Skip to content

Setup Virtual Datacenter

This chapter describes the necessary steps to create a virtual Router (VR) and a private network and to make the most important firewall settings. Furthermore, it describes how to install (deploy) your first virtual server (VM) in the created network.

Setup Network Topology

Create Router (VR)

To access the internet from a virtual server, a VR is always required, which establishes the connection between the Private and Public Network.

To do this, follow these steps:

  • Click on Network => Network Topology on the left in the navigation bar.

  • Then click on the Create Router button in the top right.

  • Now enter the following in the input mask:

    • a Router Name and
    • select the external network "public", then
    • select no Availability Zone and click OK.

Tip

By default, Virtual Routers (VR) are always deployed as highly available, with a Master and a Slave. If you select no Availability Zone, the Master will be deployed, for example, in AZ1 and the Slave in AZ2. However, if needed, you can also select a specific AZ where both the Master and Slave will be deployed.

image

If you now click on Network Topology in the navigation after the VR has been created, the following image will appear:

image

Create Network (Private / Public)

Next, we will create a Private Network (Private /24) where we will later deploy the VMs.

  • To do this, click on Network => Network Topology on the left in the navigation bar.
  • Then click on the +Create Network button in the top right.

image

  • Now enter the following in the first input mask Network:

    • desired Network Name
    • Leave the two checkboxes "Enable Admin State" and "Create Subnet" checked.
    • select no Availability Zone
    • then click Next.

Tip

If you select no Availibility Zone, the network services such as DHCP and metadata are deployed as highly available in all Availability Zones of a region by default. However, if needed, you can also select only a specific AZ where these services will be deployed.

image

  • Now enter the following in the Subnet input mask:

    • enter desired "Subnet Name"
    • Enter a valid Private Network Address for the subnet.
    • select the IP Version (IPv4 in our example)
    • If you leave the "Gateway IP" field empty, the default GW of the subnet will be used (in our example 192.168.50.1). Click Next to continue.

image

  • Finally, enter the following in the Subnet Details input mask:

    • Activate the "Enable DHCP" checkbox so that your servers will automatically receive an IP address from the Private Network's address range later.

    • In the "Allocation Pools" field, you can optionally define or restrict the IP range used by DHCP. For further explanations, please click on the question mark next to the respective input field.

    • In the "DNS Name Servers" field, you can optionally enter the IP addresses of a preferred DNS server.

    • Optionally, in the last field "Host Routes", you could enter specific routes. For our example, we will leave it empty.

  • Now click Create to finalize the process.

image

Now the Network is created, and the Network Topology looks like this:

image

Connect Router to Network (Add Interface)

To establish the connection between the Network and the Router, hover your mouse over the Router Symbol and then click on +Add Interface.

image

  • Then select your network (Subnet) and confirm with Submit.

image

The Network is now connected to the Router.

image

If not already done in the next chapter, create an ssh-rsa Key for later access to the VM, or click on this link launchvm to install (deploy) a VM.

Create ssh Key Pair

There are many ways to generate an "ssh-rsa Key". A simple way is provided by the OpenStack Portal, via the menu item "Compute > Key Pairs". You can also import an existing key through this menu. When deploying a VM, you can then select this key in the "Launch Instance Wizard" and use it to access your Linux VM.

Tip

We recommend importing or creating an "ssh-rsa Key" as early as possible before deploying a VM.

Switch to Compute => Key Pairs in the navigation and click on +Create Key Pair.

image

  • Now enter a "Name" for the Key Pair.
  • Then click on +Create Key Pair role="guilabel"}.

image

The Key Pair (Public & Private Key) is now created, and you can view the Public Key by clicking on the Key Name.

image

Caution

The created Private Key is automatically downloaded in the browser. You should store this securely, as it allows access to your VM without a password!

image

Note

The generated Private Key must be converted before use in "Putty" (see How to convert a PEM to PPK File Format).

Server Groups

Depending on the solution you intend to build, it may be necessary for certain VMs to be deployed on the same or different hosts.

For example, if you want to build a cluster with VMs, it is crucial for high availability that the VMs are not all located on the same physical host. If this host fails, all VMs in the cluster would be affected! To control this, you can deploy Instances (VMs) using OpenStack Server Groups with an Affinity or Anti-Affinity policy.

Important

A VM can only be assigned to a Server Group during deployment! This means that the Server Group must be created BEFORE deploying the VMs and selected when deploying the VM!

