https://www.cac.cornell.edu/wiki/api.php?action=feedcontributions&user=Cjc73&feedformat=atomCAC Documentation wiki - User contributions [en]2024-03-29T15:42:06ZUser contributionsMediaWiki 1.35.5https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4035OpenStack Key Pairs cjc732023-01-13T00:04:38Z<p>Cjc73: /* Import a Key Pair */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Option 1: Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<code>cd ~/.ssh</code> on macOS or Linux, <code>chdir %USERPROFILE%\.ssh</code> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<code>cd ~/.ssh</code> on macOS or Linux, <code>chdir %USERPROFILE%\.ssh</code> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
chdir %USERPROFILE%\.ssh<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to the [[#Import a Key Pair | Import a Key Pair]] section.<br />
<br />
=== Option 2: Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
=== Copy your public key to the system clipboard ===<br />
If you haven't already, you will need to copy the text of your public key onto the system clipboard so you can paste it into the dialog box. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Copy the output from the command above and paste it into the Public Key field on the OpenStack Import Key Pair Dialog.<br />
<br />
=== Import Key Pair Dialog ===<br />
Enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
When you are configuring your instance, select your imported key-pair in the Key-Pair section.<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Change the Passphrase on a Key Pair ==<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4034OpenStack Key Pairs cjc732023-01-12T23:55:26Z<p>Cjc73: /* Create a key pair for RedCloud */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Option 1: Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<code>cd ~/.ssh</code> on macOS or Linux, <code>chdir %USERPROFILE%\.ssh</code> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<code>cd ~/.ssh</code> on macOS or Linux, <code>chdir %USERPROFILE%\.ssh</code> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
chdir %USERPROFILE%\.ssh<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to the [[#Import a Key Pair | Import a Key Pair]] section.<br />
<br />
=== Option 2: Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Change the Passphrase on a Key Pair ==<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4033OpenStack Key Pairs cjc732023-01-12T23:52:36Z<p>Cjc73: </p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Option 1: Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<code>cd ~/.ssh</code> on macOS or Linux, <code>chdir %USERPROFILE%\.ssh</code> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
chdir %USERPROFILE%\.ssh<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to the [[#Import a Key Pair | Import a Key Pair]] section.<br />
<br />
=== Option 2: Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Change the Passphrase on a Key Pair ==<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4032OpenStack Key Pairs cjc732023-01-12T23:49:51Z<p>Cjc73: </p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Option 1: Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to the [[#Import a Key Pair | Import a Key Pair]] section.<br />
<br />
=== Option 2: Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Change the Passphrase on a Key Pair ==<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4031OpenStack Key Pairs cjc732023-01-12T23:47:22Z<p>Cjc73: /* Create or Select a Key Pair */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Option 1: Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to the [[#Import a Key Pair | Import a Key Pair]] section.<br />
<br />
=== Option 2: Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4030OpenStack Key Pairs cjc732023-01-12T23:45:03Z<p>Cjc73: /* Create a Key Pair Without a Passphrase (with OpenStack) */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Option 1: Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to the [[#Import a Key Pair | Import a Key Pair]] section.<br />
<br />
=== Option 2: Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4029OpenStack Key Pairs cjc732023-01-12T23:44:30Z<p>Cjc73: /* Create a Passphrase-Protected Key Pair */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Option 1: Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to the [[#Import a Key Pair | Import a Key Pair]] section.<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4028OpenStack Key Pairs cjc732023-01-12T23:43:50Z<p>Cjc73: /* Create a key pair for RedCloud */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to the [[#Import a Key Pair | Import a Key Pair]] section.<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4027OpenStack Key Pairs cjc732023-01-12T23:43:34Z<p>Cjc73: /* Create a key pair for RedCloud */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to the [[#Import a Key Pair | Import a Key Pair]] section<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4026OpenStack Key Pairs cjc732023-01-12T23:41:57Z<p>Cjc73: /* Create a key pair for RedCloud */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to the [[#Import a Key Pair]](Import a Key Pair) section<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4025OpenStack Key Pairs cjc732023-01-12T23:40:41Z<p>Cjc73: /* Create a key pair for RedCloud */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to [[Import a Key Pair]]<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4024OpenStack Key Pairs cjc732023-01-12T23:39:52Z<p>Cjc73: /* Create a Passphrase-Protected Key Pair */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
====Create the .ssh folder if needed====<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
Issue the command to change directory to the .ssh directory (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows). If you see ``path not found`` or ``no such file or directory`` error, the .ssh folder does not yet exist. If you ```do not``` have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. Do not run this command if the .ssh folder already exists; you might overwrite existing keys. If you do not already have a .ssh folder, this command will create the .ssh folder with the side effect of creating default keys: <br />
<br />
ssh-keygen<br />
<br />
====Create a key pair for RedCloud====<br />
You will then be able to use the change directory command to open .ssh (<tt>cd ~/.ssh</tt> on macOS or Linux, <tt>chdir %USERPROFILE%\.ssh</tt> on Windows).<br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to [[#Import a Key Pair]]<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4023OpenStack Key Pairs cjc732023-01-12T23:26:19Z<p>Cjc73: /* Create a Passphrase-Protected Key Pair */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
If you do not have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. <br />
ssh-keygen<br />
You will then be able to use the change directory command to open .ssh (<tt>cd .ssh</tt> on macOS or Linux, <tt>chdir .ssh</tt> on Windows) <br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to [[#Import a Key Pair]]<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4022OpenStack Key Pairs cjc732023-01-12T23:26:02Z<p>Cjc73: /* Create a Passphrase-Protected Key Pair */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
If you do not have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. <br />
sshkeygen<br />
You will then be able to use the change directory command to open .ssh (<tt>cd .ssh</tt> on macOS or Linux, <tt>chdir .ssh</tt> on Windows) <br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to [[#Import a Key Pair]]<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4021OpenStack Key Pairs cjc732023-01-12T23:24:44Z<p>Cjc73: update import directions</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
If you do not have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. You will then be able to use the change directory command to open .ssh (<tt>cd .ssh</tt> on macOS or Linux, <tt>chdir .ssh</tt> on Windows) <br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to [[#Import a Key Pair]]<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
<br />
Your Red Cloud key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. <br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
If you haven't already, you will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. The key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4020OpenStack Key Pairs cjc732023-01-12T22:03:15Z<p>Cjc73: /* Create a Passphrase-Protected Key Pair */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, open a terminal (or Command Prompt) on your operating system. <br />
<br />
Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the user's home directory, in a folder called <tt>.ssh</tt>. You may need to create this directory. <br />
<br />
If you do not have an .ssh folder in your user folder, you can create one by running the <tt>ssh-keygen</tt> command in Command Prompt or Terminal and accepting all the defaults. You will then be able to use the change directory command to open .ssh (<tt>cd .ssh</tt> on macOS or Linux, <tt>chdir .ssh</tt> on Windows) <br />
<br />
Enter the command below to create a 4096-byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Use the <br />
<br />
You will need to copy the text of your public key into RedCloud. To display your SSH public key (cloud.key.pub) first enter a terminal, and make sure you are in the directory that contains your public key. Then enter the commands that match your operating systemjump. If applicable, change the <tt>cloud.key.pub</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> suffix is critcal, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux or macOS terminal:<br />
cd ~/.ssh<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
Select the key text and copy to the system clipboard. <br />
Proceed to [[#Import a Key Pair]]<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. This brings up a dialog for creating a key pair.<br />
<br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. They key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4019OpenStack Key Pairs cjc732023-01-12T20:08:53Z<p>Cjc73: /* Create or Select a Key Pair */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only '''one''' of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, enter a terminal on your operating system. Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the users home directory, in a folder called <tt>.ssh</tt>. Enter the command below to create an 4096 byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Alternatively, you can give the key-pair a name that links it back to the person who created it, so others can easily tell who was the initial administrator of the instance. This is especially useful if one ends up adding other users.<br />
<br />
Your key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Click the "Import Key Pair" button on that page. <br />
<br />
Enter a key pair name and paste your SSH public key into the corresponding fields.<br />
<br />
To paste your SSH public key (cloud.key.pub), first enter a terminal, and make sure you are in the directory that contains your public key. Then enter one of the following commands. Be sure to change the <tt>cloud.key</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> should be included, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux, macOS:<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. This brings up a dialog for creating a key pair.<br />
<br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. They key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack_Key_Pairs_cjc73&diff=4018OpenStack Key Pairs cjc732023-01-12T20:08:23Z<p>Cjc73: /* Create or Select a Key Pair */</p>
<hr />
<div>The best way to provide secure and easy access to your [[Red Cloud]] [[OpenStack#Instances|instances]] is through the use of key pairs for [https://www.ssh.com/ssh/public-key-authentication SSH authentication]. Key pairs are made up of a private key that only you know, and a public key that is distributed to people and systems with which you would like to have secure communications. Red Cloud allows you to easily generate or upload such key pairs to use with your instances.<br />
<br />
When you [[OpenStack#Launch_an_Instance|create a new instance]], you should specify a key pair to be used for logging in to that instance. '''You can only add a key pair to an instance at the time of its creation''', not afterwards, so it is important not to overlook this step. It is possible to generate a new key pair during the process of creating an instance.<br />
<br />
In [[Red Cloud Linux Instances|Linux instances]], the pair's public key is installed into the root (or ubuntu user) account at the time of its creation, allowing you to login simply by providing the private key. For [[Red Cloud Windows Instances|Windows instances]], you will need to provide the private key to the Red Cloud web interface in order to fetch a valid password for logging in to the instance's administrator account.<br />
<br />
Key pairs are created per user within an account, so other account members will not be able to use the key pairs you create. You will also not be able to use a given key pair in multiple accounts unless you import it into each account.<br />
<br />
__TOC__<br />
<br />
<br />
== Identify Your Scenario ==<br />
<br />
The procedure to create an instance associated with a key pair depends on 1) the intended instance operating system and 2) whether you need to create a key pair or have an existing key pair you would like to use. While passphrase-protected keys are more secure and are recommended for Linux instances, Windows instances are not compatible with these keys and different steps are required. <br />
<!-- The key pair you provide will be associated with an administrator account (the specific name of this account varies with the OS version) so you may wish to create a special key pair that is just for system setup --><br />
<br />
Your situation should match one of the following scenarios:<br />
<br />
* '''I want to create a Windows instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Key Pair Without a Passphrase (with OpenStack)|Create a Key Pair Without a Passphrase (with OpenStack)]].<br />
*# Next, follow the steps to [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Windows intance and I have an RSA key pair I want to use.'''<br />
*# If your key is passphrase protected, follow the steps to [[#Change the Passphrase on a Key Pair|Change the Passphrase on a Key Pair]] to remove the passphrase.<br />
*# Next, [[#Import a Key Pair|Import the Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Windows Instance|Use Your Key Pair to Connect to a Windows Instance]].<br />
<br />
<br />
* '''I want to create a Linux instance and I do not already have an RSA key pair.'''<br />
*# First, [[#Create a Passphrase-Protected Key Pair|Create a Passphrase-Protected Key Pair]]<br />
*# Next, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
<br />
* '''I want to create a Linux instance and I have an RSA key pair I want to use.''' <br />
*# First, [[#Import a Key Pair|Import a Key Pair]].<br />
*# Then, [[#Select a Key Pair When Creating an Instance|Select a Key Pair When Creating an Instance]].<br />
*# Finally, [[#Use Your Key Pair to Connect to a Linux Instance|Use Your Key Pair to Connect to a Linux Instance]]<br />
<br />
== Create or Select a Key Pair ==<br />
<br />
Only **one** of the following subsections will apply to you.<br />
<br />
=== Create a Passphrase-Protected Key Pair ===<br />
<br />
The recommended way (for security reasons) to use key pairs is through a passphrase-protected key pair. Windows instances cannot use passphrase-protected key pairs, so if you are following these directions to create a key pair that you intend to use with Windows instances, leave the passphrase empty.<br />
