When creating storages based on IONOS Linux images, you can inject SSH keys into your VM. This lets you access your VM safely and allows for secure communication. SSH keys that you intend to use more often can be saved in the DCD's SSH Key Manager.
Default SSH keys: SSH keys that you intend to use often and mark them as such in the SSH Key Manager. Default SSH keys are preselected when you configure storage devices. You can specify which SSH keys are actually to be used before provisioning and deselecting the preselected standard keys in favor of another SSH key.
Ad-hoc SSH keys: SSH keys that you only use once and don't intend to save in the SSH Key Manager for later re-use.
SSH keys can be generated and used on macOS or Linux if both OpenSSH and the ssh-keygen command-line tools are installed. OpenSSH is a collection of tools for establishing SSH connections to remote servers, while ssh-keygen is a utility for generating SSH keys.
Manually generate SSH keys when working with OpenSSH via the Terminal application by following the steps below.
1. Enter the following command below into the Terminal window and press ENTER.
The key generation process is initiated by the command above. When you run this command, the ssh-keygen utility prompts you for a location to save the key.
2. Accept the default location by pressing the ENTER key, or enter the path to the file where you want to save the key /home/username/.ssh/id_rsa
.
If you have previously generated a key pair, you may see the following prompt below. If you choose to overwrite the key, you will no longer authenticate with the previous key that was generated.
3. Enter the passphrase that will be used to encrypt the private key file on the disk. You can also press ENTER to accept the default (no passphrase). However, we recommend that you use a passphrase.
4. Enter your passphrase once more.
After you confirm the passphrase, the public and private keys are generated and saved in the specified location. Thus, the confirmation will look like this:
The public key is saved to the file id_rsa.pub
which will be the key you upload to your DCD account. Your private key is saved to the id_rsa
file in the .ssh
directory and is used to verify that the public key you use belongs to the same DCD account.
You can copy the public key to your clipboard by running the following command:
In the SSH Key Manager of the DCD, you can save and manage up to 100 public SSH keys for the setup of SSH accesses. This saves you from having to repeatedly copy and paste the public part of an SSH key from an external source.
1. To open the SSH Key Manager, go to Menu > MANAGER resources > SSH Key Manager.
2. In the SSH Key Manager, select + Add Key.
3. Enter a Name and click Add.
4. Copy and paste the public key to the SSH key field. Alternatively, you may upload it via Select key file. Please ensure the SSH keys you enter are valid. The DCD does not validate syntax or format.
5. (Optional) Activate the Default checkbox to have the SSH key automatically pre-selected when SSH access is configured.
6. Click Save to store the key.
The SSH key is stored in the SSH Key Manager and can be used for the configuration of SSH accesses.
To delete an existing SSH key, select the SSH key from the list and click Delete Key.
The SSH key is removed from the SSH Key Manager.
You can connect to your virtual instance via OpenSSH. Still, you will need the terminal application, which varies depending on your operating system. For:
Linux: Search Terminal or press CTRL+ALT+T
macOS: Search Terminal
Windows: Search Bash. If you don’t have Bash installed, use PuTTY instead.
The steps below will show you how to connect to your VM.
1. Open the Terminal application and enter the SSH connection command below. After the @
, add the IP address of your VM instance. Then press ENTER.
When you log in for the first time, the server isn't recognized on your local machine, so you'll be asked if you're sure you want to keep connecting. You can type yes and then press ENTER.
2. Authentication is the next step in the connection process. If you've added the SSH keys, you'll be able to connect to the VM immediately or after entering your key pair's passphrase.
If you haven't already added SSH keys, you'll be asked for your password:
3. Once you’ve entered the password, press ENTER.
If the SSH key is configured correctly, this will log you into VM.
can be generated and used on macOS or Linux if both OpenSSH and the ssh-keygen command-line tools are installed. OpenSSH is a collection of tools for establishing to remote servers, while ssh-keygen is a utility for generating SSH keys.
An SSH key is composed of two files. The first is the private key, which should never be shared. The other is a public key that enables you to access your provisioned Cubes. When you generate the keys, you will use ssh-keygen to store them in a secure location so that you can connect to your instances without encountering the login prompt.
