Quick Guide: Difference between revisions

From bwCloud-OS
Jump to navigation Jump to search
← Older edit
VisualWikitext
m Sia moved page Quickguide to Quick Quide: More formal
No edit summary
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Registration ==
== [[Registration]] ==
 
* Access to bwCloud-OS requires an active account from a '''bwIDM'''-participating institution.
* Access to bwCloud-OS requires an active account from a '''bwIDM'''-participating institution.
* Your account must include a valid '''bwCloud entitlement''', assigned by your '''home institution'''. This is usually automatic. If missing, contact your institution’s IT support. The bwCloud-OS team cannot assign entitlements.
* Your account must include a valid '''entitlement''', assigned by your '''home institution'''. This is usually automatic. If missing (see [[Registration#How can I find out which entitlements my account contains?|here]]), contact your institution’s IT support. The bwCloud-OS team cannot assign entitlements.
* Log in once to the Dashboard to activate your profile. Setup is automated via bwIDM.
* Log in once to the '''[https://portal.bw-cloud.org/ Dashboard]''' to activate your profile. Setup is automated via bwIDM.
* After login, select your '''home region''' as described [[Registration#What is a "home region"?|here]] to begin using bwCloud-OS.
* After login, select your '''region''' as described [[Registration#What is a "home region"?|here]] to begin using bwCloud-OS.


== Instances (VMs) ==
== [[Instances (VMs)]] ==


* Instances can be '''created''' via the Dashboard wizard, '''select: name  → image → flavor → network → SSH key → launch'''.
* Instances can be '''created''' via the '''[https://portal.bw-cloud.org/ Dashboard]''' wizard, select: '''name  →source → flavor → network → SSH key → launch'''.
* Existing instances can be  '''resized''' to larger flavors. Always back up important data beforehand, as the VM will reboot during the process.
* The '''source''' defines the base disk for the instance, usually a pre-configured '''image''' containing the operating system (Rocky, Ubuntu, etc.) and initial software optimized for cloud environments.
* To '''access''' your bwCloud-OS virtual machines, you must register an '''SSH key pair'''  and assign it when creating instances.
* The available resources of a virtual machine (vCPU, memory, etc.) are pre-defined by [[Instances (VMs)#What are instance flavors, and which flavors are available?|flavors]]. Choose a '''flavor''' that fits your workload and available [[Projects and Quota#Project Quota|quota]] when launching your instance
* To '''access''' your bwCloud-OS virtual machines, you must register an '''SSH key pair'''  and assign it when creating instances. ''If you lose your private SSH key, you will '''lose access'''  to your instance!''


== Network ==
== [[Networks]] ==


* Each bwCloud-OS instance automatically receives a '''public IP address''', valid for its entire lifetime (until deletion).
* Each bwCloud-OS instance automatically receives a '''public IP address''', valid for its entire lifetime (until deletion).
* Instances are also assigned a '''persistent FQDN''' based on their UUID and region.
* Instances are also assigned a '''persistent FQDN''' based on their UUID and region.
* Domain hosting is not provided, but you can point your own '''domain''' to the instance’s  FQDN using a CNAME record.
* Domain hosting is not provided, but you can point your own '''domain''' to the instance’s  FQDN using a CNAME record.
* '''SSL certificates''' can be obtained via Let’s Encrypt using tools like Certbot.


== Security ==
== [[Security]] ==


* By default, VMs in bwCloud-OS are only accessible via '''SSH (port 22)'''; all other ports are initially '''closed''' for security reasons.
* By default, bwCloud-OS VMs are only accessible via '''SSH (port 22)''' and  '''ICMP''' (e.g., ''ping'') ;  all other incoming traffic is blocked for security.
* Additional ports (e.g. HTTPS/443) can be opened  via '''Security Groups''' in the Dashboard — changes take effect immediately without a reboot.
* To allow access on additional ports (e.g. HTTPS/443), you can add rules via the '''Security Groups''' in the Dashboard — changes take effect immediately.
* Some ports are '''centrally filtered''' in certain regions and cannot be opened manually; details are listed in the [[Reference: Network – blocked/allowed ports.|port overview]].
* Some ports are '''centrally filtered''' in certain bwCloud-OS regions and cannot be opened individually; refer to the [[Reference: Network – blocked/allowed ports.|Port Overview]] for region-specific details.
* '''SSL certificates''' are not provided by bwCloud-OS, but can be obtained via services like '''Let’s Encrypt'''.
* If you suspect a '''security incident''', stop the affected VMs and submit a support ticket immediately.
* If you suspect a '''security incident''', stop the affected VMs and open a support ticket immediately.


== Storage ==
== [[Storage]] ==


* If you need more storage, create and attach additional '''volumes''' — root disks cannot be enlarged. Using a larger root disk via special flavors is also not recommended in general.
* If you need more storage in a VM, create and attach additional '''volumes''' — root disks cannot be enlarged. Using special flavors with larger root disks as a reserve for extra storage is generally discouraged, as they offer less flexibility.
* All data is stored redundantly (e.g., 3× replication in Ceph), but '''no automatic backups''' are performed — you are responsible for your own data protection.
* All data is stored redundantly (e.g., 3× replication in Ceph), but '''no automatic backups''' are performed — ''you are responsible for backing up your own data''.
* Back up your data regularly using '''snapshots''' or by downloading volumes/images via the OpenStack client as explained [[Storage#How can I back up my virtual machines?|here]].
* Back up your data regularly using '''snapshots''' or by downloading (volume-)images using the OpenStack client as explained [[Storage#How can I back up my virtual machines?|here]].
* ⚠️''To avoid data loss: '''Never store critical or irreplaceable data only in bwCloud-OS'''  — always back up externally''.


== (Group-)Projects & Quota ==
== [[Projects and Quota|Projects & Quota]] ==


* Each bwCloud-OS project has predefined '''quotas''' for vCPU, RAM, storage, and networks. Quota increases can be requested via the  bwSupportPortal
* Each bwCloud-OS project has predefined '''quotas''' for vCPU, RAM, storage, and networks. Quota increases can be requested via the  bwSupportPortal.
* '''Group projects''' allow shared access to resources. Members  can manage instances collaboratively. Quotas can be assigned in multiple regions. Every group project requires a named '''owner''' as the primary contact.
* '''Group projects''' allow shared access to resources. Members  can manage instances collaboratively. Quotas can be assigned in multiple [[Registration#Regions|regions]]. A designated '''project owner''' is required to manage membership and act as the main contact.
* Instances cannot be '''moved between projects''' directly. Use snapshots and volume transfer as described [[Storage#Download Volumes or Images|here]].
* Instances cannot be moved between projects directly. Use snapshots and '''volume transfer''' instead, as described [[Projects and Quota#Instance-Transfer|here]].


== Automation & Tools ==
== [[Programmatic Access and Automation|Automation]] ==


* Experienced users can create '''Application Credentials (tokens)''' to enable CLI or programmatic access.
* '''Application Credentials''' enable secure, password-free access to bwCloud-OS — ideal for CLI usage and automation.
* Automation tools like '''Ansible''' or '''Terraform''' can be used to streamline instance deployment and configuration.
* You can use these credentials with the '''OpenStack client'''  to manage your cloud resources from the command line.
* '''Automation tools''' like '''Ansible''' or '''Terraform''' can be used for efficient deployment and configuration of instances.

Latest revision as of 18:44, 10 November 2025

Registration

  • Access to bwCloud-OS requires an active account from a bwIDM-participating institution.
  • Your account must include a valid entitlement, assigned by your home institution. This is usually automatic. If missing (see here), contact your institution’s IT support. The bwCloud-OS team cannot assign entitlements.
  • Log in once to the Dashboard to activate your profile. Setup is automated via bwIDM.
  • After login, select your region as described here to begin using bwCloud-OS.

Instances (VMs)

  • Instances can be created via the Dashboard wizard, select: name →source → flavor → network → SSH key → launch.
  • The source defines the base disk for the instance, usually a pre-configured image containing the operating system (Rocky, Ubuntu, etc.) and initial software optimized for cloud environments.
  • The available resources of a virtual machine (vCPU, memory, etc.) are pre-defined by flavors. Choose a flavor that fits your workload and available quota when launching your instance
  • To access your bwCloud-OS virtual machines, you must register an SSH key pair and assign it when creating instances. If you lose your private SSH key, you will lose access to your instance!

Networks

  • Each bwCloud-OS instance automatically receives a public IP address, valid for its entire lifetime (until deletion).
  • Instances are also assigned a persistent FQDN based on their UUID and region.
  • Domain hosting is not provided, but you can point your own domain to the instance’s FQDN using a CNAME record.
  • SSL certificates can be obtained via Let’s Encrypt using tools like Certbot.

Security

  • By default, bwCloud-OS VMs are only accessible via SSH (port 22) and ICMP (e.g., ping) ; all other incoming traffic is blocked for security.
  • To allow access on additional ports (e.g. HTTPS/443), you can add rules via the Security Groups in the Dashboard — changes take effect immediately.
  • Some ports are centrally filtered in certain bwCloud-OS regions and cannot be opened individually; refer to the Port Overview for region-specific details.
  • If you suspect a security incident, stop the affected VMs and submit a support ticket immediately.

Storage

  • If you need more storage in a VM, create and attach additional volumes — root disks cannot be enlarged. Using special flavors with larger root disks as a reserve for extra storage is generally discouraged, as they offer less flexibility.
  • All data is stored redundantly (e.g., 3× replication in Ceph), but no automatic backups are performed — you are responsible for backing up your own data.
  • Back up your data regularly using snapshots or by downloading (volume-)images using the OpenStack client as explained here.
  • ⚠️To avoid data loss: Never store critical or irreplaceable data only in bwCloud-OS — always back up externally.

Projects & Quota

  • Each bwCloud-OS project has predefined quotas for vCPU, RAM, storage, and networks. Quota increases can be requested via the bwSupportPortal.
  • Group projects allow shared access to resources. Members can manage instances collaboratively. Quotas can be assigned in multiple regions. A designated project owner is required to manage membership and act as the main contact.
  • Instances cannot be moved between projects directly. Use snapshots and volume transfer instead, as described here.

Automation

  • Application Credentials enable secure, password-free access to bwCloud-OS — ideal for CLI usage and automation.
  • You can use these credentials with the OpenStack client to manage your cloud resources from the command line.
  • Automation tools like Ansible or Terraform can be used for efficient deployment and configuration of instances.
Retrieved from "https://wiki.bwcloud-os.de/index.php?title=Quick_Guide&oldid=1530"