Acronis Cyber Infrastructure 4.
Table of contents 1 About this guide 4 2 Logging in to the self-service panel 5 3 Managing users and projects 6 3.1 Creating users 6 3.2 Assigning users to projects 7 3.3 Viewing project quotas 9 4 Managing compute resources 4.1 Managing virtual machines 11 4.1.1 Supported guest operating systems 11 4.1.2 Creating virtual machines 12 4.1.3 Connecting to virtual machines 16 4.1.4 Managing virtual machine power state 17 4.1.5 Reconfiguring and monitoring virtual machines 17 4.1.
4.6.2 Managing static routes 4.7 Managing floating IP addresses 51 4.8 Managing load balancers 52 4.8.1 Managing balancing pools 4.
1 About this guide This guide is intended for domain administrators and project members and explains how to manage project users and compute resources using the self-service panel.
2 Logging in to the self-service panel To log in to the self-service panel, do the following: 1. Visit the panel’s IP address on port 8800. 2. Enter your domain name (case sensitive) as well as user name and password. Alternatively, if you are given the link to the self-service panel for a specific domain, you will only need to provide the user name and password.
3 Managing users and projects A user can be assigned one of the following roles: l A domain administrator can manage virtual objects in all projects within the assigned domain as well as project and user assignment in the self-service panel. l A project member acts as a project administrator in a specific domain in the self-service panel. A project member can be assigned to different projects and can manage virtual objects in them. You can create, view, and edit users on the All users tab.
3.2 Assigning users to projects Domain administrators can manage project members’ assignment on the All projects and All users screens. To assign a user to a project, do one of the following: l On the All projects screen: 1. Click the project to which you want to assign users (not the project name). 2. On the project panel, click Assign members. 3. In the Assign members window, choose one or multiple users to assign to the project. Only user accounts with the Project member role are displayed.
l On the All users screen: 1. Click the user account with the Project member role whom you want to assign to the project. 2. On the user panel, click Assign to project. 3. On the Assign user to projects window, select one or multiple projects, and then click Assign. To unassign a user from a project, do one of the following: l On the All projects screen: 1. Click the project to unassign users from. 2. On the project panel, open the Members tab. 3. Click the cross icon next to a user you want to unassign.
l On the All users tab: 1. Click the user to unassign from the project. 2. On the user panel, open the Projects tab. 3. Click the cross icon next to the project from which you want to unassign the user. 3.3 Viewing project quotas Each project is allocated a certain amount of compute resources by means of quotas. To view quotas of a project, open Projects, click the desired project in the list, and then switch to the Quotas tab.
© Acronis International GmbH, 2003-2020
4 Managing compute resources 4.1 Managing virtual machines Each virtual machine (VM) is an independent system with an independent set of virtual hardware. Its main features are the following: A virtual machine resembles and works like a regular computer. It has its own virtual hardware. l Software applications can run in virtual machines without any modifications or adjustment. Virtual machine configuration can be changed easily, for example, by adding new virtual disks or l memory.
Linux distributions and versions l CentOS 8.x, 7.x, 6.x l Red Hat Enterprise Linux 8.x, 7.x l Debian 10.x, 9.x l Ubuntu 20.04.x, 18.04.x, 16.04.x 4.1.2 Creating virtual machines Before you proceed to creating VMs, check that you have these: l Prepare a guest OS source (refer to "Managing images" (p. 31)): o A distribution ISO image of a guest OS to install in the VM o A template that is a boot volume in the QCOW2 format o A boot volume.
If you attach more than one volume, the first attached volume becomes the boot volume, by default. To select another volume as bootable, place it first in the list by clicking the up arrow button next to it. After selecting the boot media, volumes required for this media to boot will be automatically added to the Volumes section. 4. Configure the VM disks: a. In the Volumes window, make sure the default boot volume is large enough to accommodate the guest OS.
