epam cloud orchestrator - maestro cli user guide · maestro cli user guide user guide march 2018...

Legal Notice: This document contains privileged and/or confidential information and may not be disclosed, distributed or

reproduced without the prior written permission of EPAM®.

EPAM Cloud Orchestrator

MAESTRO CLI USER GUIDE

User Guide

May 2018

CSUG-2

Version 19.6.23

EPAM Cloud Orchestrator - Maestro CLI User Guide

2 EPAM PUBLIC

CONTENTS

Preface .................................................................................................................................. 11

About this Guide ............................................................................................................ 11

Audience ........................................................................................................................ 11

The structure of the Guide ............................................................................................. 11

Documentation References ........................................................................................... 12

1 Getting Started ............................................................................................................... 13

1.1 Installing Maestro CLI ....................................................................................... 13

1.2 Getting Maestro CLI Help ................................................................................. 13

1.3 Setting the Credentials...................................................................................... 15

1.4 Checking the Maestro CLI Client Version ......................................................... 17

1.5 Maestro CLI Info ............................................................................................... 18

1.6 Updating the Maestro CLI Client ....................................................................... 20

1.7 Describe Projects .............................................................................................. 21

1.8 Describe Regions .............................................................................................. 22

2 Working With Instances ................................................................................................. 24

2.1 Determining Available Images .......................................................................... 24

2.2 Determining Available Shapes .......................................................................... 26

2.3 Running Instances ............................................................................................ 27

2.4 Stop (Pause) Instances..................................................................................... 30

2.5 Start (Resume) Instances ................................................................................. 31

2.6 Reboot Instances .............................................................................................. 33

2.7 Terminate Instances ......................................................................................... 34

2.8 Lock Instance Termination ................................................................................ 35

2.9 Describe Existing Instances .............................................................................. 36

2.10 Changing Instance Shape ................................................................................ 38

2.11 Changing Instance Owner ................................................................................ 39

2.12 View Pool State ................................................................................................. 40

2.13 Describe VLANs ................................................................................................ 41

2.14 Move Instance to VLAN .................................................................................... 42


3 EPAM PUBLIC

3 Scheduling Instance Activities ....................................................................................... 43

3.1 Create Schedule ............................................................................................... 43

3.2 Describe Schedules .......................................................................................... 45

3.3 Add Instance to Schedule ................................................................................. 46

3.4 Remove Instance from Schedule ...................................................................... 47

3.5 Delete Schedule ................................................................................................ 48

3.6 Cron Reference ................................................................................................. 49

4 Instance Properties ........................................................................................................ 51

4.1 Set Instance Properties..................................................................................... 51

4.2 Describe Instance Properties ............................................................................ 53

4.3 Delete Instance Properties ............................................................................... 54

5 Creating Images ............................................................................................................ 55

5.1 Create an Image ............................................................................................... 55

5.2 Delete Image ..................................................................................................... 57

5.3 Preparing Instances for Image Creation ........................................................... 58

5.3.1 Windows OS Family .................................................................................. 58

5.3.2 Linux OS Family ........................................................................................ 62

6 Security and Connection ............................................................................................... 64

6.1 Create Key Pair ................................................................................................. 64

6.2 Import Key Pair ................................................................................................. 66

6.3 Describe Key Pairs ........................................................................................... 68

6.4 Delete Key Pair ................................................................................................. 69

6.5 Console ............................................................................................................. 70

6.6 Accessing AWS Management Console ............................................................ 72

6.7 IAM User Management ..................................................................................... 73

6.8 Accessing Azure Management Console ........................................................... 74

6.9 Accessing Google Management Console......................................................... 75

6.10 Decrypting Instance password .......................................................................... 76

6.11 Allocating a Static IP for a Project .................................................................... 77

6.12 Assign a Static IP to a VM ................................................................................ 78

6.13 Describe Static IPs ............................................................................................ 79

6.14 Disassociate a Static IP from a VM .................................................................. 80


4 EPAM PUBLIC

6.15 Release a Static IP ........................................................................................... 81

7 Working with Volumes ................................................................................................... 82

7.1 Create and Attach Volume ................................................................................ 82

7.2 Attach Volume ................................................................................................... 84

7.3 Detach Volume ................................................................................................. 85

7.4 Resize Volumes ................................................................................................ 86

7.5 Describe Volumes ............................................................................................. 87

7.6 Delete Volume .................................................................................................. 89

7.7 Finding the Device Parameter .......................................................................... 90

7.8 Mounting Storage Volumes .............................................................................. 91

7.8.1 Windows OS family ................................................................................... 91

7.8.2 Linux OS Family ........................................................................................ 92

8 Working with Checkpoints ............................................................................................. 93

8.1 Create Instance Checkpoint ............................................................................. 94

8.2 Describe Instance Checkpoints ........................................................................ 95

8.3 Go to Instance Checkpoint ............................................................................... 96

8.4 Revert to Instance Checkpoint .......................................................................... 97

8.5 Delete Instance Checkpoint .............................................................................. 98

9 Working with Hardware Servers .................................................................................... 99

9.1 Hardware Server Registration .......................................................................... 99

9.2 Hardware Server Unregistration ..................................................................... 101

9.3 Hardware Server Modification ........................................................................ 101

9.4 Hardware Report ............................................................................................. 104

10 Audit and Billing ........................................................................................................... 105

10.1 Project Report ................................................................................................. 106

10.2 Get Prices ....................................................................................................... 108

10.3 Instance Audit ................................................................................................. 111

10.4 Working with EO Accounts ............................................................................. 113

11 Using Tags ................................................................................................................... 115

11.1 Set Tag ........................................................................................................... 115

11.2 Describe Tag ................................................................................................... 117

11.3 Delete Tag ...................................................................................................... 118


5 EPAM PUBLIC

12 Working with Files ........................................................................................................ 119

12.1 Upload a New File ........................................................................................... 119

12.2 Delete a File .................................................................................................... 121

12.3 Describe Files ................................................................................................. 122

13 Security Scanning ........................................................................................................ 123

13.1 Starting Security Scan .................................................................................... 123

13.2 Describing Nessus Templates ........................................................................ 124

14 Automating Infrastructure Manipulation ....................................................................... 125

14.1 Amazon Cloud Formation ............................................................................... 125

14.1.1 Run AWS Stack ...................................................................................... 125

14.1.2 Describe AWS Stacks ............................................................................. 127

14.1.3 Describe AWS Stack Events ................................................................... 128

14.1.4 Describe AWS Stack Resources ............................................................ 129

14.1.5 Delete AWS Stack ................................................................................... 131

14.2 Maestro Stacks ............................................................................................... 132

14.2.1 Describe Maestro Stacks ........................................................................ 132

14.2.2 Run Maestro Stack .................................................................................. 133

14.2.3 Delete Maestro Stack .............................................................................. 135

14.2.4 Describe Stack Resources ...................................................................... 136

14.2.5 Validate Maestro Stack Template ........................................................... 137

14.2.6 Convert Maestro Stack Template ........................................................... 138

15 Services ....................................................................................................................... 139

15.1 Services Manipulation ..................................................................................... 140

15.1.1 Starting a Service .................................................................................... 140

15.1.2 Describing Project Services .................................................................... 142

15.1.3 Monitoring the Services ........................................................................... 144

15.2 Chef Server Service ........................................................................................ 145

15.2.1 Set Chef Mode ........................................................................................ 146

15.2.2 Disabling Auto Configuration for Specific OS ......................................... 147

15.2.3 Retrieving Chef Information .................................................................... 147

15.2.4 Collecting Info on Chef Clients ................................................................ 148

15.3 Zabbix Monitoring Service .............................................................................. 149


6 EPAM PUBLIC


15.3.2 Service Info ............................................................................................. 150

15.3.3 Start Monitoring an Instance ................................................................... 151

15.3.4 Stop Monitoring an Instance ................................................................... 152

15.3.5 Viewing Zabbix Data ............................................................................... 153

15.4 Telemetry as a Service ................................................................................... 155


15.4.2 Adding an Instance to Telemetry ............................................................ 156

15.4.3 Stop Collecting Telemetry from the Instance .......................................... 157

15.4.4 Describe Telemetry Agents ..................................................................... 158

15.4.5 Get Telemetry ......................................................................................... 159

15.5 Log Aggregation Service ................................................................................ 160


15.5.2 Log Service Info ...................................................................................... 160

15.5.3 Start Collecting Logs from an Instance ................................................... 161

15.5.4 Stop Collecting Logs from an Instance ................................................... 162

15.5.5 Viewing the Collected Logs ..................................................................... 162

15.6 Load Balancing Service .................................................................................. 163

15.6.1 Starting and Managing the Service ......................................................... 163

15.6.2 Load Balancer Configuration................................................................... 163

15.6.3 Configure Balancing ................................................................................ 165

15.6.4 Configure Limits ...................................................................................... 165

15.6.5 Configure Bans ....................................................................................... 166

15.6.6 Configure Cache ..................................................................................... 167

15.6.7 Describe Load Balancer Members .......................................................... 168

15.7 FTP to AWS S3 Service.................................................................................. 169

15.7.1 Service Activation .................................................................................... 169

15.7.2 S3 Buckets Management ........................................................................ 169

15.7.3 Providing Access to Users ...................................................................... 170

15.8 OpenShift as a Service ................................................................................... 171


15.8.2 OpenShift Configuration .......................................................................... 171


7 EPAM PUBLIC

15.9 Docker Service ................................................................................................ 172

15.9.1 Starting the Service ................................................................................. 173

15.9.2 Docker Container Images ....................................................................... 173

15.9.3 Manipulating Containers ......................................................................... 176

15.9.4 Manipulating Volumes ............................................................................. 178

15.9.5 Creating a Docker Registry ..................................................................... 180

15.9.6 Manipulating Registry Images ................................................................. 180

15.9.7 Docker Service Info ................................................................................. 182

15.10 Kubernetes as a Service ................................................................................. 184

15.10.1 Starting the Kubernetes Service ............................................................. 184

15.10.2 Kubernetes Info ....................................................................................... 184

15.10.3 Kubernetes Pods Management .............................................................. 185

15.10.4 Kubernetes Namespaces Management .................................................. 186

15.10.5 Kubernetes Services Management ......................................................... 187

15.10.6 Kubernetes Replication Controllers Management .................................. 188

15.10.7 Kubernetes Nodes Management ............................................................ 188

15.10.8 Using the Service .................................................................................... 189

15.11 Hadoop Data Platform Service ....................................................................... 190

15.11.1 Starting the service ................................................................................. 190

15.11.2 Retrieving Hadoop Information ............................................................... 191

15.11.3 Manipulating Slaves and Clients ............................................................. 192

15.11.4 Running Jobs .......................................................................................... 193

15.12 Ambari as a Service ........................................................................................ 194


15.12.2 Setting up the Ambari Cluster ................................................................. 195

15.12.3 Retrieving Information on Ambari Resources ......................................... 196

15.13 Splunk as a Service ........................................................................................ 197

15.13.1 Service Architecture ................................................................................ 197


15.13.3 Splunk Proxy ........................................................................................... 198

15.13.4 Retrieving Splunk Information ................................................................. 199

15.14 Jenkins as a Service ....................................................................................... 200


8 EPAM PUBLIC


15.14.2 Creating a Jenkins Job ............................................................................ 201

15.14.3 Jenkins Plugins Management ................................................................. 202

15.14.4 Describing Existing Jenkins Jobs ............................................................ 204

15.14.5 Triggering a Jenkins Job ......................................................................... 205

15.14.6 Removing a Jenkins Job ......................................................................... 206

15.14.7 Configuration File Example ..................................................................... 207

15.15 Sonar as a Service .......................................................................................... 208


15.15.2 Service Manipulation ............................................................................... 208

15.15.3 Sonar Quality Profiles ............................................................................. 209

15.15.4 Sonar Rules ............................................................................................ 210

15.16 Artifactory as a Service ................................................................................... 212



15.17 Adobe AEM Service ........................................................................................ 214

15.18 Sitecore as a Service ...................................................................................... 216


15.18.2 Single Mode ............................................................................................ 216

15.18.3 Large Mode ............................................................................................. 217

14.18 Relational Database Service .......................................................................... 221

15.20 Hybris as a Service ......................................................................................... 223



15.21 Magento as a Service ..................................................................................... 226



15.22 ATG as a Service ............................................................................................ 227




15.23 Messaging as a Service .................................................................................. 229


9 EPAM PUBLIC


15.23.2 Getting Tokens ........................................................................................ 229

15.23.3 Queues Manipulation .............................................................................. 230

15.23.4 Messages Manipulation .......................................................................... 231

16 Ansible Usage .............................................................................................................. 232

16.1 Initializing Environment ................................................................................... 232

16.2 Ansbile Hosts .................................................................................................. 233

16.3 Ansible Groups ............................................................................................... 234

16.4 Ansible Group Properties ................................................................................ 235

16.5 Ansible Dynamic Inventory ............................................................................. 236

17 Troubleshooting ........................................................................................................... 237

Annex A - User Permissions ............................................................................................... 238

User Groups ................................................................................................................ 238

Default Project Roles ................................................................................................... 241

Annex B – Client Versioning ................................................................................................ 243

Annex C – Instance Types and Their Shapes ..................................................................... 244

Annex D – Service Locations .............................................................................................. 245

EPAM Infrastructure .................................................................................................... 245

AWS Cloud Formation Regions ................................................................................... 248

Azure Regions ............................................................................................................. 250

Google Cloud Regions ................................................................................................ 251

Annex E – Logging in to Instances ...................................................................................... 252

Windows ...................................................................................................................... 252

Linux 252

AWS – Windows .......................................................................................................... 252

Azure 254

Google Cloud Regions: ............................................................................................... 255

Hardware MacOs ......................................................................................................... 256

Virtual MacOs .............................................................................................................. 256

Annex F – Maestro CLI Commands List ............................................................................. 258

Annex G – PaaS Guest Operating Systems ....................................................................... 261

Table of Figures................................................................................................................... 262


10 EPAM PUBLIC

Version history ..................................................................................................................... 268


11 EPAM PUBLIC

PREFACE

ABOUT THIS GUIDE

Maestro Command Line Interface (CLI) is intended to perform basic Orchestrator

commands via remote command line by sending server API requests using REST API without

the need to install 3rd party utilities. Maestro CLI commands are based on respective

commands for Amazon AWS. We picked a minimum required set of parameters for each

command. This way we were able to uniform the commands for different service providers.

This document provides detailed reference, including purpose, use case and syntax for each

of Maestro CLI commands.

The document is being constantly modified and updated. Please, feel free to contact us if

any questions or issues appear.

AUDIENCE

This guide is designed for EPAM Cloud users who create, manage and monitor their virtual

infrastructure using Maestro CLI.

THE STRUCTURE OF THE GUIDE

• Getting Started section gives the instructions on how to start working with Maestro

CLI, set credentials and see the regions and projects available for the user.

• Working With Instances section lists the commands dealing with the instance

manipulation and info.

• Scheduling Instance Activities section provides the commands to set up and

manipulate cron schedules

• Instance Properties section lists the commands dealing with instance properties

• Creating Images section gives image-related commands and the instructions on

preparing an instance for image creation.

• Security and Connection section describes keys and console commands

• Working with Volumes section lists the volume-related command and gives

instructions on volumes mounting and usage.

• Working with Checkpoints section lists checkpoint-related commands and tips.

• Audit and Billing section gives report, prices and audit-related commands.

• Using Tags section lists the tag-related commands

• Working with Files section lists files manipulation commands

• Automating Infrastructure Manipulation section gives the commands and

recommendations on working with Amazon Cloud Formation and Maestro Stacks.

• Services section gives the detailed instructions on working with the services

manipulated via Maestro CLI.

mailto:[email protected]


EPAM PUBLIC 12

DOCUMENTATION REFERENCES

EPAM Orchestration is described in details in a number of documents, oriented on different aspects of

Orchestration usage, and on different types of users.

You can find these documents on our Documentation page.

The answers to the most frequently asked questions can be found on the FAQ page.

EPAM Cloud terms and conditions are described in the EPAM Cloud Terms and Conditions. Please

take a look at this document in order to avoid misunderstandings and conflicts that may arise during the

service usage.

The terminology of EPAM Cloud and the related products can be found on the Glossary page.

Please email your comments and feedback to EPAM Cloud Consulting at

[email protected] to help us provide you with documentation that is as clear,

correct and readable as possible.

https://cloud.epam.com/site/learn/documentation

https://cloud.epam.com/site/learn/f=a=q

https://cloud.epam.com/site/about/terms_and_agreements/EPC_Policy.pdf

https://cloud.epam.com/site/learn/glossary


https://kb.epam.com/display/EPMCITFAQ/Documentation


EPAM PUBLIC 13

1 GETTING STARTED

This section provides you with the basic information on Maestro CLI installation and the basic commands

that allow you to get acquainted with the Orchestrator.

1.1 INSTALLING MAESTRO CLI

Maestro Command Line Interface (CLI) is a tool for performing Orchestrator commands via remote

command line. It can be easily installed and run by following the steps given below:

• Make sure you have Java Runtime Environment (JRE) installed (Java Developer’s Kit (JDK)

ver. 1.8). You can download the latest version of JRE/JDK from the official Oracle website.

• Having installed Java, make sure JAVA_HOME system variable points to JDK installation

folder, while Path contains a link to 'bin' folder of JDK.

• Download maestro-cli.zip archive.

• Unpack the archive. The target folder should not contain spaces. As a result, you will get a

'maestro-cli' folder containing two subfolders.

• Run Maestro CLI:

• For Windows: Run windows-console.cmd in ‘maestro-cli’ folder

• For Linux: go to the ‘maestro-cli/bin’ folder, where you will be able to select any of the available

scripts to run.

You can find a detailed guide on Maestro CLI installation and the full list of the necessary

Prerequisites in Maestro CLI Quick Start Guide.

1.2 GETTING MAESTRO CLI HELP

Maestro CLI needs precise specification of command parameters and their values.

Typically, users remember the most frequently used commands and parameters, and need to reference

documentation to clarify the details.

Maestro CLI provides a set of its own assistance facilities that allow to simplify the tool usage and

minimize the need to use additional resources:

• or2help command allows to see the list of all commands available in cloud or, when used with

the --region parameter, in a specified virtualization region. Additionally, the command can

contain the --project parameter to retrieve the list of commands available for the requesting

user in the specified project.

By default, the commands in the response go alphabetically with brief descriptions. In case you

need the commands with detailed parameters info, you can use the –full flag. For example:

or2help –r AWS-USEAST [--full]

• Automatic help: In case you miss a parameter at command run, or the given parameter or

parameter value is incorrect, Maestro CLI will inform you on the issue and provide with the list

of command parameters.

For example, the following command:

http://www.oracle.com/technetwork/java/javase/downloads/index.html

https://orchestration.epam.com/site/learn/quick_start/maestro-cli.zip

https://cloud.epam.com/site/develop/maestro_c=l=i/ciug_1_cli_setup.pdf


EPAM PUBLIC 14

Figure 1 - or2help Command Output

or2chow –p DEMOPRO

where not all necessary parameters are given, will result in the following output:

Figure 2 - Command help for incorrect parameters input

• Usage examples and related commands. You can get a full reference on a command,

including usage examples, parameters, and related commands, by calling the necessary

command with the --help parameter, for example:

or2dim --help


EPAM PUBLIC 15

The command response will include the following elements:

Figure 3 - Command response with --help option

Where:

1. Command description

2. The most typical examples of the command’s usage

3. The list of the commands, related to the target one, with examples

4. The list of parameters

1.3 SETTING THE CREDENTIALS

Running commands using Maestro CLI requires provision of user credentials.

The first thing you should do after going through installation is execute the or2access command and

enter your credentials when prompted.

Invoke: or2-get-access (or2access)

The command registers user domain credentials within Orchestrator and creates a ‘default.cr’ file.

When launched, it prompts to provide EPAM domain credentials (with or without ‘@epam.com’

respectively.) Specified credentials are checked for validity on Orchestrator side and a list of projects,

available to the user, is drawn and stored in local Orchestrator storage.

Passwords are never stored openly either on Orchestrator, or on Maestro CLI client side.

Currently, user credentials are cached by the or2access command to the %Maestro_CLI%/lib/default.cr

file. Thus, it is important to keep the %Maestro_CLI% in the directory that cannot be accessed from

outside.

We recommend to install Maestro CLI to your home directory (C:\Users\<your_name>).

The Company security policy implies changing user passwords every three months. Please, run the

or2access command again, specifying your new password each time you have it changed.


EPAM PUBLIC 16

Orchestrator allows Project Managers and Coordinators to customize user permissions in order to avoid

any unwanted actions from specific project members and keep a better track of project infrastructure.

Each project member is given access to a certain set of actions, depending on their current project role.

We have created a generic project role mapping matrix, which is used by default and gives you

something to start with. You can find it in Annex A.

Unlike most of commands, this one is performed on the Orchestrator level and does not use any

Virtualization Service Providers. You do not need to specify the -r and -p parameters to run it.

CLI Parameters

Parameter name Description Required

--force Force user update No

--full Show full command output instead of default basic one No

-P, --plain-output Use plain output instead of default table output No

--json Show command output in json format No

-s, --system Use system credentials. Uses domain credentials if not

specified. No

--help Display command help No

Response Elements

Name Description

Name User name

Pwd User password

Command Example

or2access

Response Example

Figure 4 - or2access Response Example

If you like to log in as another EPAM user, please run the or2access command again to overwrite

previously stored user credentials.


EPAM PUBLIC 17

1.4 CHECKING THE MAESTRO CLI CLIENT VERSION

Invoke: or2-check-version (or2check)

The command shows the version of Maestro CLI client currently installed on your machine. See Annex

B – Client Versioning for details.

Unlike most of CLI commands, this one requires no parameters to run.

CLI Parameters






Response Elements

Name Description

provided-cli-version Current version of Maestro CLI client installed on user machine

provided-api-version Current version of Maestro API installed on user machine

required-api-version Minimum version of Maestro API required to work with current

Orchestration framework

last-cli-version Latest available version of Maestro CLI

client-status Status of current client

Command Example

or2check

Response Example

Figure 5 - or2check Response Example


EPAM PUBLIC 18

1.5 MAESTRO CLI INFO

Invoke: or2-get-info (or2info)

This command allows obtaining information of Maestro CLI client configuration, the state of environment

variables as well as Freemarker FTL user templates utilized.

Unlike most of commands, this one is performed on the Maestro CLI Client level, does not require

connection to Orchestrator and does not use any Virtualization Service Providers. There are no required

parameters and execution result has no fixed elements.

CLI Parameters


-f, --file Use this parameter to send output to the specified file in the

‘/maestro-cli/out’ folder. No


The result of the ‘info’ command execution contains several sections:

• Current time – current GMT time on a client machine. This parameter is used when forming an

authorization key for each command and can be useful to determine reasons for failures.

• Parameter values within ‘cli-system.properties’. Users are unable to edit system parameters,

since ‘cli-system.properties’ is contained within ‘maestro-cli-full.jar’, while its contents are

crucial to determine reasons for command failures. One of the parameters within this file is

‘cli.version’, containing currently installed version of the CLI client.

• HTTP Client configuration values.

• Contents of the ‘default.cr’ file. In case this file contains a property password, it will not be

displayed for security concerns.

• Environment variable values, namely ‘ORCH_URL’, ‘MAESTRO_CLI_HOME’,

‘JAVA_HOME’.

• Contents of custom Freemarker Template, if defined as a value for the

‘custom.freemarker.template.file’ within ‘cli.properties’.

In case a parameter has no set value (e.g. ‘http.tcp.nodelay=’), it will not be included in the response

to the ‘or2info’ command execution.

Command Example

or2info


EPAM PUBLIC 19

Response Example

Figure 6 - or2info Response Example


EPAM PUBLIC 20

1.6 UPDATING THE MAESTRO CLI CLIENT

Invoke: or2-update-cli (or2update)

The command retrieves the newest version of Maestro CLI client available on the Internet.

1. Unlike most of CLI commands, this one requires no parameters to run.

2. Some older versions of Maestro CLI client do not support this command. If you encounter a problem

when running it, please download and update the client manually for once.

Command Example

or2update

Response Example

Figure 7 - or2update Response Example

https://orchestration.epam.com/site/develop/public_a=p=i_and_c=l=i/maestro-cli.zip


EPAM PUBLIC 21

1.7 DESCRIBE PROJECTS

Invoke: or2-describe-projects (or2dpro)

Describes all activated projects accessible by current user.

CLI Parameters





-p, --project Project abbreviation in UPSA. To describe several projects,

repeat the parameter: -p project1 –p project2 –p projectN No

-t, --type Region type [EPAM, AWS, AZURE, GOOGLE, Single region] No


Response Elements

Name Description

projectID Project abbreviation in UPSA

Zone Virtualization zone

zoneLocation Physical location of the region

Shapes Available shapes

projectState Current project state

activated Project activation date

deactivated Project deactivation date

defautOwner Email address of the user being the default owner of the project

If your project is not in the list returned by the command, it means, that it is not activated in Cloud. In

this case, before proceeding with other commands, please, address to your Project Manager to submit

a Service Request for activating your project in Cloud.

Command Example

or2dpro –t aws

Response Example

Figure 8 - or2dpro Response Example


EPAM PUBLIC 22

1.8 DESCRIBE REGIONS

Invoke: or2-describe-regions (or2dreg)

Describes available virtualization regions for provided project and user credentials.

CLI Parameters





-p, --project Project abbreviation in UPSA Yes

-t, --type Region type [EPAM, AWS, AZURE, GOOGLE] Yes

-i, --inactive Show inactive regions for the project No


Response Elements

Name Description

Name Virtualization region name

zoneLocation Physical location of the region

Access

EPAM Cloud access level of the user who called the command. There are four levels, each including a group of permitted actions:

• guest: READ, META, VM, STORAGE

• low: READ, META, VM, STORAGE, NEW_RESOURCES

• medium: READ, META, VM, STORAGE, NEW_RESOURCES, KILL_RESOURCES

• advanced: READ, META, VM, STORAGE, NEW_RESOURCES, KILL_RESOURCES, ADVANCED_MANAGEMENT

You can find the details on the actions, included to each group, on the User Permissions page.

virtType The region Virtualization type

orchType The type of orchestrator used

Status The current status of the region

monthSla The region availability statistics, based on the information gathered during the latest four weeks

Coefficient Region billing coefficient

quotaLimit The project quota limit in the region, if any

quotaPolicy Specifies whether quotas are applied to the project, or not

Command Example

This example describes available regions for the specified project.

or2dreg -p project –t aws

https://kb.epam.com/display/EPMCITFAQ/User+Permissions

https://kb.epam.com/display/EPMCITFAQ/User+Permissions


EPAM PUBLIC 23

Response Example

Figure 9 - or2dreg Response Example


EPAM PUBLIC 24

2 WORKING WITH INSTANCES

Instances are the main items of the infrastructure created by a user. To run an instance, you should

specify the following necessary instance parameters:

• The project to which the new instance will be assigned

• The region in which the new instance will be run

• The name of the image to be used to run the instance

• The shape of the image to be run

The image determines the basic configuration of the instance. This includes an Operation system, as

well as the set of default settings. The list of available images can be retrieved by or2-describe-images

command.

The instance shape specifies the capacity of the instance to be created. This includes vCPU number

and RAM memory size. Please, note that the selected shape influences the VM monthly cost.

2.1 DETERMINING AVAILABLE IMAGES

Invoke: or2-describe-images (or2dim)

Use this command to return information about images. If you specify one or more image IDs,

Orchestrator returns information for those images. If you do not specify image IDs, Orchestrator returns

information for all relevant images according to your access rights.

AWS-type regions: this command describes only ‘Project’ (‘Owned by me’) and ‘Enterprise’ images

CLI Parameters



-g, --group

Image group name. Available values: public,

enterprise, project. For several groups repeat the parameter.

Default behavior if not specified: show all groups

No

-i, --image

Image ID. For several images repeat the parameter

Default behavior if not specified: show all images

This parameter is case sensitive

No




-r, --region Virtualization region Yes


Response Elements

Name Description

Id Image ID

description Image description


EPAM PUBLIC 25

Group

Scope of availability for the image. Public typically stands for Linux-based images,

Enterprise – for Windows, and Project stands for custom images created by

project members and available within this project.

size_MB Image size in MB

State Current state of the image

Command Example

This example describes all images available to your user and project in the specified region.

or2dim -p project -r region

Response Example

Figure 10 - or2dim Response Example


EPAM PUBLIC 26

2.2 DETERMINING AVAILABLE SHAPES

Invoke: or2-describe-shapes (or2dshape)

The shape of the VM specifies its capacity, determined by the vCPU number and RAM memory size.

Run the command to find out available instance shapes for your project.

CLI Parameters








Response Elements

Name Description

name Shape name

cpu Shape CPU count

memory_MB Shape memory in MB

disk_drive Available disk types (HDD, SSD)

aws-type AWS shape indication (AWS-type regions only)

storage_GB Default storage size (only for OpenStack-based regions)

flavors The available system disk sizes (only for OpenStack-based regions)

The list of the shapes available in Cloud is given in Annex C – Instance Types and Their Shapes. Some

of these shapes may be not available for your project. To extend the list of the available shapes, please,

submit a corresponding Service Request to HelpDesk.

Command Example

This example describes available shapes for the specified project.

or2dshape -p project -r region

Response Example

Figure 11 - or2dshape Response Example (OpenStack-based region)

https://support.epam.com/


EPAM PUBLIC 27

2.3 RUNNING INSTANCES

Invoke: or2-run-instances (or2run)

Use this command to launch the specified number of instances with provided shape and image.

Instances will be created under Maestro project that is bound to the specified user credentials. Once an

instance is launched, a notification is sent to EPAM user’s e-mail and EPAM Cloud Consulting Team.

Although instance launching procedure is similar for all platforms EPAM Cloud works with, there are

some specifics on instance launch and login for each type of regions:

• EPAM regions:

o If you run Windows instances, use your domain credentials

([email protected]) to access them. This is also true for Linux instances.

o For Linux instances, use the SSH and/or your standard domain credentials

([email protected]).

o Both Windows and Linux instances accept credentials from all members of the specified

project (they are included in the ‘Administrators’ user group).

o Each machine image has a recommended shape. Users can now only run machine

images using recommended shapes (or larger ones).

• AWS regions:

o To connect to Windows instances running on Amazon, run the or2console command

specifying your instance ID, project and region. You will receive an email message

containing the encrypted password in an attached file. Save the attachment or its

content and run the or2dp command specifying the path to your private key and the

path to the file containing the encrypted password. The command will return the

password to use for logging in to your VM via the RDP connection.

o The connection to Linux instances on Amazon is performed only via SSH key

• Azure regions:

o When a VM (either Windows or Linux) creation is initiated, you, as the requesting user

(the instance owner), will get a letter containing credentials for access to this VM

remotely. These credentials are generated only once and will not be available for

reference anywhere except this letter. Please save them properly for further usage.

• Google regions:

o For Linux instances, an SSH key is mandatory for VM launch and login. The usernames

depend on the VM image:

Image Username

CentOS6_64-bit centos

Debian8_64-bit debian

Ubuntu16.04_64-bit Ubuntu

o For Windows instances, SSH keys are not supported for VM launch. However, to login

to a Windows VM, use the or2console command specifying an SSH key. The key must

always be of 2048 size. You will receive an email message containing the encrypted

password in an attached file. Save the attachment or its content and run the or2dp

command specifying the path to your private key and the path to the file containing the

encrypted password. The command will return the password to use for logging in to

your VM via the RDP connection.



EPAM PUBLIC 28

• EPAM-MAC region:

o Hardware Mac: use your MacOS IP address or DNS name in the VNC client. For

Authentication, use the uppercase abbreviation of your project in UPSA, then log in with

the user/user credentials.

We strongly recommend changing your credentials after the first login!

o Virtual Mac: connect to your VM via the VNC client using your project abbreviation in

UPSA as the password and log in with your domain credentials (without @epam.com).

Please note that the domain credentials are case sensitive.

We strongly recommend changing the default credentials after the first login and

enabling access via the VNC standalone client!

CLI Parameters


-g,

--ansible-group

Add instance to an existing Ansible group. For several

groups repeat the parameter:

-g groupName1 -g groupName2 -g groupNameN

No

-c, --count * Instances count. Maximum allowed value: 5. Default value if

not specified: 1 No

-d, --description Description property alias. Can be used to assign custom

instance descriptions displayed by the "or2din" command No

-e, --expiration **

A time point the instance will be stopped at. Use the ISO

8601 date format: ‘yyyy-MM-ddTHH:mm’ or shift in hours

‘hH’.

No


-i, --image Machine Image Yes

-a, --ip-address IP address. Applicable only for OpenStack zones No

-k, --key-name Name of an existing keypair to associate with this instance.

This option is mandatory for running Linux instances in AWS. No

--max-price Max price for the spot instance ($ per hour). Is required with

--spot flag. Applicable only for AWS zones. No

-n, --network

UUID of the network in which the instance(s) will be

launched. If not specified, the default network will be used.

Repeat the parameter to specify several networks (e.g. -n

networkUUID1 -n networkUUID2)

No

-P,

--plain-output Use plain output instead of default table output No




-t,

--script-name

Script to launch. To specify script parameters with their

values, use the following syntax:

-t "<scriptName>:value1#value2"

No

-S, --security-group

Name of the security groups in which the instance(s) will be

launched. If not specified, the default security group will be

used. Repeat the parameter to specify several security

groups (e.g. -S sg1 -S sg2)

No

-s, --shape*** Instance type in format <shapeName>.<diskType>.<flavor>. Yes


EPAM PUBLIC 29

CLI Parameters

--spot

Request spot instance. Applicable only for AWS zones.

Default: false No


* Maximum count can be limited on Orchestrator side (Use system property "virt.max.instances.count", default value is 5) ** 1. To reset the expiration timer a user should restart the VM (or stop and start it again); 2. A VM can be launched with a new expiration parameter, if required. 3. If a user sends a command to reboot/shutdown a VM as a system user (via SSH or RDP) this timer will not be reset. ***In the EPAM-BY2 region, you can specify whether the VM should have HDD or SSD storage. For SSD, add the .SSD indicator to the shape name (for example, -s MEDIUM.SSD). You can also specify instance flavor – the size of the system disk (100, 200, 300, 500 GB), in case this facility is activated for the project by the previous request.

You can run instances under the personal projects. Such instances can be convenient for testing,

training, and estimations, and are free of charge. However, they have a number of limitations. The

details on personal project usage, their quotas and limitations are given in the Quick Start

Guide (Chapter 7: Personal Quotas and Projects).

Response Elements

Name Description

instanceID Service provider specific instance ID

dnsName Instance DNS name

privateIP Private IP assigned to the instance

state instance state

guestOS Operating System running on the instance

owner Owner of the instance

image Template used to launch the instance (optional)

shape Hardware shape of the instance

In case you are running several instances at once and CLI returns an error (for example, you have reached

the project quota), it is possible, that some of the requested resources were still launched and you are set

as the owner of these resources. Please, use the or2din command to check it.

Command Example

This example runs one instance with specified image and shape. This instance will be tagged with

maestro:project-id according to the user’s credentials.

or2run -p project -i image -s medium -r region

If your instance encounters a problem during launch and remains in the ‘starting’ state for 5 hours, it is

terminated automatically.

https://cloud.epam.com/site/learn/quick_start/ciug_2_cli_quick_start.pdf

https://cloud.epam.com/site/learn/quick_start/ciug_2_cli_quick_start.pdf


EPAM PUBLIC 30

Response Example

Figure 12 - or2run Response Example

2.4 STOP (PAUSE) INSTANCES

Invoke: or2-stop-instances (or2stop)

Use this command to stop the specified instances. You can only stop permitted instances, in accordance

with your project abbreviation in UPSA:

If you stop an instance, its expiration timer will be reset.

CLI Parameters


-c, --force Force to stop instances. Default: false No


-i, --instance Instance ID For several instances repeat the parameter: -i ID1 -i

ID2 -i IDN. Yes



-p, --project Project abbreviation in UPSA No*

-r, --region Virtualization region No*

-rg, --

resourceGroup Indicates the necessary resource group for work with Azure No


*The ‘project’ and ‘region’ parameters are mandatory when several instance IDs are sent in the

command. When only one instance ID is sent, the ‘project’ and ‘region’ parameters may be omitted.

Response Elements

Name Description


dnsName DNS name assigned to the instance


state Instance state

requested Instance request timestamp

Command Example

This example shows the common case of stopping an instance.

or2stop -i instance_id -p project -r region


EPAM PUBLIC 31

Response Example

Figure 13 - or2stop Example Response

2.5 START (RESUME) INSTANCES

Invoke: or2-start-instances (or2start)

Starts stopped instances. You can only start permitted instances, in accordance with your project

abbreviation in UPSA

CLI Parameters


-e, --expiration*

A time point the instance will be stopped at. Use the ISO 8601

date format: ‘yyyy-MM-ddTHH:mm’ or shift in hours ‘hH’.

This option is not available for AWS-type regions.

No


-i, --instance Instance ID For several instances repeat the parameter: -i ID1

-i ID2 -i IDN. Yes





-rg, --resourceGroup Indicates the necessary resource group for work with Azure No


1. To reset the expiration timer a user should restart the VM (or stop and start it again). 2. A VM can be launched with a new expiration parameter, if required. 3. If a user sends a command to reboot/shutdown a VM as a system user (via SSH or RDP) this timer will not be reset.

*The ‘project’ and ‘region’ parameters are mandatory when several instance IDs are sent in the command. When only one instance ID is sent, the ‘project’ and ‘region’ parameters may be omitted

Response Elements

Name Description



Command Example

This example starts one instance with specified instance ID.


EPAM PUBLIC 32

or2start -i instance_id -p project -r region


EPAM PUBLIC 33

Response Example

Figure 14 - or2start Response Example

2.6 REBOOT INSTANCES

Invoke: or2-reboot-instances (or2reboot)

The command reboots specified instances. You can only reboot permitted instances, in accordance with

your project abbreviation in UPSA

1. If you reboot an instance, its expiration timer will be reset (this does not concern AWS-type regions).

2. or2reboot command is not supported in Google regions.

CLI Parameters


-c, --force Force to reset instances. Default: false No


-i, --instance Instance ID For several instances repeat the parameter: -i ID1 -

i ID2 -i IDN. Yes



-p,--project Project abbreviation in UPSA No*


-rg,

--resourceGroup Indicates the necessary resource group for work with Azure No


*The ‘project’ and ‘region’ parameters are mandatory when several instance IDs are sent in the

command. When only one instance ID is sent, the ‘project’ and ‘region’ parameters may be omitted

Response Elements

Name Description

instanceID Service provider specific instance ID of the rebooted instance


privateIp Private IP assigned to the instance

state State of the instance (PoweredOn/PoweredOff/Rebooting)


Command Example

This example reboots one instance with specified instance ID.

or2reboot -i instance_id -p project -r region


EPAM PUBLIC 34

Response Example

Figure 15 - or2reboot Response Example

2.7 TERMINATE INSTANCES

Invoke: or2-terminate-instances (or2kill)

Use his command to terminate the specified instances. You can only terminate permitted instances, in

accordance with your project abbreviation in UPSA.

CLI Parameters



-i, --instance Instance ID For several instances repeat the parameter: -i ID1 -i

ID2 -i IDN. Yes





-y Automatic confirmation No

--permanently Terminates the instance permanently without an attempt to place

it in the Recycle Bin No

-rg, --

resourceGroup Indicates the necessary resource group for work with Azure No


Response Elements

Name Description






Command Example

This example shows the common case of terminating an instance with specified ID.

or2kill -i instance_id -p project -r region


EPAM PUBLIC 35

Response Example

Figure 16 - or2kill Response Example

2.8 LOCK INSTANCE TERMINATION

Invoke: or2-lock-instance-termination (or2lock)

Use his command to prohibit termination of a specific instance. When called second time for the same

instance, the command will release the lock.

CLI Parameters



-i, --instance The ID of the instance to be locked from termination Yes






Command Example

This example shows the common case of instance termination prohibition:

or2lock -i instance_id -p project -r region

Response Example

Figure 17 - or2lock Response Example

If the or2lock command specifies an AWS region and an AWS instance, the VM will be locked for

termination not only by the Orchestrator tools, but also by the native AWS tools.

or2lock –p project –r AWS-REGION –i instance_ID

The same command used on a locked instance will allow its termination again.

Figure 18 - or2lock command repeated to allow instance termination


EPAM PUBLIC 36

2.9 DESCRIBE EXISTING INSTANCES

Invoke: or2-describe-instances (or2din)

Use this command to return information about instances that you own. If you specify one or more

instance IDs, Orchestrator returns information for those instances. If you do not specify instance IDs,

Orchestrator returns information for all relevant instances according to your access rights.

User will see only permitted instances. Permission rights are bound to the provided credentials. Usually,

remote resources are filtered by the -p (--project) parameter. This parameter will be resolved on the

Orchestrator side from the provided user credentials.

CLI Parameters


-a, --audit

Switches the output to Audit mode. The list of the VMs will

be accompanied by the following information: Instance ID

and DNS name, shape, state, description, requested date

and time, the owner, the date and time of the last event on

the VM, the name of the person who performed the latest

change.

No

-d, --inSchedule Show only VMs present in the specified schedule No

-e, --propertyExistence Show only instances with the specified key No

--full Show full command output instead of default basic one. Full

output includes AWS availability zone No


-i, --instance Instance ID. For several instances repeat the parameter. No

-l, --property Show only instances with the provided ‘key=value’

properties. For several properties repeat the parameter. No

-o, --onlyIds Show only instance IDs, one per line No



-p, --project Project abbreviation in UPSA No

-r, --region Virtualization region. Use several times to find information

on instances in several regions No

-S, --service Service name. To describe instances for all

services, type 'any'. No

-s, --instanceState Show only VMs with the provided state. For several states

repeat the parameter. No

-u, --output Show only the field specified as csv. No

-v, --vlan Show only instances within the specified VLAN No

-w, --owner Email or 'Name Surname' of instance owner for report

generation. No

-x, --regexp

Show only instances with the provided ‘key=value’

properties. For several properties repeat the parameter.

Values are treated like regular expressions.

No


EPAM PUBLIC 37

Response Elements

Name Description


instanceName Instance name



state State of the instance

guestOS Instance OS*.

owner Owner of the instance

Image Template used to launch the instance (optional)

shape Hardware shape of the instance

description Custom instance description (See Set Instance Properties)

*This functionality is limited on AWS due API restrictions. You can only see, whether your instances

running in this region have Windows as guest OS or not.

Command Example

This example describes the current state of the instances mapped to your user ID.

or2din -p project -r region

Response Example

Figure 19 - or2din General Response Example

Command Example

This example describes only stopped instances of the specified owner:

or2din -p project -r region -i instance_id -s stopped -w

[email protected]

Response Example

Figure 20 - or2din Response Example with Filters


EPAM PUBLIC 38

2.10 CHANGING INSTANCE SHAPE

Invoke: or2-change-shape (or2chshape)

Changes the instance shape to a larger or smaller one. The target VM should be stopped before you

initiate shape change.

CLI Parameters




-i, --instance The ID of the instance to change Yes




-r, --region Virtualization Region Yes

-s, --shape New shape Yes

This command is not available in AWS, Microsoft Azure and Google Cloud regions.

Command Example

or2chshape -r region -p project -i instance_id -s MEDIUM

Response Example

Figure 21 - or2chshape Response Example


EPAM PUBLIC 39

2.11 CHANGING INSTANCE OWNER

Invoke: or2-change-owner (or2chow)

Changes the owner of an instance or file resource.

CLI Parameters


-e, --email New owner’s email, case-insensitive Yes



-f, --file-type File type for file resources [script, eo-template, cf-

template, zabbix-template, blueprint] No

-n, --resource-name Resource name [Instance ID (case-sensitive) or

Instance Name (case-insensitive), file name] Yes




-t, --resource-type Type of resource [instance, file]. Default: INSTANCE No

Response Elements

Name Description

instanceId Instance ID

name Instance name

zone Virtualization region

owner New owner of the instance


Command Example

or2chow -p project –n instance_name -e [email protected]

Response Example

Figure 22 - or2chow Response Example


EPAM PUBLIC 40

2.12 VIEW POOL STATE

Invoke: or2-view-pool-state (or2vps)

To estimate the time needed for running a new instance, you can use the or2vps command. Creating

an instance from an image available in the pool will take less time than from the other images.

The or2-view-pool-state command shows current state of instance pool for the specified region.

CLI Parameters







Response Elements

Name Description

imageName Machine image name

quantity Number of instances available in the pool

Command Example

or2vps -r region

Response Example

Figure 23 - or2vps Response Example


EPAM PUBLIC 41

2.13 DESCRIBE VLANS

Invoke: or2-describe-vlans (or2dvlans)

Describes Virtual Local Area Networks (VLAN) available for specified availability region and project

CLI Parameters








Response Elements

Name Description

name VLAN name

description VLAN description

Command Example

This example describes existing VLANs for the specified project and region:

or2dvlans -p project -r region

Response Example

Figure 24 - or2dvlans Response Example


EPAM PUBLIC 42

2.14 MOVE INSTANCE TO VLAN

Invoke: or2-move-instance-to-vlan (or2mivlan)

Moves an instance to another VLAN activated for the current project and availability region

In order to move between VLANs instances must be in the ‘stopped’ state.

CLI Parameters



-i, --instance Instance ID Yes





-v, --vlan Target VLAN ID Yes


Response Elements

Name Description

result States whether the command has been run successfully

Command Example

This command reads the specified template and stores it to the specified local file:

or2mivlan -p project -r region -i instance_ID -v vlan_id

Response Example

Figure 25 - or2mivlan Response Example


EPAM PUBLIC 43

3 SCHEDULING INSTANCE ACTIVITIES

EPAM Orchestrator allows scheduling instances manipulation so that their state is automatically

changed when needed, allowing to optimize the infrastructure load and costs.

The schedules are set up with cron expressions that are to be specified in the or2-create-schedule CLI

command according to the specific rules.

Maestro CLI allows you to create a schedule, retrieve its info and delete. All these action are performed

with different CLI commands described below in this section.

When working with cron and setting time values, GMT+0 time is used.

3.1 CREATE SCHEDULE

Invoke: or2-create-schedule (or2addsch)

Creates a new schedule to start or stop existing instances using cron expressions.

CLI Parameters


-a, --action An action to be performed by the schedule. ID of the

checkpoint to be deleted. Valid values: start, stop. Yes

--all Set schedule for all instances in a region. Default: false No

-c, --cronExpression Time point as cron expression Yes

-d, --description Schedule description No


-i, --instance ID of an instance affected by the schedule No

-n, --name Schedule name Yes





-t, --tag Set schedule for instances with tag. Tag format:

'prefix:key=value'. Default prefix is 'user', default key is 'tag' No


Response Elements

Name Description

name Schedule name

project UPSA abbreviation of the project the schedule is assigned to

region Virtualization region the schedule is active for

cron Time point as cron expression

action Action performed by the schedule


EPAM PUBLIC 44

Command Example

The example below schedules the specified instance to start on January 1, 2014 at 0:00 am:

or2addsch -a start -c “0 0 0 1 1 ? 2014” -i instance_id -n sample_schedule

-p project -r region

Response Example

Figure 26 - or2addsch Response Example


EPAM PUBLIC 45

3.2 DESCRIBE SCHEDULES

Invoke: or2-describe-schedules (or2dsch)

Describes previously created and available schedules.

In order to see the list of instances affected by a schedule, provide the --full parameter

CLI Parameters





-n, --name Schedule name. For several schedules, repeat the parameter:

-n sch1 -n sch2 -n schN No




Response Elements

Name Description

name Schedule name

project UPSA abbreviation of the project the schedule is assigned to

region Virtualization region the schedule is active for

cron Time point as cron expression

action Action performed by the schedule

creationTime Date and time of schedule creation

lastExecuteTIme Date and time of last schedule execution

owner Instance owner

type Schedule type (INSTANCE, REGION or TAG)

Command Example

This example describes available schedules for the specified project.

or2dsch -p project -r region

Response Example

Figure 27 - or2dsch Response Example


EPAM PUBLIC 46

3.3 ADD INSTANCE TO SCHEDULE

Invoke: or2-schedule-add-instances (or2schaddi)

Adds an instance to the existing schedule.

CLI Parameters







-i, --instance Instance ID. For several instances, repeat the parameter Yes



Instances cannot be added to schedules created for the entire region (with the --all option) or for

instances with tags (with the -t/--tag) option.

Command Example

This command example adds the specified instance to the schedule.

or2schaddi -p project -r region -i instance_id -n schedule_name

Response Example

Figure 28 - or2schaddi Response Example


EPAM PUBLIC 47

3.4 REMOVE INSTANCE FROM SCHEDULE

Invoke: or2-schedule-remove-instances (or2schremi)

Removes an instance from the existing schedule

CLI Parameters







-i, --instance Instance ID. For several instances, repeat the parameter Yes



Instances cannot be removed from schedules created for the entire region (with the --all option) or for

instances with tags (with the -t/--tag) option.

Command Example

This command example removes the specified instance from the schedule.

or2schremi -p project -r region -i instance_id -n schedule_name

Response Example

Figure 29 - or2schremi Response Example


EPAM PUBLIC 48

3.5 DELETE SCHEDULE

Invoke: or2-delete-schedule (or2delsch)

Deletes a previously created schedule.

CLI Parameters



-n, --name Name of the schedule to be deleted Yes






Response Elements

Name Description

name Schedule name

status Current status of the schedule

Command Example

This command example deletes the specified schedule.

or2delsch -n sample_schedule -p project -r region

Response Example

Figure 30 - or2delsch Response Example


EPAM PUBLIC 49

3.6 CRON REFERENCE

EPAM Cloud Orchestrator uses generic cron rules to specify time points for operation scheduling.

Below is an extract of cron rules, taken from the quartz-scheduler.org. For additional information, please

see the source page.

Cron expressions are comprised of 6 required fields and one optional field separated by white space.

The fields respectively are described as follows:

Field Name Allowed Values Allowed Special Characters

Seconds 0-59 , - * /

Minutes 0-59 , - * /

Hours 0-23 , - * /

Day-of-month 1-31 , - * ? / L W

Month 1-12 or JAN-DEC , - * /

Day-of-Week 1-7 or SUN-SAT , - * ? / L #

Year (Optional) empty, 1970-2199 , - * /

The '*' character is used to specify all values. For example, "*" in the minute field means "every minute".

The '?' character is allowed for the day-of-month and day-of-week fields. It is used to specify 'no specific

value'. This is useful when you need to specify something in one of the two fields, but not the other.

The '-' character is used to specify ranges. For example, "10-12" in the hour field means "the hours

10, 11 and 12".

The ',' character is used to specify additional values. For example, "MON,WED,FRI" in the day-of-week

field means "the days Monday, Wednesday, and Friday".

The '/' character is used to specify increments. For example, "0/15" in the seconds field means "the

seconds 0, 15, 30, and 45". And "5/15" in the seconds field means "the seconds 5, 20, 35, and 50".

Specifying '*' before the '/' is equivalent to specifying 0 is the value to start with. Essentially, for each

field in the expression, there is a set of numbers that can be turned on or off. For seconds and minutes,

the numbers range from 0 to 59. For hours 0 to 23, for days of the month 0 to 31, and for months 1 to

12. The "/" character simply helps you turn on every "nth" value in the given set. Thus "7/6" in the month

field only turns on month "7", it does NOT mean every 6th month, please note that subtlety.

The 'L' character is allowed for the day-of-month and day-of-week fields. This character is short-hand

for "last", but it has different meaning in each of the two fields. For example, the value "L" in the day-

of-month field means "the last day of the month" - day 31 for January, day 28 for February on non-

leap years. If used in the day-of-week field by itself, it simply means "7" or "SAT". But if used in

the day-of-week field after another value, it means "the last xxx day of the month" - for

example "6L" means "the last Friday of the month". You can also specify an offset from the last day

of the month, such as "L-3" which would mean the third-to-last day of the calendar month. When

using the 'L' option, it is important not to specify lists, or ranges of values, as you'll get

confusing/unexpected results.

The 'W' character is allowed for the day-of-month field. This character is used to specify

the weekday (Monday-Friday) nearest the given day. As an example, if you were to specify "15W" as

http://www.quartz-scheduler.org/documentation/quartz-2.1.x/tutorials/crontrigger.html


EPAM PUBLIC 50

the value for the day-of-month field, the meaning is: "the nearest weekday to the 15th of the month".

So if the 15th is a Saturday, the trigger will fire on Friday the 14th. If the 15th is a Sunday, the trigger

will fire on Monday the 16th. If the 15th is a Tuesday, then it will fire on Tuesday the 15th. However, if

you specify "1W" as the value for day-of-month, and the 1st is a Saturday, the trigger will fire on Monday

the 3rd, as it will not 'jump' over the boundary of a month's days. The 'W' character can only be specified

when the day-of-month is a single day, not a range or list of days.

The 'L' and 'W' characters can also be combined for the day-of-month expression to yield 'LW', which

translates to "last weekday of the month".

The '#' character is allowed for the day-of-week field. This character is used to specify "the nth" XXX

day of the month. For example, the value of "6#3" in the day-of-week field means the third Friday of

the month (day 6 = Friday and "#3" = the 3rd one in the month). Other examples: "2#1" = the first

Monday of the month and "4#5" = the fifth Wednesday of the month. Note that if you specify "#5"

and there is not 5 of the given day-of-week in the month, then no firing will occur that month. If the '#'

character is used, there can only be one expression in the day-of-week field ("3#1,6#3" is not valid,

since there are two expressions).

The legal characters and the names of months and days of the week are not case sensitive.

NOTES:

Support for specifying both a day-of-week and a day-of-month value is not complete (you'll need to use

the '?' character in one of these fields).

Overflowing ranges is supported - that is, having a larger number on the left hand side than the right.

You might do 22-2 to catch 10 o'clock at night until 2 o'clock in the morning, or you might have NOV-

FEB. It is very important to note that overuse of overflowing ranges creates ranges that don't make

sense and no effort has been made to determine which interpretation CronExpression chooses. An

example would be "0 0 14-6? * FRI-MON".


EPAM PUBLIC 51

4 INSTANCE PROPERTIES

The commands in this section are used to create and manipulate user-defined metadata, known as

properties.

4.1 SET INSTANCE PROPERTIES

Invoke: or2-set-instance-properties (or2setp)

Assigns user-defined metadata to instances.

If you would like to use default auto-configuration provided by Orchestrator for instances in AWS-type

regions, launched from Amazon EC2 console, please assign the following property to each of them:

op_orch_ip=https://config.orchestration.epam.com/orchestration

CLI Parameters


-a, --append Append the specified properties in case target instance already

has corresponding keys. Default: false No

-c, --chefattribute

Chef attribute property alias. Use “=” as a delimiter for

name=value format. For several chef attributes repeat the

parameter

No

-h, --chefrole

Chef role property alias. For several chef roles

repeat the parameter: --chefrole value1 --chefrole value2

--chefrole valueN.

No

-d, --description

Description property alias. Multiple values are not supported.

Can be used to assign custom instance descriptions to be

viewed using the "or2din" command (See Describe Instances)

No



-i ID2 -i IDN. Yes




-t, --property

Property name=value pair. Use "=" as delimiter. For several

properties repeat the parameter: --property name1=value1 --

property name2=value2 --property nameN=valueN*

No


-s, --secure Marks the property as secure, so that its value will be hidden

when properties are described No

-v, --volume Volume ID. For several volumes repeat the parameter:

-v Vol1 -v Vol2 -v VolN No


When running the command, you should specify either the --property or --chefattribute and --chefrole

combination.


EPAM PUBLIC 52

Please note that when you use the or2-set-properties command for auto configuration purposes, it will

have no effect on the instances, based on the following images:

• CentOS5_64-bit

• Ubuntu10.04_32-bit

• Ubuntu10.04_64-bit

Response Elements

Name Description

status Property status

name Property name

value Property value

resource ID of the resource for which the property is set

resourceType Type of the resource for which the property is set

1. The following symbols are NOT accepted when used in key or value for this command: < > ( ) + &

^ * \ | "

2. If you use this command for a Windows instance, please, encase the ‘-t’ parameter in quotes i.e.

"key=value"

Command Example

This example sets several properties to an instance.

or2setp -p project -r region -i instance_id -t property1=1 -t property2=2

Response Example

The command returns a list of newly set instance properties.

Figure 31 - or2setp Response Example

Alias Usage

A command with chef alias can look as follows:

or2setp -i EVBYMINSD121CT3 -h java -c "version=1.7"


EPAM PUBLIC 53

4.2 DESCRIBE INSTANCE PROPERTIES

Invoke: or2-describe-instance-properties (or2getp)

Retrieves user-defined metadata from instances.

CLI Parameters




-i ID2 -i IDN. Yes

-n, --name

Property name. For several properties repeat the parameter: -

n property-name1 -n property-name2 -n property-nameN. If not

specified, returns a list of all properties assigned.

Default: []

No





-v, --volume Volume ID. For several volumes repeat the parameter:

-v Vol1 -v Vol2 -v VolN No


Response Elements

Name Description

name Property name

value Property value

resource ID of the resource for which the property is set

resourceType Type of the resource for which the property is set

Command Example

This example requests the properties of the specified instance:

or2getp -p project -r region -i instance_id

Response Example

The command returns a list of properties assigned to an instance:

Figure 32 - or2getp Response Example


EPAM PUBLIC 54

4.3 DELETE INSTANCE PROPERTIES

Invoke: or2-delete-instance-properties (or2delp)

Use this command to delete user-defined metadata from instances.

CLI Parameters


-a, --all Specify this parameter to delete all properties assigned to a

specified instance. Default: false. No



-i ID2 -i IDN. Yes

-n, --name

Property name. For several properties repeat the parameter: -

n property-name1 -n property-name2 -n property-nameN

Default: []

No





-v, --volume Volume ID. For several volumes, repeat the parameter: -v

volume ID1 -v volumeID2 -v volume IDN No


Command Example

This example deletes specific properties, assigned to an instance:

or2delp -p project -r region -i instance_id -n property_1 -n property_2 -n

property_3 -n property_4

Response Example

Figure 33 - or2delp Response Examples


EPAM PUBLIC 55

5 CREATING IMAGES

EPAM Orchestrator allows to create images from the existing instances. This allows to save the

existing settings and data and to create the necessary number of copies.

5.1 CREATE AN IMAGE

Invoke: or2-create-image (or2cim)

Use this command to create an image based on the instance and its storages. The image can be used

later to run new identical instances.

1. The created image will only be available for a single project (the one you use to create it).

2. Make sure to stop the instance and perform all preliminary requirements for image creation

before creating its image. (See 5.3. Preparing Instances for Image Creation).

3. Image name length should be in range 3-63 and can only contain digits ('0-9'), letters ('a-z', 'A-

Z'), dashes ('-'), underscores ('_'), round parentheses (‘()’), square parentheses (‘[]’) and the at sign

(‘@’).

4. Image description should be in range 5-100 inclusive. A semicolon is not allowed.

5. In OpenStack regions, an image can be created only from instances that do not have additional

volumes.

6. In Google regions, you can use for image name lowercase letters ('a-z'), digits ('0-9') if not on the

first place and hyphens if not on first or last place.

7. All instances launched using the custom images will not be included in epam.com domain and

will be assigned a standard DNS name. You will only be able to login to these instances using their

IP addresses. To have your VM included in the epam.com domain, make a request to the

support.epam.com in the category EPAM Cloud -> Unspecified Request.

CLI Parameters


-d, --description Image description Yes



-n, --name Image name Yes*






* While still required for AWS-type regions, this parameter will be shown in EC2 Management Console as ‘Source’, while the ‘Name’ field will remain empty.

Response Elements

Name Description

id Image id


https://support.epam.com/esp/ess.do


EPAM PUBLIC 56

group Image availability scope

state Current state of the image

Command Example

or2cim -r region -p project -i instance_id -n image_name –d description

Response Example

Figure 34 - or2cim Response Example

When the image is ready, it will be available in the list of machine images returned by the ‘or2dim’

command. The detailed description of the ‘or2dim’ command can be found in the respective section of

the Guide.


EPAM PUBLIC 57

5.2 DELETE IMAGE

Invoke: or2-delete-image (or2delim)

Use this command to delete custom machine images.

In AWS-type regions this command is only available for ‘Project’ images.

CLI Parameters



-i, --image ID of the image to be deleted. Yes





-y Provide this parameter for automatic command confirmation No


Response Elements

Name Description

id Image id


group Image availability scope

state Current state of the image

Command Example

or2delim -i image_id -p project -r region -y

Response Example

Figure 35 - or2delim Response Example


EPAM PUBLIC 58

5.3 PREPARING INSTANCES FOR IMAGE CREATION

The instruction below is actual for the instances in private regions and is not applicable for work in AWS

and Google Cloud regions.

Please see the information about virtual machines preparation in Microsoft Azure regions in the

respective sections describing workflows for Windows and Linux instances.

5.3.1 Windows OS Family

Remove static IP settings (if applicable), configure DHCP respectively.

Figure 36 - TCP/IP Configuration (Windows)

Create a user account and assign administrator privileges to it:

1. Click Start -> Control Panel

2. Click User Accounts

3. In a window that opens click Manage User Accounts

4. Move to the Advanced tab in the User Accounts window and click Advanced

5. Choose the Users group in the left part of the window that opens, then right-click on the right

part of the window and choose New user

6. Provide the data requested in the New user window and click Create to complete creation


EPAM PUBLIC 59

Figure 37 - Creating Local Windows User

7. Return to the User Accounts window and click Manage User Accounts

8. Select the newly created user name in the User Accounts window and click Properties

9. Move to the Group Membership tab within the Properties window, choose the Administrator

option and click Apply.


EPAM PUBLIC 60

Figure 38 - Assigning Administrator Privileges to a Windows User

Make sure you remember these credentials. You will only be able to login to all instances, launched on

the created template using them.


EPAM PUBLIC 61

10. Open Control Panel -> System and Security -> System. Click Change Settings.

11. In the System Properties window, click Change for the To rename the computer or change

its domain or workgroup option.

12. Exclude guest OS from domain:

Figure 39 - Excluding Guest OS from Domain (Windows)

13. Rename guest OS by replacing digits at the end of its name with xxxx characters:

Figure 40 - Renaming Guest OS (Windows)

At this point, the system may prompt for reboot. Do not reboot the VM, continue with Step 15 instead.

14. Run the following command in Windows console

ipconfig /release && shutdown -s -t 0

5.3.1.1 Preparing VMs in Microsoft Azure Regions

For virtual machines running in Microsoft Azure regions, use the Windows console to change the

directory to %windir%\system32\sysprep, then run sysprep.exe.

Make the following settings in the System Preparation Tool dialog window:

1. In the System Cleanup Action field, select the Enter System Out-of-Box Experience

(OOBE) option and check the Generalize checkbox.

2. In the Shutdown Options field, select Shutdown.


EPAM PUBLIC 62

Figure 41 - Rebooting a VM in Azure region

This reboots and stops the VM. After the command execution, the VM is ready for image creation.

5.3.2 Linux OS Family

1. Remove static IP and any hardware-related settings (e.g. MAC address), if applicable. Set up

DHCP by editing configuration file.

For example:

RHEL-family - /etc/sysconfig/network-scripts/ifcfg-eth0

Debian-family - /etc/network/interfaces

2. Create a local user account:

RHEL-family:

# useradd username

# passwd username

Debian-family:

# adduser username

Adding user `username' ...

Adding new group `groupname' (1003) ...

Adding new user `username' (1004) with group `groupname' ...

Creating home directory `/home/username' ...

Copying files from `/etc/skel' ...

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

Changing the user information for username


EPAM PUBLIC 63

Enter the new value, or press ENTER for the default

Full Name []: <Full Name>

Room Number []: <room number>

Work Phone []: <Phone>

Home Phone []: <Phone>

Other []: <Other>

Is the information correct? [Y/n] Y

Add the administrator rights to the user by editing the /etc/sudoers file as follows:

username ALL=(ALL:ALL) ALL

3. Remove UDEV settings for network devices, if applicable, by deleting all strings from /etc/udev/rules.d/70-persistent-net.rules

4. Rename guest OS by replacing digits at the end of its name with xxxx characters.

For example:

RHEL-family - /etc/sysconfig/network

Debian-family - /etc/hostname

Please be aware that the path for CentOS7 is similar to the path for Debian.

5. Modify guest OS name in DHCP client settings by replacing digits at the end of its name with

xxxx characters.

For example:

/etc/dhclient-eth0.conf.

5.3.2.1 Preparing VMs in Microsoft Azure Regions

For virtual machines running in Microsoft Azure regions, perform the following steps:

1. Connect to your VM via SSH.

2. Type the following command in the SSH window:

sudo waagent -deprovision+user

The command output may vary depending on the utility version.

This command is used to clean the system and prepare it for image creation. The following

actions are performed:

- SSH host keys are removed

- nameserver configuration in /etc/resolvconf is cleared

- the root user’s password is removed from /etc/shadow

- cached DHCP client leases are removed

- the host name is reset to localhost.localdomain

- the last provisioned user account (obtained from /var/lib/waagent) and the associated

data is deleted


EPAM PUBLIC 64

3. Type y to continue. To avoid this step, add the -force parameter to the command.

4. Type exit. This closes the SSH client.

6 SECURITY AND CONNECTION

This Section lists a set of commands used to connect to your VMs and to provide their security.

Please note that the commands related to Static IPs manipulation have different effect for AWS and

EPAM-based infrastructure. In AWS, they deal with public IPs, and the manipulations do not need the

VM to have any specific state. In EPAM Cloud, these commands deal with private IPs, and you will have

to stop your VM before initiating any IP changes.

6.1 CREATE KEY PAIR

Invoke: or2-create-keypair (or2addkey)

With this command you can create a key pair used to access instances without the need to provide login

credentials. Key pairs consist of a public key (stored in Orchestrator) and a private key, stored locally in

‘..\maestro-cli\out\{YOUR_PROJECT_NAME}\’ folder.

CLI Parameters



-k, --key-name Name of the key to be created Yes





-s, --size Key size, a positive integer specified in bits.

Default: 4096 No


2048 bits is the minimum available key size. If you specify a key size of 2048 bits or less, a 2048-bit key

will be created

Response Elements

Name Description

name Key pair name

owner Key pair owner

project Project the key pair belongs to


EPAM PUBLIC 65

Command Example

or2addkey -p project -r region -k key_name

Response Example

Figure 42 - or2addkey Response Example


EPAM PUBLIC 66

6.2 IMPORT KEY PAIR

Invoke: or2-import-keypair (or2ikey)

Imports the existing key to a specified region.

CLI Parameters




-k, --key-name

Key pair name (to describe a specific key pair). For

several key names repeat the parameter: -k keyname1

-k keyname2 -k keynameN

Yes




-f, --public-key-file Full path to the local public key No

-s, --source-region The region to which the key already exists No

-d, --destination-region The region to which the key should be imported Yes


Response Elements

Name Description

name Key pair name



If the key was created in EPAM Cloud, its public part is stored in Orchestration database, and all you

have to do is specify the region in which the key is already stored and the region where it should be

imported to:

or2ikey -p project -k key_name -s source_region

-d destination_region

If the key is created in AWS and you need to import it to a new AWS region, you will also have to specify

the path to the Public key. For the detailed guidelines on retrieving public AWS keys use the following

links:

o Linux o Windows

A key created with AWS tools will be referenced in EPAM Cloud with the same name that was assigned

to it during the creation.