  • Affinity means that all Instances in the group are installed on the same physical host.

  • Anti-Affinity means that all Instances in the group are installed on a different physical host.

Note

Please use the Soft Affinity and Soft Anti Affinity Policy, as this option allows for temporary migration and starting of a failed VM on the same host in case of a disruption or maintenance, should no other free host be available at that time.

To create a Soft Anti Affinity Group, switch to Compute => Server Groups in the navigation and click on +Create Server Group.

image

  • Now enter a descriptive "Name" for the Server Group.

  • Then select the corresponding policy, for example Soft Anti Affinity.

  • Then click Submit.

You can now select this Server Group during VM deployment in the "Launch Instance Wizard" in the Server Groups section (see setservergroup).

Launch Instance

Prerequisites

In this section, you will learn how to install (deploy) one or more VM Instances. The "Launch Instance Wizard" will assist you, prompting for the required information. You can also create necessary prerequisites here, such as setting up a network or creating an SSH Key for later access to the VM.

Tip

We recommend creating a Router with a Network, SSH Keys (see Create SSH Key Pair), and possibly Create Server Group beforehand as much as possible.

Important

Please note, a VM can only be assigned to a Server Group during deployment! This means that the Server Group must be created BEFORE deploying the VMs and selected when deploying the VM!

Start Wizard

Now switch to Network => Network Topology in the navigation, click the Launch Instance button, and enter the required information. Click Next to move to the next input mask. Once all "mandatory information" has been entered, the Launch Instance button becomes active (blue), and you can "launch" (deploy) the VM(s).

image

Details

  • Now enter the missing information in the Details input mask:

    • "Instance Name" - the name of the instance and optionally a description in the "Description" field.
    • "Availability Zone" - select where the instance should be deployed.
    • "Count" - number of instances to be deployed with the same settings.
    • now click Next.

Tip

By default, VMs are deployed in any AZ of this region. If you want to deploy the VM in a specific AZ, please select the corresponding Availability Zone. The VM cannot be moved to another AZ later!

image

Note

OpenStack offers multiple options for choosing the Boot Source, which must be considered in the Flavor step when selecting the Flavor type.

The most common options are:

Boot Source Create New Volume Compatible Flavor-Types Comment
Image > Yes All "Zero-Disk" Flavors (g*) e.g. g1.2c4m, Total Disk = 0 A new Boot Volume will be created, where you can specify the Size (GB) of it.
Image > No All "Standard" Flavors (e* & m*) e.g. e1.micro, Total Disk = 20GB Flavor must have a Root Disk included see Flavor List Column "Root Disk" >0 GB

Note

Differences between Flavor types in Table

Source

In the following example, a "Zero-Disk" Flavor is used, and a Volume is created.

Please select the image with the corresponding operating system.

  • To do this, enter the missing information in the Source input mask:

    • "Select Boot Source": "Image"
    • "Create New Volume": "Yes"
    • "Volume Size GB": Please enter the desired size for your Root Volume.
    • "Delete Volume on Instance Delete": "No" Important1.
    • Select the desired "Image" from the list using the arrow.
    • now click Next.

image

The selected image is displayed.

image

Flavor

Next, in the Flavor input mask, select the appropriate (Zero-Disk) configuration (vCPU, RAM) for your VM by choosing a Flavor:

  • To make the list clearer, you can use the filter.

  • To select, click the up arrow on the right of the g1.2c4m row, for example.

image

The selected Flavor appears at the top in the Allocated section. With the down arrow, you could undo the selection there and choose a different Flavor.

  • By selecting the Flavor, all necessary information for deploying the VM is already provided, and you can click Launch Instance at the bottom of the window to complete the process.

  • If you optionally want to make further settings, such as creating or selecting an SSH Key Pair, click directly on this item in the navigation, or click Next until you reach the desired input mask.

image

Note

Behind the Details arrow, you will find a lot of information about the respective Flavor, such as impacts on your Quota Limit, Disk QoS, or VIF QoS.

Networks

  • If, as recommended, you have already created a network, it will be automatically selected here (Allocated). If you have multiple networks, please select the network into which your VM should be deployed.

    • now click Next.

image

Network Ports

  • Optionally, if previously created, you can connect your VM with ports here.

    • now click Next.

image

Security Groups

  • By default, your VM is assigned to the "Default Security Group". Optionally, if previously created, you can assign your VM to another Security Group here. You can change the Security Group later as well.

    • now click Next.

image

Warning

Windows License KMS activation Ports - in the OpenStack standard Security Group Default Security Group, the Egress port to the KMS Licensing Server is open so that Windows license activation works! If you use your own Security Groups and Windows Server, ensure that Egress to oskms.ewcs.ch 217.20.195.145/32 Port 1688 is allowed.

Key Pair

  • If you have previously created an ssh Key Pair, you can select it here, import an existing Key Pair, or create a new one. (see Create SSH Key Pair)

    • now click Next.

image

Configuration

  • Optionally, you could store configurations here that should be executed after your VM starts. This requires a deep understanding of the system, which is not covered here.

    • now click Next.

image

Server Groups

  • Optionally, you could assign your VM to a previously created "Server Group" here, which can be important for cluster solutions (see Server Groups).

    • now click Next.

image

Scheduler Hints

  • With this option, additional "hints" (e.g., CPU type) could be provided to the "Scheduler process" that deploys the VM, which will be considered if possible. This requires a deep understanding of the system, which is not covered here.

    • now click Next.

image

Metadata

  • With this option, "metadata" can be added to the VM instance. This requires a deep understanding of the system, which is not covered here.

    • now click Next.

image

If you have entered all the required information, the Launch Instance button should now also be activated, and you can click it to deploy the VM. If information is still missing, it will be indicated by an *(asterisk) on the left in the corresponding section.

You can now see the status of your VM in the navigation under "Compute > Instances".

image

Setup Security Group

In this section, you will learn how to create a Security Group and set up a firewall rule so that you can access your VM (Linux) via ssh over the internet. A Security Group is a Software Firewall that allows you to create rules for incoming (Ingress) and outgoing (Egress) connections, thereby restricting them. All VMs that are members of this "Security Group" apply the rules of the Security Group.

Tip

We recommend creating Security Groups with corresponding rules as early as possible before deploying a VM, so you can simply select them in the "Launch Instance Wizard".

Create Security Groups

Switch to Network => Security Groups in the navigation and click on +Create Security Group, and enter the information.

image

  • Now enter a "Name" for the Security Group and optionally a description in the "Description" field.
  • Then click +Create Security Group.

image

The Security Group is now created, and you will receive a notification in the top right of the screen and see the created group in the list. * Now click on Manage Rule for this Security Group. image

Create Security Groups Rule

By default, an Egress Rule (any/any) is automatically created to allow outgoing connections. Now click on +Add Rule to create the desired ssh Rule.

image

Now enter the information or select the SSH template from the Rule list. To do this, click on "Custom TCP Rule".

image

  • Now click on SSH and confirm the selection with the Add button.

image

By selecting the "SSH" template, the input for the Rule is reduced to the Remote network address (CIDR) field, which defines from where access is allowed. It is also possible to specify another Security Group as the Remote network, which allows for a comprehensive rule set.

image

Now the SSH Ingress Rule (tcp / PORT 22) is created and appears in the list, which is acknowledged by a notification in the top right of the screen.

image

Assign Security Group

For a Security Group to be applied by a VM, it must also be assigned to the network port or interface.

  • To do this, click on Compute => Instances in the navigation and then on Edit Security Groups in the Interfaces tab.

image

  • Then click on the plus sign in the left half of the screen so that this Security Group is added to the VM's port.

image

Now confirm by clicking the Update button.

image

Assign Public / Floating IP

In this section, you will learn how to assign a fixed Public IP address to your VM. For the VM to be reachable from outside, a public IP (Floating IP) must first be assigned.

Tip

We recommend restricting access to your VM from the Public network. You can achieve this in the Security Groups settings with appropriate rules.

Associate Floating IP

Switch to Instances in the navigation, click on the "Arrow", and select Associate Floating IP.

image

  • Now click on the "Plus sign" and then on Associate.

image

  • Now select "public" and click on Allocate IP.

image

  • Now select the Public IP address and click on Associate.

image

  • The assigned Public IP address is now displayed, and you can access your VM via ssh using this address.

image

Footnotes

  1. For example, if you need to temporarily delete the associated Instance for a re-sizing of the Root Volume, the Volume remains and you can use it again for launching a new Instance (VM) after the Volume Re-Size. Otherwise, the associated Root Volume will be deleted without warning when the Instance is deleted!