Contents
The SUSE® Cloud Dashboard is a Web interface that allows cloud
administrators and users to manage various OpenStack services. It
is based on OpenStack Dashboard (also known under its codename
Horizon
).
After a short introduction to the Dashboard, learn how to execute key tasks such as creating images, launching and managing instances, and how to use volumes for persistent storage.
The following requirements need to be fulfilled to access the SUSE Cloud Dashboard:
The cloud operator has set up SUSE Cloud.
You have a recent Web browser that supports HTML5. It must have cookies
and JavaScript enabled. For using the Dashboard's VNC client, which is
based on noVNC
, your browser needs to support HTML5
Canvas and HTML5 WebSockets. For more details and a list of browsers
that support noVNC
, refer to
https://github.com/kanaka/noVNC/blob/master/README.md,
and
https://github.com/kanaka/noVNC/wiki/Browser-support,
respectively.
Learn how to log in to SUSE Cloud Dashboard and get a short overview of its Web interface.
To access the SUSE Cloud Dashboard, ask the cloud operator for the following information:
Hostname or (public) IP address of the SUSE Cloud Dashboard. (The Dashboard is
available on the node that has the nova-dashboard
server
role.)
Username and password of the cloud administrator or cloud user with which you can log in to SUSE Cloud Dashboard.
Start a Web browser and make sure that JavaScript and cookies are enabled.
As a URL, enter the hostname or IP address that you got from the cloud operator.
https://IP_ADDRESS_OR_HOSTNAME
/
![]() | Certificate Warning |
---|---|
Depending on your browser and browser options, you may get a certificate warning when trying to access the URL for the first time. (In case no certificate is provided when setting up the Dashboard, SUSE Cloud uses a self-signed certificate that is not considered trustworthy by default). In this case, verify the certificate. To proceed anyway, you can add an exception in the browser to bypass the warning. |
On the SUSE Cloud Dashboard login screen, enter the
and and click .After logging in, the Dashboard's Main Screen (User's View) appears.
The top-level row of the main screen shows the username with which you are logged in. It also allows you to access the
or to of the Web interface.![]() | Available Functions |
---|---|
The visible tabs and functions in the Dashboard depend on the access permissions of the user that is logged in. They are defined by roles. |
If you are logged in as a user, the main screen only shows the
tenants
) that you are a member of.
Select a
from the drop-down list on the left-hand side to access the following categories:Shows basic reports on the project.
Lists instances and volumes created by users of the project. From here, you can terminate, pause, or reboot any instances or connect to them via VNC.
Lists images and snapshots created by users of the project, plus any images that are publicly available.
Allows to allocate or release floating IP addresses, manage security groups and keypairs.
User permissions to manage images are defined by the cloud operator during setup of SUSE Cloud. Image upload and management may be restricted to cloud administrators or cloud operators only.
After uploading an image to Nova, it cannot be changed any more (“golden image”).
Whereas nearly all key tasks can either be executed from the SUSE Cloud Web interface or from the command line, images can only be uploaded with a command line tool, glance image-create. For details, refer to Section “Adding Images” (Chapter 2, Using OpenStack Command Line Interfaces, ↑User Guide for Administrators).
Instances are virtual machines that run inside the cloud. To start an instance, a virtual machine image must exist that contains the following information: which operating system to use, a username and password with which to log in to the instance, file storage etc. The cloud contains a pool of such images that have been uploaded to Glance and are accessible to members of different projects.
When starting an instance, you need to specify the following key parameters:
In OpenStack, flavors define the compute, memory, and storage capacity of
nova
computing instances. To put it simply, a flavor
is an available hardware configuration for a server. It defines the
“size” of a virtual server that can be launched.
For more details and a list of default flavors available, refer to Section “Managing Flavors” (Chapter 1, Using SUSE Cloud Dashboard, ↑User Guide for Administrators).
Keypairs are SSH credentials that are injected into images when they are
launched. For this to work, the image must contain the cloud-init
package.
