Adding a VM¶
Info
Projects need to have at least one VPC resource package enabled before any virtual machines can be created. You can follow this guide to add a new VPC.
- VMs can be added by clicking to ’Marketplace’ and selecting
Virtual machines
from the menu to go to the list of Virtual Machines. - Ordering a
Virtual Machine
requires a VM name and selection of a VM image. - Please select the
Image
for a VM and click on theSelect
button, returning to the form. - Selecting the initial VM resource profile, the flavor, by clicking on the
Flavor: Show choices
selector is mandatory. - The flavor will set the initial resource profile for a VM - how much RAM, vCPU cores, and storage it will have.
Info
We have currently limited GPU resource available for Virtual Machines
, therefore please check the GPU availability with HPC support: support@hpc.ut.ee.
Warning
VM images contain their minimum requirements information, and non-matching VM flavors are disabled automatically.
-
Selecting VM flavor will also update
System volume size
with the option to override it manually (to a higher custom value). The size ofData Volume
can be customized and incremented in 1 GB steps.System volume
must be at least 10 GB, whereasSystem volume
andData volume
must be equal to or less than VPC’s total Storage. -
By default, provisioned virtual machines expect users to log in using SSH keys. The initial SSH key for login should be selected by clicking on the
SSH public key: Show choices
selector.
Warning
There has to be at least one SSH public key added to the user profile for it to appear in the SSH key selector list.
Info
In order to log in to your newly created VM over SSH, you need to use a username depending on your choice of VM Image type and your SSH-RSA key-pair. By default password authentication is disabled.
-
Default usernames for login are as follows:
- CentOS images: CentOS
- Ubuntu images: Ubuntu
- Debian images: Debian
- FreeBSD images: FreeBSD
-
While selecting
System volume type
it should be taken into consideration that prod2 is for production, whereas scratch is for testing purposes only.
Info
For production prod2 is recommended because technology used by scratch is not under official support.
Security Groups¶
- By default, no incoming connections will be allowed for a VM. Predefined Security Groups (firewall rules) must be linked to a VM in order to open up access (like ssh, HTTP, etc.). By clicking the
Details
button, you can see the details about the availableSecurity Groups
.Security Groups
can be added while ordering the VM or afterward by editing.
Info
VM create form will automatically include a default
security group that enables egress (outgoing) traffic for a VM and which is required in order to reply to any of the incoming packets.
-
The list of Security Groups are as follows:
- Allow-all: Security group for all access. Since it will be removed soon, not recommended to use.
- Default: Default security group. Egress, outbound traffic.
- PING: Security group for ping. Allow ICMP.
- RDP: Security group for removing desktop access. Allow TCP 3389.
- SSH: Security group for secure shell access. Allow TCP 22.
- WEB: Security group for HTTP and HTTPS access. Allow TCP 443 and 80.
-
VM needs to be connected to at least one of the VPC (internal) networks and an external network via floating IP - if external/public access to VM is required.
Info
Floating IP is technically realized as 1:1 NAT between VM internal IP and public network IP.
- We strongly suggest also adding
VM description
. In order to provision the VM, please click on theAdd to cart
button.
Info
On the right pane, there will be a Checkout summary
with the purchase overview and indicative VM cost (as part of the VPC package cost).
- VM should reach into
Active
status when successfully provisioned. TheAccess
field will show the IP address to access VM over SSH (Linux) or over RDP (Windows).
Info
VM access over SSH or RDP should be permitted by Security Groups
linked to VM.
Info
OpenStack VPC VM-s will have an additional 64 MB virtual hard disk attached to VM, which functions as a cloud-init configuration drive (not supported by self-service yet, only user-data support at the moment).