Cloud Quick Start: Difference between revisions

From Alliance Doc
Jump to navigation Jump to search
(Marked this version for translation)
mNo edit summary
 
(316 intermediate revisions by 12 users not shown)
Line 1: Line 1:
<languages />
<languages />
<translate>
<translate>
=Getting a Cloud account= <!--T:1-->
First you must have a Compute Canada account, which you can apply for at [https://www.computecanada.ca/research-portal/account-management/apply-for-an-account/ https://www.computecanada.ca/research-portal/account-management/apply-for-an-account/]. Then you must have a westgrid account which you can apply for by loging into [https://ccdb.computecanada.ca/ https://ccdb.computecanada.ca/] with your Compute Canada account. Then under "My Account" select "Apply for a Consortium Account" and click the "Apply" button next to "WestGrid" to apply for a WestGrid account. Once you have a WestGrid account go to [https://www.computecanada.ca/create-a-cloud-account/ https://www.computecanada.ca/create-a-cloud-account/] to apply for a cloud account.
=Launching your first instance (VM)=
==Login to the East or West Cloud==
[[File:OpenStack-Dashboard-Compute-Overview.png|400px|thumb| OpenStack Dashboard, Compute Overview (Click for larger image)]]
Go to [https://east.cloud.computecanada.ca https://east.cloud.computecanada.ca] or [https://west.cloud.computecanada.ca https://west.cloud.computecanada.ca] and enter your WestGrid credentials. After you have logged in, you are presented with the dashboard. From here you can see an overview of the resources you are using.


==SSH Key Pair== <!--T:2-->
<!--T:135-->
When you start a virtual machine (or "instance") there is no password for admin or root account on the VM, and no one can log in to it using a password. We do this for security reasons: You would not want a hacker to be able to access the brand new VM you just started using some default password. Therefore OpenStack will create your VM with one SSH public key installed, and you can only log in to it with that SSH key pair. You can either import an existing SSH key pair through OpenStack, or you can create a new pair.
<i>Parent page: [[Cloud]]</i>
In order to manage your key pair, click on “Access & Security” from the left menu, then on the “Key Pairs” tab.


===Importing an Existing Key Pair=== <!--T:3-->
==Before you start== <!--T:48-->
[[File:Import-Key-Pair-Form.png|400px|thumb| Import key pair (Click for larger image)]]
#<b>Have a cloud project</b> <br> <b>You cannot access a cloud without first having a cloud project.</b> If you don't already have a [[Managing_your_cloud_resources_with_OpenStack#Projects|cloud project]], see [[Cloud#Getting_a_cloud_project|Getting a cloud project]]. Once a cloud project is associated with your account, you will receive a confirmation email which will have important details you will need to access your project and get started with the cloud. Make sure you have this confirmation email ready.  
#Click [[File:Import-Key-Pair-Button.png]]
#<b>Have a compatible browser</b> <br> The web interface for accessing your cloud project works well with both the [https://www.mozilla.org/en-US/firefox/new/ Firefox] and [https://www.google.com/chrome/ Chrome] web browsers. Other browsers may also work, however some have shown the error message <code>Danger: There was an error submitting the form. Please try again.</code> which suggests that your browser is not supported by our system. This error message was noticed with certain versions of the Safari web browser on Macs; upgrading Safari may help, but we recommend that you use [https://www.mozilla.org/en-US/firefox/new/ Firefox] or [https://www.google.com/chrome/ Chrome]. If you are still having issues, email [[technical support]].
#Then,
##Give a name to your key.
##Paste your public key.
##Click on the blue Import Key Pair button.


===Creating a New Key Pair=== <!--T:4-->
==Creating your first virtual machine== <!--T:26-->
Your project will allow you to create virtual machines (also referred to as <i>instances</i> or <i>VMs</i>) stored on the cloud, which you can access from your personal computer using our web interface.
 
<!--T:49-->
# <b>Log in to the cloud interface to access your project</b> <br> The confirmation email you received includes a link to the cloud interface your project is associated with. Click on this link to open your project in your default web browser. If your default web browser is not compatible, open a compatible web browser and copy and paste the link address into the browser. If you know the name of your associated cloud, but don't have the login URL see [[Cloud#Cloud_systems|using the cloud]] for the list of cloud interface URLs at which you can log in. Use your username (not your email address) and password to log in.
#<b>Check your OpenStack dashboard</b> <br> After logging on to the cloud interface (the platform is called <i>OpenStack</i>) you will see a dashboard that shows an overview of all the resources available in your project. If you want to know more about navigating and understanding your OpenStack dashboard read the official [https://docs.openstack.org/horizon/latest/user/index.html OpenStack documentation].
 
<!--T:31-->
Below there are instructions on starting a Windows VM or a Linux VM, depending on which tab you select. <b>Remember this is the operating system for the virtual machine or <i>instance</i> you are creating, not the operating system of the physical computer you are using to connect</b>. It should be clear from your project pre-planning whether you will be using Linux or Windows for your VM operating system, but if you are unsure please email [[technical support]].
 
<!--T:36-->
<!--TODO: need to sort out how to move over the translations for Linux (I left the translation units intact) and Windows (had to remove because they had duplicate numbers).
The below links are left in as comments so that those pages can easily be referenced, but once the moving over of translations is complete they could be removed/redirected here.-->
<!--To create a VM see instructions for creating a [[Creating a Linux VM|Linux]] or [[Creating a Windows VM| Windows]] VM.-->
 
<!--T:136-->
<tabs>
<tab name="Linux">
 
<!--T:137-->
__TOC__
 
===SSH key pair=== <!--T:3-->
 
<!--T:4-->
When you create a virtual machine, password authentication is disabled for security reasons.
 
<!--T:133-->
Instead, OpenStack creates your VM with one SSH (Secure Shell) public key installed, and you can only log in using this SSH key pair. If you have used SSH keys before, the SSH public key can come from a key pair which you have already created on some other machine. In this case follow the instructions below for <b>Importing an existing key pair</b>. If you have not used SSH key pairs before or don't currently have a pair you want to use, you will need to create a key pair. If you are using a windows machine see the [[Generating SSH keys in Windows/en|Generating SSH keys in Windows]] page, otherwise follow the [[Using SSH keys in Linux|Linux/Mac instructions]].  For more information on creating and managing your key pairs see the [[SSH Keys/en|SSH Keys]] page in our wiki.
[[File:Import key pair 3.png|500px|thumb|Importing an existing key pair (Click for larger image)]]
 
====Importing an existing key pair==== <!--T:6-->
 
<!--T:134-->
#On the OpenStack left menu, select <i>Compute->Key Pairs</i>.
#Click on the <i>Import Public Key</i> button; the <i>Import Public Key</i> window is displayed.
#Name your key pair.
#Paste your public key (only RSA type SSH keys are currently supported). <br/>Ensure your pasted public key contains no newline or space characters.
#Click on the <i>Import Public Key</i> button.
<b>It is not advised to create key pairs in OpenStack because they are not created with a passphrase which creates security issues</b>
<br /><br /><br /><br /><br /><br />
 
===Launching a VM=== <!--T:9-->
To create a virtual machine, select <i>Compute->Instances</i> on the left menu, then click on the <i>Launch Instance</i> button.
 
