameter in quotes i.e. "name=value".

No

-n, --property-name Property name. For several properties repeat the parameter. To delete all properties, use "all" parameter instead

No




Command Example

This example assigns properties to a group.

or2agp -p project -r region -g web -a set -t “keepalive=60” -t

“ssl_enable=false” -t “workers=4”

Response Example:

Figure 156 - or2agp Response Example


EPAM PUBLIC 216

16.5 ANSIBLE DYNAMIC INVENTORY

Invoke: or2-ansible-dynamic-inventory (or2adi)

Returns Ansible dynamic inventory for the specified project and region in the JSON format.

CLI Parameters






-t, --pretty Returns the JSON data in a formatted way No



Command Example

or2adi -p project -r region

Response Example:

Figure 157 – Fragment of or2adi Response Example

Figure 158 - Fragment of or2adi Response Example in a Formatted Way


EPAM PUBLIC 217

17 TROUBLESHOOTING

It may happen that you will get some errors or encounter other issues when working with EPAM Cloud

Orchestrator. Below is given a recommended troubleshooting procedure which is intended to help you

resolve your issues.

Problem?

Cannot manage my

infrastructure

Unexpected Behaviour

Can’t access Orchestrator

See the Audit page

See the Health Check page

See FAQCheck SIN

notifications

Report an incident

Figure 159 - Troubleshooting Scheme

In case you have problems with managing your infrastructure, cannot execute commands or reach

your VM, please, go to Orchestrator Audit page and ensure your VM is available and not deleted by anyone.

If your VM is present and available, but CLI commands still do not work for you, it is possible, that due to

technical issues, the connection to your region is broken. Please, take a look at the Orchestration

Healthcheck page which gives real-time detailed information on each of the Orchestrator regions

performance (except for EPAM-BY1) and indicates which regions are unavailable at the moment. If the

region is currently unavailable, it is advised to wait for a while until the technical issues are fixed and the

region performance is resumed.

In case of emergency, or when you have infrastructure configuration issues not related to the regions

performance, please, address the Help Desk or L1.5 team.

If you encounter an unexpected Orchestrator behavior, please, look at the FAQ pages in EPAM

Knowledge Base or at EPAM Orchestrator website. It is highly possible that the solution is already described

there.

If you get an unexpected “Service under Maintenance” message when trying to login to Orchestration

website or “EPAM orchestration in progress” message when trying to execute a CLI command, please,

check whether you have received a corresponding SIN notification on Orchestrator maintenance. If you

have not received one, please, address the Help Desk for further instructions and help.

If you have an issue that is not listed above, or you have performed the described steps, but your issue is

not solved due to one reason or another, please, submit an incident request to support.epam.com (EPAM

Cloud section in the Catalog).

https://orchestration.epam.com/maestro2/ui/events

https://orchestration.epam.com/maestro2/healthcheck

https://orchestration.epam.com/maestro2/healthcheck

mailto:Help%20Desk%20%[email protected]%3e

mailto:Support%20EPM-CSUP%20L1.5%20%[email protected]%3e

https://kb.epam.com/display/EPMCITFAQ/FAQ

https://kb.epam.com/display/EPMCITFAQ/FAQ

https://cloud.epam.com/site/learn/f=a=q

mailto:Help%20Desk%20%[email protected]%3e



EPAM PUBLIC 218

ANNEX A - USER PERMISSIONS

USER GROUPS

All operations available using Orchestrator are divided into several groups, used to customize user

permissions. These groups are detailed in the table below.

CLI Command READ

group

STORAGE

group

VM

group

META

group

NEW

RESOURCES

group

KILL

RESOURCES

group

ADVANCED

MANAGEMENT

group

or2-allocate-static-ip (or2alsip) ✓

or2-ambari-cluster (or2ac) ✓

or2-attach-volume (or2attvol) ✓

or2-associate-static-ip

(or2assip)

✓

or2-audit (or2audit) ✓

or2-aws-management-console

(or2awsmc)

✓

or2-azure-management-

console (or2azmc)

✓

or2-change-owner (or2chow) ✓

or2-change-shape (or2chshape) ✓

or2-check-version (or2check) ✓

or2-chef-mode (or2cm) ✓

or2-console (or2console) ✓

or2-convert-maestro-stack-

template (or2cmst)

✓

or2-create-attach-volume

(or2addattvol)

✓

or2-create-checkpoint (or2ccp) ✓

or2-create-image (or2cim) ✓

or2-create-keypair (or2addkey) ✓

or2-create-schedule

(or2addsch)

✓

or2-delete-aws-stack

(or2dawss)

✓

or2-delete-checkpoint

(or2delcp)

✓

or2-delete-file (or2delf) ✓

or2-delete-image (or2delim) ✓

or2-delete-instance-properties

(or2delp)

✓ ✓

or2-delete-keypair (or2delkey) ✓

or2-delete-maestro-stack

(or2delmstack)

✓

or2-delete-schedule (or2delsch) ✓

or2-delete-tag (or2deltag) ✓

or2-delete-volume (or2delvol) ✓


EPAM PUBLIC 219

CLI Command READ

group

STORAGE

group

VM

group

META

group

NEW

RESOURCES

group

KILL

RESOURCES

group

ADVANCED

MANAGEMENT

group

or2-describe-aws-stack-events

(or2dawsse)

✓

or2-describe-aws-stack-

resources (or2dawssr)

✓

or2-describe-aws-stacks

(or2dawss)

✓

or2-describe-checkpoints

(or2dcp)

✓

or2-describe-chef (or2chef) ✓

or2-describe-docker (or2dd) ✓

or2-describe-files (or2df) ✓

or2-describe-hadoop (or2dh) ✓

or2-describe-images (or2dim) ✓

or2-describe-instance-

properties (or2getp)

✓

or2-describe-instances (or2din) ✓

or2-describe-keypairs (or2dkey) ✓

or2-describe-load-balancing

(or2dlb)

✓

or2-describe-logging (or2dlog) ✓

or2-describe-maestro-stack-

resources (or2dmsr)

✓

or2-describe-maestro-stacks

(or2dmstack)

✓

or2-describe-monitoring

(or2dmon)

✓

or2-describe-nessus-templates

(or2dnt)

✓

or2-describe-operation (or2dop) ✓

or2-describe-projects (or2dpro) ✓

or2-describe-regions (or2dreg) ✓

or2-describe-schedules

(or2dsch)

✓

or2-describe-services (or2dser) ✓

or2-describe-shapes

(or2dshape)

✓

or2-describe-static-ips (or2dsip) ✓

or2-describe-tag (or2dtag) ✓

or2-describe-vlans (or2dvlans) ✓

or2-describe-volumes (or2dvol) ✓

or2-detach-volume (or2detvol) ✓

or2-disassociate-static-ip

(or2dissip)

✓

or2-docker-container (or2dc) ✓ ✓

or2-docker-image (or2di) ✓


EPAM PUBLIC 220

CLI Command READ

group

STORAGE

group

VM

group

META

group

NEW

RESOURCES

group

KILL

RESOURCES

group

ADVANCED

MANAGEMENT

group

or2-docker-registry-image

(or2dri)

✓ ✓

or2-ftp-access (or2ftpa) ✓ ✓

or2-get-access (or2access) ✓

or2-get-info (or2info) ✓

or2-go-to-checkpoint (or2gcp) ✓

or2-hardware-report (or2hr) ✓

or2-import-keypair (or2ikey) ✓

or2-load-balancer-config

(or2lbconf)

✓

or2-lock-instance-termination

(or2lock)

✓

or2-manage-ftp (or2ftp) ✓ ✓

or2-manage-hadoop (or2mh) ✓

or2-manage-service (or2ms) ✓ ✓

or2help No permissions or credentials required

or2-modify-hardware-server

(or2modhs)

Only available to zone administrators

or2-move-instance-to-vlan

(or2mivlan)

✓

or2-price (or2price) ✓

or2-reboot-instances

(or2reboot)