You can import a key from one Cloud platform to another when needed.

The keys created before November 7, 2015 are incompatible with Azure.

It is impossible to import keys existing keys to Azure regions due to keys processing specifics: the

operation need providing the private key explicitly.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#retrieving-the-public-key

http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-key-pairs.html#retrieving-the-public-key


EPAM PUBLIC 67

Command Example

This example imports a key from one region to another one.

or2ikey -p project -d region -f D:\maestro-

cli\out\PROJECT\REGION\mykey.pem -k mykey

Response Example

Figure 43 - or2ikey Response Example


EPAM PUBLIC 68

6.3 DESCRIBE KEY PAIRS

Invoke: or2-describe-keypairs (or2dkey)

Describes Orchestrator (not AWS) key pairs available for provided project and region

CLI Parameters



-k, --key-name Key name (to describe a specific key pair). For several key names

repeat the parameter: -k keyname1 -k keyname2 -k keynameN No






Response Elements

Name Description

name Key pair name



Command Example

This example describes the keypairs available for the specified project.

or2dkey -p project -r region

Response Example

Figure 44 - or2dkey Response Example


EPAM PUBLIC 69

6.4 DELETE KEY PAIR

Invoke: or2-delete-keypair (or2delkey)

Deletes a specified key pair.

1. Once you delete a key pair, you will not be able to use it to launch new instances. You will still be

able to access launched instances using your private key.

2. The command only deletes public keys, stored in Orchestrator. If you like to delete private keys as

well, please do it manually. Private keys are stored in ‘..\maestro-

cli\out\{YOUR_PROJECT_NAME}\’ folder on your local machine.

CLI Parameters



-k, --key-name Name of the key pair to be deleted Yes






Response Elements

Name Description

name Name of the deleted key pair

owner Owner of the deleted key pair

project Name of the project, the key pair has been assigned to

deleted States whether the key pair has been deleted

Command Example

or2delkey -p project -r region -k key_name

Response Example

Figure 45 - or2delkey Response Example


EPAM PUBLIC 70

6.5 CONSOLE

Invoke: or2-console (or2console)

This command allows activating instance console and getting access credentials for it. To activate the

console for a VM, just run this command and provide all the necessary parameters.

CLI Parameters


-a, --activate Activates access console for the instance No

-e, --expiration Expiration time in hours. Default -1. Max - 9 No








Command Example

or2console -i instance_id -p project -r region

The system responds with the following confirmation: ‘Email with credentials was sent to you’.

Response Example

Figure 46 - or2console Response Example

A message containing the console credentials and the link to the console host is sent to the instance

owner’s email.


EPAM PUBLIC 71

Figure 47 - Console credentials


EPAM PUBLIC 72

6.6 ACCESSING AWS MANAGEMENT CONSOLE

Invoke: or2-aws-management-console (or2awsmc)

The command returns a link by which you can login to AWS Management Console and get access to

AWS services (all but the IAM service).

CLI Parameters







Before you can run this command, please, ask your Project Coordinator to grant you respective

permissions in Manage Cloud wizard (available on Cloud Dashboard for project coordinators only).

Command Example

or2awsmc -p project

Response Example

Figure 48 - or2awsmc Response Example

https://cloud.epam.com/maestro2/ui/home


EPAM PUBLIC 73

6.7 IAM USER MANAGEMENT

Invoke: or2-iam-users (or2iam)

The command allows to describe, delete and set owner for IAM users.

CLI Parameters


-a, --action Action to be performed [describe, delete, setOwner].

Default: describe No

-e, --email EPAM email of the IAM user’s owner for the ‘-a

setOwner’ action No






--reason IAM user deletion reason for the ‘a delete’ action No

-t, --type IAM user type. Allowed values : [aws, google] No

-u, --user-name IAM user name No



Response Elements

Name Description

userName IAM user name

type IAM user type

creationDate IAM user creation date

groupNames IAM user group names

mfaDevicesSerialNumbers Serial numbers of MFA devices

passwordLastUsed Date on which the password was last used

ownerEmail IAM user’s owner email

projectCode Project abbreviation in UPSA

Command Example

or2iam -p project

Response Example

Figure 49 – or2iam Response Example



EPAM PUBLIC 74

6.8 ACCESSING AZURE MANAGEMENT CONSOLE

Invoke: or2-azure-management-console (or2azmc)

The command allows you to login to your project console on Azure Portal and sends you a notification

with login instructions.

CLI Parameters







Before running this command, please make sure that the project is activated in Azure.

Command Example

or2azmc -p project

Response Example

Figure 50 - or2azmc Response Example

https://portal.azure.com/


EPAM PUBLIC 75

6.9 ACCESSING GOOGLE MANAGEMENT CONSOLE

Invoke: or2-google-management-console (or2goomc)

The command returns a link by which you can login to Google Management Console and get access to

Google Cloud Platform services.

CLI Parameters






Access to the console is provided for all projects activated in Google Cloud to which you are assigned.

When you access the Google Cloud Platform dashboard, you can select the project under which you

will be working.



Command Example

or2goomc



EPAM PUBLIC 76

6.10 DECRYPTING INSTANCE PASSWORD

Invoke: or2-decrypt-password (or2dp)

Decrypts the password obtained in or2console mail message (for AWS and Google Cloud Platform).

CLI Parameters


--full Show full command output Default: false No

--help Display command help Default: false No

-e, --encrypted-password Full path to the file containing password to be

decrypted

Yes

-P, --plain-output Use plain output view Default: false No


-p, --private-key-file Path to the file containing private key Yes

-y Provide this parameter for automatic command

confirmation

No

Response Elements

Name Description

decrypted The decrypted password

Command Example

This example shows decrypting an encrypted password.

or2dp -p private-key-file-path -e encrypted-password-file-path


EPAM PUBLIC 77

6.11 ALLOCATING A STATIC IP FOR A PROJECT

Invoke: or2-allocate-static-ip (or2alsip)

Allocates a static IP for the specified project in the given region.

CLI Parameters


-d, --domain Show Elastic IP addresses for use with instances in EC2-

Classic or instances in a VPC. Applicable only for AWS

regions. Available domain types: [STANDARD, VPC].

Default: VPC

No

--full Show full command output No


-P, --plain-output Use plain output view No




Response Elements

Name Description

ipAddress The allocated IP address

isPublic The address Public status

domainType The domain type

Command Example

This example shows allocating a static IP to a project.

or2alsip -p project -r region

Response Example

Figure 51 - or2alsip Command Example

The ‘or2alsip’ command is not available in OpenStack regions.


EPAM PUBLIC 78

6.12 ASSIGN A STATIC IP TO A VM

Invoke: or2-associate-static-ip (or2assip)

Assigns the specified static IP to the given VM.

Please note:

• Assigning a static IP can take some time. Meanwhile, the VM will be unavailable for Maestro

CLI commands.

• If a VM is hosted in an EPAM region, its DNS will not change when a static IP is assigned.

• After associating a static IP, no additional configuration of your VM is required.

CLI Parameters


--any-ip-address Use any free IP address from among the allocated ones. If no

such address is found, try to allocate another address and

associate the VM with it

No

-a, --ip-address The IP to be assigned to the VM Yes

--full Show full command output. Default: false No

-i, --instance Target Instance ID or Name Yes

--help Display command help. Default: false No

-P, --plain-output Use plain output view. Default: false No




Response Elements

Name Description




instanceID The ID of the instance to which the IP is assigned

ipState State of the IP address

Command Example

This example shows assigning a static IP to a VM.

or2assip -p project -r region -i instance_id -a ip_address

Response Example

Figure 52 - or2assip Command Example

The ‘or2assip’ command is not available in OpenStack regions.


EPAM PUBLIC 79

6.13 DESCRIBE STATIC IPS

Invoke: or2-describe-static-ips (or2dsip)

Returns the list of static IPs available for the project in the given region.

CLI Parameters


-a, --ip-address IP-address. For several addresses, repeat the parameter

several times. No

-d, -- domain Show Elastic IP-addresses for use with instances in EC2-

Classic or instances in a VPC. Available domain types:

[STANDARD, VPC].

No

--full Show full command output Default: false No

-i, --instance Target Instance ID or Name. To get info about several

instances, repeat the parameter.

No






Response Elements

Name Description




instanceID The ID of the instance to which the IP is assigned

ipState State of the IP address

instanceName The name of the instance to which the IP is assigned

Command Example

This example returns the full list of the IPs allocated to the project

or2dsip -p project -r region

Response Example

Figure 53 - or2dsip Command Response Example


EPAM PUBLIC 80

6.14 DISASSOCIATE A STATIC IP FROM A VM

Invoke: or2-disassociate-static-ip (or2dissip)

Disassociates the specified static IP from a VM.

Please note: when the operation is performed on a running VM in EPAM-UA1, EPAM-HU1, EPAM-RU2

regions, the VM is automatically shut down and is set to the STOPPED state.

CLI Parameters


-a, --ip-address The IP to be disassociated Yes







Response Elements

Name Description




instanceID The ID of the instance to which the IP is assigned (should be empty)

Command Example

This example shows disassociating a static IP from its VM.

or2dissip -p project -r region –a ip_address

Response Example

Figure 54 - or2dissip Command Response


EPAM PUBLIC 81

6.15 RELEASE A STATIC IP

Invoke: or2-release-static-ip (or2relsip)

Removes the specific static IP from the project pool.

CLI Parameters


-a, --ip-address The IP to be released Yes







Command Example

This example shows removing a static IP from the project pool.

or2relsip -p project -r region -a ip_address

Response Example

Figure 55 - or2relsip Command Response


EPAM PUBLIC 82

7 WORKING WITH VOLUMES

Each instance includes 100 GB Storage Volume for Windows Instances and 40 GB Storage Volume for

Linux Instances by default. In a case when your needs are above that, you can attach additional storage

volumes.

Please, note, that the size of the used volume influences the infrastructure price. Active (on started

instances) and Passive (on stopped instances) volumes are billed in different ways. For more details on

EPAM Cloud billing policy, please, see the Account Management Guide.

7.1 CREATE AND ATTACH VOLUME

Invoke: or2-create-attach-volume (or2addattvol)

Creates and attaches a storage volume to the specified instance.

• Each project in EPAM Cloud has a storage volume quota. To update it leave a request at support.epam.com.

• You can create and attach volumes to your permitted instances, in accordance with your project abbreviation in UPSA.

CLI Parameters


-d, --device System device to attach the volume Yes/No*







-s, --size Storage volume size in GB Yes


*-The device parameter is required for the AWS-type regions. For more details, please see this section.

Response Elements

Name Description

id Storage volume ID

system States whether the volume is a system one

size_MB Storage volume size in MB

instanceID Instance ID

state Current state of the volume

used States whether a storage volume is used at the time

usedSpace_MB Space used out of the attached volume

Command Example

https://cloud.epam.com/site/management/billing_and_quotas/ciug_7_billing.pdf



EPAM PUBLIC 83

This example creates and attaches new storage volume (1GB) to the specified instance hosted in an

AWS region.

or2addattvol -p project -r AWS-region -s 1 -i instance_id -d /dev/sdd

Response Example

Figure 56 - or2addattvol Response Example

When the created volume changes to the ‘ready’ status, you can use it for your project needs.


EPAM PUBLIC 84

7.2 ATTACH VOLUME

Invoke: or2-attach-volume (or2attvol)

Attaches specified storage volume to the specified instance. Available for AWS, Azure and

OpenStack regions. The specified storage volume and instance must belong to the same availability

zone, (e. g. us-east-1a).

CLI Parameters


-d, --device System device to attach the volume. Yes/No*







-v, --volume Storage volume ID Yes


*-The device parameter is required for the AWS-type regions. For more details, please see this section.

Response Elements

Name Description


system States whether the volume is a system volume

size_MB Volume size in MB

usedSpace_MB Amount of volume space used



Command Example

This example attaches the specified volume to the specified instance.

or2attvol -d /dev/hdc -i instance_id -v volume_id -p project -r region

Response Example

Figure 57 - or2attvol Response Example


EPAM PUBLIC 85

7.3 DETACH VOLUME

Invoke: or2-detach-volume (or2detvol)

Detaches a storage volume from the specified instance. Available for AWS, Azure and OpenStack

regions. You can only detach volumes from permitted instances, in accordance with your project

abbreviation in UPSA.

1. You can currently detach only one volume at a time.

2. Detaching volumes can currently only be performed for stopped instance. Please, use ‘or2stop’

before launching this command.

3. This command is not available for personal projects

CLI Parameters









Response Elements

Name Description


system States whether the volume is a system volume (only non-system volumes can

be detached)


instanceID ID of the VM from which the volume is detached



usedSpace_MB Amount of volume space used

Command Example

This example shows the common case of detaching a volume from an instance.

or2detvol -p project -r region -v volume_id

Response Example

Figure 58 - or2detvol Response Example


EPAM PUBLIC 86

7.4 RESIZE VOLUMES

Invoke: or2-resize-volume (or2resvol)

Increases an earlier created storage volume to the specified size.

1. This command is not available in OpenStack, AWS, Azure and Google Cloud regions.

2. Current implementation only allows increasing the size of storage volumes, decreasing is

unavailable.

CLI Parameters







-s, --size Target storage volume size in GB Yes

-v, --volume ID of the volume to be resized Yes


Response Elements

Name Description




instanceID ID of the instance the volume is attached to



usedSpace_MB Space used out of the attached volume

Command Example

This example resizes an earlier created volume to 100 gigabytes:

or2resvol -p project -r region -v volume_id -s 100

Response Example

Figure 59 - or2resvol Response Example


EPAM PUBLIC 87

7.5 DESCRIBE VOLUMES

Invoke: or2-describe-volumes (or2dvol)

Describes storage volumes belonging to the specified project.

CLI Parameters



-i, --instance Instance ID. For several instances repeat the parameter. No





-v, --volume Storage volume ID. For several Volume IDs repeat the parameter. No


Response Elements

Name Description



usedSpace_MB Space used out of the particular volume

instanceID In some cases, depending on virtual service provider, shows ID of the

instance to which the storage volume is attached



zone Volume availability zone (AWS-type regions only)

snapshot Volume snapshot ID, if present (AWS-type regions only)

type Volume type (AWS-type regions only)

device Volume device (AWS-type regions only)

system Specifies whether the volume is a system volume

deleteOnTermination States, whether the volume will be deleted on instance termination

(AWS-type regions only)

Command Example

This example describes existing storage volumes for specific instance.

or2dvol -p project -r region -i instance_id


EPAM PUBLIC 88

Response Example

Figure 60 - or2dvol Response Example

Command Example

This example describes existing storage volumes. The ‘No volumes were found’ response means there

are no storage volumes for the project in the specified zone.

or2dvol -p project -r region

Response Example

Figure 61 - or2dvol Empty Response Example


EPAM PUBLIC 89

7.6 DELETE VOLUME

Invoke: or2-delete-volume (or2delvol)

Deletes the specified storage volume. You can only delete permitted volumes, in accordance with your

project abbreviation in UPSA.

1. Currently you can only delete volumes one at a time.

2. The command deletes specified volumes even if they are attached to an instance.

3. Be careful when using in AWS-type regions. Make sure you do not accidentally delete your system

volume.

CLI Parameters










Response Elements

Name Description

ID Storage volume ID



instanceID ID of the instance the volume is attached to



usedSpace_MB Space used out of the volume

Command Example

This example shows the common case of deleting a volume.

or2delvol -p project -r region -v volume_id

Response Example

Figure 62 - or2delvol Response Example


EPAM PUBLIC 90

7.7 FINDING THE DEVICE PARAMETER

To obtain the --device parameter required for attaching volumes in AWS regions, log in to your VM and

run the ‘df-h’ command. The response to this command will contain the following information:

Figure 63 - df-h Response Example

Find the device name for the root mount point in the ‘Filesystem’ column (in the example above, the

device name is highlighted in bold and underlined). The device name can have one of the following

formats: ‘/dev/xvda1’ or ‘/dev/sda1’. Modify the device name by replacing the last character with any

letter following it alphabetically. For example, if the device name is ‘dev/xvda1’, the modified name may

have the ‘/dev/xvdd’ or ‘/dev/xvde’ forms; for ‘dev/sda1’ – ‘/dev/sdd’ or ‘/dev/sde’.

Use the modified device name in the ‘or2addattvol’ command:

or2addattvol -p project -r AWS-region -s 50 -i instance_id -d /dev/sdd


EPAM PUBLIC 91

7.8 MOUNTING STORAGE VOLUMES

Once you attach a volume to an instance, it has to be mounted in order to be used. The procedure is

different for Windows and Linux instances.

7.8.1 Windows OS family

1. Login to the instance via RDP

2. Launch 'Start' -> 'All Programs' -> 'Administrative Tools' -> 'Computer Management' or

run compmgmt.msc

3. In the tree pane, double-click the Storage node, and select 'Disk Management'

4. Right-click 'Disk Management' and select 'Rescan Disks'.

Figure 64 - Computer Management in Windows 8

5. After the disk scan completes, scroll down in the tasks pane to locate the new disk that was just

added. Right-click the disk and select 'Online'.

6. The new disk will be listed as 'Unknown' and 'Not Initialized'. Right-click the disk and select

'Initialize Disk'.

7. When the 'Initialize Disk' window opens, check the disk or disks to initialize, and click the

'Option' button to create either an MBR or GPT type disk.

8. Format the disk.


EPAM PUBLIC 92

7.8.2 Linux OS Family

1. Login to the instance via RDP

2. Execute the following commands to make the system able to see a newly attached virtual disk:

sudo su -

echo "- - -" > /sys/class/scsi_host/host0/scan



echo "1" > /sys/class/scsi_device/2\:0\:0\:0/device/rescan

echo "1" > /sys/class/scsi_device/2\:0\:1\:0/device/rescan

3. Create a file system (ext3) on '/dev/sdb'

If you have already attached other disks, use 'sdX', where 'X' identifies your disk

mkfs.ext3 /dev/sdb

4. Create a folder and mount the disk into it:

mkdir /media/storage

mount /dev/sdb /media/storage/

5. Now you can see your attached disk in disk lists

df -h


EPAM PUBLIC 93

8 WORKING WITH CHECKPOINTS

Checkpoints are instance recovery points, containing the data (storage, memory, other devices) of an

instance, including storage volumes at a specific point in time.

Each checkpoint is billed per each GB of storage it takes. The size of the checkpoint depends on the

changes you make to the VM storage. The more changes you make, the heavier your checkpoint is.

Please note that using checkpoints increases the infrastructure price. Active (on started instances) and

Passive (on stopped instances) checkpoints are billed in different ways. Meanwhile, 1GB active checkpoint

storage is about 3 times higher than the price of 1GB HDD running. For more details on EPAM Cloud billing

policy, please, see the Account Management Guide.

The table below compares the monthly price of a standard VMs of different shapes, with 60 GB storage

and with 60 GB checkpoint (in BY2 Region):

Size Standard Price With Checkpoint

MINI $50.31 $108.69

SMALL $53.23 $111.61

MEDIUM $70.03 $128.42

LARGE $86.84 $145.22

XL $101.45 $159.83

3XL $163.54 $221.92

We strongly recommend to create checkpoints only before introducing critical changes to your VM, and

remove a checkpoint when it becomes clear that the changes are successful.

Checkpoints manipulations are available only in ESX-based EPAM regions and cannot be performed on

instances in OpenStack Regions, AWS, Azure, or Google clouds.

It is recommended to stop an instances before creating a checkpoint on it. This ensures seamless reverting

to the checkpoint. Otherwise, guest OS performance issues may occur.

It is advised not to use the Checkpoints during large periods of time. Long-living checkpoints significantly

increase the price of your VM, reverting to a checkpoint that is older than 30 days can have unpredicted

results.

The price of 1GB active checkpoint storage is about 3 times higher than the price of 1 GB of HDD running.

https://cloud.epam.com/site/management/billing_and_quotas/ciug_7_billing.pdf


EPAM PUBLIC 94

8.1 CREATE INSTANCE CHECKPOINT

Invoke: or2-create-checkpoint (or2ccp)

Creates an instance recovery point, containing data (storage, memory, other devices) of a virtual machine,

including storage volumes at a specific point in time.

• To ensure seamless reverting to a checkpoint, it is recommended to stop the VM before running the

or2ccp command.

• All storage-related commands (or2attvol, or2addattvol, or2delvol, or2detvol) for the instance are

disabled once a checkpoint has been created.

CLI Parameters


-d, --description Checkpoint description No








Response Elements

Name Description

id Checkpoint ID

size_MB Checkpoint size

description Checkpoint description

processTime Checkpoint creation or update time

instanceID ID of the instance for which the checkpoint is created

current States whether the checkpoint represents current state of the instance

state Current state of checkpoint

Command Example

> or2ccp -r region -p project -i instance_id -d checkpoint_description

Response Example

Figure 65 - or2ccp Response Example


EPAM PUBLIC 95

8.2 DESCRIBE INSTANCE CHECKPOINTS

Invoke: or2-describe-checkpoints (or2dcp)

Describes checkpoints created for the specified instance or all checkpoints in the specified project and

region.

CLI Parameters



-i, --instance Instance ID No






Response Elements

Name Description

id Checkpoint ID

instanceID ID of the instance for which the checkpoint was created

owner Instance owner


processState Checkpoint creation progress in percent



createdDate Checkpoint creation date

outdated States whether the checkpoint is outdated


Command Example

or2dcp -r region -p project -i instance_id

Response Example

Figure 66 - or2dcp Response Example


EPAM PUBLIC 96

8.3 GO TO INSTANCE CHECKPOINT

Invoke: or2-go-to-checkpoint (or2gcp)

Reverts to the specified instance checkpoint.

CLI Parameters


-c, --checkpoint ID of the checkpoint to be used. Yes








Response Elements

Name Description

id Checkpoint ID



processTime Checkpoint creation or update time. This parameter initially shows the checkpoint

creation date and with each checkpoint update changes to the update time




Command Example

or2gcp -r region -p project -i SAMPLE -c

checkpoint-2012_12_11_12_02_18_EVBYMINSDSAMPLE

Response Example

Figure 67 - or2gcp Response Example


EPAM PUBLIC 97

8.4 REVERT TO INSTANCE CHECKPOINT

Invoke: or2-revert-to-checkpoint (or2rcp)

Reverts instance to the latest available checkpoint.

CLI Parameters









Response Elements

Name Description

id Checkpoint ID



processTime Checkpoint creation or update time. This parameter initially shows the checkpoint

creation date and with each checkpoint update changes to the update time




Command Example

or2rcp -r region -p project -i instance_id

Response Example

Figure 68 - or2rcp Response Example


EPAM PUBLIC 98

8.5 DELETE INSTANCE CHECKPOINT

Invoke: or2-delete-checkpoint (or2delcp)

Deletes specified instance checkpoints.

Deleting a checkpoint can take long time, even several hours. The parent VM is unavailable till the

deletion process is completed.

If your checkpoint ID contains spaces, encase the -c parameter value in double quotes

CLI Parameters


-c, --checkpoint ID of the checkpoint to be deleted. Yes









Response Elements

Name Description

id Checkpoint ID




Command Example

or2delcp -r region -p project -i instance_id -c

checkpoint-2012_12_11_12_02_18_EVBYMINSDSAMPLE

Response Example

Figure 69 - or2delcp Response Example


EPAM PUBLIC 99

9 WORKING WITH HARDWARE SERVERS

EPAM Cloud supports adding hardware resources under the Orchestrator control for proper billing and

monitoring of hardware resources. Dedicated instances related to hardware resources are assigned to the

special hardware region, EPAM-HW1, and this name is to be specified when calling the hardware-related

commands.

9.1 HARDWARE SERVER REGISTRATION

Invoke: or2-register-hardware-server (or2reghs)

This command registers a dedicated instance as a hardware server in EPAM Cloud. During registration,

the hardware server configuration is specified, so that it could be billed accordingly.

This command is available to zone administrators only.

CLI Parameters


-c, --cost-center Cost center Yes

-u, --cpu-count Number of physical processors. Positive integer in the range of 1-8.

Yes


-h, --hdd-space HDD space in GB. Positive integer Yes


-l, --location DC name, address of the actual server position No

-m, --memory-size RAM volume in MB. Positive integer in the range of 1024-1048576

Yes

-o, --ownership Server ownership. Available ownership values: [PROJECT, CUSTOMER, EPAM]

Yes





-d, --registration-date Date of hardware resource registration for chargeback. Should consist of date and time in the following format: yyyy-MM-ddTHH:mm. For example: 2015-05-01T10

Yes

-n, --server-name Hardware server name Yes

-e, --server-usage Server usage in percent. Positive integer, max 100%. Yes

-t, --units-count Units count. Positive integer in the range of 1-10 Yes

-w, --working-power Working power in kW No

Response Elements

Name Description

instanceId Instance ID of the hardware server

name Hardware server name


EPAM PUBLIC 100

cpu Number of physical processors

memory RAM volume in MB

owner Server ownership

registrationDate Date of hardware resource registration for chargeback

workingPower Working power in kW

location DC name, address of the actual server position

Command Example

The following command registers a server owned by EPAM with 100% usage in a single project:

> or2reghs -c cost_center -u cpu_count -h hdd_space -m memory_size -o EPAM -p

project -r EPAM-HW1 -d yyyy-MM-ddTHH:mm -n server_name -e 100 -t units_count

The following command registers a server owned by Customer with 30% usage in a project:

> or2reghs -c cost_center -u cpu_count -h hdd_space -m memory_size -o CUSTOMER

-p project -r EPAM-HW1 -d yyyy-MM-ddTHH:mm -n server_name -e 30 -t

units_count

Response Example

Figure 70 - or2reghs Response Example


EPAM PUBLIC 101

9.2 HARDWARE SERVER UNREGISTRATION

Invoke: or2-unregister-hardware-server (or2unreghs)

This command unregisters a dedicated instance that was previously registered as a hardware server in

EPAM Cloud.


CLI Parameters








-i, --instance Server instance ID No

Command Example:

>or2-unregister-hardware-server --project demopro --region demopro –instance

i-00000000

Response Example:

Figure 71 - or2unreghs Response Example

9.3 HARDWARE SERVER MODIFICATION

Invoke: or2-modify-hardware-server (or2modhs)

This command modifies the settings of an existing hardware server.


CLI Parameters


-u, --cpu-count Number of physical processors. Positive integer in the range of 1-8.

No



EPAM PUBLIC 102

-h, --hdd-space HDD space in GB. Positive integer No


-i, --instance Dedicated instance ID of the server to be modified Yes

-l, --location DC name, address of the actual server position No

-m, --memory-size RAM size in MB. Positive integer in the range of 1024-1048576

No



-e, --server-usage Server usage in percent. Positive integer, max 100%. No

-t, --units-count Units count. Positive integer in the range of 1-10 No

-w, --working-power Working power in kW No

Even though all parameters except ‘--instance' are optional, at least one server parameter with a modified

value has to be specified. If no other parameters are sent, the command returns the following message:

‘No parameters to modify!’.

Response Elements

Name Description

instanceId Instance ID of the hardware server

name Hardware server name

cpu Number of physical processors

memory RAM volume in MB

hddSpace HDD space in GB

unitsCount Units count

serverUsage Server usage in percent

workingPower Working power in kW

location DC name, address of the actual server position


EPAM PUBLIC 103

Command Example

or2modhs -i dedicated_instance_id -u cpu_count -h hdd_space -m memory_space -

t units_count

Response Example

Figure 72 - or2modhs Response Example


EPAM PUBLIC 104

9.4 HARDWARE REPORT

Invoke: or2-hardware-report (or2hr)

This command generates a hardware server usage report and delivers it to the requesting user’s email in

.csv format.

CLI Parameters


-d, --day Day for which the report is to be retrieved No



-m, --month Month for which the report is to be retrieved No





-y, --year Year for which the report is to be retrieved No

Response Elements

Name Description

ServerName Hardware server name

State Current state of the hardware server

Zone Virtualization region in which the server is used

ProjectCode PMS code of the project for which the hardware server is used

CostCenter Cost center to which the hardware server is attached

HDDSpace HDD space of the server

UnitsCount Units count

ServerUsage Server usage in percent

MemoryMB RAM size in MB

CpuCount Number of physical processors

RegistrationDate Date of hardware server registration for chargeback

Location Physical location of the hardware server

WorkingPower Working power in kW

Command Example

or2hr -r region

Response Example:

Figure 73 - or2hr Response Example


EPAM PUBLIC 105

10 AUDIT AND BILLING

EPAM Cloud Orchestrator utilizes a specifically designed flexible billing model. Striving to make EPAM

Cloud experience as comfortable for our customers as possible, we implemented an easy no contract model

not requiring any commitments from you: you pay only for utilized resources based on no contract pricing.

For the sake of easier comprehension, the billing model is presented on the following diagram and detailed

below:

Figure 74 - Price Breakdown

You can find the details on EPAM Cloud Service billing strategy, and instructions on project cost estimation

in our Account Management Guide.

https://cloud.epam.com/site/management/account_activity/csug_05_account_management.pdf


EPAM PUBLIC 106

10.1 PROJECT REPORT

Invoke: or2-report (or2report)

The command prepares a monthly billing report for the specified project. This provides you the ability to

self-manage and control your infrastructure and keep track of expenses through various reports. This is

very useful for big projects with large infrastructure. Each report can be exported into *.csv file to supply

with an option to keep track of changes even in files.

CLI Parameters


-d, --day Day to retrieve report for No


-m, --month Month to prepare the report for (Accepted values: 1-12) Yes

-o, --owner Email or ‘Name Surname’ of a user to generate a report by the instances assigned to them

No




-r, --region Virtualization region If the region is specified as ‘AWS’, the report will describe all the Amazon regions activated for the specified project.

No

-g, --tag Specify a tag to collect only records with the tag. Must be specified as ‘-g user:tag=tag-name’ Default behavior: collect all records.

No

-t, --type

Report type. The following values are available: Total – total amount billed (default option) Subtotal – total amount billed split by categories Resource – total amount billed split by categories and instances Hourly – detailed report. Quota – current state of resource utilization quota

No

-e, --email Receive a .csv file with report to your email No

-y, --year Year to prepare the report for Yes

-a, --account-report Get a report by manager account No

-n, --account-name

Account name. Any account name part is allowed (Manager, Customer or Maestro). If this parameter is not specified and the report type is set as "account", report by Manager account is provided.

No

-i, --instance Instance ID. Only records by specified instances will be included to the report

No


The different types of reports have different output location. Total and Subtotal reports are displayed as

Maestro CLI response.

The resource and hourly reports will create a .csv file in the %MAESTRO_HOME%out/reports folder.

Please note that resource and hourly reports are not supported for Azure.


EPAM PUBLIC 107

Response Elements

Name Description

type Report item type

project Project abbreviation in UPSA

zone Virtualization region

productCode Billable product code

productName Billable product name

usageType Method of product usage

quantity Billable product quantity

currency Report currency

total Total amount billed

quotaType Quota type

monthlyQuota Monthly resource quota

current (USD) Amount billed since the beginning of the month

utilization Monthly resource utilization quota percentage used since the beginning

of the current month

actionPlan Action to be taken upon quota depletion

status Quota status

Command Example

The command retrieves the total amount billed for the ‘Sample’ project for February 2013.

or2report -m 2 -y 2013 -p project –r region

Response Example

Figure 75 - or2report Response Example


EPAM PUBLIC 108

10.2 GET PRICES

Invoke: or2-price (or2price)

Lists current monthly prices for EPAM Cloud Resources

The values returned by the command do not apply for AWS-type regions

CLI Parameters


-d, --day Get prices for a specific number of days

Acceptable values: positive integers > 0 No





-t, --resourceState Show prices for active/inactive resources only. Acceptable

values: ‘active’, ‘inactive’ No

-s, --shape

Show prices for specific shapes.

Acceptable values: ‘micro’, ‘mini’, ‘small’, ‘medium’, ‘large’,

‘xl’, ‘2xl’, ‘3xl’, ‘4xl’, ‘5xl’, ‘6xl’, ‘7xl’, ‘8xl’.

No


The response to the or2price command is broken down into the following price components:

Instance Price:

Response Elements

Name Description

Shape Instance Shape

OsType Operating system installed

Shape Instance Shape

soft&labor Base hourly cost of maintenance and software use

Memory price Price per 1 GB of RAM

vCoresPrice Price per 1 vCore

systemStoragePrice Price per GB of system storage

totalPrice Total price per instance

Checkpoint Price:

Response Elements

Name Description

activePricePer1GB Price per 1 GB of active checkpoint (on started instances)

inactivePricePer1GB Price per 1 GB of inactive checkpoint (on stopped instances)


EPAM PUBLIC 109

Additional Storage Price:

Response Elements

Name Description

activePricePer1GB Price per 1 GB of active storage (on started instances)

inactivePricePer1GB Price per 1 GB of inactive storage (on stopped instances)

Machine Image Price:

Response Elements

Name Description

pricePer1GB Price per 1 GB of created machine image

For EPAM-BY1 region the ‘or2price’ command also returns the price for the RDB service with guaranteed

capacity, as this is the only region where such service is offered. The price consists of two components:

Service Creation Price – the one-time price of the RDB-MSSQL-CSA service creation

Service Attribute Prices – the price of RDB-MSSQL-CSA database depending on its size

Command Example

or2price -r region


EPAM PUBLIC 110

Response Example

Figure 76 - or2price Response Example


EPAM PUBLIC 111

10.3 INSTANCE AUDIT

Invoke: or2-audit (or2audit)

Views all relevant instance-related information for a specified period of time.

CLI Parameters


-d, --days Number of days to retrieve information for.

Default value: 3. The number must not exceed 100 No

-f, --from Starting date to retrieve information about an instance (yyyy-mm-dd)

Must not be earlier than 100 days before current date No


-g, --group Audit events group. Available groups: [PROJECT, ACS,

HARDWARE, DOCKER, AEM, JENKINS] No

-i, --instance Instance ID No





-s, --stack The ID of the stack for which audit is to be retrieved No

-t, --to End date to retrieve information about an instance (yyyy-mm-dd) No


If you do not specify the -i/--instance parameter, the command response will include information

concerning all instances for the specified project.

