Known issues:
triton ssh ...
disables ssh ControlMaster to avoid issue #52.(nothing)
[Backward incompatible.] triton image get NAME|SHORTID
will now exclude
inactive images by default. Before this change inactive images (e.g. those
with a state of “creating” or “unactivated” or “disabled”) would be
included. Use the new -a,--all
option to include inactive images. This
matches the behavior of triton image list [-a,--all] ...
.
[joyent/node-triton#258] triton instance create IMAGE ...
will now exclude
inactive images when looking for an image with the given name.
tritoncli.ssh.proxy
tag is set
on an instance, triton ssh
will look up the name or UUID of the proxy
instance and use ssh -o ProxyJump
to tunnel the connection to the target.
If the tritoncli.ssh.ip
tag is set on an instance, triton ssh
will use
that IP address instead of the primaryIp
when making its connection.triton network create
and triton vlan create
. In
particular, it is now possible to specify static routes and DNS resolvers.triton network get-default
when
no default network is set on the account.triton profile list
if
only some of the minimal TRITON_
or SDC_
envvars are defined.triton network
and triton vlan
commands, for
creating/changing/removing network fabrics and VLANs.triton inst get --credentials ...
option to match
triton inst list --credentials ...
for including generated credentials
in instance metadata.triton profile
now generates fresh new keys during
Docker setup and signs them with an account key, rather than copying (and
decrypting) the account key itself. This makes using Docker simpler with keys
in an SSH Agent.triton image clone
command.triton create
command to
provision from a shared image (or clone the image then provision from the
clone).triton image copy
cli
command. Example: triton -p us-east-1 image cp my-custom-image us-sw-1
This release containes some breaking changes with the --affinity flag to
triton instance create
. It also does not work with cloudapi endpoints older
than 8.0.0 (mid 2016); for an older cloudapi endpoint, use node-triton 5.9.0.
triton instance create --affinity=...
. It now fully supports regular
expressions, tags and globs, and works across a wider variety of situations.
Examples: # regular expressions
triton instance create --affinity='instance!=/^production-db/' ...
# globs
triton instance create --affinity='instance!=production-db*' ...
# tags
triton instance create --affinity='role!=db'
See https://apidocs.joyent.com/cloudapi/#affinity-rules for more details how affinities work.
However:
triton instance create --deletion-protection ...
,
triton instance enable-deletion-protection ...
, and
triton instance disable-deletion-protection ...
. This flag is only supported
on cloudapi versions 8.7.0 or above.triton instance nic get ...
triton instance nic create ...
triton instance nic list ...
triton instance nic delete ...
triton instance create --nic <Network Object> IMAGE PACKAGE
triton instance create --brand=bhyve ...
.
The rest of bhyve support will remain, but selection of bhyve brand will
happen via images or packages that are bhyve-specific.triton instance
create --brand=bhyve ...
option that can be used for zvol images that support
it. Note that bhyve support is alpha in TritonDC -- most datacenters won’t yet
support this option.triton image share
and
triton image unshare
commands.triton network ip update
triton network ip list NETWORK
triton network ip
.triton instance list tag.foo=bar
.triton volume sizes
subcommand.triton instance create --volume VOLUME ...
.triton -r,--role ROLE ...
option to be TRITON_ROLE
instead of
MANTA_ROLE
.triton -r,--role ROLE ...
option for taking up
an RBAC role. This was introduced in v4.12.0 and was accidentally broken
in v5.0.0.triton volume ls -l
should output a RESOURCE
column.[joyent/node-triton#173], [joyent/node-triton#174] and
[joyent/node-triton#175] Add support for creating and managing NFS shared
volumes. New triton volume
commands are available:
triton volume create
to create NFS shared volumestriton volume list
to list existing volumestriton volume get
to get information about a given volumetriton volume delete
to delete one or more volumesUse triton volume --help
to get help on all of these commands.
Note that these commands are hidden for now. They will be made visible by default once the server-side support for volumes is shipped in Triton.
triton ssh ...
if the
instance’s image doesn’t have any tags.cliSetupTritonApi
returns error (this includes e.g. supplying an incorrect key fingerprint,
which no longer results in a cryptic stack trace and crash)triton profile create|docker-setup
breakage
with latest “17.03.*” versions of docker
installed.triton profile edit ...
to work with an
“EDITOR” environment variable with quotes and spaces.triton profile create
will no longer use ANSI
codes for styling if stdout isn’t a TTY.-y, --yes
options to triton profile create
and triton profile docker-setup
to allow non-interactive setup.[joyent/node-triton#108] Support for passphrase-protected private keys.
Before this work, an encrypted private SSH key (i.e. protected by a
passphrase) would have to be loaded in an ssh-agent for the triton
CLI to use it. Now triton
will prompt for the passphrase to unlock
the private key (in memory), if needed. For example:
$ triton package list
Enter passphrase for id_rsa: <passphrase entered interactively here>
SHORTID NAME MEMORY SWAP DISK VCPUS
14ad9d54 g4-highcpu-128M 128M 512M 3G -
14ae2634 g4-highcpu-256M 256M 1G 5G -
...
BREAKING CHANGE for module usage of node-triton. To implement joyent/node-triton#108, the way a TritonApi client is setup for use has changed from being (unrealistically) sync to async.
Client preparation is now a multi-step process:
keyId
); and,createClient
has changed to take a callback argument. It will create and
init the client (steps 1 and 2) and takes an optional unlockKeyFn
parameter
to handle step 3. A new mod_triton.promptPassphraseUnlockKey
export can be
used for unlockKeyFn
for command-line tools to handle prompting for a
passphrase on stdin, if required. Therefore what used to be:
var mod_triton = require('triton');
try {
var client = mod_triton.createClient({ # No longer works.
profileName: 'env'
});
} catch (initErr) {
// handle err
}
// use `client`
is now:
var mod_triton = require('triton');
mod_triton.createClient({
profileName: 'env',
unlockKeyFn: mod_triton.promptPassphraseUnlockKey
}, function (err, client) {
if (err) {
// handle err
}
// use `client`
});
See the examples/ directory for more complete examples.
Low-level/raw handling of the three steps above is possible as follows (error handling is elided):
var mod_bunyan = require('bunyan');
var mod_triton = require('triton');
// 1. create
var client = mod_triton.createTritonApiClient({
log: mod_bunyan.createLogger({name: 'my-tool'}),
config: {},
profile: mod_triton.loadProfile('env')
});
// 2. init
client.init(function (initErr) {
// 3. unlock key
// See top-comment in "lib/tritonapi.js".
});
[joyent/node-triton#143] Fix duplicate output from ‘triton rbac key …’.
[joyent/node-triton#157] Add triton instance resize ...
command and
TritonApi.resizeInstance
method.
[joyent/node-triton#129] Fix triton reboot --wait
to properly wait. Before
it would often return immediately, before the instance started rebooting.
Add --wait-timeout N
option to triton reboot
.
Also add TritonApi#rebootInstance()
api method.
[joyent/node-triton#166] Update sshpk to fix issue with the TLS client cert
created by triton profile docker-setup
so that it doesn’t create a cert that
Go’s TLS library doesn’t like.
[joyent/node-triton#156] Providing all required profile options as command line flags (account, url, keyId) no longer produces an incomplete profile error.
PUBAPI-1171/PUBAPI-1205/PUBAPI-1351 The handling of legacy SDC_*
environment variables has been cleaned up. These environment
variables are used for compatibility with the node-smartdc toolset.
SDC_TESTING
is now evaluated the same way as node-smartdc. Any
set value but the empty string is true.triton env
will emit additional comments grouping variables.[joyent/node-triton#80] Add triton network list public=true|false
filtering. Note that this filtering is client-side.
[joyent/node-triton#146] Add --wait
flag to triton instance rename
.
[joyent/node-triton#133] Add triton inst fwrule list
and triton fwrules
shortcuts for the existing triton inst fwrules
and triton fwrule list
,
respectively.
[joyent/node-triton#3] triton ssh command not aware of “ubuntu” login for ubuntu-certified images.
[joyent/node-triton#137] Improve the handling for the getting started case when a user may not have envvars or a profile setup.
[joyent/node-triton#158] tritonapi image cache never expires
[joyent/node-triton#153] Bump restify-clients dep. Thanks, github.com/tomgco.
[trentm/node-dashdash#30, joyent/node-triton#144] Change the output used by Bash completion support to indicate “there are no completions for this argument” to cope with different sorting rules on different Bash/platforms. For example:
$ triton -p test2 package get <TAB> # before
##-no -tritonpackage- completions-##
$ triton -p test2 package get <TAB> # after
##-no-completion- -results-##
triton profile create --copy <TAB>
triton ls
output.[#120] Don’t fail triton instance list
if the retrieval of image info
(retrieved to get image name and version, as a bonus) fails with an
authorization error -- in case it is an RBAC failure where a subuser can
ListMachines, but not ListImages.
[#113] Usage errors now some “error help”, including option or command
synopses. Some examples (the new thing is marked with >
):
$ triton create
triton instance create: error (Usage): incorrect number of args
> usage: triton instance create [OPTIONS] IMAGE PACKAGE
$ triton image ls --bogus
triton image ls: error (Option): unknown option: "--bogus"
> usage: triton image ls [ --help | -h ] [ --all | -a ] [ -H ] [ -o field1,... ]
> [ --long | -l ] [ -s field1,... ] [ --json | -j ] ...
$ triton in
triton: error (UnknownCommand): unknown command: "in"
> Did you mean this?
> info
> inst
triton -r,--role ROLE ...
option to take up an RBAC role(s).triton completion
, broke a while back.triton env --unset,-u
option to emit environment commands to unset
relevant envvars.triton env
from triton --help
output.[#82] Affinity (a.k.a. locality hints) support for instance creation, e.g.:
# Use same server as instance 'db0':
triton create -a instance==db0 ...
triton create -a db0 ... # shortcut for same thing
# Use different server than instance 'db0':
triton create -a 'instance!=db0' ...
# *Attempt* to use same server as instance 'db0', but don't fail
# if cannot. This is called a "non-strict" or "soft" rule.
triton create -a instance==~db0 ...
# *Attempt* to use a different server than instance 'db0':
triton create -a 'instance!=~db0' ...
“Affinity” here refers to providing rules for deciding on which server
a new instance should by provisioned. Rules are in terms of existing
instances. As a shortcut, ‘inst’ can be used in place of ‘instance’
above (e.g. triton create -a 'inst!=db0' ...
).
[#46] Initial support for triton
helping setup and manage configuration for
using docker
against a Triton datacenter. Triton datacenters can provide
a Docker Remote API endpoint against which you can run the normal docker
client. See https://www.joyent.com/triton for and overview and
https://github.com/joyent/sdc-docker for developer details.
triton profile create
will now setup the profile for running Docker,
if the Triton datacenter provides a docker endpoint. The typical flow
would be:
$ triton profile create name: foo … $ triton profile set foo # make foo my default profile $ eval “$(triton env --docker)” # set ‘DOCKER_’ envvars $ docker info
This profile setup for Docker requires making requests to the
CloudAPI endpoint which can fail (e.g. if CloudAPI is down, credentials
are invalid, etc.). You can use the --no-docker
option to skip
the Docker setup part of profile creation.
For existing Triton CLI profiles, there is a new triton profile
docker-setup [PROFILE]
.
$ triton profile docker-setup $ eval “$(triton env --docker)” $ docker info
triton env
will now emit commands to setup DOCKER_
envvars. That
can be limited to just the Docker-relevant env via triton env --docker
.
triton ip <inst>
to output the instance’s primaryIptriton ssh ...
. In version 4.6.0, triton ssh ...
interactive sessions were broken. This version reverts that change and adds
a workaround for #52 (by disabling ControlMaster when spawning ssh
).
See https://github.com/joyent/node-triton/issues/52 for details.triton profile set -
to set the last profile as current.instance enable-firewall
and instance disable-firewall
Known issue: triton ssh
interactive sessions are broken.
Upgrade to v4.7.1.
triton create <TAB to complete images> <TAB to complete packages
,
triton inst tag ls <TAB to complete instances>
. Cached (with a 5 minute
TTL) completions for the following data are supported: instances, images,
packages, networks, fwrules, account keys.
See triton completion --help
for adding/updating Bash completion.triton profile set ...
alias for set-current
Known issue: triton ssh
interactive sessions are broken.
Upgrade to v4.7.1.
triton inst get ID
for a deleted instance will now emit the instance
object and error less obtusely. This adds a new InstanceDeleted
error code
from TritonApi
.triton fwrule ...
triton inst snapshot ...
triton image create
in v4.5.0. (By Kris Shannon.)triton inst create ...
is broken if “images.json” cache file
is missing. (By Kris Shannon.)triton
CLI should summarize err.body.errors
from CloudAPI
Per https://github.com/joyent/eng/blob/master/docs/index.md#error-handling,
CloudAPI error response will sometimes have extra error details to show.triton profile ls
and triton profile set-current
work
when there is no current profile.triton.createClient(...)
creation without requiring a
configDir
. Basically this then fallsback to a TritonApi
with the default
config.triton
on Windows.
Note: Triton config is stored in “%APPDATA%/Joyent/Triton/…” on Windows,
“~/.triton/…” on other platforms.triton image delete IMAGE
triton instance get NAME
to make sure it gets the dns_names
CNS
field.triton image list
doesn’t include Docker images, at
least currently.Bad release. Use >=4.3.1.
triton image create ...
and triton image wait ...
triton image
to still return image details even when it is not in ‘active’ statetriton account update <TAB>
.
This isn’t perfect because a space is added after completion of “FIELD=”,
but hopefully is helpful.triton account update ...
Unhide triton completion
so hopefully more find it and use it.
node-triton#73 triton instance list --credentials
to include
“metadata.credentials” in instance listing.
node-triton#35 More easily distinguish KVM and LX and Docker images and instances.
In PUBAPI-1161 CloudAPI (v8.0.0) started exposing IMG.type, INST.brand and INST.docker. One of the main issues for users is that telling KVM ubuntu from LX ubuntu is confusing (see also joyent/smartos-live#532).
tl;dr:
triton image list
default output now includes the type
instead of
state
. The state
column is still in output with -l
, -j
,
-o state
.triton instance list
default output now includes a flags
column
instead of primaryIp
. The ’D’ and ‘K’ flags identify Docker and KVM
instances.triton instance list -l
includes the brand.Default output examples showing the various cases (and the attempt to stay within 80 columns):
$ triton imgs
SHORTID NAME VERSION FLAGS OS TYPE PUBDATE
1bd84670 minimal-64-lts 14.4.2 P smartos zone-dataset 2015-05-28
b67492c2 base-64-lts 14.4.2 P smartos zone-dataset 2015-05-28
ffe82a0a ubuntu-15.04 20151105 P linux lx-dataset 2015-11-05
8a1dbc62 centos-6 20160111 P linux zvol 2016-01-11
$ triton insts
SHORTID NAME IMG STATE FLAGS AGE
da7c6edd cocky_noyce 3d996aaa running DF 10m
deedeb42 ubu0 ubuntu-15.04@20151105 running - 9m
aa9ccfda mini2 minimal-64-lts@14.4.2 running - 9m
e8fc0b96 centi0 centos-6@20160111 running K 8m
Filtering instances on docker=true
:
$ triton insts docker=true
SHORTID NAME IMG STATE FLAGS AGE
da7c6edd cocky_noyce 3d996aaa running DF 13m
Add triton env -t
to be able to emit a shell environment to configure triton
itself.
This allows one to have the following Bash function to select a Triton profile for
triton
and node-smartdc tooling:
function triton-select { eval $(triton env $1); }
[backwards incompat] #66 New consistent triton
CLI style. See the
issue for discussion.
The major changes is that where some sub-commands used to be some flavour of:
triton things # list all the things
triton thing ID # get a thing
triton thing -a ID # create a new thing
Now commands are consistently:
triton thing list # list all the things
triton thing get ID # get a thing
triton thing create ... # create a new thing
...
The most annoying incompatility is the need for “get” to get a thing. E.g.:
BEFORE AFTER
triton img blah triton img get blah
triton inst web0 triton inst get web0
For listing things, there is typically a shortcut with
the old form, e.g. triton images
is a shortcut for
triton image list
.
Currently all of the CLI except the experimental triton rbac ...
is converted to the new consistent style.
[backwards incompat] triton whoami
was dropped. This used to be a shortcut
for triton account get
. It could possibly come back.
Much improved Bash
completion. See
triton completion -h
for notes on how to install.
Add the ability to create a profile copying from an existing profile,
via triton profile create --copy NAME
.
triton key add
was added (https://apidocs.joyent.com/cloudapi/#CreateKey).
triton create --network,-N NETWORK ...
option for specifying
networks for instance creation. “NETWORK” is a network id, name, or
short id; or a comma-separated array of networks.triton create --tag|-t ...
option for adding tags on instance creation.