<!--T:10-->
A form is displayed where you define your virtual machine. If you have a plan for the exact specifications your VM needs through your pre-planning, feel free to use those specifications. Otherwise, you can follow along with this example for a fairly generic easy way to use Linux VM.
The <i>Launch Instance</i> window has the following options:
 
<!--T:132-->
#<i>Details</i>
#*<i>Instance Name:</i> Enter a name for your virtual machine. Do not include spaces or special characters in your instance name. For more details on naming rules see [https://en.wikipedia.org/wiki/Hostname restrictions on valid host names].
#*<i>Description:</i> This field is optional.
#*<i>Availability Zone:</i> The default is <i>Any Availability Zone</i>; do not change this. 
#*<i>Count:</i> This indicates the number of virtual machines to create. Unless you have specifically planned for multiple machines leave this set at 1.[[File:Source tab.png|500px|thumb]]<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
#<i>Source</i>
#*<i>Select Boot Source:</i> Because it's your first VM, select <i>Image</i> as the boot source. For information about other options see [[Working_with_volumes#Booting_from_a_volume|Booting from a volume]].
#*<i>Create New Volume:</i> Click <i>Yes</i>; your VM's data will be stored in the cloud volume (or persistent storage). For more information on volume usage and management see [[Working_with_volumes|Working with volumes]].
#*:<i>Volume Size (GB):</i> If you have a pre-planned volume size use that, otherwise 30 GB is reasonable for the operating system and some modest data needs. For more information on volume usage and management see [[Working_with_volumes|Working with volumes]].
#*:<i>Delete Volume on Instance Delete:</i> Click on <i>No</i> to help prevent your volume from being deleted accidentally; however, if you are confident you always want your volume deleted when your instance is deleted, click on <i>Yes</i>.
#*<i>Allocated</i> and <i>Available</i> lists: The list at the bottom of the window shows the available images your VM can boot. For a beginner on Linux, we recommend the most recent <b>Ubuntu</b> image, but if you prefer you can choose any one of the other Linux operating systems. To select an image click on the upwards pointing arrow on the far right of the row containing your desired image. That row should now show up in the <i>Allocated</i> list above. <b>It is important for later to remember which image you chose</b> (ex. Ubuntu, Fedora, etc.).[[File:Flavor tab.png|500px|thumb]] <br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
#<i>Flavor</i>
#*<i>Allocated</i> and <i>Available</i> lists: The flavor determines what type of hardware is used for your VM, which determines how much memory and processing capabilities it has. The <i>Available</i> list shows all the flavors available for your chosen boot image. Click on the > icon at the far left of a row to see how that particular flavor matches up with what you have been allocated for your project. If there is an alert icon on one of the specifications, that means that your project doesn't have enough of that resource to support that flavor. Choose a flavor that your project can support (i.e. doesn't issue an alert)  and click on the upwards arrow on the far right of that row. That flavor should now show up in the <i>Allocated</i> list. For more details, see [[Virtual machine flavors]]. <br /><br /><br /><br /><br /><br /><br /><br />
#<i>Networks:</i> Do not change this unless required. On Arbutus, select your project network by default (usually starting with <i>def-project-name</i>).[[File:Security groups.png|500px|thumb]]
#<i>Network Ports:</i>  Do not change this now. <br /><br /><br /><br /><br />
#<i>Security Groups:</i>  The default security group should be in the <i>Allocated</i> list. If it is not, move it from <i>Available</i> to <i>Allocated</i> using the upwards arrow located on the far right of the group's row. For more information see [[Managing_your_cloud_resources_with_OpenStack#Security_Groups|Security Groups]].[[File:Key pair tab.png|500px|thumb]]<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
#<i>Key Pair:</i> From the <i>Available</i> list, select the SSH key pair you created earlier  by clicking the upwards arrow on the far right of its row. If you do not have a key pair, you can create or import one from this window using the buttons at the top of the window (please [[#SSH key pair | see above]]). For more detailed information on managing and using key pairs see [[SSH_Keys|SSH Keys]].<br /><br />
#<i>Configuration:</i>  Do not change this now. For more information on customization scripts see [[Automating VM creation#Using_CloudInit|Using CloudInit]].
#<i>Server Groups:</i>  Do not change this now.
#<i>Scheduler Hints:</i>  Do not change this now.
#<i>Metadata:</i> Do not change this now.<br /><br />
Once you have reviewed all the options and defined your virtual machine, click on the <i>Launch Instance</i> button and your virtual machine will be created. The list of instances will be displayed and the <i>Task</i>' field will show the current task for the VM; it will likely be <i>Spawning</i> initially. Once the VM has spawned, it will have the power state of <i>Running</i>; this may take a few minutes.
 
===Network settings=== <!--T:13-->
[[File:Manage-Floating-IP-Associations-Form.png|400px|thumb| Manage Floating IP (Click for larger image)]]
[[File:Add-Rule-Form.png|400px|thumb| Add Rule (Click for larger image)]]
On the <i>Instances</i> page is a list of VMs with their IP address(es) displayed in the <i>IP Address</i> column. Each VM will have at least one private IP address, but some may also have a second public IP assigned to it. When your OpenStack project is created, a local network is also created for you. This local network is used to connect VMs to each other and to an internet gateway within that project, allowing them to communicate with each other and the outside world. The private IP address provides inter VM networking but does not allow for connection to the outside world. Any VM created in your project will have a private IP address assigned to it from this network of the form <code>192.168.X.Y</code>. Public IPs allow outside services and tools to initiate contact with your VM, such as allowing you to connect to your VM via your personal computer to perform administrative tasks or serve up web content. Public IPs can also be pointed to by domain names.
 
<!--T:16-->
#Assign a public IP address
#*Ensure you are still viewing the instances list where you were redirected as your VM launched. If you need to use the navigation panel, select options <i>Compute->Instances</i> on the OpenStack menu.
#*Click on the drop-down arrow menu (indicated by &#x25BC;) on the far right of the row for your VM and select <i>Associate Floating IP</i>, then in the <i>Allocate Floating IP</i> window, click on the <i>Allocate IP</i> button. If this is your first time associating a floating IP, you need to click on the “+” sign in the <i>Manage Floating IP Associations</i> dialog box. If you need to allocate a public IP address for this VM again in the future, you can select one from the list by clicking the &#x25BC; in the <i>IP Address</i> field.
#*Click on the <i>Associate</i> button.
#*You should now have two IP addresses in your IP address column. One will be of the form <code>192.168.X.Y</code>, the other is your public IP. You can also find a list of your public IP addresses and their associated projects by going to <i>Network->Floating IPs</i>. You will need your public IP when you are trying to connect to your VM.
#Configure the firewall
#*On the OpenStack left menu, select <i>Network->Security Groups</i>.
#*On the group row named <i>default</i>, click on the </i>Manage Rules</i> button on the far right.
#*On the next screen, click on the <i>+Add Rule</i> button near the top right corner.
#*In the <i>Rule</i> drop-down menu, select <i>SSH</i>.
#* The <i>Remote</i> text box should automatically have <i>CIDR</i> in it; do not change this.
#*In the <i>CIDR</i> text box, replace <code>0.0.0.0/0</code> with <code>your-ip/32</code>. Note that this is the IP address of the physical computer you are wanting to use to connect to your VM. If you don't know your current IP address, you can see it by going to [http://ipv4.icanhazip.com ipv4.icanhazip.com] in your browser. If you want to access your VM from other IPs, you can add more rules with different IP addresses. If you want to specify a range of IP addresses use [https://www.ipaddressguide.com/cidr this tool] to calculate your CIDR rule for a range of IP addresses.
#*Finally, click on the <i>Add</i> button. Now the rule you just created should show up on the list in security groups.
#Important notes
#*<b>Do not remove the default security rules</b> as this will affect the ability of your VM to function properly (see [[Managing_your_cloud_resources_with_OpenStack#Security_Groups|Security Groups]]).
#*<b>Security rules cannot be edited</b>, they can only be deleted and re-added. If you make a mistake when creating a security group rule, you need to delete it using the <i>Delete Rule</i> button on the far left of the row for that rule in the security groups screen, and then re-add it correctly from scratch using the <i>+Add Rule</i> button.
#*If you change your network location (and therefore your IP address) then you need to add the security rule described in this section for that new IP address. Remember that when you change your physical location (example working on campus vs working from home) you are changing your network location.
#*If you do not have a static IP address for the network you are using, remember that it can sometimes change, so if you can no longer connect to your VM after a period of time sometimes it's worth checking to see if your IP address has changed. You can do this by putting [http://ipv4.icanhazip.com ipv4.icanhazip.com] in your browser and seeing if it matches what you have in your security rule. If your IP address changes frequently, but the left most numbers always stay the same, it could make more sense to add a range of IP addresses rather than frequently modifying your security rules. Use [https://www.ipaddressguide.com/cidr this tool] for determining a CIDR IP range from an IP range or learn more about CIDR notation [https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation here].
#*It can be helpful to add a description about what a security rule is for (e.g. home or office). That way you will know which rule is no longer needed if you want to add a new rule while connecting, for example, from home.
 
