Contents
1 Introduction
This document describes how to manage the Atlas software.
1.1 Prerequisites
Before starting this procedure, ensure that the following conditions are met:
1.1.1 Conditions
The following is required:
- The system is ready to accept logon attempts from users.
- Root access is available for running the atlas command.
- Root access is available for running the swift command.
2 Atlas Command Overview
This section describes the atlas command syntax and the use of its command parameters.
2.1 Atlas Command and Parameters
The Atlas command suite is implemented by scripting technology. Its purpose is to support software management.
After a successful logon, the atlas command and its parameters are available, as shown in Table 1.
|
Command |
Parameter |
Description |
|---|---|---|
|
sudo atlas |
backup-create --p <password> |
Creates a backup of the key configuration files and folders
contained in the Atlas image, |
|
backup-list |
Lists the available backup files, | |
|
backup-restore --d <ID> --p <password> |
Restores the key configuration files and folder from a
backup, | |
|
cert-create |
Generates self signed default certificates which are not sufficient for a secure TLS communication.(1) | |
|
endpoint-init --host <public host-ip> <internal host-ip> |
Creates endpoints for OVFT, MISTRAL and HEAT in Keystone, | |
|
user-init |
Creates OVFT, MISTRAL and HEAT users in Keystone, | |
|
--help |
Prints the atlas command syntax, | |
|
--version |
Prints the current version of Atlas, | |
|
update-network <args> |
Updates the interfaces of Atlas, |
(1) For more information
on the necessary TLS certificates, refer to the "Conditions" section of the documents SW Installation in Multi-Server Deployment and SW Installation in Single Server Deployment.
2.2 Create Backups
The command syntax is as follows:
sudo atlas backup-create [--name <backup name>] --p <password>
The optional parameter --name is used to set the name of the backup. The default name is AtlasBackup. The backup name can only contain letters, numbers, and underscores. No special characters are allowed.
The positional parameter --p is used to encrypt backup during backup creation.
To back up the most important files and folders to the current directory, enter the following:
atlasadm@atlas:~ $ sudo atlas backup-create --name atlas --p atlas_password
The resulting output is shown in Example 1.
2.3 List Backups
To view the available backup files, enter the following:
atlasadm@atlas:~ $ sudo atlas backup-list
The resulting output is shown in Example 2.
2.4 Restore Backups
To restore the most important files and folders from a backup file in the current path, enter the following:
atlasadm@atlas:~ $ sudo atlas backup-restore --d 1465911268 --p atlas_password
The resulting output is shown in Example 3.
2.5 Create OVFT, MISTRAL and HEAT Endpoints in Keystone
To create endpoints in Keystone for OVFT, MISTRAL and HEAT, enter the following:
atlasadm@atlas:~
$ sudo atlas endpoint-init --host public.atlas.local
public.atlas.local
The resulting output is shown in Example 4.