Create at least one keypair per project. If you already have generated a keypair with an external tool, you can import it into OpenStack. The keypair can be used for multiple instances belonging to that project.
For details, refer to Section 1.5.1, “Creating or Importing Keys”.
In SUSE Cloud, security groups are used to define which incoming network traffic should be forwarded to instances. Security groups hold a set of firewall policies (security group rules).
For details, refer to Section 1.5.2, “Configuring Security Groups and Rules”.
If needed, you can assign a floating (public) IP address to a running instance and attach a
block storage device (volume
) for persistent storage. For details, refer to
Section 1.5.3, “Managing IP Addresses” and Section 1.7, “Managing Volumes”.
You can start an instance directly from one of the images available in Glance or from an image that you have copied to a persistent volume before. For the preparation of the volume, refer to Procedure 1.1. When booting an image from a volume, the procedure is basically the same as when launching an instance from an image in Glance, except for some additional steps.
Procedure 1.1. Creating and Preparing the Volume¶
To be able to boot an instance from a volume, create the volume and copy an image to it:
Create a volume as described in Procedure 1.10, “Creating or Deleting Volumes”. Its size must be big enough to store an unzipped image.
Create an image with SUSE Studio or SUSE Studio Onsite. For details, refer to Section “Building Images with SUSE Studio” (Chapter 2, Using OpenStack Command Line Interfaces, ↑User Guide for Administrators).
Launch an instance as described in Procedure 1.2, “Launching an Instance”.
Attach the volume to the instance as described in Procedure 1.11, “Attaching Volumes to Instances”.
Assuming that the attached volume is mounted as /dev/vdb
, use one
of the following commands to copy the image to the attached volume:
For a raw image:
cat IMAGE
>/dev/null
(alternatively, use dd)
For a non-raw image:
qemu-img convert -O raw IMAGE
/dev/vdb
For a *.tar.bz2
image:
tar xfjO IMAGE
>/dev/null
As only detached volumes are available for booting, detach the volume. For details on how to do so, refer to Procedure 1.11, “Attaching Volumes to Instances”, Step 9.
For booting an instance from the volume, continue with Procedure 1.2, “Launching an Instance”.
You can start an instance directly from one of the images available in Glance. In that case, SUSE Cloud will create a local copy of the image on the respective Compute Node where the instance will be started.
![]() | Launching Instances from a Volume |
---|---|
Alternatively, you can start an instance from an image that has been copied to a persistent volume. In that case, the instance will be booted from the volume (provided by nova-volume) via iSCSI. For preparation details, refer to Procedure 1.1, “Creating and Preparing the Volume”. To boot an instance from the volume, follow Procedure 1.2, “Launching an Instance”. Especially note the following steps:
|
Procedure 1.2. Launching an Instance¶
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category. The Dashboard shows the that have been uploaded to Glance and are available for this project.Select an image and click
.In the window that opens, specify the following:
Enter a
that will be assigned to the virtual machine.From the “size” of the virtual machine to launch.
drop-down list, select theSelect a Section 1.5.1, “Creating or Importing Keys”. In case an image uses a static root
password or a static key set (neither is recommended), you do not need to provide a keypair
on starting the instance.
In
, enter the number of virtual machines to launch from this image.Activate the Section 1.5.2, “Configuring Security Groups and Rules”. If you have not created any specific security groups, you can only assign the instance to the default security group.
that you want to assign to the instance. Security groups are a kind of cloud firewall that define which incoming network traffic should be forwarded to instances. For details, refer to![]() |
If you want to Launching Instances from a Volume.
, click the respective entry to expand its options. Set the options as described inClick
. The instance will be started on any of the Compute Nodes in the cloud.After you have launched an instance, switch to the
category to view the , its (private or public) , its , its , , and .If you did not provide a keypair on starting and have not touched security groups or rules so far, by default the instance can only be accessed from inside the cloud via VNC at this point. Even pinging the instance is not possible. To change this, proceed with Section 1.5, “Configuring Access to the Instances”.