E.g. triton create -n NAME -t foo=bar -t @my-tags-file.json IMAGE PACKAGE
.triton profile(s)
handling when the user has no profiles yet.vcpus
in triton packages
output.-d,--data <data>
option to triton cloudapi
.triton rbac role ROLE
. Also get that command to have a stable order for the
displayed fields.Improvements for using node-triton as a module. E.g. a simple example:
var triton = require('triton');
var client = triton.createClient({profileName: 'env'});
client.listImages(function (err, imgs) {
console.log(err);
console.log(imgs);
});
See the README and “lib/index.js” for more info.
triton create
to add metadata on instance creation:
triton create -m,--metadata KEY=VALUE
to add a single valuetriton create -m,--metadata @FILE
to add values from a JSON
or key/value-per-line filetriton create -M,--metadata-file KEY=FILE
to set a key from a filetriton create --script FILE
to set the special “user-script” key
from a filetriton --act-as=ACCOUNT ...
for an operator account to auth as
themself, but operator on another account’s resources. Note that operator
accesses like this are audited on the CloudAPI server side.triton --accept-version VER
hidden top-level option for development. This
allows calling the target cloudapi with the given value for the
“Accept-Version” header -- which is how CloudAPI does API versioning.
By default triton
is coded to a particular cloudapi version range, so
forcing a different version could result in breaking in the triton client
code that handles the response. IOW, this is just a tool for developers
of this Triton client and CloudAPI itself.New (hidden for now, i.e. experimental) triton env ...
to dump
eval
able shell commands for
node-smartdc environment setup for
a given Triton CLI profile. E.g.:
eval $(triton env east1)
sdc-listmachines
I think this should grow to support setting up Docker env as well.
triton rbac role-tags
for now can’t be hidden (as long we have the
need to role-tag raw resource URLs like ‘/my/images’).triton rbac apply --dev-create-keys-and-profiles
for
experimenting/dev/testing to quickly generate and add user keys and setup
Triton CLI profiles for all users in the RBAC config.triton rbac info
improvements: better help, use brackets to show
non-default roles.triton rbac reset
triton rbac user USER
output a little for the ‘keys’ (show
the key fingerprint and name instead of the key content), ‘roles’,
and ‘default_roles’ fields.triton rbac {users,roles,policies}
commands. They all have unique name
fields, just use that.triton rbac apply
will implicitly look for a user key file at
“./rbac-user-keys/$login.pub” if no keys
field is provided in the
“rbac.json” config file.triton keys
and triton rbac keys
output to be tabular.
Otherwise it is a little obtuse to see fingerprints (which is what currently
must be included in a profile). triton [rbac] keys -A
can be used to
get the old behaviour (just the key content, i.e. output appropriate
for “~/.ssh/authorized_keys”).triton
CLI option for the cloudapi URL has
changed from --url,-u
to --url,-U
.triton --user,-u USER
CLI option and TRITON_USER
(or SDC_USER
)
environment variable support for specifying the RBAC user.triton profiles
now shows the optional user
fields.triton rbac ...
command to
house RBAC CLI functionality.triton rbac users
to list all users.triton rbac user ...
to show, create, edit and delete users.triton rbac roles
to list all roles.triton rbac role ...
to show, create, edit and delete roles.triton rbac policies
to list all policies.triton rbac policy ...
to show, create, edit and delete policies.triton rbac keys
to list all RBAC user SSH keys.triton rbac key ...
to show, create, edit and delete user keys.triton rbac {instance,image,network,package,}role-tags ...
to list
and manage role tags on each of those resources.triton rbac info
will dump a summary of the full current RBAC
state. This command is still in development.triton rbac apply
will synchronize a local RBAC config (by default it
looks for “./rbac.json”) to live RBAC state. Current the RBAC config
file format is undocumented. See “examples/rbac-*” for examples.triton create ... --firewall
to enable Cloud
Firewall.triton profile ...
doesn’t use the profile from TRITON_PROFILE
envvarssh-keygen
default
fingerprint formats for setting keyId
work.Errors and exit status: Change Usage
errors to always have an exit status
of 2
(per common practice in at least some tooling). Add ResourceNotFound
error for triton {instance,package,image,network}
with exit status 3
.
This can help tooling (e.g. the test suite uses this in one place). Add
triton help
docs on exit status.
Test suite: Integration tests always require a config file
(either $TRITON_TEST_CONFIG
path or “test/config.json”).
Drop the other TRITON_TEST_*
envvars.
triton
npm package, graciously given up by
suguru from his
https://github.com/ameba-proteus/node-triton project. <3
The latest previous release of the triton package was 1.0.7,
so we’ll separate with a major version bump for this triton
package.Initial release as joyent-triton
npm package.