scaleset

Description

Venue	Equivalent Concept(s)
	Auto Scaling Groups
	Virtual Machine Scale Sets

A compute resource that combines aspects of compute, networking, and storage capable of running an operating system and applications with dynamic allocation of subnets and virtual machines necessary for scale-out and fault tolerance.

Virtual machines created by the scaleset have one nic connecting to one subnet per virtual machine. Depending on the venue, there may be multiple subnets created - for example on AWS each subnet is in an availability zone, so multiple subnets are used to ensure fault tolerance. The subnets are managed automatically by Tuono.

Virtual machines created by the scaleset cannot be registered with DNS. Instead, you should place them behind a balancer.

Any disks specified in the blueprint should be considered ephemeral, as they will be destroyed when the scaleset shrinks the number of virtual machines. For persistent storage, you could use a blobstore.

To convert a compute.vm into a compute.scaleset:

• Your vm can only have one nic.

• Promote the nic's firewall property up to the scaleset.

• Promote the nic's provides property (if any) up to the scaleset.

  A provides property is common for a scaleset behind a balancer.

• The scaleset will create and manage subnets automatically, so you

  can remove any subnets your vm was using, if they are unused.

• Optionally define a range of addresses the scaleset is allowed

  to use for subnetting.

Venue-Specific Properties

These fields are subject to change in the future. They allow for venue- specific behavior.

AWS

venue:
  aws:
    instance_type:  AWS specific instance size, such as t2.micro or m4.large

Azure

venue:
  azure:
    availability_set:
      name:  The name of tha availability set to join/create.
      platform_update_domain_count:
            The number of update domains in the AS.  The default is 2 and the max is 5.
      platform_fault_domain_count:
            The number of fault domains in the AS.  The default is 2 and the max is 3.
    hyperv_generation: To force a specific generation, use `V1` or `V2`.
    managed_identity_id: The pre-existing managed identity to assign to the instance.
                         This is useful if your instance is accessing other services
                         such as Azure Key Vault.
    vm_size: Azure specific VM size, such as `Standard_B2s`.
             If you use ultra disks you may need to specify this to get a compatible virtual machine.

Features

Connectivity

Feature	AWS	Azure
IPv6
Multiple NICs
Private IPv4	✔️	✔️
Public IPv4

Scale By

Feature	AWS	Azure
CPU Usage	✔️	✔️
Disk Latency
Disk Throughput
Memory Usage
Network In	✔️	✔️
Network Out	✔️	✔️
Requests per VM	✔️	✔️

Schedule

Feature	AWS	Azure
Always	✔️	✔️
Fixed Date
Recurring Schedule

Required Properties

cores (integer)

The total number of processing cores available to a virtual machine.

memory (size)

The amount of memory assigned to a virtual machine.

monitor (list of dict)

Describes methods by which to monitor for changes and how to change to meet demand. If not specified, the scaleset will monitor virtual machines for average CPU usage and adjust the number of running virtual machines accordingly.

check (string)

The method by which the metric values are aggregated over time.

Allowed Values:

• average

• minmax

The default value if not specified is average.

grow (dict)

Settings related to growing the scaleset based on the monitored metric.

cooldown (timespan)

The amount of time to wait before assessing the rule again.

The default value if not specified is 15 minutes.

delta (integer)

The change in the number of virtual machines to make. This cannot cause a change that is below the size minimum or above the size maximum.

The default value if not specified is 1.

duration (timespan)

The length of time the threshold must be crossed to trigger an action.

threshold (integer)

The threshold value that must be met or exceeded to trigger an action.

The value range of values depends on the metric:

Metric	Units	Range	Notes
cpu	percent	0..100
net-in	MiB/s	0..
net-out	MiB/s	0..
requests	count	0..	Concurrent requests from the network balancer, per active virtual machine.

metric (string)

The metric to to monitor.

If monitoring requests, the scaleset must be pointed to by a route in a balancer.

Allowed Values:

• cpu

• net-in

• net-out

• requests

shrink (dict)

Settings related to shrinking the scaleset based on the monitored metric.

cooldown (timespan)

The amount of time to wait before assessing the rule again.

The default value if not specified is 15 minutes.

delta (integer)

The change in the number of virtual machines to make. This cannot cause a change that is below the size minimum or above the size maximum.

The default value if not specified is 1.

duration (timespan)

The length of time the threshold must be crossed to trigger an action.

threshold (integer)

The threshold value that must be met or exceeded to trigger an action.