===Connecting to your VM with SSH=== <!--T:19-->
In the first step of this quick guide you saved a private key to your computer. Make sure you remember where you saved it because you will need it to connect to your VM. You will also need to remember which type of image you used (Ubuntu, Fedora, etc.) and which public IP address is associated with your VM.
 
===Connecting from a Linux or Mac machine=== <!--T:20-->
If the computer you are using to connect to your VM has a Linux or Mac operating system, use the following instructions to connect to your VM. Otherwise skip down to the next section to connect with a Windows computer.</br></br>
Open a terminal and input the following command:
{{Command| ssh -i /path/where/your/private/key/is/my_key.key <user name>@<public IP of your server>}}
where <code><user name></code> is the name of the user connecting and <code><public IP of your VM></code> is the public IP you associated with your VM in the previous step. The default user name depends on the image.
{| class="wikitable"
!Image distribution name
!<code><user name></code>
|-
|Debian
|debian
|-
|Ubuntu
|ubuntu
|-
|CentOS
|centos
|-
|Fedora
|fedora
|-
|AlmaLinux
|almalinux
|-
|Rocky
|rocky
|}
These default users have full sudo privileges. Connecting directly to the root account via SSH is disabled.
 
===Connecting from a Windows machine=== <!--T:22-->
[[File:MobaXterm basic.png|400px|thumb| Creating an SSH session (Click for larger image)]]
If you want to use a Windows computer to connect to your VM, you will need to have an interface application to handle the SSH connection. We recommend <b>MobaXTerm</b>, and will show the instructions for connecting with MobaXTerm below. If you want to connect using PuTTY instead, see [[Connecting with PuTTY]].
 
<!--T:1-->
[[File:MobaXterm ssh key.png|400px|thumb| Specifying a private key (Click for larger image)]]
To download MobaXterm [http://mobaxterm.mobatek.net/ click here].
To connect to your VM using MobaXterm follow these instructions:
#Open the MobaXterm application.
#Click on <i>Sessions</i> then press <i>New session</i>. </br></br></br></br>
#Select an SSH session.
#Enter the public IP address for your VM in the <i>Remote host</i> address field.
#Ensure that the <i>Specify username</i> checkbox is checked, then enter the image type for your VM (ubuntu for example) into the username field, all lowercase.
#Click on the <i>Advanced SSH settings</i> tab, and check the <i>Use private key</i> checkbox.
#Click on the page icon in the far right of the <i>Use private key</i> field. In the pop-up dialogue box select the key pair (.pem file) that you saved to your computer at the beginning of this quick guide. 
#Then click on OK. MobaXterm will then save that session information you just entered for future connections, and also open an SSH connection to your VM. It also opens an SFTP connection which allows you to transfer files to and from your VM using drag-and-drop via the left-hand panel.
[[File:MobaXterm connected.png|400px|thumb| Connected to a remote host (Click for larger image)]] <br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
 
==Where to go from here== <!--T:23-->
* Learn about using the [[Linux_introduction|Linux command line]] in your VM
* Learn about [[security considerations when running a VM]]
* See [[configuring a data or web server]]
* Learn more about working with [[Managing_your_cloud_resources_with_OpenStack|OpenStack]]
* [[Cloud_Technical_Glossary|Cloud Technical Glossary]]
* [[Automating VM creation]]
* [[Backing up your VM]]
* For questions about our cloud service, email [[technical support]].
</tab>
<tab name="Windows">
 
<!--T:138-->
__TOC__
 
==Request access to a Windows image== <!--T:139-->
To create a Windows VM on one of our clouds you must first request access to a Windows image by emailing [[technical support]].
 
<!--T:51-->
You will be provided access to a Windows Server 2012 Evaluation image and a username to use when connecting. The evaluation period is 180 days. It may be possible to apply a Windows license to a running VM created from this evaluation image, however we do not provide these licenses.
 
==SSH key pair== <!--T:52-->
[[File:Create-Key-Pair-Form.png|400px|thumb| Create key pair (Click for larger image)]]
[[File:Create-Key-Pair-Form.png|400px|thumb| Create key pair (Click for larger image)]]
#Click [[File:Create-Key-Pair-Button.png]]
Windows VMs encrypt the administrative account password with a public key. The matching private key decrypts the password.
#Then,
 
##Give your key a name.
<!--T:53-->
##Click on the blue Create Key Pair button.
We recommend creating a new key pair within the OpenStack dashboard rather than importing an existing key pair. To create a new key pairː
##Save the <key name>.pem on your disk.
#Click on ''Access & Security'' from the left menu.
#Select the ''Key Pairs'' tab.
#Click on [[File:Create-Key-Pair-Button.png]]; the ''Create Key Pair'' window is displayed.
#Give your key pair a name.
#Click ''Create Key Pair'' button.  
#Save the <key name>.pem file on your local drive.


<!--T:5-->
<!--T:54-->
On UNIX hosts, you will need to <code>chmod 400 <key name>.pem</code> in order to connect later on. This needs to be done on your machine, not the VM. In windows to use the key downloaded from OpenStack with PuTTY or MobaXterm you need to convert it to a format they understand steps to do this are given on the [[Generating ssh keys in Windows#Converting an OpenStack Key]] page.
If you would like to use an existing key pair with your Windows VM see the [[Creating a Windows VM#Comments on key pairs|comments on key pairs]] below.


==Launching a VM== <!--T:6-->
==Launching a VM== <!--T:55-->
[[File:Launch-Instance-Form.png|400px|thumb| Launch Instance (Click for larger image)]]
[[File:Windows-launch-instance.png|400px|thumb| Launch Instance (Click for larger image)]]
To launch an instance, click on the Instances menu on the left, then click [[File:Launch-Instance-Button.png]]
To create a virtual machine, click on the ''Instances'' menu item on the left, then click on [[File:Launch-Instance-Button.png]]


<!--T:7-->
<!--T:56-->
You are now presented with a form to define your instance. For this walk-through, fill in the arbitrary values described below.
A form is displayed where you define your virtual machine.
*Details tab
**Availability Zone: There is only one zone.  Leave it unchanged.
**Instance name: <code>test</code><br/>Make up a name for your instance.
**Flavor: <code>c1-3.75gb-36</code><br/>The flavor name defines the specifications of the VM. This particular flavor has one virtual CPU, 3.75 GB of RAM (memory) and an ephemeral disk of 36GB. Ephemeral disks are disks created and destroyed with the instance and reside on the local hardware running the VM. Flavors starting with a "p" do not have an extra ephemeral disk and thus no "-##" on the end. They also have a very small root disk of only 2.2G, with a typical OS taking about 770MB of that. The root disk, as you might have guessed, is mounted at the root of the linux file system. Flavors starting with a "c" have an extra ephemeral disk attached, as well as a 20GB root disk.
**Instance Count: <code>1</code><br/>The number of VMs to create.
**Instance Boot Source: Boot from image<br/> Indicates that you wish to boot from an already created image.
**Image Name: <code>CentOS-7-x86-64-GenericCloud-1503</code><br/>Name of the image to boot from.
**Project Limits: The green bars reflect the fraction of your available resources that will be consumed by the VM you are about to launch. If the bars become red it indicates the flavor chosen will consume more resources than your project has available. Blue bars indicate any existing resources your project may be using.
*Access & Security tab<br/>
**Key Pair: Select your SSH key pair. If you have only one, it will be selected by default.  If you do not have a key pair please see above steps [Cloud Quick Start#SSH Key Pair].
**Security Groups: Leave <code>default</code> selected here.
*Networking tab<br/>You do not need to change this now. Networking will be discussed below after you have launched in instance.
*Post-Creation Tab<br/>No need to change this now.  This is where you can paste a '''cloud-init''' script which can do things like install and configure software and add users and additional SSH keys (see [[OpenStack#Accessing a VM with Multiple Users]]) in an automated step after the VM is created. See [http://cloudinit.readthedocs.org/en/latest/index.html# cloudinit] for more details about clout-init.
*Advanced Options tab<br/>Leave Disk Partition on "Automatic" for now.


