This guide provides a quick view to start setting up your CloudStack environment.
Step 1: How to log into Apache CloudStack panel
The Apache CloudStack panel is the place where you can create and manage your cloud infrastructure using a graphical user interface. The login details can be found in your Customer Portal account.
- Login to the Customer Portal and click on the ID of your Elastic Compute account.
- By clicking on CloudStack panel under Accounts you will be redirected to the Apache CloudStack panel where you can login. To login you will need to provide the Username, Password and Domain ID. These can all be found in the Elastic Compute overview page
In the Leaseweb Private Cloud portal, enter your credentials to login.
These credentials are not the same as the ones you used to login to the Customer Portal.
Enter your username, password, and Domain ID for Private Cloud.
You can find your Domain ID in the customer portal (under Technical Details, you can find the Domain ID).
For detailed information about the dashboard, click here.
Step 2: Creating a virtual machine
A virtual machine is a so called Instance in CloudStack creating from a template or ISO. It will generally contain the components CPU, RAM, Disk and a Network. By clicking Add Instance in the Apache CloudStack panel, you enter the instance creation wizard to configure the virtual machine step by step.
In step 1 you will be asked to select the Zone and media type for the setup of the OS.
The Zone can be lest on default since there is only 1 Zone available generaly.
In step 2 you can choose the media type for the installation of the OS.
Choose the media type Template or ISO to list the available media.
In step 3 you will be asked to select the Compute offering. Under Service Offerings in the main menu bar to the left you can create and manage offerings for Compute and Disk.
In step 4 you can add a separate disk to the virtual machine, which is called a DATADISK in CloudStack. First you will need to specify the disk size by going to Service Offerings > Disk Offerings > Add Disk Offering.
In step 5 you need to select the Network in which the virtual machine will be deployed. This Network adds a virtual NIC to the virtual machine, depended on the network type it will provide a unique mac and even an IPv4 address.
In step 6 you can associate a SSH key pair to the virtual machine that is available in CloudStack. If you created SSH key pairs under the Account section they will show up here.
In step 7 you can optionally go into advanced mode and select the boot type, add user data to the virtual machine and select an affinity group to place the virtual machine in. These options are not required but can help with setting up the virtual machine in a more specific state.
In step 8 you provide the virtual machine name and group, by leaving these field empty CloudStack generates an unique name for you.
After clicking on Launch Virtual Machine, the instance will be deployed by CloudStack and you will see the password show up after deployment.
This password can be reset by first stopping the Instance and then perform a Reset Password action.
Step 3: Setting up firewall rules in an Isolated Network
Now that we have a virtual machine running, we can control how it communicates with the rest of the internet. The firewall feature is a service provided by the virtual router that comes with an Isolated Network. With an Isolated Network all public IP addresses are managed by the virtual router, therefore the virtual router can be used as provider of services like http load balancing, firewall and NAT addressing.
If you have a Network of type Shared then your public IP addresses are directly attached to the virtual machines, meaning that there is no option in CloudStack to control firewall rules. You will need to setup firewall rules within the virtual machine's OS, using IP tables or a tool like Ubuntu's ufw.
By default there are no egress rules configured on the Network. Go to Network > Select the Network and the tab Egress rules. Add the rule as shown in the screenshot below to allow all traffic from inside the network to go to the internet.
Firewall rules for ingress traffic are configured on IP address and allow you to create rules to accept traffic.
Firstly you will need to acquire a public IP address for the Isolated network, if you did not do so already. By acquiring a New IP address you are assigning already available IP addresses from your subnet to the Network that you are working in.
A Public IP can be assigned to the virtual machine (via Static NAT or Port Forwarding).
A Public IP need to be acquired from the available range of IPs.
Network > Public IP Address > Acquire New IP
Note that the ‘CloudStack RouterVM’ (that acts as firewall/load balancer) uses the ‘SourceNAT’ IP.
- Configure the public IP to forward all incoming traffic to the instance
This acquired public IP need to be configured to forward all incoming traffic to go to the Instance (via Static NAT) by clicking the button Enable Static NAT.
- Select the virtual machine that you want to NAT the IP address to.
Now the IP address has a static NAT to the virtual machine selected and we can start configuring firewall rules for Ingress traffic to the virtual machine.
- Go to the public IP address > Firewall to start adding firewall rules. The firewall rules need to be configured to control what is allowed.
- Add the Source CIDR, Protocol and Start and End Ports to allow traffic to your virtual machine.
By adding the following rule you allow traffic from all IP address on TCP to all ports of the virtual machine
- Source CIDR: 0.0.0.0/0
- Protocol: TCP
- Start Port: 1
- End Port: 65535
After you have created an instance (your own virtual machine), and configured the firewall, you can do the following: