Creating Oracle Cloud Infrastructure Compute Classic Oracle Linux Instances Using an Orchestration


Options



Before You Begin

Purpose

This tutorial shows you how you can use an orchestration to create multiple Compute Classic instances using Oracle-provided Oracle Linux images. You'll also use this orchestration to associate the required networking and storage resources with your instances.

An orchestration is a collection of attributes of various Compute Classic objects (instances, storage volumes, security lists, and so on) defined in a JSON-formatted file. After you create an orchestration and upload it to Compute Classic, you can use it to create, delete, and re-create all the resources defined in the orchestration at any time with a single step. When you create an instance from the Compute Classic web console by using the Create Instance wizard, the required orchestrations are created automatically for you. However, by creating your own orchestrations, you can create multiple instances and associated resources and manage all the objects through a single orchestration.

In this tutorial, you'll provision two instances using an Oracle-provided Oracle Linux image and boot your instances from persistent storage volumes. You'll add each instance to an IP network as well as to the shared network. After you’ve created your instances, you’ll also set up a security rule on the shared network, to enable HTTP access to your instances on port 80.

Note: When you add instances to IP networks, you must configure your network by creating IP network exchanges, security rules, and access control lists to ensure access to instances that have interfaces on the IP networks. However, configuring IP networks is beyond the scope of this tutorial. This tutorial only explains how to add instances to IP networks and vNICs to vNICsets while creating instances.

Time to Complete

One hour

What Do You Need?

  • To perform the steps in this tutorial, you must have a subscription to Compute Classic. You must be a user with the Compute_Operations roles. See How to Begin with Compute Classic Subscriptions in Using Oracle Cloud Infrastructure Compute Classic.

  • One of the following tools for generating SSH key pairs:

    • On Windows: PuTTY (http://www.putty.org)

    • On UNIX or UNIX-like machines: The ssh-keygen utility. Many UNIX and UNIX-like installations already include ssh-keygen. To see if you have it, run the ssh-keygen command. If it isn't available, then obtain OpenSSH from http://www.openssh.com/portable.html.

Process Overview

To create a Compute Classic instance and set up HTTP access to the instance, you must:

  1. Generate one or more SSH key pairs on your local system.
  2. Upload the SSH public keys to Compute Classic.
  3. Reserve public IP addresses to use in the shared network.
  4. Create a security list to group your instances.
  5. Create a security rule to enable SSH access to the security list containing your instances.
  6. (Optional) Reserve public IP addresses to use in IP networks.
  7. (Optional) Create IP networks.
  8. (Optional) Create vNICsets.
  9. Create storage volumes to boot your instances from and, optionally, to store your data and applications.
  10. Build an orchestration file that defines your instances, add each instance to an IP network, associate a public IP addresses with each instance, configure the instances for SSH access, and attach the storage volumes you created (if any).
  11. Upload your orchestration to Compute Classic and start it.
  12. (Optional) Configure your instances for HTTP access.
  13. Log in to your instances using ssh.
  14. If you attached storage volumes to your instance, mount those storage volumes on your instance.

In this tutorial, you'll create the required IP reservations, security lists, security rules, IP networks, and storage volumes using the Compute Classic web console. However, you can also create these objects using orchestrations. You can use the sample orchestrations in the attached zip file as a starting point to create objects using orchestrations. Edit these sample orchestrations to replace the example object names with the appropriate values. After you've created your orchestrations, upload them to Compute Classic and start them to create the required objects.

Generating an SSH Key Pair

When you create your Compute Classic instance, you must provide an SSH public key that will be used for authentication when you log in to the instance. Generate your SSH key pair and upload the SSH public key to Compute Classic before you start to create your instance.

Generating an SSH Key Pair on UNIX or UNIX-Like Systems Using ssh-keygen

  1. Run the ssh-keygen command.

    ssh-keygen -b 2048 -t rsa
  2. The command prompts you to enter the path to the file in which you want to save the key. A default path and file name are suggested in parentheses. For example: /home/user_name/.ssh/id_rsa.

