Update default region of huaweicloud provider to ap-southeast-3

1. "ap-southeast-3" region is in Singapore, we can use more stable and speed networking access to some resources. 2. Update server flavor and image to match the region. 3. Allocate and attach EIP to head node 4. Add workspace security group egress rule 5. Add workspace subnet DNS option 6. Add configurable workspace bandwidth option for EIP and NAT Related-with: oap-project#1011
kiwik · Mar 27, 2023 · 527fe9b · 527fe9b
1 parent 8986665
commit 527fe9b
Show file tree

Hide file tree

Showing 15 changed files with 74 additions and 35 deletions.
diff --git a/example/cluster/huaweicloud/example-obs.yaml b/example/cluster/huaweicloud/example-obs.yaml
@@ -10,7 +10,7 @@ workspace_name: example-workspace
 # Cloud-provider specific configuration.
 provider:
     type: huaweicloud
-    region: cn-east-2
+    region: ap-southeast-3
     use_managed_cloud_storage: False
     storage:
         # OBS configurations for storage

diff --git a/example/cluster/huaweicloud/example-standard.yaml b/example/cluster/huaweicloud/example-standard.yaml
@@ -10,10 +10,10 @@ workspace_name: example-workspace
 # Cloud-provider specific configuration.
 provider:
     type: huaweicloud
-    region: cn-east-2
+    region: ap-southeast-3
 
 auth:
-    ssh_user: ubuntu
+    ssh_user: root
     # Set proxy if you are in corporation network. For example,
     # ssh_proxy_command: "ncat --proxy-type socks5 --proxy your_proxy_host:your_proxy_port %h %p"
 

diff --git a/example/cluster/huaweicloud/example-workspace.yaml b/example/cluster/huaweicloud/example-workspace.yaml
@@ -4,7 +4,7 @@ workspace_name: example-workspace
 # Cloud-provider specific configuration.
 provider:
     type: huaweicloud
-    region: cn-east-2
+    region: ap-southeast-3
     # Use allowed_ssh_sources to allow SSH access from your client machine
     allowed_ssh_sources:
       - 0.0.0.0/0
diff --git a/python/cloudtik/providers/_private/huaweicloud/config.py b/python/cloudtik/providers/_private/huaweicloud/config.py
@@ -8,7 +8,8 @@
 
 import requests
 from huaweicloudsdkcore.exceptions.exceptions import ServiceResponseException
-from huaweicloudsdkecs.v2 import ListFlavorsRequest, ListServersDetailsRequest, \
+from huaweicloudsdkecs.v2 import ListFlavorsRequest, \
+    ListServersDetailsRequest, \
     NovaCreateKeypairOption, \
     NovaCreateKeypairRequest, \
     NovaCreateKeypairRequestBody, \
@@ -69,7 +70,8 @@
     _make_ecs_client, _make_obs_client, \
     _make_vpc_client, export_huaweicloud_obs_storage_config, flat_tags_map, \
     get_huaweicloud_cloud_storage_uri, get_huaweicloud_obs_storage_config, \
-    get_huaweicloud_obs_storage_config_for_update, HWC_OBS_BUCKET, \
+    get_huaweicloud_obs_storage_config_for_update, \
+    get_huaweicloud_workspace_bandwidth_conf, HWC_OBS_BUCKET, \
     HWC_SERVER_STATUS_ACTIVE, make_ecs_client, \
     make_eip_client, \
     make_iam_client, \
@@ -442,6 +444,15 @@ def _update_security_group_rules(config, sg, vpc, vpc_client):
                                               protocol='tcp',
                                               remote_ip_prefix=vpc.cidr)))
     )
+    # Create egress rule
+    vpc_client.create_security_group_rule(
+        CreateSecurityGroupRuleRequest(
+            CreateSecurityGroupRuleRequestBody(
+                CreateSecurityGroupRuleOption(sg.id,
+                                              direction='egress',
+                                              remote_ip_prefix='0.0.0.0/0')))
+    )
+
     # Create peering vpc rule
     if is_use_peering_vpc(config) and \
             is_peering_firewall_allow_working_subnet(config):
@@ -518,13 +529,14 @@ def _check_and_create_eip(config, workspace_name):
     eip_client = make_eip_client(config) \
 