✓

or2-register-hardware-server

(or2rhs)

Only available to zone administrators

or2-release-static-ip (or2relsip) ✓

or2-report (or2report) ✓

or2-resize-volume (or2resvol) ✓

or2-revert-to-checkpoint

(or2rcp)

✓

or2-run-aws-stack (or2rawss) ✓

or2-run-instances (or2run) ✓

or2-run-maestro-stack

(or2rmstack)

✓

or2-schedule-add-instances

(or2schaddi)

✓

or2-schedule-remove-instances

(or2schremi)

✓

or2-security-check (or2sc) ✓

or2-set-instance-properties

(or2setp)

✓ ✓

or2-set-tag (or2settag) ✓

or2-start-instances

(or2start)

✓

or2-start-logging (or2log) ✓


EPAM PUBLIC 221

CLI Command READ

group

STORAGE

group

VM

group

META

group

NEW

RESOURCES

group

KILL

RESOURCES

group

ADVANCED

MANAGEMENT

group

or2-start-monitoring (or2mon) ✓

or2-stop-instances (or2stop) ✓

or2-stop-logging (or2stoplog) ✓

or2-stop-monitoring

(or2stopmon)

✓

or2-terminate-instances (or2kill) ✓

or2-update-cli (or2update) ✓

or2-upload-file (or2uf) ✓

or2-upload-script (or2ups)

or2-validate-maestro-stack-

template (or2vmst)

No permissions required

or2-view-pool-state (or2vps) ✓

or2-manage-

service (or2ms)

Activate ✓

Deactivate ✓

or2-docker-

volume (or2dv)

Create ✓

Delete ✓

or2-chef-mode

(or2cm)

Describe Chef

Mode

✓

Deactivate

Service

✓

Activate Service ✓

Update Chef

Mode

✓

DEFAULT PROJECT ROLES

A user's UPSA project role identifies which operations, by Maestro user groups, the user can perform via

EPAM Orchestrator CLI or UI interfaces on this project. If a user is not assigned to the project, they cannot

perform any related cloud operations.

EPAM Orchestrator also ensures the access to native tools of the external cloud providers. The user gets

the access role depending on their project role. Below the section, there is a mapping table of the project

roles and groups.

The following roles are available for work with Cloud via EPAM Orchestrator:

• EPAM-based project roles characterize permissions for work in private cloud regions. These

permissions can be customized for each project.

• AWS Role based on the EPAM Cloud project role and defining the scope of access to the AWS

Management Console via SSO.

• Google Role based on the project role and defining the scope of access to the Google Console

via SSO.

• When working with Azure via EPAM Orchestrator, a user gets EPAM_BasicUser’s role. It is equal

to Azure` Contributor role without the ability to manage users and security groups. See details

about Azure Contributor's role on the Microsoft website.

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles


EPAM PUBLIC 222

The default AWS and Google roles include the following permissions:

Role Name Access Scope

AWS GCP AWS GCP BasicReadOnly BasicReadAccess Read-only access to EC2, S3, RDS,

DynamoDB, Lambda services Read-only access to Compute engine.

FullReadOnly FulLReadAccess Read-only access to all AWS services Full-read access to all GCP services

BasicUser BasicAccess The access to the main compute, storage, management, database, IoT, networking, analytics, machine learning services, step functions and developer tools. Full access to IAM except Write, Permissions management Full access to EC2 except Security Groups management

The access to the main GCP services, except: admin-special options, IAM Write, Network security management.

AdminUser AdminAccess Full access to all AWS services except: IAM Write, Permissions management EC2 Security Groups management

Full access to all GCP services except: IAM Write, Network security management

You can access your resources in the external cloud regions via Maestro CLI and Web Management

Console as well as via the native management tools. Please see the respective section of the Maestro User

Guide for more details.

The following table details default user permissions depending of their project roles. Each project role has

access to several Maestro CLI user groups to perform respective operations (see User Groups.) These

permissions can be customized for each project abbreviation in UPSA.

EPAM Orchestrator also ensures the access to native tools of the external cloud providers. The user gets

the access role depending on their project role.

Project Role EPAM Orchestrator Permissions Groups

AWS Role Azure Role Google Role

1st Line / Help Desk Specialist

READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

2nd Line / Environments Support Engineer

READ, VM, STORAGE, META, NEW, KILL

BasicUser EPAM_BasicUser BasicUserAccess

3rd Line / Software Maintenance Engineer


AdminUser EPAM_BasicUser AdminUserAccess

Account Manager READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

Administrative Support

READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

Agile Coach READ, VM, STORAGE, META, NEW, KILL

BasicReadOnly EPAM_BasicUser BasicReadAccess

Build Engineer READ, VM, STORAGE, META, NEW, KILL

FullReadOnly EPAM_BasicUser FullReadAccess

Business Analysis Team Lead



Business Analyst READ, VM, STORAGE, META, NEW, KILL


Consultant READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

NB: In order to customize user groups for your project, please contact Consulting Team.

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_access-level_write.html#ag_write_iam

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_access-level_permissions.html#ag_permissions_iam



https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_access-level_write.html#ag_write_iam



https://cloud.epam.com/site/develop/hybrid_cloud/csug_04_user_guide.pdf




EPAM PUBLIC 223

Consulting Team Lead



Contact READ, VM, STORAGE, META - - -

Customer READ, VM, STORAGE, META - - -

Customer Representative

READ, VM, STORAGE, META - - -

Customer TR READ, VM, STORAGE, META - - -

Data Analyst READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

Data Modeler READ, VM, STORAGE, META, NEW, KILL


Delivery Manager READ, VM, STORAGE, META, NEW, KILL, ADVANCED MANAGEMENT


Delivery Supervisor READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

Design Team Lead READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

Designer READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

Developer READ, VM, STORAGE, META, NEW, KILL


Development Team Lead



Engineer READ, STORAGE, META, VM, NEW_RESOURCES


Engineering Team Lead

READ, STORAGE, META, VM, NEW_RESOURCES, KILL_RESOURCES


EngX Productivity Lead


Executive READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

External User READ, VM, STORAGE, META - - -

Financial Manager READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

HR Business Partner READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

HTML Coder READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

Information Architect



Junior Developer READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

Junior Functional Tester


Key Designer READ, VM, STORAGE, META, NEW, KILL


Key Developer READ, VM, STORAGE, META, NEW, KILL


Key Engineer READ, STORAGE, META, VM, NEW_RESOURCES, KILL_RESOURCES


Key Tester READ, VM, STORAGE, META, NEW, KILL


Machine Learning Engineer

READ, VM, STORAGE, META, NEW

BasicReadOnly EPAM_BasicUser BasicUserAccess

Maintenance & Support Team Lead



Member READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

Performance Analyst READ, VM, STORAGE, META, NEW, KILL


Principal Delivery Manager

READ, VM, STORAGE, META BasicUser EPAM_BasicUser BasicUserAccess

Process Engineer READ, VM, STORAGE, META, NEW, KILL


Program Manager READ, VM, STORAGE, META BasicUser EPAM_BasicUser BasicUserAccess

Project Coordinator READ, VM, STORAGE, META, NEW, KILL, ADVANCED MANAGEMENT



EPAM PUBLIC 224

Project Manager READ, VM, STORAGE, META, NEW, KILL, ADVANCED MANAGEMENT


Project Member READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

Project Sponsor READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

Project Supervisor READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

Project VIP READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

Quality Engineer READ, STORAGE, META, VM FullReadOnly EPAM_BasicUser FullReadAccess

Resource Manager READ, VM, STORAGE, META, NEW, KILL


Sales Executive READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

Sales Manager READ, VM, STORAGE, META FullReadOnly EPAM_BasicUser FullReadAccess

Sales Representative READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

Scrum Master READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

Signatory READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

Solution Architect READ, VM, STORAGE, META, NEW, KILL


Technical Writer READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

Technician Team Lead

READ, STORAGE, META, VM, NEW_RESOURCES, KILL_RESOURCES


Tester READ, VM, STORAGE, META, NEW, KILL


Testing Team Lead READ, VM, STORAGE, META, NEW, KILL


TS Engineer READ, VM, STORAGE, META, NEW, KILL


ZXY Agile Team Member

READ, VM, STORAGE, META BasicReadOnly EPAM_BasicUser BasicReadAccess

USER PERMISSIONS CUSTOMIZATION FOR A SPECIFIC USER

There are 4 options of permissions available for each user:

• Project role-based (default). The user will get the set of permissions, guaranteed to them

according to their project role, as described in the previous section.