<br />
The command line tool <tt>ssh-keygen</tt> is preinstalled on Windows 10, macOS and Linux operating systems. To enter the commands below, open the terminal application on your operating system (for example, Terminal or Command Prompt). To create a passphrase-protected key pair, enter a terminal on your operating system. Navigate to a directory where you wish to store the key pair, using <tt>cd</tt> on a Mac or Linux (more information can be found here: [[Linux Tutorial]]) or <tt>chdir</tt> in Windows Command Prompt. Traditionally, SSH key pairs are stored in the users home directory, in a folder called <tt>.ssh</tt>. Enter the command below to create an 4096 byte RSA key pair named <tt>cloud.key</tt> and <tt>cloud.key.pub</tt>. You may choose a more meaningful name for your key that incorporates your netID and other information about why the key was created:<br />
<br />
ssh-keygen -t rsa -b 4096 -f cloud.key<br />
<br />
The terminal will prompt you to enter a passphrase. If this key pair is for ''Windows instances'', just press enter for no passphrase. Otherwise type a secure passphrase and hit enter. This generates a passphrase-protected private key (cloud.key) and a public key (cloud.key.pub). Alternatively, you can give the key-pair a name that links it back to the person who created it, so others can easily tell who was the initial administrator of the instance. This is especially useful if one ends up adding other users.<br />
<br />
Your key pairs can be managed through the Red Cloud web interface by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Click the "Import Key Pair" button on that page. <br />
<br />
Enter a key pair name and paste your SSH public key into the corresponding fields.<br />
<br />
To paste your SSH public key (cloud.key.pub), first enter a terminal, and make sure you are in the directory that contains your public key. Then enter one of the following commands. Be sure to change the <tt>cloud.key</tt> part of the command to match the name you used when you created the key. The <tt>.pub</tt> should be included, because this indicates the '''pub'''lic part of the key pair. <br />
<br />
* Linux, macOS:<br />
cat cloud.key.pub<br />
<br />
* Windows:<br />
type cloud.key.pub<br />
<br />
<br />
Copy the output from that command and paste it into the corresponding field on OpenStack. Next, click "Import Key Pair" to close the dialogue.<br />
<br />
Now when you are launching your instance, in the Key-Pair section, select your imported key-pair for use in your instance.<br />
<br />
After you have launched your instance and are trying to access it, you will login using the following command, which uses the private key. Make sure you are in the directory where the private key is stored when using this command.<br />
<br />
ssh -i cloud.key <username>@<instance_ip><br />
<br />
The username may differ based on the image used to launch your instance (e.g., ubuntu on an Ubuntu instance) and the instance_ip is your instance's IP address, which can be found on the Instances page in OpenStack. You will then be prompted to enter in your passphrase to use your private key for this command.<br />
<br />
Also, it's possible to add more key-pairs after using this one to log in, for your account or others, because you can always just add more public keys to ~/.ssh/authorized_keys. Instructions for adding a public key to the authorized_keys file is covered in the [[Linux Tutorial]].<br />
<br />
A passphrase-protected key pair is generally used if you want to have open security group access. If, for example, all of your collaborators are from Cornell University, you can lock down the security group to only Cornell-associated IP addresses. If some collaborators are not from Cornell, then it may be better to have open access to your security group, while using passphrase-protected SSH keys.<br />
<br />
=== Create a Key Pair Without a Passphrase (with OpenStack) ===<br />
<br />
This section is only useful if you plan to use key pairs without a passphrase, which should only be used when you have sufficient security measures in your security group that limit IP addresses that can access the instance. <br />
<br />
Your key pairs can be managed through the ''Red Cloud web interface'' (shown below) by selecting the "Compute" tab [1] and then selecting the "Key Pairs" sub-tab [2]. This will display a list of your current key pairs as well as buttons for creating, importing or deleting key pairs. Begin by clicking "Create Key Pair" [3], which raises a simple wizard dialog.<br />
<br />
<br />
[[File:KeyPairList.png|border]]<br /><br />
<small>Figure: The Red Cloud web interface.</small><br />
<br />
<br />
In the ''Create Key Pair dialog'', enter a unique and meaningful name for the key pair [1] and then click "Create Keypair" [2]. Note that if the name you entered is invalid, the error message will be displayed in the underlying "Key Pairs" web page. The text for your private key is then displayed in the wizard. '''It is critical that you copy this text, either by selecting all of the text in the display and using a hot key or context menu item to copy it to the clipboard, or by clicking the "Copy Private Key to Clipboard" button [3].''' '''''This will be your only chance to copy the text, so do not forget to do so.''''' When you have copied it, click "Done" [4] to close the wizard. The newly created key pair will now be shown in the list. It can be deleted using the button on the right of its entry, and clicking on the key pair's name will show more information about it, including its public key.<br />
<br />
<br />
[[File:KeyPairWizard.png|border]]<br /><br />
<small>Figure: The Create Key Pair dialog.</small><br />
<br />
<br />
You now '''must save the private key that you copied''' to your computer's clipboard into a file having the ".pem" extension. If you save the file with any other extension, you may not get the correct formatting. The file you saved the private key to must also be in plain text format. <br />
<br />
After copying the private key, open any simple text editor, but not a word processing app like Word. On Windows that could be Notepad, on Mac it could be TextEdit, and on Linux that could be any text editor you have installed, like gedit. <br />
<br />
If you use TextEdit, the default format is RTF (Rich Text Format), not plain text. You need to change the format to plain text first (under the "Format" menu) in order to have it saved correctly.<br />
<br />
Next, open a new text file, and paste the private key text into the new file. Make sure to paste all the text you copied from the private key dialogue from Red Cloud. The text you paste should include <code>BEGIN RSA PRIVATE KEY</code> and <code>END RSA PRIVATE KEY</code>, and the accompanying dashes.<br />
<br />
Next, save the file as <code><key name>.pem</code>, where <code><key name></code> is your key name, in an easily accessible directory. Make sure to have only a .pem extension on the saved file, without any extra .txt or such extensions.<br />
<br />
Lastly, if you are on Mac or Linux, make sure to set the file to the appropriate permissions. Open a terminal to access the directory with your saved key file, and enter <code>chmod 600 <key name>.pem</code> to change the permissions.<br />
<br />
The once the key is saved you can [[#Use_Your_Key_Pair_to_Connect_to_a_Linux_Instance|connect to a Linux instance]] or [[#Use_your_Key_Pair_to_Connect_to_a_Windows_Instance|retrieve the administrator account password for a Windows instance]].<br />
<br />
=== Change the Passphrase on a Key Pair ===<br />
If needed, you can use ssh-keygen in a terminal program for your operating system (for example: Terminal, Command Prompt, or Powershell). Windows 10 and above includes ssh-keygen preinstalled. <br />
<br />
Enter the following command at the prompt, replacing path/to/private.key with the correct path to the private key on your computer. Follow the prompts. To remove the passphrase, leave the new passphrase empty when prompted. <br />
<br />
<code>ssh-keygen -p -f path/to/private.key</code><br />
<br />
Repeat this process after you have connected to the Windows instance to set a new passphrase to protect your keypair.<br />
<br />
== Import a Key Pair ==<br />
<br />
If you already have an SSH key pair that you would like to use with Red Cloud, you can import it rather than creating a new one. To do so, click the "Import Key Pair" button [1] on the Key Pairs page. This brings up a dialog for creating a key pair.<br />
<br />
<br />
[[File:KeyPairImport.png|border]]<br /><br />
<small>Figure: The Key Pairs section of the web interface.</small><br />
<br />
<br />
The Import Key Pair dialog contains some detailed instruction for generating key pairs on your computer. Using either an existing key or one that you generate by following those instructions, enter a unique and meaningful name for the key pair [1] and paste the entire text from its public key into the provided space [2]. This public key text should begin with "ssh-rsa" and end with a name, with a long string of letters and numbers in between. When you have entered those two values, click "Import Key Pair" [3]. They key pair will be imported and will appear in the Key Pairs list.<br />
<br />
<br />
[[File:KeyPairImportDialog.png|border]]<br /><br />
<small>Figure: The Import Key Pair dialog.</small><br />
<br />
== Select a Key Pair When Creating an Instance ==<br />
<br />
During the process of creating an instance you have the opportunity to assign a key pair to the new instances. This happens in the Key Pair tab [1] of the Launch Instance dialog. If you have not previously created or imported a key pair into your project, you can do so here [2]. If you would like to use one of the existing key pairs in the project, click the up arrow button in the list of existing key pairs [3].<br />
<br />
[[File:KeyPairSelection.png|border]]<br />
<br />
== Use Your Key Pair to Connect to a Windows Instance ==<br />
<br />
To log on to a [[Red Cloud Windows Instances|Windows instance]] for the [[Red_Cloud_Windows_Instances#To_Do_On_First_Login|first time]] you will need to use the "admin" account and a password that you can retrieve through the web interface by providing your private key. Under the "Compute" tab and the "Instances" sub-tab, find your Windows instance in the list. With the instance running, open the menu on the right side of its list entry and select the "Retrieve Password" option. This will display a dialog box where you can enter your private key.<br />
<br />
[[File:KeyPairWindows.png|border]]<br />
<br />
The dialog displays the name of the key pair that was assigned when the instance was created, along with the public part of the key pair. You need to provide the private key (in "pem" format) by either choosing a file that contains it [1] or by pasting the text of the private key (including the header and footer) into the space provided [2]. Once the private key is entered, click the "Decrypt Password" button [3]. If the key does not match, an error message will be displayed in the background web page. If the key matches, a password for the "admin" user will be displayed [4]. Copy this password into your computer's clipboard and supply it when logging into your Windows instance using the Remote Desktop application.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].<br />
<br />
== Use Your Key Pair to Connect to a Linux Instance ==<br />
<br />
If you specified a key pair when creating a [[Red Cloud Linux Instances|Linux instance]], the key pair's public key was installed into the initial user account on the instance. When [[Red_Cloud_Linux_Instances#Accessing_Instances|connecting to the instance using the SSH command]], you can pass the corresponding private key to establish a secure connection without need for a password. <br />
<br />
'''You must log in to your instance using the correct initial username:'''<br />
* For CentOS 7, the username is <tt>centos</tt>,<br />
* For CentOS 8, the username is <tt>cloud-user</tt><br />
* For Ubuntu, the username is <tt>ubuntu</tt>.<br />
<br />
The following example of the SSH command syntax is for a private key stored in the file "my_key_rsa" and a CentOS system where the initial account is named "centos".<br />
<br />
ssh -i my_key_rsa centos@128.84.8.1<br />
<br />
For more information, see the section on [[Red_Cloud_Linux_Instances#Accessing_Instances|Accessing Instances]] including some [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting tips]]. If you would like to connect to a Linux instance using the [[https://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY]] application, you will first need to convert your private key from the "pem" format to PuTTY's "ppk" format using the '''puttygen''' tool that is installed with PuTTY.<br />
<br />
For more information, see the section on [[Red_Cloud_Windows_Instances#Accessing_Instances|Accessing Instances]].</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Mainpage&diff=3958Mainpage2022-09-14T14:32:08Z<p>Cjc73: </p>
<hr />
<div><html><br />
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css"><br />
<table role="presentation" style="border:0; margin: 0;" width="100%" cellspacing="10"><br />
<tr> <br />
<td valign="top" id="mainpage_opportunitiescell"><br />
<h1 class="mainpage_boxtitle">WELCOME TO CAC SUPPORT</h1><br />
<br />
<br />
<div class="mainpage_boxcontents_small"><br />
<p>This wiki provides Cornell University Center for Advanced Computing <a href="/">(CAC)</a> users with user documentation and other kinds of support information. If you're not a current user and would like to become one, visit <a href="/services/projects.aspx">how to start a project</a>. If you are a PI, visit <a href="/services/projects/manage.aspx">how to manage your current project</a>. Please remember to <a href="/wiki/index.php?title=Acknowledging_CAC">acknowledge CAC support</a> in your publications.</p><br />
</div><br />
</td><br />
</tr><br />
</table><br />
<br />
<br />
<table role="presentation" style="border:0; margin: 0;" width="100%" cellspacing="10"><br />
<tr><br />
<td valign="top" class="mainpage_hubbox"><br />
<br />
<div class="col-sm-4 panel-item"><br />
<a class="panel panel-circle-contrast" href="/wiki/index.php?title=Special:Search"><br />
<div class="panel-icon"><br />
<i class="fa fa-info-circle fa-5x"></i><br />
</div><br />
<div class="panel-body text-center"><br />
<h4 class="panel-title">Search support</h4><br />
<p>Search CAC support site.</p><br />
</div><br />
</a><br />
</div><br />
</td><br />
<td valign="top" class="mainpage_hubbox"><br />
<br />
<div class="col-sm-4 panel-item"><br />
<a class="panel panel-circle-contrast" href="//rt.cac.cornell.edu/index.html"><br />
<div class="panel-icon"><br />
<i class="fa fa-question-circle fa-5x"></i><br />
</div><br />
<div class="panel-body text-center"><br />
<h4 class="panel-title">Contact support</h4><br />
<p>Submit a ticket or call 607-254-8691.</p><br />
</div><br />
</a><br />
</div><br />
</td> <br />
<td valign="top" class="mainpage_hubbox"><br />
<br />
<br />
<div class="col-sm-4 panel-item"><br />
<a class="panel panel-circle-contrast" href="/datafeed/status.aspx"><br />
<div class="panel-icon"><br />
<i class="fa fa-check-circle fa-5x"></i><br />
</div><br />
<div class="panel-body text-center"><br />
<h4 class="panel-title">Check operating status</h4><br />
<p>Plan ahead for CAC infrastructure downtimes.</p><br />
</div><br />
</a><br />
</div><br />
</td> <br />
</tr><br />
</table><br />
<br />
<br />
<table role="presentation" style="border:0; margin: 0;" width="100%" cellspacing="10"><br />
<tr><br />
<br />
<!-- POUR LA PREMIERE COLONNE: USER DOCUMENTATION --><br />
<td valign="top" id="mainpage_opportunitiescell"><br />
