Update README.md (#53)

* Refactored Readme.md to reflect latest run instructions based on Demo

Author: yogi4

README.md

@@ -1,174 +1,232 @@
-# OpenCHAMI cloud-init Server
+# OpenCHAMI Cloud-Init Server
+
+## Summary of Repo
+The **OpenCHAMI cloud-init service** retrieves detailed inventory information from SMD and uses it to create cloud-init payloads customized for each node in an OpenCHAMI cluster.
+
+## Table of Contents
+1. [About / Introduction](#about--introduction)
+2. [Build / Install](#build--install)
+   - [Environment Variables](#environment-variables)
+   - [Building Locally with GoReleaser](#building-locally-with-goreleaser)
+3. [Running the Service](#running-the-service)
+   - [Cluster Name](#cluster-name)
+   - [Fake SMD Mode](#fake-smd-mode)
+   - [Impersonation](#impersonation)
+   - [Nocloud-net Datasource](#nocloud-net-datasource)
+4. [Testing the Service](#testing-the-service)
+   - [Basic Endpoint Testing](#basic-endpoint-testing)
+   - [Meta-data](#meta-data)
+   - [User-data](#user-data)
+   - [Vendor-data](#vendor-data)
+5. [Group Handling and Overrides](#group-handling-and-overrides)
+   - [Updating Group Data with a Simple Jinja Example](#updating-group-data-with-a-simple-jinja-example)
+   - [Complex Base64 Example](#complex-base64-example)
+   - [Cluster Defaults and Instance Overrides](#cluster-defaults-and-instance-overrides)
+     - [Set Cluster Defaults](#set-cluster-defaults)
+     - [Override Instance Data](#override-instance-data)
+6. [More Reading](#more-reading)
+
+---
+
+## About / Introduction
+The **OpenCHAMI Cloud-Init Service** is designed to generate cloud-init configuration for nodes in an OpenCHAMI cluster. The new design pushes the complexity of merging configurations into the cloud-init client rather than the server. This README provides instructions based on the [Demo.md](https://github.com/OpenCHAMI/cloud-init/blob/main/demo/Demo.md) file for running and testing the service.
+
+This service provides configuration data to cloud-init clients via the standard nocloud-net datasource. The service merges configuration from several sources:
+- **SMD data** (or simulated data in development mode)
+- **User-supplied JSON** (for custom configurations)
+- **Cluster defaults and group overrides**
+
+Cloud-init on nodes retrieves data in a fixed order:
+1. `/meta-data` – YAML document with system configuration.
+2. `/user-data` - a document which can be any of the [user data formats](https://cloudinit.readthedocs.io/en/latest/explanation/format.html#cloud-config-data)
+3. `/vendor-data` – Vendor-supplied configuration via include-file mechanisms.
+4. `/network-config` – An optional document in one of two [network configuration formats](https://cloudinit.readthedocs.io/en/latest/reference/network-config.html#network-config).  This is only requested if configured to do so with a kernel parameter or through cloud-init configuration in the image. __NB__: __OpenCHAMI doesn't support delivering `network-config` via the cloud-init server today__
+
+
+---
+
+## Build / Install
+
+This project uses **[GoReleaser](https://goreleaser.com/)** for building and releasing, embedding additional metadata such as commit info, build time, and version. Below is a brief overview for local builds.
 
-The OpenCHAMI cloud-init server retrieves detailed inventory information from SMD and uses it to create cloud-init payloads customized for each node in an OpenCHAMI cluster.
+### Environment Variables
+To include detailed metadata in your builds, set the following:
 
-## cloud-init Server Setup
+- **GIT_STATE**: `clean` if your repo is clean, `dirty` if uncommitted changes exist  
+- **BUILD_HOST**: Hostname of the build machine  
+- **GO_VERSION**: Version of Go used (for consistent versioning info)  
+- **BUILD_USER**: Username of the person/system performing the build  
 
-OpenCHAMI utilizes the cloud-init platform for post-boot configuration. A custom cloud-init server container is included with this quickstart Docker Compose setup, but must be populated prior to use.
+```bash
+export GIT_STATE=$(if git diff-index --quiet HEAD --; then echo 'clean'; else echo 'dirty'; fi)
+export BUILD_HOST=$(hostname)
+export GO_VERSION=$(go version | awk '{print $3}')
+export BUILD_USER=$(whoami)
+```
 
-The cloud-init server provides multiple API endpoints, described in the sections below. Choose the appropriate option for your needs, or combine them as appropriate.
+### Building Locally with GoReleaser
+1. [Install GoReleaser](https://goreleaser.com/install/) following their documentation.  
+2. Run in snapshot mode to build locally without releasing:
+
+   ```bash
+   goreleaser release --snapshot --clean
+   ```
+3. Check the `dist/` directory for compiled binaries, which will include the injected metadata.
 
 > [!NOTE]
-> This guide assumes that the cloud-init server is exposed as `foobar.openchami.cluster`.
-> If your instance is named differently, adapt the examples accordingly.
+> If you encounter errors, ensure your GoReleaser version matches the one used in the [Release Action](.github/workflows/Release.yml).
 
-### Unprotected Data
+---
 
-#### Setup with `user-data`
+## Running the Service
 
-User data can be injected into the cloud-init payload by making a PUT request to the `/cloud-init/{id}/user-data` endpoint. The request should contain a JSON-formatted body and can contain any arbritrary data desired.
+### Cluster Name
 
-For example:
+Each instance of cloud-init is linked to a single SMD and operates for a single cluster. Until the cluster name is automatically available via your inventory system, you must specify it on the command line using the `-cluster-name` flag.
 
+_Example:_
 ```bash
-curl 'https://foobar.openchami.cluster/cloud-init/test/user-data' \
-    -X PUT \
-    -d '{
-            "write_files": [{"content": "hello world", "path": "/etc/hello"}]
-        }
-    }}'
+-cluster-name venado
 ```
 
-...which will create a payload that will look like the example below. Notice that the `id` gets injected into the payload as the `name` property.
+### Fake SMD Mode
 
-```json
-{
-    "name": "IDENTIFIER", 
-    "cloud-init": {
-        "userdata": {
-            "write_files": [{"content": "hello world", "path": "/etc/hello"}]
-        },
-        "metadata": {...},
-    }
-}
+For development purposes, you can run the cloud-init server without connecting to a real SMD instance. By setting the environment variable `CLOUD_INIT_SMD_SIMULATOR` to `true`, the service will generate a set of simulated nodes.
+
+**Example command:**
+```bash
+CLOUD_INIT_SMD_SIMULATOR=true dist/cloud-init_darwin_arm64_v8.0/cloud-init-server -cluster-name venado -insecure -impersonation=true
 ```
 
-> [!NOTE]
-> Data can only be added manually into the `userdata` section of the payload. There is no way to add data directly to the `metadata` section.
+### Impersonation
+
+By default, the service determines what configuration to return based on the IP address of the requesting node. For testing, impersonation routes can be enabled with the `-impersonation=true` flag.
+
+**Sample commands:**
+```bash
+curl http://localhost:27777/cloud-init/admin/impersonation/x3000c1b1n1/meta-data
+```
 
-`IDENTIFIER` can be:
+### Nocloud-net Datasource
 
-- A node MAC address
-- A node xname
-- An SMD group name
+```bash
+cloud-init=enabled ds=nocloud-net;s=http://192.0.0.1/cloud-init
+```
+
+---
+## Testing the Service
 
-It may be easiest to add nodes to a group for testing, and upload a cloud-init configuration for that group to this server.
+The following testing steps (adapted from Demo.md) help you verify that the service is functioning correctly.
 
-#### Generating Custom Metadata with Groups
+### Basic Endpoint Testing
 
-The cloud-init server provides a group API to inject custom arbitrary data into the metadata section when requesting data with the specified `IDENTIFIER` mentioned above. The server will do a lookup for group labels from SMD and match the labels with the submitted data through the API.
+#### Start the Service in Fake SMD Mode (if desired):
 
-For example, to add group data to the cloud-init server, we can make the following request:
+**Example:**
 