• Admin. The user will get the max project permissions level in private regions and AdminUser for

Amazon.

• Deny access. The user will have no access to perform project manipulations in Cloud. Also, the

user will not have an access through SSO to all public providers for the selected projects.

• AWS Managed Policy. The user will have a set of permissions which can be used to set up a

specific access level to one of AWS services (for example, AmazonChimeReadOnly), or to match

standard needs of a person with a specific job function (for example, SupportUser).

If the default role is not enough, an Advanced Management group member (Project Manager, Coordinator,

Account Manager, and Delivery Manager) can change the Admin permissions through Manage Cloud

wizard at Cloud Dashboard. Please note, that this will affect your permissions in other Clouds as well.

Please check more details in section 6.1 of Account Management Guide.

In case you need to fine-tune the permissions for a specific role on a project, please use the Manage

permissions for a project role option of the wizard.




EPAM PUBLIC 225

ANNEX B – CLIENT VERSIONING

Current version of the CLI is defined in the cli.version parameter within the ‘cli-system.properties’ file,

which is unavailable for user editing. You can display contents of ‘cli-system.properties’ in console by

running the or2info command (See the Maestro CLI Info Section). CLI client version comprises the

following components:

• Orchestrator version

• Separator (.)

• Last digit of a year (2 for 2012)

• Month number (10 for October)

• Separator (.)

• Day

• Build number for current day

For example, ‘cli.version=2.210.103’ corresponds to Orchestrator version 2, built on October 10, 2012 and

being the third build that day.

NB: Under construction. Currently support for versioning is implemented by versioning Maestro CLI

client using the Maestro-CLI-version


EPAM PUBLIC 226

ANNEX C – INSTANCE TYPES AND THEIR SHAPES

The table below contains available virtual instance hardware configurations aka Shapes.

EPAM Cloud Shape

Shape CPU

Shape RAM GB

AWS Instance Type Microsoft Azure Instance Size

Google Cloud Instance Type Zone Set 1* Zone Set 2**

MICRO 1 0.5 t3.nano t3.nano A0 MICRO

MINI 1 1 t3.micro t3.micro - MINI

SMALL 1 2 t3.small t3.small A1 SMALL

MEDIUM 2 4 t3.medium t3.medium A2 MEDIUM

LARGE 2 8 t3.large t3.large A3 LARGE

XL 4 7.5 m5a.large m5.large - -

2XL 4 16 r5a.large r5.large - -

3XL 8 15 m5a.xlarge m5.xlarge - -

4XL 6 23 r5a.xlarge r5.xlarge - -

5XL 8 32 m5a.2xlarge m5.2xlarge - -

6XL 8 46 r5a.2xlarge r5.2xlarge - -

7XL 8 61 m5a.4xlarge m5.4xlarge - -

8XL 16 122 r5a.4xlarge r5.4xlarge - - *Zone Set 1 US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland),

Asia Pacific (Singapore)

**Zone Set 2 US West (N. California), Canada (Central), EU (Frankfurt), EU (London), EU (Paris), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Osaka-Local), Asia Pacific (Sydney), Asia Pacific (Mumbai), South America (São Paulo), EU (Stockholm)

Not all the shapes are by default available for projects. When a project is activated in EPAM regions, Small,

Medium, and Large shapes are activated for it. To get other shapes, submit a Shape Activation Request.

Please note:

• ESX regions, EPAM-HU2 and EPAM-IN1 support shapes up to 3XL.

All other OpenStack regions support shapes up to 5XL.

• Other regions support shapes up to Large.

• When a project is activated in AWS, the full stack of shapes is automatically activated for it.

• Extra-large shapes (over 5XL) are available in AWS regions only.

https://support.epam.com/esp/ess.do?ctx=docEngine&file=svcDisplay&query=name=%22AddAvailableShapesForProject%22


EPAM PUBLIC 227

ANNEX D – SERVICE LOCATIONS

The tables below contain the list of planned EPAM Cloud service locations, using both own infrastructure and

public cloud offerings.

EPAM INFRASTRUCTURE

EPAM Cloud Orchestration Service is a system distributed between different regions. The regions have different

geographical location, virtualization basis and a certain coefficient that applies to services provided within the

region and modifies actual costs. The coefficient depends on the region location and related maintenance

expenses.

Location Service Region Virtualization Billing type

CIS (Minsk, Belarus) EPAM-BY1 ESX Per-hour

CIS (Minsk, Belarus) EPAM-BY2 OpenStack Per-second

CIS (Minsk, Belarus) EPAM-MAC ESX Per-hour

CIS (St. Petersburg, Russia) EPAM-RU2 ESX Per-hour

CIS (St. Petersburg, Russia) EPAM-RU3 OpenStack Per-second

Europe (Budapest, Hungary) EPAM-HU1 ESX Per-hour

Europe (Budapest, Hungary) EPAM-HU2 OpenStack Per-hour

Ukraine (Kiyiv) EPAM-UA1 ESX Per-hour

Ukraine (Kiyiv) EPAM-UA2 OpenStack Per-second

USA (Edison, NJ) EPAM-US2 OpenStack Per-second

Asia (Hyderabad, India) EPAM-IN1 OpenStack Per-second

For more information on EPAM Cloud billing policy, please, see our Account Management Guide, Section 7:

Billing in EPAM Cloud.

Some of the existing regions have their specific features or limitations. They are listed below.

EPAM-BY2

• EPAM-BY2 is based on OpenStack technology

• The Recycle Bin functionality is supported. This functionality allows restoring a terminated VM within 7

days after termination by sending a request to support.epam.com

• Checkpoint manipulations are not supported.

• An image can be created only from instance that do not have additional volumes.

Network specifics

• All instances have an assigned floating IP from EPAM network (10.x.).

• All instances have hostname like ECSX000XXXXX.epam.com, which can be resolved as an IP from

EPAM network (for example, 10.6.129.34).

• If you try to resolve native hostname from instance in OpenStack you will get external IP, which does

not belong to any network interface of instance.

• This can cause issues when you try to bind some process to hostname instead of Instance IP.




EPAM PUBLIC 228

EPAM-IN1

• EPAM-IN1 is based on OpenStack technology

• Storage volumes are billed by provisioned, not by used, space

• Shapes up to 5XL are supported

• Checkpoints are disabled

• Graceful shutdown functionality is not available. The or2stop command acts as power-off

• The commands from other groups (as listed in Maestro CLI Reference Guide) are mostly available, but

some are disabled.

• View instance pool scope is not available

Network specifics

• All instances in project have IPs from internal net (172.16.242.230/21).






This can cause issues when you try to bind some process to hostname instead of Instance IP.

EPAM-US2

• EPAM-US2 is based on OpenStack technology

• Storage volumes are billed by provisioned, not by used, space

• Shapes up to 5XL are supported

• Checkpoints are disabled

• Graceful shutdown functionality is not available. The or2stop command acts as power-off

• The commands from other groups (as listed in Maestro CLI Reference Guide) are mostly available, but

some are disabled.

• View instance pool scope is not available

Network specifics






This can cause issues when you try to bind some process to hostname instead of Instance IP.

EPAM-MAC

EPAM-MAC region is designed to enable Mac resources provisioning. No other instance types can be created

here.

The region hosts two types of instances – virtual and hardware, each having its own specifics.