Access to an instance is mainly influenced by the following parameters:
keypairs
security groups and rules
IP addresses
For SSH access to an instance, you usually need to provide a keypair at launch time. The security rules need adjustment, too, since the default rules block access to SSH ports and prevent pinging an instance. To make the instance also accessible from outside the cloud, assign a floating (public) IP address.
Keypairs are SSH credentials that are injected into images when they are
launched. For this to work, the image must contain the cloud-init
package.
Create at least one keypair per project. If you already have generated a keypair with an external tool, you can import it into OpenStack. The keypair can be used for multiple instances belonging to that project.
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category. The Dashboard shows , , and for the selected project.To import a keypair that you have generated with an external tool:
Click
.In the window that opens, enter a name for the keypair and copy the public key into the respective input field.
Confirm your choice.
To create a new keypair:
Click
.In the window that opens, enter a name for the keypair and confirm your choice.
OpenStack generates a keypair and provides the private key for
download as a *.pem
file.
Save the *.pem
file locally and change its
permissions so that only you can read and write to the file:
chmod 600 MY_PRIV_KEY
.pem
The public key of the keypair is registered at the Nova database. The Dashboard lists the keypair in the Figure 1.4, “SUSE Cloud Dashboard—Keypairs”.
category as shown inIn SUSE Cloud, security groups are used to define which incoming network traffic should be forwarded to instances. Security groups hold a set of firewall policies (security group rules).
When launching an instance, you need to define which security groups it should belong to. A default security group is available for each project. It allows all network traffic from other members of this group and discards traffic from other IP addresses and groups.
Multiple security groups for a project can be defined, with each group holding a different set of firewall policies. This is useful if you have groups of instances that should differ in firewall configuration (for example, front-end and back-end servers). An instance can be assigned to multiple security groups.
Procedure 1.3. Creating or Deleting Security Groups¶
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category. The Dashboard shows , , and for the selected project.To create a new security group:
Click
.In the window that opens, enter a
and for the group and confirm your changes.To delete one or multiple security groups:
Activate the check boxes in front of the groups that you want to delete.
Click
and confirm your choice in the pop-up that appears.A message on the Web page shows if the action has been successful.
![]() | Deleting Security Groups |
---|---|
The default security group for a project cannot be deleted. If another group cannot be deleted, it is because it is still assigned to a running instance. |
You can adjust rules of the default security group as well as rules of any other security group that has been created. As soon as the rules for a group are modified, the new rules are automatically applied to all running instances belonging to that security group.
Adjust the rules in a security group to allow access to instances via different ports and protocols. This is necessary to be able to access instances via SSH, to ping them, or to allow UDP traffic (for example, for a DNS server running on an instance).
Rules in security groups are specified by the following parameters:
Decide whether to allow traffic to instances only from IP addresses inside the cloud (from other group members) or from all IP addresses.
Choose between TCP (for SSH), ICMP (for pings), and UDP.
Define a port range. To open a single port only, enter the same value twice. ICMP does not support ports. In that case, enter values that define the codes and types of ICMP traffic to be allowed.
If no further security groups have been created, any instances are automatically assigned to the default security group (if not specified otherwise). Unless you change the rules for the default group, those instances cannot be accessed from any IP addresses outside the cloud.
Procedure 1.4. Configuring Security Group Rules¶
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category. The Dashboard shows , , and for the selected project.Select the security group to modify, then click
. The window that appears shows which rules have already been configured.To allow SSH access to the instances:
Set TCP
.
Enter the value 22
in both
and .
To allow access from all IP addresses (specified
as IP subnet in CIDR notation as 0.0.0.0/0
), leave the
other fields unchanged.
Alternatively, allow only IP addresses from other security groups to access the specified port. In that case, select the desired security group from the
drop-down list.Confirm your changes to add the rule.
To allow pinging the instances:
Set ICMP
.
Enter the value -1
in both and . This allows access to all
codes and all types of ICMP traffic, respectively.