     cli_logger.print("Creating elastic IP: {}...", _eip_name)
+    bandwidth = get_huaweicloud_workspace_bandwidth_conf()
     eip = eip_client.create_publicip(
         CreatePublicipRequest(
             CreatePublicipRequestBody(
                 # Dedicated bandwidth 5 Mbit
                 bandwidth=CreatePublicipBandwidthOption(name=_bw_name,
                                                         share_type='PER',
-                                                        size=5),
+                                                        size=bandwidth),
                 publicip=CreatePublicipOption(type='5_bgp',
                                               alias=_eip_name)))
     ).publicip
@@ -633,6 +645,8 @@ def _check_and_create_subnets(vpc, vpc_client, workspace_name):
                         CreateSubnetRequestBody(
                             CreateSubnetOption(name=subnet_name,
                                                cidr=_cidr,
+                                               primary_dns='114.114.114.114',
+                                               secondary_dns='8.8.8.8',
                                                gateway_ip=_gateway_ip,
                                                vpc_id=vpc.id)))
                 ).subnet
@@ -1467,6 +1481,7 @@ def _configure_subnet_from_workspace(config):
                 node_config["nics"] = private_subnet_ids
             else:
                 node_config["nics"] = public_subnet_ids
+                node_config["publicip"] = True
         # worker nodes
         else:
             node_config["nics"] = private_subnet_ids

diff --git a/python/cloudtik/providers/_private/huaweicloud/node_provider.py b/python/cloudtik/providers/_private/huaweicloud/node_provider.py
@@ -8,9 +8,10 @@
     CreatePostPaidServersRequestBody, DeleteServersRequest, \
     DeleteServersRequestBody, \
     ListServersDetailsRequest, \
-    PostPaidServer, PostPaidServerDataVolume, PostPaidServerExtendParam, \
+    PostPaidServer, PostPaidServerDataVolume, PostPaidServerEip, \
+    PostPaidServerEipBandwidth, PostPaidServerExtendParam, \
     PostPaidServerNic, \
-    PostPaidServerRootVolume, \
+    PostPaidServerPublicip, PostPaidServerRootVolume, \
     PostPaidServerSecurityGroup, PostPaidServerTag, ServerId, ServerTag
 
 from cloudtik.core._private.cli_logger import cli_logger
@@ -23,7 +24,8 @@
 from cloudtik.providers._private.huaweicloud.utils import _get_node_info, \
     _get_node_private_and_public_ip, _make_ecs_client, \
     flat_tags_map, get_default_huaweicloud_cloud_storage, \
-    get_huaweicloud_obs_storage_config, HWC_SERVER_STATUS_ACTIVE, \
+    get_huaweicloud_obs_storage_config, \
+    get_huaweicloud_workspace_bandwidth_conf, HWC_SERVER_STATUS_ACTIVE, \
     HWC_SERVER_STATUS_NON_TERMINATED, HWC_SERVER_TAG_STR_FORMAT, \
     tags_list_to_dict
 from cloudtik.providers._private.utils import validate_config_dict
@@ -157,6 +159,17 @@ def create_node(self, node_config: Dict[str, Any], tags: Dict[str, str],
         nics = _node_config.pop('nics')
         _node_config['nics'] = [PostPaidServerNic(subnet_id=nic['subnet_id'])
                                 for nic in nics]
+        publicip = _node_config.pop('publicip')
+        if publicip:
+            bandwidth = get_huaweicloud_workspace_bandwidth_conf()
+            _node_config['publicip'] = PostPaidServerPublicip(
+                eip=PostPaidServerEip(
+                    iptype='5_bgp',
+                    bandwidth=PostPaidServerEipBandwidth(sharetype='PER',
+                                                         size=bandwidth)
+                ),
+                delete_on_termination=True
+            )
         sgs = _node_config.pop('security_groups')
         _node_config['security_groups'] = [
             PostPaidServerSecurityGroup(id=sg['id']) for sg in sgs]
@@ -236,12 +249,18 @@ def node_tags(self, node_id: str) -> Dict[str, str]:
 
     def external_ip(self, node_id: str) -> str:
         node = self._get_cached_node(node_id)
-        private_ip, public_ip = _get_node_private_and_public_ip(node)
+        _, public_ip = _get_node_private_and_public_ip(node)
+        if not public_ip:
+            node = self._get_node(node_id)
+            _, public_ip = _get_node_private_and_public_ip(node)
         return public_ip
 
     def internal_ip(self, node_id: str) -> str:
         node = self._get_cached_node(node_id)
-        private_ip, public_ip = _get_node_private_and_public_ip(node)
+        private_ip, _ = _get_node_private_and_public_ip(node)
+        if not private_ip:
+            node = self._get_node(node_id)
+            private_ip, _ = _get_node_private_and_public_ip(node)
         return private_ip
 