EPAM PUBLIC 229

• Virtual. Virtual MacOS instances have a choice between two operating systems. The instances details are:

o Image name: MacOS_10.12_Sierra, MacOS_10.13_HighSierra (can be updated to MacOS 10.14

Mojave)

o Shape: Any standard EPAM Cloud shape (recommended – MEDIUM)

o System Disk: 60GB

o Billing: Same as in EPAM-BY2 region

o Login: via VNC console with EPAM credentials

o Limitations: auto configuration service and checkpoints are not available.

To run such an instance, use the standard or2run command, and provide the new instance details, e.g.:

or2run –p <project> -r EPAM-MAC –i macos_10.12_Sierra –s <shape>

• Hardware. The other type of resources that can be provided in EPAM-MAC region, are reusable hardware

Macmini (OS X of current or release version) servers that can be provided for project needs. The specifics

of this kind of resources are:

o Image name: macmini_os_X

o Shape: Large (2CPU, 8GB RAM) only

o System Disk: 300GB, not extendable

o Billing: $30/Month, calculated hourly at 30/730.5 USD per hour

o Login: via VNC console with user/user credentials (we strongly recommend changing the default

credentials after the first login)

o Limitations:

▪ Instance operations are strictly limited: only or2run, or2kill, or2report, or2settag, or2din

commands are available. You can also see all the instance-related info on UI.

▪ Limited number of available servers. To check whether there are Macmini instances

available, please use the or2vps command:

or2vps -r EPAM-MAC

If there are no free Macmini servers, you will get a respective “low capacity” message when trying to request

one.

In this case, please, wait till one of the servers in use, is released.

To order a hardware Mac, use the standard or2run command, and provide the new instance details, e.g.:

or2run –p <project> -r EPAM-MAC –i macmini_os_X –s LARGE

Please also note that VM actions on the Management page are not available for instances in EPAM-MAC region.


EPAM PUBLIC 230

AWS CLOUD FORMATION REGIONS

To activate AWS regions in EPAM Cloud simply leave a respective request at support.epam.com. The following

regions are supported:

Region Code Region Name EPC Reference Name

ap-northeast-1 Asia Pacific (Tokyo) Region AWS-AP-NORTHEAST

ap-northeast-2 Asia Pacific (Seoul) Region AWS-AP-NORTHEAST-2

ap-southeast-1 Asia Pacific (Singapore) Region AWS-AP-SOUTHEAST

ap-southeast-2 Asia Pacific (Sydney) Region AWS-AP-SOUTHEAST-2

eu-west-1 EU (Ireland) Region AWS-EUWEST

eu-central-1 EU (Frankfurt) Region AWS-EUCENTRAL

sa-east-1 South America (Sao Paulo) Region AWS-SAEAST

us-east-1 US East (Northern Virginia) Region AWS-USEAST

us-west-1 US West (Northern California) Region

AWS-USWEST

us-west-2 US West (Oregon) Region AWS-USWEST-2

Once you get a notification from us about an AWS Region activation, you should be able to see it in your list of

available regions. Below is the example of Maestro CLI command for the AWS regions describing:

or2dreg -p sample –t AWS

Figure 160 - Describing available AWS regions

If you can see the AWS regions in the response, you can start utilizing AWS resources via EPAM Orchestration

tools.

For more information about AWS regions utilization specifics, please, see the Maestro User Guide.

https://kb.epam.com/display/EPMCITFAQ/Support+Request

https://support.epam.com/ess.do



EPAM PUBLIC 231

AZURE REGIONS

To activate Azure regions in EPAM Cloud simply leave a respective request at support.epam.com. The following

regions are supported:

Region Name (Location) Region Alias EPC Reference Name

Brazil South (Sao Paolo State) BR South AZURE-BS

Central US (Iowa) - AZURE-CUS

East Asia (Hong Kong) - AZURE-EA

East US (Virginia) USEast, eastus AZURE-EUS

East Us 2 (Virginia) useast2, EastUS2 AZURE-EUS-2

Japan East (Tokyo, Saitama) - AZURE-JE

Japan West (Osaka) Ja West AZURE-JW

North Central US (Illinois) - AZURE-NCUS

North Europe (Ireland) Northeurope AZURE-NEU

South Central US (Texas) - AZURE-SCUS

Southeast Asia (Singapore) - AZURE-SEA

West Europe (Netherlands) westeurope AZURE-WEU

West US (California) - AZURE-WUS

Once you get a notification from us about activating your project in Azure, you should be able to see it in your

list of available regions. Below is the example of Maestro CLI command for the region describing:

or2dreg -p sample –t Azure

Figure 161 - Describing available Azure regions

If you can see Azure regions in the response, you can start utilizing Azure resources via EPAM Orchestration

tools.

For more information about Azure regions utilization specifics, please, see the Maestro User Guide





EPAM PUBLIC 232

GOOGLE CLOUD REGIONS

To activate Google Cloud regions in EPAM Cloud simply leave a respective request at support.epam.com. The

following regions are supported:

Google Region Location Orchestration Reference Name

Eastern Asia-Pacific Changhua County, Taiwan GCP-AS-EAST

Northeastern Asia-Pacific Tokyo, Japan GCP-AS-NORTHEAST

Western Europe St. Ghislain, Belgium GCP-EUWEST

Central US Council Bluffs, Iowa GCP-USCENTRAL

Eastern US Berkeley County, South Carolina GCP-USEAST

Western US The Dalles, Oregon GCP-USWEST

Once you get a notification from us about activating your project in Google Cloud, you should be able to see it

in your list of available regions. Below is the example of Maestro CLI command for the region describing:

or2dreg -p project –t google

Figure 162 - Describing available Google Cloud regions

If you can see Google Cloud regions in the response, you can start utilizing Google Cloud resources via EPAM

Orchestration tools.

For more information about Google Cloud regions utilization specifics, please, see the Maestro User Guide





EPAM PUBLIC 233

ANNEX E – LOGGING IN TO INSTANCES

This instruction is applicable to the methods of authorization on instances created from images

provided by EPAM Cloud. The method of authorization on VMs based on custom images

depends on the configuration of an image, as well as on settings made by hosting cloud provider.

WINDOWS

Login via an RDP client by using your standard domain credentials.

In order to access Windows instances via SSH, you first have to access them via RDP and configure SSH

connection.

LINUX

For Private Cloud we provide two ways of access to VMs:

• Using your domain authorization without SSH if the key was not specified at VM creation.

• Using the key specified on password.epam.com and your Domain username (with @epam.com).

• Using the key specified at VM creation and the default username, depending on the instance OS:

Image Username

CentOS family centos

Debian family admin

Ubuntu family ubuntu

CoreOS family Core

Amazon Linux ec2-user

For Public Cloud providers (non EPAM region type) SSH key authorization is used. When creating a VM, you

need to specify the name of the SSH key to be used. When authorizing, you can use one of the following

combinations:

• Using the specified SSH key and the default username, depending on the instance OS:

Image Username

CentOS family centos

Debian family admin (AWS, Google) debian (Azure)

Ubuntu family ubuntu

CoreOS family Core

Amazon Linux ec2-user

• Using the key specified on password.epam.com and your Domain username (with @epam.com).

Also, in Azure Cloud you can run a VM without specifying SSH key name. In this case you will

receive an email containing automatically generated username and password.

Password authorization is less secure than the SSH one. We recommend using it for training

purposes and temporary VMs.

According to best practices, it is beeter to use SSH key authorization and disable temporary

user and password access.

https://password.epam.com/

https://password.epam.com/


EPAM PUBLIC 234

AWS – WINDOWS

To login to a newly created AWS-based Windows instance perform the following steps:

1. Make sure the instance is up and running, e.g., using the o2-describe-instances command.

2. Run the or2console command providing the instance ID, project and region:

or2console –p demopro –r aws-region –i instance_id

3. When the command is executed, you get an email containing the details on the VM and an attachment

with the encrypted password.

AWS needs at least 4 minutes to generate a password for a new instance. If you run the or2console

command before the password is ready, the attachment in the letter will be empty.