<!--T:8-->
<!--T:57-->
Once you have reviewed all the tabs and defined your instance, click on the blue Launch button and your instance will be created. The Instances list will appear, and the Status field will change, reflecting the different tasks that have to happen until it is running. It may take a few minutes for your instance to start, depending on a variety of factors.
* ''Details'' tab
** ''Availability Zone'': There is only one zone; do not change its name.
** ''Instance Name'': Enter a name for your virtual machine. For details on naming rules see [https://en.wikipedia.org/wiki/Hostname restrictions on valid host names].
** ''Flavor'': The flavor defines virtual machine hardware specifications; choose the 'p2-3gb' flavor.<p>The Windows image is quite large and requires a large bootable drive. C-flavors, as described [[Virtual_machine_flavors|here]], only have root drives of 20 GB, choosing a "p" flavor allows for larger root volumes. The smallest "p" flavor has 1.5 GB of RAM and from experience this is too little to run Windows well. Choosing a slightly larger flavor, such as "p2-3gb", improves the performance of the VM.</p>
** ''Instance Count'': Number of virtual machines to create.
** ''Instance Boot Source'': What source should be used to boot the VM; choose ''Boot from Image (creates new volume)''.
** ''Image Name'': select the Windows image name you were provided.
** ''Device Size'': The size of the root drive; enter 30GB or more. <p>The final operating system occupies approximately 20 GB of space, though more is needed during setup.</p>
** ''Delete on Terminate'': If this box is checked the volume that is created with the VM will be deleted when the VM is terminated. <p>It is generally recommended not to check this box as the volume can be deleted manually if desired and allows the VM to be terminated without deleting the volume.</p>
** ''Project Limits'': The green bars reflect the fraction of your available resources that will be consumed by the VM you are about to launch. If the bars become red, the flavor chosen will consume more resources than your project has available. Blue bars indicate any existing resources your project may be using.
* ''Access & Security'' tab
** ''Key pair'': Select your SSH key pair.<p>If you have only one, it is selected by default. If you do not have a key pair, please see [[Creating_a_Windows_VM#SSH key pair|above]].
** ''Security Groups'': Ensure the ''default'' security group is checked.
* ''Networking'' tab: Do not change this now. Networking will be discussed later, after you have launched a virtual machine.</p>
* ''Post-Creation'' tab: Do not change this now.
* ''Advanced Options'' tab: Leave ''Disk Partition'' on ''Automatic'' for now.


<!--T:9-->
<!--T:58-->
Note: When creating a persistent service, we recommend that you boot your instance from a volume. See [[Persistent Services In The Cloud]].
Once you have reviewed all the tabs and defined your virtual machine, click on the Launch button and your virtual machine will be created. The Instances list will be displayed and the Task field will show the current task for the VM; it will likely be "Block Device Mapping" initially. Once the VM has spawned and beginning to boot, it will have the Power State of "Running". It will likely take 10+ minutes to finish creating the volume and coping the image to it before beginning to boot.


==Network== <!--T:10-->
==Locality settings and license agreement== <!--T:59-->
[[File:Windows-VM-Settings.png|400px|thumb| Locality Settings (Click for larger image)]]


===Private IP=== <!--T:11-->
<!--T:60-->
On the Instance list, you will see the IP addresses to which your instance is linked. By default a network on <code>192.168.X.0</code> is created for your tenant (also referred to as a "project" on the OpenStack dashboard). You can see the private IP your instance has on the Instance list screen. You can use this IP to communicate with other instances you have started on the same cloud.
When the VM first boots it will not finish booting until location, language, and keyboard settings are selected and you agree to the license using the console built into the OpenStack dashboard.


===Public IP (Assign a public IP)=== <!--T:12-->
<!--T:61-->
To assign a public IP, you need to select “Associate Floating IP” from the More button of the Actions column of the Instances list. If this is your first time through this Quick Start Guide, your tenant hasn't been assigned any external IP addresses yet. You need to click on the “+” sign to bring up the "Allocate Floating IP" dialogue box. There is only one pool of public addresses, so the correct Pool will already be selected. You simply click on the blue Allocate IP button. You will be returned to the "Manage Floating IP Associations" screen, the IP Address field should be populated, and the port to which it should be [https://en.wikipedia.org/wiki/Network_address_translation NATted] should
To get to the console:
already be selected. Simply click on the blue Associate button.
# Go to ''Instances'' on the left hand menu.
# Click on the ''Instance Name'' of your Windows VM.
# Click on the ''Console'' tab to display the ''Instance Console'' and wait until you see a ''Settings'' screen as shown in the figure to the right.<br/>If you waited a significant amount of time the console screen may have gone into a screensaver mode (blank/black screen). If this is case, click on the blank/black screen so that it gains focus and if necessary press a key on your keyboard to wake it up.


<!--T:13-->
<!--T:62-->
The console mouse pointer often lags behind the actual mouse pointer location. You can either try to account for the lag or use keyboard shortcuts when the console screen has focus.
* The ''tab'' key will select different fields.
* The ''up'' and ''down'' arrows will select different options.
* Under the ''Country or region'' drop down menu, letter keys move to the top of the countries beginning with that letter.
* Finally press the ''tab'' key until the ''next'' box is selected then press the ''enter'' key.
 
<!--T:63-->
You will then be presented with a request to accept the terms and conditions of the license agreement.
* Press the ''tab'' key until the ''I accept'' box is highlighted.
* Press the ''enter'' key.
 
<!--T:64-->
At this point your VM will restart. Once it finishes restarting the ''Console'' will display a sign in screen with the current (UTC) time and date.
 
==Network== <!--T:65-->
[[File:Manage-Floating-IP-Associations-Form.png|400px|thumb| Manage Floating IP (Click for larger image)]]
[[File:Manage-Floating-IP-Associations-Form.png|400px|thumb| Manage Floating IP (Click for larger image)]]
[[File:Add-Rule-Form-RDP.png|400px|thumb| Add RDP Rule (Click for larger image)]]
On the ''Instances'' page is a list VMs with their IP address(es) displayed in the ''IP Address'' column. Each VM will have at least one private IP address, but some may also have a second public IP assigned to it.


===Firewall, Add Rules to Allow SSH=== <!--T:14-->
===Private IP=== <!--T:66-->
In order to be able to connect to your instance via SSH, you will need to allow SSH to get through.
When your OpenStack project is created a local network is also created for you. This local network is used to connect VMs within that project allowing them to communicate with each other and the outside world. Their private IP address does not allow the outside world to reference that VM. Any VM created in your project will have a private IP address assigned to it from this network of the form <code>192.168.X.Y</code>.


<!--T:15-->
===Public IP=== <!--T:67-->
Go to “Access & Security”, in the “Security Groups” tab, then on the default row click [[File:Manage-Rules-Button.png]]
Public IPs allow outside services and tools to initiate contact with your VM, such as allowing you to connecting to it to perform administrative tasks or serve up web content. Public IPs can also be pointed to by domain names.


<!--T:16-->
<!--T:68-->
On the next screen, click [[File:Add-Rule-Button.png]]
To assign a public IP to a VM, you need to select ''Associate Floating IP'' from the drop-down menu button (indicated by &#x25BC;) of the ''Actions'' column in the ''Instances'' list. If this is your first time associating a floating IP, your project hasn't been assigned an external IP address yet. You need to click on the “+” sign to bring up the ''Allocate Floating IP'' dialog box. There is only one pool of public addresses, so the correct pool will already be selected; click on the ''Allocate IP'' button.
The ''Manage Floating IP Associations'' screen is displayed again, indicating the IP address and the port (or VM) to which it will be associated (or more specifically [https://en.wikipedia.org/wiki/Network_address_translation NATted]); click on the ''Associate'' button.
 
===Firewall, add rules to allow RDP=== <!--T:69-->
To connect to your virtual machine using a remote desktop connection client, you will need to allow access for remote desktop protocol (RDP) to your VM.
 