    To accept the default path and file name, press Enter.

    Otherwise, enter the required path and file name, and then press Enter.

  3. The command prompts you for a passphrase. Enter a passphrase.

    Note that the passphrase isn't displayed when you type it in. Remember the passphrase. If you forget the passphrase, you can't recover it.

  4. When prompted, enter the passphrase again to confirm it.

  5. The command generates an SSH key pair consisting of a public key and a private key, and saves them in the specified path. The file name of the public key is created automatically by appending .pub to the name of the private key file. For example, if the file name of the SSH private key is id_rsa, then the file name of the public key would be id_rsa.pub.

  6. Make a note of the path where you've saved the SSH key pair. When you create instances, you must provide the SSH public key. When you log in to an instance, you must specify the corresponding private key and enter the passphrase when prompted.

Generating an SSH Key Pair On Windows Using the PuTTY Key Generator

  1. Find puttygen.exe in the PuTTY folder on your computer, and double-click it.

  2. Accept the default key type, SSH-2 RSA, and set the Number of bits in a generated key to 2048, if it is not already set. Then click Generate.

    Generate SSH key pair on Windows

  3. Move your mouse around the blank area to generate randomness. The SSH key pair is generated.

    Generate SSH key pair on Windows

  4. Save your private key.

    1. The key comment is the name of the key. You can keep the generated key comment or create your own.

    2. Enter a passphrase in the Key passphrase and the Confirm passphrase fields.

      Note: Remember the passphrase. You can't recover a passphrase if you forget it.

    3. To save the private key in the PuTTY PPK format, click Save private key.

      Enter the same name as you used for the key comment, so that you know which public key to use this private key with. The private key is saved in PuTTY's Private Key (PPK) format, which is a proprietary format that works only with the PuTTY toolset. You can use this key whenever you use PuTTY for SSH.

    Generate SSH key pair on Windows

  5. Next, save your SSH public key.

    1. In the PuTTY Key Generator, select all of the characters in the Public key for pasting into OpenSSH authorized_keys file: field.

      Note: Make sure you select all the characters, not just the ones you can see in the narrow window. If there is a scroll bar next to the characters, you aren't seeing all the characters.

    2. Right click somewhere in the selected text and select Copy from the menu.

      Generate SSH key pair on Windows

    3. Open a text editor and paste the characters. Ensure that you paste the text at the first character in the text editor, and don't insert any line breaks.

    4. Save the key using the same root name that you used for the private key. Add a .pub extension. You can give it any extension you want, but .pub is a useful convention to indicate that this is a public key.

    5. Exit PuTTY Key Generator.

  6. Make a note of the public and private key names and where they are saved. When you create instances, you must specify the SSH public key. When you log in to an instance, you must provide the path to the corresponding SSH private key and enter the passphrase when prompted.

Uploading the SSH Public Key

  1. Sign in to the Oracle Cloud My Services application at https://cloud.oracle.com/sign_in. The My Services Dashboard page is displayed.

  2. Click the Quick Navigation icon menu at the upper left corner of the page and select Compute.

    The Compute Classic web console is displayed.

  3. Click the Network tab.
  4. Click SSH Public Keys in the left pane.

    The SSH Public Keys page is displayed.

  5. Click Add SSH Public Key.

  6. In the Add SSH Public Key dialog box, do the following:

    1. Enter a name for the key.

      Note the name that you assign. You'll specify this name later in the orchestration.

    2. Paste the value of the SSH public key that you generated earlier, or click Select File and select the SSH public key file.

      Note: If you paste the SSH public key value, make sure that you paste it exactly as it was generated. Don't append or insert any extra characters, line breaks, or spaces.

      Upload SSH public key

    3. click Add.

    The SSH public key is added to Compute Classic.

Reserving Public IP Addresses to Use in the Shared Network

Next, reserve a public IP address to use in the shared network. Later in this tutorial, you'll associate a public IP address with each instance on the shared network.

  1. On the Compute Classic web console, click the Network tab.

  2. Click the Shared Network tab in the left pane.
  3. Click the IP Reservations tab in the left pane, and then click Create IP Reservation.

  4. In the Create Public IP Reservation dialog box, enter a name for the IP address reservation, and then click Create.

    Note this name. You'll specify it later in the orchestration.

    Note: Do not select an instance from the For Instance list. You'll use this IP address for the instance that you are about to create.

    Create an IP address reservation

Note: Make a note of this public IP address. You'll use it to access your instance using SSH later.

Repeat these steps to create an IP reservation to use with the second instance on the shared network.

Creating a Security List for SSH Access

To permit SSH access to your instances, add them to a security list and then create a security rule.

To create a security list:

  1. On the Compute Classic console, click the Network tab.

  2. Click the Security Lists tab in the left pane, and then click Create Security List.

  3. In the Create Security List dialog box, select or enter the following information, and then click Create.

    1. Name: Enter an appropriate name. For the purpose of this tutorial, enter For-ssh-access.

      Note this name. You'll specify it later when you create the orchestration.

    2. Inbound Policy: Retain the default policy, Deny (Drop packets, no reply).

    3. Outbound Policy: Retain the default policy, Permit (Allow packets).

    4. Description: Enter a description.

    5. Create a security list

Creating a Security Rule for SSH Access

Create a security rule to permit SSH traffic to the instances in the security list that you created earlier.

To create a security rule:

  1. On the Compute Classic console, click the Network tab, and then click the Security Rules tab in the left pane.

  2. Click Create Security Rule.

  3. In the Create Security Rule dialog box, select or enter the following information, and then click Create.

    1. Name: Enter an appropriate name. For the purpose of this tutorial, enter Allow-ssh-access.

    2. Status: Retain the default, Enabled.

    3. Security Application: Select ssh.

    4. Source: From the Security IP Lists list, select public-internet.

    5. Destination: From the Destination list, select the security list that you created earlier, For-ssh-access.

    6. Description: Enter a description.

    Create a security rule

(Optional) Reserving Public IP Addresses to Use in IP Networks

Next, reserve a public IP address to use in your IP networks. Later in this tutorial, you'll associate a public IP address with each instance that has an interface on an IP network.

  1. On the Compute Classic web console, click the Network tab.

  2. Click the IP Network tab in the left pane.
  3. Click the IP Reservations tab in the left pane, and then click Create IP Reservation.

  4. In the Create Public IP Reservation dialog box, select or enter the following information, and then click Create.

    1. Name: Enter a name for the IP reservation. For the purpose of this tutorial, enter ip-res-2.

      Note this name. You'll specify it later in the orchestration.

    2. IP Pool: Select the required IP pool. If you select public-ippool, then your instance can communicate with external hosts over the public Internet. If you select cloud-ippool , then your instance can communicate with other Oracle Cloud services, such as the REST endpoint of an Oracle Cloud Infrastructure Object Storage Classic account in the same region, without sending traffic over the public Internet.
    3. For Instance: Select the instance that you want to associate this IP reservation with. An IP address is associated with a virtual Network Interface Card (vNIC) on an instance. After you select the instance, you must also select the vNIC on that instance, that you want to associate this IP reservation with. Don't select an instance now. You'll associate this IP reservation with an instance later, when you create the instance.
    4. vNIC: Select the vNIC that you want to associate this IP reservation with. If you haven’t selected an instance, this list shows all available vNICs. If you’ve selected an instance, this field shows available vNICs on the specified instance. Don't select a vNIC now. You'll associate this IP reservation with a vNIC later, when you create the instance.
    5. Description: Enter a description.

    Create an IP address reservation for IP networks

Repeat these steps to create an IP reservation, ip-res-3, for the second instance.

