Creating VMs
Boot Volume and Virtual Disks
Before creating a VM, the volumes for that VM need to be created first. Most importantly, the boot volume with the operating system image. The image can be selected in the settings during volume creation. As a guideline, 10-20GB should be sufficient, but this varies based on the programs that you would like to install. This boot volume can later be chosen during VM creation. For databases or smaller amounts of data, (up to 500GB) additional volumes can be created, that can be attached as additional volumes to the VM. Keep in mind, that any volume can only be attached to a single VM simultaneously.
Storage Types for Virtual Disks
Different types of storage are available for virtual disks (bronze and gold). Bronze storage is provided by spinning disks (HDDs) and gold storage by Flash-Memory (NVMEs). Bronze storage should generally be used for large amounts of files, whereas gold storage is suited for databases and Write Ahead Logs (WALs), that have requirements for low latency. See Data Storage for further details.
Security Groups
As a next step, security groups need to be defined. These offer comprehensive firewall protection which OpenStack implements on the port layer. Access to ports of the VM can be allowed only to selected IP addresses. Outgoing connections are permitted by the default
rule, which is automatically applied to all newly created VMs. This rule readily allows VMs in the same security group to communicate between each other. An additional security group with rules for incoming ICMP and SSH traffic, as well as further ports for your services, have to be created manually.
SSH
The virtual machines can be accessed via SSH for configuration. A public key is added to the .ssh/authorized_keys
file in the home directory of the VM’s default user on the first boot of the VM. If you do not already have an SSH key pair you should generate one locally and upload the public key to OpenStack. The username of the default user is equivalent to the name of the operating system (e.g. centos
, ubuntu
, … or sometimes cloud
). A login as root
should print out that name.
Network
If you want to have a fixed IP address, that remains constant after deleting your virtual machine, you should create a network port in advance. This is especially useful for publicly available services. Otherwise, you can also choose a network during instance creation and dynamically allocate an IP address. Please use the internal or public network of the IVV you selected in your project request form. As network security is handled by security groups on the port layer, there is no increased security by having a separate network for the virtual machines of your project.
Creating VMs
The last step, after having created a boot volume, the necessary security groups and an SSH key, is the actual creation of the VM. This step is also called “instance creation”, as virtual machines in OpenStack are traditionally instances of an image.