<!--T:70-->
#On the ''Security Groups'' tab, select ''Access & Security''; on the default row, click [[File:Manage-Rules-Button.png]]
#On the next screen, click [[File:Add-Rule-Button.png]]
#RDP has a predefined rule. Select it in the '' Rules'' dropdown menu and leave ''CIDR'' under ''Remote''.
#Replace the <code>0.0.0.0/0</code> in the CIDR text box with <code><your-ip>/32</code>. <p>If you don't know your current IP address you can see it by going to [http://ipv4.icanhazip.com ipv4.icanhazip.com] in your browser. Leaving <code>0.0.0.0/0</code> will allow anyone to attempt a connection with your VM. You should never allow completely open access with RDP as your VM will be susceptible to [https://en.wikipedia.org/wiki/Brute-force_attack brute force attacks]. This replacement will restrict RDP access to your VM only from this IP. If you want to allow access from other IPs you can add additional RDP rules with different IP address or you can specify a range of IP addresses by using [https://www.ipaddressguide.com/cidr this tool] to calculate your CIDR rule from a range of IP addresses.</p><p>'''If you leave RDP open to the world by leaving the <code>0.0.0.0/0</code> in the CIDR text box, a cloud administrator may revoke access to your VM until the security rule is fixed.'''</p>
#Finally, click the ''Add'' button.
 
==Remote desktop connection== <!--T:71-->
[[File:Retrieve-instance-password.png|400px|thumb| Retrieving Windows instance password (Click for larger image)]]
[[File:Remote-Desktop-Connection-windows.png|400px|thumb| Remote desktop client in Windows (Click for larger image)]]
[[File:Remmina-Ubuntu.png|400px|thumb| Remmina remote desktop client in Ubuntu (Click for larger image)]]
 
<!--T:72-->
To connect to a Windows VM we will use a Remote Desktop Connection client. To connect to your Windows VM you need to supply a floating IP, user name, and password.
 
===Retrieving the password=== <!--T:73-->
Open the ''Retrieve Instance Password'' form:
# Go to ''Instances'' on the left menu.
# In the drop down menu next the instance select ''Retrieve Password''.
 
<!--T:74-->
The password has been encrypted using the public key you selected when creating the VM. To decrypt the password:
# Click the ''Choose File'' button and browse to your private key file. <p>If you followed the steps above in the ssh key section, you should have a private key saved on your local computer with a ".pem" extension which matches the public key.</p>
# Select the key and click ''Open''.
# Click the ''Decrypt Password'' button at the bottom left.
 
<!--T:75-->
Keep this form open as we will use the password in the next step. This process can be repeated later to retrieve the password again.
 
===From a Windows client=== <!--T:76-->
Many Windows systems come with the remote desktop connection tool pre-installed. Try searching for "remote desktop connection" in your Windows system search. If you can not find it, you can go to [https://www.microsoft.com/en-ca/store/p/microsoft-remote-desktop/9wzdncrfj3ps the Microsoft store] and install it. It should be a free installation.
 
<!--T:77-->
Once you have run the remote desktop connection tool you should see a window similar to the one displayed on the right. To connect to your Windows VM:
# Enter the public IP address next to ''Computer''.
# Add the user name you were provided with in the ''User name'' text box.
# Click the ''Connect'' button at the bottom.
# Enter the password retrieved in the previous step when prompted.
# Click the ''OK'' button.
 
<!--T:78-->
You will likely be presented with an alert ''The identity of the remote computer cannot be verified. Do you want to connect anyway?''. This is normal click ''Yes'' to continue. Once you connect you should see the desktop of your Windows VM displayed within the RDC window.
 
<!--T:79-->
'''TODO:''' The specific certificate error is "The certificate is not from a trusted certifying authority". Is seeing this alert really normal? Do we want to register the Windows image certificate with a signing authority? Could we use letsencrypt or should we just ignore this issue?
 
===From a Linux client=== <!--T:41-->
To connect via RDP from Linux you will need a remote desktop client. There are number of different clients out there but the [https://github.com/FreeRDP/Remmina/wiki Remmina client] appears to work well when tested with Ubuntu. The previous link provides instructions for installing it in Ubuntu, Debian, Fedora and a few other Linux operating systems.
 
<!--T:80-->
Once you have installed and launched Remmina to connect to your Windows VM:
# Click on ''Create a new remote desktop file'' (file with a green '+' sign). <p>You should see a window similar to that shown on the right.</p>
# Enter the public IP of your Windows VM next to ''Server''.
# Enter the user name you were provided next to ''User name''.
# Enter the password you retrieved in the above step next to ''Password''.
# Click ''Connect''.
 
===From a Mac client=== <!--T:43-->
 
<!--T:81-->
'''TODO:''' Anyone with a Mac want to write up this section?
 
==License information== <!--T:45-->
 
<!--T:82-->
'''TODO''': need to provide information which would be helpful for users to know what path to take to get a license. Should cover things like:
* Where to go to get a license
* What kind of license do I need/what licenses will work on the cloud
* How to apply my license to my existing cloud VM
* How to apply it to a new VM (if that is different than above bullet item)


<!--T:17-->
==Comments on key pairs== <!--T:47-->
For SSH, there are already predefined rules. Simply select SSH in the Rules drop down menu, then under Remote, keep CIDR.
There are a couple different formats for key files and you can also choose to protect your private keys with passphrases or not. In order to be able to decrypt the Windows VM password your private key must be in OpenSSH format and not have a passphrase. If you created your key pair with OpenStack and downloaded the <code>.pem</code> key file it will already be in the correct format. If you used the [[Using_SSH_keys_in_Linux|<code>ssh-keygen</code> command]] to create your key pair and didn't specify a passphrase it will also likely be in the correct format. For more general information about key pairs see the [[SSH Keys]] page.
An example of an acceptable private key in the OpenSSH format without a passphrase:


<!--T:18-->
<!--T:83-->
If you know which address you are connecting from, type it in the CIDR text field; otherwise keep 0.0.0.0/0. This will allow the whole world to connect to your server via SSH.  
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvMP5ziiOw9b5XMZUphATDZdnbFPCT0TKZwOI9qRNBJmfeLfe
...
DrzXjRpzmTb4D1+wTG1u7ucpY04Q3KHmX11YJxXcykq4l5jRZTKj
-----END RSA PRIVATE KEY-----


<!--T:19-->
<!--T:84-->
Finally, click the blue Add button.
The <code>...</code> in the middle indicates multiple lines of characters similar to those above and below it.
Below are two examples of private keys which will not work with OpenStack with Windows VMs


<!--T:20-->
<!--T:85-->
[[File:Add-Rule-Form.png|400px|thumb| Add Rule (Click for larger image)]]
OpenSSH format with a passphrase:


==Connecting To Your Instance With SSH.== <!--T:21-->
<!--T:86-->
If you created a key pair on the first step, you will need to know where it is.   
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CA51DBE454ACC89A
0oXD+6j5aiWIwrNMiGYDqoD0OqlURfKeQhy//FwHuyuithOSI8uwjSUqV9BM9vi1
...
8XaBb/ALqh8zLQOXEUuTstlMWXnhzBWLvu7tob0QN7pI16g3CXuOag==
  -----END RSA PRIVATE KEY-----


===If connecting from a Linux machine:=== <!--T:22-->
<!--T:87-->
{{Command| ssh -i /path/where/your/key/is/my_key.key username@<public IP of your server>}}
ssh.com format without a passphrase
Most common Linux distributions have standardized on the name of the distro as the username. To connect to the provided CentOS images, you would use:
{{Command|ssh -i /path/where/your/key/is/my_key.key centos@<public IP of your server>}}
where <code><public IP of your server></code> is the public IP you set in the previous step ([[Cloud Quick Start#Public IP (Assign a public IP)]]). The username for Ubuntu instances is “ubuntu” and Debian instances have the “debian” username. By default the preconfigured cloud username will have full sudo privileges. The root account is normally disabled.


