Skip to content
Contact Support

VirtualData

VirtualData CLOUD - Cloud@VD

Presentation

You can find information on VitualData documentation site.

Quick start guide

This quick start guide details the minimum required steps to create a VM and access it via SSH. It is meant to provide first-time users with a general idea of how the OpenStack Horizon dashboard can be used for basic tasks. For more advanced usage of OpenStack, please refer to the offical OpenStack documentation.

Before going through this guide, please complete the following steps :

  1. Login to the dashboard
  2. Create or import a SSH key pair

Now, you could create a first VM :

  • In the menu Compute>Images choose an image and click on the Launch button. These images contain minimal installations of Linux distributions to be deployed to your VM disk on first boot. They typically contain a SSH server that will allow you to connect to the VM in the next steps.

00-user-quick-start-openstack-image

  • Give a name to your instance and click on Next > button.

01-user-quick-start-openstack-lauch-instance

  • On the next screen, you can leave the default boot volume size as it will be overriden by the volume size of the flavor choosen during the next step. You can enter a size here if you need a size larger than the default for your flavor. By default, this block device is not automatically deleted when you terminate your VM unless you opt-in by selecting Yes or Delete volume on instance delete. See the volume section for more information on how to manage volumes. Click on the Next > button when you are done.

02-user-quick-start-openstack-launch-instance-boot-source

  • Choose your flavor by clicking Up arrow in front of chosen flavor and click on Next > button. The flavour defines the resources allocated to your VM (CPU, RAM, disk size, etc.).

./03-user-quick-start-openstack-flavor

  • If you want to access to the VM from everywhere (Internet), you have 2 choices :

    1. The public-2 network (Note: public is deprecated and will be removed)
    2. A self-provisionned network, associated with a floating IP. A self-provisionned network is connected to a pre-configured router which provides external connectivity using NAT (similar to a typical home router), as well as the possibility to associate public floating IPs to your VMs. VMs will automatically obtain private IPs via an internal DHCP server. This is the recommanded choice.

You can choose by clicking Up arrow in front of chosen network. Click on Next > button.

04-user-quick-start-openstack-networks

  • In the security groups section, verify that Default security group is selected. By default all ports are closed except the SSH port. Each security group allows to open additional ports from other networks or from the public internet. The opening SSH access needs to be properly secured.

05-user-quick-start-openstack-security-groups

  • Select the SSH keypair that you created earlier and click on the Launch instance button.

06-user-quick-start-guide-key-pair

Once your instance is launched, you can check your instance status by going to Compute>Instances.

As mentioned above, if you choose a private network and not public, VM instances receive private IP addresses that are only reachable from within OpenStack networks, regardless of the security rules that were setup. To be able to reach your VM from the internet you need to associate a floating IP which is a public internet IP. While private IPs are virtually unlimited, internet IPs are a scarce resource and you will only be able to allocate a small amount of them (depending on the resources allocated to your project). While the instance is starting, associate a public floating IP address to your virtual machine by clicking Actions Associate Floating IP :

07-user-quick-start-guide-floating-ip

Warning

Given that your VM is exposed to the Internet and thus susceptible to potential attacks, it is imperative to secure it.

Once the VM is running, you should be able to reach it via SSH. Target the the floating IP you allocated, using your SSH private key and the centos login for a CentOS image, the ubuntu login for an Ubuntu image, the debian login for Debian image or the fedora login for a Fedora image.

$ ssh W.X.Y.Z -l ubuntu

The default cloud user generally has unrestricted sudo privileges

$ sudo apt install packageX

Overview

Once connected you will be presented with the overview screen :

00-overview-openstack-dashboard

  1. The Project dropdown right next to the Openstack logo allows you to select which project is currently displayed and managed through the Dashboard. All OpenStack resources such as VMs, block devices or networks are owned by a project. Users have rights in one or multiple projects which allow them to control resources owned by these projects.