Response Elements

Name Description

Date Date of event

User ID of the user, who launched an event

Action Event ID

instanceID ID of the instance

message Event description

region Virtualization region

project Project abbreviation in UPSA

Command Example

This example lists instance-related events for the specified period

or2audit -p project -r region -f 2016-03-01 -t 2016-04-01 -i instance_id

Response Example

Returns major events having occurred to the instance during the specified period of time


EPAM PUBLIC 112

Figure 77 - or2audit Response Example


EPAM PUBLIC 113

10.4 WORKING WITH EO ACCOUNTS

An EPC Account is a logical group of projects that can be associated to a cost-center. An account is

created by request to Consulting Team or to Help Desk , where you specify the following details:

• the account name

• the list of the projects to be included to the EPC Account

• the primary and secondary contacts

The people specified as the account contacts will get access to the EPC Account reporting information

even if they are not assigned to the projects associated with this account.

When the EPC Account is activated, you can use the or2report command with the -a/--account parameter:

or2report -m 03 -y 2016 -a account_ID -t total

The requested report will be mailed as a .csv file and contain the list of the user’s projects, the cost centers

in which they are priced (each cost center is bound to a virtualization region), the reporting period and the

cost:

Figure 78 - Account report

To see the details on EO Accounts assigned to you, use the or2-describe-eo-account (or2dacc).

The command provides the information on EO Accounts available to the user.

CLI Parameters


-c, --contacts Account contact email. For several contacts, repeat the

parameter Yes





Response Elements

Name Description

accountId The ID of the account assigned to the specified user

projectCodes The list of the projects included to the account

description Account description

contacts Account contacts




EPAM PUBLIC 114

Command Example

This example lists instance-related events for the specified period

or2dacc -c [email protected]

Command Response

Figure 79 - or2dacc Command Example


EPAM PUBLIC 115

11 USING TAGS

Tags are used to identify Cloud items, such as instances, checkpoints and volumes, for further easier

reference and manipulation. The tags are typically used in or2report command in order to retrieve the

information only on the specified group of resources.

The tag can also be used to filter the instances on Management page.

11.1 SET TAG

Invoke: or2-set-tag (or2settag)

Assigns custom tags to an instance or a volume for billing purposes to share costs between projects.

CLI Parameters








-t, --tag

Tag value. Multiple tags are supported. Allowed formats:

prefix1:key1=value1,prefix2:key2=value2

prefix1:key1=, prefix2key2=

key1=value1,key2=value2

value1,value2

Default prefix: user. Default key: tag

Yes


1. Reports by tags take billing info starting from the moment of tag creation. The resource price that

existed before the tag was added, won’t be taken into account in a tag report.

2. The following symbols are NOT accepted when used in key or value for this command: < > ( ) + &

^_ * \ | "

3. If you use this command for a Windows instance, please, encase the ‘-t’ parameter in quotes i.e.

"tag"

4. 10 tags per resource are supported.

5. “eo” or “aws” cannot be used as prefixes.

6. If the or2settag command results in no change (for example, all tags sent in the command already

exist), an error response is returned. If only some tags exist, new tags will be set.

Command Example

This example assigns a tag to an instance.

or2settag -p project -r region -i instance_id -t prefix1:key1=value1

https://cloud.epam.com/maestro2/ui/management


EPAM PUBLIC 116

Response Example

The command confirms tag assignment.

Figure 80 - or2settag Response Example


EPAM PUBLIC 117

11.2 DESCRIBE TAG

Invoke: or2-describe-tag (or2dtag)

Retrieves custom tags, assigned to an instance or a volume for billing purposes.

CLI Parameters



-i, --instance Instance ID No/Yes*

-v, --volume Volume ID No/Yes*

-c, --checkpoint Checkpoint ID No






*Either --instance or --volume should be specified.

Response Elements

Name Description

resourceType Specifies, whether the resource is an instance or a volume

resourceId Resource ID

prefix Specifies, whether the tag has been added by a user

key Tag indication

value Tag value

Command Example

This example retrieves an assigned tag from an instance.

or2dtag -p project -r region -i instance_id

Response Example

Figure 81 - or2dtag Response Example


EPAM PUBLIC 118

11.3 DELETE TAG

Invoke: or2-delete-tag (or2deltag)

Deletes a custom tag from an instance or a volume.

CLI Parameters








-t, --tag Tag value to be removed Yes


If the or2deltag command results in no change (for example, none of the tags sent in the command exist),

an error response is returned. If only some tags exist, they will be removed.

Response Elements

Name Description

resourceType Specifies, whether the resource is an instance or a volume

resourceId Resource ID

prefix Specifies, whether the tag has been added by a user

key Tag indication

value Tag value

Command Example

This example retrieves an assigned tag from an instance.

or2deltag -p project -r region -i instance_id -t tag_value

Response Example

Figure 82 - or2deltag Response Example


EPAM PUBLIC 119

12 WORKING WITH FILES

EPAM Orchestrator allows to upload files to the Orchestration Server for further reference and usage.

12.1 UPLOAD A NEW FILE

Invoke: or2-upload-file (or2uf)

The command is used to upload a new file and save it in Orchestrator. The command can be used to upload

the following types of files:

• script files: any script file

• EO-template: Maestro Stack template files

• Zabbix-template: Files with templates for Zabbix Server

CLI Parameters





-p, --project Project abbreviation in UPSA. Upload the resource as system if this

parameter is absent. No

-d, --description Description of the file to be uploaded Yes

-t, --type File type [script, eo-template, cf-template, zabbix-template,

blueprint] Yes

-f, --file-path The local file path Yes

-n, --name Name under which the file will be uploaded (different from the name

in the file path) No

--help Show command help No

1. cf-template option is supposed to be used with confirmation files, however, this functionality is not

implemented yet.

2. If the --project parameter is not given in the command call, but is specified in default.properties file, it

will not be added automatically, because only obligatory parameters are applied this way, and --project

is optional here.

Response Elements

Name Description

name file name

link file download link

size file size

Command Example

or2uf -p project -f d:\work\maestrostacks\test.json -t eo-template -d

testFileUpload


EPAM PUBLIC 120

Response Example

Figure 83 - or2uf Response Example


EPAM PUBLIC 121

12.2 DELETE A FILE

Invoke: or2-delete-file (or2delf)

Deletes a previously uploaded file from Orchestrator’s repository.

CLI Parameters






-n, --file-name Name of the file to be deleted Yes


blueprint] Yes

--help Display command help. Default: False No

Response Elements

Name Description

name File name

description File description

link The link to the file

size The file size

1. To delete a Maestro Stack template file, specify the file type as eo-template

2. The or2-delete-file command does not actually delete the file from the Orchestrator database, but

marks it as “deleted”, so that it becomes unavailable for further reference. To upload the same file

once more to the same region and project, you will need to change the file name.

Command Example

or2delf -n file1.json -p project -t eo-template

Response Example

Figure 84 - or2delf Response Example


EPAM PUBLIC 122

12.3 DESCRIBE FILES

Invoke: or2-describe-files (or2df)

Describes uploaded and available files for the specified project.

CLI Parameters





-p, --project Project abbreviation in UPSA. If the parameter is absent, the

system resource will be described No

-n, --file-name File name No


blueprint] Yes


1. To describe a Maestro Stack template file, specify the file type as eo-template

2. cf-template option is supposed to be used with confirmation files, however, this functionality is not

implemented yet.

3. If the --project parameter is not given in the command call, but is specified in default.properties file, it

will not be added automatically, because only obligatory parameters are applied this way, and --

project is optional here.

Response Elements

Name Description

name Script name

description File description

link File download link

size File size

Command Example

or2df -p project -n test.json -t eo-template

Response Example

Figure 85 - or2df Response Example


EPAM PUBLIC 123

13 SECURITY SCANNING

As an additional security measure, EPAM Orchestrator supports Nessus scanning which is used to identify

VM vulnerabilities. Nessus scanning can be performed automatically on schedule and manually, initiated

by the user.

13.1 STARTING SECURITY SCAN

Invoke: or2-security-check (or2sc)

Initiates Nessus security scan of the specified resources.

CLI Parameters







-i, --instance Instance to be scanned No

-l, --policy Nessus advanced policy ID No

-s, --server Nessus server to be used during scanning. Possible values:

INTERNAL, EXTERNAL. Default value: INTERNAL No

-t, --template Nessus template UUID No


Command Example

or2sc –p project_id -r region

Response Example:

Figure 86 - or2sc Response Example

The security scan report is sent to the user’s email.


EPAM PUBLIC 124

13.2 DESCRIBING NESSUS TEMPLATES

Invoke: or2-describe-nessus-templates (or2dnt)

Describes all Nessus templates available for security scanning.

CLI Parameters






-t, --type Nessus server type. Possible values: INTERNAL,

EXTERNAL. Default value: INTERNAL Yes


Response Elements

Name Description

templateAlias Alias of the Nessus policy template

policyAlias Alias of the Nessus policy

templateId ID of the Nessus policy template

policyId ID of the Nessus policy

Command Example

or2dnt –t internal -r region

Figure 87 - or2dnt Response Example


EPAM PUBLIC 125

14 AUTOMATING INFRASTRUCTURE MANIPULATION

EPAM cloud Orchestrator supports mechanisms that allow to automate the process of infrastructure

creation and manipulation via special templates that aggregate the descriptions of sets of actions that are

to be performed.

There are two types of templates that can be processed by Orchestrator. They are Amazon Cloud

Formation Templates and Maestro Stacks.

14.1 AMAZON CLOUD FORMATION

The detailed information about AWS Cloud Formation is given in Cloud Formation Service guide.

14.1.1 Run AWS Stack

Invoke: or2-run-aws-stack (or2rawss)

Runs a new AWS stack based on an existing template.

CLI Parameters







-s, --stack-name Name of the stack to run.

Must satisfy AWS naming rules: [a-zA-Z][-a-zA-Z0-9]* Yes

-t, --template-name Name of an existing template in Orchestrator storage Yes

-d, --default-parameters Run stack with default parameters No

-m, --timeout-in-minutes The amount of time during which the stack must be created,

otherwise stack creation considered as failed No

-b, --disable-rollback Disable stack rollback if the stack creation fails No

-c, --capability The list of the capabilities allowed in the stack. No

-n, --notification-ar-ns

The Simple Notification Service (SNS) topic ARNs to

publish stack related events. For several topic ARNs repeat

the parameter

No

-f, --on-failure

Specifies the action to be taken if stack creation fails.

Available actions: DO_NOTHING, ROLLBACK, DELETE.

Ignored if "--disable-rollback" parameter is set to "true"

No

-R, --parameter

Parameter name=value pair. Use "=" as delimiter. Repeat

for several parameters: --parameter name1=value1--

parameter name2=value2 --parameter nameN=valueN. If

you use Windows command line, please, encase the -r

parameter in quotes i.e. "name=value". Conditional: You

must pass the --parameter or --parameter-config . If both

are passed, only --parameter is used

No

https://cloud.epam.com/site/competency_center/e=p=c_services/cloud_formation_service_(=c=f=s)/csug_07_cloud_stacks.pdf


EPAM PUBLIC 126

CLI Parameters

Default: []

-g, --parameter-config

Full path to the stack parameters configuration file.

Conditional: You must pass --parameter or --parameter-

config. If both are passed, only --parameter is used

No


If you do not use either -d/--default-parameters, -R/--parameter, or -g/--parameter-config parameter,

you will be asked to specify additional information, depending on your template e.g. key, instance shape,

DB name/access credentials and root password for the instance.

Response Elements

Name Description

stackName Name of the stack

StackID Unique ID of the stack assigned by AWS

status Current state of the stack

Command Example 1

or2rawss -r aws-region -s stack_name -t template_name –p project

Response Example 1

Figure 88 - or2rsawss Response Example


EPAM PUBLIC 127

14.1.2 Describe AWS Stacks

Invoke: or2-describe-aws-stacks (or2dawss)

Describes one or more existing AWS stacks for the specified project and region.

CLI Parameters







-s, --stack-name

Name of the stack to retrieve information about.

For several stacks repeat the parameter: -n stackName1 -n

stackName2 -n stackName3

No


Response Elements

Name Description


stackID Unique ID of the stack assigned by AWS


description * The stack description

outputs*

Stack output, giving the information on the executed stack:

Instance ID – The ID of the newly created EC2 instance

PublicDNS – Public DNSName of the newly created EC2 instance

PublicIP – Public IP address of the newly created EC2 instance

parameters* Lists the parameters used within the specified stack

disableRollback* specifies whether the stack rollback in case of a failure is disabled

creationTime* The time when the stack was created

The options with the asterisk (*) are displayed only when the --full output mode is on

Command Example

or2dawss -r aws-region –p project –s stack_name

Response Example

Figure 89 - or2dawss Response Example


EPAM PUBLIC 128

14.1.3 Describe AWS Stack Events

Invoke: or2-describe-aws-stack-events (or2dawsse)

Returns the events related to the specified stack.

CLI Parameters







-s, --stack-name




Yes


Response Elements

Name Description

date The event date

logicalResourceId The logical name of the resource given in the template

resourceStatus The current resource status

resourceStatusReason The resource-associated message informing on the success or failure

physicalResourceId The resource physical instance unique identifier

stackName The name assigned to the stack

resourceType Type of the resource

Command Example

or2dawsse -s stack_name -r aws-region -p project --full

Response Example

Figure 90 - or2dawsse Response Example


EPAM PUBLIC 129

14.1.4 Describe AWS Stack Resources

Invoke: or2-describe-aws-stack-resources (or2dawssr)

Describes the resources for running and deleted stacks. one or more existing AWS stacks for the specified

project and region.

CLI Parameters







-s, --stack-name




No

-l, --logical-id The logical name of the resource as specified in the template No

-h, --physical-id The name or unique identifier that corresponds to a physical

instance ID of a resource supported by AWS CloudFormation No


If the --stack-name parameter is specified, the command will return all the associated resources included

to the stack.

If the --physical-resource-id is specified, the command returns the resources of the stack to which the

resources belong.

If you specify both --stack-name and --physical-resource-id parameters in one command call, a validation

error will occur.

Response Elements

logicalId The logical name of the resource given in the template

status The stack status

physicalId The name or unique identifier that corresponds to a physical instance ID of a resource

supported by AWS CloudFormation

stackName The name assigned to the stack

The command returns only the first 100 resources.


EPAM PUBLIC 130

Command Example

or2dawssr -r aws-region -p project -s stack_name

Response Example

Figure 91 - or2dawssr Response Example


EPAM PUBLIC 131

14.1.5 Delete AWS Stack

Invoke: or2-delete-aws-stack (or2delawss)

Deletes an existing AWS stack.

CLI Parameters







-s, --stack-name




Yes

-y Provide this parameter for automatic command confirmation

Default: false No


Response Elements

Name Description


region Virtualization region

project Name of the project the stack is assigned to

StackID Unique ID of the stack assigned by AWS


Command Example

or2delawss -r aws-region -s stack_name -p project -y

Response Example

Figure 92 - or2delawss Response Example


EPAM PUBLIC 132

14.2 MAESTRO STACKS

The detailed information about Maestro Stack files creation and usage is given Cloud Formation Service

Guide.

14.2.1 Describe Maestro Stacks

Invoke: or2-describe-maestro-stacks (or2dmstack)

Describes one or more existing Maestro Stacks for the specified project and region.

CLI Parameters







-s, --stack-id




No*


*Either --stack-id or --project and --region should be specified

Response Elements

Name Description

stackName The name of an existing stack

stackId The Id of the existing stack

Status The status of the stack

owner Stack owner

templateName The name of the template used to run the stack

Command Example

or2dmstack -r region –p project

Response Example

Figure 93 - or2dmstack Response Example




EPAM PUBLIC 133

14.2.2 Run Maestro Stack

Invoke: or2-run-maestro-stack (or2rmstack)

Runs a new Maestro Stack based on an existing template.

CLI Parameters







-R, --parameter

Parameter name=value pair.

To provide several parameters:

• Use "=" as delimiter. Repeat for several parameters:

-R name1=value1 -R name2=value2 -R nameN=valueN. If

you use Windows command line, please, encase the -r

parameter in quotes i.e. "name=value".

• Separate parameters with coma within one string:

-R "name1=value1,name2=value2,…nameN=valueN"

No

-s, --stack-name Name of the stack to run Yes

-b, --rollback

Roll back stack resources if stack creation failed. Note: 1.

Rollback influences only the issues created with this particular

stack.

2. Rollback does not work for CSA-Type regions

No

-t, --template-name Name of an existing template in Orchestrator storage No*

-m, --template-path Full path to the local Maestro Stack template No*


*Either ‘--template-name’ or ‘--template-path’ parameter should be specified.

or2-run-maestro-stack uses EO-template to search for the stack templates to run. If the specified template

is absent among project templates, it will be searched for among system ones.

Response Elements

Name Description


stackId The Id of the stack

status The current status of the stack

owner Stack owner

templateName The name of the used template

Command Example

or2rmstack -p project -r region -s scenario1 –m D:\Stacks\1scenario.json -b


EPAM PUBLIC 134

Response Example

Figure 94 - or2rmstack -m Response Example


EPAM PUBLIC 135

14.2.3 Delete Maestro Stack

Invoke: or2-delete-maestro-stack (or2delmstack)

Deletes a Maestro Stack previously run on Orchestration, including all the stack-related resources.

CLI Parameters







-s, --stack-id The id of the stack to be deleted Yes

-y Automatic command confirmation


Response Elements

Name Description


stackId The Id of the stack

Status The current status of the stack

Owner The user who run the stack

templateName The name of the used template

Command Example

or2delmstack -p project -r region -s stack_name

Response Example

Figure 95 - or2delmstack -m Response Example


EPAM PUBLIC 136

14.2.4 Describe Stack Resources

Invoke: or2-describe-maestro-stack-resources (or2dmsr)

Describes the resources created during the specified stack execution.

CLI Parameters





-s, --stack-id Name of the stack to retrieve information about. Yes


Response Elements

Name Description

resourceId The Id of an existing stack resource

resourceType The type of the stack-related resource

resourceState The current state of the stack-related resource

projectName The project abbreviation in UPSA

zoneName Virtualization region

Command Example

or2dmsr -s stack_id

Response Example

Figure 96 - or2dmsr Response Example


EPAM PUBLIC 137

14.2.5 Validate Maestro Stack Template

Invoke: or2-validate-maestro-stack-template (or2vmst)

Performs a Maestro Stack template validation by the following parameters:

• JSON and XML syntax validation

• Stack template Logic check

• Check for the template commands availability in the region

• Check for template commands permission for the user

The validation covers all errors in the specified Maestro Stack template file and returns the list of the errors.

CLI Parameters







-t, --template-name Name of the template No

-m, --template-path Full path to the local Maestro Sack template No


Response Elements

Name Description

Type Issue type

Message Issue description

Command Example

or2vmst -r region –p project -m template_path

Response Example

Figure 97 – or2vmst Response Example


EPAM PUBLIC 138

14.2.6 Convert Maestro Stack Template

Invoke: or2-convert-maestro-stack-template (or2cmst)

Converts a Maestro Stack template into a CloudFormation template.

CLI Parameters







-f, --input-file Path to the Maestro Stack template Yes

-d, --output-file Path to the generated CloudFormation stack template. If no

path is specified, the stack template is displayed in the console No


Command Example

or2cmst -p project -r region -f template_path -d output_path

Response Example

Figure 98 - or2cmst Response Example


EPAM PUBLIC 139

15 SERVICES

A service is a software solution that allows you to install and manipulate a component, necessary for your

project, with a simple set of Maestro CLI commands. The Services provide you with functionality that is

meant to simplify your work with Orchestrator and give you the additional infrastructure monitoring and

management tools.

Most services are started with the or2-manage-service command with the corresponding –service-name

flag specifying the service to start.

Below, you can see a list of the supported services, driven by or2-manage-service command:

• Monitoring Service

• Chef Server Service

• Log Aggregation Service

• Load-Balancing Service

• Docker Service

When running the services, Orchestrator creates instances with pre-defined settings. These instances are

used as servers for the started services. The corresponding or2-describe-<service> commands can

provide you with the necessary details on the instances involved into the service.

You can monitor the state and the performance of each service using the or2-audit command with --group

project flag. This command returns the list of the service events that take place in the specified project

during the current day. The details are given in this section.

Below, you can find the details on the general services-related commands, and the commands used to

manipulate the specific services.

The mapping table of the required images for EO PaaS services can be found in Annex G – PaaS Guest

Operating Systems.

The new services cannot be activated if the target project Chef mode was set to USER.

Platform services are not available in Google Cloud regions.


EPAM PUBLIC 140

15.1 SERVICES MANIPULATION

15.1.1 Starting a Service

Invoke: or2-manage-service (or2ms)

Activates/deactivates available services for a particular project

CLI Parameters


-a, --activate Activate service. Default: false Yes*

-c, --cluster-name Platform service cluster name Yes**

--customize Allows to customize parameters defined in service stack

template Yes/No****

-d, --deactivate Deactivate service. Default: false Yes*


--init-entry-point Refreshes the entrypoint information of the service in

default.properties file No


-i, --instance Instance ID. Can be used for service deactivation No

-k, --key-name Project SSH key name. Required for all services in AWS zones Yes***

-P, --plain-output Use plain output instead of default table output. Default: false No




-s, --service-name

Platform service name, mandatory for service activation.

Valid service names: monitoring, chef, log, load-balancer,

docker, hadoop, ambari, jenkins, aem, aem-author-paas,

aem-publish-paas, messaging, hybris-single, hybris-large,

kubernetes, gerrit, sitecore-single, sitecore-dev-paas,

sitecore-lb-paas, sitecore-ci-paas, magento, splunk, splunk-

proxy, atg-small

Yes/No

-S, --service-id Platform service ID. This parameter can be used for service

deactivation No

-h, --shape Platform service Instance type No

-t, --stack Stack ID. This parameter can be used for service deactivation No

-v, --version The version of the application used within the service No

-y Provide this parameter for automatic command confirmation.

Default: false No

*Either activate or deactivate parameter should be specified

**Required for Ambari and Docker service activation

***Required for Ambari and most services in AWS zones; can be specified for Hadoop resources access

****Required for Hybris and Gerrit service activation


EPAM PUBLIC 141

The response depends on the activated/deactivated service.

Response Elements

Name Description

stackName Name of the Maestro Stack used to run the service

stackId The ID of the stack run to launch a VM with all the corresponding server settings

status Displays the current command execution stage and its status

Command Example

The command runs the Zabbix monitoring service:

or2ms -p project -r region -s monitoring -a

Response Example

Figure 99 - or2-manage-service Response Example


EPAM PUBLIC 142

15.1.2 Describing Project Services

Invoke: or2-describe-services (or2dser)

Describes the services activated for the given project in the given region.

CLI Parameters







-s, --service

Service name. Valid service names: monitoring, chef, log, load-

balancer, docker, hadoop, ambari, jenkins, aem, messaging,

hybris-single, hybris-large, kubernetes, gerrit

No


The response depends on the activated/deactivated service.

Response Elements

Name Description

serviceId Existing service ID

serviceName The name of an activated project

availability Service availability status

project The name of the project for which the service is activated

stackID The ID of the stack that was used to start the service

ip The IP of the service VM

dns The DNS of the service VM

keyName The name of the key to be used with the service

webUiUrl The URL you can use to connect to the service server, if possible

user The user name to connect to the service server, if possible

password The password to connect to the service server, if possible

Command Example

This command reads the specified template and stores it to the specified local file

or2dser -p project -r region


EPAM PUBLIC 143

Response Example

Figure 100 - or2dser Response Example (shown in 2 lines for better visibility)


EPAM PUBLIC 144

15.1.3 Monitoring the Services

Invoke: or2-audit –p <project> -r <region> -g PROJECT

The services-based events can be easily monitored by the or2-audit command with the

--group PROJECT property:

or2audit --group PROJECT

Such command will return the list of the service-related actions, invoked by the users or the system.

The following response elements are displayed:

• Date: The action date and time

• User: The user that invoked the action. Can be a Cloud User or System

• Action: The name of the performed action, e.g.:

|SERVICE_ACTIVATION_STARTED|

• Message: The message describing the action details, e.g.:

|Service LOAD-BALANCER activation started. See or2audit -s EPMC-

CLONginxServer-d55a2ece command for details.|

• Region: The virtualization region

• Project: The affected project

The command allows you to keep track of all the service-related events in your project.


EPAM PUBLIC 145

15.2 CHEF SERVER SERVICE

EPAM orchestration provides you with the possibility to run Chef Server as a service on you project, i.e.,

to use a project-specific Chef-server, when needed. Currently Chef Client v.12.0.0 is supported by default

based on Ubuntu 16.04_64-bit in all regions except CSA ones where only Chef 11 is supported.

When the service is run, you can switch between the following ACS modes:

• Default mode – the default mode for all projects in the EPAM Cloud. In this case, a common Chef

server is used for all production environment machines.

• EPC mode – use project-specific Chef server, created by EPAM Orchestrator for the specified

project.

• User mode – use project-specific Chef server, created and properly configured by the user. When

switching to this mode, the user should provide Chef server’s instance ID (or instance IP) and

manually upload validation.pem file to the Orchestrator’s file storage. The user should also provide

the path to validation.pem file during the command invocation.

It is impossible to start services in a project/region, if its Chef mode is set to USER.

While working in the EPC mode, please consider specific details below:

• Chef 12 has improved security approaches, and using SSL encryption is obligatory.

• Chef 12 run on Azure needs the port 443 to be open on your project subscription.

• The 0.0.0.0/0 range should be prohibited.

• Chef 12 is available in all regions (including AWS, Azure, and GCP), except ESX-based ones.

• In case 25 and more clients are connected to Chef 12-based server, Chef UI becomes paid.

• You can request a Chef 11-based EPC Chef server on Ubuntu 12, by adding the --version 11

parameter to the or2cm command

Setting the current Chef server on project will not apply any actions on the virtual machines. Re-

configuration of the software on instances is not allowed.

To apply auto-configuration changes, you need to re-register existing VMs on the new Chef server.

It is also recommended to remember that the creation of the project Chef Server is not an instant operation

and will take some time (up to one hour). These are the main conceptual limitations of the given

functionality.

It is possible to connect to Chef Server, created for EPC and USER modes, via HTTP connection and to

get the detailed information about the server.

The UI for the Default Chef server is not accessible

To get the URL to be used for connection, use the or2-describe-chef command. Use the server DNS name

to connect.

To login to an EPC Chef Server, use the following login and password:

Login: user

Password: chef-server


EPAM PUBLIC 146

For initial login to a User Chef Server, use the login and password provided in the left corner of the login

page. It is highly advisable that you change these default credentials to custom ones. When you

successfully login, you will get access to Chef Server information. You can share an existing EPC Chef

server among several regions, projects and Cloud Platforms. To connect another region or project to an

existing EPC Chef server, you will have to add its Service ID to the or2-manage-services command run

for the project/region you want to add:

or2cm –p <project> -r <region> -m epc -S <serviceid>

In case you are not assigned to the project hosting the existing Chef server, Project Coordinator should

provide you with the server service ID.

15.2.1 Set Chef Mode

Invoke: or2-chef-mode (or2cm)

Sets one of the available chef modes (default, epc, user) to the project.

CLI Parameters


-m, --mode The desired mode to switch to. Available values: default, epc, user Yes


-i, --instance ID of the instance where Chef is installed No

-v, --key-file Path to the validation.pem file of the Chef server No

-k, --key-name Project SSH key name. Required for EPC mode in AWS regions No





-s, --shape Instance type No



Default: false No

If you call the or2cm command, please make sure that the chef mode has changed (use or2dchef

command) before creating new instances on your project. In case you need to establish a cross-project

connection, make sure you have permissions to run the or2cm command in the project which you want to

connect to the Chef server. Chef mode change can take about 30 minutes. During this period, the Chef

service is in the ‘unavailable’ state.

Response Elements

Name Description

stackName The name of the stack executed to change the Chef mode

stackId The ID of the stack executed to change the Chef mode

Status The stack status

Command Example

This example sets the project chef mode to epc:


EPAM PUBLIC 147

or2cm –p project –r region –m epc

Response Example

The command returns a list of newly set instance properties.

Figure 101 - or2cm Response Example

Find more information about work with shared Chef server in the Cloud Services Guide

15.2.2 Disabling Auto Configuration for Specific OS

EPAM orchestrator allows to disable auto configuration for VMs with specific OS types, rather than for the

whole project.

This is done by adding the --customize parameter to the or2-manage-service (or2ms) command with the

--activate flag:

or2ms -a -s chef -p project -r region --customize

When run, the command prompts you for the ACS disable mode. As a response, specify the OS family for

which the auto configuration should be disabled (ALL, WINDOWS, LINUX):

Figure 102 - Disabling auto configuration for a specific OS

The information on the auto configuration on the project can be found in the or2-describe-chef (or2dchef)

command: the disableType column shows the OS for which the service is disabled:

Figure 103 - Reviewing information on the current status of the ACS

To enable auto configuration back, run the same or2ms command with the --customize parameter, and

select the NONE mode.

The new auto configuration disabling mode is applied only to the virtual instances that are launched after

the mode is changed. The virtual instances created earlier, will stick to the mode in which they were created.

15.2.3 Retrieving Chef Information

Invoke: or2-describe-chef (or2dchef)

https://cloud.epam.com/site/competency_center/e=p=c_services/csug_03_services.pdf


EPAM PUBLIC 148

Describes the project’s Chef Server mode.

CLI Parameters








Response Elements

Name Description

chefMode The current Chef Mode of the project

chefServer Current Chef DNS name

active Chef server state

Command Example

or2dchef –p project –r region

Response Example

Figure 104 - or2dchef Response Example

15.2.4 Collecting Info on Chef Clients

The or2-validate-chef (or2vchef) command allows the user to control and monitor the work of the service

indicating any errors occurred.

The command should be run in Maestro CLI on the target VM and does not need any parameters:

or2-validate-chef

The command output includes the following information:

Figure 105 - The or2-validate-chef command output


EPAM PUBLIC 149

15.3 ZABBIX MONITORING SERVICE

EPAM Cloud Orchestrator provides you with the ability to create a Zabbix server to monitor your

infrastructure performance. You can specify which instances are being monitored by Zabbix server, and

stop monitoring them when needed.

The default metrics covered by Zabbix monitoring service are given below.

For Windows systems:

• CPU Load

• Free Memory

• Free memory in %

For Linux systems:

• CPU Load

• Disk Read/Write Operations

The set of monitored metrics can be customized by specifying a custom template when adding the instance

to the monitoring list.

You can see the information gathered by Zabbix Server, either on Orchestration UI Monitoring Page, or by

connecting to the server via HTTP. For the details, please, see the Viewing Zabbix Data section.

The default parameters of a Zabbix Server VM are:

• Shape: MEDIUM

• Image: Ubuntu16.04_64-bit

For more details on Zabbix Monitoring service, please, see our Cloud Management Console guide.


Invoke: or2-manage-service –p <project> -r <region> -s monitoring --activate

This command starts and sets up a Zabbix Monitoring server.

Each project can have only one Zabbix server activated for it. If the server is already activated, you will get

the respective command response:

Execution error. code=20054, message='monitoring service already

activated.

If there is no Zabbix server activated for your project, a special stack will be run to launch a VM with all the

corresponding Zabbix Server settings.

The command response will give the ID of the executed stack.

https://cloud.epam.com/site/competency_center/tools_and_capabilities/epam_orchestration/csug_06_cloud_management_console.pdf


EPAM PUBLIC 150

15.3.2 Service Info

Invoke: or2-describe-monitoring (or2dmon)

Use the or2-describe-monitoring command to retrieve the information about the instances monitored by

Zabbix server, Zabbix monitoring templates and Zabbix agent availability.

Describes all activated projects accessible by current user.

CLI Parameters





-p, --project Project abbreviation in UPSA. To describe several projects,

repeat the parameter: -p project1 -p project2 -p projectN Yes

-r, --region Virtualization region name Yes


Response Elements

Name Description

monitoredInstanceId The IDs of the instances monitored by the described Server

zabbixServerInstanceId The ID of the Zabbix Server instance

monitoringtemplateNames The names of the monitoring templates used

zabbixAgentAvailability Zabbix Agent Availability status

Command Example

This command describes the Monitoring service for the specified project and region.

or2dmon –p project –r region

Response Example

Figure 106 - or2dmon Response Example


EPAM PUBLIC 151

15.3.3 Start Monitoring an Instance

Invoke: or2-start-monitoring (or2mon)

This command adds the instance to Zabbix Monitoring list and Zabbix Server starts collecting the

information about this instance.

CLI Parameters




i ID2 -i IDN. Yes





-t, --template Zabbix template No


Response Elements

Name Description

monitoredInstanceID The ID of the instance added to the monitoring list

zabbixServerInstanceId| The ID of the Zabbix Server instance

monitoringTemplateName The name of the monitoring template

For the correct Zabbix Monitoring service performance, it is recommended to add the custom image based

instances to the monitoring list (or2-start-monitoring command) only after they come to the running state.

Otherwise, the custom image can be indicated incorrectly and will be monitored as a Linux image

(regardless of its real type).

Command Example

This example starts monitoring of the specified instance.

or2mon -r region -p project -i instance_id

Response Example

Figure 107 - or2mon Response Example


EPAM PUBLIC 152

15.3.4 Stop Monitoring an Instance

Invoke: or2-stop-monitoring (or2stopmon)

Stop monitoring the specified instance with Zabbix Monitoring Service.