     def terminate_node(self, node_id: str) -> Optional[Dict[str, Any]]:

diff --git a/python/cloudtik/providers/_private/huaweicloud/utils.py b/python/cloudtik/providers/_private/huaweicloud/utils.py
@@ -1,7 +1,7 @@
 import logging
+import os
 from functools import lru_cache
 from typing import Any, Dict, List
-import os
 
 from huaweicloudsdkcore.auth.credentials import BasicCredentials, \
     GlobalCredentials
@@ -19,10 +19,10 @@
 from obs import ObsClient
 
 from cloudtik.core._private.constants import \
-    CLOUDTIK_DEFAULT_CLOUD_STORAGE_URI, env_bool
+    CLOUDTIK_DEFAULT_CLOUD_STORAGE_URI, env_bool, env_integer
 from cloudtik.core._private.utils import get_storage_config_for_update
 
-OBS_SERVICES_URL = 'https://obs.myhuaweicloud.com'
+OBS_SERVICES_URL = 'https://obs.{location}.myhuaweicloud.com'
 HWC_OBS_BUCKET = "obs.bucket"
 HWC_SERVER_TAG_STR_FORMAT = '{}={}'
 HWC_SERVER_STATUS_ACTIVE = 'ACTIVE'
@@ -93,15 +93,16 @@ def _client_cache(region: str = None, ak: str = None, sk: str = None) -> Dict[
             import certifi
             _ssl_verify = certifi.where()
 
+    _server = OBS_SERVICES_URL.format(location=region)
     if ak and sk:
         obs_client = ObsClient(access_key_id=ak, secret_access_key=sk,
-                               server=OBS_SERVICES_URL, ssl_verify=_ssl_verify,
+                               server=_server, ssl_verify=_ssl_verify,
                                region=region)
     else:
         # Enable OBSClient (ENV, ECS) security provider policy chain, see
         # https://support.huaweicloud.com/sdk-python-devg-obs/obs_22_0601.html
         obs_client = ObsClient(security_provider_policy='OBS_DEFAULT',
-                               server=OBS_SERVICES_URL, ssl_verify=_ssl_verify,
+                               server=_server, ssl_verify=_ssl_verify,
                                region=region)
     client_map['obs'] = obs_client
 
@@ -237,6 +238,10 @@ def get_default_huaweicloud_cloud_storage(provider_config):
     return cloud_storage_info
 
 
+def get_huaweicloud_workspace_bandwidth_conf():
+    return env_integer('HWC_WORKSPACE_BANDWIDTH', 10)
+
+
 def flat_tags_map(tags: Dict[str, str]) -> str:
     return ','.join(
         HWC_SERVER_TAG_STR_FORMAT.format(k, v) for k, v in tags.items())
@@ -251,7 +256,7 @@ def tags_list_to_dict(tags: list) -> Dict[str, str]:
 
 
 def _get_node_private_and_public_ip(node) -> List[str]:
-    private_ip = public_ip = ''
+    private_ip = public_ip = None
     for _, addrs in node.addresses.items():
         for addr in addrs:
             if addr.os_ext_ip_stype == 'fixed' and not private_ip:

diff --git a/python/cloudtik/providers/huaweicloud/defaults.yaml b/python/cloudtik/providers/huaweicloud/defaults.yaml
@@ -4,13 +4,13 @@ from: defaults
 # Cloud-provider specific configuration.
 provider:
     type: huaweicloud
-    region: cn-east-2
+    region: ap-southeast-3
     # Whether to use managed cloud storage of workspace.
     use_managed_cloud_storage: True
 
 # How we will authenticate with newly launched nodes.
 auth:
-    ssh_user: ubuntu
+    ssh_user: root
 # By default, we create a new private keypair, but you can also use your own.
 # If you do so, make sure to also set "KeyName" in the head and worker node
 # configurations below.
@@ -26,8 +26,8 @@ available_node_types:
         resources: {}
         # Provider-specific config for this node type, e.g. instance flavor.
         node_config:
-            image_ref: d4f60377-bb01-4a27-b119-c6de54fd4042
-            flavor_ref: ai1.xlarge.4
+            image_ref: 019b09ea-b960-46cd-abd8-306529e5eaa0
+            flavor_ref: ai1s.xlarge.4
             # key_name: key_pair_name
             root_volume:
                 volumetype: SSD
@@ -41,8 +41,8 @@ available_node_types:
         resources: {}
         # Provider-specific config for this node type, e.g. instance flavor.
         node_config:
-            image_ref: d4f60377-bb01-4a27-b119-c6de54fd4042
-            flavor_ref: ai1.xlarge.4
+            image_ref: 019b09ea-b960-46cd-abd8-306529e5eaa0
+            flavor_ref: ai1s.xlarge.4
             # key_name: key_pair_name
             root_volume:
                 volumetype: SSD