  2. The Overview area displays how many resources are currently allocated compared to the project’s quotas.

  3. The Sidebar leads to panels dedicated to managing each type of OpenStack resources in particular :

    • The Compute panel to manage VMs, images and key pairs
    • The Volumes panel to manage block devices attached to VMs and backups
    • The Network panel to manage network resources such as private subnets, security groups, or floating IPs
    • The Orchestration panel to manage complex deployments of multiple resources using configuration templates
    • The Identity panel to manage authentication related concepts such as application credentials for CLI access

  4. By clicking on your login in the top right you may customize some dashboard settings such as the language and timezone. You can change here your password.

SSH Keys

VM images used with OpenStack are typically designed to be configured automatically at first boot using cloud-init.

In particular, cloud-init allows to install public SSH keys into the VMs so that access is granted to the adminstrator of the VM. OpenStack can leverage this feature to install public SSH keys created or registered as OpenStack key pair resources. The public keys to install can be selected at instance creation time using the web UI or the CLI.

The panel to manage Key Pairs can be accessed under the Compute > Key Pairs section :

00-ssh-key-pair-openstack

Importing an existing SSH public key

OpenStack allows you to import the public key of an existing SSH key pair using the Import Public Key button. The following modal dialog is displayed :

01-ssh-key-pair-openstack

Here you have to :

  • Name the key pair
  • Select SSH Key as the Key Type

Then you have two options :

  • Load it from a file by clicking Browse...
  • Paste it in the Public Key Text Area.

Then click the Import Public Key button.

Generating the SSH key pair within OpenStack

Click on the Create Key Pair button :

02-ssh-key-pair-openstack

Select SSH Key and name the key pair. The public key will be added to your list of keys while the private key will be downloaded by your browser.

Warning

Take care of this private key to ensure it won’t be stolen or lost. Store it in a dedicated folder with strict permissions, do not leave it to your default Download folder. You will not be able to download it again from the interface.

Networks

OpenStack allows to define virtual network topologies which are private to a project. These virtual networks can then be interconnected to public external networks. You are in full control of your private (also called self-service or self-provisioned) networks, for which you can configure IP subnets, routers, filtering rules and create network ports for your VMs as you wish. However your VMs network interfaces can only be assigned private IP adresses from your private subnets.

Instead, outgoing connexions from your VMs must go through a router which performs a network adress translation (NAT) from the private IP assigned to your VM to a public external IP managed by VirtualData.

For VMs hosting services that need to receive incoming connexions from external networks you can allocate public floating IPs from an IP pool managed by VirtualData and map these public IPs to private IPs in your network. All of this can be achieved with a few clicks or through the command line.

The Network>Topology panel is a good starting point to better understand these concepts. When your project is created, a default network topology is setup as represented below to accomodate the most common use cases.

Note

VirtualData allow user to start a VM with a public IP, using the network public-2 (Note: public is deprecated and will removed). This is a public network managed by VirtualData cloud to which public IP subnet is assigned. You can directly connect VMs to this network by we don't recommand to use it.

Floating IPs

Floating IPs are IPs reachable from the Internet which allow to direct ingress network traffic to your OpenStack VM instances.

They are a limited resource and must be used accordingly. Only VMs hosting a service that is directly accessed from the Internet need to use a floating IP. For outgoing traffic, a single router can provide NAT for all your VMs without having to allocate floating IPs for each VM.

Using a floating IP requires two separate steps. A floating IP first needs to be allocated from the VirtualData Cloud pool of floating IPs. Once the IP is allocated it is reserved for your project until you decide to deallocate it. Then, you can assign an allocated but unused floating IP to one of your instances network ports. This can be done from the Network>Floating IP or from the Compute>Instance panels. If you terminate an instance or unassign its floating IP, the IP remains allocated to your project until you manually deallocate it.

You can only allocate floating IPs up to your quota which is displayed in the dashboard overview.