(Optional) Creating IP Networks

An IP network allows you to define an IP subnet in your account. The address range of an IP network is determined by the IP address prefix that you specify while creating the IP network. These IP addresses aren’t part of the common pool of Oracle-provided IP addresses used by the shared network. When you add an instance to an IP network, the instance is assigned an internal IP address in that subnet. So you have complete control over the IP addresses assigned to your instances.

An instance can be added to an IP network only while creating the instance. After adding an instance to one or more IP networks, you can configure network settings in your IP networks to route traffic across instances and between instances and the public Internet.

An instance can be added to up to eight networks. If the instance has one interface on the shared network, it can have a maximum of seven interfaces on IP networks. You can associate a public IP address with each interface, either while creating the instance, or later, when the instance is running.

To create an IP network:

  1. On the Compute Classic web console, click the Network tab.

  2. Click the IP Network tab in the left pane.
  3. Click the IP Networks tab in the left pane, and then click Create IP Network.

  4. In the Create IP Network dialog box, select or enter the following information, and then click Create.

    1. Name: Enter a name for the IP network. For this tutorial, enter IPnet1.

      Note this name. You'll specify it later in the orchestration.

    2. IP address prefix: Enter the IP address prefix for this IP network, in CIDR format. When you create instances, you can associate a vNIC on the instance with an IP network. That vNIC on the instance is then allocated an IP address from the specified IP network.

      Select the IP address prefix for your IP networks carefully. Consider the number of instances that you might want to add to the network. This will help determine the size of the subnet required.

      If you create multiple IP networks and you might want to add these IP networks to the same IP network exchange, then ensure that you don’t allocate overlapping address ranges to these IP networks.

      Similarly, if you plan to connect to your IP networks using VPN, then ensure that the addresses you specify for your IP networks don’t overlap with each other, or with the IP addresses used in your on-premises network.

      For the purpose of this tutorial, enter the IP address prefix 192.168.2.0/24.

    3. IP exchange: Specify the IP network exchange that you want to add this IP network to. An IP network can belong to only one IP network exchange. Before you specify an IP network exchange for an IP network, ensure that the IP addresses in this IP network don’t overlap the IP addresses in any other network in the same IP network exchange. If you don’t specify an IP network exchange while creating an IP network, you can do so later, by updating an IP network.

      In this tutorial, we won't use an IP network exchange. Leave this field blank.

    4. Description: Enter a meaningful description for your IP network, if required.

    Create an IP network

Repeat these steps to create a second IP network, IPnet2.

(Optional) Creating vNICsets

A Virtual NIC Set (vNICset) is a collection of one or more virtual Network Interface Cards (vNICs). vNICsets are useful when you want to use multiple vNICs for the same action. For example, consider a scenario where you have a number of instances on various IP networks and you want to enable access to interfaces on each of those instances using specific protocols and ports, or from a specific source. To do this, create a vNICset and an Access Control List (ACL) and apply the ACL to the vNICset. Access to all the vNICs that you add to that vNICset is then controlled by the security rules in the applied ACL.

To create a vNICset:

  1. On the Compute Classic web console, click the Network tab.

  2. Click the IP Network tab in the left pane.
  3. Click the Virtual NIC Sets tab in the left pane, and then click Create vNICset.

  4. In the Create vNICset dialog box, select or enter the following information, and then click Create.

    1. Name: Enter an appropriate name. For the purpose of this tutorial, enter vnicset1.

      Note this name. You'll specify it later in the orchestration.

    2. vNICs: You can select the required vNICS from the list of existing vNICs. For now, leave this field blank. You'll add vNICs to this vNICset while creating instances.
    3. Applied Access Control Lists: You can specify the ACLs that you want to apply to this vNICset. For the purpose of this tutorial, leave this field blank. This tutorial doesn't explain how to create security rules and apply ACLs in IP networks.
    4. Description: Enter a meaningful description for your vNICset, if required.
    5. Tags: Enter text to tag this vNICset.

    Create a vnicset

Repeat these steps to create a second vNICset, vnicset2.

