Utrecht HowToCreateVirtualMachine

From Fiware NL Wiki
Jump to: navigation, search

This How To will describe the setup of a new virtual machine on the Utrecht FIWARE lab.
The result will be a running machine, with SSH access and the ability to access this machine by HTTP and HTTPs.

To start this guide, please goto to the FIWARE Lab cloud node on https://login.fiware-lab.nl.
Currently, we are using a self-signed certificate for this domain, you can ignore this in your browser.
HTTP connections are unsafe, and not provided anymore.
Utrecht fiwarelabloginscreen.jpg
note: If you do not have an account yet, send an email to fiware-lab@civity.nl with the purposes of your project.

Login to the Utrecht node, the following screen should be visible
Utrecht howtocreatevirtualmachinemainscreen.jpg

By following the next steps, you should be able to setup a virtual machine within this environment and access the virtual machine with an SSH connection. The example will setup a base Centos 6.x machine.

Step 1: create a Keypair

Before even setting up a new machine you must create a keypair. FIWARE Lab Utrecht environment only allows you to log on to your server using keypair value. No login password is required, but a keypair is used to authenticate. This keypair is important, do not loose it! Loosing your key will lock you out of the server!

This option is found at: Access & Security -> Keypairs tab.
Utrecht howtocreatevirtualmachinekeypairmenu.jpg

Select the 'create Keypair' and create a good description for this keypair. Avoid using spaces and special characters, since you might be using this keypair from commandline.

Utrecht howtocreatevirtualmachinekeypair.jpg

After creating the keypair, an automatic download is started. The downloaded file has the same name as the description with the .pem extension.
If using Linux or OSX, you need to set the correct rights to the file (400, read for you(4), no acces to all others (00))

Step 2: create security group

This step can be addressed at a later stage, but with a first setup it is a good option to make a default setup without forgetting this step at a later stage.
The default settings will block all communications to the server. Without changing these, you will not be able to access any service on the server from a remote location.
We will grant access to standard HTTP and HTTPS, and also to SSH access. HTTP(S) is optional, but most useful as you can setup an Apache host.
The defaults ports are 80, 443 and 25
Utrecht HowtocreatevirtualmachineSecurityGroupMenu.jpg

Select the 'Create Security Group' to create a new access rule
Utrecht HowtocreatevirtualmachineSecurityGroup.jpg

Please choose your name (only alphanummeric with underscores allowed) and description carefully.
After creating this group, please select it from the main page, press the 'Manage Rules' button
Add the rules as following: IP Protocol (all three use TCP), From and To ports are the same (no port translations) and use CIDR (the whole world) for access.
You can restrict this to your own IP address, if you want security to be higher

Entering the security rules looks like:
Utrecht HowtocreatevirtualmachineSecurityRules.jpg

You have now completed the first part, security

Step 3: create a new instance (vm)

Creating a virtual machine on the Fiware Utrecht lab is done with only a few steps.
In this howto, we will setup a CentOS server, but other flavours can also be launched.
A wide range of virtual images are available. These images are also available on the other Fiware nodes
Utrecht HowtocreatevirtualmachineLaunchInstanceMenu.jpg

Press the 'Launch Instance' button to start the setup of the instance

Step 4: configuring your new Instance correctly

You now need to create a name for your new instance. Keep in mind you cannot change this name afterwards, so pick a good (logic) name since you allowed to create more instances
If you select 'Boot from Image' in the 'Instance Boot Source', you can select one of the available Fiware Lab Utrecht images. Currently over 40 images are available on the Utrecht Node.
Utrecht HowtocreatevirtualmachineLaunchInstanceDetails.jpg
You can see in real time the available resources for your project. Larger Flavor will take up more resources
After setting the details, enter the 'Access & Security' tab

You will now be able to select your login keypair (SSH) and set your security groups (firewall rules). If you forgot a network security rule, you could add a new later.
These settings must be all correct! If you make a mistake, you will not be able to access the new instance
Utrecht HowtocreatevirtualmachineLaunchInstanceAccess.jpg
After setting the access & security settings, enter the 'Networking' tab

You will now enter the Networking settings. Most FIWARE labs only have one network available, drag the interface (shared-net in this case) from Available Networks to Selected Networks - NIC:1
A local network must be configured.
DO NOT USE an external IP at this stage, this will result in a faillure!
Utrecht HowtocreatevirtualmachineLaunchInstanceNetworking.jpg
After dragging the network interface, press the 'Launch' button

Now you new instance (virtual machine) is created. The machine is NOT running yet and will be 'spawning' with power state: 'NO STATE'

Creating and launching the machine will take around 2 minutes, depending on the launching images. Just be patient!
Utrecht HowtocreatevirtualmachineSpawning.jpg

If the machine is running, this will change to:
Utrecht HowtocreatevirtualmachineRunning.jpg

Step 5: Make the new instance available on the internet

To be able to access this machine from the internet, you need to assign a public IP address to the instance.
These are called floating IP, and limited available. You are allowed only one IP address from a pool on the FIWARE lab.

To create and assign a floating IP, goto Access & Security -> floating IPs and select 'Allocate IP to Project'
Utrecht HowtocreatevirtualmachineAllocateIPMenu.jpg
Some FIWARE Lab environments have multiple Pools available. Currently only one pool is available for users.
Select the 'Allocate IP' button to request your floating IP.
Utrecht HowtocreatevirtualmachineAllocateIP.jpg

Your External IP is now allocated to your project, but not yet to instance. You can associate this IP to your instance from the Instances menu, but also straight from the Floating IPs menu
Utrecht HowtocreatevirtualmachineAllocatedIPmenu.jpg

Select the Associate button.
Now select the instance to be associated with this IP:
Utrecht HowtocreatevirtualmachineAssociateIP.jpg

The IP is now allocated and associated with your new Instance.
The 'Instances' page will now show both the internal and external IP from your instance
Utrecht HowtocreatevirtualmachineAssociatedIPmenu.jpg

You are almost finished, your instance should now be available with a ssh client:
Some images don't allow root logins, but a quick try will tell you which username to use.
Utrecht HowtocreatevirtualmachineLoginCLI.jpg

$/> ssh -i .ssh/fiwareutrechtkeypair.pem centos@

If you can connect to your machine, you can finish configuring the machine with the desired packages and services: