Administration Guide / Manage Regions |
# ./region-config-tool.py region_name=region-1,cloud_cert=at-long-last-asap-region.pem,domain_name=h-33.autoqa.qa1.eucalyptus-systems.com region_name=region-2,cloud_cert=long-live-asap-region.pem,domain_name=g-22-07.autoqa.qa1.eucalyptus-systems.com -f test-region-config.json # cat test-region-config.json { "Regions": [ { "CertificateFingerprint": "ED:8F:9A:92:45:4D:37:F3:54:E4:2E:E7:26:28:EE:04:A1:DF:AD:82:87:60:A6:C3:4A:15:CB:D7:E9:F2:99:13", "CertificateFingerprintDigest": "SHA-256", "IdentifierPartitions": [ 1 ], "Name": "region-1", "Services": [ { "Endpoints": [ "http://identity.h-33.autoqa.qa1.eucalyptus-systems.com:8773/" ], "Type": "identity" }, { "Endpoints": [ "http://compute.h-33.autoqa.qa1.eucalyptus-systems.com:8773/" ], "Type": "compute" } ] }, { "CertificateFingerprint": "3A:69:0F:B3:A5:03:92:50:39:F2:C6:EB:E5:77:94:36:F9:36:12:E2:01:CA:AB:75:B2:6E:71:9B:D0:5E:61:94", "CertificateFingerprintDigest": "SHA-256", "IdentifierPartitions": [ 2 ], "Name": "region-2", "Services": [ { "Endpoints": [ "http://identity.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/" ], "Type": "identity" }, { "Endpoints": [ "http://compute.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/" ], "Type": "compute" } ] } ] }
[root@h-32 ~]# euctl -p region.region_name=region-1 PROPERTY region.region_name region-1 was {} [root@b-01 ~]# euctl -p region.region_name=region-2 PROPERTY region.region_name region-2 was {}
## region-1 $ openssl s_client -showcerts -connect 10.111.5.32:8773 < /dev/null 2>/dev/null | openssl x509 -noout -fingerprint -sha256 SHA256 Fingerprint=53:AE:4C:2F:D4:2D:AB:41:B9:F9:0B:B0:3E:DE:5D:94:3B:81:FC:FB:CC:58:3D:42:71:13:01:94:97:23:23:DD ## region-2 $ openssl s_client -showcerts -connect 10.111.1.1:8773 < /dev/null 2>/dev/null | openssl x509 -noout -fingerprint -sha256 SHA256 Fingerprint=07:52:F3:50:07:FB:C3:B7:28:AA:ED:D4:19:17:D4:05:E8:92:DE:8A:85:18:2E:6C:11:A9:84:56:D8:A
{ "Regions": [ { "Name": "region-1", "CertificateFingerprintDigest": "SHA-256", "CertificateFingerprint": "53:AE:4C:2F:D4:2D:AB:41:B9:F9:0B:B0:3E:DE:5D:94:3B:81:FC:FB:CC:58:3D:42:71:13:01:94:97:23:23:DD", "IdentifierPartitions": [ 1 ], "Services": [ { "Type": "identity", "Endpoints": [ "http://identity.h-33.autoqa.qa1.eucalyptus-systems.com:8773/" ] }, { "Type": "compute", "Endpoints": [ "http://compute.h-33.autoqa.qa1.eucalyptus-systems.com:8773/" ] } ] }, { "Name": "region-2", "CertificateFingerprintDigest": "SHA-256", "CertificateFingerprint": "07:52:F3:50:07:FB:C3:B7:28:AA:ED:D4:19:17:D4:05:E8:92:DE:8A:85:18:2E:6C:11:A9:84:56:D8:A3:82:03", "IdentifierPartitions": [ 2 ], "Services": [ { "Type": "identity", "Endpoints": [ "http://identity.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/" ] }, { "Type": "compute", "Endpoints": [ "http://compute.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/" ] } ] } ] }
[root@h-32 ~]# euctl -p region.region_name=region-1 PROPERTY region.region_name region-1 was {} [root@b-01 ~]# euctl -p region.region_name=region-2 PROPERTY region.region_name region-2 was {}