Example 4 Atlas Endpoint Init
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Workflow service | | enabled | True | | id | c78b349385f442ecbb77bf1292bab18d | | name | mistral | | type | workflowv2 | +-------------+----------------------------------+ Deleting existing Mistral endpoint Creating Mistral endpoints +--------------+------------------------------------+ | Field | Value | +--------------+------------------------------------+ | adminurl | https://public.atlas.local:8989/v2 | | id | a9ef5b440957472985ab895847e3a57d | | internalurl | https://public.atlas.local:8989/v2 | | publicurl | https://public.atlas.local:8989/v2 | | region | RegionOne | | service_id | c78b349385f442ecbb77bf1292bab18d | | service_name | mistral | | service_type | workflowv2 | +--------------+------------------------------------+ +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OVF Translator | | enabled | True | | id | b45768bf8cd8425fa0f9fa5f277aeff2 | | name | ovft | | type | translator | +-------------+----------------------------------+ Deleting existing Ovft endpoint Creating Ovft endpoints +--------------+--------------------------------------------------+ | Field | Value | +--------------+--------------------------------------------------+ | adminurl | https://public.atlas.local:8888/v1/$(tenant_id)s | | id | 4021bc663b2c493f86d611f428d01fd0 | | internalurl | https://public.atlas.local:8888/v1/$(tenant_id)s | | publicurl | https://public.atlas.local:8888/v1/$(tenant_id)s | | region | RegionOne | | service_id | b45768bf8cd8425fa0f9fa5f277aeff2 | | service_name | ovft | | service_type | translator | +--------------+--------------------------------------------------+ +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Heat Orchestration | | enabled | True | | id | 6efc3f6a09bc404c84970c2bb093acd9 | | name | heat | | type | orchestration | +-------------+----------------------------------+ Deleting existing Heat endpoint Creating Heat endpoints +--------------+--------------------------------------------------+ | Field | Value | +--------------+--------------------------------------------------+ | adminurl | https://public.atlas.local:8004/v1/$(tenant_id)s | | id | dd828421405e417b9e39bf73964573f1 | | internalurl | https://public.atlas.local:8004/v1/$(tenant_id)s | | publicurl | https://public.atlas.local:8004/v1/$(tenant_id)s | | region | RegionOne | | service_id | 6efc3f6a09bc404c84970c2bb093acd9 | | service_name | heat | | service_type | orchestration | +--------------+--------------------------------------------------+ +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Heat CloudFormation | | enabled | True | | id | 7cf2431134b84c329913b74e568dc772 | | name | heat-cfn | | type | cloudformation | +-------------+----------------------------------+ Deleting existing Heat-cfn endpoint Creating Heat-cfn endpoints +--------------+------------------------------------+ | Field | Value | +--------------+------------------------------------+ | adminurl | https://public.atlas.local:8000/v1 | | id | fc90c2447e9649aa85472fb40b2d55c0 | | internalurl | https://public.atlas.local:8000/v1 | | publicurl | https://public.atlas.local:8000/v1 | | region | RegionOne | | service_id | 7cf2431134b84c329913b74e568dc772 | | service_name | heat-cfn | | service_type | cloudformation |
2.6 Create OVFT, MISTRAL and HEAT Users in Keystone
To create users in Keystone for OVFT, MISTRAL and HEAT, enter the following:
atlasadm@atlas:~
$ sudo atlas user-init
The resulting output is shown in Example 5.
- Note:
- Each time the command is executed, a new user is created after deleting the existing users.
Example 5 Atlas User Init
+------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | email | mistral@example.com | | enabled | True | | id | 0d3a48e1cf814e8895ffabc4bd2b3ba1 | | name | mistral | | project_id | 22fd28267ac44929ab70967d5963e1fb | | username | mistral | +------------+----------------------------------+ +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | email | mistral@example.com | | enabled | True | | id | 233283bf2c014604972e4056f32b5bfd | | name | mistral | | project_id | 22fd28267ac44929ab70967d5963e1fb | | username | mistral | +------------+----------------------------------+ +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 5e2b5e5e9a95493080cc86affd190ad1 | | name | admin | +-------+----------------------------------+ +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | email | ovft@example.com | | enabled | True | | id | aff611fe263447649950ef007dfb90e1 | | name | ovft | | project_id | 22fd28267ac44929ab70967d5963e1fb | | username | ovft | +------------+----------------------------------+ +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | email | ovft@example.com | | enabled | True | | id | 57223f27ac364c429028af3f2f21f351 | | name | ovft | | project_id | 22fd28267ac44929ab70967d5963e1fb | | username | ovft | +------------+----------------------------------+ +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 5e2b5e5e9a95493080cc86affd190ad1 | | name | admin | +-------+----------------------------------+ +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | email | heat@example.com | | enabled | True | | id | 919bca6fe9c044388c7850738084d245 | | name | heat | | project_id | 22fd28267ac44929ab70967d5963e1fb | | username | heat | +------------+----------------------------------+ +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | email | heat@example.com | | enabled | True | | id | 5451d5cc2b5f4658a42260fe6bd1c946 | | name | heat | | project_id | 22fd28267ac44929ab70967d5963e1fb | | username | heat | +------------+----------------------------------+ +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 5e2b5e5e9a95493080cc86affd190ad1 | | name | admin | +-------+----------------------------------+ +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 7ba93109c5b74cc3b08ac7b980a03d82 | | name | heat_stack_user | +-------+----------------------------------+ +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 6c74920126324dab862849eedd170898 | | name | heat_stack_user | +-------+----------------------------------+
2.7 Help
To view the syntax of the atlas command,
enter the following:
atlasadm@atlas:~ $ sudo atlas --help
The resulting output is shown in Example 6.