7. Add network interfaces to the VM in the Networks section: a. In the Networks interfaces window, click Add, select a compute network, and then click Add. A network interface connected to the selected network will appear in the Network interfaces list. b. (Optional) Edit additional parameters of newly added network interfaces, such as IP and MAC addresses. To do this, click the ellipsis icon, click Edit, and then set the parameters. You will not be able to edit these parameters later.
l Add an SSH key to the VM, to be able to access it via SSH without a password. In the Select an SSH key window, select an SSH key and then click Done. l Add user data to customize the VM after launch, for example, change a user password. Write a cloud-config or shell script in the Customization script field or browse a file on your local server to load the script from.
To inject a script in a Windows VM, refer to the Cloudbase-Init documentation. For example, you can set a new password for the account using the following script: #ps1 net user 9. After configuring all of the VM parameters, click Deploy to create and boot the VM. If you are deploying the VM from an ISO image, you need to install the guest OS inside the VM by using the built-in VNC console.
To be able to connect to a VM via SSH, make sure it has cloud-init and OpenSSH installed (refer to "Preparing templates" (p. 33)). To connect to a VM via SSH, specify the username and VM IP address in the SSH terminal: # ssh @ Linux cloud images have the default login, depending on the operating system, for example, centos or ubuntu. To connect to a Windows VM, enter the username that you specified during Cloudbase-Init installation.
Storage read/write Amount of data read and written by the VM. Read/write latency Read and write latency. Hovering the mouse cursor over a point on the chart, you can also see the average and maximum latency for that moment, as well as the 95 and 99 percentiles. Note Averaged values are calculated every five minutes. To reconfigure a VM, select it and, on the Overview tab, click the pencil icon next to a parameter you need to change.
l You can send a VM to the rescue mode only if its current status is “Active” or “Shut down”. l There are only three actions available for the VM in the rescue mode: Console, Exit rescue mode, and Delete. l If a rescue image has cloud-init installed, then the VM booted from it can be accessed with the same SSH key that was used for its creation. To put a VM to the rescue mode, follow the steps: 1. On the Virtual machines screen, click the required VM on the list. 2.
Installing guest tools To install the guest tools inside a virtual machine, do the following: Inside a Windows VM: l 1. Download the Windows guest tools ISO image provided by your system administrator. 2. Mount the image inside the VM. o On Windows 8 or Windows Server 2012 or newer, you can natively mount an ISO image. To do this, right-click the guest tools ISO image and select Mount. o On Windows 7 and Windows Server 2008, you need a third-party application to mount ISO images. 3.
> reg delete HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\\ VzGuestToolsMonitor 5. Delete the autorun registry key for RebootNotifier: > reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v \ VzRebootNotifier 6. Delete the C:\Program Files\Qemu-ga\ directory. If VzGuestToolsMonitor.exe is locked, close all the Event Viewer windows. If it remains locked, restart the eventlog service: > sc stop eventlog > sc start eventlog After removing the guest tools, restart the virtual machine.
If a VM is stuck in a failed or transitional state, you can reset the VM to its last stable state: active, shut down or shelved. To do this, click Reset state on the VM right pane. To troubleshoot a VM, you can also examine the VM console log by clicking Download console log on the VM right pane. The log will contain log messages only if logging is enabled inside the VM, otherwise the log will be empty. To enable logging, do the following: In Linux VMs, enable the TTY1 and TTYS0 logging levels: l 1.
4.2 Managing Kubernetes clusters Self-service users can deploy ready-to-use Kubernetes clusters with persistent storage for managing containerized applications. A Kubernetes cluster includes the following components: Component Name and version Underlying OS Fedora 29 Atomic Host Container runtime Docker 1.13.1 Network plugin Flannel with VXLAN The prerequisites for creating a Kubernetes cluster are: l The Kubernetes-as-a-service component.
2. In the Network section, select a virtual router mentioned in the prerequisites above. It is also recommended to check the Use a floating IP address box. In this case, the Kubernetes nodes will be assigned public IP addresses, simplifying access to them. 3. In the Master node section, select a flavor, and then choose whether or not to enable high availability for the master node. If you enable high availability, three master node instances will be created. They will work in the Active/Active mode. 4.