CLI Parameters




i ID2 -i IDN. Yes






Response Elements

Name Description


zabbixServerInstanceId| The ID of the Zabbix Server instance


Command Example

This example removes the specified instance from monitoring.

or2stopmon -r region -p project -i instance_id

Response Example

Figure 108 - or2stopmon Response Example


EPAM PUBLIC 153

15.3.5 Viewing Zabbix Data

There are two ways to view Zabbix Server monitoring data. They are:

• Viewing the statistics on the Monitoring page of Orchestration UI

• Logging to the server via HTTP connection

Viewing the statistics on Monitoring Page

After an instance is added to the monitoring list with the or2-start-monitoring command, its statistics can

be seen on the Monitoring page. To view the instance details, select the instance in the project instance list

and unfold the line with the Zabbix metrics, interesting to you:

Figure 109 - Zabbix metrics details on UI

Logging via HTTP Connection

The typical address template for connecting to Zabbix server is:

http://<ZabbixServerInstanceID>

To get the Zabbix Server Instance ID, you can use the or2-describe-monitoring command.

To login to Zabbix Server via web interface, please, use the following credentials:

• Login: user

• Password: zabbix

The accessed Zabbix Server web-interface provides you with the Zabbix server details, such as number of

hosts, their statistics,system status, the issues that occurred, hosts status, configuration details, etc. You

can also get the graphs on the selected hosts. Unlike the graphs on the Monitoring page, these graphs

provide you not only with the information on the specified metrics, but also allow you to zoom the data to

see the statistics for the specified time period.


EPAM PUBLIC 154

Figure 110 - Zabbix Graph in web Interface


EPAM PUBLIC 155

15.4 TELEMETRY AS A SERVICE

Telemetry as a Service allows monitoring the CPU utilization, disk Read/Write operations and network

traffic of your Linux instances. Support for Windows instances will be implemented later.

The service is based on Gnocchi, a metrics database platform, and collectd, a service collecting the

instance metrics and sending them to Gnocchi. Gnocchi version 4.0 and collectd version 5.7 are supported.

Currently, Telemetry as a Service allows gathering and storing metrics from the following images:

• Ubuntu 14

• Ubuntu16 (except EPAM-BY2 and EPAM-US1)

• CentOS 7

Support of other images will be implemented later.

At the moment, Telemetry as a Service is supported only in EPAM regions.

The default parameters of a Telemetry Server VM are:

• Shape: MEDIUM


Telemetry as a Service is deployed in two steps:

1. Starting a Telemetry server with Gnocchi and PostgreSQL. The server comes already with

installed and configured Gnocchi and PostgreSQL as well as with a Gnocchi client (the Gnocchi

shell utility allowing server manipulations via the command line).

2. Adding instances to the Telemetry service. In each added instance Chef auto-configuration is

invoked assigning a special Chef role to the selected instance. As the result, collectd client will be

installed on the instance together with a Gnocchi plugin to enable proper integration. After

successful configuration, the instance will send its metrics to the Gnocchi server.

The gathered metrics will be available either on the Maestro CLI console or in the Monitoring screen of the

Cloud UI. The metrics to be returned can be filtered by name, granularity (metrics by minutes, hours and

days can be selected) or aggregation method (average, min, max, sum, count, standard). Also, you can set

the date range for which you would like to retrieve the instance metrics.


Invoke: or2-manage-service -p project -r region -s telemetry --activate

This command starts and configures a Telemetry server.

http://gnocchi.xyz/

https://collectd.org/index.shtml


EPAM PUBLIC 156

15.4.2 Adding an Instance to Telemetry

Invoke: or2-start-telemetry (or2starttel)

This command adds the instance to Telemetry and creates a Gnocchi client on it. The Gnocchi client starts

sending the instance metrics to the Telemetry server.

CLI Parameters









Response Elements

Name Description

instanceID The ID of the instance added to the monitoring list

serverInstanceId The ID of the Telemetry Server instance

Command Example

This example starts one instance with specified instance ID.

or2mon -r region -p project -i instance_id

Response Example

Figure 111 - or2starttel Response Example


EPAM PUBLIC 157

15.4.3 Stop Collecting Telemetry from the Instance

Invoke: or2-stop-telemetry (or2stoptel)

Stops collecting telemetry from the specified instance and removes the Gnocchi client.

CLI Parameters









Response Elements

Name Description

instanceID The ID of the instance removed from the monitoring list

serverInstanceId The ID of the Telemetry Server instance

Command Example

This example removes the specified instance from Telemetry monitoring.

or2stoptel -r region -p project -i instance_id

Response Example

Figure 112 - or2stoptel Response Example


EPAM PUBLIC 158

15.4.4 Describe Telemetry Agents

Invoke: or2-describe-telemetry-agents (or2dtelag)

Describes the resources monitored by the Telemetry service.

CLI Parameters



-o, --original-resource-id Original Telemetry resource ID No






Response Elements

Name Description

originalResourceID ID of the instance generated by the Gnocchi client

serverInstanceId| The ID of the Telemetry Server instance

telemetryResourceID ID of the instance generated by the Gnocchi server

startedAt Date and time of instance inclusion to Telemetry monitoring

metrics Available metrics

state The state of the agent (Stopped/Running/Source_Unavailable)

Command Example

This example retrieves the list of all telemetry agents for the specified project and region.

or2dtelag -r region -p project

Response Example

Figure 113 - or2dtelag Response Example

If you specify the original resource ID in the or2dtelag command, the command will also return the list

of metrics available for that agent:

or2-describe-telemetry-agents -p project -r region –o original_resource_ID


EPAM PUBLIC 159

Figure 114 - Telemetry agent with available metrics

15.4.5 Get Telemetry

Invoke: or2-get-telemetry (or2tel)

Retrieves the resource metrics from the Telemetry server.

CLI Parameters



-o, --original-resource-id Original Telemetry resource ID Yes





-a, --aggregation Aggregation method for the described measures. Available

values: [average, min, max, sum, count, std] Default: AVERAGE No

-c, --count Message count in output, positive integer. Default: 100 No

-d, --days History days, positive integer. Default: 1 No

-h, --hours History hours, positive integer.

-f, --from From date (yyyy-MM-dd or yyyy-MM-ddTHH:mm) No

-t, --to To date (yyyy-MM-dd or yyyy-MM-ddTHH:mm) No

-g, --granularity Granularity of the described measures. Available values:

[minute, hour, day]. Default: HOUR No

-m, --metric-name Metric name. If empty, all available metrics will be returned Yes


If you are using the --from and --to parameters, make sure you enter the local time values. If you use GMT

values, the returned data will be inaccurate.

Response Elements

Name Description

metricName Name of the metric

aggregationMethod Aggregation method

granularity Metrics granularity

timestamp Date and time of metrics collection

measureValue Value of the metrics

Command Example

This example returns matric data with the one-minute granularity.

or2tel -r region -p project –o original_resource_id –m metrics –g minute

Response Example


EPAM PUBLIC 160

Figure 115 – or2tel Response Example

Telemetry as a Service returns metrics data in unnormalized form.

You can get the data visualized on Grafana-based web UI, by the URL given in the or2dser command

response.

15.5 LOG AGGREGATION SERVICE

EPAM Cloud Orchestrator provides the users with a GrayLog-based Log Aggregator Service that collects

the logs from the specified instances and provides an easy and visual access to them via a web-interface.

The default parameters of a GrayLog Server VM are:

• Shape: MEDIUM

• Image: Ubuntu16.04_64-bit.

The service is not available for Microsoft Azure.


Invoke: or2-manage-service –p project -r region -s log --activate

This command runs a Maestro Stack that creates and sets up a VM with a GrayLog Server on it.

The GrayLog server setup is a complicated process and can take up to an hour.

15.5.2 Log Service Info

Invoke: or2-describe-logging (or2dlog)

The command gives the list of the logged instances and the DNS name of the GrayLog Server

CLI Parameters








Command Example

This example shows the common case of describing the Log service on a project.

or2dlog -p project -r region


EPAM PUBLIC 161

15.5.3 Start Collecting Logs from an Instance

Invoke: or2-start-logging (or2log)

Use this command to start collecting the logs from the specified instance.

CLI Parameters



-i, --instance Instance ID For several instances repeat the parameter: -i ID1 -i ID2

-i IDN. Yes

-l, --log Full path to the log file No






Response Elements

Name Description


grayServerInstanceId| The ID of the GrayLog Server instance


Command Example

This example starts monitoring of the instance with the specified instance ID.

or2log -r region -p project -i instance_id


EPAM PUBLIC 162

15.5.4 Stop Collecting Logs from an Instance

Invoke: or2-stop-logging (or2stoplog)

The command removes the instance from Logging Service list. The server stops collecting the instance log

data, but all the logs, previously aggregated, are kept.

Please note: the service cannot collect data from the server where it is hosted, in EPAM-BY2. EPAM-IN1,

EPAM-US2, and AWS regions, until the server is rebooted.

CLI Parameters



-i, --instance Instance ID For several instances repeat the parameter: -i ID1 -i ID2

-i IDN. Yes






Command Example

This command stops monitoring of the instance with the specified instance ID.

or2stoplog -i instance_id -p project -r region

15.5.5 Viewing the Collected Logs

You can view the collected logs by connecting to the Log Server via HTTP.

The typical address template for connecting to Log Server is:

http://<LogServerDNS>

Use the or2dser command to find the Log Server DNS, login and password to be used to login to the

server.

When you log in, you will get to GrayLog Web Interface that provides you with the full access to the gathered

data.


EPAM PUBLIC 163

15.6 LOAD BALANCING SERVICE

EPAM Cloud Orchestrator provides the users with a Nginx-based Load Balancing Service, that allows the

user to arrange load balancing with a set of CLI commands.

The default parameters of a Load Balancer Server VM are:

• Shape: MEDIUM


15.6.1 Starting and Managing the Service

To start the Load Balancer service, you should call the following command:

or2ms –p project -r region -s load-balancer --activate

The command runs a Maestro stack that creates and configures a Load Balancer VM. A project can have

only one Load Balancer.

15.6.2 Load Balancer Configuration

All the Load Balancer configuration actions are performed with or2-load-balancer-config (or2lbconf)

command.

The command deals with four configuration areas, each having its own set of properties or properties

behavior:

• Balancing – this area deals with Load Balancer Server, balancing members, the details on the

balancer connections.

• Limits – this area deals with the user connections and requests limits

• Bans – this area allows to ban specific URLs or user IPs

• Cache – this area allows to set up Load Balancer caching

When calling a command, you need to specify one configuration area and the necessary relative

parameters.

When used with --project and –region parameters only, the command displays the list of the configuration

settings applied to the Load Balancer.


EPAM PUBLIC 164

CLI Parameters

Parameter name Description Required G

enera

l -p, --project Project abbreviation in UPSA Yes






Bala

ncin

g

-b, --balancing Specifies the configuration area as “balancing” Yes/No

--balancerName FQDN of the Load Balancer No

-i, --instance The ID of the instance to be added or removed from the balancing members list

No

--port The port to route to. Default: 80 No

--permanent Enable/Disable “keep alive” feature: Nginx will open the specified number of connections with each host [0…]. Default 0.

No

--iphash Enable/disable “sticky session” [on/off] Default: on No

-d, --remove Remove a host from the balancing members list No

--removeAll Remove all hosts from the balancing members list No

Lim

its

-l, --limit Specifies the configuration area as “limit” Yes/No

--connections Specifies that the number of allowed simultaneous user connections should be set

No

--requests Specifies that the limit of requests per second should be set No

--perIp Sets the connections or requests limit for a given IP (set 0 to remove the limit)

No

--total Sets the connections or requests limit for the whole balancer No

Bans

--ban Specifies the configuration area as “ban” Yes/No

--ip Adds IP address to the ban list. Format: xxx.xxx.xxx.xxx No

--url Sets the URL to return failure status code No

--status Set status code for URL to return (Default: 403 Forbidden) No

--remove Removes ban from IP or URL No

--removeAll Removes all bans No

Cache

--cache Specifies the configuration area as “cache” Yes/No

--url Sets the URL to cache No

--extension Sets the extensions of files to be cached No

--expiration Sets the cache expiration time (in minutes) No

--remove Removes caching files or URLs No

--removeAll Disables caching No

Response Elements

Name Description

Area The name of the configured area

Item The type of manipulated item

Value The description of the performed operation


EPAM PUBLIC 165

15.6.3 Configure Balancing

General balancing settings are set with the --balancing flag of the or2lbconf command followed by next

parameters:

--balancerName <string> - FQDN of the Load Balancer

--instance <string> - instance id to add

--port <number> - (80 by default) the port to route to

--permanent <number> - the number of connections to keep alive with hosts within balancing, 0

turns off the feature

--iphash <on/off> - enable/disable "sticky session" on the Load Balancer

--remove <nothing> - removes instance from load balancing

--removeAll <nothing> - clears load balancing group

Below, you can see a set of command examples:

or2lbconf --balancing --instance <instance1> - adds instance1 to the

balancing group

or2lbconf --balancing --instance <instance1> --port 2752 - changes the port

of instance1 to 2752

or2lbconf --balancing --remove --instance <instance1> - removes instance1

from group

or2lbconf --balancing --permanent 10 - enables feature: caches 10 connections

to hosts

Response Example:

Figure 116 - or2lbconf –-balancing Response Example

15.6.4 Configure Limits

You can set up the balancer limits with the --limit flag of the or2lbconf command followed by the next

parameters:

--connections <nothing> - configures connection limits (number of allowed simultaneous

connections)

--requests <nothing> - configures request frequency limits (number of allowed requests per second)

--perIp <number> - sets limit per client IP (0 to turn off)

--total <number> - sets limit for the balancer (0 to turn off)


EPAM PUBLIC 166

The examples of the limits configuration are given below:

or2lbconf --limit --requests --total 50 - sets maximum requests per second to

balancer to 50

or2lbconf --limit --connections --perIp 10 --total 50 - sets maximum connections

from a unique IP to 10 and the overall maximum connections to balancer - to 50

Response Example:

Figure 117 - or2lbconf –-limit Response Example

15.6.5 Configure Bans

The balancer bans are set with the --ban flag of the or2lbconf command followed by the next parameters:

--ban <nothing> - configure bans

--ip <xxx.xxx.xxx.xxx> - add IP address to ban list

--url <string> - set URL to return failure status code

--status <number> - (403 Forbidden default) set status code for URL to return

--remove <nothing> - removes ban from IP or URL

--removeAll <nothing> - removes bans on IPs or URLs

or2lbconf --ban --ip 123.456.7.8 - adds 192.168.1.1 to banlist

or2lbconf --ban --url /maestro/ - sets /maestro/ to return 403 Forbidden status

or2lbconf --ban --url /maestro/ --status 404 - sets /maestro/ to return 404 Not

found

or2lbconf --ban --remove --ip 192.168.1.1 - removes 192.168.1.1 from IP banlist

or2lbconf --ban --removeAll --ip - clears IP banlist

Response Example:


EPAM PUBLIC 167

Figure 118 - or2lbconf –-ban Response Example

15.6.6 Configure Cache

The caching settings are set with the --ban flag of the or2lbconf command followed by the next parameters:

--cache <nothing> - configure caching

--url <string> - the URL to cache

--extension <string> - extensions of files to cache

--expiration <number> - sets cache expiration time (in minutes)

--remove <nothing> - removes caching files or URLs

--removeAll - disables caching.

or2lbconf --cache --url /images/ --expiration 10 - enables caching on /images/

with 10 minutes expiration

or2lbconf --cache --url /images/ --remove - removes /images/ caching

or2lbconf --cache --extension jpg --extension gif --expiration 30 - enables

caching on all ".jpg" and ".gif" files with 30 minutes expiration

or2lbconf --cache --removeAll - disables caching at all

Response Example

Figure 119 - or2lbconf –-cache --url --expiration Response Example


EPAM PUBLIC 168

15.6.7 Describe Load Balancer Members

Invoke: or2-describe-load-balancing (or2dlb)

The command shows the list of the hosts (instance IDs) in the Load Balancer group and their availability.

The instance reported as AVAILABLE is running and it is possible to connect to it via the port defined in

configuration.

The instance reported as UNAVAILABLE is not running or cannot be connected via HTTP.

CLI Parameters




-P, --plain-output Use plain output view. No




Response Elements

Name Description

host The Instance ID of the host in group

port The port used to connect to the host

availability Service availability status

description The description of the current host state

Command Example:

or2dlb –p project -r region

Response Example

Figure 120 - or2dlb Response Example


EPAM PUBLIC 169

15.7 FTP TO AWS S3 SERVICE

FTP to AWS S3 service is the first stage of the new data management service which is currently under

development. It is implemented as FTP access to AWS S3 buckets, and includes the respective Maestro

CLI commands.

The service can be used in AWS regions only.

The default parameters of an FTP Server Instance are:

• Shape: SMALL


15.7.1 Service Activation

To activate Backup as a Service, use the or2-manage-service (or2ms) command with the -a/--activate

flag and the -s/--service-name parameter with backup value. The -k key_name parameter is also

necessary, as for any instance in AWS:

or2ms –p project -r aws-region -a –s backup -k key_name

When the service is activated, it runs a VM with the following parameters:

• Shape: SMALL


To deactivate the service, run the same command with the -d/--deactivate flag:

or2ms –p project -r aws-region -d –s backup

15.7.2 S3 Buckets Management

Invoke: or2-manage-ftp (or2ftp)

The command is used to make existing S3 buckets available via FTP.

CLI Parameters


-a, --action FTP management action [list, mount, unmount]. Default: list No

-b, --bucket Bucket name







Response Elements

Name Description

name The name of the bucket

Command example:


EPAM PUBLIC 170

The command below adds a bucket_name bucket to the service:

or2ftp –p project –r aws_region -a mount -b bucket_name

Command response:

Figure 121 - or2ftp Response Example

15.7.3 Providing Access to Users

Invoke: or2-ftp-access (or2ftpa)

The command allows to grant and prohibit access to FTP to S3 for a specific user:

CLI Parameters


-a, --action FTP management action [list, grant, revoke]. Default: list No

-e, --email User email No







Response Elements

Name Description

Login User login name

Enabled The flag indicating whether user access is enabled

Command example:

The command below allows the user_name user access the FTP server:

or2ftp –p project –r aws_region -a grant -e [email protected]

Command response:

Figure 122 - or2ftpa Response Example


EPAM PUBLIC 171

15.8 OPENSHIFT AS A SERVICE

OpenShift is a platform as a service for container management, using Docker containerization and

Kubernetes orchestration tools. The service allows to deploy the necessary environments in container-

based infrastructure, without need to look for higher hardware capacities.

In EPAM Cloud, OpenShift can be deployed to virtual instances.

Currently, we strongly recommend to run the service in EPAM-BY2 region, where it can perform in a stable

and reliable manner.

OpenShift as a Service is based on Ansible configuration management solution, thus it is recommended to

use Linux-based workstations to set up the service. Due to Ansible limitations, the service cannot be run

from Windows workstations

OpenShift as a Service needs additional actions to be performed on your workstation and service instances.

Please find the details in the OpenShift as a Service Configuration Guide.


The service activation starts with creating a cluster of pre-configured VMs. To do it, call the following

command:

or2ms -p project -r region -a -s open-shift -v 3.7 -k key_name

The command launches four LARGE CenOS 7 64-bit instances, each with additional 30GB storage volume.

15.8.2 OpenShift Configuration

Invoke: or2-openshift-client (or2osc)

The command integrates Ansible client with Maestro CLI, and configures the wildcard for OpenShift.

CLI Parameters


-a, --action OpenShift client preparing actions [install, configure] Yes





-r, --region Virtualization region No

-w, --wildcard Automatic command confirmation (for the terminate action) No

The command response consists of action logs and, for wildcard configuration, host details.

Response Elements

Name Description

hostId The ID of the host in the OpenShift cluster

dnsName The DNS name of the host in the OpenShift cluster

https://cloud.epam.com/site/competency_center/e=p=c_services/open=shift_as_a_service_(=o=s=s)/csug_openshift.pdf


EPAM PUBLIC 172

Response Elements

ipAddress The IP address of the host in the OpenShift cluster

role The host role in the OpenShift cluster

Command Example 1:

This example installs Ansible client that will be used to configure the service VMs

or2osc -a install

Command Response 1:

Figure 123 - or2osc Command Response Example

Command Example 2:

This example configures the wildcard for OpenShift (should be used only after the wildcard record is created

in the DNS server):

or2-openshift-client -a configure -p project -r region -w wildcard

Figure 124 - or2osc Command Response Example for Wildcard Setup

15.9 DOCKER SERVICE

Orchestrator provides its users with Docker facilities that can be accessed as an EPAM Cloud service. The

Docker Service allows to create a node hosting a set of containers that share the node resources but are

independent in manipulation. This allows to distribute the resources of one VM (node) effectively, minimize

the infrastructure costs and facilitate its monitoring.

The default parameters of a Docker node VM are:

• Shape: MEDIUM



EPAM PUBLIC 173

Docker as a product is an open-source engine for automating applications deployment inside software

containers. This section describes how Docker is integrated into Cloud and the ways it can be used in this

context. To find out more details on Docker as a product, please visit the Official Docker Web-Site.

Integration with Docker 1.9 and Docker Swarm 1.0.0 is supported.

15.9.1 Starting the Service

As Docker uses multiple clusters, all Docker-related commands should specify the cluster name as the -

c or -cn parameter.

To start the service, call the following command:

or2ms –p project -r region -s docker –c cluster_name --activate

The default VM shape is MEDIUM. You can use the --shape parameter to specify another one.

You can run Docker service in the dedicated EPAM-DKR region, which is based on OpenStack (kilo) and

is exclusively designed for Docker usage. In this case, the Docker VMs will have CoreOS guest OS. For

more details on the region, see this section.

The command runs a Maestro Stack that creates and configures a Docker Master VM. Docker Master will

later be used as an entry point to the Docker Cluster, and will allocate the requested containers

automatically to the nodes that have lower load.

Docker Master VM is also used as a node VM that hosts containers. If you need a new node to be added

to your Docker cluster, just repeat the or2-manage-service command.

To make the containers within the created node accessible only with SSH key, add the --key-name property

in the or2-manage-service command. The Property should be followed by the name of an SSH key,

previously created by or2-create-keypair command.

To remove a node, use the or2ms command with --deactivate and -i parameters. The -i parameter

specifies the ID of the node to be stopped.

When a service is activated, two default containers (skydoc and skydns) are automatically started.

These containers are engaged in dynamic assignment of names within the node VM. The containers IP

addresses can change during the node performance, but to establish a reliable connection between

containers, you can use the containers Full Qualified Domain Names (FQDN), that are to be composed

according to the following rules:

<container_name>.ubuntu_epc.docker.local

The container name is retrieved by the or2dd command described below.

15.9.2 Docker Container Images

Invoke: or2-docker-image (or2di)

The command is designed to manipulate the Docker Swarm images available on node VMs for container

creation.

CLI Parameters


https://www.docker.io/


EPAM PUBLIC 174

-a, --action Docker image action [describe, push, pull, commit, delete].

Default: describe. No

-c, --container Container ID. Mandatory for the commit action Yes/No

-cn, --cluster-name Cluster name Yes

-dr, --docker-registry

Docker registry instance ID. If not specified, the command

will pull the image from the public Docker Registry

(https://index.docker.io)

No

--full Show full command output instead of default basic one.

Default: false No

--help Display command help. Default: false No

--force Force delete Docker image. Default: false

-i, --image-id Image ID No

-m, --message Commit message (will be seen only on direct API

“containers/inspect” call) No

-n, --name Image name No

-ns, --namespace Private Docker Registry namespace No

-nt, --new-tag-name Private Docker Registry Tag Name No





-R, --repository Private Docker Registry Repository name No

-t, --tag Image tag. Default: latest No


Default: false No

The command response consists of two parts: a string describing the action performance result and the

container details.

Response Elements

Name Description

host Host name of the parent hypervisor

id Image ID

name Image name

tag Image tag

Command Example 1:

This example returns the list of available images:

or2di -p project -r region –cn cluster_name

Command Response 1:

https://index.docker.io/


EPAM PUBLIC 175

Figure 125 - or2di Command Response Example

Command Example 2:

This example creates an image from the specified container:

or2di -p project -r region -a commit -c container_id -n image_name -t

image_tag –cn cluster_name

Command Response 2:

Figure 126 - or2di -a Commit Response Example


EPAM PUBLIC 176

15.9.3 Manipulating Containers

Invoke: or2-docker-container (or2dc)

The containers are manipulated with the or2-docker-container command. The command allows to run,

terminate, start and stop the containers.

Manipulating containers, including creating new ones, takes only seconds.

CLI Parameters








-i, --image Docker image to use for run command. The full image name <name:tag> of Docker image ID is required

No

-c, --container Docker Container name or ID No


-cmd, --command Specifies a command that will be run on a new Docker container after its start

No

-a, --action Docker container action [run, terminate, start, stop, describe]. Default: DESCRIBE

No

-t, --tcp

TCP container ports mapping FROM (Host port) : TO (Container port.) Multiple values could be separated with commas without spaces. Used on a container run action. Example: -t 4857:22,5541:80

No

-u, --udp

UDP container ports mapping FROM (Host port) : TO (Container port.) Multiple values could be separated with commas without spaces. Used on a container run action. Example: -u 4857:22,5541:80

No

-v, --volume Docker volume binding. Allowed formats: ["/host/dir:/container/dir", "container-name:/container/dir", ":/container/dir"]

No

-y Automatic command confirmation (for the terminate action) No

The command response consists of two parts: a string describing the action performance result and the

container details.

Response Elements

Name Description

host The host on which the container is running

containerName The automatically created name of the container

containerId The ID of the created container

status The container status

portMappings Container port mappings

image Docker image to use for run command

command The command that will be run on a new Docker container after its start


EPAM PUBLIC 177

Command Example:

This example lists the existing Docker containers:

or2dc -p project -r region –cn cluster_name

Command Response:

Figure 127 - or2dc Command Response


EPAM PUBLIC 178

15.9.4 Manipulating Volumes

Invoke: or2-docker-volume (or2dv)

The Docker Swarm volumes are manipulated with the or2-docker-volume command. The command

allows to create, delete and describe Docker Swarm volumes.

CLI Parameters


-a, --action Docker volume action [describe, create, delete]. Default value: describe

No








-v, --volume Volume name No

-y Automatic command confirmation. Default value: false No

Response Elements

Name Description

host The host on which the volume is mapped

id Volume ID

name Volume name

driver Volume driver

mountPoint Host directory to which the volume is mapped

Command Example 1:

The following command creates a Docker volume:

or2dv -p project -r region -a create –cn cluster_name –v volume

Command Response 1:

Figure 128 - or2dv Command Response


EPAM PUBLIC 179

Command Example 2:

The following command deletes the specified Docker volume:

or2dv -p project -r region -a delete –cn cluster_name –v volume

Command Response 2:

Figure 129 - Docker volume deletion


EPAM PUBLIC 180

15.9.5 Creating a Docker Registry

Invoke: or2-manage-service (or2ms)

To create a Docker registry, use the command with the -s docker-registry parameter.

This command runs a new VM on which the registry will be hosted. The VM has SMALL shape and is

based on Ubuntu14.04_64-bit image.

Command Example:

This example shows the Docker registry creation:

or2ms -p project -r region –s docker-registry -a

Command Response:

Figure 130 – Docker registry creation

15.9.6 Manipulating Registry Images

Invoke: or2-docker-registry-image (or2dri)

The command is used to describe and manage images within a specified registry.

CLI Parameters


-a, --action The action to be taken [describe, delete]


-q, --query Create a query to filter certain images by string No



-dr --docker-registry

Docker registry instance id. If not specified, will show all

images from each Docker registry on the project. For several

docker registries repeat the parameter: -dr dockerRegistry1 -

dr dockerRegistry2 -dr dockerRegistryN.

No

-ns, --namespace Private Docker Registry namespace No





-R, --repository Repository name No

-t, --type Docker Registry type. Allowed values: [public, private].

Default: private No

-y Automatic confirmation No


EPAM PUBLIC 181

When used with the -a delete action, the command removes the registry with ALL images existing in it.

Response Elements

Name Description

stackName The name of the stack used to create a Docker registry

stackId The ID of the stack used to create a Docker registry

status Registry stack status

Command Example 1:

This example shows the list of the images on a specified Docker registry:

or2dri -p project -r region -dr docker_registry_id -a describe

Command Response 1:

Figure 131 - or2dri -a describe Response Example

Command Example 2:

This example deletes a repository from Docker registry:

or2dri -p project -r region -dr docker_registry_id -R repository

-a delete

Command Response 2:

Figure 132 - or2dri -a delete Response Example


EPAM PUBLIC 182

15.9.7 Docker Service Info

Invoke: or2-describe-docker (or2dd)

The command gives the list of existing Docker elements and their details.

CLI Parameters









-t, --type Docker Type [cluster, nodes]. Default: nodes No

The command response for the Docker description includes the same elements as those returned by the

or2-describe-instances command.

In one command call, you can either get the description of the Docker service and the list of the existing

nodes or the details of the specified container.

Response Elements

Name Description Described

Element

instanceId The ID of the Docker node

Docker

dnsName Docker node DNS

privateIp Docker node privateIp

state The current state of the Docker node

CPU The number of CPU in the node VM

memory The RAM volume in the node VM

description The node description

containerId The Id of the container

Node/

Container

containerName The automatically assigned name of the container

status The current status of the container

sshPort SSH port to be used to connect to the container

portMappings The port mappings of the container

image The image used to run the Container

command The command to be executed on the container start

filters Filters to display the host

strategy Balancing strategy

nodesCount Number of nodes in the cluster

containersCount Number of containers in the cluster


EPAM PUBLIC 183

Command Example 1:

This example shows the Docker service description example:

or2dd -p project -r region –cn cluster_name

Command Response 1:

Figure 133 - or2dd Command Response


EPAM PUBLIC 184

15.10 KUBERNETES AS A SERVICE

Kubernetes is an open-source container management platform delivered by Google.

Kubernetes as a Service is used to manage, schedule and run containerized applications created by various

container engines, such as Docker or rkt. One or more containers to be managed as a single application

are grouped into ‘pods’ which will be running on clusters of virtual machines.

Within a cluster, one virtual machine functions as a master node consisting of a stateless API server,

scheduler and controller manager. Additionally, the master node includes an etcd key-value store for data

storing in the cluster. The master node manages the workload and provides communication within the

cluster through the API server. Other virtual machines are worker nodes subordinate to the master.

For more details on Kubernetes, please visit the Official Kubernetes Website.

15.10.1 Starting the Kubernetes Service

Kubernetes as a Service can only be activated in OpenStack private regions. For a cluster proper

configuration, you need to activate Kubernetes Master and at least one worker (UI Dashboard, Proxy,

Addons for DNS).

To start the Kubernetes Service, use the or2-manage-service (or2ms) command with the following

parameters:

or2ms -p project -r region -s kubernetes –c cluster_name -k key_name --

activate

To start the service as a Kubernetes master, run the command with the -s (--service) parameter containing

‘kubernetes’ or ‘kubernetes-master’. To start the service as a Kubernetes worker, run the command with

the -s (--service) parameter containing ‘kubernetes-worker’.

or2-manage-service -p project -r region -s kubernetes-worker –c cluster_name

-k key_name --activate

You can activate a worker node only if a master node has already been activated in the same cluster.

If you need a new node to be added to your Kubernetes cluster, just repeat the or2-manage-service

command.

By default, Kubernetes nodes are LARGE-shaped VMs with CoreOS_1632_64-bit operating system.

To stop the service, use --deactivate and –i instance_id to deactivate nodes one by one, with the

Kubernetes Master being deactivated the last.

You can start more than one Kubernetes cluster for the same project and region. To login in every instance

in the cluster, use the following user with the private SSH key with which you activate the service:

User: Core

15.10.2 Kubernetes Info

To view the list of the existing Kubernetes nodes and their parameters, run the or2-describe-services

(or2dser) command specifying your project and region:


http://kubernetes.io/


EPAM PUBLIC 185

Figure 134 - List of Kubernetes nodes (shown in two lines for better visibility)

15.10.3 Kubernetes Pods Management

Invoke: or2-kubernetes-pods (or2kp)

The command returns the list of Kubernetes pods in the specified cluster and their state.

CLI Parameters


-a, --action Kubernetes pods action. Allowed values: [describe]. Default:

DESCRIBE No








Response Elements

Name Description

nodeName Name of the Kubernetes node

name Name of the Kubernetes pod

phrase Kubernetes pod state

startDate Kubernetes pod start date

Command Example:

or2kp -p project -r region –cn cluster_name


EPAM PUBLIC 186

Command Response:

Figure 135 - or2kp Command Response

15.10.4 Kubernetes Namespaces Management

Invoke: or2-kubernetes-namespaces (or2kns)

The command returns the list of Kubernetes namespaces in the specified cluster and their state.

CLI Parameters


-a, --action Kubernetes namespaces action. Allowed values: [describe].

Default: DESCRIBE No








Response Elements

Name Description

name Kubernetes namespace name

phrase Kubernetes namespace state

Command Example:

or2kns -p project -r region –cn cluster_name


EPAM PUBLIC 187

Command Response:

Figure 136 - or2kns Command Response

15.10.5 Kubernetes Services Management

Invoke: or2-kubernetes-services (or2ks)

The command describes the Kubernetes services in the specified cluster.

CLI Parameters


-a, --action Kubernetes service action. Allowed values: [describe]. Default:

DESCRIBE No








Response Elements

Name Description

name Kubernetes service name

type Kubernetes service type

Command Example:

or2ks -p project -r region –cn cluster_name

Command Response:

Figure 137 - or2ks Command Response


EPAM PUBLIC 188

15.10.6 Kubernetes Replication Controllers Management

Invoke: or2-kubernetes-replication-controllers (or2krc)

The command describes the Kubernetes replication controllers in the specified cluster.

