Getting Started with Apache CloudStack

This guide provides a quick view to start setting up your CloudStack environment.

Step 1: How to log into Apache CloudStack panel

The Apache CloudStack panel is the graphical user interface to create and manage instances in your cloud infrastructure. The login details can be found in your Customer Portal account.

Login to the Customer Portal
From the left menu click Cloud Compute > Elastic Compute
Click the Elastic Compute to expand the details than click Manage Elastic Cloud, which will bring you to the details page.
From the Actions drop down menu, click CloudStack Panel to get redirected to the CloudStack panel.
Enter your username, password and domain id to log in the CloudStack panel.

Information

These credentials are NOT the same as the ones you used to login to the Customer Portal.

You will find your CloudStack username, password and domain in the customer portal under Technical Details.

Step 2: Creating a virtual machine

CloudStack instances are virtual machines (VMs) from an OS template (disk image) or ISO (virtual CD). Each instance is a new standalone server with allocated cpu cores, memory, networking and disk space.

By clicking Add Instance in the Apache CloudStack panel, you enter the instance creation wizard to configure the server step by step.

From the left menu in the CloudStack panel choose Compute > Instances, click Add Instance
The Zone is already pre-filled based on the location of the CloudStack platform.
Choose a Template or ISO. Templates are images containing an OS used to boot up the server, or boot from an ISO a virtual DVD/ CD that can be uploaded separately.
Choose a Compute Offering for your Instance, which determines how many cpu cores and memory is allocated to the server.

Information

Info

In the left menu go to Service Offerings, click on Compute Offerings to add a compute offering.
Choose a Data Disk offering to add an additional volume to your server.

Information

Info

In the left menu go to Service Offerings, click on Disk Offerings to add a disk offering.
Choose a Network in which the server will be deployed.

Information

Info

A Network can be Isolated (add belong to a VPC) or Shared, which attaches a virtual NIC to the server providing a unique MAC address to assign an IPv4 and/ or IPv6 address.
Choose to associate an SSH key pair to the server. If you created SSH key pairs under the Account section they will show up here.
Select additional options under Advanced Mode, like boot type, add user data and/ or select an Affinity Group to place the virtual machine in. These options are not required but can help with setting up the virtual machine in a more specific state.
Enter a name and click Launch Virtual Machine.
After the server is deployed, you will see the password show up in the panel if password set has been configured in the chosen Template. In any other case start the web console from the top right when on the Instance details page to enter the server.

Step 3: Setting up firewall rules in an Isolated Network

Now that we have a virtual machine running, we can control how it communicates with the rest of the internet. The firewall feature is a service provided by the virtual router that comes with an Isolated Network. With an Isolated Network all public IP addresses are managed by the virtual router, therefore the virtual router can be used as provider of services like http load balancing, firewall and NAT addressing.

Information

If you have a Network of type Shared then your public IP addresses are directly attached to the virtual machines, meaning that there is no option in CloudStack to control firewall rules. You will need to setup firewall rules within the virtual machine’s OS, using IP tables or a tool like Ubuntu’s ufw.

Egress traffic

By default there are no egress rules configured on the Network. Go to Network > Select the Network and the tab Egress rules. Add the rule as shown in the screenshot below to allow all traffic from inside the network to go to the internet.

65110218

Ingress traffic

Firewall rules for ingress traffic are configured on IP address and allow you to create rules to accept traffic.

Firstly you will need to acquire a public IP address for the Isolated network, if you did not do so already. By acquiring a New IP address you are assigning already available IP addresses from your subnet to the Network that you are working in.

Information

A Public IP can be assigned to the virtual machine (via Static NAT or Port Forwarding).
A Public IP need to be acquired from the available range of IPs.
Network > Public IP Address > Acquire New IP
Note that the ‘CloudStack RouterVM’ (that acts as firewall/load balancer) uses the ‘SourceNAT’ IP.
Configure the public IP to forward all incoming traffic to the instance
This acquired public IP need to be configured to forward all incoming traffic to go to the Instance (via Static NAT) by clicking the button Enable Static NAT.
Select the virtual machine that you want to NAT the IP address to.
Now the IP address has a static NAT to the virtual machine selected and we can start configuring firewall rules for Ingress traffic to the virtual machine.
Go to the public IP address > Firewall to start adding firewall rules. The firewall rules need to be configured to control what is allowed.
Add the Source CIDR, Protocol and Start and End Ports to allow traffic to your virtual machine.
By adding the following rule you allow traffic from all IP address on TCP to all ports of the virtual machine
1. Source CIDR: 0.0.0.0/0
2. Protocol: TCP
3. Start Port: 1
4. End Port: 65535