Creating an ECS That Supports InfiniBand NICs

Scenarios

You can obtain scalable ECSs on the public cloud platform within minutes based on requirements. This section describes how to create an ECS that supports InfiniBand NICs both on the management console and by calling HTTPS-based APIs.

Through the Management Console

1. Log in to the management console.
2. Under Computing, click Elastic Cloud Server.

   The Elastic Cloud Server page is displayed.

3. Click Create ECS.
4. Configure basic information about the ECS to be created. For details, see Table 1.

   Table 1 Parameter description

   Parameter	Description	Example Value
   Region	If the region is incorrect, click in the upper left corner of the page for correction.	AP-Singapore
   AZ	An AZ is a physical location where resources use independent power supply and networks. AZs are physically isolated but interconnected through an internal network. To enhance application availability, create ECSs in difference AZs. To shorten network latency, create ECSs in the same AZ.	az-01
   Specifications	Select the H2 or HI3 ECS.	h2.4xlarge.8
   DeH	Physical host resources dedicated for a specified user. This parameter is not required. HPC involves only one ECS on a host, and no DeH is required.	N/A
   Image	Public image A public image is a standard, widely used image. It contains an OS and preinstalled public applications and is available to all users. You can configure the applications or software in the public image as needed. To select a public image, set Image to Public image and select a desired one from the drop-down lists. Private image A private image is an image available only to the user who created it. It contains an OS, preinstalled public applications, and the user's private applications. Using a private image to create ECSs removes the need to configure multiple ECSs repeatedly. To select a private image, set Image to Private image and select a desired one from the drop-down list. You can also select an encrypted image. For details, see Image Management Service User Guide. Shared image A shared image is a private image shared by another public cloud user. To select a shared image, set Image to Shared image and select a desired one from the drop-down list. Marketplace image A Marketplace image is a third-party image that has the OS, application environment, and software pre-installed. You can use the images to deploy websites and application development environments with a few clicks. No additional configuration operation is required. To select a Marketplace image, set Image to Marketplace image, click Select Image following the Image text box, and select a desired one in the displayed dialog box.	Public image
   License Type	Specifies a license type for using an OS or software on the public cloud platform. This parameter is optional. If the image you selected is free of charge, this parameter is unavailable. If the image you selected is charged, such as a SUSE, Oracle Linux, or Red Hat image, this parameter is available. Use the system license Allows you to use the license provided by the public cloud platform. Obtaining the authorization of such a license is charged. Bring your own license (BYOL) Allows you to use your existing OS license. In such a case, you do not need to apply for a license again.	Bring your own license (BYOL)
   Disk	Also called the EVS disk, which can be a system disk or data disk. System Disk If the image based on which an ECS is created is not encrypted, the system disk of the ECS is not encrypted. In addition, Unencrypted is displayed for the system disk on the page. If the image based on which an ECS is created is encrypted, the system disk of the ECS is automatically encrypted. For details, see section (Optional) Encryption-related parameters. Data Disk You can create multiple data disks for an ECS and configure sharing and encryption functions as well as device type for each data disk. SCSI: indicates that the device type of the data disk is SCSI. SCSI EVS disks support transparent SCSI command transmission and allow the server OS to directly access the underlying storage media. In addition to supporting simple SCSI I/O commands, SCSI EVS disks support advanced SCSI commands. NOTE: If SCSI is not selected, VBD EVS disks are created by default, which support only simple SCSI read-write commands. Share: indicates that the EVS disk is shared. Such an EVS disk can be attached to multiple ECSs. Encryption: indicates that the data disk is encrypted. For details, see section (Optional) Encryption-related parameters. (Optional) Encryption-related parameters To enable encryption, click Create Xrole to grant KMS access rights to EVS. If you have rights granting permission, grant the KMS access rights to EVS. If you do not have the permission, contact the user having the security administrator rights to grant the KMS access rights. Encrypted: indicates that the EVS disk has been encrypted. Create Xrole: grants KMS access rights to EVS to obtain KMS keys. After the rights are granted, follow-up operations do not require rights granting again. KMS Key Name: specifies the name of the key used by the encrypted EVS disk. By default, the name is evs/default. Xrole Name: EVSAccessKMS: indicates that rights have been granted to EVS to obtain KMS keys for encrypting or decrypting EVS disks. KMS Key ID: specifies the ID of the key used by the encrypted data disk. For details about EVS disk types, device types, shared EVS disks, and encryption, see Elastic Volume Service User Guide.	System disk: ultra-high I/O, 40 GB

5. Set network parameters, including VPC, Security Group, NIC, and EIP.

   When you use VPC for the first time, the system automatically creates a VPC for you, including the security group and NIC.