<div class="mainpage_boxtitle">USER DOCUMENTATION</div><br />
<div class="mainpage_boxcontents_small"><br />
<ul><br />
<li><a href="/wiki/index.php?title=Red_Cloud" >Red Cloud</a><span> - on-demand cloud services</span></li><br />
<li><a href="/wiki/index.php?title=GPUs_in_Red_Cloud" >GPUs in Red Cloud</a></li><br />
<li><a href="/wiki/index.php?title=Archival_Storage" >Archival Storage</a><span> - how to use and</span><a href="/wiki/index.php?title=Syncing_to_Archival_Storage"> sync directories</a> <span> to CAC Archival Storage</span> </li><br />
<li><a href="/wiki/index.php?title=Private_Clusters"> Private Clusters</a> <span> - maintained by CAC </span></li><br />
<li><a href="/wiki/index.php?title=Getting_Started_on_Private_Clusters">Getting Started on Private Clusters</a><span> - password rules, home directories, and more</span></li><br />
<li><a href="/wiki/index.php?title=File_Transfer_using_Globus">File Transfer using Globus</a><span> - high speed file transfers to/from CAC</span></li><br />
<li><a href="/wiki/index.php?title=MATLAB_Parallel_Server_in_Red_Cloud">MATLAB Parallel Server in Red Cloud</a></li><br />
</ul><br />
</div><br />
</td><br />
<br />
<!-- TRAINING & EDUCATION --><br />
<td valign="top" id="mainpage_opportunitiescell"><br />
<div class="mainpage_boxtitle">TRAINING & EDUCATION</div><br />
<div class="mainpage_boxcontents_small"><br />
<ul><br />
<li><a href="https://www.youtube.com/channel/UCVPGMVWhp3sqWZFU5NntjTA">CAC YouTube</a> - Red Cloud how-to videos, webinars, and more</span></li><br />
<li><a href="/education/Default.aspx"> CAC Education and Outreach</a> <span> - overview </span></li><br />
<li><a href="https://cvw.cac.cornell.edu/topics/">Cornell Virtual Workshop</a><span> - online training </span></li><br />
<li><a href="https://cornell-scan.github.io/" >SCAN</a><span> - Scientific Computing and Numerics seminar</span></li><br />
<li><a href="http://www.cse.cornell.edu/">Program in Computational Science and Engineering</a></li><br />
<li><a href="https://www.cac.cornell.edu/education/training.aspx">CAC Events</a></li><br />
</ul><br />
</div><br />
</td><br />
<br />
<br />
</tr><br />
</table><br />
<br />
</html></div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Mainpage&diff=3887Mainpage2022-07-01T13:14:45Z<p>Cjc73: Update link to SCAN</p>
<hr />
<div><html><br />
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css"><br />
<table role="presentation" style="border:0; margin: 0;" width="100%" cellspacing="10"><br />
<tr> <br />
<td valign="top" id="mainpage_opportunitiescell"><br />
<h1 class="mainpage_boxtitle">WELCOME TO CAC SUPPORT</h1><br />
<br />
<br />
<div class="mainpage_boxcontents_small"><br />
<p>This wiki provides Cornell University Center for Advanced Computing <a href="/">(CAC)</a> users with user documentation and other kinds of support information. If you're not a current user and would like to become one, visit <a href="/services/projects.aspx">how to start a project</a>. If you are a PI, visit <a href="/services/projects/manage.aspx">how to manage your current project</a>. Please remember to <a href="/wiki/index.php?title=Acknowledging_CAC">acknowledge CAC support</a> in your publications.</p><br />
</div><br />
</td><br />
</tr><br />
</table><br />
<br />
<br />
<table role="presentation" style="border:0; margin: 0;" width="100%" cellspacing="10"><br />
<tr><br />
<td valign="top" class="mainpage_hubbox"><br />
<br />
<div class="col-sm-4 panel-item"><br />
<a class="panel panel-circle-contrast" href="/wiki/index.php?title=Special:Search"><br />
<div class="panel-icon"><br />
<i class="fa fa-info-circle fa-5x"></i><br />
</div><br />
<div class="panel-body text-center"><br />
<h4 class="panel-title">Search support</h4><br />
<p>Search CAC support site.</p><br />
</div><br />
</a><br />
</div><br />
</td><br />
<td valign="top" class="mainpage_hubbox"><br />
<br />
<div class="col-sm-4 panel-item"><br />
<a class="panel panel-circle-contrast" href="//rt.cac.cornell.edu/index.html"><br />
<div class="panel-icon"><br />
<i class="fa fa-question-circle fa-5x"></i><br />
</div><br />
<div class="panel-body text-center"><br />
<h4 class="panel-title">Contact support</h4><br />
<p>Submit a ticket or call 607-254-8691.</p><br />
</div><br />
</a><br />
</div><br />
</td> <br />
<td valign="top" class="mainpage_hubbox"><br />
<br />
<br />
<div class="col-sm-4 panel-item"><br />
<a class="panel panel-circle-contrast" href="/datafeed/status.aspx"><br />
<div class="panel-icon"><br />
<i class="fa fa-check-circle fa-5x"></i><br />
</div><br />
<div class="panel-body text-center"><br />
<h4 class="panel-title">Check operating status</h4><br />
<p>Plan ahead for CAC infrastructure downtimes.</p><br />
</div><br />
</a><br />
</div><br />
</td> <br />
</tr><br />
</table><br />
<br />
<br />
<table role="presentation" style="border:0; margin: 0;" width="100%" cellspacing="10"><br />
<tr><br />
<br />
<!-- POUR LA PREMIERE COLONNE: USER DOCUMENTATION --><br />
<td valign="top" id="mainpage_opportunitiescell"><br />
<div class="mainpage_boxtitle">USER DOCUMENTATION</div><br />
<div class="mainpage_boxcontents_small"><br />
<ul><br />
<li><a href="/wiki/index.php?title=Red_Cloud" >Red Cloud</a><span> - on-demand cloud services</span></li><br />
<li><a href="/wiki/index.php?title=GPUs_in_Red_Cloud" >GPUs in Red Cloud</a></li><br />
<li><a href="/wiki/index.php?title=Archival_Storage" >Archival Storage</a><span> - how to use and</span><a href="/wiki/index.php?title=Syncing_to_Archival_Storage"> sync directories</a> <span> to CAC Archival Storage</span> </li><br />
<li><a href="/wiki/index.php?title=Private_Clusters"> Private Clusters</a> <span> - maintained by CAC </span></li><br />
<li><a href="/wiki/index.php?title=Getting_Started_on_Private_Clusters">Getting Started on Private Clusters</a><span> - password rules, home directories, and more</span></li><br />
<li><a href="/wiki/index.php?title=File_Transfer_using_Globus">File Transfer using Globus</a><span> - high speed file transfers to/from CAC</span></li><br />
<li><a href="/wiki/index.php?title=MATLAB_Parallel_Server_in_Red_Cloud">MATLAB Parallel Server in Red Cloud</a></li><br />
</ul><br />
</div><br />
</td><br />
<br />
<!-- TRAINING & EDUCATION --><br />
<td valign="top" id="mainpage_opportunitiescell"><br />
<div class="mainpage_boxtitle">TRAINING & EDUCATION</div><br />
<div class="mainpage_boxcontents_small"><br />
<ul><br />
<li><a href="https://www.youtube.com/channel/UCVPGMVWhp3sqWZFU5NntjTA">CAC YouTube</a> - Red Cloud how-to videos, webinars, and more</span></li><br />
<li><a href="/education/Default.aspx"> CAC Education and Outreach</a> <span> - overview </span></li><br />
<li><a href="https://portal.xsede.org/training/course-catalog" >XSEDE Training</a><span> - CAC is training lead (NSF program)</span></li><br />
<li><a href="https://cvw.cac.cornell.edu/topics/">Cornell Virtual Workshop</a><span> - online training </span></li><br />
<li><a href="https://cornell-scan.github.io/" >SCAN</a><span> - Scientific Computing and Numerics seminar</span></li><br />
<li><a href="http://www.cse.cornell.edu/">Program in Computational Science and Engineering</a></li><br />
<li><a href="https://www.cac.cornell.edu/education/training.aspx">CAC Events</a></li><br />
</ul><br />
</div><br />
</td><br />
<br />
<br />
</tr><br />
</table><br />
<br />
</html></div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3821Tips and tricks cjc732022-01-08T01:00:41Z<p>Cjc73: /* 2. Add shortcuts (alias and functions) to your shell profile */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i /mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
==== 1. Add your VM information to SSH config ====<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
==== 2. Add shortcuts (alias and functions) to your shell profile ====<br />
Next, edit your shell profile in nano to add a few commands. For recent versions of macOS, the shell profile is called <code>~/.zshrc</code>. If you still have bash as your main shell, try editing <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.zshrc<br />
</pre><br />
<br />
Use the nano editor to add entries like those shown in following two code cells, '''making the appropriate substitutions for netid42, IP address, and key file'''. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
# Add these lines to your shell profile, with appropriate substitutions:<br />
# shortcut to connect to server:<br />
alias myVM='ssh netid42@128.84.10.222'<br />
# shortcut to create an SSH tunnel<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
# Add this to your shell profile so you can use Chrome in app mode:<br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
==== 3. Activate your profile changes ====<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL). Jupyter will generate a random token each time it opens so be sure you are editing your URL and not this example:<br />
<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.<br />
<br />
<br />
== Jupyter lab extensions ==<br />
<br />
To enable extensions, choose the View > Activate Command Palette menu item and then type Enable Extension Manager and press return. Choose "enable" on the notification. Be sure to install only reputable extensions. <br />
<br />
<br />
# jupytext<br />
# jupyterlab_spellchecker<br />
# to be continued....</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3820Tips and tricks cjc732022-01-08T00:59:25Z<p>Cjc73: /* 3. Connect via a web browser */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i /mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
==== 1. Add your VM information to SSH config ====<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
==== 2. Add shortcuts (alias and functions) to your shell profile ====<br />
Next, edit your shell profile in nano to add a few commands. For recent versions of macOS, the shell profile is called <code>~/.zshrc</code>. If you still have bash as your main shell, try editing <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.zshrc<br />
</pre><br />
<br />
Use the nano editor to add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
# Add these lines to your shell profile, with appropriate substitutions:<br />
# shortcut to connect to server:<br />
alias myVM='ssh netid42@128.84.10.222'<br />
# shortcut to create an SSH tunnel<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
# Add this to your shell profile so you can use Chrome in app mode:<br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
==== 3. Activate your profile changes ====<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL). Jupyter will generate a random token each time it opens so be sure you are editing your URL and not this example:<br />
<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.<br />
<br />
<br />
== Jupyter lab extensions ==<br />
<br />
To enable extensions, choose the View > Activate Command Palette menu item and then type Enable Extension Manager and press return. Choose "enable" on the notification. Be sure to install only reputable extensions. <br />
<br />
<br />
# jupytext<br />
# jupyterlab_spellchecker<br />
# to be continued....</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3819Tips and tricks cjc732022-01-08T00:58:14Z<p>Cjc73: /* macOS client config for remote Jupyter access */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i /mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
==== 1. Add your VM information to SSH config ====<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
==== 2. Add shortcuts (alias and functions) to your shell profile ====<br />
Next, edit your shell profile in nano to add a few commands. For recent versions of macOS, the shell profile is called <code>~/.zshrc</code>. If you still have bash as your main shell, try editing <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.zshrc<br />
</pre><br />
<br />
Use the nano editor to add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
# Add these lines to your shell profile, with appropriate substitutions:<br />
# shortcut to connect to server:<br />
alias myVM='ssh netid42@128.84.10.222'<br />
# shortcut to create an SSH tunnel<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
# Add this to your shell profile so you can use Chrome in app mode:<br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
==== 3. Activate your profile changes ====<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL). Jupyter will generate a random token each time it opens so be sure you are editing your URL and not this example:<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.<br />
<br />
<br />
== Jupyter lab extensions ==<br />
<br />
To enable extensions, choose the View > Activate Command Palette menu item and then type Enable Extension Manager and press return. Choose "enable" on the notification. Be sure to install only reputable extensions. <br />
<br />
<br />
# jupytext<br />
# jupyterlab_spellchecker<br />
# to be continued....</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3818Tips and tricks cjc732022-01-08T00:57:03Z<p>Cjc73: /* macOS client config for remote Jupyter access */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i /mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
=== 1. Add your VM information to SSH config ===<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
=== 2. Add shortcuts (alias and functions) to your shell profile ===<br />
Next, edit your shell profile in nano to add a few commands. For recent versions of macOS, the shell profile is called <code>~/.zshrc</code>. If you still have bash as your main shell, try editing <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.zshrc<br />
</pre><br />
<br />
Use the nano editor to add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
# Add these lines to your shell profile, with appropriate substitutions:<br />
# shortcut to connect to server:<br />
alias myVM='ssh netid42@128.84.10.222'<br />
# shortcut to create an SSH tunnel<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
# Add this to your shell profile so you can use Chrome in app mode:<br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
=== 3. Activate your profile changes ===<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL). Jupyter will generate a random token each time it opens so be sure you are editing your URL and not this example:<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.<br />
<br />
<br />
== Jupyter lab extensions ==<br />
<br />
To enable extensions, choose the View > Activate Command Palette menu item and then type Enable Extension Manager and press return. Choose "enable" on the notification. Be sure to install only reputable extensions. <br />
<br />
<br />
# jupytext<br />
# jupyterlab_spellchecker<br />
# to be continued....</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3817Tips and tricks cjc732022-01-07T23:41:35Z<p>Cjc73: /* macOS client config for remote Jupyter access */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i /mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, edit your shell profile in nano to add a few commands. For recent versions of macOS, the shell profile is called <code>~/.zshrc</code>. If you still have bash as your main shell, try editing <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.zshrc<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL). Jupyter will generate a random token each time it opens so be sure you are editing your URL and not this example:<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.<br />
<br />
<br />
== Jupyter lab extensions ==<br />
<br />
To enable extensions, choose the View > Activate Command Palette menu item and then type Enable Extension Manager and press return. Choose "enable" on the notification. Be sure to install only reputable extensions. <br />
<br />
<br />