4. Save the attachment to your disc or copy its content to an empty file.

5. Run the or2-aws-decrypt-password (or2adp) command, providing the name of the key used to run

the instance and the path to the file with the encryption:

or2adp -p private-key-file-path -e encrypted-password-file-path

The command response will contain the password to be used to login to your Windows VM as

Administrator.

Please note that the command is executed on the client’s side, external tools have no access to the

private part of the key.

6. Use this password to login to your VM via RDC:

Figure 163 - Remote connection to a Windows instance

If you have access to AWS Management Console, you can get the password using it, without having to perform

the steps described above. All you have to do is login to the Console, go to the Instances section, right-click on

the instance to which you want to get access and select Get Windows Password in the dropdown menu.


EPAM PUBLIC 235

Figure 164 - Connecting to a Windows VM in AWS

AZURE

When a VM (either Windows or Linux) creation is initiated, you get a letter containing credentials for access to

this VM remotely. These credentials are generated only once and will not be available for reference anywhere

except this letter.

If you run an instance without using an SSH key, the instance run letter will include the access username and

the password:

Figure 165 - Run instance letter with a password


EPAM PUBLIC 236

Please save the credentials properly for further usage; they are not saved anywhere else and cannot be

restored in case of loss.

If you used an SSH key to run an instance, the letter will include the key name instead of the credentials.

The Public IP necessary to connect to the VM will be given in the next letter sent to you as soon as your new

VM gets to the RUNNING state:

Figure 166 - A Start Instance letter with IPs

GOOGLE CLOUD REGIONS - WINDOWS

For Windows machines, use the or2console CLI command specifying an SSH key:

or2console -p project -r region -i instance_id -k key

The key must always be of 2048 size. The key is required only for the log in operation, not for VM run.

When this command is executed, you will receive an email containing an encrypted password. Decrypt the

password as follows:

or2-decrypt-password -p private-key-file-path -e encrypted-password-file-

path

Use the decrypted password to log in to your Windows VM under the username ‘user’.


EPAM PUBLIC 237

HARDWARE MACOS

MacOS instances are run in the dedicated EPAM-MAC region physically located in Minsk and Saint

Petersburg. By default, in EPAM-MAC (Minsk) location hardware Macmini servers are run with OS X 10.15.x,

while in additional EPAM-MAC (Saint Petersburg) location with OS X 10.12.x.

To access new hardware MacOS instances located in Minsk, perform the following steps:

1. Once an instance is deployed, authorize over SSH client using the default credentials:

• login - user

• password - <PROJECT-ID> (UPPERCASE)

2. Change the default password

3. Initiate VNC connection according to the standard instruction via VNC client and newly created

password for authentication:

a) Install the VNC Client to your workstation.

b) Run the VNC Client, and input your MacOS IP address or DNS name (as

HOSTNAME.cloud.epam.com):

Figure 167 - VNC Client start

4. Click Connect.

• On Authentication step, input the uppercased abbreviation of your project in UPSA:

Figure 168 - VNC client authentication

• Login to the instance with new credentials.

https://www.realvnc.com/download/viewer/


EPAM PUBLIC 238

To access new hardware MacOS instances located in Saint Petersburg, perform the following steps:

1. Install the VNC Client to your workstation.

2. Run the VNC Client, and input your MacOS IP address or DNS name (as

HOSTNAME.cloud.epam.com):

Figure 169 - VNC Client start

Click Connect.

3. On Authentication step, input the uppercased abbreviation of your project in UPSA:

Figure 170 - VNC client authentication

4. Login to the instance with user/user credentials.

It is highly recommended to change the default credentials after the first login.

VIRTUAL MACOS

To get access to a Virtual MacOS instance perform the following actions:

• Click the VNC icon next to the VM ID on the Management page to run the VNC Web Client, and login

to the VM using your domain credentials as soon as the connection is established:

If you login to VM via VNC client installed on your workstation, enter your Project_Name (upper case)

as a password and after that use your domain credentials as soon as the connection is established.

https://www.realvnc.com/download/viewer/


EPAM PUBLIC 239

Figure 171 - VNC web access link

Please note that the domain credentials are case sensitive.

After logging in to the VM, it is recommended to change the default credentials and to enable access

via the VNC standalone client.


EPAM PUBLIC 240

ANNEX F – MAESTRO CLI COMMANDS LIST

The table below gives the list of the existing Maestro CLI Commands, their descriptions and links to the

respective sections:

Command Description or2access Registers user domain credentials within Orchestrator

or2addattvol Creates and attaches a storage volume to the specified instance

or2addsch Creates a new schedule to start or stop existing instances using cron expressions.

or2adp Decrypts AWS password

or2ag Is used to manage Ansible groups.

or2agp Is used to manipulate Ansible groups properties.

or2ah Is used to manage Ansible hosts.

or2ai Initializes Ansible environment for the specified project and zone.

or2aem Manages Adobe AEM service

or2alsip Allocates a static IP for the project

or2assip Assigns a static IP to the VM

or2attvol Attaches the specified storage volume to the specified instance

or2audit Views all relevant instance-related information for the specified period

or2awsmc Returns a link for accessing the AWS Management Console

or2ccp Creates an instance recovery point

or2check Shows Maestro CLI client currently installed on your machine

or2chef Describes the project Chef server mode

or2cim Creates an image based on the instance

or2cm Sets one of the existing chef modes to the project

or2cmst Converts a Maestro Stack template into a CloudFormation stack template

or2console Activates instance console and provides access credentials to it

or2addkey Creates a key pair used to access instances without need to provide login credentials

or2dawsse Returns the events related to the specified stack

or2dawssr Returns the events related to the specified stack

or2dcp Lists all checkpoints created for the instance and their short descriptions

or2di Manipulates Docker container images

or2delawss Deletes one or more stacks for the specified region and project

or2delcp Deletes the specified instance checkpoint

or2delf Deletes a previously uploaded file from Orchestrator’s repository

or2delim Deletes custom machine images

or2delkey Deletes a specified key pair

or2delsch Deletes a previously created schedule

or2delp Deletes user-defined metadata from instances

or2deltag Deletes a custom tag from an instance or a volume

or2delvol Deletes a storage volume from the specified instance

or2detvol detaches a storage volume from the specified instance

or2df Describes the uploaded and available files for the specified project

or2dim Returns information about images

or2din Returns information about the instances that you own

or2dissip Disassociates a Static IP from a VM

or2dkey Describes pairs available for provided project and region

or2dlb Shows the list of the hosts in the load balancer group and their availability

or2dlog Gives the list of the logged instances and the DNS name of the GrayLog Server


EPAM PUBLIC 241

Command Description or2dmon Retrieves information about Zabbix-related items

or2dmstack Describes existing Maestro stacks for the specified project and region

or2dpro Lists of projects available for user

or2dreg Describes available virtualization regions for provided project and user credentials

or2dri Manipulates Docker registry images

or2dsch Describes previously uploaded and available schedules

or2dser Describes the services activated for the specified project and region

or2dsip Describes static IPs available for the project

or2dshape Describes available shapes for the provided project and user credentials

