Infrastructure Abstraction Layer
Cycle's Infrastructure Abstraction Layer (IAL) enables developers to extend the Cycle platform into infrastructure beyond what Cycle natively supports. This infrastructure can range from another cloud provider to on-premises setups within data centers or office buildings. With sufficient RAM and disk, it is even possible to manage IoT devices.
By expanding the Cycle platform, organizations gain the infrastructure and devops benefits enabled by Cycle but with more flexibility in terms of deployments.
Prerequisite
While Cycle aims to utilize any commodity infrastructure with an internet connection, there are a few important requirements to be aware of:
Hardware Requirements (Compute Servers):
- Minimum of 4GB RAM
- An x86 processor
x86 Required
CycleOS currently does not support ARM.
- Minimum of 45GB of disk space, though 100GB+ is recommended for general purpose deployments.
CycleOS will attempt to allocate 35GB of disk space for its base volume. This base volume is used to store:
- CycleOS logs (~150Mb)
- CycleOS updates (~100Mb)
- Container Images
- Storage for any files written outside of persistent volumes.
- The base volume can be increased after the server is online.
- While not required, an SSD or NVME disk is highly recommended.
Network Requirements (Compute Servers):
- A 20Mbps+ public internet connection.
- A minimum of 1 static IPv4 address.
- The Compute server (host) will utilize one ip address itself. Every load balancer instance will consume its own IP addresses. If this server was going to host 4 load balancers, for different environments, it would need a total of 5 static ips.
- IPv6 support is highly recommended, but not required. Cycle can be configured to use IPv4-only, IPv6-only, or dual stack.
Software Requirements (Compute Servers):
-
IPXE / PXE support
- CycleOS is a read-only operating system built specifically for running containers. The OS is very lightweight / barebones to limit attack surface and legacy code.
- CycleOS is never written to disk, and lives purely in RAM. Every time a server is rebooted, a fresh version of CycleOS is pulled. This process enables the Cycle platform to mitigate security risks while also ensuring the entire software stack stays modernized.
- For example, CycleOS ships with a modern mainline kernel that is automatically maintained by the Cycle team.
- Cycle has both an IPXE ISO and an IPXE EFI image to pull CycleOS.
-
Metadata or DHCP support
- When a server with CycleOS boots it utilizes a 'node-setup' container, maintained by Cycle, to configure basic networking and storage configurations. This node-setup container must be able to learn, from an outside source, how to configure the network for the desired machines. As of now, there is no way to manually configure static IP interfaces within Cycle.
Software Requirements (Integration):
-
The ability to build and publicly serve a highly-available API.
- Cycle's IAL is built around the idea of extending Cycle's internal infrastructure provisioning system with custom APIs. Cycle maintains a git repository of the required spec definitions and endpoints needed for IAL support.
- The git repository can be found here: https://github.com/cycleplatform/integrations
Setup and Integration
Before continuing with setup and integration, it's critical to first read, understand, and be able to satisfy the requirements above. Assuming the requirements can be met, we can begin configuring IAL.
Context around the IAL API
Before diving into the infrastructure setup, we must first build the IAL integration. When complete, Cycle will utilize this API to:
- Discover which locations / regions it can deploy servers to.
- Which servers / server models are available in each respective location
- Configure a location, per hub, on first server provision
- Provision / decommission a server
- Check the status of a provisioning server
- Reboot a server
- Request / release an IP address
Building the IAL API
As mentioned above, this API will need to be publicly accessible from the Cycle platform. Additionally, the IAL API follows the same JSON specification as Cycle's primary API.
As of June 21st, 2022, a full integration requires the following endpoints. It is recommended that you develop your integration in the order of the calls listed below as many endpoints require existing data / resources before they can be utilized.