### region 1 [root@h-32 ~]# euctl region. PROPERTY region.region_configuration { "Regions": [ { "Name": "region-1", "CertificateFingerprintDigest": "SHA-256", "CertificateFingerprint": "53:AE:4C:2F:D4:2D:AB:41:B9:F9:0B:B0:3E:DE:5D:94:3B:81:FC:FB:CC:58:3D:42:71:13:01:94:97:23:23:DD", "IdentifierPartitions": [ 1 ], "Services": [ { "Type": "identity", "Endpoints": [ "http://identity.h-33.autoqa.qa1.eucalyptus-systems.com:8773/" ] }, { "Type": "compute", "Endpoints": [ "http://compute.h-33.autoqa.qa1.eucalyptus-systems.com:8773/" ] } ] }, { "Name": "region-2", "CertificateFingerprintDigest": "SHA-256", "CertificateFingerprint": "07:52:F3:50:07:FB:C3:B7:28:AA:ED:D4:19:17:D4:05:E8:92:DE:8A:85:18:2E:6C:11:A9:84:56:D8:A3:82:03", "IdentifierPartitions": [ 2 ], "Services": [ { "Type": "identity", "Endpoints": [ "http://identity.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/" ] }, { "Type": "compute", "Endpoints": [ "http://compute.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/" ] } ] } ] } PROPERTY region.region_enable_ssl true PROPERTY region.region_name region-1 PROPERTY region.region_ssl_ciphers RSA:DSS:ECDSA:TLS_EMPTY_RENEGOTIATION_INFO_SCSV:!NULL:!EXPORT:!EXPORT1024:!MD5:!DES PROPERTY region.region_ssl_default_cas true PROPERTY region.region_ssl_protocols TLSv1.2 PROPERTY region.region_ssl_verify_hostnames true ## region 2 [root@b-01 ~]# euctl region. PROPERTY region.region_configuration { "Regions": [ { "Name": "region-1", "CertificateFingerprintDigest": "SHA-256", "CertificateFingerprint": "53:AE:4C:2F:D4:2D:AB:41:B9:F9:0B:B0:3E:DE:5D:94:3B:81:FC:FB:CC:58:3D:42:71:13:01:94:97:23:23:DD", "IdentifierPartitions": [ 1 ], "Services": [ { "Type": "identity", "Endpoints": [ "http://identity.h-33.autoqa.qa1.eucalyptus-systems.com:8773/" ] }, { "Type": "compute", "Endpoints": [ "http://compute.h-33.autoqa.qa1.eucalyptus-systems.com:8773/" ] } ] }, { "Name": "region-2", "CertificateFingerprintDigest": "SHA-256", "CertificateFingerprint": "07:52:F3:50:07:FB:C3:B7:28:AA:ED:D4:19:17:D4:05:E8:92:DE:8A:85:18:2E:6C:11:A9:84:56:D8:A3:82:03", "IdentifierPartitions": [ 2 ], "Services": [ { "Type": "identity", "Endpoints": [ "http://identity.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/" ] }, { "Type": "compute", "Endpoints": [ "http://compute.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/" ] } ] } ] } PROPERTY region.region_enable_ssl true PROPERTY region.region_name region-2 PROPERTY region.region_ssl_ciphers RSA:DSS:ECDSA:TLS_EMPTY_RENEGOTIATION_INFO_SCSV:!NULL:!EXPORT:!EXPORT1024:!MD5:!DES PROPERTY region.region_ssl_default_cas true PROPERTY region.region_ssl_protocols TLSv1.2 PROPERTY region.region_ssl_verify_hostnames true
# euca-describe-regions REGION region-1 http://compute.h-33.autoqa.qa1.eucalyptus-systems.com:8773/ REGION region-2 http://compute.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/
After federation has been configuration correctly, create a non-system account on either cloud using the eucalyptus/admin user. In the example below, the non-system account test1 will be created. The credentials from the test1/admin user will be downloaded and sourced. The user will run DescribeAvailabilityZones against both clouds to confirm federation is working as expected.
[root@b-01 ~]# euare-accountcreate -a test1 test1 002093902049 [root@b-01 ~]# euare-accountlist eucalyptus 000163314767 (eucalyptus)objectstorage 000107497415 (eucalyptus)blockstorage 000831185453 (eucalyptus)loadbalancing 000744507680 (eucalyptus)aws-exec-read 000890823690 test1 002093902049 (eucalyptus)cloudformation 000993524712 (eucalyptus)database 000630877528 (eucalyptus)imaging 000789831484
# euare-useraddkey --region admin@test1
# euca-describe-regions REGION region-1 http://compute.h-33.autoqa.qa1.eucalyptus-systems.com:8773/ REGION region-2 http://compute.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/ # euca-describe-availability-zones -U http://compute.h-33.autoqa.qa1.eucalyptus-systems.com:8773/ AVAILABILITYZONE region1-az-one available # euca-describe-availability-zones -U http://compute.g-22-07.autoqa.qa1.eucalyptus-systems.com:8773/ AVAILABILITYZONE region2-az-one available