Creating Bootable Storage Volumes

When you create a Compute Classic instance, by default, it is set up to boot from a nonpersistent disk. To use a persistent boot disk, create a bootable storage volume. If you use a bootable storage volume as the boot disk for an instance, then any changes that you make to the boot disk aren't lost even when you delete the instance.

A storage volume can be attached to only one instance at a time. Create a separate bootable storage volume for each instance. For the purpose of this tutorial, you'll create two bootable storage volumes.

To create a bootable storage volume:

  1. On the Compute Classic web console, click the Storage tab, and then click Create Storage Volume.

  2. In the Create Storage Volume dialog box, select or enter the following and then click Create.

    1. Name: Enter an appropriate name. For the purpose of this tutorial, enter bootable-vol-1.

      Note this name. You'll specify it later in the orchestration.

    2. Boot Image: Select the image that you want to use to create the bootable storage volume.

    3. Size: Enter an appropriate size, in GB. For the purpose of this tutorial, enter 21.

      Note: The size of the storage volume must be at least 5% larger than the selected image size.

    4. Storage Property: Select storage/default.

    5. Description: Enter an appropriate description. For the purpose of this tutorial, enter Bootable Storage Volume, 20 GB.

    Create bootable storage volume

  3. Your storage volume is created.

  4. Repeat these steps to create a bootable storage volume, bootable-vol-2 for the second instance.

(Optional) Creating Storage Volumes for Applications and Data

If you want to create separate storage volumes for your applications and data, then repeat the steps in Creating Bootable Storage Volumes for each volume that you want to create, but don't select a boot image. Storage volumes that are to be used for data and applications (that is, not boot disks) must be mounted on the instance after the instance is created. See Mounting a Storage Volume on Your Instance.

Building Your Orchestration

Build your orchestration in a JavaScript Object Notation (JSON) formatted file.

The following sections step through the process of constructing your orchestration JSON file. You can use the attached sample orchestration as a template, and edit it to replace the example object names with the appropriate values.

In this tutorial, both instances defined in this orchestration use a bootable storage volume and are configured for SSH access.

Defining the Top-Level Attributes

Start your orchestration file with a name and description of your orchestration.

{
  "description": "Create instances with ssh access",
  "name": "/Compute-your_identity_domain/your_user_name/orchestration",

Specifying the Object Type

You can use an orchestration to create different types of objects: instances, storage volumes, security lists, security rules, and so on.

To create an instance, in the oplans section of the orchestration, specify the object type as launchplan and give the launch plan a label.

Tip: To ensure that the instance is re-created automatically if it crashes for any reason, specify the HA policy as active.

  "oplans": [
    {
      "label": "launchplan-for-vm1",
      "obj_type": "launchplan",
      "ha_policy": "active",

Specifying the Shape and Image for Your Instance

Within the oplans section of the orchestration, use the objects attribute to specify the characteristics of your instance.

  • Specify the shape that you want your instance to use. The shape determines the amount of CPU and memory resources that will be allocated to the instance.

    See About Shapes in Using Oracle Cloud Infrastructure Compute Classic.

  • Also give the instance a label.

      "objects": [
        {
          "instances": [
            {
              "shape": "oc3",
              "label": "vm-1",

Note: In this tutorial, you set up your instances to boot from a persistent boot disk. So the instances are created with the image used to create the bootable storage volume that you specify later in the orchestration.

To set up an instance to boot from a nonpersistent disk, you must specify the image in the imagelist attribute, as shown in the following example:

      "objects": [
        {
          "instances": [
            {
              "imagelist": "/oracle/public/oel_6.6_20GB_x11_RD",
              "shape": "oc3",
              "label": "vm-1",

If your orchestration specifies both a bootable storage volume and the imagelist attribute, then the bootable storage volume will be used and the imagelist attribute is ignored.