   Table 2 Parameter description

   Parameter	Description	Example Value
   VPC	Provides a network, including subnet and security group, for an ECS. You can select an existing VPC, or click View VPC and create a desired one. NOTE: ECSs in an HPC cluster must belong to the same VPC and subnet.	N/A
   Security Group	Controls ECS access within a security group or between security groups by defining access rules. You can define different access control rules for a security group, and these rules take effect for all ECSs added to this security group. When creating an ECS, you can select multiple security groups (no more than five is recommended). In such a case, the access rules of all the selected security groups apply on the ECS. NOTE: Before initializing an ECS, ensure that security group rules in the outbound direction meet the following requirements: Protocol: TCP Port Range: 80 Remote End: 169.254.0.0/16 If you use the default security group rule in the outbound direction, the preceding requirements are met, and the ECS can be initialized. The default security group rule in the outbound direction is as follows: Protocol: ANY Port Range: ANY Remote End: 0.0.0.0/16	N/A
   NIC	Includes primary and extension NICs. You can add multiple expansion NICs to an ECS and specify IP addresses for them (including primary NICs).	N/A
   EIP	A static public IP address bound to an ECS in a VPC. Using the EIP, the ECS provides services externally. The following options are provided: Auto assign: The system automatically assigns an EIP for the ECS. The EIP provides exclusive bandwidth that is configurable. : An existing EIP is assigned for the ECS. When using an existing EIP, you cannot create ECSs in batches.	Auto assign

6. Set Login Mode.
   Key pair is recommended because it features higher security than Password. If you select Password, ensure that the password meets complexity requirements listed in Table 3 to prevent malicious attacks.

   • Key pair

     A key pair is used for ECS login authentication. You can select an existing key pair, or click View Key Pair and create a desired one.

     NOTE:

     If you use an existing key pair, make sure that you have saved the key file locally. Otherwise, logging in to the ECS will fail.

   • Password

     If you choose the initial password for authentication in an ECS, you can log in to an ECS using the username and its initial password.

     The initial password of user root is used for authentication in Linux, while that of user Administrator is used for authentication in Windows.

     Table 3 Password complexity requirements

     Parameter	Requirement	Example Value
     Password	Consists of 8 to 26 characters. Contains at least three of the following character types: Uppercase letters Lowercase letters Digits Special characters for Windows: $!@%-_=+[]:./,? Special characters for Linux: !@%-_=+[]:./^,{}? Cannot contain the username or the username spelled backwards. Cannot contain more than two consecutive characters in the same sequence as they appear in the username. (This requirement applies only to Windows ECSs.)	YNbUwp!dUc9MClnv NOTE: The example password is generated randomly. Do not use it.

     NOTE:

     The system does not automatically change the password for logging in to an ECS on a regular basis. It is recommended that you change your password regularly for security.

7. Configure Advanced Settings.
   To use functions listed in Advanced Settings, click Configure now. Otherwise, click Do not configure.

   • File Injection

     Enables the system to automatically inject a script file or other files into a specified directory on an ECS when you create the ECS. This configuration is optional. After the file injection function is enabled, the system automatically injects files into a specified directory when creating an ECS.

   • User Data Injection

     Enables the ECS to automatically inject user data when the ECS starts for the first time. This configuration is optional. After this function is enabled, the ECS automatically injects the user data upon its first startup.

   • ECS Group

     An ECS group applies the anti-affinity policy to the ECSs in it so that the ECSs can be distributed on different hosts.

     NOTE:

     If you use a shared EVS disk of the SCSI type as the data disk, you are suggested to configure an ECS group for the ECS to be created to support SCSI-locking commands.

   • Tag

     Tags an ECS, facilitating ECS identification and management.

     This configuration is optional.

8. Set ECS Name.

   The name can be customized but can contain only letters, digits, underscores (_), hyphens (-), and periods (.).

   If you want to create multiple ECSs at a time, the system automatically sequences these ECSs.

9. Configure the number of ECSs to be created.

   After the configuration, click Price Calculator to view the ECS configuration fee.

10. Click Next.
11. On the page for you to confirm ECS configurations, view details about the ECS.

    After confirming ECS configurations, click Submit.

    After an ECS is created, you can view information about it on the Elastic Cloud Server page.

12. (Optional) If you create the ECS with a data disk added, initialize the disk after the ECS is created.

    For details, see section "Initializing an EVS Data Disk" in Elastic Volume Server User Guide.

Through APIs

The following operations describe how to create an H2 ECS:

1. Obtain the token information.
   • URI

     POST /v3/auth/tokens

   • Example request

     curl -i -k -H 'Accept:application/json;charset=utf8' -H 'Content-Type:application/json' -d '
     {"auth": {"identity": {"methods": ["password"],"password": {"user": {"name": "$OS_USERNAME","password": "$OS_PASSWORD","domain": {"name":"$OS_USER_DOMAIN_NAME""}}}},"scope": {"project": {"name": "eu-de"}}}}' -X POST https://iam.eu-de.otc.t-systems.com/v3/auth/tokens
   • Example response
     Figure 1 Obtaining the token
     
2. Create a VPC.
   • URI

     POST /v1/{$tenant_id}/ vpcs

   • Example request

     curl -i -k -H 'Accept:application/json;charset=utf8' -H 'Content-Type:application/json' -H "X-Auth-Token:$TOKEN " -d '
     {
           "vpc": {
                    "name": "vpc-test",
                    "cidr": "192.168.0.0/16"
           }
     }' -X POST https://iam.eu-de.otc.t-systems.com:443/v1/{$tenant_id}/vpcs
   • Example response

     VPC-id: 97701dc4-bfd3-4021-8b89-044486c8b317

     Figure 2 Creating a VPC
     
3. This interface is used to create a subnet.
   • URI

     POST /v1/{$tenant_id}/subnets

   • Example request

     curl-i-k-H'Accept: application/json;charset=utf8'-H'Content-Type: application/json'-H"X-Auth-Token:$TOKEN "-d'{
         "subnet": {
             "name": "subnet_test",
             "cidr": "192.168.30.0/24",
             "gateway_ip": "192.168.30.1",
             "dhcp_enable": "true",
             "primary_dns": "114.114.114.114",
             "secondary_dns": "114.114.115.115",
             "availability_zone": "eu-de-01",
             "vpc_id": "97701dc4-bfd3-4021-8b89-044486c8b317"
         }
     }'-XPOSThttps: //iam.eu-de.otc.t-systems.com: 443/v1/{
         $tenant_id
     }/subnets
   • Example response

     Subnet-id: 6712fc43-a196-4973-8b5e-5e4763f6449b

     Figure 3 Creating a subnet
     
4. Create an EIP.
   • URI

     POST /v1/{$tenant_id}/publicips

   • Example request

     curl -i -k -H 'Accept:application/json;charset=utf8' -H 'Content-Type:application/json' -H 'X-Auth-Token:$TOKEN ' -d '{"publicip":{"type":"5_bgp"},"bandwidth":{"name":"apiTest","size":111,"share_type":"PER","charge_mode":"traffic"}}' -X POST https://iam.eu-de.otc.t-systems.com:443/v1/{$tenant_id}/publicips
   • Example response

     EIP:160.44.202.11

     EIP ID: ce6699ba-5f0f-4963-a03e-c6277a9fdaf9

     Figure 4 Creating an EIP
     
5. Query the flavor list.
   • Using the client

     Run the following command to query the flavor list:

     nova flavor-list

     Figure 5 Querying the flavor list
     

     nova flavor-list | grep h2

     Figure 6 Querying the H2 ECS flavor list
     
   • Using the curl command
     • URI

       GET /v2/{$tenant_id}/flavors/detail

     • Example request

       curl -g -i -X GET https://iam.eu-de.otc.t-systems.com:443/v2/{$tenant_id}/flavors/detail -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
     • Example response