diff --git a/python/cloudtik/providers/huaweicloud/workspace-defaults.yaml b/python/cloudtik/providers/huaweicloud/workspace-defaults.yaml
@@ -4,7 +4,7 @@ from: workspace-defaults
 # Cloud-provider specific configuration.
 provider:
     type: huaweicloud
-    region: cn-east-2
+    region: ap-southeast-3
     # Decide whether to require public IP for head node.
     # When setting to False, Head node will require a public IP.
     # Default to False

diff --git a/python/cloudtik/templates/huaweicloud/large.yaml b/python/cloudtik/templates/huaweicloud/large.yaml
@@ -6,7 +6,7 @@ provider:
 available_node_types:
     head.default:
         node_config:
-            flavor_ref: ai1.4xlarge.4
+            flavor_ref: ai1s.4xlarge.4
             root_volume:
                 volumetype: SSD
                 size: 100

diff --git a/python/cloudtik/templates/huaweicloud/medium.yaml b/python/cloudtik/templates/huaweicloud/medium.yaml
@@ -6,13 +6,13 @@ provider:
 available_node_types:
     head.default:
         node_config:
-            flavor_ref: ai1.4xlarge.4
+            flavor_ref: ai1s.4xlarge.4
             root_volume:
                 volumetype: SSD
                 size: 100
     worker.default:
         node_config:
-            flavor_ref: ai1.8xlarge.4
+            flavor_ref: ai1s.8xlarge.4
             root_volume:
                 volumetype: SSD
                 size: 100

diff --git a/python/cloudtik/templates/huaweicloud/small-highmem.yaml b/python/cloudtik/templates/huaweicloud/small-highmem.yaml
@@ -8,4 +8,4 @@ provider:
 available_node_types:
     worker.default:
         node_config:
-            flavor_ref: m6.xlarge.8
+            flavor_ref: ai1s.2xlarge.4
diff --git a/python/cloudtik/templates/huaweicloud/small.yaml b/python/cloudtik/templates/huaweicloud/small.yaml
@@ -6,13 +6,13 @@ provider:
 available_node_types:
     head.default:
         node_config:
-            flavor_ref: ai1.xlarge.4
+            flavor_ref: ai1s.xlarge.4
             root_volume:
                 volumetype: SSD
                 size: 100
     worker.default:
         node_config:
-            flavor_ref: ai1.xlarge.4
+            flavor_ref: ai1s.xlarge.4
             root_volume:
                 volumetype: ESSD
                 size: 200
diff --git a/python/cloudtik/templates/huaweicloud/standard-highmem.yaml b/python/cloudtik/templates/huaweicloud/standard-highmem.yaml
@@ -8,4 +8,4 @@ provider:
 available_node_types:
     worker.default:
         node_config:
-            flavor_ref: m6.2xlarge.8
+            flavor_ref: ai1s.4xlarge.4
diff --git a/python/cloudtik/templates/huaweicloud/standard.yaml b/python/cloudtik/templates/huaweicloud/standard.yaml
@@ -6,13 +6,13 @@ provider:
 available_node_types:
     head.default:
         node_config:
-            flavor_ref: ai1.2xlarge.4
+            flavor_ref: ai1s.2xlarge.4
             root_volume:
                 volumetype: SSD
                 size: 100
     worker.default:
         node_config:
-            flavor_ref: ai1.2xlarge.4
+            flavor_ref: ai1s.2xlarge.4
             root_volume:
                 volumetype: SSD
                 size: 100

diff --git a/python/cloudtik/templates/huaweicloud/very-large.yaml b/python/cloudtik/templates/huaweicloud/very-large.yaml
@@ -6,7 +6,7 @@ provider:
 available_node_types:
     head.default:
         node_config:
-            flavor_ref: ai1.4xlarge.4
+            flavor_ref: ai1s.4xlarge.4
             root_volume:
                 volumetype: SSD
                 size: 100