or2dtag Retrieves custom tags assigned to resources for billing purposes

or2dv Creates, describes or deletes a Docker volume

or2dvlans describes available VLANs for the selected project

or2dvol Describes a user’s storage volumes

or2ftp Makes existing S3 buckets available via FTP

or2ftpa Manages user access to AWS S3 via FTP

or2gcp Reverts to the specified checkpoint

or2getp Retrieves user-defined metadata from instances

or2help Lists all commands and their parameters

or2hr Generates a hardware server usage report

or2info Lists information of CLI Client current configuration

or2ikey Imports an existing key pair to the specified region

or2kill Terminates the specified instances

or2kn Manages Kubernetes nodes

or2kns Manages Kubernetes namespaces

or2kp Manages Kubernetes pods

or2krc Manages Kubernetes replication controllers

or2ks Manages Kubernetes services

or2lbconf Set the Load balancer configuration

or2lock Locks the specified instance from termination

or2log Starts collecting the logs from the specific instance

or2lum Registers an existing instance on Luminate

or2mivlan Moves specific instance under available VLAN

or2mm Manages Messaging Service messages

or2modhs Modifies the settings of a hardware server

or2mon Add an instance to Zabbix monitoring list

or2mq Manages Messaging service queues

or2ms Activates/deactivates available services for a particular project

or2price Lists prices for all activated shapes

or2rawss Launches a specified stack on AWS

or2rcp Reverts instance to the latest available checkpoint

or2rdb manages the relational database service

or2reboot Reboots specified instances

or2reghs Registers a dedicated instance as a hardware server in EPAM Cloud

or2relsip Releases a static IP from the project

or2report Prepares a monthly billing report

or2resvol Resizes the specified volume for instance

or2rmstack Runs a new maestro stack based on an existing template

or2run Launches the specified number of instances with provided shape and image

or2setp Assigns user-defined metadata to instances


EPAM PUBLIC 242

Command Description or2settag Assigns a custom tag to an instance or a volume for billing purposes

or2sm Remove an instance from the monitoring list

or2sr Manages Sonar rules

or2sqp Manages Sonar quality profiles

or2start Starts the specified stopped instances

or2stop Stops the specified instances

or2stoplog Removes the instance from logging list

or2ter Manages Terraform templates

or2sus Powers down an instance

or2uf Uploads a new file and saves it in Orchestrator

or2unreghs Unregisters hardware server

or2update Checks for updates and updates


EPAM PUBLIC 243

ANNEX G – PAAS GUEST OPERATING SYSTEMS

Service name Used Image

Artifactory as a Service (AFS) CentOS7_64-bit

Auto Configuration Service (ACS): Chef server (epc/user modes) /version 13 Ubuntu16.04_64-bit/Ubuntu16.04_64-bit

Cloud Monitoring Service (CMS): Zabbix Ubuntu16.04_64-bit

Docker/Docker registry (DOS) (with volumes)

The last stable version of the CoreOS_64-bit

CoreOS_899.13_64-bit

Docker/Docker registry Service (DOS) Ubuntu16.04_64-bit

Gerrit as a Service (GAS) Ubuntu 16.04_64-bit

Hybris as a Service (HAS) CentOS7_64-bit

Jenkins as a Service (JAS) Ubuntu18.04_64-bit

Kubernetes as a Service (KUB) Fedora CoreOS

Load Balancer Service (LBS) Ubuntu16.04_64-bit

Log Aggregation Service (LAS) Ubuntu16.04_64-bit

Magento as a Service (MAS) CentOS7_64-bit

Messaging Service (MES) Ubuntu16.04_64-bit

Relational Data Base Service (RDB) Mariadb Ubuntu16.04_64-bit

Relational Data Base Service (RDB) MSSQL (2012) W2012R2Std

Relational Data Base Service (RDB) MSSQL (2014) hardware W2012R2Std

Relational Data Base Service (RDB) MySQL Ubuntu16.04_64-bit

Relational Data Base Service (RDB) Oracle OracleLinux7_64-bit

Relational Data Base Service (RDB) PostgreSQL Ubuntu16.04_64-bit

Sonar as a Service (SQS) Ubuntu 16.04_64-bit

Telemetry as a Service (TMS) Ubuntu16.04_64-bit


EPAM PUBLIC 244

TABLE OF FIGURES

Figure 1 - or2help Command Output .................................................................................................................. 13

Figure 2 - Command help for incorrect parameters input ................................................................................... 13

Figure 3 - Command response with --help option ............................................................................................... 14

Figure 4 - or2access Response Example ........................................................................................................... 15

Figure 5 - or2check Response Example ............................................................................................................. 16

Figure 6 - or2info Response Example ................................................................................................................. 18

Figure 7 - or2update Response Example ........................................................................................................... 19

Figure 8 - or2dpro Response Example ............................................................................................................... 20

Figure 9 - or2dreg Response Example ............................................................................................................... 22

Figure 10 - or2dim Response Example ............................................................................................................... 24

Figure 11 - or2dshape Response Example (OpenStack-based region) ............................................................. 25

Figure 12 - or2run Response Example ............................................................................................................... 29

Figure 13 - or2stop Example Response .............................................................................................................. 30

Figure 14 - or2start Response Example ............................................................................................................. 31

Figure 15 - or2reboot Response Example .......................................................................................................... 32

Figure 16 - or2kill Response Example ................................................................................................................ 34

Figure 17 - or2lock Response Example .............................................................................................................. 35

Figure 18 - or2lock command repeated to allow instance termination ................................................................ 35

Figure 19 - or2din General Response Example .................................................................................................. 37

Figure 20 - or2din Response Example with Filters ............................................................................................. 37

Figure 21 - or2chshape Response Example ....................................................................................................... 38

Figure 22 - or2chshape Shape Expand Response Example .............................................................................. 38

Figure 23 - or2chow Response Example ............................................................................................................ 39

Figure 24 - or2vps Response Example ............................................................................................................... 40

Figure 25 - or2dvlans Response Example .......................................................................................................... 41

Figure 26 - or2mivlan Response Example .......................................................................................................... 42

Figure 27 - or2dsn command response .............................................................................................................. 43

Figure 28 - or2lt Response Example ................................................................................................................... 44

Figure 29 - or2addsch Response Example ......................................................................................................... 47

Figure 30 - or2dsch Response Example ............................................................................................................. 48

Figure 31 - or2schaddi Response Example ........................................................................................................ 49

Figure 32 - or2schremi Response Example ........................................................................................................ 50


EPAM PUBLIC 245

Figure 33 - or2delsch Response Example .......................................................................................................... 51

Figure 34 - or2setp Response Example .............................................................................................................. 55

Figure 35 - or2getp Response Example ............................................................................................................. 56

Figure 36 - or2delp Response Examples ........................................................................................................... 57

Figure 37 - or2cim Response Example ............................................................................................................... 59

Figure 38 - or2delim Response Example ............................................................................................................ 60

Figure 39 - TCP/IP Configuration (Windows) ...................................................................................................... 61

Figure 40 - Creating Local Windows User .......................................................................................................... 62

Figure 41 - Assigning Administrator Privileges to a Windows User .................................................................... 63

Figure 42 - Excluding Guest OS from Domain (Windows) .................................................................................. 64

Figure 43 - Renaming Guest OS (Windows) ....................................................................................................... 64

Figure 44 - Rebooting a VM in Azure region ....................................................................................................... 65

Figure 45 - or2addkey Response Example ......................................................................................................... 69

Figure 46 - or2ikey Response Example .............................................................................................................. 71

Figure 47 - or2dkey Response Example ............................................................................................................. 72

Figure 48 - or2delkey Response Example .......................................................................................................... 73

Figure 49 - or2console Response Example ........................................................................................................ 74

Figure 50 - Console credentials .......................................................................................................................... 75

Figure 51 - or2awsmc Response Example ......................................................................................................... 76

Figure 52 – or2iam Response Example .............................................................................................................. 77

Figure 53 - or2azmc Response Example ............................................................................................................ 78

Figure 54 - or2alsip Command Example ............................................................................................................. 81

Figure 55 - or2assip Command Example ............................................................................................................ 82

Figure 56 - or2dsip Command Response Example ............................................................................................ 83

Figure 57 - or2dissip Command Response ......................................................................................................... 84

Figure 58 - or2relsip Command Response ......................................................................................................... 85

Figure 59 - or2lum Command Response ............................................................................................................ 86

Figure 60 - or2dpp Command Response ............................................................................................................ 87

Figure 61 - or2addattvol Response Example ...................................................................................................... 89

Figure 62 - or2attvol Response Example ............................................................................................................ 90

Figure 63 - or2detvol Response Example ........................................................................................................... 91

Figure 64 - or2resvol Response Example ........................................................................................................... 92

Figure 65 - or2dvol Response Example .............................................................................................................. 94