Method | Endpoint | Description |
---|---|---|
POST | /v1/auth/verify | Enables Cycle to verify that user-specified credentials can properly authorize with the desired IAL implementation. |
GET | /v1/infrastructure/provider/locations | Cycle will utilize this call to learn which locations it is able to deploy servers to. |
GET | /v1/infrastructure/provider/server-models | This endpoint helps Cycle learn which server types / models it is able to deploy (and which locations those servers can be deployed to) |
POST | /v1/location/configure | This endpoint will be called before every server provision to enable an IAL integration to make location-specific customizations prior to starting servers. For example, with Cycle's native integration with AWS, we utilize this call to configure subnets and VPCs. |
POST | /v1/infrastructure/server/provision | Cycle will utilize this endpoint to start the provision of a server. |
POST | /v1/infrastructure/server/provision-status | Cycle will use this endpoint to track the status of a provision and, when complete, authorize a server to pull CycleOS via IPXE. |
POST | /v1/infrastructure/server/restart | Cycle will call this endpoint whenever a request has been made, with the platform, to restart a server. |
POST | /v1/infrastructure/server/decommission | Cycle will begin a decommission once a user initiates a 'delete' within the portal / API. This call will only occur after a server no longer has any IPs or instances assigned to it. |
POST | /v1/infrastructure/ip/allocate | This endpoint enables Cycle to allocate IP addresses which, most commonly, are utilized for environment load balancers. |
POST | /v1/infrastructure/ip/release | When an IP is no longer needed, Cycle will release it using this API endpoint. |
Code Considerations
All requests, from Cycle into an IAL integration, will exist within a 'RequestWrapper' which contains two to-level fields: 'auth' and 'request':
- The Auth object contains a number of optional fields which can be set depending on the requirements of the underlying integration. Cycle will populate all auth credentials specified on the platform's side.
- The Request object, from a Golang perspective, is a raw JSON message that will need to be decoded on successful authorization.
All responses back to the platform must follow the JSON API spec utilized for Cycle's primary API.
With this spec, all responses must be wrapped in a Response object containing top-level data
and error
fields.
In the IAL type definitions, fields follow two naming conventions:
- Fields ending in "Id": These are user-specified and unique.
- Example:
ServerId
is an identifier set by the IAL integration to represent a server on the IAL side (not in Cycle).
- Example:
- Fields ending in "ID": These are generated by Cycle and used to refer to specific objects after they've been created.
Additionally, many IAL request objects contain a Cycle
field. This field should be considered meta information and can be used on the IAL client side to associate objects with Cycle-generated identifiers if helpful.
Connecting an IAL Integration
After implementing the API endpoints, the IAL client API must be hosted on a publicly accessible server for Cycle to access. The URL for this server must:
- Be publicly resolvable
- Be open to all IP traffic (with future restriction options planned)
To connect Cycle to the API:
- Log in to Cycle's portal.
- Navigate to Infrastructure, then Providers, and click “Add a Provider.”
- In the modal that appears, select Custom / Abstraction and insert the base URL where Cycle can access the IAL endpoints.
- Click Add to create the integration.
Once added, a new tile will appear for the integration.
- Click Verify to begin the validation process. Cycle will then verify the API endpoints and authorization credentials.
- Upon successful verification, Cycle will call
/v1/infrastructure/provider/locations
and/v1/infrastructure/provider/server-models
to retrieve the available regions and server models that can be deployed. - Cycle will automatically synchronize with the
provider/locations
andprovider/server-models
endpoints every six hours to stay updated on availability.
Provisioning a Server
Once an IAL integration is verified and the locations and server models are synced, infrastructure provisioning can begin using Cycle's standard API calls and portal.
The provisioning process works as follows:
- A request for a new server is initiated.
- Cycle calls the
/v1/infrastructure/server/provision
endpoint, passing the following information:- Desired server model
- Hostname for the server
- Location for the server
- Any other relevant details
- After a short delay, Cycle will begin calling
/v1/infrastructure/server/provision-check
every 5-10 seconds to check the provisioning status. - Upon successful provisioning, the
/v1/infrastructure/server/provision-check
endpoint must return aProvisionServerStatus
response object, which includes:- Confirmation of successful provisioning
- Authentication details required for the server to pull CycleOS during its boot process
Without these authentication credentials, the server will not be able to retrieve CycleOS.
After this point, all functionality within Cycle should work normally, provided that all IAL endpoints have been properly developed and return the correct responses upon success.
Booting a Server
After a successful provision, the server will begin using iPXE (via either an ISO or EFI executable) to pull CycleOS.
The process works as follows:
- iPXE will attempt to pull CycleOS.
- If the proper authentication credentials were not specified via a successful provision from the
provision-check
endpoint, this request will result in a "Permission Denied" error.
- If the proper authentication credentials were not specified via a successful provision from the
- Once iPXE successfully pulls CycleOS:
- The operating system will use DHCP or a metadata service to self-configure networking.
- A "best guess" strategy will be applied to configure storage within the server.
Important Notes:
Important Notes
- CycleOS is never installed to disk.
All storage is used solely for storing container images, container data, and log files.