To allow access from all IP addresses
(0.0.0.0/0
), leave the other fields unchanged.
Alternatively, allow only members of other security groups to ping instances. In that case, select the desired security group from the
drop-down list.Confirm your changes to add the rule.
To allow access via UDP port (for example, for a DNS server running on a VM):
Set UDP
.
Enter the value 53
in both
and .
To allow access from all IP addresses
(0.0.0.0/0
), leave the other fields
unchanged.
Alternatively, allow only IP addresses from other security groups to access the specified port. In that case, select the desired security group from the
drop-down list.Confirm your changes to add the rule.
To delete one or multiple security group rules:
Select the security group to modify, then click
. The window that appears shows which rules have already been configured.Select the rule or rules to remove.
Click
and confirm your choice.Each instance can have two IP addresses: a private (fixed) IP address and a public (floating) one. Private IP addresses are used for communication between instances, and public ones are used for communication with the outside world. When an instance is launched, it is automatically assigned a private IP address, which stays the same until the instance is explicitly terminated. (Rebooting the instance does not have an effect on the private IP address.)
A pool of floating IPs is available in OpenStack Nova, as configured by the cloud operator. You can allocate a certain number of these to a project—the maximum number of floating IP addresses per project is defined by the quota. From this set, you can then add a floating IP address to an instance of the project. Floating IP addresses can be dynamically disassociated and associated with other instances of the same project at any time.
Procedure 1.5. Allocating Floating (Public) IPs to a Project
Before you can assign a floating IP address to an instance, you first need to allocate floating IPs to a project.
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category. The Dashboard shows a list of , , and for the current project.To allocate a floating IP address to the current project:
Click
.In the window that opens, select a
out of which to take the IP address.Click
.The Dashboard shows the allocated IP addresses in the
category. The first IP shown for an instance is the private IP address; the second one is the floating IP address.To release one or multiple floating IP addresses from a project:
Activate the check boxes in front of the IP addresses that you want to release.
Click
. The IP addresses are put back into the pool of IP addresses that are available for all projects. If an IP address is currently assigned to a running instance, it will automatically be disassociated from the instance.Procedure 1.6. Assigning Floating (Public) IP Addresses to Instances
After floating IP addresses have been allocated to the current project, you can assign them to running instances. One floating IP address can be assigned to only one instance at a time.
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category. The Dashboard shows a list of , , and for the current project.To assign an IP to an instance:
Select an IP address and click
.In the window that opens, select the
to associate the IP with and confirm your choice.In the Section 1.5.2, “Configuring Security Groups and Rules”.
category, the list of shows the ID of the instance with which the IP has been associated. The instance is now publicly available under the respective floating IPs address (provided you have also configured the security group rules for the instance accordingly). For details, refer toTo remove a floating IP address from an instance:
Click the
category.Select the IP address to remove.
Click
and confirm your change.The following are typical tasks for managing instances:
Accessing instances from remote
Viewing logs
Creating instance snapshots to preserve a certain disk state of an instance
Using instance snapshots as base for new images
Rebooting or terminating instances
Pausing or suspending instances
Tracking instance usage
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category.Select the instance and from the
drop-down list, select .Alternatively, click the instance's name and switch to the
tab that opens.The Dashboard shows the output of the instance's serial console. To make use of this feature, the respective image must have set the serial console correctly in GRUB.
The Dashboard's built-in VNC client allows you to access instances at any time.
Procedure 1.7. Accessing an Instance via VNC
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category.Select the instance to access and from the
drop-down list, select .Alternatively, click the instance's name and switch to the
tab that opens.When establishing the first connection, you might be prompted by your browser to trust a certificate before you can see the VNC screen.
To display a larger VNC screen, use the link
.![]() |
To leave the large VNC screen, use the back button of the browser.
To access an instance via SSH, the following requirements need to be fulfilled:
sshd
must be running
inside the virtual machine.
Port 22
must be open in the virtual
machine's firewall.