<!--T:23-->
<!--T:88-->
You are now connected to your instance.
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Comment: "rsa-key-20171130"
P2/56wAAA+wAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS
...
QJX/qgGp0=
---- END SSH2 ENCRYPTED PRIVATE KEY ----


=== If connecting from a windows machine=== <!--T:24-->
==Where to go from here== <!--T:89-->
see [[Connecting with PuTTY]] or [[Connecting with MobaXTerm]]
* learn about [[security considerations when running a VM]]
* learn about [[Creating a Linux VM|creating a Linux VM]]
* learn more about working with [[Managing_your_cloud_resources_with_OpenStack|OpenStack]]
* [[Cloud_Technical_Glossary|Cloud Technical Glossary]]
* [[automating VM creation]]
* [[backing up your VM]]
* For questions about our cloud service, email [[technical support]].
</tab>
</tabs>


=Where To Go From Here= <!--T:25-->
<!--T:35-->
*Cloud-init: [https://cloudinit.readthedocs.org/en/latest/ https://cloudinit.readthedocs.org/en/latest/]
[[Category:Cloud]]
*Openstack upstream documentation: [http://docs.openstack.org/icehouse/ http://docs.openstack.org/icehouse/]
*CLI control: [http://docs.openstack.org/developer/python-openstackclient/ http://docs.openstack.org/developer/python-openstackclient/]
*WestGrid documentation: [https://www.westgrid.ca/support/quickstart/CC-Cloud https://www.westgrid.ca/support/quickstart/CC-Cloud]
</translate>
</translate>

Latest revision as of 14:56, 19 December 2023

Other languages:

Parent page: Cloud

Before you start

  1. Have a cloud project
    You cannot access a cloud without first having a cloud project. If you don't already have a cloud project, see Getting a cloud project. Once a cloud project is associated with your account, you will receive a confirmation email which will have important details you will need to access your project and get started with the cloud. Make sure you have this confirmation email ready.
  2. Have a compatible browser
    The web interface for accessing your cloud project works well with both the Firefox and Chrome web browsers. Other browsers may also work, however some have shown the error message Danger: There was an error submitting the form. Please try again. which suggests that your browser is not supported by our system. This error message was noticed with certain versions of the Safari web browser on Macs; upgrading Safari may help, but we recommend that you use Firefox or Chrome. If you are still having issues, email technical support.

Creating your first virtual machine

Your project will allow you to create virtual machines (also referred to as instances or VMs) stored on the cloud, which you can access from your personal computer using our web interface.

  1. Log in to the cloud interface to access your project
    The confirmation email you received includes a link to the cloud interface your project is associated with. Click on this link to open your project in your default web browser. If your default web browser is not compatible, open a compatible web browser and copy and paste the link address into the browser. If you know the name of your associated cloud, but don't have the login URL see using the cloud for the list of cloud interface URLs at which you can log in. Use your username (not your email address) and password to log in.
  2. Check your OpenStack dashboard
    After logging on to the cloud interface (the platform is called OpenStack) you will see a dashboard that shows an overview of all the resources available in your project. If you want to know more about navigating and understanding your OpenStack dashboard read the official OpenStack documentation.

Below there are instructions on starting a Windows VM or a Linux VM, depending on which tab you select. Remember this is the operating system for the virtual machine or instance you are creating, not the operating system of the physical computer you are using to connect. It should be clear from your project pre-planning whether you will be using Linux or Windows for your VM operating system, but if you are unsure please email technical support.


SSH key pair

When you create a virtual machine, password authentication is disabled for security reasons.

Instead, OpenStack creates your VM with one SSH (Secure Shell) public key installed, and you can only log in using this SSH key pair. If you have used SSH keys before, the SSH public key can come from a key pair which you have already created on some other machine. In this case follow the instructions below for Importing an existing key pair. If you have not used SSH key pairs before or don't currently have a pair you want to use, you will need to create a key pair. If you are using a windows machine see the Generating SSH keys in Windows page, otherwise follow the Linux/Mac instructions. For more information on creating and managing your key pairs see the SSH Keys page in our wiki.

Importing an existing key pair (Click for larger image)

Importing an existing key pair

  1. On the OpenStack left menu, select Compute->Key Pairs.
  2. Click on the Import Public Key button; the Import Public Key window is displayed.
  3. Name your key pair.
  4. Paste your public key (only RSA type SSH keys are currently supported).
    Ensure your pasted public key contains no newline or space characters.
  5. Click on the Import Public Key button.

It is not advised to create key pairs in OpenStack because they are not created with a passphrase which creates security issues





Launching a VM

To create a virtual machine, select Compute->Instances on the left menu, then click on the Launch Instance button.

A form is displayed where you define your virtual machine. If you have a plan for the exact specifications your VM needs through your pre-planning, feel free to use those specifications. Otherwise, you can follow along with this example for a fairly generic easy way to use Linux VM. The Launch Instance window has the following options:

  1. Details
    • Instance Name: Enter a name for your virtual machine. Do not include spaces or special characters in your instance name. For more details on naming rules see restrictions on valid host names.
    • Description: This field is optional.
    • Availability Zone: The default is Any Availability Zone; do not change this.
    • Count: This indicates the number of virtual machines to create. Unless you have specifically planned for multiple machines leave this set at 1.
      Source tab.png











  2. Source
    • Select Boot Source: Because it's your first VM, select Image as the boot source. For information about other options see Booting from a volume.
    • Create New Volume: Click Yes; your VM's data will be stored in the cloud volume (or persistent storage). For more information on volume usage and management see Working with volumes.
      Volume Size (GB): If you have a pre-planned volume size use that, otherwise 30 GB is reasonable for the operating system and some modest data needs. For more information on volume usage and management see Working with volumes.
      Delete Volume on Instance Delete: Click on No to help prevent your volume from being deleted accidentally; however, if you are confident you always want your volume deleted when your instance is deleted, click on Yes.
    • Allocated and Available lists: The list at the bottom of the window shows the available images your VM can boot. For a beginner on Linux, we recommend the most recent Ubuntu image, but if you prefer you can choose any one of the other Linux operating systems. To select an image click on the upwards pointing arrow on the far right of the row containing your desired image. That row should now show up in the Allocated list above. It is important for later to remember which image you chose (ex. Ubuntu, Fedora, etc.).
      Flavor tab.png










  3. Flavor
    • Allocated and Available lists: The flavor determines what type of hardware is used for your VM, which determines how much memory and processing capabilities it has. The Available list shows all the flavors available for your chosen boot image. Click on the > icon at the far left of a row to see how that particular flavor matches up with what you have been allocated for your project. If there is an alert icon on one of the specifications, that means that your project doesn't have enough of that resource to support that flavor. Choose a flavor that your project can support (i.e. doesn't issue an alert) and click on the upwards arrow on the far right of that row. That flavor should now show up in the Allocated list. For more details, see Virtual machine flavors.







  4. Networks: Do not change this unless required. On Arbutus, select your project network by default (usually starting with def-project-name).
    Security groups.png
  5. Network Ports: Do not change this now.




  6. Security Groups: The default security group should be in the Allocated list. If it is not, move it from Available to Allocated using the upwards arrow located on the far right of the group's row. For more information see Security Groups.
    Key pair tab.png
















  7. Key Pair: From the Available list, select the SSH key pair you created earlier by clicking the upwards arrow on the far right of its row. If you do not have a key pair, you can create or import one from this window using the buttons at the top of the window (please see above). For more detailed information on managing and using key pairs see SSH Keys.

  8. Configuration: Do not change this now. For more information on customization scripts see Using CloudInit.
  9. Server Groups: Do not change this now.
  10. Scheduler Hints: Do not change this now.
  11. Metadata: Do not change this now.

Once you have reviewed all the options and defined your virtual machine, click on the Launch Instance button and your virtual machine will be created. The list of instances will be displayed and the Task' field will show the current task for the VM; it will likely be Spawning initially. Once the VM has spawned, it will have the power state of Running; this may take a few minutes.

Network settings

Manage Floating IP (Click for larger image)
Add Rule (Click for larger image)

On the Instances page is a list of VMs with their IP address(es) displayed in the IP Address column. Each VM will have at least one private IP address, but some may also have a second public IP assigned to it. When your OpenStack project is created, a local network is also created for you. This local network is used to connect VMs to each other and to an internet gateway within that project, allowing them to communicate with each other and the outside world. The private IP address provides inter VM networking but does not allow for connection to the outside world. Any VM created in your project will have a private IP address assigned to it from this network of the form 192.168.X.Y. Public IPs allow outside services and tools to initiate contact with your VM, such as allowing you to connect to your VM via your personal computer to perform administrative tasks or serve up web content. Public IPs can also be pointed to by domain names.

