Introduction

Using eryph powershell client

The eryph powershell client is installed with eryph-zero and is currently the only client we support for eryph.
This guide provides some general information about using the Powershell client.
A complete reference of commands can be found here.

General Information

Eryph provides a REST based API to interact with it. Eryph-zero has two separate APIs:

  • Identity API
  • Compute API

The Identity API is used to manage identity clients. See Security for details.

The Compute API is used to manage compute resources such as catlets, disks, and additionally projects and networks.

Operations
Most commands in the compute API that modify a resource return an operation. Operations are long-running tasks that can contain multiple steps and provide a log of the progress of the command.

# list all operations
Get-EryphOperation

# Get a single operation with it's logs
Get-EryphOperation [Id] -WithLogs

However, you don't normally need to worry about operations, as almost all commands that perform an operation in eryph internally wait for the operation status and also provide logging in the verbose output. If you use the NoWait option on these commands, the started operation is returned instead, which you can use to implement your own monitoring.

Credentials
All eryph client commands have a Credentials argument that accepts the response from the Get-EryphClientCredentials command. If you don't specify credentials, the command will look up the default client configuration ( see Client Configuration ) or, if available, try to look up the system client.

The system client is a built-in client available only to local administrators of the eryph-zero host. Therefore, by default, you must run PowerShell in an elevated PowerShell prompt to access the system client if no client configuration has been configured.

See Security for information about how to create a custom client to provide access for non-admins.

Basic catlet operations

Get catlets / Pipeline input

To get catlets you use the Get-Catlet command.

# list all catlets
Get-Catlet

# get a single catlet
Get-Catlet [Id]  

# get catlet by name 
$catletName = "[name]"
Get-catlet | where Name -eq $catletName

The output of the Get-Catlet command can also be used as pipeline input for all commands that operate on a catlet:

get catlet by name and starts it
$catletName = "[name]"
Get-catlet | where Name -eq $catletName | Start-Catlet

Create and remove catlets

Catlets can be created with the command New-Catlet.
This command expects a JSON or YAML catlet specification as input.

$spec = "[catlet spec content]"
New-Catlet -InputObject $spec

# or to read from file
gc catlet.yaml | New-Catlet

To remove a catlet you have to provide the existing catlet or it's id as input:

get catlet by name and starts it
$catletName = "[name]"
Get-catlet | where Name -eq $catletName | Remove-Catlet

# or by id
Remove-Catlet [Id]

Update catlets

Updating catlets requires both the catlet specification and catlet id as input. Therefore the specification cannot be passed from the pipeline:

$catletName = "[name]"
$spec = gc spec.yaml -Raw #use raw to load file as string
Get-catlet | where Name -eq $catletName | Update-Catlet -Config $spec

To update a catlet from the current configuration you can lookup the current configuration of a catlet with following command:

Get-Catlet -Config

Projects & Networks

Projects in eryph are used to isolate catlets of different projects from each other. Catlets and volumes assigned to a project can only be accessed by users that are project members in the project.
In addition projects provide virtual networks visible only within the project.

Create projects and members

Projects can be created with the New-EryphProject command. If you create a project your user will be automatically added as owner of the project, except if it is the system-client which always has access to all projects. To add additional members use the Add-EryphProjectMemberRole command. However, as this command requires the member id as input, you also have to lookup the member id first. Here a full example:

Get-EryphClient # list clients to find out client id

$clientId = '[clientId]'

New-EryphProject myProject
Add-EryphProjectMemberRole `
    -MemberId $clientId `
    -ProjectName myProject `
    -Role Contributor  # or owner/reader

Deleting projects

Projects can be deleted with the Remove-EryphProject command.
Please note that all resources within the project will be deleted with the project, including catlets and disks!

Project networks

Virtual networks in eryph are always bound to a project.
When a project is created a default network will be created for the project. So there is no need to create networks.

In case you would like to modify a project network you can read it with the Get-VNetwork -Config command and update it with Set-VNetwork command:

$projectName = "myProject"
$network = Get-VNetwork -Config `
    -ProjectName $projectName

# after changing network import it again
$network | Set-VNetwork -ProjectName $projectName

Client Configuration

Client configurations store used credentials and endpoints for eryph services.

By default, there is no client configuration, so the powershell commands always fall back to the system client, which is fine if you are working with admin credentials anyway.

However, a more secure way to work with eryph is to use dedicated clients. This is required for remote access.

Client configurations are managed with the commands Get-EryphClientConfiguration, Add-EryphClientConfiguration, Set-EryphClientConfiguration and Remove-EryphClientConfiguration.

Please read the following explanations of how these commands work.

Configurations

Eryph client settings are grouped into Configurations. You can create as many configurations as you need. However, there are 2 configurations that have a special meaning:

  • zero
    This is a special configuration group used only for eryph-zero hosts. It doesn't store the endpoints for eryph in the configuration. Instead, endpoints are always looked up from the running zero instance on the same host.
  • default
    This is the configuration where clients will try to look up credentials first. Use this group for clients with remote access to eryph-zero hosts.

Avoid using other configurations for eryph-zero

Multiple configuration groups are intended for use cases where a large number of configurations need to be managed. Since eryph-zero installations are small by design, it's recommended to use only zero (local use) and default configuration (remote access).

Configuration Stores

Eryph client supports 3 configuration storage locations that can be used in parallel:

  • System store
    System-wide client configurations. These are available to every user on your system. You can use the system-wide configuration to set up preconfigured endpoints for all your users.
  • User Store
    This is the default configuration store that stores credentials and endpoints in the user profile.
  • Directory Store
    This is a store limited to the current directory. This type of configuration store is useful if you are already working with a repository and want to store endpoint configurations with the repository, excluding credentials.

The effective configuration for a client will be merged automatically from all 3 stores in the order above.

To work with configuration stores, you can use the Set-EryphConfigurationStore command, which allows you to configure where you want to store which settings. The command has the arguments Clients, Endpoints or Defaults. For each of these arguments, you can change the preferred configuration store.

Default configurations

You can store multiple credentials in the same configuration store. One of these credentials can be set as the default credential. You can use the `Set-EryphClientConfiguration' commands to change the default configuration.

Creating eryph-zero configurations

To create a local client configuration for eryph-zero you first need a identity client and its credentials. The New-EryphClient command has a shortcut option to directly write a new created client to the current store:


# assuming that we would like to create a 
# client for a repository folder we can create the client
# configuration directly from New-EryphClient 

# first configure store to local directory
Set-EryphConfigurationStore -All CurrentDirectory
New-EryphClient repo-client `
  -AllowedScopes compute:write `
  -AddToConfiguration -AsDefault

The current folder now contains a directory .eryph that contains both the client settings and the private key of the client.

Now we use the same folder, however this time, we store the client in user profile and only the default settings in the folder:


# first remove existing folder
Remove-Item .eryph -Recurse -ErrorAction SilentlyContinue

# switch back to user store first
Set-EryphConfigurationStore -All User

# use local directory only for defaults
Set-EryphConfigurationStore -Defaults CurrentDirectory
New-EryphClient repo-client2 `
  -AllowedScopes compute:write `
  -AddToConfiguration -AsDefault

The .eryph directory will now contain only the zero.config file that sets the configuration as default.

Previous
eryph-zero