Configuring the Instance Interface on the Shared Network

Next, in the networking section of the orchestration, to enable SSH access to your instance, add your instance to the security list that you created earlier, and associate an IP reservation with the instance.
              "networking": {
                "eth0": {
                  "seclists": [
                    "/Compute-your_identity_domain/your_user_name/For-ssh-access"
                   ],
                  "nat": "ipreservation:/Compute-your_identity_domain/your_user_name/ip-res-1"
                  }
               },

(Optional) Configuring the Instance Interface on an IP Network

If you want to add your instance to IP networks, configure another network interface to specify the IP network you want to add the instance to. You can add an instance to one or more IP networks only while creating the instance. To add your instance to an IP network, for the interface eth1, specify the IP network IPnet1 and the vNICset vnicset1. Associate an IP reservation with this interface. You can also specify a static IP address 192.168.4.2 for this vNIC. If you don't specify an IP address, when the instance is created an IP address will be allocated dynamically from the available IP addresses in the specified IP network.


           "networking": {
                "eth1": {
                  "ipnetwork" : "/Compute-your_identity_domain/your_user_name/IPnet1",
                  "ip": "192.168.4.2",
                  "vnic": "/Compute-your_identity_domain/your_user_name/instance_name/eth1",
                  "vnicsets": "/Compute-your_identity_domain/your_user_name/vnicset1",
                  "nat": ["network/v1/ipreservation:/Compute-your_identity_domain/your_user_name/ip-res-2"] 
                  }
               },
               

Adding SSH Public Keys to the Instance

Specify the SSH public key that must be associated with the instance.

              "sshkeys": [
                "/Compute-your_identity_domain/your_user_name/rsa-key-1"
               ],

If you want to add multiple SSH public keys, specify them as shown in the following example.

              "sshkeys": [
                "/Compute-your_identity_domain/your_user_name/rsa-key-1",
                "/Compute-your_identity_domain/your_user_name/rsa-key-2"
               ],

Note: The keys that you specify here are stored as metadata on the instance. This metadata can be accessed from within the instance at http://192.0.0.192/latest/meta-data/public-keys.

  • Oracle-provided machine images include a script that runs automatically when the instance starts, retrieves the metadata from http://192.0.0.192/latest/meta-data/public-keys, and adds the keys to the authorized_keys file of the opc user.
  • In machine images that you build, you can write and include a script that runs automatically when the instance starts, retrieves the SSH public keys from http://192.0.0.192/latest/meta-data/public-keys, and adds the keys to the authorized_keys file of the appropriate users.

Attaching Storage Volumes to the Instance

To set up your instance to boot from a persistent disk, you must attach a bootable storage volume, specify an index number (in the range 1 to 10) for the boot disk, and set the boot_order attribute to the appropriate index.

              "storage_attachments": [
                {
                  "index": 1,
                  "volume": "/Compute-your_identity_domain/your_user_name/bootable-vol-1"
                }
               ],
              "boot_order": [1],

You can also attach storage volumes to store your applications and data, as shown in the following example. Remember to assign a unique index number (in the range 1 to 10) to each attachment.

              "storage_attachments": [
                {
                  "index": 1,
                  "volume": "/Compute-your_identity_domain/your_user_name/bootable-vol-1"
                },
                {
                  "index": 2,
                  "volume": "/Compute-your_identity_domain/your_user_name/data-vol-1"
                },
                {
                  "index": 3,
                  "volume": "/Compute-your_identity_domain/your_user_name/data-vol-2"
                }
               ],
              "boot_order": [1],

Note: If you don't want the instance to boot from a persistent disk, then don't specify the boot_order attribute, but do specify an image for the instance in the imagelist attribute. See Specifying the Shape and Image for Your Instance

Defining the Second Instance

To define the second instance, repeat the steps from Specifying the Object Type to Attaching Storage Volumes to the Instance, with the appropriate objects required for the second instance.

Reviewing and Validating Your Orchestration File

At this point in the tutorial, you should have an orchestration JSON file that defines all the required attributes for two Compute Classic instances.

  1. Review the structure of the orchestration JSON file and make sure that all the attributes are defined in the correct hierarchy.