  1. Assign a public IP address
    • Ensure you are still viewing the instances list where you were redirected as your VM launched. If you need to use the navigation panel, select options Compute->Instances on the OpenStack menu.
    • Click on the drop-down arrow menu (indicated by ▼) on the far right of the row for your VM and select Associate Floating IP, then in the Allocate Floating IP window, click on the Allocate IP button. If this is your first time associating a floating IP, you need to click on the “+” sign in the Manage Floating IP Associations dialog box. If you need to allocate a public IP address for this VM again in the future, you can select one from the list by clicking the ▼ in the IP Address field.
    • Click on the Associate button.
    • You should now have two IP addresses in your IP address column. One will be of the form 192.168.X.Y, the other is your public IP. You can also find a list of your public IP addresses and their associated projects by going to Network->Floating IPs. You will need your public IP when you are trying to connect to your VM.
  2. Configure the firewall
    • On the OpenStack left menu, select Network->Security Groups.
    • On the group row named default, click on the Manage Rules button on the far right.
    • On the next screen, click on the +Add Rule button near the top right corner.
    • In the Rule drop-down menu, select SSH.
    • The Remote text box should automatically have CIDR in it; do not change this.
    • In the CIDR text box, replace 0.0.0.0/0 with your-ip/32. Note that this is the IP address of the physical computer you are wanting to use to connect to your VM. If you don't know your current IP address, you can see it by going to ipv4.icanhazip.com in your browser. If you want to access your VM from other IPs, you can add more rules with different IP addresses. If you want to specify a range of IP addresses use this tool to calculate your CIDR rule for a range of IP addresses.
    • Finally, click on the Add button. Now the rule you just created should show up on the list in security groups.
  3. Important notes
    • Do not remove the default security rules as this will affect the ability of your VM to function properly (see Security Groups).
    • Security rules cannot be edited, they can only be deleted and re-added. If you make a mistake when creating a security group rule, you need to delete it using the Delete Rule button on the far left of the row for that rule in the security groups screen, and then re-add it correctly from scratch using the +Add Rule button.
    • If you change your network location (and therefore your IP address) then you need to add the security rule described in this section for that new IP address. Remember that when you change your physical location (example working on campus vs working from home) you are changing your network location.
    • If you do not have a static IP address for the network you are using, remember that it can sometimes change, so if you can no longer connect to your VM after a period of time sometimes it's worth checking to see if your IP address has changed. You can do this by putting ipv4.icanhazip.com in your browser and seeing if it matches what you have in your security rule. If your IP address changes frequently, but the left most numbers always stay the same, it could make more sense to add a range of IP addresses rather than frequently modifying your security rules. Use this tool for determining a CIDR IP range from an IP range or learn more about CIDR notation here.
    • It can be helpful to add a description about what a security rule is for (e.g. home or office). That way you will know which rule is no longer needed if you want to add a new rule while connecting, for example, from home.

Connecting to your VM with SSH

In the first step of this quick guide you saved a private key to your computer. Make sure you remember where you saved it because you will need it to connect to your VM. You will also need to remember which type of image you used (Ubuntu, Fedora, etc.) and which public IP address is associated with your VM.

Connecting from a Linux or Mac machine

If the computer you are using to connect to your VM has a Linux or Mac operating system, use the following instructions to connect to your VM. Otherwise skip down to the next section to connect with a Windows computer.

Open a terminal and input the following command:

Question.png
[name@server ~]$  ssh -i /path/where/your/private/key/is/my_key.key <user name>@<public IP of your server>

where <user name> is the name of the user connecting and <public IP of your VM> is the public IP you associated with your VM in the previous step. The default user name depends on the image.

Image distribution name <user name>
Debian debian
Ubuntu ubuntu
CentOS centos
Fedora fedora
AlmaLinux almalinux
Rocky rocky

These default users have full sudo privileges. Connecting directly to the root account via SSH is disabled.

Connecting from a Windows machine

Creating an SSH session (Click for larger image)

If you want to use a Windows computer to connect to your VM, you will need to have an interface application to handle the SSH connection. We recommend MobaXTerm, and will show the instructions for connecting with MobaXTerm below. If you want to connect using PuTTY instead, see Connecting with PuTTY.

Specifying a private key (Click for larger image)

To download MobaXterm click here. To connect to your VM using MobaXterm follow these instructions:

  1. Open the MobaXterm application.
  2. Click on Sessions then press New session.



  3. Select an SSH session.
  4. Enter the public IP address for your VM in the Remote host address field.
  5. Ensure that the Specify username checkbox is checked, then enter the image type for your VM (ubuntu for example) into the username field, all lowercase.
  6. Click on the Advanced SSH settings tab, and check the Use private key checkbox.
  7. Click on the page icon in the far right of the Use private key field. In the pop-up dialogue box select the key pair (.pem file) that you saved to your computer at the beginning of this quick guide.
  8. Then click on OK. MobaXterm will then save that session information you just entered for future connections, and also open an SSH connection to your VM. It also opens an SFTP connection which allows you to transfer files to and from your VM using drag-and-drop via the left-hand panel.
Connected to a remote host (Click for larger image)














Where to go from here

Request access to a Windows image

To create a Windows VM on one of our clouds you must first request access to a Windows image by emailing technical support.

You will be provided access to a Windows Server 2012 Evaluation image and a username to use when connecting. The evaluation period is 180 days. It may be possible to apply a Windows license to a running VM created from this evaluation image, however we do not provide these licenses.

SSH key pair

Create key pair (Click for larger image)

Windows VMs encrypt the administrative account password with a public key. The matching private key decrypts the password.

We recommend creating a new key pair within the OpenStack dashboard rather than importing an existing key pair. To create a new key pairː

  1. Click on Access & Security from the left menu.
  2. Select the Key Pairs tab.
  3. Click on Create-Key-Pair-Button.png; the Create Key Pair window is displayed.
  4. Give your key pair a name.
  5. Click Create Key Pair button.
  6. Save the <key name>.pem file on your local drive.

If you would like to use an existing key pair with your Windows VM see the comments on key pairs below.

Launching a VM

Launch Instance (Click for larger image)

To create a virtual machine, click on the Instances menu item on the left, then click on Launch-Instance-Button.png

A form is displayed where you define your virtual machine.

  • Details tab
    • Availability Zone: There is only one zone; do not change its name.
    • Instance Name: Enter a name for your virtual machine. For details on naming rules see restrictions on valid host names.
    • Flavor: The flavor defines virtual machine hardware specifications; choose the 'p2-3gb' flavor.

      The Windows image is quite large and requires a large bootable drive. C-flavors, as described here, only have root drives of 20 GB, choosing a "p" flavor allows for larger root volumes. The smallest "p" flavor has 1.5 GB of RAM and from experience this is too little to run Windows well. Choosing a slightly larger flavor, such as "p2-3gb", improves the performance of the VM.

    • Instance Count: Number of virtual machines to create.
    • Instance Boot Source: What source should be used to boot the VM; choose Boot from Image (creates new volume).
    • Image Name: select the Windows image name you were provided.
    • Device Size: The size of the root drive; enter 30GB or more.

      The final operating system occupies approximately 20 GB of space, though more is needed during setup.

    • Delete on Terminate: If this box is checked the volume that is created with the VM will be deleted when the VM is terminated.

      It is generally recommended not to check this box as the volume can be deleted manually if desired and allows the VM to be terminated without deleting the volume.

    • Project Limits: The green bars reflect the fraction of your available resources that will be consumed by the VM you are about to launch. If the bars become red, the flavor chosen will consume more resources than your project has available. Blue bars indicate any existing resources your project may be using.
  • Access & Security tab
    • Key pair: Select your SSH key pair.

      If you have only one, it is selected by default. If you do not have a key pair, please see above.

    • Security Groups: Ensure the default security group is checked.
  • Networking tab: Do not change this now. Networking will be discussed later, after you have launched a virtual machine.

  • Post-Creation tab: Do not change this now.
  • Advanced Options tab: Leave Disk Partition on Automatic for now.

Once you have reviewed all the tabs and defined your virtual machine, click on the Launch button and your virtual machine will be created. The Instances list will be displayed and the Task field will show the current task for the VM; it will likely be "Block Device Mapping" initially. Once the VM has spawned and beginning to boot, it will have the Power State of "Running". It will likely take 10+ minutes to finish creating the volume and coping the image to it before beginning to boot.