# jupytext<br />
# jupyterlab_spellchecker<br />
# to be continued....</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3816Tips and tricks cjc732022-01-07T23:37:22Z<p>Cjc73: /* macOS client config for remote Jupyter access */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i /mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.zshrc<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL). Jupyter will generate a random token each time it opens so be sure you are editing your URL and not this example:<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.<br />
<br />
<br />
== Jupyter lab extensions ==<br />
<br />
To enable extensions, choose the View > Activate Command Palette menu item and then type Enable Extension Manager and press return. Choose "enable" on the notification. Be sure to install only reputable extensions. <br />
<br />
<br />
# jupytext<br />
# jupyterlab_spellchecker<br />
# to be continued....</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3815Tips and tricks cjc732022-01-07T22:11:12Z<p>Cjc73: /* 3. Connect via a web browser */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i /mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL). Jupyter will generate a random token each time it opens so be sure you are editing your URL and not this example:<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.<br />
<br />
<br />
== Jupyter lab extensions ==<br />
<br />
To enable extensions, choose the View > Activate Command Palette menu item and then type Enable Extension Manager and press return. Choose "enable" on the notification. Be sure to install only reputable extensions. <br />
<br />
<br />
# jupytext<br />
# jupyterlab_spellchecker<br />
# to be continued....</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3814Tips and tricks cjc732022-01-07T21:58:06Z<p>Cjc73: </p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i /mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL):<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.<br />
<br />
<br />
== Jupyter lab extensions ==<br />
<br />
To enable extensions, choose the View > Activate Command Palette menu item and then type Enable Extension Manager and press return. Choose "enable" on the notification. Be sure to install only reputable extensions. <br />
<br />
<br />
# jupytext<br />
# jupyterlab_spellchecker<br />
# to be continued....</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3813Tips and tricks cjc732022-01-07T21:52:52Z<p>Cjc73: /* Prevent accidental writes to mount point folders */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i /mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL):<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.<br />
<br />
<!--<br />
== ==<br />
--></div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3812Tips and tricks cjc732022-01-07T21:52:05Z<p>Cjc73: </p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL):<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.<br />
<br />
<!--<br />
== ==<br />
--></div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3811Tips and tricks cjc732022-01-07T21:49:44Z<p>Cjc73: /* Connecting to Jupyter Lab with a configured client */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
=== Starting the notebook server ===<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
==== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ====<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
==== 2. Use a local terminal to set up ssh port forwarding ====<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
==== 3. Connect via a web browser ====<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL):<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.<br />
<br />
=== Reconnecting to the running server ===<br />
<br />
Since the jupyter server is running in a <code>screen</code> session, it will stay running when you disconnect. To reconnect, you only need to re-establish the local port forwarding (step 2). If you closed your local browser window, you will also need to reopen the browser (step 3). If jupyter is still loaded in the browser it might reconnect automatically once port forwarding is re-established, otherwise, select "Reconnect to Kernel" from the Kernel menu in the Jupyter web interface.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3810Tips and tricks cjc732022-01-07T18:36:33Z<p>Cjc73: </p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
<br />
== Connecting to Jupyter Lab with a configured client ==<br />
<br />
Once the above configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
=== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ===<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
=== 2. Use a local terminal to set up ssh port forwarding ===<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
=== 3. Connect via a web browser ===<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL):<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3809Tips and tricks cjc732022-01-07T18:05:34Z<p>Cjc73: /* 3. Connect via a web browser */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
Once this configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
=== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ===<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
=== 2. Use a local terminal to set up ssh port forwarding ===<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
=== 3. Connect via a web browser ===<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL):<br />
Edit<br />
<pre>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
to <br />
<pre>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</pre><br />
and paste into a web browser.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3808Tips and tricks cjc732022-01-07T18:04:40Z<p>Cjc73: /* 1. Connect via SSH, launch screen, and then launch jupyter */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
Once this configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
=== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ===<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example, the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
=== 2. Use a local terminal to set up ssh port forwarding ===<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote and local ports. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below, substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type Ctrl-C to stop the forwarding.<br />
<br />
=== 3. Connect via a web browser ===<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL):<br />
Edit<br />
<code>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</code><br />
to <br />
<code>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</code><br />
and paste into a web browser.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3807Tips and tricks cjc732022-01-07T18:02:45Z<p>Cjc73: /* macOS client config */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config for remote Jupyter access ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote Jupyter work more streamlined. In this section, we configure ssh and create three commands to manage the Jupyter connection via ssh.<br />
<br />
Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" you want to connect to. If you have multiple VMs, you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens, add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following three lines, making the appropriate substitutions for netid42, IP address, and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
To make the changes active, close and reopen Terminal.app or run the following command in each active local Terminal.<br />
<pre><br />
source ~/.zshrc<br />
</pre><br />
<br />
Once this configuration is in place, launching and connecting to jupyter on the vm takes three steps:<br />
<br />
=== 1. Connect via SSH, launch <code>screen</code>, and then launch jupyter ===<br />
<br />
# Open a terminal and enter the command to connect to your VM. In the example above, the command is named "myVM". Substitute the name you chose.<br />
<br />
<pre><br />
% myVM<br />
</pre><br />
<br />
Once connected to the VM, enter the following via SSH (choose something descriptive in place of "myproject", but do not use spaces or special characters):<br />
<pre><br />
% screen -DR myproject<br />
</pre><br />
(screen will open)<br />
Now change directory (cd) to the project folder and launch jupyter. Substitue the correct path to your project in place of "/project/directory/".<br />
<pre><br />
% cd /project/directory/<br />
% jupyter lab --no-browser<br />
</pre><br />
<br />
Jupyter will launch and print some output to the terminal screen. The last lines will be similar to:<br />
<br />
<pre><br />
Or copy and paste one of these URLs:<br />
http://localhost:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
or http://127.0.0.1:8888/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
<pre><br />
<br />
The 4 to 5 numbers following <code>http://localhost:</code> in the first URL are the remote port number. In this example the remote port number is 8888. Note the remote port number and substitute this value in place of RRRR in the commands below.<br />
<br />
The token is the alphanumeric string after <code>token=</code>. Copy this value to your system clipboard. <br />
<br />
=== 2. Use a local terminal to set up ssh port forwarding ===<br />
<br />
In a local terminal (not SSH-ed into the VM), set up the port forwarding between the remote port and a local port. If you don't have jupyter lab running locally, you can choose 8888 as the local port number. Otherwise, any open port will work (if it is not open, the command below will generate an error to that effect). Local ports in the 8888 - 8899 range tend to work well on macOS. In the command below substitute the local port number in place of the LLLL and the remote port number from the step above in place of RRRR. <br />
(If you choose a different name for your <code>myVM_nb</code> command, substitute it below.)<br />
<br />
<pre><br />
% myVM_nb LLLL RRRR<br />
</pre><br />
<br />
If this command is successful, the cursor will move to the start of the next line and no messages will print. As long as this command is running, the ssh port forwarding will be enabled. Later, type ctrl-C to stop the forwarding. <br />
<br />
=== 3. Connect via a web browser ===<br />
<br />
Finally, connect your web browser to the local port. <br />
To use Chrome's app mode, use the command we defined earlier:<br />
<pre><br />
% lab_appp LLLL <paste token here><br />
</pre><br />
For example, a complete command might look like:<br />
<pre><br />
% lab_appp 8889 c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f<br />
</pre><br />
<br />
Chrome will open in app mode and load jupyter from the VM via the ssh tunnel. It may prompt you to enter the token once more. If so, simply paste the token into the dialog. <br />
<br />
Alternatively, you can edit the url from jupyter to open in any browser by replacing the remote port (RRRR) with the local port number (LLLL):<br />
Edit<br />
<code>http://127.0.0.1:RRRR/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</code><br />
to <br />
<code>http://127.0.0.1:LLLL/lab?token=c23ab79e182775d3b987b74b7c52a358aa8c38493d42ee1f</code><br />
and paste into a web browser.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3806Tips and tricks cjc732022-01-07T17:12:45Z<p>Cjc73: /* macOS client config */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote work more streamlined. Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" that you want to connect to. If you have multiple VMs you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc</code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following 3 lines, making the appropriate substitutions for netid42, IP address and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3805Tips and tricks cjc732022-01-07T17:06:00Z<p>Cjc73: /* Prevent accidental writes to mount point folders */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
<code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote work more streamlined. Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" that you want to connect to. If you have multiple VMs you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc<code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following 3 lines, making the appropriate substitutions for netid42, IP address and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3804Tips and tricks cjc732022-01-07T17:04:27Z<p>Cjc73: </p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
# <code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config ==<br />
<br />
You can set up configuration files, aliases, and functions to make remote work more streamlined. Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" that you want to connect to. If you have multiple VMs you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next, add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc<code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following 3 lines, making the appropriate substitutions for netid42, IP address and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). If your VM address changes in the future, be sure to update these entries. <br />
<br />
<pre><br />
alias myVM='ssh netid42@128.84.10.222'<br />
myVM_nb() { ssh -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3803Tips and tricks cjc732022-01-07T16:28:12Z<p>Cjc73: </p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
# <code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
% nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.<br />
<br />
<br />
<br />
== macOS client config ==<br />
<br />
I like to set up configuration files, aliases, and functions to make remote work more streamlined. Note, the <code>%</code> at the start of a line indicates that the rest of the text is a command to be entered in the command line (Terminal.app or iTerm). The <code>%</code> is not part of the command. The term "VM" means "the Red Cloud virtual machine instance" that you want to connect to. If you have multiple VMs you can make additional entries. <br />
<br />
The examples in this section assume:<br />
# your VM username is <code>netid42</code><br />
# your SSH/Cloud key-pair is in <code>~/.ssh/id_rsa4096</code><br />
# your VM IP address is 128.84.YY.XXX <br />
# Google Chrome is installed in your /Applications folder (for app mode, optional)<br />
<br />
<br />
First edit or create <code>~/.ssh/config</code>. In Terminal.app enter the following to open the ssh config file in the nano text editor. Use the arrow keys to move the cursor as needed. <br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Once nano opens add an entry like the following:<br />
<br />
<pre><br />
Host 128.84.YY.XXX # your VM IP <br />
User netid42 # your user name on the VM <br />
IdentityFile ~/.ssh/id_rsa4096 # the path to your ssh key file<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.<br />
<br />
Next add an alias to your shell profile. For recent versions of macOS, this is in a file called <code>~/.zshrc<code>. If you still have bash as your main shell, try <code>~/.bash_profile</code>.<br />
<br />
<pre><br />
% nano ~/.ssh/config<br />
</pre><br />
<br />
Add entries like the following 3 lines, making the appropriate substitutions for netid42, IP address and key file. Replace "myVM" with any short name you would like to use as the alias name (no spaces or special characters). <br />
<br />
<pre><br />
alias myVM='ssh -i /Users/netid42/.ssh/id_rsa4096 netid42@128.84.10.222'<br />
myVM_nb() { ssh -i /Users/netid42/.ssh/id_rsa4096 -N -L "$1":localhost:"$2" netid42@128.84.YY.XXX; }<br />
</pre><br />
<br />
Optionally, add this line to enable opening jupyter lab in Chrome's "app mode". It presents a less cluttered browser window. No changes are needed unless Chrome is not installed in the Applications folder.<br />