6. Finally, click Create. Creation of the Kubernetes cluster will start. The master and worker nodes will appear on the Virtual machines screen, while their volumes will show up on the Volumes screen. After the cluster is ready, click Kubernetes access for instructions on how you can access the dashboard. To delete a Kubernetes cluster, click it on the Kubernetes clusters screen and click Delete. The master and worker VMs will be deleted along with their volumes. 4.2.
1. Access the Kubernetes cluster via the dashboard. Click Kubernetes access for instructions. 2. On the Kubernetes dashboard, create a storage class, as described in "Creating storage classes" (p. 25). 3. Create a persistent volume claim.
metadata: name: nginx spec: containers: - image: nginx imagePullPolicy: IfNotPresent name: nginx ports: - containerPort: 80 protocol: TCP volumeMounts: - mountPath: /var/lib/www/html name: mydisk volumes: - name: mydisk persistentVolumeClaim: claimName: mypvc readOnly: false This configuration file describes the pod nginx that uses the persistent volume claim mypvc. The persistent volume bound to the claim will be accessible at /var/lib/www/html inside the nginx container.
3. On the Kubernetes dashboard, create a storage class, as described in "Creating storage classes" (p. 25). 4. Create a persistent volume. To do it, click + Create and specify the following YAML file: apiVersion: v1 kind: PersistentVolume metadata: annotations: pv.kubernetes.io/provisioned-by: csi-cinderplugin name: mypv spec: accessModes: - ReadWriteOnce capacity: storage: 10Gi csi: driver: cinder.csi.openstack.
6. Create a pod and specify the PVC as its volume. Use the example from Step 3 in "Dynamically provisioning persistent volumes" (p. 25). In the self-service panel, the compute volume will be mounted to the virtual machine running the Kubernetes pod.
4.2.2 Creating external load balancers in Kubernetes In Kubernetes, you can create a service with an external load balancer that provides access to it from public networks. The load balancer will receive a publicly accessible IP address and route incoming requests to the correct port on the Kubernetes cluster nodes. To create a service with an external load balancer, do the following: 1. Access the Kubernetes cluster via the dashboard. Click Kubernetes access for instructions. 2.
Once the load balancer is created, it will be allocated an IP address from the shared physical network and can be accessed at this external endpoint. l If you have deployed the Kubernetes cluster in a virtual network linked to a physical one via a virtual router, you can use the YAML file above without the annotations section for the loadbalancer service. The created load balancer will receive a floating IP address from the physical network and can be accessed at this external endpoint.
Important The OS type affects VM parameters such as hypervisor settings. VMs created from an image with an incorrect OS type may not work correctly, for example, they may crash. 3. Click Add to start uploading the image. Upload progress will be shown in the bottom right corner. Important Do not reload the page while the image is being uploaded or the process will fail. Note If you select an image assigned to a placement, the created virtual machine will also be included in this placement.
4. Click Create. The new volume will appear on the Volumes screen. 4.3.3 Mounting ISO images to virtual machines Note This feature is supported only for Linux virtual machines. To mount an ISO image to a Linux VM, do the following: 1. Create a volume from the ISO image, as described in "Creating volumes from images" (p. 32). 2. Attach the resulting volume to the desired VM, as described in "Attaching and detaching volumes" (p. 40). The mounted disk will appear inside the Linux VM. 4.3.
l To create a VM customizable with user data You can create a template from an existing boot volume and deploy multiple VMs from this template. Make sure to install cloud-init in the boot volume before creating the image (refer to the sections below). Do the following: 1. Power off the VM that the original volume is attached to. 2. Switch to the Volumes screen, click volume’s ellipsis button and select Create image. 3. In the Create image window, enter an image name, and then click Create.
a. Run Windows PowerShell with administrator privileges and set the execution policy to unrestricted to be able to run scripts: > Set-ExecutionPolicy Unrestricted b. Download OpenSSH Server (for example, from the GitHub repository), extract the archive into the C:\Program Files directory, and then install it by running: > & 'C:\Program Files\OpenSSH-Win64\install-sshd.ps1' c. Start the sshd service and set its startup type to “Automatic”: > net start sshd > Set-Service sshd -StartupType Automatic d.