Locality settings and license agreement

Locality Settings (Click for larger image)

When the VM first boots it will not finish booting until location, language, and keyboard settings are selected and you agree to the license using the console built into the OpenStack dashboard.

To get to the console:

  1. Go to Instances on the left hand menu.
  2. Click on the Instance Name of your Windows VM.
  3. Click on the Console tab to display the Instance Console and wait until you see a Settings screen as shown in the figure to the right.
    If you waited a significant amount of time the console screen may have gone into a screensaver mode (blank/black screen). If this is case, click on the blank/black screen so that it gains focus and if necessary press a key on your keyboard to wake it up.

The console mouse pointer often lags behind the actual mouse pointer location. You can either try to account for the lag or use keyboard shortcuts when the console screen has focus.

  • The tab key will select different fields.
  • The up and down arrows will select different options.
  • Under the Country or region drop down menu, letter keys move to the top of the countries beginning with that letter.
  • Finally press the tab key until the next box is selected then press the enter key.

You will then be presented with a request to accept the terms and conditions of the license agreement.

  • Press the tab key until the I accept box is highlighted.
  • Press the enter key.

At this point your VM will restart. Once it finishes restarting the Console will display a sign in screen with the current (UTC) time and date.

Network

Manage Floating IP (Click for larger image)
Add RDP Rule (Click for larger image)

On the Instances page is a list VMs with their IP address(es) displayed in the IP Address column. Each VM will have at least one private IP address, but some may also have a second public IP assigned to it.

Private IP

When your OpenStack project is created a local network is also created for you. This local network is used to connect VMs within that project allowing them to communicate with each other and the outside world. Their private IP address does not allow the outside world to reference that VM. Any VM created in your project will have a private IP address assigned to it from this network of the form 192.168.X.Y.

Public IP

Public IPs allow outside services and tools to initiate contact with your VM, such as allowing you to connecting to it to perform administrative tasks or serve up web content. Public IPs can also be pointed to by domain names.

To assign a public IP to a VM, you need to select Associate Floating IP from the drop-down menu button (indicated by ▼) of the Actions column in the Instances list. If this is your first time associating a floating IP, your project hasn't been assigned an external IP address yet. You need to click on the “+” sign to bring up the Allocate Floating IP dialog box. There is only one pool of public addresses, so the correct pool will already be selected; click on the Allocate IP button. The Manage Floating IP Associations screen is displayed again, indicating the IP address and the port (or VM) to which it will be associated (or more specifically NATted); click on the Associate button.

Firewall, add rules to allow RDP

To connect to your virtual machine using a remote desktop connection client, you will need to allow access for remote desktop protocol (RDP) to your VM.

  1. On the Security Groups tab, select Access & Security; on the default row, click Manage-Rules-Button.png
  2. On the next screen, click Add-Rule-Button.png
  3. RDP has a predefined rule. Select it in the Rules dropdown menu and leave CIDR under Remote.
  4. Replace the 0.0.0.0/0 in the CIDR text box with <your-ip>/32.

    If you don't know your current IP address you can see it by going to ipv4.icanhazip.com in your browser. Leaving 0.0.0.0/0 will allow anyone to attempt a connection with your VM. You should never allow completely open access with RDP as your VM will be susceptible to brute force attacks. This replacement will restrict RDP access to your VM only from this IP. If you want to allow access from other IPs you can add additional RDP rules with different IP address or you can specify a range of IP addresses by using this tool to calculate your CIDR rule from a range of IP addresses.

    If you leave RDP open to the world by leaving the 0.0.0.0/0 in the CIDR text box, a cloud administrator may revoke access to your VM until the security rule is fixed.

  5. Finally, click the Add button.

Remote desktop connection

Retrieving Windows instance password (Click for larger image)
Remote desktop client in Windows (Click for larger image)
Remmina remote desktop client in Ubuntu (Click for larger image)

To connect to a Windows VM we will use a Remote Desktop Connection client. To connect to your Windows VM you need to supply a floating IP, user name, and password.

Retrieving the password

Open the Retrieve Instance Password form:

  1. Go to Instances on the left menu.
  2. In the drop down menu next the instance select Retrieve Password.

The password has been encrypted using the public key you selected when creating the VM. To decrypt the password:

  1. Click the Choose File button and browse to your private key file.

    If you followed the steps above in the ssh key section, you should have a private key saved on your local computer with a ".pem" extension which matches the public key.

  2. Select the key and click Open.
  3. Click the Decrypt Password button at the bottom left.

Keep this form open as we will use the password in the next step. This process can be repeated later to retrieve the password again.

From a Windows client

Many Windows systems come with the remote desktop connection tool pre-installed. Try searching for "remote desktop connection" in your Windows system search. If you can not find it, you can go to the Microsoft store and install it. It should be a free installation.

Once you have run the remote desktop connection tool you should see a window similar to the one displayed on the right. To connect to your Windows VM:

  1. Enter the public IP address next to Computer.
  2. Add the user name you were provided with in the User name text box.
  3. Click the Connect button at the bottom.
  4. Enter the password retrieved in the previous step when prompted.
  5. Click the OK button.

You will likely be presented with an alert The identity of the remote computer cannot be verified. Do you want to connect anyway?. This is normal click Yes to continue. Once you connect you should see the desktop of your Windows VM displayed within the RDC window.

TODO: The specific certificate error is "The certificate is not from a trusted certifying authority". Is seeing this alert really normal? Do we want to register the Windows image certificate with a signing authority? Could we use letsencrypt or should we just ignore this issue?

From a Linux client

To connect via RDP from Linux you will need a remote desktop client. There are number of different clients out there but the Remmina client appears to work well when tested with Ubuntu. The previous link provides instructions for installing it in Ubuntu, Debian, Fedora and a few other Linux operating systems.

Once you have installed and launched Remmina to connect to your Windows VM:

  1. Click on Create a new remote desktop file (file with a green '+' sign).

    You should see a window similar to that shown on the right.

  2. Enter the public IP of your Windows VM next to Server.
  3. Enter the user name you were provided next to User name.
  4. Enter the password you retrieved in the above step next to Password.
  5. Click Connect.

From a Mac client

TODO: Anyone with a Mac want to write up this section?

License information

TODO: need to provide information which would be helpful for users to know what path to take to get a license. Should cover things like:

  • Where to go to get a license
  • What kind of license do I need/what licenses will work on the cloud
  • How to apply my license to my existing cloud VM
  • How to apply it to a new VM (if that is different than above bullet item)

Comments on key pairs

There are a couple different formats for key files and you can also choose to protect your private keys with passphrases or not. In order to be able to decrypt the Windows VM password your private key must be in OpenSSH format and not have a passphrase. If you created your key pair with OpenStack and downloaded the .pem key file it will already be in the correct format. If you used the ssh-keygen command to create your key pair and didn't specify a passphrase it will also likely be in the correct format. For more general information about key pairs see the SSH Keys page.

An example of an acceptable private key in the OpenSSH format without a passphrase:


BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvMP5ziiOw9b5XMZUphATDZdnbFPCT0TKZwOI9qRNBJmfeLfe
...
DrzXjRpzmTb4D1+wTG1u7ucpY04Q3KHmX11YJxXcykq4l5jRZTKj
-----END RSA PRIVATE KEY-----

The ... in the middle indicates multiple lines of characters similar to those above and below it. Below are two examples of private keys which will not work with OpenStack with Windows VMs

OpenSSH format with a passphrase:


BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CA51DBE454ACC89A

0oXD+6j5aiWIwrNMiGYDqoD0OqlURfKeQhy//FwHuyuithOSI8uwjSUqV9BM9vi1
...
8XaBb/ALqh8zLQOXEUuTstlMWXnhzBWLvu7tob0QN7pI16g3CXuOag==
-----END RSA PRIVATE KEY-----

ssh.com format without a passphrase


BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Comment: "rsa-key-20171130"
P2/56wAAA+wAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS
...
QJX/qgGp0=
---- END SSH2 ENCRYPTED PRIVATE KEY ----

Where to go from here