Skip to content

Using Cloud resources

There are some basic steps that need to be taken to spin up a VM through the Horizon GUI in OpenStack. While some basic network configurations is set up automatically, you need to have an SSH key to access the VM, and you need to open ports in the firewall (via Security Groups) to access it.

Logging in

Assuming you are a member in a Cirrus project in SUPR, first request a Cirrus account from SUPR. After about 30 minutes, your account should be set up, and you can go to https://cloud.swesrc.chalmers.se and select "Authenticate via c3se keycloak" in the dropdown list, then click Sign in and use SUPR to authenticate.

Creating an instance

  1. Set up keypairs under Compute -> Keypairs. This is to make sure your SSH keys are loaded into the VM. You can upload an SSH public key of your own, or create and download a private-public key pair through the GUI. You will need to place it into your ~/.ssh/ folder and, on a Unix-like system set the permissions to 600 (only the user can read and write), chmod 600 filename.pem, for it to work with most SSH clients.
  2. Go to Compute -> Instances.
  3. Click Launch Instance. Set a name, and go to "Source".
  4. Let "Create new volume" be set to "Yes", and set "Delete Volume on Instance Delete" to "yes" as well. This will create a separate storage volume for your OS, which is still tied to that VM, which is normally what you want. You need to make sure the volume size is big enough, typically 10-20 GB will be sufficient.
  5. Pick the base image, e.g. "rocky9".
  6. Pick the flavour. Note that the disk will not be used when you creat a separate volume for the disk.
  7. Make sure your keypairs are there under "Key pair".
  8. Under "Networks" select the network with your project name if it is not already selected.

Setting up firewall rules (security groups)

Once the volume boots up successfully (the instance goes into state Running), you can set up a security group under Networks -> Security Groups. A Security Group is just a collection of firewall rules.

Click "Manage Rules" once you have created your security group, then "Add Rule". For e.g. SSH, you will want:

  • Custom TCP Rule
  • Ingress
  • Port 22
  • CIDR 129.16.0.0/16 (Allow all Chalmers IP:s. Be careful about making this rule more permissive if you are not certain that your machine is locked down.)

You can then go back to your instances, expand the menu, and click "Edit Security Groups". Add your newly created security group to make SSH available. After this, click "Associate floating IP". Click the plus symbol to auto-allocate a public IP and then click Associate.

Accessing the VM over SSH

You should be able to SSH into the machine with your SSH key using the allocated public IP and the name for the OS, e.g.,

ssh -i .ssh/path_to_key.pem rocky@129.16.122.xxx`

for Rocky Linux, cirros for Cirros, ubuntu for Ubuntu. This user will have passwordless sudo rights.

If you want to expose other ports, like 3389 for RDP, 443 for HTTPS, or other custom ports, you can create a security group or add them to an existing one.

Accessing the console in a browser

For console access through the browser, which is sometimes needed for debugging, some operating systems have default passwords, but others like Rocky do not. In that case, you can use a cloud-init config in the "Customization script" section of the "Configuration" part of launching an instance:

#cloud-config
chpasswd:
    expire: false
    users:
        - { name: root, password: some_password_here, type: text }
ssh_pwauth: false

This will allow you to log in with the specified password via the web console.

Using the CLI

You can also make an API key and access OpenStack via the Rest API or CLI, go to Identity -> Application Credentials, set the name and expiration time, and then create it. You can download the credentials as a clouds.yaml file which you can put in the directory from which you run the OpenStack CLI Client (Python package openstackclient). To spin up a VM, you can use

$ openstack server create /
    --flavor $flavor_name_or_id /
    --image $image_name_or_id /
    --boot-from-volume $volume_size_in_gb /
    --network $network_name_or_id /
    --security-group $security_group_name_or_id /
    $vm_name
$ openstack server show $vm_name

You can get the names and ID:s for the necessary variables with the client as well, e.g. openstack network list.

Flavors and cost

OpenStack VM:s come in flavors, which determine how many vCPU cores and how much RAM the VM has. The following flavors are available for users:

Name Cores RAM Cost (coins/h) Cost (k-coins/30 d)
Mini 1 2 GB 1 0.72
Small 2 8 GB 3 2.16
Medium 4 16 GB 6 4.32
Large 8 32 GB 12 8.64
XLarge 16 64 GB 24 17.28
XXLarge 32 128 GB 48 34.56
XXXLarge 64 512 GB 160 115.2

Use this table to estimate your required resources. If you run out of resources, your ability to start new VM:s will be restricted. If you continue to run over your quota further action may be taken, such as shelving your VM:s, to free up resources.