> icacls .\.ssh\authorized_keys /inheritance:r 4. Download Cloudbase-Init (for example, from the official site), launch the installation, and then follow the on-screen instructions: a. In the Configuration options window, enter the current username in the Username field: Important The user account password will be reset on the next VM startup. You will be able to log in with this account by using the key authentication method or you can set a new password with a customization script. b.
c. Run Windows PowerShell with administrator privileges and open the file C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf: > notepad 'C:\Program Files\Cloudbase Solutions\CloudbaseInit\conf\cloudbase-init.conf' Add metadata_services and plugins on two lines: metadata_services=\ cloudbaseinit.metadata.services.configdrive.ConfigDriveService,\ cloudbaseinit.metadata.services.httpservice.HttpService\ plugins=cloudbaseinit.plugins.common.mtu.MTUPlugin,\ cloudbaseinit.plugins.
Note Make sure to remove all backslashes in the lines above. Save the changes. 5. Stop the VM. 6. After the VM is shut down, convert its boot volume to a template (refer to "Creating images from volumes" (p. 41)). 4.4 Managing volumes A volume in Acronis Cyber Infrastructure is a virtual disk drive that can be attached to a virtual machine. The integrity of data in volumes is protected by the redundancy mode specified in the storage policy.
2. In the Create volume window, specify a volume name and size in gigabytes, select a storage policy, and then click Create. To edit a volume, select it and click the pencil icon next to a parameter you need to change. Note the following restrictions: l You cannot shrink volumes. l To extend volumes that are in use, stop the VM first. l You cannot change the volume redundancy type. To remove a volume, click its ellipsis button then click Delete.
3. In the Clone volume window, specify a volume name, size, and storage policy. Click Clone. 4.4.3 Attaching and detaching volumes You can add a writable virtual disk drive to a VM by attaching a volume to the VM. To do this: 1. On the Volumes screen, click the ellipsis button next to an unused volume, and then click Attach in the context menu.
2. In the Attach volume window, select the VM from the drop-down list, and then click Done. To detach a volume, do the following: 1. Click the ellipsis button next to the volume that is in use. 2. If the VM is not running, click Detach. 3. If the VM is running, you can only click Force detach to immediately detach the volume. Warning! There is a risk of data loss. 4.4.
3. In the Create image window, enter an image name, and then click Create. The new image will appear on the Images screen. 4.4.5 Managing volume snapshots You can save the current state of a VM file system or user data by creating a snapshot of a volume. A snapshot of a boot volume may be useful, for example, before updating VM software. If anything goes wrong, you will be able to revert the VM to a working state at any time.
Note To create a consistent snapshot of a running VM’s volume, make sure the guest tools are installed in the VM. The QEMU guest agent included in the guest tools image automatically quiesces the filesystem during snapshotting. For instructions on installing the guest tools, refer to "Installing guest tools" (p. 20). Once the snapshot is created, you can see and manage it on the Snapshots tab on the volume right pane. You can do the following: l Create a new volume from the snapshot.
To perform these actions, click the ellipsis button next to a snapshot, and then click the corresponding action. 4.5 Managing virtual networks To add a new virtual network, do the following: 1. On the Networks screen, click Create virtual network. 2. On the Network configuration step, do the following: a.
The virtual DHCP service will work only within the current network and will not be exposed to other networks. c. Specify one or more allocation pools (ranges of IP addresses that will be automatically assigned to VMs). d. Specify DNS servers that will be used by virtual machines. These servers can be delivered to VMs via the built-in DHCP server or by using the cloud-init network configuration (if cloud-init is installed in the VM). e. Click Next. 4.
To view and edit parameters of a virtual network, click it on the Networks screen. On the network right pane, you can edit the network name and IP management settings. To do this, click the pencil icon next to the required section, and then make changes. To delete a compute network, click the ellipsis icon next to it, and then click Delete. To remove multiple compute networks at once, select them, and then click Delete. Before deleting a compute network, make sure no VMs are connected to it. 4.
c. In the Add internal interfaces section, select one or more virtual networks to connect to a router via internal interfaces. The new internal interfaces will attempt to use the gateway IP address of the selected virtual networks by default. d. (Optional) Select or deselect the SNAT check box to enable or disable SNAT on the external gateway of the router. With SNAT enabled, the router replaces VM private IP addresses with the public IP address of its external gateway. 4. Click Create. 4.6.