    The structure of your orchestration JSON file must be similar to the structure of this orchestration sample.

  2. Validate the JSON syntax.

    You can do this by using a third-party tool, such as JSONLint, or any other validation tool of your choice. If your JSON format isn’t valid, then an error message will be displayed when you upload the orchestration.

    Note: Oracle doesn’t support or endorse any third-party JSON-validation tool.

Uploading and Starting Your Orchestration

  1. On the Compute Classic console, click the Orchestrations tab, and then click Upload Orchestration.

  2. In the Upload Orchestration dialog box, browse to select the orchestration file that you just created and then click Upload.

    Note: If you get an error while uploading your orchestration, check that you've created all the objects referenced in your orchestration. You can also use a third-party tool such as JSONLint to validate your orchestration.

  3. After your orchestration is uploaded, it is listed on the Orchestration page, with the status Stopped.

  4. From the Menu icon menu, select Start.

  5. Refresh the page to update the status.

    When you start an orchestration, its status changes to Starting.

    When all the instances defined in the orchestration are created, the status of the orchestration changes to Ready.

  6. To see your instances on the Compute Classic console, click the Instances tab. If your instances are not listed, then refresh the page.

(Optional) Configuring the Instance for HTTP Access

Your instances are now configured to allow public access only over SSH.

To enable access to the instances over other protocols, such as HTTP or HTTPS, you must open the required ports. In this tutorial, you'll create a security rule to enable HTTP access to your instances over port 80.

Creating a Security List

A security list is a set of instances that can communicate with each other across all protocols and ports. When you create a security rule, you specify a security list as a destination. This allows traffic from a specified source (such as the public Internet) to access all the instances that are part of the destination security list over a specified protocol and port.

To create a security list:

  1. On the Compute Classic web console, click the Network tab.

  2. Click the Security Lists tab in the left pane, and then click Create Security List.
  3. In the Create Security List dialog box, select or enter the following information, and then click Create.

    1. Name: Enter an appropriate name. For the purpose of this tutorial, enter For-http-access.

    2. Inbound Policy: Retain the default policy, Deny (Drop packets, no reply).

    3. Outbound Policy: Retain the default policy, Permit (Allow packets).

    4. Description: Enter a description.

    Create a security list

Adding Your Instances to the Security List for HTTP Access

If you've created multiple instances, then you might not want to enable HTTP access for all of those instances. Remember to add only those instances to the For-http-access security list, for which HTTP access should be enabled. Remember also, that instances in the same security list can communicate with each other across all protocols and ports. If you need to isolate instances, then create separate security lists.

  1. On the Compute Classic console, click the Instances tab.

  2. Identify the instance that you want to enable HTTP access for, and from the Menu icon menu, select View.

  3. On the instance details page, click Add to Security List. Select the For-http-access security list that you created earlier, and click Attach.

Repeat these steps to add other instances to the For-http-access security list.

Creating a Security Rule for HTTP Access

When you create a security list, the instances in the security list are isolated from hosts outside the security list. You can use security rules to override the default access settings of security lists. Each security rule defines a source, a destination, and a protocol-port combination over which communication is allowed.

In this tutorial, you'll set up a security rule to permit HTTP requests from hosts on the public Internet to port 80 of the instances in the For-http-access security list.

To create a security rule:

  1. On the Compute Classic web console, click the Network tab, and then click the Security Rules tab in the left pane.

  2. Click Create Security Rule.

  3. In the Create Security Rule dialog box, select or enter the following information, and then click Create.

    1. Name: Enter an appropriate name. For the purpose of this tutorial, enter Allow-http-access.

    2. Status: Retain the default, Enabled.

    3. Security Application: Select http.

      Note: Many of the commonly-used protocol and port combinations are provided as predefined security applications in Compute Classic. However, if you wish to specify a particular protocol-port mapping that is not predefined, you can create the required security application on the Security Applications page.