 ```bash
-curl -k http://127.0.0.1:27780/cloud-init/groups/install-nginx -d@install-nginx.json
+CLOUD_INIT_SMD_SIMULATOR=true dist/cloud-init_darwin_arm64_v8.0/cloud-init-server -cluster-name venado -insecure -impersonation=true
 ```
 
-The JSON data in `install-nginx.json`:
+#### Query the Standard Endpoints:
 
-```json
-{
-    "tier": "frontend",
-    "application": "nginx"
-}
-```
-
-Now, when we fetch data for a node in the `install-nginx` group, this data will be injected into the cloud-init metadata. Additionally, we can view all groups stored in cloud-init by making a GET request to the `/cloud-init/groups` endpoint.
+#### Meta-data:
 
 ```bash
-curl -k http://127.0.0.1:27780/cloud-init/x3000c1s7b53
+curl http://localhost:27777/cloud-init/meta-data
 ```
 
-And the response:
-
-```json
-{
-  "name": "x3000c1s7b53",
-  "cloud-init": {
-        "userdata": {...},
-        "vendordata": {...},
-        "metadata": {
-            "groups": {
-                "install-nginx": {
-                    "data": {
-                        "application": "nginx",
-                        "tier": "frontend"
-                    }
-                }
-            }
-        }
-    }
-}
-```
+You should see a YAML document with instance information (e.g., instance-id, cluster-name, etc.).
 
-> [!NOTE]
-> The `IDENTIFIER` specified MUST be added to SMD for the data injection to work correctly.
+#### User-data:
 
-#### Usage
+```bash
+curl http://localhost:27777/cloud-init/user-data
+```
 
-Data is retrieved via HTTP GET requests to the `meta-data`, `user-data`, and `vendor-data` endpoints.
+For now, this returns a blank cloud-config document:
 
-For example, one could download all cloud-init data for a node/group via `curl 'https://foobar.openchami.cluster/cloud-init/<IDENTIFIER>/{meta-data,user-data,vendor-data}'`.
+```yaml
+#cloud-config
+```
 
-When retrieving data, `IDENTIFIER` can also be omitted entirely (e.g. `https://foobar.openchami.cluster/cloud-init/user-data`). In this case, the cloud-init server will attempt to look up the relevant xname based on the request's source IP address.
+#### Vendor-data:
 
-Thus, the intended use case is to set nodes' cloud-init datasource URLs to `https://foobar.openchami.cluster/cloud-init/`, from which the cloud-init client will load its configuration data. Note that in this case, no `IDENTIFIER` is provided, so IP-based autodetection will be performed.
+```bash
+curl http://localhost:27777/cloud-init/vendor-data
+```
 
-### JWT-Protected Data
+Vendor-data typically includes include-file directives pointing to group-specific YAML files:
 
-#### Setup
+```yaml
+#include
+http://192.168.13.3:8080/all.yaml
+http://192.168.13.3:8080/login.yaml
+http://192.168.13.3:8080/compute.yaml
+```
 
-The second endpoint, located at `/cloud-init-secure/`, restricts access to its cloud-init data behind a valid bearer token (i.e. a JWT).
-Storing data into this endpoint requires a valid access token, which we assume is stored in `$ACCESS_TOKEN`.
-The workflow described for unprotected data can be used, with the addition of the required authorization header, via e.g. `curl`'s `-H "Authorization: Bearer $ACCESS_TOKEN"`.
+## Group Handling and Overrides
 
-#### Usage
+The service supports advanced configuration through group handling and instance overrides.
 
-In order to access this protected data, nodes must also supply valid JWTs.
-Distribution of these tokens is out-of-scope for this repository, but may be handled via the [OpenCHAMI TPM-manager service](https://github.com/OpenCHAMI/TPM-manager).
+### Updating Group Data with a Simple Jinja Example
 
-Once the JWT is known, it can be used to authenticate with the cloud-init server, via an invocation such as:
+This example sets a syslog aggregator via jinja templating. The group data is stored under the group name and then used in the vendor-data file.
 
 ```bash
-curl 'https://foobar.openchami.cluster/cloud-init-secure/<IDENTIFIER>/{meta-data,user-data,vendor-data}' \
-    --create-dirs --output '/PATH/TO/DATA-DIR/#1' \
-    --header "Authorization: Bearer $ACCESS_TOKEN"
+curl -X POST http://localhost:27777/cloud-init/admin/groups/ \
+    -H "Content-Type: application/json" \
+    -d '{
+        "name": "x3001",
+        "description": "Cabinet x3001",
+        "data": {
+            "syslog_aggregator": "192.168.0.1"
+        },
+        "file": {
+            "content": "#template: jinja\n#cloud-config\nrsyslog:\n  remotes: {x3001: {{ vendor_data.groups[\"x3001\"].syslog_aggregator }}}\n  service_reload_command: auto\n",
+            "encoding": "plain"
+        }
+    }'
 ```
 
-cloud-init (i.e. on the node) can then be pointed at `file:///PATH/TO/DATA-DIR/` as its datasource URL.
-
-## Build/Install with goreleaser
+### Complex Base64 Example
 
-This project uses [GoReleaser](https://goreleaser.com/) to automate releases and include additional build metadata such as commit info, build time, and versioning. Below is a guide on how to set up and build the project locally using GoReleaser.
+To add more sophisticated vendor-data (for example, installing the slurm client), you can encode a complete cloud-config in base64. (See the script in Demo.md for a complete example.)
 
-### Environment Variables
+### Cluster Defaults and Instance Overrides
 
-To include detailed build metadata, ensure the following environment variables are set:
+#### Set Cluster Defaults:
 
-* __GIT_STATE__: Indicates whether there are uncommitted changes in the working directory. Set to clean if the repository is clean, or dirty if there are uncommitted changes.
-* __BUILD_HOST__: The hostname of the machine where the build is being performed. 
-* __GO_VERSION__: The version of Go used for the build. GoReleaser uses this to ensure consistent Go versioning information.
-* __BUILD_USER__: The username of the person or system performing the build.
-
-Set all the environment variables with:
 ```bash
-export GIT_STATE=$(if git diff-index --quiet HEAD --; then echo 'clean'; else echo 'dirty'; fi)
-export BUILD_HOST=$(hostname)
-export GO_VERSION=$(go version | awk '{print $3}')
-export BUILD_USER=$(whoami)
+curl -X POST http://localhost:27777/cloud-init/admin/cluster-defaults/ \
+    -H "Content-Type: application/json" \
+    -d '{
+        "cloud-provider": "openchami",
+        "region": "us-west-2",
+        "availability-zone": "us-west-2a",
+        "cluster-name": "venado",
+        "public-keys": [
+            "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArV2...",
+            "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArV3..."
+        ]
+    }'
 ```
 
-### Building Locally with GoReleaser
-
-Once the environment variables are set, you can build the project locally using GoReleaser in snapshot mode (to avoid publishing).
-
+#### Override Instance Data:
 
-Follow the installation instructions from [GoReleaser’s documentation](https://goreleaser.com/install/).
+```bash
+curl -X PUT http://localhost:27777/cloud-init/admin/instance-info/x3000c1b1n1 \
+    -H "Content-Type: application/json" \
+    -d '{
+        "local-hostname": "compute-1",
+        "instance-type": "t2.micro"
+    }'
+```
+---
 
-1. Run GoReleaser in snapshot mode with the --snapshot flag to create a local build without attempting to release it:
-  ```bash
-  goreleaser release --snapshot --clean
-  ```
-2.	Check the dist/ directory for the built binaries, which will include the metadata from the environment variables. You can inspect the binary output to confirm that the metadata was correctly embedded.
+## More Reading
 
-__NOTE__ If you see errors, ensure that you are using the same version of goreleaser that is being used in the [Release Action](.github/workflows/Release.yml)
+- [Official cloud-init documentation](https://cloud-init.io/)  
+- [OpenCHAMI TPM-manager service](https://github.com/OpenCHAMI/TPM-manager)  
+- [GoReleaser Documentation](https://goreleaser.com/)  
+- [SMD Documentation](https://github.com/OpenCHAMI/smd)