1. If you already have an external gateway, remove the existing one first. 2. On the Routers screen, click the router name to open the list of its interfaces. 3. Click Add on the toolbar, or click Add interface if there are no interfaces to show. 4. In the Add interface window, do the following: a. Select External gateway. b. From the Network drop-down menu, select a physical network to connect to the router. The new interface will pick an unused IP address from the selected physical network.
To edit the external gateway parameters, click the ellipsis icon next to it, and then Edit. In the Edit interface window, you can change the external gateway IP address and enable or disable SNAT on it. To save your changes, click Save. To add an internal router interface, do the following: 1. On the Routers screen, click the router name to open the list of its interfaces. 2. Click Add. 3. In the Add interface window, select a network to connect to the router from the Network dropdown menu.
and want only one virtual network to be accessible from the other. Consider the following example: l The virtual machine VM1 is connected to the virtual network private1 (192.168.128.0/24) via the network interface with IP address 192.168.128.10. l The virtual machine VM2 is connected to the virtual network private2 (192.168.30.0/24) via the network interface with IP address 192.168.30.10.
3. Click Add. To edit a static route, click the ellipsis icon next to it, and then click Edit. In the Edit static route window, change the desired parameters, and then click Save. To remove a static route, click the ellipsis icon next to it, and then click Delete. To remove multiple routes at once, select them, and then click Delete. 4.
1. On the Floating IPs screen, click Add floating IP. 2. In the Add floating IP address, select a physical network, from which a floating IP will be picked, and a VM network interface with a fixed private IP address. 3. Click Add. A floating IP address can be re-assigned to another virtual machine. Do the following: 1. Click the ellipsis icon next to the floating IP address, and then click Unassign. 2.
You can create a load balancer with balancing pools as follows: 1. On the Load balancers screen, click Create load balancer. 2. In the Create load balancer window, do the following: a. Specify a name and optionally description. b. Enable or disable high availability: l With high availability enabled, two load balancer instances will be created. They will work in the Active/Standby mode according to the Virtual Router Redundancy Protocol (VRRP).
l With the HTTPS -> HTTPS rule, all virtual machines need to have the same SSL certificate (or a certificate chain). l With the HTTPS -> HTTP rule, you need to upload an SSL certificate (or a certificate chain) in the PEM format and a private key in the PEM format. Important The forwarding rule cannot be changed after the load balancer is created. b. In the Balancing settings section, select the balancing algorithm: l Least connections.
d. In the Health monitor section, select the protocol that will be used for monitoring members availability: l HTTP/HTTPS. The HTTP/HTTPS method GET will be used to check for the response status code 200. Additionally, specify the URL path to the health monitor. l TCP. The health monitor will check the TCP connection on the backend port. l PING. The health monitor will check members’ IP addresses. Important The protocol cannot be changed after the load balancer is created.
e. Click Create. 6. Add more balancing pools, as described above, if required. 7. Click Create. Once the load balancer is created, you can monitor its performance and health on the Overview tab of its right pane.
Members state The total number of members in the balancing pools grouped by status: “Healthy,” “Unhealthy,” “Error,” and “Disabled”. CPU/RAM CPU and RAM usage by the load balancer. Network Incoming and outgoing network traffic. Active connections The number of active connections. Error requests The number of error requests. You can see the load balancer parameters on its Properties tab. To edit the name or description of a load balancer, click the ellipsis icon next to it, and then click Edit.
To remove a balancing pool, click the ellipsis icon next to it, and then click Delete. To remove multiple balancing pools at once, select them, and then click Delete. 4.9 Managing SSH keys Use of SSH keys allows you to secure SSH access to virtual machines. You can generate a key pair on a client from which you will connect to VMs via SSH. The private key will be stored on the client and you will be able to copy it to other nodes.
public key located in /root/.ssh/id_rsa.pub. Optionally, you can add a key description. Note If a key has been injected into one or more VMs, it will remain inside those VMs even if you delete it from the panel.