Figure 66 - or2dvol Empty Response Example ................................................................................................... 94


EPAM PUBLIC 246

Figure 67 - or2delvol Response Example ........................................................................................................... 95

Figure 68 - df-h Response Example.................................................................................................................... 96

Figure 69 - Computer Management in Windows 8 .............................................................................................. 97

Figure 70 - or2ccp Response Example ............................................................................................................. 100

Figure 71 - or2dcp Response Example ............................................................................................................. 101

Figure 72 - or2gcp Response Example ............................................................................................................. 102

Figure 73 - or2rcp Response Example ............................................................................................................. 103

Figure 74 - or2delcp Response Example .......................................................................................................... 104

Figure 75 - or2reghs Response Example ......................................................................................................... 106

Figure 76 - or2unreghs Response Example ..................................................................................................... 107

Figure 77 - or2modhs Response Example ........................................................................................................ 109

Figure 78 - or2hr Response Example ............................................................................................................... 110

Figure 79 - Price Breakdown ............................................................................................................................. 111

Figure 80 - or2report Response Example ......................................................................................................... 113

Figure 81 - or2price Response Example ........................................................................................................... 116

Figure 82 - or2audit Response Example ........................................................................................................... 118

Figure 83 - Account report ................................................................................................................................. 119

Figure 84 - or2dacc Command Example .......................................................................................................... 120

Figure 85 - or2settag Response Example ......................................................................................................... 122

Figure 86 - or2dtag Response Example ........................................................................................................... 123

Figure 87 - or2deltag Response Example ......................................................................................................... 124

Figure 88 - or2uf Response Example ............................................................................................................... 126

Figure 89 - or2delf Response Example ............................................................................................................. 127

Figure 90 - or2df Response Example ............................................................................................................... 128

Figure 91 - or2sc Response Example ............................................................................................................... 129

Figure 92 - or2ter Response Example .............................................................................................................. 131

Figure 93 - or2rsawss Response Example ....................................................................................................... 132

Figure 94 - or2dawss Response Example ........................................................................................................ 133

Figure 95 - or2dawsse Response Example ...................................................................................................... 134

Figure 96 - or2dawssr Response Example ....................................................................................................... 136

Figure 97 - or2delawss Response Example ..................................................................................................... 137

Figure 98 - or2dmstack Response Example ..................................................................................................... 138

Figure 99 - or2rmstack -m Response Example ................................................................................................. 140

Figure 100 - or2delmstack -m Response Example ........................................................................................... 141


EPAM PUBLIC 247

Figure 101 - or2dmsr Response Example ........................................................................................................ 142

Figure 102 – or2vmst Response Example ........................................................................................................ 143

Figure 103 - or2cmst Response Example ......................................................................................................... 144

Figure 104 - or2-manage-service Response Example...................................................................................... 147

Figure 105 - or2dser Response Example (shown in 2 lines for better visibility) ............................................... 149

Figure 106 - or2cm Response Example ........................................................................................................... 153

Figure 107 - Disabling auto configuration for a specific OS .............................................................................. 153

Figure 108 - Reviewing information on the current status of the ACS .............................................................. 153

Figure 109 - or2dchef Response Example ........................................................................................................ 154

Figure 110 - The or2-validate-chef command output ........................................................................................ 155

Figure 111 - or2dmon Response Example ....................................................................................................... 157

Figure 112 - or2mon Response Example ......................................................................................................... 158

Figure 113 - or2stopmon Response Example ................................................................................................... 159

Figure 114 - Zabbix metrics details on UI ......................................................................................................... 160

Figure 115 - Zabbix Graph in web Interface ...................................................................................................... 161

Figure 116 - or2starttel Response Example ...................................................................................................... 163

Figure 117 - or2stoptel Response Example ...................................................................................................... 164

Figure 118 - or2dtelag Response Example ....................................................................................................... 165

Figure 119 - Telemetry agent with available metrics......................................................................................... 166

Figure 120 – or2tel Response Example ............................................................................................................ 167

Figure 121 - or2lbconf –-balancing Response Example ................................................................................... 173

Figure 122 - or2lbconf –-limit Response Example ............................................................................................ 174

Figure 123 - or2lbconf –-ban Response Example ........................................................................................... 175

Figure 124 - or2lbconf –-cache --url --expiration Response Example ............................................................. 175

Figure 125 - or2dlb Response Example ............................................................................................................ 176

Figure 126 - or2osc Command Response Example ......................................................................................... 178

Figure 127 - or2osc Command Response Example for compiling inventory file .............................................. 178

Figure 128 - or2di Command Response Example ............................................................................................ 181

Figure 129 - or2di -a Commit Response Example ............................................................................................ 181

Figure 130 - or2ds -a run Command Response ................................................................................................ 183

Figure 131 - or2ds -a describe Command Response ....................................................................................... 183

Figure 132 - or2dv Command Response .......................................................................................................... 184

Figure 133 - Docker volume deletion ................................................................................................................ 185

Figure 134 – Docker registry creation ............................................................................................................... 186


EPAM PUBLIC 248

Figure 135 - or2dri -a describe Response Example.......................................................................................... 187

Figure 136 - or2dri -a delete Response Example ............................................................................................. 187

Figure 137 - or2dd Command Response .......................................................................................................... 189

Figure 138 - or2kc response example ............................................................................................................... 191

Figure 139 - List of missing plugins ................................................................................................................... 193

Figure 140 - List of Jenkins plugins ................................................................................................................... 194

Figure 141 - Jenkins plugin uninstallation ......................................................................................................... 195

Figure 142 – Sonar Service Info (shown in two lines for better visibility) .......................................................... 200

Figure 143 – or2sqp Command Response ....................................................................................................... 202

Figure 144 - Rules activation for Sonar quality profile ...................................................................................... 202

Figure 145 – or2sr Command Response .......................................................................................................... 203

Figure 146 – Artifactory Service Info (shown in two lines for better visibility) ................................................... 205

Figure 147 - the or2rdb [-a describe] Response Example ................................................................................ 207

Figure 148 - or2rdb -a install Response Example ............................................................................................. 207

Figure 149 - or2rdb -a remove Response Example .......................................................................................... 207

Figure 150 - Magento service info (shown in two lines for better visibility) ....................................................... 208

Figure 151 - or2mq -a create Response Example ............................................................................................ 210

Figure 152 - or2mm -a send Command Response ........................................................................................... 211

Figure 153 - or2ai Response Example .............................................................................................................. 212

Figure 154 - or2ah Response Example ............................................................................................................ 213

Figure 155 - or2ag Response Example ............................................................................................................ 214

Figure 156 - or2agp Response Example .......................................................................................................... 215

Figure 157 – Fragment of or2adi Response Example ...................................................................................... 216

Figure 158 - Fragment of or2adi Response Example in a Formatted Way ...................................................... 216

Figure 159 - Troubleshooting Scheme .............................................................................................................. 217

Figure 160 - Describing available AWS regions ................................................................................................ 230

Figure 161 - Describing available Azure regions .............................................................................................. 231

Figure 162 - Describing available Google Cloud regions .................................................................................. 232

Figure 163 - Remote connection to a Windows instance .................................................................................. 234

Figure 164 - Connecting to a Windows VM in AWS.......................................................................................... 235

Figure 165 - Run instance letter with a password ............................................................................................. 235

Figure 166 - A Start Instance letter with IPs ...................................................................................................... 236

Figure 167 - VNC Client start ............................................................................................................................ 237

Figure 168 - VNC client authentication ............................................................................................................. 237


EPAM PUBLIC 249

Figure 169 - VNC Client start ............................................................................................................................ 238

Figure 170 - VNC client authentication ............................................................................................................. 238

Figure 171 - VNC web access link .................................................................................................................... 239


EPAM PUBLIC 250

VERSION HISTORY

The document is constantly updated since September 2012. The table below provides its main development

points until the beginning of 2015, and the detailed story starting from this year.

