Providers
Providers are added when the environment is created, and can be changed at any time.
An environment contains zero or more providers.
A provider enables the deployment of instances on various cloud platforms. Providers act as connectors that allow you to interact with different cloud service providers environments seamlessly.
- Platform connectivity: Each provider is associated with a specific cloud service platform (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform). This connectivity allows users to access and utilize the resources offered by the respective platforms.
- Region selection: When configuring a provider, users can specify the region within the cloud platform where the resources will be deployed.
- Credential management: Providers require valid credentials, such as access keys or authentication tokens, to interact with the associated cloud platform. LayerOps allows users to securely manage and store these credentials, ensuring the necessary security and access controls.
Once a provider is set up, users can deploy instances directly onto the designated cloud platform.
At any time, from your environment dashboard, you can add/remove providers. In the example below, only one provider (Azure) has been defined.
All environments allow the creation of external hosts. No need for specific provider.
Providers facilitates the creation of multi-cloud environments, giving users the ability to leverage the resources of various cloud service providers and external infrastructures. This approach offers significant advantages in terms of flexibility, resilience, performance, cost-effectiveness and disaster recovery.
3DS Outscale
AWS
Azure
Google Cloud Platform
LXD
You can use a remote lxd server as provider as soon as it meets following requirements:
- Expose your lxd server to the network: documentation
Example:
#!/bin/bash
# Variables
DOMAIN="votre-domaine.com"
EMAIL="votre-email@example.com"
CERT_DIR="/var/snap/lxd/common/lxd"
CERT_PATH="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
PRIVKEY_PATH="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
# Listes d'adresses IP autorisées
ALLOWED_SSH_IPS=("192.0.2.1" "198.51.100.1") # Remplacez par les adresses IP que vous souhaitez autoriser pour SSH
ALLOWED_8443_IPS=("212.129.25.20" "51.159.95.50") # IP list provided by LayerOps - contact support
# Vérifier les permissions root
if [ "$EUID" -ne 0 ]; then
echo "Veuillez exécuter ce script en tant que root."
exit 1
fi
# Vérifier que le nom de domaine pointe bien sur l'adresse IP publique du serveur
PUBLIC_IP=$(curl -s ifconfig.me)
DOMAIN_IP=$(dig +short $DOMAIN)
if [ "$PUBLIC_IP" != "$DOMAIN_IP" ]; then
echo "Le domaine $DOMAIN ne pointe pas vers l'adresse IP publique du serveur ($PUBLIC_IP)."
exit 1
fi
# Mise à jour du système et installation des dépendances
apt update
apt upgrade -y
apt install -y snapd ufw dnsutils curl cron
# Installation de LXD via Snap
snap install lxd
/snap/bin/lxd init --auto
# Installation de Certbot
snap install core; snap refresh core
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
# Vérifier si le certificat existe déjà
if [ -f "$CERT_PATH" ] && [ -f "$PRIVKEY_PATH" ]; then
echo "Le certificat SSL existe déjà. Aucune génération nécessaire."
else
# Obtenir un certificat SSL avec Certbot (processus HTTP en arrière-plan)
certbot certonly --standalone --preferred-challenges http -d $DOMAIN --email $EMAIL --agree-tos --non-interactive &
# Attendre que le certificat soit généré
wait
# Vérifier que les certificats ont été générés
if [ ! -f "$CERT_PATH" ] || [ ! -f "$PRIVKEY_PATH" ]; then
echo "La génération du certificat a échoué. Vérifiez les logs de Certbot pour plus de détails."
exit 1
fi
fi
# Configuration de LXD pour utiliser le certificat SSL
cp "$CERT_PATH" $CERT_DIR/server.crt
cp "$PRIVKEY_PATH" $CERT_DIR/server.key
# Modification de la configuration de LXD pour utiliser le SSL
lxc config set core.https_address ":8443"
# Redémarrer LXD pour prendre en compte les modifications
systemctl restart snap.lxd.daemon
# Configuration du pare-feu UFW
ufw default deny incoming
ufw default allow outgoing
ufw allow from any to any port 80,443 proto tcp # Autoriser HTTP/HTTPS pour Certbot
ufw allow from any to any port 22 proto tcp # Autoriser SSH de partout pour le moment
ufw allow in on lxdbr0
ufw route allow in on lxdbr0
ufw route allow out on lxdbr0
# Autoriser uniquement les adresses IP spécifiées pour SSH
for ip in "${ALLOWED_SSH_IPS[@]}"; do
ufw allow from $ip to any port 22 proto tcp
done
# Autoriser uniquement les adresses IP spécifiées pour le port 8443
for ip in "${ALLOWED_8443_IPS[@]}"; do
ufw allow from $ip to any port 8443 proto tcp
done
# Activer UFW
ufw enable
# Supprimer les règles SSH globales pour sécuriser davantage
ufw delete allow 22/tcp
# Configurer le cron job pour renouveler automatiquement le certificat SSL
(crontab -l 2>/dev/null; echo "0 0 * * * /usr/bin/certbot renew --post-hook 'cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem $CERT_DIR/server.crt && cp /etc/letsencrypt/live/$DOMAIN/privkey.pem $CERT_DIR/server.key && systemctl restart snap.lxd.daemon'") | crontab -- To allow volume quotas on dir storage driver, the default "storage-pools" directory (
/var/snap/lxd/common/lxd/storage-poolsif installed via snap) must be within a xfs partition mounted with project quota enabled (see documentation ). Example using ubuntu server:
# Install quotas:
apt install quota
# Add Mount Point
MOUNT_DEVICE= # Partition to mount storage pool to
cat >> /etc/fstab <<EOF
$MOUNT_DEVICE /var/snap/lxd/common/lxd/storage-pools xfs defaults,prjquota 0 0
EOF
# Mount storage pools:
mount /var/snap/lxd/common/lxd/storage-pools- Create a trusted client token with
lxc config trust add(see Platform Access Documentation)