Example 6 Atlas Help
Atlas Utility Functions ATLAS-CXC1737937_3-R2A03-83 efb9960-7030 usage: atlas [options] <argv>... Options: --help, -h show this help message and exit. --version show program's version number and exit user-init Create ovft and heat users in keystone endpoint-init Create endpoints for ovft and heat in keystone cert-create Create initial set of self-signed certs backup-create Create new Atlas backup backup-restore Restore from existing backup backup-list List existing backups by date update-network Update network interfaces of Atlas
2.8 Version
To view the exact version of the Atlas Virtual Machines (VMs),
enter the following:
atlasadm@atlas:~ $ sudo atlas --version
The resulting output is shown in Example 7.
2.9 Update Network
To update the interfaces of the Atlas VMs, enter the following:
atlasadm@atlas:~ $ sudo atlas update-network NBI_IP SBI_IP GATEWAY_NBI GATEWAY_SBI CIDR_SBI CIDR_PUBLIC NBI_MASK SBI_MASK
- Note:
- For CIDR_PUBLIC, use cee_om_sp, the network used for vCIC northbound communication.
The resulting output is shown in Example 8.
Example 8 Atlas Update Network
atlasadm@atlas:~ $ sudo atlas update-network 10.33.168.4 10.33.168.36 10.33.168.1 10.33.168.33 10.33.168.32/27 10.33.168.96/27 255.255.255.224 255.255.255.224 ssh stop/waiting ssh start/running, process 5831
3 Swift Command Overview
This section describes the swift command, which is used to upload and download the Atlas backup files.
- Note:
- Before the swift command can be
entered, use source openrc for OpenStack
credentials and change the user from atlasadm to root:
atlasadm@atlas:~ $ source openrc
atlasadm@atlas:~ $ sudo -i
Additionally, the AtlasBackups container must exist in Swift.
3.1 Swift Command and Parameters
The syntax of the swift command and its parameters are shown in Table 2.
|
Command |
Parameter |
Description |
|---|---|---|
|
swift |
download |
Downloads backup files from Swift, |
|
list |
Lists the available backup files in Swift, | |
|
upload |
Upload backup files to Swift, |
3.2 Download Backup Files
To download the backup directory from Swift , enter the following:
root@atlas:~# cd /var/archives
root@atlas:/var/archives/# swift download AtlasBackups -p <atlas_backupname><ID>
where atlas_backupname is the name of the backup and ID is the ID of the backup.
The command input is shown in Example 9.
Example 9 Swift Download Backup
root@atlas:/var/archives# swift download AtlasBackups -p atlas_backup1465911268
3.3 List Backup Files
To list the backup files in Swift, enter
the following:
root@atlas:~ # swift list
AtlasBackups
To achieve an output for a specific ID only, add the following
to the command:
| grep <ID>
The command and the resulting output, using a specific ID, is shown in Example 10.
Example 10 Swift List Backup
root@atlas:~ # swift list AtlasBackups | grep 1465911268 atlas_backup1465911268/atlas_backup.1465911268-all-mysql-databases.sql.bz2.enc atlas_backup1465911268/atlas_backup.1465911268-etc-puppet-hieradata-passwords.⇒ yaml.master.tar.gz.enc atlas_backup1465911268/atlas_backup.1465911268-home-atlasadm.master.tar.gz.enc atlas_backup1465911268/atlas_backup.1465911268-root.master.tar.gz.enc atlas_backup1465911268/atlas_backup.1465911268.sha256.enc
3.4 Upload Backup Files
To upload backup files to Swift, enter the following:
root@atlas:~# cd /var/archives
root@atlas:/var/archives/ # swift upload AtlasBackups *<ID>*
The input, using the ID, is shown in Example 11.