Version Date Summary

19.11 February 20, 2021 - Added a new command for Describing a workspace for a

project

19.10 December 18, 2020 - Updated description of or2run, or2uf and or2rebuild

command sections

19.9 October 31, 2020 - Updated Security Scanning section - Added a new command for Rebuilding an instance

19.8 August 22, 2020 - Updated Jenkins parameters - Updated RDB service section

19.7 June 27, 2020

- Added a new command and parameters for Luminate - Updated Chef version - Updated Jenkins version - Added information about creating custom Fedora CoreOS

images

19.6.9 April 18, 2020

- Updated Terminate instances section - Updated Hardware MacOS section - Updated Determining Available Images section - Updated Working with Volumes section - Updated Working with Volumes section

19.6.8 February 22, 2020

- Updated information about or2audit, or2ds, or2report commands

- User login information updated when logging into Windows VM in Google Cloud

- Removed Ambari Service - Removed Hybris as a service

- Updated Running Instances section - Updated Working with Volumes section - Updated Changing instance shape section

19.6.7 December 22, 2019 - Docker service information updated - Chef service information updated - Zabbix monitoring service information updated

19.6.6 October 26, 2019

- Updated Kubernetes Service information - Removed Sitecore as a Service - Removed ATG as a Service - Added or2dsn command

19.6.5 August 17, 2019 - Updated Linux images preparation

19.6.4 June 1, 2019

- Updated Customs Instance properties, syntax and template creation is added

- Hadoop, AEM, FTP2S3, Splunk services removed - OpenShift, Hybris, Sitecore services updated - Annex G is updated - OpenShift section is updated - Gnocchi version is updated

19.6.33 March 27, 2019 - Private cloud permissions for a specific user section added


EPAM PUBLIC 251

19.6.32 March 5, 2019

- Removed Terraform from files management commands - Added Terraform group to or2audit - Added --action parameter to or2ter command - Adobe AEM Service versions updated - Sonar Versions updated - Magento versions updated

19.6.31 February 19, 2019

- Management operations. Updated section 14.3.1. Parameters --s stacks - Added option --force to VM management operations for or2din, or2stop, or2reboot - Updated preparation for custom image creation from Linux instances instruction - Info about EPAM-HU2 updated

19.6.30 February 6, 2019 - Updated Project Role Mapping, Annex A – User Permissions

19.6.29 January 2019 - Updated the instance shape mapping

19.6.28 November 2018 - Added the or2ter command - Added the Terraform parameter to the or2ms command

19.6.27 September 8, 2018

- Updated checkpoint prices - Added information on AWS Launch Template - Added information on Terraform - Added info on --launch-template (-u) parameter to the or2run

command - Updated the information on --shape (-s) and -- image (-i)

parameters in the or2run command - Updated the information on --action (-a) parameter in the

or2ssm command - Terraform command added - AWS Launch Template command added - Updated Jenkins and Artifactory services description (they are

no longer unavailable in Google)

19.6.26 August 25, 2018 - Updated default permissions mapping

19.6.25 July 8, 2018 - Updated information on logging in to virtual MacOs - Added the information on the SSM service

19.6.24 June 30, 2018 - Removed info on the EPAM-DKR region

19.6.23 May 18, 2018 - Added the -resourceGroup parameter to the set of commands

for the work with Azure

19.6.22 April 4, 2018 - Updated the info about Kubernetes as Service

19.6.21 March 24, 2018

- Updated information about availability of the or2resvol command in different regions

- Removed the references to EPAM-KZ1 region. - Added info on the OpenShift service

19.6.20 February 22, 2018 - Update the description of the section 5.3 - Added 2 sections about the VMs in Azure regions

19.6.19 January 31, 2018

- Removed the ‘or2-suspend’ command - Added EPAM-UA2 region info - Updated EPAM-MAC region info with

MacOS_10.13_HighSierra - Updated the --use-sys-disc-size parameter info

19.6.18 January 28, 2017 - Updated the permissions mapping table

19.6.17 December 22, 2017 - RDB Service info update - OS for PaaS Service table added

19.6.16 December 15, 2017 - ACS info updated


EPAM PUBLIC 252

19.6.15 December 7, 2017 - Image creation availability for EPAM-KZ1 region updated - Info about Jenkins availability in different regions updated

19.6.14 December 6, 2017 - Image name and description restrictions update

19.6.13 December 1, 2017 - Shared Chef Server info updated - Chef 12 and Chef 11 availability info updated

19.6.12 November 30, 2017 - MSQ3 information removed

19.6.11 November 4, 2017 - Updated Creating Images and Disassociate Static IP Sections

19.6.10 September 9, 2017 - Updated checkpoints creation limitations - Updated Telemetry as a Service info - Updated EPAM-RU2 price in Annex D

19.6.9 July 15, 2017 - fixed-ip parameter removed from the description of or2-

allocate-static-ip command - Description of Telemetry as a Service added

19.6.8 May 20, 2017 - Description of Cloudify service removed - Information on static IP-related commands availability by

regions updated

19.6.7 April 8, 2017

- Updated info on Checkpoints (recommendation to create checkpoints on stopped instances)

- or2mjp command added - or2run command description updated with spot instance

parameters - Information about EPAM-BY2 region added

19.6.6 February 25, 2017

- Azure specifics is clarified for or2ikey command. - Google-related specifics added - or2adp command replaced with or2dp - Hybris as a Service info updated - Sonar as a Service info updated - Artifactory as a Service info added - Schedules info updated with --all -t options

19.6.5 December 16, 2016

- Kubernetes commands added - Sonar as a Service info added - or2dr (or2-docker-registry) command removed - Option of command output display in json format added - Classification changed from Confidential to Public, approved

by Dzmitry Pliushch

19.6.4 October 29, 2016

- Reference to EPAM-US1-PROD and EPAM-RU1 regions removed

- EPAM-US2 region added - Instructions for VM preparation for image creation updated

with information specific to Microsoft Azure regions - Backup Service commands added

19.6.3 September 3, 2016

- Updated or2rmstack command description - Note about Chef mode change added - Hyperlinks fixed - Updated permissions map - Added IND1 region info - Splunk as a Service info added - Magento as a Service info added - ATG as a Service info added - Sitecore as a Service info updated - AEM as a Service info updated

19.6.2 July 8, 2016 - Updated shapes limitations info


EPAM PUBLIC 253

19.6 July 2, 2016 - Added Services cooperation notifications - Commands related to security scanning added

19.5 May 22, 2016

- Updated Permissions table with new PMC Roles - Added “Finding the device parameter” section - Screenshots updated - Description of hardware-related commands added - Description of Kubernetes as a Service added - Updated regions table with Virtualization column

19.4 March 26, 2016

- Added 1.1 Getting CLI Help - Updated regions specifics info - Added Annex E – Logging in to Instances - Added or2lock command - Updated 2.3 Logging in to Instances - Docker Service info updated - Hybris Service info added

19.3 February 13, 2016

- Updated or2report, or2ac, or2help, or2dreg, or2din commands descriptions

- Updated or2dd examples - Added or2prkill command

19.2 December 20, 2015 - Added MES service commands - Issues fixed

19.1 November 7, 2015 - Issues fixed

19.0 September 6, 2015 - Renamed to csug_02_maestro_cli_user_guide - Updated layout, reviewed content.

18.0 April 26, 2014 - Totally restructured. The commands are grouped by purpose, additional info added.

15.22 September 4, 2013 - links throughout the document are revised

15.21 August 16, 2013 - related documents are updated

10.0 February 9, 2013 - Major revision including update of AWS-related command syntax, new commands, user permissions etc.

8.01 December 21, 2012 - Major command revision

4.1 October 9, 2012 - Restructured as user/reference guide - Setup section is shortened - Reference to setup guide is added

1.0 September 07, 2012 - First published

Documents

EPAM Cloud Orchestrator - Maestro CLI User Guidel=i/cirg_1_maestro_… · 1.2 Getting Maestro CLI Help ... 15.15 Magento as a Service ... • Getting Started section gives the instructions