    4. Source: From the Security IP Lists list, select public-internet.

    5. Destination: From the Destination list, select the security list that you created earlier, For-http-access.

    6. Description: Enter a description.

    Create a security rule

Repeat these steps if you want to create security rules to enable access to instances using other protocols and ports, or if you want to specify a different source or destination.

Logging In to Your Instance Using SSH

Logging In from a UNIX or UNIX-Like Host

  1. Enter the following command:

    ssh -i /path/to/private_key opc@public_ip_address_on_the_shared_network

    Note: If you don't know the public IP address of your instance, you'll find it on the Instances page of the Compute Classic console.

  2. When prompted, enter the passphrase you had provided for your SSH key pair.

Logging In from a Windows System

  1. Start PuTTY.

    The PuTTY Configuration window is displayed, showing the Session panel.

  2. In the Host Name (or IP address) field, enter the public IP address of your instance.

    Note: If you don't know the public IP address of your instance, you'll find it on the Instances page of the Compute Classic console.

  3. In the Connection type: field, select SSH if it is not already selected.

    Log in to your instance using PuTTY

  4. In the Category pane, expand Connection, and then click Data.

    The Data panel is displayed.

  5. In the Auto-login username field, enter opc.

    Confirm that the When username is not specified option is set to Prompt.

    Log in to your instance using PuTTY

  6. In the Category pane, expand SSH, and then click Auth.

    The Auth panel is displayed.

  7. In the Private key file for authentication field, click Browse and select the private key file that you saved earlier.

    Log in to your instance using PuTTY

  8. In the Category tree, click Session.

    The Session panel is displayed.

  9. In the Saved Sessions field, enter a name for this connection configuration, and then click Save.

  10. Click Open to open the connection.

    The PuTTY Configuration window is closed and the PuTTY window is displayed.

  11. Enter the passphrase you had provided for your SSH key pair.

  12. The first time you connect to your instance, the PuTTY Security Alert window is displayed, prompting you to confirm the public key. Click Yes to continue.

Mounting a Storage Volume on Your Instance

After creating an instance, any data volumes that were attached to the instance must be mounted on the instance. To mount a storage volume, after logging in to the instance using SSH, do the following:
  1. List the devices available on the instance:

    ls /dev/xvd*

    Device names start from /dev/xvdb and are determined by the index number that you assigned while attaching a storage volume. For example, if you attached a storage volume at index 1, the volume gets the device name, /dev/xvdb. The storage volume at index 2 would be /dev/xvdc, the storage volume at index 3 would be /dev/xvdd, and so on.

  2. Determine the device name corresponding to the disk index number that you want to mount.

    For example, if you want to mount the storage volume that you had attached at index 2, the device name would be /dev/xvdc.

  3. Use a tool such as mkfs to create a file system on the storage volume.

    For example, to create an ext3 file system on /dev/xvdc, enter the following command:

    sudo mkfs -t ext3 /dev/xvdc

    Note: If the Extended File System utilities are not available on your instance, you’ll see a message such as the following:

    mkfs.ext3: No such file or directory

    To install the Extended File System utilities, enter the following command:

    sudo yum install e4fsprogs
  4. Create a mount point directory on your instance.

    For example, to create the mount point /mnt/store, enter the following command:

    sudo mkdir /mnt/store
  5. Mount the storage volume on the mount point that you just created.

    For example, to mount the device /dev/xvdc at the /mnt/store directory, enter the following command:

    sudo mount /dev/xvdc /mnt/store

    If you prefer, you can specify the disk UUID instead of the device name in the mount command.

    To find out the UUID of the disks attached to your instance, use the blkid command.

  6. To make the mount persistent across instance restarts, edit the /etc/fstab file and add the mount as an entry in that file, as shown in the following example:

    /dev/xvdc               /mnt/store        ext3    defaults        0 0

Want to Learn More?

Credits

  • Lead Curriculum Developer: Anamika Mukherjee

  • Other Contributors: Judy Zhu, Vimal Patel, Kumar Dhanagopal