<pre><br />
lab_appp() { /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --app="http://localhost:""$1""/?token=""$2"";"; }<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Red_Cloud_Linux_Instances&diff=3802Red Cloud Linux Instances2022-01-06T01:25:52Z<p>Cjc73: /* Initialize and Mount a Volume */ add sudo to commands for users that dont see the note. change vin to nano</p>
<hr />
<div>Linux Instances can be created and maintained on [[Red_Cloud|Red Cloud]] using the [https://redcloud.cac.cornell.edu OpenStack Web Interface]. This documentation assumes a basic understanding of [[OpenStack]], so please review that page as needed. If you are '''new to Linux''', you may want to read the [[Linux Tutorial]] first. It is also a good idea to be familiar with the [[Linux Tutorial]] if you have not previously done '''Linux system administration''', which is an assumed prerequisite to managing Linux Instances. Additionally, you may find the [https://cvw.cac.cornell.edu/Linux/ Introduction to Linux] topic on the [https://cvw.cac.cornell.edu/topics Cornell Virtual Workshop] helpful.<br />
<br />
__TOC__<br />
<br />
== Creating a New Linux Instance ==<br />
<br />
You can boot an instance with most modern Linux distributions. Currently Red Cloud offers pre-made VM images running the following Linux distributions:<br />
<br />
:* Red Hat Enterprise Linux-based distributions:<br />
:** CentOS 7<br />
:** Rocky Linux 8: [[ How To Migrate Existing Hosts from CentOS to Rocky Linux 8 ]]<br />
:* Ubuntu (including [https://wiki.ubuntu.com/LTS LTS])<br />
<br />
=== Steps ===<br />
# Log in to the [https://redcloud.cac.cornell.edu OpenStack Web Interface] (check out [[OpenStack#Logging_In|how to log in]] if you need to)<br />
# If you have not already, [[OpenStack Key Pairs#Creating_a_Passphrase-Protected_Key_Pair_(Recommended)|create a key pair]]<br />
# If you have not already, [[OpenStack Security Groups#Creating a Security Group|create a security group]]. Note that your security group should include the inbound SSH rule so you can connect to it.<br />
# '''Optional:''' [[Networks#Private Networks|Set up a Private Network]]<br />
# Select <tt>Launch Instance</tt> from the [https://redcloud.cac.cornell.edu/dashboard/project/instances/ Instances] page<br />
# Follow the instructions about [[OpenStack#Launch an Instance|launching a new instance]], and select one of the a CentOS or Ubuntu [[Images|images]] under the <tt>Source</tt> tab<br />
# '''Optional:''' [[Volumes#Create and Attach a Volume|Create and attach a Volume]]<br />
# '''Optional:''' [[Networks#Floating IP Addresses|Associate a Floating IP address]]<br />
<br />
Now that you have created and launched an instance, your next steps will be to [[#Accessing_Instances|connect to it]] and set up a new user account. See the [[Linux_Tutorial#Initial_User_Setup_2|CentOS steps]] or [[Linux_Tutorial#Initial_User_Setup|Ubuntu steps]] for more information on how to set up a new user, update, and install software for each distribution.<br />
<br />
== Accessing Instances ==<br />
<br />
First, establish access to your instance using [[Connect_to_Linux#Using_Secure_Shell|Secure Shell (ssh)]], possibly including [[Connect_to_Linux#Using_X-Windows|X Windows]] for remote graphical display. If you are at all unfamiliar with Linux, we recommend following the [[Linux Tutorial]]. If you would like to have a desktop environment (not available by default for Linux instances), then you may want to follow the steps for [[XFCE Desktop on CentOS]]. Establishing an SSH connection is a prerequisite for creating a Linux desktop environment such as XFCE.<br />
<br />
=== Secure Shell (SSH) ===<br />
<br />
The main requirements for logging in to your instance using secure shell are:<br />
:* The [[OpenStack Security Groups|security group]] for your instance must permit SSH connections (TCP port 22) from your current IP address.<br />
<br />
:* You must use the private key that matches the public key in the [[OpenStack Key Pairs|key pair]] you specified when launching the instance.<br />
<br />
:* You must log in to your instance using the correct initial username:<br />
:** For CentOS 7, the username is <tt>centos</tt>,<br />
:** For CentOS 8, the username is <tt>cloud-user</tt>, and<br />
:** For Ubuntu, it is <tt>ubuntu</tt>.<br />
<br />
To log in through SSH, specify the key pair file (for example <tt>my_key.pem</tt>),<br />
username and IP address as follows:<br />
<br />
ssh -i my_key.pem <username>@<IP address of your instance><br />
<br />
For more information on how to use SSH, see the [[Connect to Linux]] page.<br />
<br />
Note: Transferring files can also be done over <code>ssh</code>. See the <code>scp</code> and <code>sftp</code> commands, or programs like [//winscp.net/eng/index.php WinSCP] and [//apple.stackexchange.com/questions/25661/whats-a-good-graphical-sftp-utility-for-os-x similar software for Mac OS X].<br />
<br />
==== Troubleshooting ====<br />
<br />
There are several common error messages you may see when trying to access your Linux instance using SSH.<br />
These are the most likely causes for each common message.<br />
<br />
:* '''"Connection timed out"''' means that your SSH command can't communicate at all with the instance.<br />
:** Note: It may take a while for the connection time out to occur, so it may seem that the system is not responding at all initially. However, this is still likely a "Connection timed out" error.<br />
:** Has the instance been started? Check the instance's console in the [[OpenStack|OpenStack Web Interface]]. Did the instance boot successfully?<br />
:** Do the [[OpenStack Security Groups|security group's]] rules allow incoming ssh connections (TCP port 22) from ''an address range (CIDR) that includes your current IP address''? Double check that you followed the [[OpenStack Security Groups|instructions for security groups]].<br />
:** Remember, if you are not on campus but the security group is configured for ingress from 10.0.0.0/8 and 128.84.32.0/22, you would need to be connected to the [https://it.cornell.edu/cuvpn Cornell VPN] in order to SSH into the instance.<br />
:** Is your instance on the [[Networks#Public Network|public network]]? If not, does it have an associated [[Networks#Floating IP Addresses|floating IP address]] and are you using the correct address?<br />
:** Here is a tool for finding your current [https://whatsmyip.com IP address]. There are also port connection tools like ping and telnet you can use for troubleshooting. (To use ping, make sure your security group has the "ALL ICMP" rule enabled for an address range that includes your current IP.)<br />
<br />
:* An error like '''"Permissions <4-digits> for <key-file-name> are too open"''' means you can reach the instance, but your private key file has improper permissions.<br />
:** Make sure your private key file is saved as a ".pem" extension and that it has the proper permissions: <p><code>chmod 600 <key name>.pem</code></p><br />
<br />
:* '''"Permission denied (<some details>)"''' means that the combination of the username and SSH key you are providing are not correct for this instance.<br />
:** Make sure you are using the correct username:<br />
:*** If you are using Ubuntu, did you login as the '''ubuntu''' user? For more information on that, see the [[Linux_Tutorial#The_.22ubuntu.22_User|Linux Tutorial]].<br />
:*** If you are using CentOS 7, did you login as the '''centos''' user?<br />
:*** If you are using CentOS 8, did you login as the '''cloud-user''' user?<br />
:*** If you are using a CentOS MATLAB instance, did you login as the '''root''' user?<br />
:** Did you [[OpenStack_Key_Pairs#Creating_a_Key_Pair|create a key pair]] and make sure to [[OpenStack_Key_Pairs#Selecting_a_Key_Pair_When_Creating_an_Instance|select it when creating the instance]]?<br />
:** Are you supplying your key pair in the command? See the [[#Secure_Shell_.28SSH.29|SSH]] instructions above for an example.<br />
:* If you get an '''unexpected password prompt''':<br />
:** Did you use the correct user name? See suggestions above.<br />
:** Make sure your private key matches the public key of the [[OpenStack Key Pairs|key pair]]. <br />
:**# On your computer, run: <code>ssh-keygen -y -f <private key file></code><br />
:**# Confirm that the output matches the public key on Red Cloud at [https://redcloud.cac.cornell.edu/dashboard/project/key_pairs https://redcloud.cac.cornell.edu/dashboard/project/key_pairs]/<your keypair name>.<br />
<br />
=== VNC with XFCE Desktop ===<br />
<br />
In case you would prefer a desktop environment over a command-line, your Linux instance needs to have a VNC (Virtual Network Computing) server and a desktop environment installed on it. Red Cloud's "gpu-accelerated" images come with the TigerVNC server preinstalled, as well as the [https://xfce.org/ XFCE Desktop Environment], making it relatively easy to use a VNC client to connect to a Linux instance that is based on one of the "gpu-accelerated" images.<br />
<br />
For Linux instances based on other images, certain packages must be installed on the instance first. This section details the steps to setting up an XFCE desktop environment for use with VNC on a CentOS 7.4 instance. Other typical Linux desktop environments, such as GNOME, are also available, but XFCE is used as an example here. Setting up a desktop environment should work similarly on Ubuntu instances as well, with some differences. Once the environment is set up, you can launch a VNC server on the instance and connect to it using a VNC client through an ssh tunnel.<br />
<br />
==== VNC and XFCE Installation on CentOS ====<br />
<br />
# Log in as root via ssh as [[#Secure_Shell_.28ssh.29 | described above]].<br />
# Install needed packages:<br />
#* <code>yum install tigervnc-server</code><br />
#* <code>yum groupinstall xfce</code><br />
# Install some additional software that most users will want. These are only suggestions, and this is not a comprehensive list<br />
#* <code>yum install gedit</code><br />
#* <code>yum install firefox</code><br />
#* [https://www.tecmint.com/install-libreoffice-on-rhel-centos-fedora-debian-ubuntu-linux-mint/ LibreOffice]<br />
<br />
==== VNC and XFCE User Setup ====<br />
<br />
For each user that will want to use the XFCE Desktop, you will need to set up VNC capability. To do this, follow the directions below. Alternatively, there is also an [https://linuxtechlab.com/secure-vnc-server-tls-encryption/ Easy guide to secure VNC server with TLS encryption].<br />
<br />
# Open a shell as that user<br />
# <code>vncpasswd</code><br />
#* Sets the user's VNC password<br />
#* This step is '''not necessary''' for read-only VNC<br />
#* This creates a ~/.vnc folder<br />
# <code>vim ~/.vnc/xstartup</code><br />
#* Do not change this file on "gpu-accelerated" instances (as commands in it prevent Anaconda from interfering with dbus)<br />
#* On other instances, paste this text into the file: <br /><tt>#!/bin/bash<br />xrdb $HOME/.Xresources<br />startxfce4 &<br /></tt><br />
# <code>chmod 775 ~/.vnc/xstartup</code><br />
# <code>mkdir ~/bin</code><br />
# <code>vim ~/bin/start_vncserver.sh</code><br />
#* Paste this text into the file: <br /><tt>#!/bin/bash<br />vncserver -geometry 1680x1050<br /></tt><br />
# <code>chmod 775 ~/bin/start_vncserver.sh</code><br />
<br />
==== Using VNC ====<br />
<br />
A brief overview for users is provided here, and for more information please see the [[Getting_Started#Using_VNC|Using VNC section on our Getting Started page]].<br />
<br />
===== Manage the VNC Server =====<br />
<br />
Whenever an instance gets rebooted, you can '''restart''' the VNC server by doing the following<br />
# ssh into the instance<br />
# run <code>~/bin/start_vncserver.sh</code><br />
<br />
To find the port, you can run e.g. <code>ps gxu | grep vnc</code>.<br />
<br />
You can '''stop''' the VNC server by running <code>vncserver -kill :1</code>. If this doesn't work,<br />
you can try <code>pkill Xvnc</code>.<br />
<br />
To '''change or reset the VNC password''', you can simply run <code>vncpassword</code><br />
<br />
To '''change the screen resolution''':<br />
:* Permanently: edit the script <code>~/.vnc/xstartup</code><br />
:* For this session only: use Applications->Display<br />
<br />
===== View the Desktop =====<br />
<br />
# Open a local shell and ssh to establish the tunnel (recommended local port 10000):<br />
#* <code>ssh -L 10000:localhost:5901 <username>@<remote_ip></code><br />
#* '''Note:''' When this shell is closed, the VNC viewer will have to close, too, though VNC is still running.<br />
# In a VNC viewer app, connect to the VNC server <code>localhost:10000</code> (or whichever port you chose above).<br />
#* This should open a window showing the desktop<br />
#* The '''first time''' you do this:<br />
#** For the remote computer, you may have to dismiss a warning dialog<br />
#** You will need to initialize a "panel". Click "Use default config"<br />
<br />
'''Note for Windows users:''' You can also find useful instructions on the [[VNC Tunnel Windows]] page. You may also want to look into [https://fossbytes.com/enable-built-windows-10-openssh-client/ OpenSSH] or [https://www.windowscentral.com/how-install-bash-shell-command-line-windows-10 Bash on Ubuntu on Windows].<br />
<br />
== Instance Maintenance ==<br />
<br />
All self-managed desktops, laptops, servers, and Red Cloud instances, both Windows and Linux, should be updated with Operating System and Acrobat Reader critical and security updates on a '''''monthly''''' basis. <br />
<br />
For Linux instances:<br />
# Check for updates<br />
#* Ubuntu: <code>sudo apt update</code><br />
#* CentOS 7: <code>sudo yum check-update</code><br />
#* CentOS 8: <code>sudo dnf check-update</code><br />
# Install updates<br />
#* Ubuntu: <code>sudo apt upgrade</code><br />
#* CentOS 7: <code>sudo yum update</code><br />
#* CentOS 8: <code>sudo dnf upgrade</code><br />
# Reboot the instance with <code>sudo reboot</code> on both Ubuntu and CentOS<br />
<br />
Before rebooting make sure to save all active work. Rebooting will disconnect you from the instance. Wait a minute or two to allow the instance to restart before reconnecting. When you reconnect, you should verify that the updates were applied by repeating step 1.<br />
<br />
== Initialize and Mount a Volume ==<br />
<br />
WARNING: FILE SYSTEM INITIALIZATION OVERWRITES AND DESTROYS PREVIOUS DATA.<br />
<br />
The instructions here are for formatting and mounting [[Volumes|attached volumes]], though steps like these can only be performed if you have [[Volumes#Create_and_Attach_a_Volume|allocated and attached the volume]] through OpenStack, which can be done while the instance is running.<br />
<br />
'''Note:''' These instructions assume you are the [[Linux_Tutorial#Definitions|root user]]. If you are not (such as on [[Linux_Tutorial#The_.22ubuntu.22_User|Ubuntu]]), then you may need to prepend <code>sudo</code> where appropriate.<br />
<br />
# Identify the device name of the drive you wish to format and mount.<br />
#* Run <code>lsblk</code> to see which /dev/vdX is the likely candidate (for some character 'X'). The following directions assume you identified <code>vdb</code> as the drive of interest.<br />
# Set up file system:<br />
#* <code>sudo mkfs.ext4 /dev/vdb</code><br />
# Make a directory where the device will be mounted, for example "<tt>mountpoint</tt>" in the "<tt>/mnt</tt>" directory:<br />
#* <code>sudo mkdir /mnt/mountpoint</code><br />
# Protect the mount point directory from accidental writes (Optional, but prevents a common user error): <br />
#* <code>sudo chattr +i /mnt/mountpoint</code><br />
# Mount the device:<br />
#* <code>sudo mount /dev/vdb /mnt/mountpoint</code><br />