Manually generate SSH keys when working with OpenSSH via the Terminal application by following the steps below.
Enter the following command below into the Terminal window and press ENTER.
The key generation process is initiated by the command above. When you run this command, the ssh-keygen utility prompts you for a location to save the key.
Accept the default location by pressing the ENTER key, or enter the path to the file where you want to save the key /home/username/.ssh/id_rsa
.
If you have previously generated a key pair, you may see the following prompt below. If you choose to overwrite the key, you will no longer authenticate with the previous key that was generated.
Enter the passphrase that will be used to encrypt the private key file on the disk. You can also press ENTER to accept the default (no passphrase). However, we recommend that you use a passphrase.
Enter your passphrase once more.
After you confirm the passphrase, the public and private keys are generated and saved in the specified location. Thus, the confirmation will look like this:
You can copy the public key to your clipboard by running the following command:
Default keys
Ad-hoc SSH Keys.
Ad-hoc SSH keys, on the other hand, are SSH keys that you only use once and do not intend to save in the SSH Key Manager for future use.
The DCD's SSH Key Manager allows you to save and manage up to 100 public SSH keys for SSH access setup. This saves you from having to copy and paste the public part of an SSH key from an external source multiple times.
Log in to your DCD account after copying the SSH key to the clipboard (Link).
1. Open the SSH Key Manager: Menu > Management > SSH Keys
2. Select the + Add Key in the top left corner.
3. Paste the SSH key from the clipboard into the SSH Key field. If you have saved your SSH Key in a file, you can upload it by selecting the Choose file button in the Select Key file field.
Make sure the SSH keys you enter are valid. The DCD does not validate the syntax or format of the keys.
Optional: Select the Default checkbox to have the SSH key pre-selected when configuring SSH access.
4. Click Save to save the key. The SSH key has now been saved in the SSH Key Manager and is visible in the SSH Key Manager's table of keys.
You can connect to your Cubes instance via OpenSSH. Still, you will need the terminal application, which varies depending on your operating system. For:
Linux: Search Terminal or press CTRL+ALT+T
macOS: Search Terminal
Windows: Search Bash. If you don’t have Bash installed, use PuTTY instead.
The steps below will show you how to connect to your Cubes.
When you log in for the first time, the server isn't recognized on your local machine, so you'll be asked if you're sure you want to keep connecting. You can type yes and then press ENTER.
Authentication is the next step in the connection process. If you've added the SSH keys, you'll be able to connect to the Cubes immediately or after entering your key pair's passphrase.
If you haven't already added SSH keys, you'll be asked for your password:
Nothing is displayed in the terminal when you enter your password, making it easier to paste in the initial password. Pasting into text-based terminals is different from other desktop applications. It is also different from one window manager to another:
For Linux Gnome Terminal, use CTRL+SHIFT+V.
For macOS, use the SHIFT-CMD-V or a middle mouse button.
For Bash on Windows, right-click on the window bar, choose Edit, then Paste. You can also right-click to paste if you enable QuickEdit mode.
Once you’ve entered the password, press ENTER.
The public key is saved to the fileid_rsa.pub
which will be the key you upload to your account. Your private key is saved to the id_rsa
file in the .ssh
directory and is used to verify that the public key you use belongs to the same DCD account.
In addition to the SSH Keys stored in the , the IONOS Cloud Cubes SSH key concept includes:
Default keys are SSH keys that you intend to use frequently and have marked as such in the SSH Key Manager. When you configure storage devices, the are pre-selected. You can, however, specify which SSH keys are to be used before provisioning and deselect the preselected standard keys in favor of another SSH key.
Open the Terminal application and enter the SSH connection command below. After the @
, add the of your Cubes instance. Then press ENTER.
If the SSH key is configured correctly, this will log you into the .
The Remote Console is used to connect to a server when, for example, no SSH is available. You must have the root or administrator password for this type of log-in to the server.
Prerequisites: Make sure you have the appropriate permissions. Only contract owners, administrators, or users with access rights to the data center can connect to a server. Other user types have read-only access and can't provision changes.