The value range of values depends on the metric:

Metric	Units	Range	Notes
cpu	percent	0..100
net-in	MiB/s	0..
net-out	MiB/s	0..
requests	count	0..	Concurrent requests from the network balancer, per active virtual machine.

network (▶ networking.network)

The network that this scaleset belongs to. All of the virtual machines that the scaleset creates will be inside this network. The scaleset will manage subnets for the virtual machines automatically to optimize the behavior on different venues. To control the range of the subnets that are managed by the scaleset, set the range property.

size (dict)

Sizing limits for the scaleset.

default (integer)

The initial number of virtual machines the scaleset has when created. Once metrics have been established, the scaleset will adjust the number of virtual machines. This number cannot be less than the minimum or greater than the maximum.

If not specified, the minimum value is used.

maximum (integer)

The maximum number of virtual machines the scaleset is allowed to have at a given time. This number cannot be less than the minimum. The maximum supported size is currently 100 virtual machines.

minimum (integer)

The minimum number of virtual machines the scaleset is allowed to have at a given time. This number cannot be greater than the maximum.

Optional Properties

configure (dict)

Directives that indicate how the inner configuration of the virtual machine should be processed once provisioning is complete. If you deploy a stock image without any configuration you may not be able to manage the virtual machine. Some venues require certain configure properties to provision successfully, for example Azure requires an administrative username to be specified. These configuration directives are only valid when creating a virtual machine and will be ignored without any warnings for existing virtual machines.

admin (dict)

Performs basic configuration of the virtual machine by setting an administrative username, password, and SSH public key for a single user on platforms that support those actions.

On AWS for linux instances, we inject a small cloud-init script to process this directive, therefore if userdata is specified then this stanza will be ignored. Your image must have cloud-init installed for this to work.

Azure requires this stanza to create a virtual machine therefore we recommend you populate it for a portable blueprint. These properties are delivered to the Azure Linux Agent.

password (string)

The password to assign to the administrative user during VM creation.

Requirements

Venue	OS	Supported?	Notes
AWS	Linux	No	Use public_key.
AWS	Windows	No	Use public_key.
Azure	Linux	No	Use public_key.
Azure	Windows	Yes	See Azure Docs for Windows VM Password Requirements.

public_key (public_key)

Declares a public key to use during VM creation for administrative authentication. This must contain OpenSSH Public Key content. Valid content typically begins with ssh-rsa.

Requirements

Venue	OS	Supported?	Notes
AWS	Linux	Yes
AWS	Windows	Yes	AWS will generate a random password that you can retrieve using the AWS Console, CLI, or API and then decrypt with your private key.
Azure	Linux	Yes
Azure	Windows	No	Use password instead.

username (string)

The username to assign to the administrative user during VM creation. On Linux instances this user will receive sudo privileges, and on Windows instances this user will be an Administrator.

Requirements

Venue	OS	Supported?	Notes
AWS	Linux	Yes
AWS	Windows	No	The Administrator account is always used.
Azure	Linux	Yes
Azure	Windows	Yes	See Azure Docs for Windows VM Username Requirements.

secrets (⏩ security.secret)

On Azure, a Managed Identity for the virtual machine will be added to the Key Vault to enable reading secrets. See the Microsoft documentation for how to use managed identities to read the secret from Key Vault as part of your bootstrapping code. Tip: setting the key_vault_name on the secret makes the URL to the vault predictable.

This currently does nothing on AWS.

userdata (dict)

Performs inner configuration of virtual machines after first boot by using a cloud-init, shell, batch, or powershell script. When this is declared, the admin stanza will be ignored for AWS linux instances and it becomes the blueprint author's responsibility to properly configure the administrative user's rights on the instance (to sudo, for example).

content (string)

An arbitrary configuration script for the virtual machine that is executed once at first boot. This method of configuration supports cloud-init, shell, batch, or powershell scripts. The maximum length of this script is 16 KiB. You should avoid putting any secrets into this data.

If you are using cloud-init, the Cloud config examples is a great place to find recipes for using cloud-init effectively.

Venue-Specific Help Pages

For detailed information about how each venue handles userdata for each operating system type, refer to the table below.

Venue	OS	Documentation
AWS	Linux	AWS Linux Docs
AWS	Windows	AWS Windows Docs
Azure	Linux	Azure Linux Docs
Azure	Windows	Azure Windows Docs

type (string)

The type of script in content. cloud-init script content must begin with the line:

#cloud-init

shell script content must begin with a shebang.

Allowed Values:

• batch

• cloud-init

• powershell

• shell

disks (⏩ storage.disk)

The disk(s) connected to a virtual machine. These disks are in addition to any disks already present in the image used to create the virtual machine.

firewall (▶ networking.firewall)

The firewall applied to packets arriving at virtual machines that this scaleset creates. Use a firewall to maintain a high level of security by restricting data flows to only desired traffic patterns. The firewall for a scaleset is usually maintained automatically based on the services that consume it, such as a balancer. You can provide a firewall here with rules that are processed before the automation to handle special cases such as providing maintenance access to the scaleset virtual machines.

image (▶ compute.image)

The image a virtual machine is cloned from. This will provide content for the boot disk, and possibly other disks as well if the image contains more than one disk.

provides (⏩ networking.service)

Declares networking service flows provided by the virtual machine(s) that the scaleset manages. This typically means that the service is listening for connections and behaving as a server. You will also need to update the firewall rules to allow the traffic to get to the virtual machine(s).

range (cidr)

One or more CIDR that define the usable network range(s) of the subnets managed by the scaleset. If this property is omitted then Tuono will reverse-scan your network for available ranges as needed and automatically allocate them. This range must be within the network range.

Example(s):

• 10.0.254.0/24

reap (string)

Describes the scale-in behavior of the scaleset:

• default means the venue decides which virtual machine to eliminate.

  This behavior may be different on each venue.

• newest means the newest virtual machine provisioned will be

  eliminated.

• oldest means the oldest virtual machine provisioned will be

  eliminated.

Allowed Values:

• default

• newest

• oldest

The default value if not specified is default.

scope (string)

Limits fundamental connectivity for any subnet(s) the scaleset manages. A private-with-internet subnet allows outbound Internet, but no inbound Internet. A private-no-internet subnet does not allow Internet access, but allows traffic with other subnets. And, an isolated subnet does not allow Internet traffic, or even traffic with hosts on other subnets (by default). Firewalls can be used to update the allowed traffic. Private subnets can be on either a public or private network. Isolated subnets can be on any network.

Allowed Values:

• private-with-internet

• private-no-internet

• isolated

The default value if not specified is private-no-internet.

zones (list)

The availability zone numbers that the scaleset is allowed to place virtual machines into. If this value is not specified then any availability zone in the region may be used. This property cannot be updated on an existing scaleset.

Common Properties

count (integer)

Indicates how many of this scaleset should exist. When count is specified the name of the given resource will have a hyphen and numeric suffix added automatically, unless the count variable is referenced in the blueprint object name.

depends_on (⏩ any)

This property can be used to declare a dependency from this scaleset to any other object in the blueprint. This is not necessary for dependencies generated normally by the schema.

folder (▶ location.folder)

The folder containing this scaleset. If this is not specified and there is only one folder defined, that folder is used automatically.

name (string)

The name of this scaleset. The name can be different than the blueprint object name. When the name property is not present we apply automatic naming strategies to make resources easier to identify in each venue's management console. When the name property is specified we will use it exactly as specified.

readonly (boolean)

Indicates whether or not this scaleset is read-only. If so, we verify only the existence and correctness of this scaleset to its specification rather than creating or modifying it.

The default value if not specified is false.

tags (dict)

The tags to place on this scaleset. Tags are metadata stored in (key = value, ...) form. Consumers are not allowed to use tags that begin with _tuono as those are reserved.

Discovered Properties

These properties are populated and available in the inventory following a successful apply.

id (string)

The venue-specific identifier of this scaleset.

type (string)

The venue-specific instance type of a virtual machine.

uuid (uuid)

The universally unique identifier for this scaleset. This identifier is typically available inside a vm by inspecting the SMBIOS properties.

Examples

Define a scaleset with each virtual machine having 1 core, 2gb memory. The scaleset will manage a subnet for the virtual machines to hide the complexities of proper configuration on each venue. The scaleset initially makes 3 virtual machines, can shrink to 2 and grow to as many as 4. Venue quota limits on instance count or cpu usage apply based on the maximum. This scaleset monitors the average cpu usage and adjusts the number of virtual machines appropriately. The provides property allows a balancer (not shown) to route to the scaleset through a service:

compute:
  image:
    example-image:
      product: UbuntuServer
      publisher: Canonical
      sku: 18.04-LTS
  scaleset:
    example:
      configure:
        admin:
          password: not_a_g00d_passw0rd
          username: adminuser
      cores: 1
      image: example-image
      memory: 2 GB
      monitor:
        - grow:
            cooldown: 15 min
            duration: 5 min
            threshold: 75
          metric: cpu
          shrink:
            cooldown: 1 h
            delta: 2
            duration: 5 m
            threshold: 25
      network: example-network
      provides: internal-http-dev
      size:
        default: 3
        maximum: 4
        minimum: 2
      tags:
        wicked: cool
location:
  folder:
    example-folder:
      region: example-region
  region:
    example-region:
      area: west
      country: USA
networking:
  network:
    example-network:
      range: 10.0.0.0/8
      scope: public
  service:
    internal-http-dev:
      health_check:
        healthy_attempts: 3
        healthy_responses: 200-202,302,303 - 304, 388, 399
        interval: 20
        path: /about.php
        timeout: 5
        unhealthy_attempts: 3
      port: 8080
      protocol: http