The security group which the instance is assigned to, must be configured to allow SSH access.
To allow SSH access from outside the cloud, a floating IP address must be assigned to the instance.
You must know the private or public IP address of the instance.
Instance snapshots preserve the disk state of a running instance. You can launch a new instance from a snapshot or use a snapshot to create a new image based upon the snapshot. Ephemeral disks are not included in any snapshots.
Procedure 1.8. Creating Instance Snapshots
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category.Select the instance of which to create a snapshot. From the
drop-down list, select .In the window that opens, enter a name for the snapshot and confirm your changes. The Dashboard shows the new
in the category.To launch a new instance from the snapshot, select the snapshot and click Procedure 1.2, “Launching an Instance”.
. Proceed with launching an instance as described inProcedure 1.9. Basing an Image on a Snapshot
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category.Select the snapshot and from the
drop-down list, select .In the window that opens, enter the image properties. For more information, refer to Section “Managing Images” (Chapter 1, Using SUSE Cloud Dashboard, ↑User Guide for Administrators).
Click
.Dashboard shows the newly created image in the list of images in the
category. If you delete the snapshot, upon which the image is based, the image will be deleted as well. If you delete the image, the snapshot upon which it is based, will be deleted as well.For maintenance reasons, you can pause or suspend images—provided they are running on KVM or Xen. Pausing or suspending avoids the consequences that come with terminating an instance.
If you pause an instance, the content of the virtual machine is stored to memory (RAM) and the image is kept running in a “frozen” state. When suspending an instance, the content of the virtual machine is stored to disk, and memory and VCPUs are freed.
![]() | Terminating Instances: Risk of Data Loss |
---|---|
Terminating an instance has the following consequences:
|
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category.Select the instance that you want to put out of the running state. From the
drop-down list, select the respective action.Use the Dashboard's
category to track usage of instances per project. This allows you to track costs per month by showing metrics like number of VCPUs, disks, RAM, and uptime of all your instances.If you are a member of multiple projects, select a
from the drop-down list at the top of the tab. Select a month and click to query the instance usage for that month. The Dashboard also allows to download a CVS summary.Volumes are block storage devices that can be attached to instances. They allow for persistent storage as they can be attached to a running instance (or detached and attached to another instance at any time). In contrast to the instance's root disk, the data of volumes is not destroyed when the instance is terminated.
Procedure 1.10. Creating or Deleting Volumes¶
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category.To create a volume:
Click
.In the window that opens, enter a name to assign to a volume, a description (optional), and define the size in GB.
Confirm your changes.
The Dashboard shows the volume in the
category.To delete one or multiple volumes:
Activate the check boxes in front of the volumes that you want to delete.
Click
and confirm your choice in the pop-up that appears.A message on the Web page shows if the action has been successful.
After having created one or multiple volumes, you can attach them
to instances. A volume can only be attached to one instance at a time.
View the available
or already In-Use
.
Procedure 1.11. Attaching Volumes to Instances¶
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category.Select the volume to add to an instance and click
.In the window that opens, select an instance to attach the volume to.
Enter a
under which the volume should be accessible on the virtual machine.Confirm your changes. The Dashboard shows the instance to which the volume has been attached and the volume's device name.
Now you can log in to the instance, mount the disk, format it, and use it.
If the instance is running the latest SUSE Linux Enterprise Server SP2 Kernel, it is not necessary
to reboot the virtual machine to make the device appear.
Otherwise load the acpiphp
module manually:
modprobe acpiphp
To detach a volume from an instance:
Select the volume and click
.In the window that opens, click
and confirm your changes.A message on the Web page shows if the action has been successful.
Procedure 1.12. Creating Volume Snapshots
Log in to SUSE Cloud Dashboard.
If you are a member of multiple projects, select a
from the drop-down list at the top of the tab.Click the
category.Select the volume of which to create a snapshot.
From the
drop-down list, select .In the window that opens, enter a
and a .Confirm your changes. The Dashboard shows the new
in the category.