CLI Parameters


-a, --action Kubernetes replication controller action. Allowed values:

[describe]. Default: DESCRIBE No








Response Elements

Name Description

name Kubernetes replication controller name

templatePodName Pod template name

generalReplicas The number of currently existing replicas

requiredReplicas The target number of replicas

readyReplicas The number of completed replicas

Command Example:

or2krc -p project -r region –cn cluster_name

Command Response:

Figure 138 - or2krc Command Response

15.10.7 Kubernetes Nodes Management

Invoke: or2-kubernetes-nodes (or2kn)

The command describes the Kubernetes nodes in the specified cluster.


EPAM PUBLIC 189

CLI Parameters


-a, --action Kubernetes node action. Allowed values: [describe]. Default:

DESCRIBE No








Response Elements

Name Description

name Kubernetes node name

ready Kubernetes node state

pods Number of pods in the node

cpu CPU count

memory Memory size

Command Example:

or2kn -p project -r region –cn cluster_name

Command Response:

Figure 139 - or2kn Command Response

15.10.8 Using the Service

When the Kubernetes service is activated, you can use it via the native command line interface, kubectl,

which is automatically available on the master virtual machine on which Kubernetes is activated.

For other machines, download the kubectl executable and install it.

For more details on using kubectl, on the available commands, syntax and parameters, refer to the kubectl

Overview page of the official Kubernetes website.

Additionally, the Kubernetes service has a web UI which is automatically available as soon as the service

is activated in the cluster. It is accessible via a URL over the https connection. The Web UI URL can be

found from the Kubernetes node details returned by the or2dser command.

https://storage.googleapis.com/kubernetes-release/release/v1.2.2/bin/linux/amd64/kubectl

http://kubernetes.io/docs/user-guide/kubectl-overview/

http://kubernetes.io/docs/user-guide/kubectl-overview/


EPAM PUBLIC 190

15.11 HADOOP DATA PLATFORM SERVICE

EPAM Cloud provides Hadoop capacities that can be used by developers to test and debug their Hadoop

jobs before running them on production.

EPAM Cloud Hadoop Data Platform Service is based on Hortonworks Hadoop Distribution v.2.

15.11.1 Starting the service

To start the Hadoop service, run the or2-manage-service (or2ms) command with --activate (-a), --

service-name (-s) hadoop and other necessary flags:

or2ms -p project -r region -a -s hadoop -l slaves -h shape

where:

-l (--hadoop-slave-count) specifies the number of Hadoop slave machines that will be run (1 by

default, if the property is not specified)

-h (--shape) specifies the instance shape for Hadoop slave machines (MEDIUM by default, if the

property is not specified)

You can also use the -k (--key-name) option to specify the SSH key for all the created resources.

The service when activated, by default starts the following virtual machines:

VM Role OS Shape Number

Hadoop Client Ubuntu 12.04 x64 SMALL 1

Hadoop Resource Manager Ubuntu 12.04 x64 MEDIUM 1

Hadoop Name Node Ubuntu 12.04 x64 MEDIUM 1

Hadoop Slave Ubuntu 12.04 x64 MEDIUM (alterable with -h parameter

1 (alterable with -l parameter

To check whether Hadoop has started properly, you should login to the client and run a test job. The cluster

is ready to work if the test job is performed without issues.


EPAM PUBLIC 191

15.11.2 Retrieving Hadoop Information

Invoke: or2-describe-hadoop (or2dh)

The command gives the list, the states and the DNS names of existing Hadoop resources.

CLI Parameters








Response Elements

Name Description

instanceID The ID of a Hadoop resource

dnsName The DNS name of a Hadoop resource

privateIP The private IP address of a Hadoop resource

state The current state of a Hadoop resource

shape The shape of a Hadoop resource

description The description of a Hadoop resource that gives information on its Hadoop role

Command Example

This example shows the common case of describing the Hadoop service on a project.

or2dh -p project -r region

Response Example

Figure 140 - or2-describe-hadoop Response Example


EPAM PUBLIC 192

15.11.3 Manipulating Slaves and Clients

Invoke: or2-manage-hadoop (or2mh)

The command allows to create and remove Hadoop resources

CLI Parameters


-a, --add Add resource (default: false) No

-c, --count New resources count (default: 1) No


--help Display command help (default: false) No

-k, --key-name Project SSH key name. Can be specified for Hadoop resources

access No

-P, --plain-output Use Plain Output view No




-m, --remove Remove resource (default: false) No

-s, --resource Hadoop resource type [client, slave] Yes

-h, --shape Instance type for the new resources No

-y Automatic operation confirmation (default: false) No

Response Elements

Name Description

stackName The name of the stack used to execute the specified operation

stackId The ID of the stack used to execute the specified operation

status The status of the stack used to execute the specified operation

Command Example

This example shows the common case of stopping an instance.

>or2mh -p project -r region -a -c 5 -s slave

Response Example

This example shows the response for the or2mh -a -s slave command:

Figure 141 - or2-manage-hadoop Command Response


EPAM PUBLIC 193

15.11.4 Running Jobs

To run a Hadoop job, you have to connect to the Hadoop Client you want to use. To connect, use the DNS

name retrieved by the or2dh command and the following credentials:

• User: hdfs

• Password: user

When connected to the Client, run the following command on it:

hadoop jar job_path [job parameters]

Where:

• job_path stands for the path to the .jar file describing the Hadoop job

• job_parameters stands for the list of the parameters that can be accepted by the current job

Each Hadoop client has a set of pre-installed demo jobs you can run to check how the service works. For

example, the command below will call the job with a program that is intended to calculate the Pi number:

hadoop jar /usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples-

2.4.0.2.1.5.0-695.jar pi 10 20

Here,

• pi specifies the name of a valid program available within the specified job

• 10 stands for an integer specifying the number of mappings

• 20 stands for an integer specifying the number of samples per map.

You can also see the other examples in the /usr/lib/hadoop-mapreduce/ folder.


EPAM PUBLIC 194

15.12 AMBARI AS A SERVICE

Apache Ambari is an open operational framework that provides a set of APIs and operator tools that simplify

the manipulations with Hadoop clusters.

Ambari as a Service creates an Ambari server for your project, sets up a cluster and provides the existing

Ambari facilities for processing Big Data.

Ambari as a Service is based on Hortonworks Ambari 2.2.0.

Ambari as a Service is delivered in cooperation with Big Data Competency Center, who are responsible

for the application initial settings and performance. In case you encounter any issues with the service

usage, please address the Big Data CC.


To start the Ambari service, run the or2-manage-service (or2ms) command with --activate (-a), --service-

name (-s) ambari and other necessary flags:

or2ms -p project -r region -a -s ambari -c cluster_name -k key

where:

-c (--cluster-name) specifies the name for the newly created Ambari cluster

-k (--key-name) the SSH key name that will be used for all Ambari resources; necessary if you

used a key to run the service.

The service when activated, by default starts an Ambari server VM with the following configuration:

• OS: CentOS6_64-bit

• Shape: MEDIUM

To check whether Ambari has started properly, you should login to the server by the following address:

http://server_DNS:8080

The user/password are: admin/admin.

One project can have several Ambari servers activated.



EPAM PUBLIC 195

15.12.2 Setting up the Ambari Cluster

Invoke: or2-ambari-cluster (or2ac)

The command is used to set up an Ambari cluster for the project

CLI Parameters


-a, --action Ambari cluster action [describe, create, start, stop] Yes

-c, --cluster-name Ambari Cluster Name Yes

-f, --config-file Ambari cluster configuration file full path (for run action only) No



--key-name Project SSH key name. The default Ambari key will be used if

not specified. Yes






Response Elements

Name Description

stackName The name of the stack used to run the cluster

stackId The ID of the stack used to run the cluster

status the status of the stack used to run the cluster

Command Example

This example shows the common case of creating an Ambari cluster on a project.

or2ac -p project -r region -a create -c cluster_name -k key_name

Response Example

This example shows the response for the or2ac -p project -r region -a create -c cluster_name -k

key_name command:

Figure 142 - or2ac command Response Example


EPAM PUBLIC 196

15.12.3 Retrieving Information on Ambari Resources

There are several ways to get the information on the resources engaged in Ambari Service:

To get the service availability, the name of the stack that launched the service and the details on the Ambari Server, use:


To get the information on the resources created in the Ambari cluster, use the following commands:

or2dmsr -p project -r region -s cluster_stack_id

or

or2din -p project -r region -l “cluster_name=your_cluster_name”


EPAM PUBLIC 197

15.13 SPLUNK AS A SERVICE

Splunk Enterprise is a big data management platform allowing to receive, analyze and process large

volumes of data. Splunk Enterprise collects data from various sources and turns it into Operational

Intelligence. Data gathered by Splunk can be searched, indexed, visualized, monitored and organized as

reports.

EPAM Cloud supports Splunk as a Service based on Splunk Enterprise 6.3.1.

For more information on Splunk products and usage, visit the official Splunk website.

Each Splunk or Splunk proxy server has the following configuration:


• Shape: MEDIUM

15.13.1 Service Architecture

When Splunk as a Service is activated, it starts a virtual machine with a trial version of Splunk Enterprise

installed. This version allows using Splunk free of charge up to the limit of 500 Mb of data per day for 60

days. After 60 days, the trial license can be converted into a perpetual free license with the same conditions.

You can change the license from trial to free using Splunk Web.

Figure 143 - Changing Splunk license type

https://www.splunk.com/


EPAM PUBLIC 198

Several Splunk instances can be started for a project and region combination.

If necessary, a Splunk proxy server can also be created to manage data traffic from various endpoints.

When the Splunk proxy server is running, you can specify the endpoints from which traffic is to be managed

and set the quota to limit the traffic from a particular endpoint.

Several Splunk proxy servers can be created for a project and region.


Splunk as a Service is started by means of the or2-manage-service (or2ms) command. To activate the

service, send the command with the -a/--activate parameter and indicate splunk in the -s/--service-name

parameter:

or2ms -p project -r region –a –s splunk

When the service is activated, it starts a MEDIUM-shaped Ubuntu14.04_64-bit virtual machine.

When Splunk as a Service has been activated, its details data can be retrieved by means of the or2-

describe-services command.

15.13.3 Splunk Proxy

To start a Splunk proxy server, use the same command (or2-manage-service).

or2ms -p project -r region –a –s splunk-proxy

Once a Splunk proxy server has been activated, you can add and manage endpoints to limit traffic from.

For this purpose, a special command, or2-splunk-proxy (or2sp), is used:

or2sp -p project -r region -a create –n endpoint_name –i

splunk_instance –x proxy_instance –t port –q quota

CLI Parameters


-a, --action Splunk proxy action. Allowed values: [describe, create, delete].

Default: DESCRIBE No

-n, --endpoint-name Splunk Proxy endpoint name No



-i, --instance Splunk instance ID No

-x, --instance-proxy Proxy instance ID Yes



-t, --port Splunk port No



-q, --quota Splunk Proxy quota in Mb No


EPAM PUBLIC 199

Response Elements

Name Description

proxyURL Proxy URL

splunk URL Splunk URL

endpointName Name of the Splunk endpoint

maxQuota Maximum quota value set for the endpoint

currentQuota Currently used quota

Command Example:

This example describes Splunk proxy endpoints:

or2sp -p project -r region -a describe –x proxy_instance

Response Example:

Figure 144 - or2sp Command Response

15.13.4 Retrieving Splunk Information

As soon as the Splunk or Splunk proxy service is activated, its data can be retrieved using the or2-

describe-services (or2dser) command.


To get the information on the resources created within the service activation use the or2-describe-

instances (or2din) command with -S splunk or splunk-proxy parameter:

or2din –p project -r region –S splunk


EPAM PUBLIC 200

15.14 JENKINS AS A SERVICE

EPAM Orchestrator was initially created on the basis of the concept of CI/CD processes automation. EPAM

Orchestration is intended to deliver Cloud for developers, providing them with all the capabilities, necessary

to build effective CI/CD processes.

Jenkins as a service, when activated, installs Jenkins v.2.107.1 from scratch, installs all the necessary

plugins and starts collecting audit messages from Jenkins (this information becomes available on the Audit

page, without need to connect to Jenkins directly).

The default parameters of a Jenkins Server VM are:

• Shape: MEDIUM


Please note that Jenkins as a service is unavailable in Google regions!


To start the Jenkins service, run the or2-manage-service (or2ms) command with --activate (-a), --

service-name (-s) Jenkins and other necessary flags:

or2ms -p project -r region -a -s jenkins -k key_name

where:

-k (--key-name) the SSH key name that will be used to run the service VM. The key is necessary for running

the service in AWS, and is not obligatory for Azure.

The service when activated, by default starts a Jenkins server VM with the following configuration:

• OS: Ubuntu16.04_64-bit

• Shape: MEDIUM

To create a Jenkins cluster, repeat the or2ms command to start Jenkins slaves. Repeat the command as

many times as you need slave instances. The Jenkins slave instances will have the same configuration as

the master instance (MEDIUM Ubuntu16.04_64-bit). All integrations between the master and the slaves will

be performed automatically.

https://cloud.epam.com/maestro2/ui/events


EPAM PUBLIC 201

15.14.2 Creating a Jenkins Job

Invoke: or2-create-jenkins-job (or2cjj)

The command is used to create a new Jenkins Job.

CLI Parameters


-c, --config Path to the Job XML config file Yes



-j, --job Jenkins Job name Yes



--noaudit Do not use EPC audit No



Response Elements

Name Description

jobName The name of the created job

result Action result

Command Example:

This example shows a Jenkins job creation:

or2cjj -j "new job" -p project -r region --config [path to job XML config

file]*

*see the Configuration File Example page.

The or2cjj command verifies whether all required for the selected configuration are available. If one or

several plugins are missing, the job is not created, and the system returns an error message listing the

missing plugins:

Figure 145 - List of missing plugins


EPAM PUBLIC 202

15.14.3 Jenkins Plugins Management

Invoke: or2-manage-jenkins-plugins (or2mjp)

The command is used to describe, install or uninstall Jenkins plugins.

CLI Parameters


-a, --action Manage Jenkins plugins action. Allowed values: [describe,

install, uninstall]. Default: DESCRIBE No





-n, --plugin-name Plugin short name, required for install/uninstall actions No



Response Elements

Name Description

name Jenkins plugin name

shortName Short name of the plugin

version Jenkins plugin version

Command Example:

This command describes the available Jenkins plugins:

or2mjp -p project -r region

Response Example:

Figure 146 - List of Jenkins plugins


EPAM PUBLIC 203

To install or uninstall a plugin, send the same command with the -a/--action parameter set to “install” or

“uninstall”, respectively, and the plugin name:

or2mjp -p project -r region -a uninstall -n plugin-name

The command execution will be confirmed with a message that the plugin has been queued for installing

or uninstalling.

Figure 147 - Jenkins plugin uninstallation


EPAM PUBLIC 204

15.14.4 Describing Existing Jenkins Jobs

Invoke: or2-describe-jenkins-jobs (or2djj)

The command is used to get the list of the existing Jenkins jobs.

CLI Parameters






-j, --job Jenkins job name No



Response Elements

Name Description

name Job name

lastBuildState The status of the last job build

currentBuildState The current state of the build if the job was triggered

url The job url

nextBuildNumber The number of the next build

Command Example:

This example shows the Jenkins jobs description:

or2djj -p project -r region


EPAM PUBLIC 205

15.14.5 Triggering a Jenkins Job

Invoke: or2-trigger-jenkins-job (or2tjj)

The command is used to trigger one of the existing Jenkins jobs.

CLI Parameters




-j, --job Jenkins job name Yes

-t, --parameter

Used for parameterized job. Parameter name=value pair. Use

"=" as delimiter. For several parameters repeat: --parameter

name1=value1 --parameter name2=value2 –parameter

nameN=valueN. If you use Windows command line, encase

the –t parameter in quotes i.e. "name=value".

No





Response Elements

Name Description



Command Example:

This example shows the Jenkins jobs triggering:

or2tjj -p project -r region -j “tewt”


EPAM PUBLIC 206

15.14.6 Removing a Jenkins Job

Invoke: or2-remove-jenkins-job (or2rjj)

The command is used to remove one of the existing Jenkins jobs.

CLI Parameters




-j, --job Jenkins job name Yes





-y Provide this parameter for automatic confirmation No

Response Elements

Name Description



Command Example:

This example shows the Jenkins jobs triggering:

or2rjj -p project -r region -j “tewt”


EPAM PUBLIC 207

15.14.7 Configuration File Example

Below, you can find an example of an XML configuration file to be used during the Jenkins job creation.

<?xml version='1.0' encoding='UTF-8'?>

<project>

<actions/>

<description></description>

<keepDependencies>false</keepDependencies>

<properties/>

<scm class="hudson.scm.NullSCM"/>

<canRoam>true</canRoam>

<disabled>false</disabled>

<blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuild

ing>

<blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>

<triggers/>

<concurrentBuild>false</concurrentBuild>

<builders>

<hudson.tasks.Shell>

<command>#!/bin/bash

echo "START"

sleep 15

echo "END"</command>

</hudson.tasks.Shell>

</builders>

<publishers/>

<buildWrappers/>

</project>


EPAM PUBLIC 208

15.15 SONAR AS A SERVICE

Sonar as a Service is based on SonarQube, an open-source code quality inspection component. Together

with Jenkins and Gerrit, it forms a complete CI/CD environment.

Sonar as a Service supports SonarQube versions 5.2 and 5.6.

For more details on working with SonarQube, visit the official SonarQube website.

The table below provides the list of service-related commands and their descriptions.

Please note that Sonar as a Service is not supported in AWS-type regions.


To activate Sonar as a Service, use the or2-manage-service (or2ms) command with the -a/--activate flag

and the -s/--service-name parameter with sonar value:

or2ms -p project -r region -a –s sonar

By default, the service starts SonarQube version 5.6. To start version 5.2, add the -v/--version parameter

to the or2ms command:

or2ms -p project -r region -a –s sonar v 5.2

This command creates a Sonar server based on the virtual machine with the following parameters:

Image: Ubuntu14.04_64-bit

Shape: MEDIUM

During the service activation, a PostgreSQL database is installed on the same virtual machine.


or2ms –p project -r region -d –s sonar

15.15.2 Service Manipulation

As soon as the service gets activated, its data can be retrieved using the or2-describe-services (or2dser)

command.

or2dser –p project -r region –s sonar

Figure 148 – Sonar Service Info (shown in two lines for better visibility)

http://www.sonarqube.org/


EPAM PUBLIC 209

You can find the details on the VMs created within the service activation, by calling the or2-describe-

instances (or2din) or command with -S sonar parameter:

or2din –p project -r region –S sonar

15.15.3 Sonar Quality Profiles

After activating Sonar as a Service, you can set up a Sonar quality profile for your project and populate it

with rules by which the code quality will be verified.

To set up a Sonar quality profile, use the or2-sonar-quality-profiles (or2sqp) command with the -a create

option. Specify the project and region to which the quality profile is to apply, the quality profile name and

the profile language:

or2sqp -p project -r region –a create –n profile_name –l language

CLI Parameters


-a, --action

Manage Sonar quality profiles action. Allowed values:

[describe, create, delete, activate-rules, deactivate-rules].

Default: describe

No





-l, --language Profile language. Allowed values: [java]. Default: java No

-n, --name Quality profile name No

-q, --quality-profile-key Quality profile key No



-R, --rule-key Rule key. For several rules repeat the parameter: -R rule1 -R

rule2 -R ruleN No


Default: false No

Response Elements

Name Description

key Quality profile key

name Quality profile name

languageName Language to which the quality profile applies

defaultProfile Indicates whether the profile is the default one

activeRuelsCount The number of active Sonar rules


EPAM PUBLIC 210

Command Example:

This example creates a Sonar quality profile:

or2sqp -p project -r region –a create –n profile_name –l language

Response Example:

Figure 149 – or2sqp Command Response

You can use the same command to retrieve the list of all quality profiles set for the project and region (just

send the -p project and -r region parameters) or delete a quality profile (send the -a delete parameter and

specify the key of the profile to be deleted).

To activate Sonar rules for a quality profile, use the or2-sonar-quality-profiles (or2sqp) command with

the -a activate-rules parameter. The command should contain one or several keys of the rules to be

activated:

or2sqp -p project -r region –a activate-rules –q quality_profile_key –R

rule_key1 –R rule_key2

Figure 150 - Rules activation for Sonar quality profile

The same command with the -a deactivate-rules parameter will deactivate the rules with the specified

keys.

15.15.4 Sonar Rules

To retrieve the Sonar rules from a repository or a quality profile, use the or2-sonar-rules(or2sr) command.

or2sr -p project -r region –R repository –n page_number

CLI Parameters


-a, --action Manage Sonar rules action. Allowed values: [search]. Default:

search No






EPAM PUBLIC 211

-n, --page-number Page number to retrieve. Min value: 1. Max value: 1000000.

Default: 1 No

-s, --page-size Page size. Min value: 10. Max value: 50. Default: 20 No

-q, --quality-profile-key Quality profile key No

-R, --repository Rules repository. For example: squid, common-java etc. No

-t, --tag Rule tag. For example: java8, security, bug etc. For several tags

repeat the parameter: -t tag1 –t tag2 -t tagN No



-R, --rule-key Rule key. For several rules repeat the parameter: -R rule1 -R

rule2 -R ruleN No


Default: false No

Response Elements

Name Description

key Sonar rule key

name Sonar rule name

severity Rule severity

Command Example:

This command retrieves Sonar rules from a repository:

or2sr -p project -r region –R repository –n page_number

Figure 151 – or2sr Command Response

To retrieve Sonar rules from a quality profile, send the -q quality_profile_key parameter instead of -R

repository.


EPAM PUBLIC 212

15.16 ARTIFACTORY AS A SERVICE

An artifact repository is one of the important components of the CI/CD flow storing artifact collections and

metadata. Artifactory as a Service is a cloud-based platform service which, together with Jenkins, Gerrit

and SonarQube, forms a consistent CI/CD environment.

Artifactory as a Service is based on Artifactory version 4.15.0. Each Sonar server has the following

configuration:

• Image: CentOS7_64-bit

• Shape: MEDIUM

• Additional storage: 300 GB

For more details on working with Artifactory, visit the official Artifactory website.


Command Description or2-manage-service...-s artifactory -a Activates the Artifactory service in the specified project

and region

or2-describe-instances… -S artifactory Displays the details of VMs created during the service activation

or2-describe-services… -s artifactory Describes the Artifactory service activated in the specified project and region


To activate Artifactory as a Service, use the or2-manage-service (or2ms) command with the -a/--activate

flag and the -s/--service-name parameter with artifactory value:

or2ms -p project -r region -a –s artifactory

After the command is sent, the system requests an admin password. The password created by the user

starting the service is then used to access the Artifactory server. This is an additional security measure

protecting the repositories in the storage.

This command creates an Artifactory server with an additional storage volume.

All artifacts are stored on the additional disk. No root disk space is used for artifact storage which

guarantees reliable performance and availability.


or2ms –p project -r region -d –s artifactory


As soon as the service is activated, its data can be retrieved using the or2-describe-services (or2dser)

command.

or2dser –p project -r region –s artifactory

https://www.jfrog.com/artifactory/


EPAM PUBLIC 213

Figure 152 – Artifactory Service Info (shown in two lines for better visibility)


instances (or2din) or command with -S artifactory parameter:

or2din –p project -r region –S artifact


EPAM PUBLIC 214

15.17 ADOBE AEM SERVICE

Adobe AEM service can provide your project with a web content management system, equipped with a

wide range of powerful tools. Integration with AEM versions 6.0 and 6.1 is supported.

The default parameters of an AEM instance are:

• Shape: MEDIUM


The service is available only in EPAM and AWS regions.

AEM as a Service is delivered in cooperation with Content Management Competency Center, who are

responsible for the application initial settings and performance. In case you encounter any issues with the

service usage, please address the Competency Content Service Desk.

Most of AEM Service manipulations are performed via or2-manage-aem (or2aem) command (though it

can be started with the or2ms command with the -s aem parameter).

CLI Parameters


-a, --action

Manage AEM action [describe, activate-cluster, attach-publish,

deactivate-cluster, detach-publish]

Default: describe

No

-c, --cluster-name Name of the author AEM instance No

--force Allows to attach a publish instance even if the author is

unavailable No


--help Show command help No

-i, --instance Instance ID for removal No

-k, --key-name Project SSH key name. Required for AWS zones Yes/No

-l, --license-url URL for downloading the AEM license No





-S, --service-id Service ID for removal No

-s, --shape Instance type. Default: MEDIUM No

-v, --version AEM service version. Supported versions: [6.0, 6.1]. Default: 6.0 No


Command response depends on the used action.

Command Example 1:

The example creates a new AEM cluster:

or2aem -p project -r region -a activate-cluster -c cluster_name



EPAM PUBLIC 215

Command Response 1:

Figure 153 - or2aem -a activate-cluster Response Example

Command Example 2:

The example describes existing AEM service in a region:

or2aem -p project -r region

Command Response 2:

Figure 154 - or2aem -a describe Response Example

Command Example 3:

The example adds a new publish instance to the cluster:

or2aem -p project -r region -a attach-publish -c cluster_name

Command Response 3:

Figure 155 - or2aem -a attach-publish Response Example


EPAM PUBLIC 216

15.18 SITECORE AS A SERVICE

Sitecore is a convenient and reliable platform for website content management and application

development based on the customer experience management approach. Sitecore is a comprehensive

marketing and CMS solution offering advanced tools for website editing, monitoring and organization. The

service is based on Microsoft .NET which allows taking advantage of all features and functionality supported

by this development platform.

EPAM Cloud offers Sitecore as a Service in the form of a virtual Sitecore server.

In the current implementation EPAM Cloud supports Sitecore.NET 8.1 (rev. 160302) version.

For more information on Sitecore and its features please visit the Official Sitecore Website.


In EPAM Cloud, Sitecore as a Service is supported in two deployment modes – Sitecore Single and Sitecore

Large:

• Single Mode – one Windows Server 2012 R2 virtual machine is launched. This VM acts as the

Sitecore server and also hosts the MS SQL relational database management system and the

MongoDB database

• Large Mode – five VMs are launched, each performing its dedicated function:

1. Sitecore Server + MongoDB

2. MS SQL

3. Jenkins Master

4. Jenkins Slave

5. Load Balancer

Auto-configuration is performed by a combination of Chef service and Windows Powershell DSC, a native

Microsoft application and environment configuration tool. Such combination ensures the required

consistency and reliability of auto-configuration processes.

15.18.2 Single Mode

15.18.2.1 Service Activation

Sitecore in the Single Mode is activated via the Maestro CLI by means of the or2-manage-service (or2ms)

command with the -a/--activate flag and the -s/--service-name parameter with sitecore-single value:

or2ms –p <project> -r <region> -a –s sitecore-single

When you input the command, the command line will prompt for additional parameters:

• SSH key – the name of an SSH key existing in the target region. Skip to use no key

• Shape – skip to use LARGE as the default shape

http://www.sitecore.net/


EPAM PUBLIC 217

The service, when activated, by default starts a Sitecore server VM with the following configuration:

• Image: Windows Server 2012 R2

• Shape: LARGE (also, the MEDIUM shape is available)

Sitecore service activation takes approximately 1 hour. You can be sure that the service has been properly

deployed and configured when the auto-configuration is complete (autoConfigurationState = SUCCESS).

You can start more than one Sitecore server for the same project and region.

To stop the service, use the or2-manage-service (or2ms) command with the --deactivate and -i

instance_id parameters.

Figure 156 - Sitecore service activation

15.18.2.2 Sitecore Info

To view the list of the existing Sitecore instances and their parameters, run the or2-describe-services

(or2dser) command specifying your project and region:


Figure 157 - List of Sitecore instances

15.18.3 Large Mode

15.18.3.1 Service Activation

To activate Sitecore Large, use the or2-manage-service (or2ms) command. The value of the -s/--service-

name parameter depends on the role of virtual machine started by the command:

or2ms –p project_id -r region -a –s sitecore-dev-paas –c cluster –v 8.1


EPAM PUBLIC 218

This command starts two VMs – a Sitecore server also containing MongoDB and a VM with MS SQL

installed. This is the minimum configuration for Sitecore service to function properly.

or2ms –p project_id -r region -a –s sitecore-ci-paas –c cluster –v 8.1

This command creates two VMs – Jenkins Master and Jenkins Slave to provide CI/CD.

or2ms –p project_id -r region -a –s sitecore-lb-paas –c cluster –v 8.1 --

customize

This command starts a VM serving as the Load Balancer. This VM may be required for clusters involving

several VMs.

Four VMs started under the Sitecore Large service (all except the VM hosting the Load Balancer) have the

following configuration:

• Image: W2012R2Std

• Shape: MEDIUM

The virtual machine serving as the Load Balancer has the following configuration:


• Shape: SMALL

The command activating the Load Balancer requires custom parameters to be specified. For that purpose,

the or2ms command has to include the --customize option:

or2ms –s sitecore-lb-paas --activate -p project -r region –v 8.1 –c

cluster_name --customize

The following parameters are to be specified during the activation of Sitecore-LB:

Description Type Default Value Required

Stack ID string sitecore_stack_dev Yes

Environment string DEV Yes

The ‘Environment’ and ‘Stack ID’ parameters are mandatory for Sitecore-LB activation. They define how

the Sitecore cluster components will be linked. The values must be the same as those used in the Sitecore-

DEV service. To find the values, use the or2-describe-instance-properteis (or2getp) command and specify

the Sitecore server instance ID.


EPAM PUBLIC 219

Figure 158 - Sitecore-LB activation

You can start more than one Sitecore server for the same project and region.

To stop the service, use the or2-manage-service (or2ms) command with the --deactivate and -i

instance_id parameters. You have to deactivate all three components of the service.

15.18.3.2 Sitecore Info

To view the list of the existing Sitecore Large instances and their parameters, run the or2-describe-

services (or2dser) command specifying your project and region:


Figure 159 - Sitecore Info (shown in two lines for better visibility)

To retrieve the list of all instances started under the Sitecore Large service, use the or2-describe-

instances (or2din) command:

or2din -p project -r region


EPAM PUBLIC 220

Figure 160 - Sitecore instances info (shown in two lines for better visibility)

If you use the or2din command with the -S sitecore-dev[ci, lb]-paas parameter, the command will not

return all VMs started by the corresponding Maestro Stack. To retrieve data on all Sitecore-related VMs,

use the or2din command without specifying the -S parameter or use the or2-describe-maestro-stack-

resources (or2dmsr) command specifying the ID of the corresponding Maestro Stack.


EPAM PUBLIC 221

14.18 RELATIONAL DATABASE SERVICE

The Relational Database (RDB) service automatically creates a PostgreSQL/MySQL database entity for

your project. It is possible to create several entities within one project/region.

The RDB service is available only in EPAM regions.

The default parameters of the DB instance are:

• Shape: MEDIUM


• Additional Storages: 3x100GB

The default image for MSSQL 2012 database is W2012R2Std.

The service is manipulated with the or2-manage-rdb (or2rdb) command with different --action/-a

parameter values (describe, install, remove):

CLI Parameters


-a, --action Manage RDB action [describe, install, remove] Default: describe

No

--assign-static-ip Specifies whether a static IP should be used on the DB instance (allowed in AWS only)

No

--use-sys-disk-size

An extended system disk instead of 3 attached additional 100GB storages. Allowed disk sizes: [100,200,300,500]. The extended system disk is available only for OpenStack regions, for MS SQL and MySQL databases.

No

-n, --db-name The name of the database. If not specified, will be generated automatically

No

-pwd,--db-password The password to be created to login to the created database. If not specified, a random one will be generated.

No

-d, --description The brief description of the database No

-s, --db-size Database size. Applicable for MS SQL with version 2014. Allowed values: [50, 100, 150]. Default: 100

No

-u, --user Name of the database user No

-f, --file-path The path to the init script file used for database configuration. No



-k, --key-name Project SSH key name. Required for AWS zones Yes/No





-S, --service-id Service ID (for service deactivation) No

-t, --type Relational database type [mysql,mssql, postgresql, oracle, mariadb]

Yes

-v, --version MS SQL service version. Allowed values: [2012, 2014]. No

-y Provide this parameter for automatic confirmation No

Please note that if you run the service with MS SQL 2014 database, the database instance will be created

on dedicated hardware servers, and will be billed according to the database storage volume size used. For

more details, see EPAM Cloud Services Guide, section 3.10.4: MS SQL With Guaranteed Capacities.

https://cloud.epam.com/site/competency_center/e=p=c_services/csug_03_services.pdf


EPAM PUBLIC 222

The command response depends on the selected action.

Command example 1:

The example below describes existing RDB servers:

or2rdb -p project -r region

Response Example 1:

Figure 161 - the or2rdb [-a describe] Response Example

Command Example 2

This command starts a new RDB server:

or2rdb -p project -a install -t mysql -r region -u username -k keyname

-n db_name -f “D:\example\path.xml”

Command Response 2

Figure 162 - or2rdb -a install Response Example

Command Example 3

This command removes an RDB server:

or2rdb -p project -r region -a remove -S serviceId

Response Example 3:

Figure 163 - or2rdb -a remove Response Example

Command Example 4

This command starts a new RDB server with an extended system disk instead of 3 additional 100GB

storages:

or2rdb -p project -r region -a install -t type [-n db_name] -u db_username

[-pwd db_password] [-d description] [-f file_path] --use-sys-disk-size 200

Response example 4

Figure 164--use-sys-disk-size output example


EPAM PUBLIC 223

15.20 HYBRIS AS A SERVICE

Hybris is one of the world top commerce software platforms, which includes omni-channel commerce,

product information management, order management solutions, as well as remarketing tools and powerful

product search and promotion facilities (for more details, please refer to Hybris info page).

The Hybris platform is extensively used by the EPAM e-commerce team, for which purpose Orchestrator

offers an own solution of accessing Hybris with the Orchestrator tools. Currently, Hybris as a Service

supports Hybris version 6.2.

Hybris as a Service is based on materials provided by Hybris Competency Center, who are responsible for

the application initial settings and performance. In case you encounter any issues with the service usage,

please address the Hybris CC team.