Example 11 Swift Upload Backup - Date
root@atlas:/var/archives/ # swift upload AtlasBackups *1465911268*
The input, using the file names, is shown in Example 12.
Example 12 Swift Upload Backup - Date
root@atlas:/var/archives/# swift upload AtlasBackups atlas_backup1465911268/atlas_backup.⇒ 1465911268-all-mysql-databases.sql.bz2.enc root@atlas:/var/archives/# swift upload AtlasBackups atlas_backup1465911268/atlas_backup.⇒ 1465911268-etc-puppet-hieradata-passwords.yaml.master.tar.gz.enc root@atlas:/var/archives/# swift upload AtlasBackups atlas_backup1465911268/atlas_backup.⇒ 1465911268-home-atlasadm.master.tar.gz.enc root@atlas:/var/archives/# swift upload AtlasBackups atlas_backup1465911268/atlas_backup.⇒ 1465911268-root.master.tar.gz.enc root@atlas:/var/archives/# swift upload AtlasBackups atlas_backup1465911268/atlas_backup.⇒ 1465911268.sha256.enc
4 Configure Legal Warning
Procedure to configure legal warning (Atlas GUI/CLI):
- Configure legal warning for CLI:
- Log in as atlasadm user:
root@cic-0-1:~# ssh atlasadm@<atlas.sbi.ip>
- Switch user to root:
atlasadm@atlas:~$ sudo su
[sudo] password for atlasadm:
root@atlas:/home/atlasadm#
- Update following text in file /etc/issue
Login to Atlas:
This system is restricted solely to Ericsson authorized users for legitimate business purposes only. The actual or attempted unauthorized access, use, or modification of this system is strictly prohibited by Ericsson. Unauthorized users are subject to Company disciplinary proceedings and/or criminal and civil penalties under state, federal, or other applicable domestic and foreign laws. The use of this system may be monitored and recorded for administrative and security reasons. Anyone accessing this system expressly consents to such monitoring and is advised that if monitoring reveals possible evidence of criminal activity, Ericsson may provide the evidence of such activity to law enforcement officials. All users must comply with Ericsson Security Policy & Requirements regarding the protection of Ericsson information assets.
- Log in as atlasadm user:
- Configure legal warning for GUI:
- Log in as atlasadm user:
root@cic-0-1:~# ssh atlasadm@<atlas.sbi.ip>
- Switch user to root:
atlasadm@atlas:~$ sudo su
[sudo] password for atlasadm:
root@atlas:/home/atlasadm#
- Update following text in file /usr/lib/python2.7/dist-packages/horizon/templates/auth/_login.ericsson.html
Only authorized users may access the system. Unauthorized users are subject to disciplinary proceedings and/or criminal and civil penalties.
- Log in as atlasadm user:
5 Manage Atlas Users
An administrator user can create or delete Atlas users.
5.1 Create User
As an administrator user, perform following steps to create a user:
- Note:
- The password must be of 12 or more characters with at least three special, numeric, lowercase and uppercase characters.
- Log on to Atlas VM:
ssh atlasadm@<Atlas_IP>
atlasadm@atlas:~$ - Create a user by issuing the following commands:
atlasadm@atlas:~$ sudo adduser new_user
[sudo] password for atlasadm:
Adding user `new_user' ...
Adding new group `new_user' (1003) ...
Adding new user `new_user' (1003) with group `new_user' ...
Creating home directory `/home/new_user' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for new_user
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] - Verify the new user by logging on to Atlas with the new
user credentials:
ssh new_user@<Atlas_IP>
5.2 Delete User
As an administrator user, perform following steps to delete a user:
- Log on to Atlas VM:
ssh atlasadm@<Atlas_IP>
atlasadm@atlas:~$ - Delete the user:
atlasadm@atlas:~$ sudo deluser new_user
- Note:
- The details of all the user logon activities are logged in /var/log/auth.log.