Start the Remote Console from the server.
Open the data center containing the required server.
In the Workspace, select the server.
In the Inspector, choose Remote Console or select Remote Console from the context menu of the server.
Start the Remote Console from the Start Center (contract owners and administrators only).
Open the Start Center: Menu Bar > Data Center Designer > Open Start Center
Open the Details of the required data center. A list of servers in this data center is displayed.
Select the server and click Open Remote Console.
Remote Console version matching your browser opens; you can now log on to the server with root or administrator password.
Use the Send Key Combo button on the top right of the Remote Console window to send shortcut key combinations (such as CTRL+ALT+DEL).
Launch this Remote Console window again with one click by bookmarking its URL address in your browser.
For security reasons, once your session is over, always close the browser used to connect to VM with this bookmark.
Prerequisites: Prior to setting up a virtual machine, make sure you have the appropriate privileges. Only contract owners, administrators, or users with the Create Data Center privilege can set up a VDC. Other user types have read-only access and can't provision changes.
You can enable IPv6 on Cloud Cubes when you create them or after you create them.
You can set up IPv6 to improve the network connectivity for your virtualized environment. By setting up IPv6 for your Cloud Cubes, you can ensure that they are accessible to IPv6-enabled networks and clients.
Prerequisites: Prior to enabling IPv6, make sure you have the appropriate privileges. New VDC can be created by the contract owners, admins, or users with create VDC privilege. The number of bits in the fixed address is the prefix length. For Data Center IPv6 CIDR, the prefix length is /56.
To enable IPv6 for Cloud Cubes, connect the server to an IPv6-enabled LAN. Select the Network option on the right pane and fill in the following fields:
Name: It is recommended to enter a unique name for this Network Interface Controller (NIC).
MAC: This field is automatically populated.
LAN: Select an IPv6 enabled Local Area Network (LAN).
Firewall: Specify whether you want to enable or disable the firewall. For enabling the firewall, choose Ingress to create flow logs for incoming traffic, Egress for outgoing traffic, or Bidirectional to create flow logs for all traffic.
Flow Log: Select + to add a new flow log. Enter name, direction, action, target S3 bucket, and select + Flow Log to complete the configuration of the flow log. It becomes applied once you provision your changes.
IPv4 Configuration: This field is automatically populated. If Dynamic Host Configuration Protocol (DHCP) is enabled, the Internet Protocol version 4 (IPv4) address is dynamic, meaning it can change while the Dedicated Core Server is operational or in the case of a restart. Add additional public or private IP addresses in Add IP. It is an optional field.
IPv6 Configuration: You can populate a NIC IPv6 CIDR block with prefix length /80 or allow it to be automatically assigned from the VDCs allocated range, as seen in the screenshot below. In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down list in Add IP.
Note:
IPv6 CIDR assigned to LANs(/64) and NICs(/80 and /128) must be unique.
You can create a maximum of 256 IPv6-enabled LANs per VDC.
1. Drag the Cube element from the Palette into the Workspace.
2. Click the Cube element to highlight it. The Inspector will appear on the right.
3. In the Inspector, configure your Cube from the Settings tab.
Name: Your choice is recommended to be unique to this Virtual Data Center (VDC).
Template: choose the appropriate configuration template.
vCPUs: set automatically when a Template is chosen.
RAM in GB: set automatically when a Template is chosen.
Storage in GB: set automatically when a Template is chosen.
4. You will also notice that the Cube comes with an Unnamed Direct Attached Storage. Click on the storage device and rename it in the Inspector.
Name: Your choice is recommended to be unique to this Virtual Data Center (VDC).
Size in GB: Specify the required storage capacity.
Image: You can select one of IONOS' images or use your own.
Password: The combination should be between 8 and 50 characters in length; using only Latin characters and numbers.
Backup Unit: Backs up all data with version history to local storage or your private cloud storage.
1. Drop a Storage element from the Palette onto a Cube in the Workspace to connect both.
2. In the Inspector, configure your Storage device in the Settings tab.
Name: Your choice is recommended to be unique to this Virtual Data Center (VDC).
Availability Zone: Choose the Zone where you wish to host the Storage device.
Size in GB: Specify the required storage capacity for the SSD.
Performance: Depends on the size of the SSD.
Image: You can select one of IONOS' images or use your own.
Password: The combination should be between 8 and 50 characters in length; using only Latin characters and numbers.
Backup Unit: Backs up all data with version history to local storage or your private cloud storage.
1. Each compute instance has a NIC, which is activated via the Autoport symbol. Connect the Cube to the Internet by dragging a line from the Cube's Autoport to the Internet's NIC.
2. In the Inspector, configure your LAN device in the Network tab.
Name: Your choice is recommended to be unique to this Virtual Data Center (VDC).
MAC: The MAC address will be assigned automatically upon provisioning.
Primary IP: The primary IP address is automatically assigned by the IONOS DHCP server. You can, however, enter an IP address for manual assignment by selecting one of the reserved IPs from the drop-down menu. Private IP addresses should be entered manually. The NIC has to be connected to the Internet.
Failover: If you have an HA setup including a failover configuration on your VMs, you can create and manage IP failover groups that support your HA setup.
Firewall: Configure a firewall.
DHCP: It is often necessary to run a DHCP server in your virtual data center (e.g. PXE boot for fast rollout of VMs). If you use your own DHCP server, clear this checkbox so that your IPs are not reassigned by the IONOS DHCP server.
Additional IPs: In order to use "floating" or virtual IPs, you can assign additional IPs to a NIC by selecting them from the drop-down menu.
1. Choose a Cube. From the Settings tab in the Inspector, select Power > Suspend.
2. (Optional) In the dialog that appears, connect using Remote Console and shut down the VM at the operating system level to prevent data loss.
3. Confirm your action by checking the appropriate box and clicking Apply SUSPEND.
4. Provision your changes. Confirm the action by entering your password.
Result: The Cube is suspended but not deleted.
1. Choose a Cube. From the Settings tab in the Inspector, select Power > Resume.
2. Confirm your action by checking the appropriate box and clicking Apply RESUME.
3. Provision your changes. Confirm the action by entering your password.
Result: The Cube is resumed.
The server is switched off. CPU, RAM, and IP addresses are released and billing is suspended. Connected storage devices will still be billed. Reserved IP addresses are not removed from the server. The deallocated virtual machine is marked by a red cross in DCD.
1. Start the provisioning process by clicking PROVISION CHANGES in the Inspector.
2. The Provision Data Center dialog opens. Review your changes in the Validation tab.
3. Confirm changes with your password. Resolve outstanding errors without a password.
4. Once ready, click Provision Now to start provisioning resources.
Result: The data center is now provisioned with the new Cube. DCD will display a Provisioning Complete notification once your cloud infrastructure is ready.
Cloud-init is a software package that automates the initialization of servers during system boot. When you deploy a new Linux server from an image, cloud-init gives you the option to set default user data. User data must be written in shell scripts or cloud-config directives using YAML syntax. This method is highly compatible across platforms and fully secure.
Compatibility: This service is supported on all public IONOS Cloud Linux distributions (Debian, CentOS, and Ubuntu). You may submit user data through the DCD or via Cloud API. Existing cloud-init configurations from other providers are compatible with IONOS Cloud.
Limitations: Cloud-init is available on all public images supplied by IONOS Cloud. If you wish to use your own Linux image, please make sure that it is cloud-init supported first. Otherwise, there is no guarantee that the package will function as intended. Windows images are currently out of scope; adding them may be considered at a later stage.
Provisioning: Cloud-init can only be set at initial provisioning. It cannot be applied to instances that have already been provisioned. Settings can't be changed once provisioned.
Laptops: When using a laptop, please scroll down the properties panel, as additional fields are not immediately visible on a small screen.
This tutorial demonstrates the use of cloud-config and user-data scripts. However, the cloud-init package supports a variety of formats.
Data Format | Description |
---|---|
1. In the DCD, create a new virtual instance and attach any storage device to it.
2. Ensure the storage device is selected. Its Inspector pane should be visible on the right.
3. When choosing the Image, you may either use your own or pick one that is supplied by IONOS.
For IONOS supplied images, select No image selected > IONOS Images.
Alternatively, for private images select No image selected > Own Images.
4. Once you choose an image, additional fields will appear in the Inspector pane.
5. A Root password is required for Remote Console access. You may change it later.
6. SSH keys are optional. You may upload a new key or use an existing file. SSH keys can also be injected as user data utilizing cloud-init.
7. You may add a specific key to the Ad-hoc SSH Key field.
8. Under Cloud-init user data, select No configuration and a window will appear.
9. Input your cloud-init data. Either use a bash script or a cloud-config file with YAML syntax. Sample scripts are provided below.
10. To complete setup, return to the Inspector and click Provision Changes. Cloud-init automatically runs at boot, applying the changes requested.
When the DCD returns the message that provisioning has been successfully completed this means the infrastructure is virtually set up. However, bootstrapping, which includes the execution of cloud-init data, may take additional time. This execution time is not included in the success message. Please allow extra time for the tasks to complete before testing.
Using shell scripts is an easy way to bootstrap a server. In the example script below, the code creates and configures our CentOS web server.
Allow enough time for the instance to launch and run the commands in your script, and then check to see that your script has completed the tasks that you intended.
The above example will install a web server and rewrite the default index.html file. To test if cloud-init bootstrapped your VM successfully, you can open the corresponding IP address in your browser. You should be greeted with a “Hello World” message from your web server.
Cloud-init images can also be bootstrapped using cloud-config directives. The cloud-init website outlines all supported modules and gives examples of basic directives.
The following script is an example of how to create a swap partition with second block storage, using a YAML script:
The following script is an example of how to resize your file system according to the chosen size of the block storage. It will also create a user with an SSH key, using a cloud-config YAML script:
The cloud-init output log file (/var/log/cloud-init-output.log) captures console output. Depending on the default configuration for logging, a second log file exists under /var/log/cloud-init.log. **** This provides a comprehensive record based on user data.
Cloud API provides enhanced convenience if you want to automate the provisioning and configuration of cloud instances. Cloud-init is configured on the volume resource in Cloud API V6 (or later). Please find the link to the documentation below:
Name: userData
Type: string
Description: The cloud-init configuration for the volume as base64 encoded string. The property is immutable and is only allowed to be set on a new volume creation. It is mandatory to provide either public image
or imageAlias
that has cloud-init compatibility in conjunction with this property.
Learn how to create and configure a Cloud Cube inside of the DCD.
Use the Remote Console to connect to Server instances without SSH.
Use Putty or OpenSSH to connect to Server instances.
Automate the creation of virtual instances with the cloud-init package.
Enable IPv6 support for Cloud Cubes.
Base64
If user-data is base64-encoded, cloud-init determines if it can understand the decoded data as one of the supported types. If it understands the decoded data, it decodes the data and handles it appropriately. If not, it returns the base64 data intact.
User-Data Script
Begins with #!
or Content-Type: text/x-shellscript
.
The script is run by /etc/init.d/cloud-init-user-scripts during the first boot cycle. This occurs late in the boot process (after the initial configuration actions are performed).
Include File
Begins with #include
or Content-Type: text/x-include-url
.
The file contains a list of URLs, one per line. Each of the URLs is read, and their content is passed through this same set of rules. The content read from the URL can be MIME-multi-part or plaintext.
Cloud Config data
Begins with #cloud-config
or Content-Type: text/cloud-config
.
For a commented example of supported configuration formats, see the examples.
Upstart Job
Begins with #upstart-job
or Content-Type: text/upstart-job
.
This content is stored in a file in /etc/init
, and upstart consumes the content as per other upstart jobs.
Cloud Boothook
Begins with #cloud-boothook
or Content-Type: text/cloud-boothook
.
This content is boothook
data. It is stored in a file under /var/lib/cloud
and then runs immediately.
This is the earliest hook
available. There is no mechanism provided for running it only one time. The boothook must take care of this itself. It is provided with the instance ID in the environment variable INSTANCE_ID.
Use this variable to provide a once-per-instance set of boothook data