Hybris service can be provided in three configurations:

• SMALL, in which one CentOS7_64-bit LARGE machine with Hybris, MySQL and Apache Solr is

launched

• MEDIUM, in which three virtual machines are created with the following components:

o Hybris (CentOS7_64-bit, LARGE)

o MySQL (CentOS7_64-bit, MEDIUM)

o Apache Solr (CentOS7_64-bit, MEDIUM)

Figure 165 - Hybris MEDIUM configuration

• LARGE, in which six or more virtual machines are created. You can specify the number of Hybris

nodes required for your project during the service activation. In the minimum configuration, the

following VMs are started:

o Apache Web Server (CentOS7_64-bit, MEDIUM)

o 2 Hybris nodes (CentOS7_64-bit, LARGE)

o Apache Solr Master (CentOS7_64-bit, MEDIUM)

o Apache Solr Slave (CentOS7_64-bit, MEDIUM)

o MySQL with NFS (CentOS7_64-bit, MEDIUM)

https://www.hybris.com/en/commerce



EPAM PUBLIC 224

Figure 166 - Hybris LARGE configuration

All nodes are gathered in one cluster and communicate with each other.


To activate Hybris as a Service, use the or2-manage-service (or2ms) command with the -a/--activate flag

and the -s/--service-name parameter with hybris value:

or2ms –p project -r region -a –s hybris

Optionally, you can add the -h/--shape parameter to the or2ms command to start all instances in the

MEDIUM or LARGE configuration with the same shape. The minimum available value of the -h/--shape

parameter is LARGE.

After the or2ms command execution, you will be prompted to enter custom parameters:

- Configuration (SMALL, MEDIUM or LARGE)

- Whether to install SPARK – a demo Hybris application. If you skip this parameter, only the Hybris

administrator console will be deployed

- Number of Hybris nodes to create (the minimum number is 2, the maximum is 10)

Figure 167 - Hybris activation

After the service has been activated, you can find its details in the response to the or2dser command. The

details of all VMs started during the service activation will be available in the response to the or2din

command with the -S hybris parameter.


EPAM PUBLIC 225

or2din –p project -r region –S hybris

Figure 168 - List of Hybris instances


EPAM PUBLIC 226

15.21 MAGENTO AS A SERVICE

Magento is an open-source e-commerce platform allowing to quickly build unique shopping websites both

for the B2B and B2C industries. Now Magento is available for EPAM developers as a Cloud service based

on Magento 2.0.

Each Magento server has the following configuration:

• Image: CentOS7

• Shape: MEDIUM

For more details on Magento platform, visit the official Magento website.


To activate Magento as a Service, use the or2-manage-service (or2ms) command with the -a/--activate

flag and the -s/--service-name parameter with magento value:

or2ms –p project -r region -a –s magento


or2ms –p project -r region -d –s magento



command.

or2dser –p project -r region –S magento

Figure 169 – Magento service info (shown in two lines for better visibility)


instances (or2din) or command with -S magento parameter:

or2din –p project -r region –S magento

https://magento.com/


EPAM PUBLIC 227

15.22 ATG AS A SERVICE

Oracle ATG Web Commerce is an e-commerce platform widely used for creating and administering

commerce websites and managing their content.

With ATG Web Commerce, you receive unique flexibility of a multi-channel tool and the advantages of a

personalization engine.

For more details, visit the official Oracle ATG Web Commerce website.

In the current implementation EPAM Cloud supports ATG 11.2 version.

. Each ATG VM has the following configuration:


• Shape: MEDIUM



When the service is activated, it starts two virtual machines each serving its dedicated purpose:

1. ATG server also containing an Endeca full-text search engine together with Experience Manager,

a JBoss application server (JBoss 6.1), Java 1.7

2. Oracle database server

To ensure correct performance, start a separate Jenkins Service and configure it to work with the two

above-mentioned instances.

VM 2: OracleDB

VM 3: Jenkins

VM 1: ATG

Figure 170 - ATG as a Service architecture

ATG as a Service is still under development. With the current implementation, you can obtain a ready-to-

use DEV/CI environment for ATG development. To achieve full functionality, you need to configure Jenkins

http://www.oracle.com/us/products/applications/atg/web-commerce/index.html


EPAM PUBLIC 228

to get the working environment. In the next releases the Jenkins components will be finalized, after which

the fully functional ATG environment will be available after the service activation.


To activate ATG as a Service, use the or2-manage-service (or2ms) command with the -a/--activate flag

and the -s/--service-name parameter with atg-small value:

or2ms –p project -r region -a –s atg-small

Both virtual machines started under the ATG Service have the following default configuration:

• Image: CentOS6

• Shape: MEDIUM



command.

Figure 171 – ATG service info


instances (or2din) command with -S atg-small parameter:

or2din –p project -r region –S atg-small

Figure 172 - ATG instance details


EPAM PUBLIC 229

15.23 MESSAGING AS A SERVICE

The Messaging Service allows to set up a RabbitMQ server (v.3.1.5) for message exchange. The service

is similar to Amazon SQS and is available in EPAM regions only.

The default parameters of the instance are:

• Shape: MEDIUM



To start the Messaging service, run the or2-manage-service (or2ms) command with --activate (-a), --

service-name (-s) messaging parameters:

or2ms -p project -r region -a -s messaging

The service when activated, starts a RabbitMQ server VM with the following configuration:

• OS: Ubuntu12.04_64-bit

• Shape: MEDIUM

15.23.2 Getting Tokens

EPAM Private Cloud provides a special entry point in the Messaging service that may be used for

communication between AWS SDK and the service.

In both cases, to use the service, you need to create a token that will be used to reach the RabbitMQ

server. The token is created by the or2-manage-service (or2ms) command with the --init-entry-point

flag:

or2ms –p project –r region –s messaging --init-entry-point

For each project-region combination, there should be a special token created. The token is stored in the

default.properties file, and has the following structure:

messaging.demopro.demoreg.access=http://service_VM_DNS:5673#token

http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/Welcome.html


EPAM PUBLIC 230

15.23.3 Queues Manipulation

Invoke: or2-manage-queues (or2mq)

The command is used to create and manage queues within the Messaging service.

CLI Parameters


-a, --action The action to be taken [describe, create, purge, delete]







-q, --queue-name Name of a queue No

-qp, --queue-name-prefix Queue name prefix (case-sensitive). Use for filtering the

results of the DESCRIBE action. No


-v, --visibility-timeout Visibility timeout of a queue to be created (in seconds).

Should be in range [30, 43200]. Default: 30 No

-y Provide the parameter for automatic command confirmation No

Response Elements

Name Description

queueName The name of the queue

visibilityTimeout Queue visibility timeout

creationDate The date and time when the queue was created

created/purged/deleted Action execution status

messagesCount The number of messages in the queue

Command Example:

This example shows a queue creation:

or2mq –p project –r region –q queue_name –v 45

Command Response:

Figure 173 - or2mq -a create Response Example


EPAM PUBLIC 231

15.23.4 Messages Manipulation

Invoke: or2-manage-messages (or2mm)

The command is used to create and manage messages within the Messaging service.

CLI Parameters


-a, --action The action to be taken [send, receive, delete]

Default: receive No

-c, --count The number of messages to retrieve [1-10] No



-m, --message-content

Content of a message to be send (maximum 256 KB in size).

Specify 'file:' prefix to retrieve content from the file on a disk.

For example: file:D:/message.txt

No

-i, --message-id ID of a message No




-q, --queue-name Name of a queue Yes


-w, --wait-time Time for messages (in seconds). If a message is available, it

will return sooner [1-120] No

-y Provide the parameter for automatic command confirmation No

Response Elements

Name Description

content Message content

id Message ID

timestamp Time identifier of the message

Command Example:

This example shows messages sending:

or2mm –p project –r region –q queue_name –m “message” –c 5 –a send

Command Response:

Figure 174 - or2mm -a send Command Response


EPAM PUBLIC 232

16 ANSIBLE USAGE

Apart from Chef-based auto configuration, EPAM Cloud includes Ansible facilities supporting dynamic

inventory restful API.

Ansible is set up and configured via Maestro CLI.

On Windows, if you have already used Maestro CLI, before starting Ansible download the Maestro CLI

installation archive manually and install it. The or2update command will not be sufficient to load all

required Ansible resources, particularly, the /lib/ansible/ folder necessary to work with Ansible.

It is strongly recommended to use workspaces for Ansible-related commands.

16.1 INITIALIZING ENVIRONMENT

Invoke: or2-ansible-init (or2ai)

Initializes Ansible environment for the specified project and zone.

The command sets up all required configuration files in the current user directory:

• ansible.cfg – Ansible configuration file

• default.properties – contains default values for the required CLI parameters

• ansible_hosts.sh – executable script to get Ansible dynamic inventory

CLI Parameters








Command Example

This example initializes an Ansible environment

or2ai -p project -r region

Response Example:

Figure 175 - or2ai Response Example

https://cloud.epam.com/site/develop/public_a=p=i_and_c=l=i/maestro-cli.zip

https://cloud.epam.com/site/develop/public_a=p=i_and_c=l=i/maestro-cli.zip

https://kb.epam.com/display/EPMCITFAQ/Maestro+CLI+Tips+and+Tricks


EPAM PUBLIC 233

16.2 ANSBILE HOSTS

Invoke: or2-ansible-hosts (or2ah)

Is used to manage Ansible hosts.

CLI Parameters


-a, --action Action (include/exclude*/describe). Default: describe No


-g, --group Name of the group (for several groups repeat the parameter) No


-h, --host Host ID (for several host ids repeat the parameter) No






*You cannot exclude host(s) from a ‘default’ group. A warning message will appear if you try to exclude host(s) from ‘default’ group.

Response Elements

Name Description

hostId Host ID

host Host name

groups Engaged groups

groupName Group name on Describe action

properties Group properties on Describe action

Command Example

This example adds a host to a specified group

or2ah -p project -r region -h host_id1 -h host_id2 -g group_name

-a include

Response Example:

Figure 176 - or2ah Response Example


EPAM PUBLIC 234

16.3 ANSIBLE GROUPS

Invoke: or2-ansible-groups (or2ag)

Is used to manage Ansible groups.

CLI Parameters


-a, --action Action (create/delete*/describe). Default: describe No









*You cannot delete the ‘default’ group. A warning message will appear if you try to delete the ‘default’ group.

Command Example

This example creates a new Ansible group

or2ag -p project -r region -g group_name -a create

Response Example:

Figure 177- or2ag Response Example


EPAM PUBLIC 235

16.4 ANSIBLE GROUP PROPERTIES

Invoke: or2-ansible-group-properties (or2agp)

Is used to manipulate Ansible groups properties.

CLI Parameters


-a, --action Action (set/delete/describe). Default: describe No

--all Deletes all properties. Default: all No

--append Append new properties if the current group already has corresponding keys

No




-h, --host Host ID (for several host ids repeat the parameter) No

-r. --region Virtualization region Yes


-t, --property

Property to add in a name=value way. Use "=" as the delimiter. For several properties repeat the parameter: --property name1=value1 --property name2=value2 --property nameN=valueN. If you use Windows command line, please, encase the -t parameter in quotes i.e. "name=value".

No

-n, --property-name Property name. For several properties repeat the parameter. To delete all properties use "all" parameter instead

No




Command Example

This example assigns properties to a group.

or2agp -p project -r region -g web -a set -t “keepalive=60” -t

“ssl_enable=false” -t “workers=4”

Response Example:

Figure 178 - or2agp Response Example


EPAM PUBLIC 236

16.5 ANSIBLE DYNAMIC INVENTORY

Invoke: or2-ansible-dynamic-inventory (or2adi)

Returns Ansible dynamic inventory for the specified project and region in the JSON format.

CLI Parameters






-t, --pretty Returns the JSON data in a formatted way No



Command Example

or2adi -p project -r region

Response Example:

Figure 179 – Fragment of or2adi Response Example

Figure 180 - Fragment of or2adi Response Example in a Formatted Way


EPAM PUBLIC 237

17 TROUBLESHOOTING

It may happen that you will get some errors or encounter other issues when working with EPAM Cloud

Orchestrator. Below is given a recommended troubleshooting procedure which is intended to help you

resolve your issues.

Problem?

Cannot manage my

infrastructure

Unexpected Behaviour

Can’t access Orchestrator

See the Audit page

See the Health Check page

See FAQCheck SIN

notifications

Report an incident

Figure 181 - Troubleshooting Scheme

In case you have problems with managing your infrastructure, cannot execute commands or reach

your VM, please, go to Orchestrator Audit page and ensure your VM is available and not deleted by anyone.

If your VM is present and available, but CLI commands still do not work for you, it is possible, that due to

technical issues, the connection to your region is broken. Please, take a look at the Orchestration

Healthcheck page which gives real-time detailed information on each of the Orchestrator regions

performance (except for EPAM-BY1) and indicates which regions are unavailable at the moment. If the

region is currently unavailable, it is advised to wait for a while until the technical issues are fixed and the

region performance is resumed.

In case of emergency, or when you have infrastructure configuration issues not related to the regions

performance, please, address the Help Desk or L1.5 team.

If you encounter an unexpected Orchestrator behavior, please, look at the FAQ pages in EPAM

Knowledge Base or at EPAM Orchestrator website. It is highly possible that the solution is already described

there.

If you get an unexpected “Service under Maintenance” message when trying to login to Orchestration

website or “EPAM orchestration in progress” message when trying to execute a CLI command, please,

check whether you have received a corresponding SIN notification on Orchestrator maintenance. If you

have not received one, please, address the Help Desk for further instructions and help.

If you have an issue that is not listed above, or you have performed the described steps, but your issue is

not solved due to one reason or another, please, submit an incident request to support.epam.com (EPAM

Cloud section in the Catalog).

https://orchestration.epam.com/maestro2/ui/events

https://orchestration.epam.com/maestro2/healthcheck

https://orchestration.epam.com/maestro2/healthcheck

mailto:Help%20Desk%20%[email protected]%3e

mailto:Support%20EPM-CSUP%20L1.5%20%[email protected]%3e

https://kb.epam.com/display/EPMCITFAQ/FAQ

https://kb.epam.com/display/EPMCITFAQ/FAQ

https://cloud.epam.com/site/learn/f=a=q

mailto:Help%20Desk%20%[email protected]%3e



EPAM PUBLIC 238

ANNEX A - USER PERMISSIONS

USER GROUPS

All operations available using Orchestrator are divided into several groups, used to customize user

permissions. These groups are detailed in the table below.

CLI Command READ

group

STORAGE

group

VM

group

META

group

NEW

RESOURCES

group

KILL

RESOURCES

group

ADVANCED

MANAGEMENT

group

or2-allocate-static-ip (or2alsip) ✓

or2-ambari-cluster (or2ac) ✓

or2-attach-volume (or2attvol) ✓

or2-associate-static-ip

(or2assip)

✓

or2-audit (or2audit) ✓

or2-aws-management-console

(or2awsmc)

✓

or2-azure-management-

console (or2azmc)

✓

or2-change-owner (or2chow) ✓

or2-change-shape (or2chshape) ✓

or2-check-version (or2check) ✓

or2-chef-mode (or2cm) ✓

or2-console (or2console) ✓

or2-convert-maestro-stack-

template (or2cmst)

✓

or2-create-attach-volume

(or2addattvol)

✓

or2-create-checkpoint (or2ccp) ✓

or2-create-image (or2cim) ✓

or2-create-keypair (or2addkey) ✓

or2-create-schedule

(or2addsch)

✓

or2-delete-aws-stack

(or2dawss)

✓

or2-delete-checkpoint

(or2delcp)

✓

or2-delete-file (or2delf) ✓

or2-delete-image (or2delim) ✓

or2-delete-instance-properties

(or2delp)

✓ ✓

or2-delete-keypair (or2delkey) ✓

or2-delete-maestro-stack

(or2delmstack)

✓

or2-delete-schedule (or2delsch) ✓

or2-delete-tag (or2deltag) ✓

or2-delete-volume (or2delvol) ✓


EPAM PUBLIC 239

CLI Command READ

group

STORAGE

group

VM

group

META

group

NEW

RESOURCES

group

KILL

RESOURCES

group

ADVANCED

MANAGEMENT

group

or2-describe-aws-stack-events

(or2dawsse)

✓

or2-describe-aws-stack-

resources (or2dawssr)

✓

or2-describe-aws-stacks

(or2dawss)

✓

or2-describe-checkpoints

(or2dcp)

✓

or2-describe-chef (or2chef) ✓

or2-describe-docker (or2dd) ✓

or2-describe-files (or2df) ✓

or2-describe-hadoop (or2dh) ✓

or2-describe-images (or2dim) ✓

or2-describe-instance-

properties (or2getp)

✓

or2-describe-instances (or2din) ✓

or2-describe-keypairs (or2dkey) ✓

or2-describe-load-balancing

(or2dlb)

✓

or2-describe-logging (or2dlog) ✓

or2-describe-maestro-stack-

resources (or2dmsr)

✓

or2-describe-maestro-stacks

(or2dmstack)

✓

or2-describe-monitoring

(or2dmon)

✓

or2-describe-nessus-templates

(or2dnt)

✓

or2-describe-operation (or2dop) ✓

or2-describe-projects (or2dpro) ✓

or2-describe-regions (or2dreg) ✓

or2-describe-schedules

(or2dsch)

✓

or2-describe-services (or2dser) ✓

or2-describe-shapes

(or2dshape)

✓

or2-describe-static-ips (or2dsip) ✓

or2-describe-tag (or2dtag) ✓

or2-describe-vlans (or2dvlans) ✓

or2-describe-volumes (or2dvol) ✓

or2-detach-volume (or2detvol) ✓

or2-disassociate-static-ip

(or2dissip)

✓

or2-docker-container (or2dc) ✓ ✓

or2-docker-image (or2di) ✓


EPAM PUBLIC 240

CLI Command READ

group

STORAGE

group

VM

group

META

group

NEW

RESOURCES

group

KILL

RESOURCES

group

ADVANCED

MANAGEMENT

group

or2-docker-registry-image

(or2dri)

✓ ✓

or2-ftp-access (or2ftpa) ✓ ✓

or2-get-access (or2access) ✓

or2-get-info (or2info) ✓

or2-go-to-checkpoint (or2gcp) ✓

or2-hardware-report (or2hr) ✓

or2-import-keypair (or2ikey) ✓

or2-load-balancer-config

(or2lbconf)

✓

or2-lock-instance-termination

(or2lock)

✓

or2-manage-ftp (or2ftp) ✓ ✓

or2-manage-hadoop (or2mh) ✓

or2-manage-service (or2ms) ✓ ✓

or2help No permissions or credentials required

or2-modify-hardware-server

(or2modhs)

Only available to zone administrators

or2-move-instance-to-vlan

(or2mivlan)

✓

or2-price (or2price) ✓

or2-reboot-instances

(or2reboot)

✓

or2-register-hardware-server

(or2rhs)

Only available to zone administrators

or2-release-static-ip (or2relsip) ✓

or2-report (or2report) ✓

or2-resize-volume (or2resvol) ✓

or2-revert-to-checkpoint

(or2rcp)

✓

or2-run-aws-stack (or2rawss) ✓

or2-run-instances (or2run) ✓

or2-run-maestro-stack

(or2rmstack)

✓

or2-schedule-add-instances

(or2schaddi)

✓

or2-schedule-remove-instances

(or2schremi)

✓

or2-security-check (or2sc) ✓

or2-set-instance-properties

(or2setp)

✓ ✓

or2-set-tag (or2settag) ✓

or2-start-instances

(or2start)

✓

or2-start-logging (or2log) ✓


EPAM PUBLIC 241

CLI Command READ

group

STORAGE

group

VM

group

META

group

NEW

RESOURCES

group

KILL

RESOURCES

group

ADVANCED

MANAGEMENT

group

or2-start-monitoring (or2mon) ✓

or2-stop-instances (or2stop) ✓

or2-stop-logging (or2stoplog) ✓

or2-stop-monitoring

(or2stopmon)

✓

or2-terminate-instances (or2kill) ✓

or2-update-cli (or2update) ✓

or2-upload-file (or2uf) ✓

or2-upload-script (or2ups)

or2-validate-maestro-stack-

template (or2vmst)

No permissions required

or2-view-pool-state (or2vps) ✓

or2-manage-

service (or2ms)

Activate ✓

Deactivate ✓

or2-docker-

volume (or2dv)

Create ✓

Delete ✓

or2-chef-mode

(or2cm)

Describe Chef

Mode

✓

Deactivate

Service

✓

Activate Service ✓

Update Chef

Mode

✓

DEFAULT PROJECT ROLES

The following table details default user permissions depending of their project roles. Each project role has

access to several Maestro CLI user groups to perform respective operations (see User Groups.) These

permissions can be customized for each project abbreviation in UPSA.

Table 1 - User Permissions

Project Role Maestro CLI User Group 1st Line / Help Desk Specialist READ, VM, STORAGE, META

2nd Line / Environments Support Engineer READ, VM, STORAGE, META, NEW, KILL

3rd Line / Software Maintenance Engineer READ, VM, STORAGE, META, NEW, KILL

Account Manager READ, VM, STORAGE

Administrative Support READ, VM, STORAGE, META

Billing Coordinator READ, VM, STORAGE, META

Build Engineer READ, VM, STORAGE, META, NEW, KILL

Business Analysis Team Lead READ, VM, STORAGE, META, NEW, KILL

Business Analyst READ, VM, STORAGE, META, NEW, KILL

NB: In order to customize user groups for your project, please contact Consulting Team.



EPAM PUBLIC 242

Project Role Maestro CLI User Group Consultant READ, VM, STORAGE, META

Consulting Team Lead READ, VM, STORAGE, META, NEW, KILL

Contact READ, VM, STORAGE, META

Customer READ, VM, STORAGE, META

Customer Representative READ, VM, STORAGE, META

Customer TR READ, VM, STORAGE, META

Data Modeler READ, VM, STORAGE, META, NEW, KILL

Delivery Manager READ, VM, STORAGE, META, NEW, KILL, ADVANCED MANAGEMENT

Delivery Supervisor READ, VM, STORAGE, META

Design Team Lead READ, VM, STORAGE, META

Designer READ, VM, STORAGE, META

Developer READ, VM, STORAGE, META, NEW, KILL

Development Team Lead READ, VM, STORAGE, META, NEW, KILL

EngX Productivity Lead READ, VM, STORAGE, META

Executive READ, VM, STORAGE, META

External User READ, VM, STORAGE, META

Financial Manager READ, VM, STORAGE, META

HR Business Partner READ, VM, STORAGE, META

HTML Coder READ, VM, STORAGE, META

Information Architect READ, VM, STORAGE, META, NEW, KILL

Junior Developer READ, VM, STORAGE, META

Junior Functional Tester READ, VM, STORAGE, META

Key Designer READ, VM, STORAGE, META, NEW, KILL

Key Developer READ, VM, STORAGE, META, NEW, KILL

Key Tester READ, VM, STORAGE, META, NEW, KILL

Maintenance & Support Team Lead READ, VM, STORAGE, META, NEW, KILL

Member READ, VM, STORAGE, META

Performance Analyst READ, VM, STORAGE, META, NEW, KILL

Principal Delivery Manager READ, VM, STORAGE, META

Process Engineer READ, VM, STORAGE, META, NEW, KILL

Program Manager READ, VM, STORAGE, META

Project Accountant Assistant READ, VM, STORAGE, META

Project Coordinator READ, VM, STORAGE, META, NEW, KILL, ADVANCED MANAGEMENT

Project Manager READ, VM, STORAGE, META, NEW, KILL, ADVANCED MANAGEMENT

Project Member READ, VM, STORAGE, META

Project PL Analyst READ, VM, STORAGE, META, NEW

Project Sponsor READ, VM, STORAGE, META

Project Supervisor READ, VM, STORAGE, META

Project VIP READ, VM, STORAGE, META

Resource Manager READ, VM, STORAGE, META, NEW, KILL

Sales Executive READ, VM, STORAGE, META

Sales Manager READ, VM, STORAGE, META

Sales Representative READ, VM, STORAGE, META

Signatory READ, VM, STORAGE, META

Solution Architect READ, VM, STORAGE, META, NEW, KILL

TS Engineer READ, VM, STORAGE, META, NEW, KILL

Technical Writer READ, VM, STORAGE, META

Tester READ, VM, STORAGE, META, NEW, KILL

Testing Team Lead READ, VM, STORAGE, META, NEW, KILL

ZXY Agile Team Member READ, VM, STORAGE, META


EPAM PUBLIC 243

ANNEX B – CLIENT VERSIONING

Current version of the CLI is defined in the cli.version parameter within the ‘cli-system.properties’ file,

which is unavailable for user editing. You can display contents of ‘cli-system.properties’ in console by

running the or2info command (See the Maestro CLI Info Section). CLI client version comprises the

following components:

• Orchestrator version

• Separator (.)

• Last digit of a year (2 for 2012)

• Month number (10 for October)

• Separator (.)

• Day

• Build number for current day

For example, ‘cli.version=2.210.103’ corresponds to Orchestrator version 2, built on October 10, 2012 and

being the third build that day.

NB: Under construction. Currently support for versioning is implemented by versioning Maestro CLI

client using the Maestro-CLI-version


EPAM PUBLIC 244

ANNEX C – INSTANCE TYPES AND THEIR SHAPES

The table below contains available virtual instance hardware configurations aka Shapes.

Shape AWS shape mapping

(based on the

closest size)

AWS Units # vCPU

CSA (AWS)

Memory

CSA (AWS)

Micro t1.micro < 2 1 512 (615) MB

Mini t1.micro < 2 1 1 GB (615 MB)

Small m1.small 1 2 (1) 1.7 GB

Medium m1.medium 2 2 (1) 3.75 GB

Large m1.large 4 2 7.5 GB

XL c1.xlarge 20 4 (8) 7.5 (7) GB

2XL m2.xlarge 6.5 4 (8) 15 (17.1) GB

3XL m1.xlarge 8 8 (4) 15 GB

4XL cc1.4xlarge 33.5 6 (8) 23 (22.5) GB

5XL m2.2xlarge 13 8 (4) 30 (34.2) GB

6XL m2.2xlarge 13 8 (4) 46 (34.2) GB

7XL m2.4xlarge 26 8 60 (68.4) GB

8XL cc2.8xlarge 88 8 (16) 92 (60.5) GB

Not all the shapes are by default available for projects. When a project is activated in EPAM regions, Small,

Medium, and Large shapes are activated for it. To get other shapes, submit a Shape Activation Request.

Please note:

• EPAM-BY1, EPAM-HU1, EPAM-BY2, EPAM-UA2 regions support shapes up to 3XL.

EPAM-IN1 and EPAM-US2 regions support shapes up to 5XL.

• Other regions support shapes up to Large.

• When a project is activated in AWS, the full stack of shapes is automatically activated for it.

• Extra-large shapes (over 5XL) are available in AWS regions only.

https://support.epam.com/esp/ess.do?ctx=docEngine&file=svcDisplay&query=name=%22AddAvailableShapesForProject%22


EPAM PUBLIC 245

ANNEX D – SERVICE LOCATIONS

The tables below contain the list of planned EPAM Cloud service locations, using both own infrastructure

and public cloud offerings.

EPAM INFRASTRUCTURE

EPAM Cloud Orchestration Service is a system distributed between different regions. The regions have

different geographical location, virtualization basis and a certain coefficient that applies to services provided

within the region and modifies actual costs. The coefficient depends on the region location and related

maintenance expenses.

Location Service Region Virtualization Coefficient

CIS (Minsk, Belarus) EPAM-BY1 CSA 1

CIS (Minsk, Belarus) EPAM-BY2 OpenStack 0.8

CIS (Minsk, Belarus) EPAM-MAC CSA 1

CIS (Minsk, Belarus) EPAM-DKR OpenStack -*

CIS (St. Petersburg, Russia) EPAM-RU2 CSA 1

Europe (Budapest, Hungary) EPAM-HU1 CSA 1

Ukraine (Kyiv) EPAM-UA1 CSA 1

Ukraine (Kyiv) EPAM-UA2 OpenStack 0.8**

USA (Edison, NJ) EPAM-US CSA 0.9

USA (Edison, NJ) EPAM-US2 OpenStack 0.6

Asia (India, Hyderabad) EPAM-IN1 OpenStack 1

*VMs in the EPAM-DKR region are billed for electricity consumption only at the rate of $33 per month.

** EPAM-UA2 region is in Beta mode till April 1, 2018. While in beta, the billing coefficient is set to 0.

For more information on EPAM Cloud billing policy, please, see our Account Management Guide, Section

7: Billing in EPAM Cloud.

Some of the existing regions have their specific features or limitations. They are listed below.

EPAM-BY2

• EPAM-BY2 is based on OpenStack technology

• EPAM-BY2 supports both HDD and SSD storage. Storage type can be selected during the VM

request by using the corresponding shape name (for example, MEDIUM.HDD – for HDD,

MEDIUM.SSD – for SSD). The standard shape notations (e.g. MEDIUM) are supported, in this

case the default storage type for the region is used

• The Recycle Bin functionality is supported. This functionality allows restoring a terminated VM

within 7 days after termination by sending a request to support.epam.com

• Checkpoint manipulations are not supported.

• An image can be created only from instance that do not have additional volumes.

https://cloud.epam.com/site/management/account_activity/csug_05_account_management.pdf



EPAM PUBLIC 246

Network specifics

• All instances have an assigned floating IP from EPAM network (10.x.).

• All instances have hostname like ECSX000XXXXX.epam.com, which can be resolved as an IP

from EPAM network (for example, 10.6.129.34).

• If you try to resolve native hostname from instance in OpenStack you will get external IP, which

does not belong to any network interface of instance.

• This can cause issues when you try to bind some process to hostname instead of Instance IP.

EPAM-UA2

EPAM-UA2 is currently run in the Beta mode, and has the following specifics:

• Shapes up to 3XL are supported

• Billing coefficient is 0 while in Beta.

• The region capacities are limited.

• Due to the limited capacities, while activating the region, the preference will be given to the projects

that are already activated in EPAM-UA1.

EPAM-IN1

• EPAM-IN1 is based on OpenStack technology

• Storage volumes are billed by provisioned, not by used, space


• Checkpoints are disabled

• Graceful shutdown functionality is not available. The or2stop command acts as power-off

• The commands from other groups (as listed in Maestro CLI Reference Guide) are mostly available,

but some are disabled.

• View instance pool scope is not available

Network specifics

• All instances in project have IPs from internal net (172.16.242.230/21).






This can cause issues when you try to bind some process to hostname instead of Instance IP.

EPAM-US2

• EPAM-US2 is based on OpenStack technology

• Storage volumes are billed by provisioned, not by used, space


• Checkpoints are disabled

• Graceful shutdown functionality is not available. The or2stop command acts as power-off


EPAM PUBLIC 247

• The commands from other groups (as listed in Maestro CLI Reference Guide) are mostly available,

but some are disabled.

• View instance pool scope is not available

Network specifics






This can cause issues when you try to bind some process to hostname instead of Instance IP.

EPAM-MAC

EPAM-MAC region is designed to enable Mac resources provisioning. No other instance types can be

created here.

The region hosts two types of instances – virtual and hardware, each having its own specifics.

• Virtual. Virtual MacOS instances have a choice between MacOS 10.10 Yosemite, MacOS 10.11 El

Capitan, MacOS 10.12 Sierra and MacOS_10.13_HighSierra operating systems. The instances

details are:

o Image name: MacOS_10.10_Yosemite, MacOS_10.11_EL_Capitan, MacOS_10.12_Sierra,

MacOS_10.13_HighSierra

o Shape: Any standard EPAM Cloud shape (recommended – MEDIUM)

o System Disk: 60GB

o Billing: Same as in EPAM-BY1 region

o Login: via VNC console with EPAM credentials

o Limitations: auto configuration service and checkpoints are not available.

To run such an instance, use the standard or2run command, and provide the new instance details, e.g.:

or2run –p <project> -r EPAM-MAC –i macos_10.10_Yosemite –s <shape>

• Hardware. The other type of resources that can be provided in EPAM-MAC region, are reusable

hardware Macmini (OS X 10.12.x) servers that can be provided for project needs. The specifics of this

kind of resources are:

o Image name: macmini_os_X

o Shape: Large (2CPU, 8GB RAM) only

o System Disk: 300GB, not extendable

o Billing: $30/Month, calculated hourly at 30/730.5 USD per hour

o Login: via VNC console with user/user credentials (we strongly recommend changing the

default credentials after the first login)

o Limitations:

▪ Instance operations are strictly limited: only or2run, or2kill, or2report, or2settag,

or2din commands are available. You can also see all the instance-related info on UI.


EPAM PUBLIC 248

▪ Limited number of available servers. To check whether there are Macmini instances

available, please use the or2vps command:

or2vps -r EPAM-MAC

If there are no free Macmini servers, you will get a respective “low capacity” message when trying to request

one.

In this case, please, wait till one of the servers in use, is released.

To order a hardware Mac, use the standard or2run command, and provide the new instance details, e.g.:

or2run –p <project> -r EPAM-MAC –i macmini_os_X –s LARGE

Please also note that VM actions on the Management page are not available for instances in EPAM-MAC

region.

EPAM-DKR

EPAM-DKR is a dedicated region designed exclusively for running Docker and Kubernetes services and

resources. In EPAM-DKR region, Docker VMs are run under KVM and use CoreOS guest operating system.