# To have the mount automatically renewed after reboot, add an <code>fstab</code> entry (this is a little dangerous)<br />
#* <code>sudo nano /etc/fstab</code><br />
#* Add a line with tab separations between four fields: disk device, mounted location, "ext4", "defaults":<br />
#** <code>/dev/vdb /mnt/mountpoint ext4 defaults,nofail</code><br />
<br />
{{Migrate leadout}}</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Resizing_an_Instance&diff=3801Resizing an Instance2021-12-20T15:51:46Z<p>Cjc73: </p>
<hr />
<div>'''WARNING:''' Resizing an instance in the "Active" state will '''''reboot''''' the instance, so be sure to save any active work before attempting.<br />
<br />
<br />
<br />
A variety of [[OpenStack#Instances|instance sizes]] are available on [[Red Cloud]]. The instance size (or type) defines how much memory (RAM) is available, the amount of per-instance storage (typically available through /dev/vdb in [[Red Cloud Linux Instances | Linux instances]]), and the number of CPU cores available.<br />
<br />
Resizing an instance allows you to control your work process dynamically. During periods of heavy development, you may only want a small instance type to develop on, but during periods of heavy computational activity, a large instance (or multiple large instances) may be desirable.<br />
<br />
'''Note:''' A GPU instance cannot be resized to a non-GPU instance flavor or a flavor with a different GPU type. If you need to modify an instance, you can create a snapshot of a GPU instance and create a new instance from that snapshot following the procedure for [[Volumes#Create_a_Bigger_Copy_of_the_Root_Volume|resizing a boot volume]]. Select the desired new flavor while configuring the new instance. <br />
<br />
The options can be found by clicking on the Resize Instance option in the menu for the instance on the right side of the instances listing page:<br />
<br />
[[File:White_square.png|100px|frameless]][[File:Resize Instance Menu.png|150px|frameless|border]]<br />
<br />
This option is only available for instances whose [[OpenStack#Instance States|state]] is either "Active" or "Stopped". The dialog for resizing the instance type is shown below:<br />
<br />
[[File:Resize Instance Dialog.png|500px|frameless|border]]<br />
<br />
Simply select the new flavor you would like and then select "Resize".</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Resizing_an_Instance&diff=3800Resizing an Instance2021-12-20T15:50:14Z<p>Cjc73: GPU instances cannot be resized to a non-GPU instance flavor</p>
<hr />
<div>'''WARNING:''' Resizing an instance in the "Active" state will '''''reboot''''' the instance, so be sure to save any active work before attempting.<br />
<br />
<br />
<br />
A variety of [[OpenStack#Instances|instance sizes]] are available on [[Red Cloud]]. The instance size (or type) defines how much memory (RAM) is available, the amount of per-instance storage (typically available through /dev/vdb in [[Red Cloud Linux Instances | Linux instances]]), and the number of CPU cores available.<br />
<br />
Resizing an instance allows you to control your work process dynamically. During periods of heavy development, you may only want a small instance type to develop on, but during periods of heavy computational activity, a large instance (or multiple large instances) may be desirable.<br />
<br />
'''Note:''' GPU instances cannot be resized to a non-GPU instance flavor or flavors with different GPU types. If you need to modify an instance, you can create a snapshot of a GPU instance and create a new instance from that snapshot following the procedure for [[Volumes#Create_a_Bigger_Copy_of_the_Root_Volume|resizing a boot volume]]. Select the desired new flavor while configuring the new instance. <br />
<br />
The options can be found by clicking on the Resize Instance option in the menu for the instance on the right side of the instances listing page:<br />
<br />
[[File:White_square.png|100px|frameless]][[File:Resize Instance Menu.png|150px|frameless|border]]<br />
<br />
This option is only available for instances whose [[OpenStack#Instance States|state]] is either "Active" or "Stopped". The dialog for resizing the instance type is shown below:<br />
<br />
[[File:Resize Instance Dialog.png|500px|frameless|border]]<br />
<br />
Simply select the new flavor you would like and then select "Resize".</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3792Tips and tricks cjc732021-11-24T20:52:39Z<p>Cjc73: /* Configure screen with .screenrc */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
# <code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file called <code>.screenrc</code> in your home directory. <br />
<br />
<pre><br />
nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3791Tips and tricks cjc732021-11-24T20:52:01Z<p>Cjc73: /* Set up configure screen with .screenrc */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
# <code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file in your home directory called <code>.screenrc</code>. <br />
<br />
<pre><br />
nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Tips_and_tricks_cjc73&diff=3790Tips and tricks cjc732021-11-24T20:50:21Z<p>Cjc73: /* second transcluded heading */</p>
<hr />
<div>== Prevent accidental writes to mount point folders ==<br />
<br />
Suppose you have a folder at /mnt/mountpoint that you would like to use as a mount point for a volume. Because the mount point is a valid path to a location on the boot volume, it is possible to write data to the mount point even when the volume is not mounted. Data written to the mount point will not be on the external volume --- it will be on the boot volume. It can a source of confusion, especially because copying data into the mount point and then later properly mounting a volume will hide any data on the boot drive that is in the mountpoint directory. <br />
<br />
To avoid this, make the mountpoint directory unwritable so attempting to write data to the mountpoint when the volume is not mounted will generate an error. <br />
<br />
<!-- # <code>sudo chmod a-rwx /mnt/mountpoint</code> --><br />
# <code>sudo chattr +i/mnt/mountpoint</code><br />
<br />
== Set up configure screen with .screenrc ==<br />
<br />
Using a program like screen to keep your session active makes your computation robust to network interruption and disconnections. This means you can keep a process running on an instance even if your local machine is turned off or not connected to the internet. <br />
<br />
Screen also has a number of optional features that make working from a remote terminal more pleasant. One feature is the "hard status" bar across the bottom the screen, which is roughly analogous to a tab bar. It will show the open screen windows as numbered "tabs" and the currently open window will be highlighted. A window can be renamed by entering the command sequence <code>ctrl-a, shift-a</code>. The new name will show in the tab bar. <br />
<br />
You can enable the hard status bar (and extended scroll back history) by using <code>nano</code> to create a file in your home directory called <code>.screenrc</code>. <br />
<br />
<pre><br />
nano ~/.screenrc<br />
</pre><br />
<br />
Copy and paste the following into the nano editor:<br />
<br />
<pre><br />
#termcapinfo xterm* ti@:te@<br />
autodetach on # Autodetach session on hangup instead of terminating screen completely<br />
startup_message off # Turn off the splash screen<br />
defscrollback 30000 # Use a 30000-line scrollback buffer<br />
hardstatus on<br />
hardstatus alwayslastline<br />
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "<br />
</pre><br />
<br />
Use <code>ctrl-X</code> to stop editing and follow the prompts to save the file. The next time you launch <code>screen</code>, it will show the status bar along the bottom.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack&diff=3788OpenStack2021-11-24T17:28:25Z<p>Cjc73: /* Deleting a Red Cloud instance */</p>
<hr />
<div>[https://en.wikipedia.org/wiki/OpenStack OpenStack] is an [https://en.wikipedia.org/wiki/Open-source_model open-source] [https://en.wikipedia.org/wiki/Cloud_computing#Service_models cloud stack] that is currently running on [[Red_Cloud|Red Cloud]]. Also, for more information, see the [https://docs.openstack.org/pike/index.html Official Documentation for OpenStack].<br />
<br />
This page is intended as a quick walk-through of the most-used features of OpenStack, so it is not comprehensive, but links to a lot of supporting documentation for more thorough explanations and advanced topics.<br />
<br />
__TOC__<br />
<br />
== Using the OpenStack Web Interface (Horizon) ==<br />
<br />
There are two ways to manage [[Red Cloud]] resources:<br />
# [https://redcloud.cac.cornell.edu OpenStack Web Interface]<br />
# [[OpenStack CLI]]<br />
<br />
Most users will use the OpenStack Web Interface (called [https://docs.openstack.org/horizon/latest/ Horizon]). This web-based interface can be used to manage [[#Instances|instances]] and [[Volumes|volumes]]. For [[Red Cloud Linux Instances|Linux Instances]], however, some users may choose to use the OpenStack CLI. This section focuses on the OpenStack Web Interface.<br />
<br />
=== Logging into OpenStack===<br />
<br />
Log in to the [https://redcloud.cac.cornell.edu OpenStack Web Interface] to create and manage Red Cloud resources. There are two ways to login: <br />
<br />
[[File:RedCloudCACLogin.png|300px|frameless|border]][[File:White_square.png|100px|frameless]][[File:RedCloudGlobusAuthLogin.png|300px|frameless|border]]<br />
<br />
# [https://www.cac.cornell.edu/services/myacct.aspx CAC Account] - Enter '''cac''' as the "<tt>Domain</tt>" and your [https://www.cac.cornell.edu/services/myacct.aspx CAC username] and password, not your Cornell NetID. If your CAC password has expired, you will need to [https://www.cac.cornell.edu/wiki/index.php?title=Getting_Started#Managing_your_password reset it] before you will be able to login to the OpenStack Web Interface.<br />
# [https://www.globus.org/tags/globus-auth Globus Auth] - Log in through Globus<br />
#* Currently, this feature is '''only available to Aristotle users'''. This feature will be enabled for all users in the future.<br />
#* You must ''link your Cornell account'', or any accounts attached to the projects you are on, in order to have access to them when using Globus Auth.<br />
#* If you can't log in with Globus Auth, it may be that you have not linked your account yet.<br />
<br />
You can use the "<tt>Authenticate using</tt>" drop-down to switch between the two options. Neither option requires you to enter a project ID; you can switch between the projects you are on once logged in.<br />
<br />
=== Overview Page ===<br />
<br />
The Overview page is the first place you will be taken upon logging into Red Cloud.<br />
<br />
:* Provides useful metrics on currently selected project<br />
:* '''Before creating an instance''', you will need to:<br />
:** Select the correct project from the "<tt>Project</tt>" drop-down at the top right of the page (if you are on multiple projects)<br />
:** [[#Key_Pairs|Create a key pair]] - for authentication when you log in the first time<br />
:** [[#Security_Groups|Create a security group]] - defines allowable types of port access for an instance<br />
:** Optional: [[Networks#Private_Networks|Set up a private network]] - if you do not want your instance to be available on the [[Networks#Public Network|public network]]<br />
:* You may also want to:<br />
:** [[Volumes#Create and Attach a Volume|Create and Attach a Volume]] (can also be done when launching an instance)<br />
:** [[Networks#Floating IP Addresses|Associate a Floating IP address]] - a fixed IP address that can be assigned to an instance<br />
<br />
=== Key Pairs ===<br />
<br />
[[File:Overview_KeyPairs_Circled.png|350px|frameless|border]]<br />
<br />
To get to the Key Pairs page: select the "<tt>Compute</tt>" tab along the top (you should start here at login), then click on "<tt>Key Pairs</tt>" along the top bar as pictured above. If you are logged in already, you can also get to it by this link: [https://redcloud.cac.cornell.edu/dashboard/project/key_pairs/ Key Pairs].<br />
<br />
On the Key Pairs page, you can view the list of available [[OpenStack_Key_Pairs|key pairs]] for your project. From here, you can also [[OpenStack_Key_Pairs#Creating_a_Key_Pair|create]] or [[OpenStack_Key_Pairs#Importing_a_Key_Pair|import]] a key pair. If you do not already have a key pair listed, you can either create one before [[OpenStack#Launch_an_Instance|launching an instance]], or [[OpenStack_Key_Pairs#Selecting_a_Key_Pair_When_Creating_an_Instance|create or upload a key pair]] during instance setup.<br />
<br />
For more information, here is a walk-through on [[OpenStack Key Pairs]].<br />
<br />
=== Security Groups ===<br />
<br />
[[File:Overview_SecurityGroups.png|350px|frameless|border]]<br />
<br />
To get to the Security Groups page: select the "<tt>Network</tt>" drop-down menu along the top, then click on "<tt>Security Groups</tt>" as pictured above. If you are already logged in, you can also get to it by following this link: [https://redcloud.cac.cornell.edu/dashboard/project/security_groups/ Security Groups]<br />
<br />
On the Security Groups page, you can view a list of available [[OpenStack Security Groups|security groups]] for your project, including a default security group. On this page, you can also [[OpenStack_Security_Groups#Creating_a_Security_Group|create]] and delete security groups. It '''is ''not''''' recommended that you use the default security group without [[OpenStack_Security_Groups#Managing_a_Security_Group.27s_Rules|modifying the rules]] to fit your needs. A good security practice is to have one security group per application or one per user. Instances that have no business talking to each other should generally be in separate security groups.<br />
<br />
If you do not already have a security group set up, you will want to [[OpenStack_Security_Groups#Creating_a_Security_Group|create]] one before [[OpenStack#Launch_an_Instance|launching an instance]] because you cannot create one during instance setup. However, you can [[OpenStack_Security_Groups#Assigning_Security_Groups_to_an_Instance|assign a security group]] to an instance later, and even [[OpenStack_Security_Groups#Adding_a_Rule_to_a_Security_Group|add]] or<br />
[[OpenStack_Security_Groups#Managing_a_Security_Group.27s_Rules|modify the rules]] of the security group at any time. <br />
<br />
For more information, here is a walk-through on [[OpenStack Security Groups]].<br />
<br />
== Instances ==<br />
<br />
Each instance is a Virtual Machine (VM) in the cloud. You can select CPU/RAM/disk configurations (called "flavors") for the VM. Note that each vCPU currently equates to one core. The available VM configurations are:<br />
<br />
{| border="1" cellspacing="0" cellpadding="10" align="center" style="text-align:center;"<br />
! Flavor <br />
! vCPUs<br />
! GPUs <br />
! RAM <br />
|-<br />
| c1.m8 || 1 || None || 8 GB<br />
|-<br />
| c2.m16 || 2 || None || 16 GB<br />
|-<br />
| c4.m32 || 4 || None || 32 GB<br />
|-<br />
| c8.m64 || 8 || None || 64 GB<br />
|-<br />
| c14.m112 || 14 || None || 112 GB<br />
|-<br />
| c20.m160 || 20 || None || 160 GB<br />
|-<br />
| c28.m224|| 28 || None || 224 GB<br />
|-<br />
| *''c4.t1.m20'' || 4 || 1 '''[https://www.nvidia.com/en-us/data-center/tesla-t4/ Nvidia Tesla T4]''' || 20 GB<br />
|-<br />
| *''c14.g1.m60'' || 14 || 1 '''[https://www.nvidia.com/en-us/data-center/tesla-v100/ Nvidia Tesla V100]''' || 60 GB<br />
|-<br />
| colspan="4" style="text-align:left;" | ''* GPU flavors<br />
|}<br />
<br />
When you are first starting an instance, we '''recommend''' that you select the smallest flavor (least number of CPUs) that you think will be able to handle installation and configuration of the software and environment on your instance, and then [[Resizing an Instance|resize the instance]] when you are ready to run. The "c1.m8" flavor will typically be enough, as you will not need much memory or compute power while setting up your software. This way you will save core hours that would otherwise have been spent idle. This method is especially useful when configuring a ''GPU instance'' due to the number of cores. Also note: you can begin with a smaller instance size (or flavor) that does not contain a GPU, and later resize to one that does.<br />
<br />
The root disk size of the instance will default to the size of the [[Images|image]] you select. You have the option to create a [[Volumes|volume]] as the root disk beyond the image size at launch time. Note that we do not oversubscribe physical RAM, CPU cores, or GPUs (hyperthreading is disabled).<br />
<br />
To work with instances, select the "<tt>Instances</tt>" page under the "<tt>Compute</tt>" tab, as pictured below:<br />
<br />
[[File:InstancesMenu.png|350px|frameless|border]]<br />
<br />
=== Launch an Instance ===<br />
<br />
This section is a general walk-through for creating a new instance, which is not specific to an Operating System (OS). For more specific information per OS, see either of these pages:<br />
<br />
:* [[Red Cloud Linux Instances|Linux Instances]]<br />
:* [[Red Cloud Windows Instances|Windows Instances]]<br />
<br />
==== To launch a new instance ====<br />
<br />
# [[#Key_Pairs|Create Key Pair]]<br />
# [[#Security Groups|Create a Security Group]] and be sure that you select the appropriate rule for connecting to your instance (SSH for [[Red Cloud Linux Instances|Linux Instances]] and RDP for [[Red Cloud Windows Instances|Windows Instances]])<br />
# Select "<tt>Launch Instance</tt>" on the top right side of the [https://redcloud.cac.cornell.edu/dashboard/project/instances/ Instances] page [[File:InstancesOptions.png|600px|frameless|border]]<br />
<br />
The full "<tt>Launch Instance</tt>" menu will pop up like this:<br />
<br />
[[File:InstanceLaunchMenuFull.png|700px|frameless|border]]<br />
<br />
:* Tabs that you are required to fill out are marked with a '''*'''<br />
:* It is '''recommended''' that you also select your own Security Group, otherwise the default security group will be selected, which may not be ideal for your work.<br />
:* It is '''necessary''' that you select your own Key Pair, even though this field is not marked required, so that you are able to connect to your instance after creation.<br />
<br />
==== Configuring the Instance ====<br />
<br />
# Under the "<tt>Details</tt>" tab:<br />
#* Enter a name for your instance<br />
#* '''Count''' is the number of identical instances you would like to create (typically 1).<br />
#** Note that if you create multiple instances this way, the names will be identical with a dash and number added at the end.<br />
#** For example, if you set Instance Name to "my_instance" and you set Count to 3, you would start instances named "my_instance-1", "my_instance-2", and "my_instance-3".<br />
# On the "<tt>Source</tt>" tab:<br />
#* You must '''Select Boot Source''', which is described on the page as "the template used to create an instance."<br />
#** It is generally a good idea to start with an [[Images|image]] as the source, unless you want to create an instance from a pre-existing source.<br />
#** For more information on the other options, see [[Images#Creating an Image|Creating an Image]].<br />
#* You can select a specific source under the <tt>Available</tt> list by selecting the up arrow on the right-hand side.<br />
#* Get more details about the specific source by selecting the right-arrow on the left-hand side next to the name.<br />
#* You will have the option to '''Create New Volume''' if you have selected either "<tt>Image</tt>" or "<tt>Instance Snapshot</tt>" as the source (default is "<tt>Yes</tt>"):<br />
#*# '''<tt>Yes</tt>''': If selected, a [[Volumes|volume]] will be created to be the instance's root disk. You will then have the options of extending the size of the volume beyond the image size, and deleting the volume when the instance is deleted.<br />
#*#* '''Volume Size''' is the size of your root [[Volumes|volume]]. The default number will match the size of the [[Images|image]] you select, and can be increased.<br />
#*#* '''Delete Volume on Instance Delete''' determines whether or not the root volume will be deleted automatically when you terminate the instance. The default is "<tt>No</tt>", which prevents your data from being deleted when you delete your instance (perhaps accidentally). However, ''if you do not need this extra level of protection, and you do not intend to re-use the root volume, you could unintentionally incur excess storage usage''. Therefore, it can be a good idea to set this option to "<tt>Yes</tt>" so that the volume is deleted automatically when you terminate your instance. Your alternative is to find and delete the root volume manually, later (it will show up in the list of volumes with a name identical to its arbitrarily assigned ID, unless you give it a different name).<br />
#*#* You can also customize the name of the volume under '''Device Name'''.<br />
#*# '''<tt>No</tt>''': If selected, the instance will boot off a root disk the same size as the image. The root disk will be deleted when the instance is deleted.<br />
# The "<tt>Flavor</tt>" tab is where you select the VM configuration discussed [[#Instances|above]].<br />
#* We '''recommend''' that you select the smallest flavor (least number of CPUs) that you think will be able to handle installation and configuration of the software and environment on your instance, and then [[Resizing an Instance|resize the instance]] when you are ready to run. This way you will save core hours that would otherwise have been spent idle. Also note: you can begin with a smaller instance size (or flavor) that does not contain a GPU, and later resize to one that does.<br />
#* You can select a configuration by selecting the up arrow on the right-hand side.<br />
#* Get more details about the configuration by selecting the right-arrow on the left-hand side next to the name.<br />
#* The "<tt>Total Disk</tt>" will show "0 GB" because the disk size will match the [[Images|image]] you selected on the "<tt>Source</tt>" tab.<br />
# For the "<tt>Networks</tt>" tab, two options are available:<br />
## You can make the instance available on the [[Networks#Public Network|public net]]. This is the simplest and most common selection.<br />
## You can select your own [[Networks#Private Networks|private network]], which has to be set up before you launch an instance. For more information, see the [[Networks]] page.<br />
# On the "<tt>Security Groups</tt>" tab, select the [[#Security Groups|security group]] you already created.<br />
# On the "<tt>Key Pairs</tt>" tab, select the [[#Key Pairs|key pair]] you already created.<br />
<br />
=== Instance States ===<br />
<br />
OpenStack defines several [https://developer.openstack.org/api-guide/compute/server_concepts.html#server-status Server States] through which you can move your instances. You change the state of your instance by making a selection from a drop-down menu under the <tt>Actions</tt> column. Three significant actions to know about are "Resize Instance", "Shelve Instance", and "Unshelve Instance"; these are described below.<br />
<br />
Allowed actions&mdash;i.e., the ones that appear in the drop-down menu&mdash;''depend on the current state of the instance''. For example, the "Resize Instance" action is allowed only for instances that are in the Active state. The figure below shows the possible states in OpenStack and the transitions that are allowed in each case.<br />
<br />
[[File:Openstack-server-states.png|thumb|left|700px|Source: OpenStack[https://docs.openstack.org/nova/latest/reference/vm-states.html]]]<br />
<div style="clear: both"></div><br />
<br />
When your instance has been created, the "<tt>Instances</tt>" tab will list its current state (as well as the state of your other instances) under the "<tt>Status</tt>" column. In the rightmost column called "<tt>Actions</tt>," you will see a drop-down menu for each instance. This menu lists the actions that are allowed for the given instance. Below we describe the typical states and list some of the common actions you will use to change instance state.<br />
<br />
==== Important States ====<br />
<br />
'''''Note: The only state where you are NOT being charged for computational resources is Shelved Offloaded'''''<br />
<br />
:* '''Active''': Instance is active, you can connect to it and are being billed for the computational resources dedicated to it.<br />
:* '''Shelved Offloaded''': The Instance is not resident on the compute host; this means you will not be billed for computational resources while the Instance is in this state (although you will be charged for the storage required to hold it). You can restart the server when you need it again.<br />
:* '''Paused''': In this state, the server state is preserved in RAM, but operations have been stopped and will resume when instructed. You are still being charged for the computational resources dedicated to the Instance.<br />
:* '''Suspended''': Instance state has been stored on disk, including the contents of its RAM. With Red Cloud's configuration, you are still paying for the computational resources you were using.<br />
:* '''Stopped''': This is like powering off a server; in this state, you are still being billed for the computational resources.<br />
:* '''Resized''': At this time, the Instance is being Resized to a different flavor&mdash;that is, a different allocation of vCPUs and RAM&mdash;and is not contactable.<br />
<br />
==== Operations to transition between states ====<br />
<br />
<br />
These options are available, subject to the current state of the Instances, from the dropdown available in the "Actions" column of the Instances page. ''Remember that Shelving is the only operation that will free up the computational resources your Instance has been using so that you stop being charged for them!''<br />
<br />
:* '''Pause Instance:''' Put instance into the Paused state.<br />
:* '''Suspend Instance''': Put instance into the Suspended state.<br />
:* '''Shelve Instance''': This is how you put the Instance aside so that you are no longer charged for computational resources being used; your Instance will still be visible on the Instances page with Status Shelved Offloaded. To get the Instance back up and running, select "Unshelve" from the actions menu.<br />
:* '''Resize Instance''': Allows you to select a new Instance flavor. After you have selected it, Status will be shown as "Confirm or Revert Resize/Migrate" you will have to confirm in the Actions dropdown, after which the Instance will be taken down and then come back up with the new computational resources available to it. On Linux you can check with commands such as <code>lscpu</code> or <code>cat /proc/cpuinfo</code>; on Windows you can, for example, use the "Performance" tab of Task Manager to see the available cores.<br />
:* '''Resume Instance''': Will restart the Instance from states of Paused and Suspended<br />
:* '''Soft Reboot Instance''' or '''Hard Reboot Instance''': Reboot your instance, either through issuing a command to the operation system ("Soft") or as if power-cycling the Instance ("Hard")<br />
:* '''Shut Off Instance''': Like powering off the Instance, an action you will need to confirm in a pop-up window. The Status shown will be Shutoff and you will need to "Restart" to get it back. Additionally, if you are logged into an instance and use an OS command such as <code>sudo poweroff</code> or <code>sudo init</code>, the Instances page will show the same status and you will need to select "Restart" to get the Instance back up and running. In this state, ''you are still being charged for computational resources''.<br />
<br />
===Deleting a Red Cloud instance===<br />
<br />
For data safety, make sure to back up any data you want to keep before deleting any volumes or instances. You can avoid creating orphaned boot volumes when deleting volumes by following the two-step procedure below. If the instance was deleted before the boot volume could identified, skip to step 2. <br />
<br />
'''Step 1: Identify the boot volumes before deleting the instances.''' <br />
<br />
* View your list of instances at https://redcloud.cac.cornell.edu/dashboard/project/instances/.<br />
* For each instance you would like to delete, click the instance name to load the overview page. Find the "Attached to" line in the "Volumes" section at the bottom of the page. It will look something like the entry below:<br />
<pre><br />
Volumes Attached<br />
Attached To d35e1234-b99d-48a9-a827-97d6f8eca4fb on /dev/vda<br />
</pre><br />
* Note the long alphanumeric string (<code>d35e1234-b99d-48a9-a827-97d6f8eca4fb</code>) and copy it to a note. If you created separate data storage volumes, you might see them attached to an instance as well (as second or third attached volumes). If appropriate, you can also delete these attached storage volumes in step 2. <br />
* After you have made notes about which attached volumes to remove in step 2, delete the instance using the drop down menu at the end of the instance row.<br />
* Repeat for each additional unwanted volume. <br />
<br />
<br />
'''Step 2: Manually delete the identified boot volumes after deleting the instances.''' <br />
<br />
* View your volumes at https://redcloud.cac.cornell.edu/dashboard/project/volumes/. <br />
* Depending on the options selected when the instance was created, a deleted instance might leave an orphaned boot volume behind.<br />
* Use the list of drive identifiers generated in step 1 to select and delete any orphaned volumes. You can use the drop down menu at the end of each row to delete each orphaned volume. <br />
* For the remaining volumes, click on the volume name to see the volume overview. It might be possible to identify unwanted volumes from this meta-data (i.e. you can tell it is a boot volume because it is based on an OS image). It is up to you to verify that volumes are truly unwanted and that important data has been backed up before deleting. <br />
** OS-image-based volumes are almost certainly boot volumes and if they are not attached to any current instance, they may be orphaned. <br />
** If you are left with unidentifiable volumes, it is possible to mount these to an instance and inspect their contents. <br />
** In some cases, it is easier to identify the volumes you want to keep by identifying the boot and data volumes attached to instances you are using. <br />
* The storage information updates about once every 4 hours. After you have deleted the volumes and the storage information updates, your project page should show a lower storage usage.<br />
<br />
== Migrate an Instance to a New Project ==<br />
<br />
Occasionally, you may have an instance in one Red Cloud project that you would like to migrate to a different project.<br />
If you have been working in an exploratory project and are transitioning to using a permanent project, you may want to bring along the instances you have created.<br />
Or, you may want to share an instance with someone who is working in another project.<br />
The [[Migrate_an_Instance_to_a_New_Project|steps to perform such migrations]] are not difficult and can be performed through the Red Cloud (Horizon) web interface.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=OpenStack&diff=3787OpenStack2021-11-24T17:25:14Z<p>Cjc73: /* Deleting a Red Cloud instance */</p>
<hr />