       Flavor id Example: h2.3xlarge.10

       Figure 7 Querying the flavor list
       
6. Query the image list.
   • Using the client

     Run the following command to query the image list:

     glance image-list

     Figure 8 Querying the image list
     
   • Using the curl command
     • URI

       GET /v2/{$tenant_id}/images/detail

     • Example request

       curl -g -i -X GET https://iam.eu-de.otc.t-systems.com:443/v2/{$tenant_id}/images/detail -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token:$TOKEN"
     • Example response

       Image id Example: 7474de73-9618-4c6a-afaa-df60df57c9b9

       Figure 9 Querying the image list
       
7. Creating an ECS.
   • URI

     POST /v2/{project_id}/servers

   • Example request

     curl -i -k -H 'Accept:application/json;charset=utf8' -H 'Content-Type:application/json' -H 'X-Auth-Token:$TOKEN' -d '{"server": {"availability_zone": "eu-de-01","adminPass": "Test@123","name": "h2_vm","flavorRef": "h2.3xlarge.10","networks": [{"uuid":"6712fc43-a196-4973-8b5e-5e4763f6449b"}],"imageRef":"7474de73-9618-4c6a-afaa-df60df57c9b9"}}' -X POST https://46.29.103.37:443/v2/240bb6c5e42849669fc49933c185232b/servers
   • Example response

     {
         "server": {
             "security_groups": [
                 {
                     "name": "default"
                 }
             ],
             "OS-DCF:diskConfig": " MANUAL",
             "id": "877a2cda-ba63-4e1e-b95f-e67e48b6129a",
             "links": [
                 {
                     "href": "https://46.29.103.37:443/v2/240bb6c5e42849669fc49933c185232b/servers/877a2cda-ba63-4e1e-b95f-e67e48b6129a",
                     "rel": "self"
                 },
                 {
                     "href": "http://46.29.103.37:443/240bb6c5e42849669fc49933c185232b/servers/877a2cda-ba63-4e1e-b95f-e67e48b6129a",
                     "rel": "bookmark"
                 }
             ],
             "adminPass": "******"
         }
     }
8. Run the following command to query the NIC ID of the ECS:

   nova interface-list {$VMID}

   Information similar to the following is displayed.

   Figure 10 Querying the NIC ID
   

   The NIC ID is Vmid= eaf85b32-9912-4630-a9db-ab2d9b7c18b4.

9. Run the following command to create a data disk:

   cinder create --name datavolume --volume-type SATA --availability-zone eu-de-01 60

   Information similar to the following is displayed.

   Figure 11 Creating a data disk
   

   The data disk ID is Datadiskid= d3a60e1a-3922-4821-883c-a7b8a19e0856.

10. Run the following command to check the data disk status:

    cinder show {volumeId}

    If the data disk status is available, you can attach it to the ECS.

11. Run the following command to attach the data disk to the ECS:

    nova volume-attach {serverId} {volumeId} device_name

    An example command is as follows:

    nova volume-attach f6959ab0-7e3d-4efe-94f0-f48f9f4dc176 d3a60e1a-3922-4821-883c-a7b8a19e0856 /dev/sdb

    Figure 12 Attaching a data disk
    
12. Bind an EIP.
    • URI

      PUT /v1/{$tenant_id}/publicips/{EIPid}

    • Example request

      curl -i -k -H 'Accept:application/json;charset=utf8' -H 'Content-Type:application/json' -H 'X-Auth-Token:$TOKEN' -d '{"publicip":{"port_id":"eaf85b32-9912-4630-a9db-ab2d9b7c18b4"}}' -X PUT https://46.29.103.37:443/v1/{$tenant_id}/publicips/ce6699ba-5f0f-4963-a03e-c6277a9fdaf9
    • Example response
      Figure 13 Binding an EIP