The EPAM-DKR region has certain specifics:

• The region is available only for running Docker-related services and resources

• VMs are billed only for electricity consumption at the rate of $33 per month

• Each Docker Service instance is hosted on a separate hardware server

• Only the Large shape is available for Docker instances

• Login to Docker VMs can be performed only via SSH with SSH key

• Docker commands can be performed either via Docker toolset or after login to any node via SSH

• Each node in Docker Swarm cluster is a master

• Swarm API endpoint can be reached at <any_cluster_ip_address>:4000. For example, the

following command will show all containers on all Docker nodes:

docker –H hostname:4000 ps

AWS CLOUD FORMATION REGIONS

To activate AWS regions in EPAM Cloud simply leave a respective request at support.epam.com. The

following regions are supported:

Region Code Region Name EPC Reference Name

ap-northeast-1 Asia Pacific (Tokyo) Region AWS-AP-NORTHEAST

ap-northeast-2 Asia Pacific (Seoul) Region AWS-AP-NORTHEAST-2

ap-southeast-1 Asia Pacific (Singapore) Region AWS-AP-SOUTHEAST

ap-southeast-2 Asia Pacific (Sydney) Region AWS-AP-SOUTHEAST-2

eu-west-1 EU (Ireland) Region AWS-EUWEST

eu-central-1 EU (Frankfurt) Region AWS-EUCENTRAL

sa-east-1 South America (Sao Paulo) Region AWS-SAEAST

us-east-1 US East (Northern Virginia) Region AWSUSEAST

https://kb.epam.com/display/EPMCITFAQ/Support+Request

https://support.epam.com/ess.do


EPAM PUBLIC 249

us-west-1 US West (Northern California) Region

AWS-USWEST

us-west-2 US West (Oregon) Region AWS-USWEST-2

Once you get a notification from us about an AWS Region activation, you should be able to see it in your

list of available regions. Below is the example of Maestro CLI command for the AWS regions describing:

or2dreg -p sample –t AWS

Figure 182 - Describing available AWS regions

If you can see the AWS regions in the response, you can start utilizing AWS resources via EPAM

Orchestration tools.

For more information about AWS regions utilization specifics, please, see the Hybrid Cloud Guide.

https://cloud.epam.com/site/develop/hybrid_cloud/a=w=s/ciug_10_AWS_utilization.pdf


EPAM PUBLIC 250

AZURE REGIONS

To activate Azure regions in EPAM Cloud simply leave a respective request at support.epam.com. The

following regions are supported:

Region Name (Location) Region Alias EPC Reference Name

Brazil South (Sao Paolo State) BR South AZURE-BS

Central US (Iowa) - AZURE-CUS

East Asia (Hong Kong) - AZURE-EA

East US (Virginia) USEast, eastus AZURE-EUS

East Us 2 (Virginia) useast2, EastUS2 AZURE-EUS-2

Japan East (Tokyo, Saitama) - AZURE-JE

Japan West (Osaka) Ja West AZURE-JW

North Central US (Illinois) - AZURE-NCUS

North Europe (Ireland) Northeurope AZURE-NEU

South Central US (Texas) - AZURE-SCUS

Southeast Asia (Singapore) - AZURE-SEA

West Europe (Netherlands) westeurope AZURE-WEU

West US (California) - AZURE-WUS

Once you get a notification from us about activating your project in Azure, you should be able to see it in

your list of available regions. Below is the example of Maestro CLI command for the region describing:

or2dreg -p sample –t Azure

Figure 183 - Describing available Azure regions

If you can see Azure regions in the response, you can start utilizing Azure resources via EPAM

Orchestration tools.

For more information about Azure regions utilization specifics, please, see the Hybrid Cloud Guide





EPAM PUBLIC 251

GOOGLE CLOUD REGIONS

To activate Google Cloud regions in EPAM Cloud simply leave a respective request at support.epam.com.

The following regions are supported:

Google Region Location Orchestration Reference Name

Eastern Asia-Pacific Changhua County, Taiwan GCP-AS-EAST

Northeastern Asia-Pacific Tokyo, Japan GCP-AS-NORTHEAST

Western Europe St. Ghislain, Belgium GCP-EUWEST

Central US Council Bluffs, Iowa GCP-USCENTRAL

Eastern US Berkeley County, South Carolina GCP-USEAST

Western US The Dalles, Oregon GCP-USWEST

Once you get a notification from us about activating your project in Google Cloud, you should be able to

see it in your list of available regions. Below is the example of Maestro CLI command for the region

describing:

or2dreg -p project –t google

Figure 184 - Describing available Google Cloud regions

If you can see Google Cloud regions in the response, you can start utilizing Google Cloud resources via

EPAM Orchestration tools.

For more information about Google Cloud regions utilization specifics, please, see the Hybrid Cloud

Guide






EPAM PUBLIC 252

ANNEX E – LOGGING IN TO INSTANCES

WINDOWS

Login via an RDP client by using your standard domain credentials.

In order to access Windows instances via SSH, you first have to access them via RDP and configure SSH

connection.

LINUX

For Linux instances, use the SSH and/or your standard domain credentials.

Please note that the login should include the domain name:

[email protected]

AWS – Linux

To connect to a Linux VM, run the following Linux command:

ssh user@<hostname> -i <path>

Where <hostname> stands for your VM DNS Name and <path> stands for the full path to your key file.

Depending on the OS used on your VM, the following login should be provided:

Image OS Default Login

Ubuntu ubuntu

CentOS centos

Debian admin

AWS – WINDOWS

To login to a newly created AWS-based Windows instance perform the following steps:

1. Make sure the instance is up and running, e.g., using the o2-describe-instances command.

2. Run the or2console command providing the instance ID, project and region:

or2console –p demopro –r aws-region –i instance_id

3. When the command is executed, you get an email containing the details on the VM and an

attachment with the encrypted password.

AWS needs at least 4 minutes to generate a password for a new instance. If you run the

or2console command before the password is ready, the attachment in the letter will be empty.

4. Save the attachment to your disc or copy its content to an empty file.

5. Run the or2-aws-decrypt-password (or2adp) command, providing the name of the key used to

run the instance and the path to the file with the encryption:

or2adp -p private-key-file-path -e encrypted-password-file-path


EPAM PUBLIC 253

The command response will contain the password to be used to login to your Windows VM as

Administrator.

Please note that the command is executed on the client’s side, external tools have no access to

the private part of the key.

6. Use this password to login to your VM via RDC:

Figure 185 - Remote connection to a Windows instance

If you have access to AWS Management Console, you can get the password using it, without having to

perform the steps described above. All you have to do is login to the Console, go to the Instances section,

right-click on the instance to which you want to get access and select Get Windows Password in the

dropdown menu.

Figure 186 - Connecting to a Windows VM in AWS


EPAM PUBLIC 254

AZURE

When a VM (either Windows or Linux) creation is initiated, you get a letter containing credentials for access

to this VM remotely. These credentials are generated only once and will not be available for reference

anywhere except this letter.

If you run an instance without using an SSH key, the instance run letter will include the access username

and the password:

Figure 187 - Run instance letter with a password

Please save the credentials properly for further usage; they are not saved anywhere else and cannot

be restored in case of loss.

If you used an SSH key to run an instance, the letter will include the key name instead of the credentials.

The Public IP necessary to connect to the VM will be given in the next letter sent to you as soon as your

new VM gets to the RUNNING state:


EPAM PUBLIC 255

Figure 188 - A Start Instance letter with IPs

GOOGLE CLOUD REGIONS:

For Linux VMs, use the SSH key specified during the VM creation. The username depends on the VM

image:

Image Username

CentOS6_64-bit centos

Debian8_64-bit debian

Ubuntu16.04_64-bit ubuntu

For Windows machines, use the or2console CLI command specifying an SSH key:

or2console -p project -r region -i instance_id -k key

The key must always be of 2048 size. The key is required only for the log in operation, not for VM run.

When this command is executed, you will receive an email containing an encrypted password. Decrypt the

password as follows:

or2-decrypt-password -p private-key-file-path -e encrypted-password-

file-path

Use the decrypted password to log in to your Windows VM under user name Administrator.


EPAM PUBLIC 256

HARDWARE MACOS

To access your hardware MacOS instance, perform the following steps:

• Install the VNC Client to your workstation.

• Run the VNC Client, and input your MacOS IP address or DNS name (as

HOSTNAME.minsk.epam.com):

Figure 189 - VNC Client start

Click Connect.

• On Authentication step, input the uppercased abbreviation of your project in UPSA:

Figure 190 - VNC client authentication

• Login to the instance with user/user credentials.

It is highly recommended to change the default credentials after the first login.

VIRTUAL MACOS

To get access to a Virtual MacOS instance perform the following actions:

• Click the VNC icon next to the VM ID on the Management page to run the VNC Web Client, and

login to the VM using your domain credentials as soon as the connection is established:

https://www.realvnc.com/download/viewer/


EPAM PUBLIC 257

Figure 191 - VNC web access link

Please note that the domain credentials are case sensitive.

After logging in to the VM, it is recommended to change the default credentials and to enable

access via the VNC standalone client.


EPAM PUBLIC 258

ANNEX F – MAESTRO CLI COMMANDS LIST

The table below gives the list of the existing Maestro CLI Commands, their descriptions and links to the

respective sections:

Command Description or2access Registers user domain credentials within Orchestrator

or2addattvol Creates and attaches a storage volume to the specified instance

or2addsch Creates a new schedule to start or stop existing instances using cron expressions.

or2adp Decrypts AWS password

or2ag Is used to manage Ansible groups.

or2agp Is used to manipulate Ansible groups properties.

or2ah Is used to manage Ansible hosts.

or2ai Initializes Ansible environment for the specified project and zone.

or2aem Manages Adobe AEM service

or2alsip Allocates a static IP for the project

or2assip Assigns a static IP to the VM

or2attvol Attaches the specified storage volume to the specified instance

or2audit Views all relevant instance-related information for the specified period

or2awsmc Returns a link for accessing the AWS Management Console

or2ccp Creates an instance recovery point

or2check Shows Maestro CLI client currently installed on your machine

or2chef Describes the project Chef server mode

or2cim Creates an image based on the instance

or2cm Sets one of the existing chef modes to the project

or2cmst Converts a Maestro Stack template into a CloudFormation stack template

or2console Activates instance console and provides access credentials to it

or2addkey Creates a key pair used to access instances without need to provide login credentials

or2dawsse Returns the events related to the specified stack

or2dawssr Returns the events related to the specified stack

or2dcp Lists all checkpoints created for the instance and their short descriptions

or2di Manipulates Docker container images

or2delawss Deletes one or more stacks for the specified region and project

or2delcp Deletes the specified instance checkpoint

or2delf Deletes a previously uploaded file from Orchestrator’s repository

or2delim Deletes custom machine images

or2delkey Deletes a specified key pair

or2delsch Deletes a previously created schedule

or2delp Deletes user-defined metadata from instances

or2deltag Deletes a custom tag from an instance or a volume

or2delvol Deletes a storage volume from the specified instance

or2detvol detaches a storage volume from the specified instance

or2df Describes the uploaded and available files for the specified project

or2dim Returns information about images

or2din Returns information about the instances that you own

or2dissip Disassociates a Static IP from a VM

or2dkey Describes pairs available for provided project and region

or2dlb Shows the list of the hosts in the load balancer group and their availability


EPAM PUBLIC 259

Command Description or2dlog Gives the list of the logged instances and the DNS name of the GrayLog Server

or2dmon Retrieves information about Zabbix-related items

or2dmstack Describes existing Maestro stacks for the specified project and region

or2dpro Lists of projects available for user

or2dreg Describes available virtualization regions for provided project and user credentials

or2dri Manipulates Docker registry images

or2dsch Describes previously uploaded and available schedules

or2dser Describes the services activated for the specified project and region

or2dsip Describes static IPs available for the project

or2dshape Describes available shapes for the provided project and user credentials

or2dtag Retrieves custom tags assigned to resources for billing purposes

or2dv Creates, describes or deletes a Docker volume

or2dvlans describes available VLANs for the selected project

or2dvol Describes a user’s storage volumes

or2ftp Makes existing S3 buckets available via FTP

or2ftpa Manages user access to AWS S3 via FTP

or2gcp Reverts to the specified checkpoint

or2getp Retrieves user-defined metadata from instances

or2help Lists all commands and their parameters

or2hr Generates a hardware server usage report

or2info Lists information of CLI Client current configuration

or2ikey Imports an existing key pair to the specified region

or2kill Terminates the specified instances

or2kn Manages Kubernetes nodes

or2kns Manages Kubernetes namespaces

or2kp Manages Kubernetes pods

or2krc Manages Kubernetes replication controllers

or2ks Manages Kubernetes services

or2lbconf Set the Load balancer configuration

or2lock Locks the specified instance from termination

or2log Starts collecting the logs from the specific instance

or2mivlan Moves specific instance under available VLAN

or2mm Manages Messaging Service messages

or2modhs Modifies the settings of a hardware server

or2mon Add an instance to Zabbix monitoring list

or2mq Manages Messaging service queues

or2ms Activates/deactivates available services for a particular project

or2price Lists prices for all activated shapes

or2rawss Launches a specified stack on AWS

or2rcp Reverts instance to the latest available checkpoint

or2rdb manages the relational database service

or2reboot Reboots specified instances

or2reghs Registers a dedicated instance as a hardware server in EPAM Cloud

or2relsip Releases a static IP from the project

or2report Prepares a monthly billing report

or2resvol Resizes the specified volume for instance

or2rmstack Runs a new maestro stack based on an existing template

or2run Launches the specified number of instances with provided shape and image


EPAM PUBLIC 260

Command Description or2setp Assigns user-defined metadata to instances

or2settag Assigns a custom tag to an instance or a volume for billing purposes

or2sm Remove an instance from the monitoring list

or2sr Manages Sonar rules

or2sqp Manages Sonar quality profiles

or2start Starts the specified stopped instances

or2stop Stops the specified instances

or2stoplog Removes the instance from logging list

or2sus Powers down an instance

or2uf Uploads a new file and saves it in Orchestrator

or2unreghs Unregisters hardware server

or2update Checks for updates and updates


EPAM PUBLIC 261

ANNEX G – PAAS GUEST OPERATING SYSTEMS

Service name Used Image

Adobe AEM as a Service (AEM) CentOS6_64-bit

Ambari Service (AAS) CentOS6_64-bit

Artifactory as a Service (AFS) CentOS7_64-bit

ATG as a Service (ATG) CentOS6_64-bit

Auto Configuration Service (ACS): Chef server (epc/user modes) Version 11/version 12 Ubuntu14.04_64-bit/Ubuntu16.04_64-bit

Cloud Monitoring Service (CMS): Zabbix Ubuntu16.04_64-bit

Docker/Docker registry (DOS) (with volumes) CoreOS_899.13_64-bit

Docker/Docker registry Service (DOS) Ubuntu16.04_64-bit/Ubuntu14.04_64

FTP to AWS SE Service (FTP2S3) Ubuntu14.04_64-bit

Gerrit as a Service (GAS) Ubuntu 14.04_64-bit

Hybris as a Service (HAS) CentOS7_64-bit

Jenkins as a Service (JAS) Ubuntu16.04_64-bit

Kubernetes as a Service (KUB) CoreOS_899.13_64-bit

Load Balancer Service (LBS) Ubuntu16.04_64-bit

Log Aggregation Service (LAS) Ubuntu16.04_64-bit

Magento as a Service (MAS) CentOS7_64-bit

Messaging Service (MES) Ubuntu14.04_64-bit

Relational Data Base Service (RDB) Mariadb Ubuntu14.04_64-bit

Relational Data Base Service (RDB) MSSQL (2012) W2012R2Std

Relational Data Base Service (RDB) MSSQL (2014) hardware W2012R2Std

Relational Data Base Service (RDB) MySQL Ubuntu14.04_64-bit

Relational Data Base Service (RDB) Oracle OracleLinux7_64-bit

Relational Data Base Service (RDB) PostgreSQL Ubuntu14.04_64-bit

Sitecore as a Service (SAS) W2012R2Std

Sonar as a Service (SQS) Ubuntu 14.04_64-bit

Splunk as a Service (SPS) Ubuntu14.04_64-bit

Telemetry as a Service (TMS) Ubuntu16.04_64-bit


EPAM PUBLIC 262

TABLE OF FIGURES

Figure 1 - or2help Command Output .......................................................................................................... 14

Figure 2 - Command help for incorrect parameters input ........................................................................... 14

Figure 3 - Command response with --help option ....................................................................................... 15

Figure 4 - or2access Response Example ................................................................................................... 16

Figure 5 - or2check Response Example ..................................................................................................... 17

Figure 6 - or2info Response Example ......................................................................................................... 19

Figure 7 - or2update Response Example ................................................................................................... 20

Figure 8 - or2dpro Response Example ....................................................................................................... 21

Figure 9 - or2dreg Response Example ....................................................................................................... 23

Figure 10 - or2dim Response Example ....................................................................................................... 25

Figure 11 - or2dshape Response Example (OpenStack-based region) ..................................................... 26

Figure 12 - or2run Response Example ....................................................................................................... 30

Figure 13 - or2stop Example Response ...................................................................................................... 31

Figure 14 - or2start Response Example ..................................................................................................... 33

Figure 15 - or2reboot Response Example .................................................................................................. 34

Figure 16 - or2kill Response Example ........................................................................................................ 35

Figure 17 - or2lock Response Example ...................................................................................................... 35

Figure 18 - or2lock command repeated to allow instance termination ........................................................ 35

Figure 19 - or2din General Response Example .......................................................................................... 37

Figure 20 - or2din Response Example with Filters ..................................................................................... 37

Figure 21 - or2chshape Response Example ............................................................................................... 38

Figure 22 - or2chow Response Example .................................................................................................... 39

Figure 23 - or2vps Response Example ....................................................................................................... 40

Figure 24 - or2dvlans Response Example .................................................................................................. 41

Figure 25 - or2mivlan Response Example .................................................................................................. 42

Figure 26 - or2addsch Response Example ................................................................................................. 44

Figure 27 - or2dsch Response Example ..................................................................................................... 45

Figure 28 - or2schaddi Response Example ................................................................................................ 46

Figure 29 - or2schremi Response Example ................................................................................................ 47

Figure 30 - or2delsch Response Example .................................................................................................. 48

Figure 31 - or2setp Response Example ...................................................................................................... 52

Figure 32 - or2getp Response Example ..................................................................................................... 53


EPAM PUBLIC 263

Figure 33 - or2delp Response Examples ................................................................................................... 54

Figure 34 - or2cim Response Example ....................................................................................................... 56

Figure 35 - or2delim Response Example .................................................................................................... 57

Figure 36 - TCP/IP Configuration (Windows) .............................................................................................. 58

Figure 37 - Creating Local Windows User .................................................................................................. 59

Figure 38 - Assigning Administrator Privileges to a Windows User ............................................................ 60

Figure 39 - Excluding Guest OS from Domain (Windows) .......................................................................... 61

Figure 40 - Renaming Guest OS (Windows) ............................................................................................... 61

Figure 41 - Rebooting a VM in Azure region ............................................................................................... 62

Figure 42 - or2addkey Response Example ................................................................................................. 65

Figure 43 - or2ikey Response Example ...................................................................................................... 67

Figure 44 - or2dkey Response Example ..................................................................................................... 68

Figure 45 - or2delkey Response Example .................................................................................................. 69

Figure 46 - or2console Response Example ................................................................................................ 70

Figure 47 - Console credentials .................................................................................................................. 71

Figure 48 - or2awsmc Response Example ................................................................................................. 72

Figure 49 – or2iam Response Example ...................................................................................................... 73

Figure 50 - or2azmc Response Example .................................................................................................... 74

Figure 51 - or2alsip Command Example ..................................................................................................... 77

Figure 52 - or2assip Command Example .................................................................................................... 78

Figure 53 - or2dsip Command Response Example .................................................................................... 79

Figure 54 - or2dissip Command Response ................................................................................................. 80

Figure 55 - or2relsip Command Response ................................................................................................. 81

Figure 56 - or2addattvol Response Example .............................................................................................. 83

Figure 57 - or2attvol Response Example .................................................................................................... 84

Figure 58 - or2detvol Response Example ................................................................................................... 85

Figure 59 - or2resvol Response Example ................................................................................................... 86

Figure 60 - or2dvol Response Example ...................................................................................................... 88

Figure 61 - or2dvol Empty Response Example ........................................................................................... 88

Figure 62 - or2delvol Response Example ................................................................................................... 89

Figure 63 - df-h Response Example............................................................................................................ 90

Figure 64 - Computer Management in Windows 8 ...................................................................................... 91

Figure 65 - or2ccp Response Example ....................................................................................................... 94


EPAM PUBLIC 264

Figure 66 - or2dcp Response Example ....................................................................................................... 95

Figure 67 - or2gcp Response Example ....................................................................................................... 96

Figure 68 - or2rcp Response Example ....................................................................................................... 97

Figure 69 - or2delcp Response Example .................................................................................................... 98

Figure 70 - or2reghs Response Example ................................................................................................. 100

Figure 71 - or2unreghs Response Example ............................................................................................. 101

Figure 72 - or2modhs Response Example ................................................................................................ 103

Figure 73 - or2hr Response Example ....................................................................................................... 104

Figure 74 - Price Breakdown ..................................................................................................................... 105

Figure 75 - or2report Response Example ................................................................................................. 107

Figure 76 - or2price Response Example ................................................................................................... 110

Figure 77 - or2audit Response Example ................................................................................................... 112

Figure 78 - Account report ......................................................................................................................... 113

Figure 79 - or2dacc Command Example .................................................................................................. 114

Figure 80 - or2settag Response Example ................................................................................................. 116

Figure 81 - or2dtag Response Example ................................................................................................... 117

Figure 82 - or2deltag Response Example ................................................................................................. 118

Figure 83 - or2uf Response Example ....................................................................................................... 120

Figure 84 - or2delf Response Example ..................................................................................................... 121

Figure 85 - or2df Response Example ....................................................................................................... 122

Figure 86 - or2sc Response Example ....................................................................................................... 123

Figure 87 - or2dnt Response Example ..................................................................................................... 124

Figure 88 - or2rsawss Response Example ............................................................................................... 126

Figure 89 - or2dawss Response Example ................................................................................................ 127

Figure 90 - or2dawsse Response Example .............................................................................................. 128

Figure 91 - or2dawssr Response Example ............................................................................................... 130

Figure 92 - or2delawss Response Example ............................................................................................. 131

Figure 93 - or2dmstack Response Example ............................................................................................. 132

Figure 94 - or2rmstack -m Response Example ......................................................................................... 134

Figure 95 - or2delmstack -m Response Example ..................................................................................... 135

Figure 96 - or2dmsr Response Example .................................................................................................. 136

Figure 97 – or2vmst Response Example .................................................................................................. 137

Figure 98 - or2cmst Response Example ................................................................................................... 138


EPAM PUBLIC 265

Figure 99 - or2-manage-service Response Example................................................................................ 141

Figure 100 - or2dser Response Example (shown in 2 lines for better visibility) ....................................... 143

Figure 101 - or2cm Response Example .................................................................................................... 147

Figure 102 - Disabling auto configuration for a specific OS ...................................................................... 147

Figure 103 - Reviewing information on the current status of the ACS ...................................................... 147

Figure 104 - or2dchef Response Example ................................................................................................ 148

Figure 105 - The or2-validate-chef command output ................................................................................ 148

Figure 106 - or2dmon Response Example ............................................................................................... 150

Figure 107 - or2mon Response Example ................................................................................................. 151

Figure 108 - or2stopmon Response Example ........................................................................................... 152

Figure 109 - Zabbix metrics details on UI ................................................................................................. 153

Figure 110 - Zabbix Graph in web Interface .............................................................................................. 154

Figure 111 - or2starttel Response Example .............................................................................................. 156

Figure 112 - or2stoptel Response Example .............................................................................................. 157

Figure 113 - or2dtelag Response Example ............................................................................................... 158

Figure 114 - Telemetry agent with available metrics................................................................................. 159

Figure 115 – or2tel Response Example .................................................................................................... 160

Figure 116 - or2lbconf –-balancing Response Example ........................................................................... 165

Figure 117 - or2lbconf –-limit Response Example ................................................................................... 166

Figure 118 - or2lbconf –-ban Response Example ................................................................................... 167

Figure 119 - or2lbconf –-cache --url --expiration Response Example ..................................................... 167

Figure 120 - or2dlb Response Example .................................................................................................... 168

Figure 121 - or2ftp Response Example .................................................................................................... 170

Figure 122 - or2ftpa Response Example .................................................................................................. 170

Figure 123 - or2osc Command Response Example ................................................................................. 172

Figure 124 - or2osc Command Response Example for Wildcard Setup .................................................. 172

Figure 125 - or2di Command Response Example .................................................................................... 175

Figure 126 - or2di -a Commit Response Example .................................................................................... 175

Figure 127 - or2dc Command Response .................................................................................................. 177

Figure 128 - or2dv Command Response .................................................................................................. 178

Figure 129 - Docker volume deletion ........................................................................................................ 179

Figure 130 – Docker registry creation ....................................................................................................... 180

Figure 131 - or2dri -a describe Response Example.................................................................................. 181


EPAM PUBLIC 266

Figure 132 - or2dri -a delete Response Example ..................................................................................... 181

Figure 133 - or2dd Command Response .................................................................................................. 183

Figure 134 - List of Kubernetes nodes (shown in two lines for better visibility) ........................................ 185

Figure 135 - or2kp Command Response .................................................................................................. 186

Figure 136 - or2kns Command Response ................................................................................................ 187

Figure 137 - or2ks Command Response .................................................................................................. 187

Figure 138 - or2krc Command Response ................................................................................................. 188

Figure 139 - or2kn Command Response .................................................................................................. 189

Figure 140 - or2-describe-hadoop Response Example ............................................................................ 191

Figure 141 - or2-manage-hadoop Command Response .......................................................................... 192

Figure 142 - or2ac command Response Example .................................................................................... 195

Figure 143 - Changing Splunk license type .............................................................................................. 197

Figure 144 - or2sp Command Response .................................................................................................. 199

Figure 145 - List of missing plugins ........................................................................................................... 201

Figure 146 - List of Jenkins plugins ........................................................................................................... 202

Figure 147 - Jenkins plugin uninstallation ................................................................................................. 203

Figure 148 – Sonar Service Info (shown in two lines for better visibility) .................................................. 208

Figure 149 – or2sqp Command Response ............................................................................................... 210

Figure 150 - Rules activation for Sonar quality profile .............................................................................. 210

Figure 151 – or2sr Command Response .................................................................................................. 211

Figure 152 – Artifactory Service Info (shown in two lines for better visibility) ........................................... 213

Figure 153 - or2aem -a activate-cluster Response Example .................................................................... 215

Figure 154 - or2aem -a describe Response Example............................................................................... 215

Figure 155 - or2aem -a attach-publish Response Example ...................................................................... 215

Figure 156 - Sitecore service activation .................................................................................................... 217

Figure 157 - List of Sitecore instances ...................................................................................................... 217

Figure 158 - Sitecore-LB activation ........................................................................................................... 219

Figure 159 - Sitecore Info (shown in two lines for better visibility) ............................................................ 219

Figure 160 - Sitecore instances info (shown in two lines for better visibility) ............................................ 220

Figure 161 - the or2rdb [-a describe] Response Example ........................................................................ 222

Figure 162 - or2rdb -a install Response Example ..................................................................................... 222

Figure 163 - or2rdb -a remove Response Example .................................................................................. 222

Figure 164--use-sys-disk-size output example ......................................................................................... 222


EPAM PUBLIC 267

Figure 165 - Hybris MEDIUM configuration .............................................................................................. 223

Figure 166 - Hybris LARGE configuration ................................................................................................. 224

Figure 167 - Hybris activation .................................................................................................................... 224

Figure 168 - List of Hybris instances ......................................................................................................... 225

Figure 169 – Magento service info (shown in two lines for better visibility) .............................................. 226

Figure 170 - ATG as a Service architecture .............................................................................................. 227

Figure 171 – ATG service info ................................................................................................................... 228

Figure 172 - ATG instance details ............................................................................................................. 228

Figure 173 - or2mq -a create Response Example .................................................................................... 230

Figure 174 - or2mm -a send Command Response ................................................................................... 231

Figure 175 - or2ai Response Example ...................................................................................................... 232

Figure 176 - or2ah Response Example .................................................................................................... 233

Figure 177- or2ag Response Example ..................................................................................................... 234

Figure 178 - or2agp Response Example .................................................................................................. 235

Figure 179 – Fragment of or2adi Response Example .............................................................................. 236

Figure 180 - Fragment of or2adi Response Example in a Formatted Way .............................................. 236

Figure 181 - Troubleshooting Scheme ...................................................................................................... 237

Figure 182 - Describing available AWS regions ........................................................................................ 249

Figure 183 - Describing available Azure regions ...................................................................................... 250

Figure 184 - Describing available Google Cloud regions .......................................................................... 251

Figure 185 - Remote connection to a Windows instance .......................................................................... 253

Figure 186 - Connecting to a Windows VM in AWS.................................................................................. 253

Figure 187 - Run instance letter with a password ..................................................................................... 254

Figure 188 - A Start Instance letter with IPs .............................................................................................. 255

Figure 189 - VNC Client start .................................................................................................................... 256

Figure 190 - VNC client authentication ..................................................................................................... 256

Figure 191 - VNC web access link ............................................................................................................ 257


EPAM PUBLIC 268

VERSION HISTORY

The document is constantly updated since September, 2012. The table below provides its main

development points until the beginning of 2015, and the detailed story starting from this year.

Version Date Summary

19.6.23 May 18, 2018 - Added the -resourceGroup parameter to the set of

commands for the work with Azure

19.6.22 April 4, 2018 - Updated the info about Kubernetes as Service

19.6.21 March 24, 2018

- Updated information about availability of the or2resvol

command in different regions

- Removed the references to EPAM-KZ1 region.

- Added info on the OpenShift service

19.6.20 February 22, 2018 - Update the description of the section 5.3

- Added 2 sections about the VMs in Azure regions

19.6.19 January 31, 2018

- Removed the ‘or2-suspend’ command

- Added EPAM-UA2 region info

- Updated EPAM-MAC region info with

MacOS_10.13_HighSierra

- Updated the --use-sys-disc-size parameter info

19.6.18 January 28, 2017 - Updated the permissions mapping table

19.6.17 December 22, 2017 - RDB Service info update

- OS for PaaS Service table added

19.6.16 December 15, 2017 - ACS info updated

19.6.15 December 7, 2017

- Image creation availability for EPAM-KZ1 region updated

- Info about Jenkins availability in different regions

updated

19.6.14 December 6, 2017 - Image name and description restrictions update

19.6.13 December 1, 2017 - Shared Chef Server info updated

- Chef 12 and Chef 11 availability info updated

19.6.12 November 30, 2017 - MSQ3 information removed

19.6.11 November 4, 2017 - Updated Creating Images and Disassociate Static IP

Sections

19.6.10 September 9, 2017 - Updated checkpoints creation limitations


EPAM PUBLIC 269

- Updated Telemetry as a Service info

- Updated EPAM-RU2 price in Annex D

19.6.9 July 15, 2017

- fixed-ip parameter removed from the description of or2-

allocate-static-ip command

- Description of Telemetry as a Service added

19.6.8 May 20, 2017

- Description of Cloudify service removed

- Information on static IP-related commands availability by

regions updated

19.6.7 April 8, 2017

- Updated info on Checkpoints (recommendation to create

checkpoints on stopped instances)

- or2mjp command added

- or2run command description updated with spot instance

parameters

- Information about EPAM-BY2 region added

19.6.6 February 25, 2017

- Azure specifics is clarified for or2ikey command.

- Google-related specifics added

- or2adp command replaced with or2dp

- Hybris as a Service info updated

- Sonar as a Service info updated

- Artifactory as a Service info added

- Schedules info updated with --all -t options

19.6.5 December 16, 2016

- Kubernetes commands added

- Sonar as a Service info added

- or2dr (or2-docker-registry) command removed

- Option of command output display in json format added

- Classification changed from Confidential to Public,

approved by Dzmitry Pliushch

19.6.4 October 29, 2016

- Reference to EPAM-US1-PROD and EPAM-RU1

regions removed

- EPAM-US2 region added

- Instructions for VM preparation for image creation

updated with information specific to Microsoft Azure

regions

- Backup Service commands added

19.6.3 September 3, 2016

- Updated or2rmstack command description

- Note about Chef mode change added

- Hyperlinks fixed

- Updated permissions map

- Added IND1 region info

- Splunk as a Service info added


EPAM PUBLIC 270

- Magento as a Service info added

- ATG as a Service info added

- Sitecore as a Service info updated

- AEM as a Service info updated

19.6.2 July 8, 2016 - Updated shapes limitations info

19.6 July 2, 2016 - Added Services cooperation notifications

- Commands related to security scanning added

19.5 May 22, 2016

- Updated Permissions table with new PMC Roles

- Added “Finding the device parameter” section

- Screenshots updated

- Description of hardware-related commands added

- Description of Kubernetes as a Service added

- Updated regions table with Virtualization column

19.4 March 26, 2016

- Added 1.1 Getting CLI Help

- Updated regions specifics info

- Added Annex E – Logging in to Instances

- Added or2lock command

- Updated 2.3 Logging in to Instances

- Docker Service info updated

- Hybris Service info added

19.3 February 13, 2016

- Updated or2report, or2ac, or2help, or2dreg, or2din

commands descriptions

- Updated or2dd examples

- Added or2prkill command

19.2 December 20, 2015 - Added MES service commands

- Issues fixed

19.1 November 7, 2015 - Issues fixed

19.0 September 6, 2015 - Renamed to csug_02_maestro_cli_user_guide

- Updated layout, reviewed content.

18.0 April 26, 2014 - Totally restructured. The commands are grouped by purpose, additional info added.

15.22 September 4, 2013 - links throughout the document are revised

15.21 August 16, 2013 - related documents are updated

10.0 February 9, 2013 - Major revision including update of AWS-related command syntax, new commands, user permissions etc.


EPAM PUBLIC 271

8.01 December 21, 2012 - Major command revision

4.1 October 9, 2012 - Restructured as user/reference guide - Setup section is shortened - Reference to setup guide is added

1.0 September 07, 2012 First published

epam cloud orchestrator - maestro cli user guide · maestro cli user guide user guide march 2018...

Documents