<div>[https://en.wikipedia.org/wiki/OpenStack OpenStack] is an [https://en.wikipedia.org/wiki/Open-source_model open-source] [https://en.wikipedia.org/wiki/Cloud_computing#Service_models cloud stack] that is currently running on [[Red_Cloud|Red Cloud]]. Also, for more information, see the [https://docs.openstack.org/pike/index.html Official Documentation for OpenStack].<br />
<br />
This page is intended as a quick walk-through of the most-used features of OpenStack, so it is not comprehensive, but links to a lot of supporting documentation for more thorough explanations and advanced topics.<br />
<br />
__TOC__<br />
<br />
== Using the OpenStack Web Interface (Horizon) ==<br />
<br />
There are two ways to manage [[Red Cloud]] resources:<br />
# [https://redcloud.cac.cornell.edu OpenStack Web Interface]<br />
# [[OpenStack CLI]]<br />
<br />
Most users will use the OpenStack Web Interface (called [https://docs.openstack.org/horizon/latest/ Horizon]). This web-based interface can be used to manage [[#Instances|instances]] and [[Volumes|volumes]]. For [[Red Cloud Linux Instances|Linux Instances]], however, some users may choose to use the OpenStack CLI. This section focuses on the OpenStack Web Interface.<br />
<br />
=== Logging into OpenStack===<br />
<br />
Log in to the [https://redcloud.cac.cornell.edu OpenStack Web Interface] to create and manage Red Cloud resources. There are two ways to login: <br />
<br />
[[File:RedCloudCACLogin.png|300px|frameless|border]][[File:White_square.png|100px|frameless]][[File:RedCloudGlobusAuthLogin.png|300px|frameless|border]]<br />
<br />
# [https://www.cac.cornell.edu/services/myacct.aspx CAC Account] - Enter '''cac''' as the "<tt>Domain</tt>" and your [https://www.cac.cornell.edu/services/myacct.aspx CAC username] and password, not your Cornell NetID. If your CAC password has expired, you will need to [https://www.cac.cornell.edu/wiki/index.php?title=Getting_Started#Managing_your_password reset it] before you will be able to login to the OpenStack Web Interface.<br />
# [https://www.globus.org/tags/globus-auth Globus Auth] - Log in through Globus<br />
#* Currently, this feature is '''only available to Aristotle users'''. This feature will be enabled for all users in the future.<br />
#* You must ''link your Cornell account'', or any accounts attached to the projects you are on, in order to have access to them when using Globus Auth.<br />
#* If you can't log in with Globus Auth, it may be that you have not linked your account yet.<br />
<br />
You can use the "<tt>Authenticate using</tt>" drop-down to switch between the two options. Neither option requires you to enter a project ID; you can switch between the projects you are on once logged in.<br />
<br />
=== Overview Page ===<br />
<br />
The Overview page is the first place you will be taken upon logging into Red Cloud.<br />
<br />
:* Provides useful metrics on currently selected project<br />
:* '''Before creating an instance''', you will need to:<br />
:** Select the correct project from the "<tt>Project</tt>" drop-down at the top right of the page (if you are on multiple projects)<br />
:** [[#Key_Pairs|Create a key pair]] - for authentication when you log in the first time<br />
:** [[#Security_Groups|Create a security group]] - defines allowable types of port access for an instance<br />
:** Optional: [[Networks#Private_Networks|Set up a private network]] - if you do not want your instance to be available on the [[Networks#Public Network|public network]]<br />
:* You may also want to:<br />
:** [[Volumes#Create and Attach a Volume|Create and Attach a Volume]] (can also be done when launching an instance)<br />
:** [[Networks#Floating IP Addresses|Associate a Floating IP address]] - a fixed IP address that can be assigned to an instance<br />
<br />
=== Key Pairs ===<br />
<br />
[[File:Overview_KeyPairs_Circled.png|350px|frameless|border]]<br />
<br />
To get to the Key Pairs page: select the "<tt>Compute</tt>" tab along the top (you should start here at login), then click on "<tt>Key Pairs</tt>" along the top bar as pictured above. If you are logged in already, you can also get to it by this link: [https://redcloud.cac.cornell.edu/dashboard/project/key_pairs/ Key Pairs].<br />
<br />
On the Key Pairs page, you can view the list of available [[OpenStack_Key_Pairs|key pairs]] for your project. From here, you can also [[OpenStack_Key_Pairs#Creating_a_Key_Pair|create]] or [[OpenStack_Key_Pairs#Importing_a_Key_Pair|import]] a key pair. If you do not already have a key pair listed, you can either create one before [[OpenStack#Launch_an_Instance|launching an instance]], or [[OpenStack_Key_Pairs#Selecting_a_Key_Pair_When_Creating_an_Instance|create or upload a key pair]] during instance setup.<br />
<br />
For more information, here is a walk-through on [[OpenStack Key Pairs]].<br />
<br />
=== Security Groups ===<br />
<br />
[[File:Overview_SecurityGroups.png|350px|frameless|border]]<br />
<br />
To get to the Security Groups page: select the "<tt>Network</tt>" drop-down menu along the top, then click on "<tt>Security Groups</tt>" as pictured above. If you are already logged in, you can also get to it by following this link: [https://redcloud.cac.cornell.edu/dashboard/project/security_groups/ Security Groups]<br />
<br />
On the Security Groups page, you can view a list of available [[OpenStack Security Groups|security groups]] for your project, including a default security group. On this page, you can also [[OpenStack_Security_Groups#Creating_a_Security_Group|create]] and delete security groups. It '''is ''not''''' recommended that you use the default security group without [[OpenStack_Security_Groups#Managing_a_Security_Group.27s_Rules|modifying the rules]] to fit your needs. A good security practice is to have one security group per application or one per user. Instances that have no business talking to each other should generally be in separate security groups.<br />
<br />
If you do not already have a security group set up, you will want to [[OpenStack_Security_Groups#Creating_a_Security_Group|create]] one before [[OpenStack#Launch_an_Instance|launching an instance]] because you cannot create one during instance setup. However, you can [[OpenStack_Security_Groups#Assigning_Security_Groups_to_an_Instance|assign a security group]] to an instance later, and even [[OpenStack_Security_Groups#Adding_a_Rule_to_a_Security_Group|add]] or<br />
[[OpenStack_Security_Groups#Managing_a_Security_Group.27s_Rules|modify the rules]] of the security group at any time. <br />
<br />
For more information, here is a walk-through on [[OpenStack Security Groups]].<br />
<br />
== Instances ==<br />
<br />
Each instance is a Virtual Machine (VM) in the cloud. You can select CPU/RAM/disk configurations (called "flavors") for the VM. Note that each vCPU currently equates to one core. The available VM configurations are:<br />
<br />
{| border="1" cellspacing="0" cellpadding="10" align="center" style="text-align:center;"<br />
! Flavor <br />
! vCPUs<br />
! GPUs <br />
! RAM <br />
|-<br />
| c1.m8 || 1 || None || 8 GB<br />
|-<br />
| c2.m16 || 2 || None || 16 GB<br />
|-<br />
| c4.m32 || 4 || None || 32 GB<br />
|-<br />
| c8.m64 || 8 || None || 64 GB<br />
|-<br />
| c14.m112 || 14 || None || 112 GB<br />
|-<br />
| c20.m160 || 20 || None || 160 GB<br />
|-<br />
| c28.m224|| 28 || None || 224 GB<br />
|-<br />
| *''c4.t1.m20'' || 4 || 1 '''[https://www.nvidia.com/en-us/data-center/tesla-t4/ Nvidia Tesla T4]''' || 20 GB<br />
|-<br />
| *''c14.g1.m60'' || 14 || 1 '''[https://www.nvidia.com/en-us/data-center/tesla-v100/ Nvidia Tesla V100]''' || 60 GB<br />
|-<br />
| colspan="4" style="text-align:left;" | ''* GPU flavors<br />
|}<br />
<br />
When you are first starting an instance, we '''recommend''' that you select the smallest flavor (least number of CPUs) that you think will be able to handle installation and configuration of the software and environment on your instance, and then [[Resizing an Instance|resize the instance]] when you are ready to run. The "c1.m8" flavor will typically be enough, as you will not need much memory or compute power while setting up your software. This way you will save core hours that would otherwise have been spent idle. This method is especially useful when configuring a ''GPU instance'' due to the number of cores. Also note: you can begin with a smaller instance size (or flavor) that does not contain a GPU, and later resize to one that does.<br />
<br />
The root disk size of the instance will default to the size of the [[Images|image]] you select. You have the option to create a [[Volumes|volume]] as the root disk beyond the image size at launch time. Note that we do not oversubscribe physical RAM, CPU cores, or GPUs (hyperthreading is disabled).<br />
<br />
To work with instances, select the "<tt>Instances</tt>" page under the "<tt>Compute</tt>" tab, as pictured below:<br />
<br />
[[File:InstancesMenu.png|350px|frameless|border]]<br />
<br />
=== Launch an Instance ===<br />
<br />
This section is a general walk-through for creating a new instance, which is not specific to an Operating System (OS). For more specific information per OS, see either of these pages:<br />
<br />
:* [[Red Cloud Linux Instances|Linux Instances]]<br />
:* [[Red Cloud Windows Instances|Windows Instances]]<br />
<br />
==== To launch a new instance ====<br />
<br />
# [[#Key_Pairs|Create Key Pair]]<br />
# [[#Security Groups|Create a Security Group]] and be sure that you select the appropriate rule for connecting to your instance (SSH for [[Red Cloud Linux Instances|Linux Instances]] and RDP for [[Red Cloud Windows Instances|Windows Instances]])<br />
# Select "<tt>Launch Instance</tt>" on the top right side of the [https://redcloud.cac.cornell.edu/dashboard/project/instances/ Instances] page [[File:InstancesOptions.png|600px|frameless|border]]<br />
<br />
The full "<tt>Launch Instance</tt>" menu will pop up like this:<br />
<br />
[[File:InstanceLaunchMenuFull.png|700px|frameless|border]]<br />
<br />
:* Tabs that you are required to fill out are marked with a '''*'''<br />
:* It is '''recommended''' that you also select your own Security Group, otherwise the default security group will be selected, which may not be ideal for your work.<br />
:* It is '''necessary''' that you select your own Key Pair, even though this field is not marked required, so that you are able to connect to your instance after creation.<br />
<br />
==== Configuring the Instance ====<br />
<br />
# Under the "<tt>Details</tt>" tab:<br />
#* Enter a name for your instance<br />
#* '''Count''' is the number of identical instances you would like to create (typically 1).<br />
#** Note that if you create multiple instances this way, the names will be identical with a dash and number added at the end.<br />
#** For example, if you set Instance Name to "my_instance" and you set Count to 3, you would start instances named "my_instance-1", "my_instance-2", and "my_instance-3".<br />
# On the "<tt>Source</tt>" tab:<br />
#* You must '''Select Boot Source''', which is described on the page as "the template used to create an instance."<br />
#** It is generally a good idea to start with an [[Images|image]] as the source, unless you want to create an instance from a pre-existing source.<br />
#** For more information on the other options, see [[Images#Creating an Image|Creating an Image]].<br />
#* You can select a specific source under the <tt>Available</tt> list by selecting the up arrow on the right-hand side.<br />
#* Get more details about the specific source by selecting the right-arrow on the left-hand side next to the name.<br />
#* You will have the option to '''Create New Volume''' if you have selected either "<tt>Image</tt>" or "<tt>Instance Snapshot</tt>" as the source (default is "<tt>Yes</tt>"):<br />
#*# '''<tt>Yes</tt>''': If selected, a [[Volumes|volume]] will be created to be the instance's root disk. You will then have the options of extending the size of the volume beyond the image size, and deleting the volume when the instance is deleted.<br />
#*#* '''Volume Size''' is the size of your root [[Volumes|volume]]. The default number will match the size of the [[Images|image]] you select, and can be increased.<br />
#*#* '''Delete Volume on Instance Delete''' determines whether or not the root volume will be deleted automatically when you terminate the instance. The default is "<tt>No</tt>", which prevents your data from being deleted when you delete your instance (perhaps accidentally). However, ''if you do not need this extra level of protection, and you do not intend to re-use the root volume, you could unintentionally incur excess storage usage''. Therefore, it can be a good idea to set this option to "<tt>Yes</tt>" so that the volume is deleted automatically when you terminate your instance. Your alternative is to find and delete the root volume manually, later (it will show up in the list of volumes with a name identical to its arbitrarily assigned ID, unless you give it a different name).<br />
#*#* You can also customize the name of the volume under '''Device Name'''.<br />
#*# '''<tt>No</tt>''': If selected, the instance will boot off a root disk the same size as the image. The root disk will be deleted when the instance is deleted.<br />
# The "<tt>Flavor</tt>" tab is where you select the VM configuration discussed [[#Instances|above]].<br />
#* We '''recommend''' that you select the smallest flavor (least number of CPUs) that you think will be able to handle installation and configuration of the software and environment on your instance, and then [[Resizing an Instance|resize the instance]] when you are ready to run. This way you will save core hours that would otherwise have been spent idle. Also note: you can begin with a smaller instance size (or flavor) that does not contain a GPU, and later resize to one that does.<br />
#* You can select a configuration by selecting the up arrow on the right-hand side.<br />
#* Get more details about the configuration by selecting the right-arrow on the left-hand side next to the name.<br />
#* The "<tt>Total Disk</tt>" will show "0 GB" because the disk size will match the [[Images|image]] you selected on the "<tt>Source</tt>" tab.<br />
# For the "<tt>Networks</tt>" tab, two options are available:<br />
## You can make the instance available on the [[Networks#Public Network|public net]]. This is the simplest and most common selection.<br />
## You can select your own [[Networks#Private Networks|private network]], which has to be set up before you launch an instance. For more information, see the [[Networks]] page.<br />
# On the "<tt>Security Groups</tt>" tab, select the [[#Security Groups|security group]] you already created.<br />
# On the "<tt>Key Pairs</tt>" tab, select the [[#Key Pairs|key pair]] you already created.<br />
<br />
=== Instance States ===<br />
<br />
OpenStack defines several [https://developer.openstack.org/api-guide/compute/server_concepts.html#server-status Server States] through which you can move your instances. You change the state of your instance by making a selection from a drop-down menu under the <tt>Actions</tt> column. Three significant actions to know about are "Resize Instance", "Shelve Instance", and "Unshelve Instance"; these are described below.<br />
<br />
Allowed actions&mdash;i.e., the ones that appear in the drop-down menu&mdash;''depend on the current state of the instance''. For example, the "Resize Instance" action is allowed only for instances that are in the Active state. The figure below shows the possible states in OpenStack and the transitions that are allowed in each case.<br />
<br />
[[File:Openstack-server-states.png|thumb|left|700px|Source: OpenStack[https://docs.openstack.org/nova/latest/reference/vm-states.html]]]<br />
<div style="clear: both"></div><br />
<br />
When your instance has been created, the "<tt>Instances</tt>" tab will list its current state (as well as the state of your other instances) under the "<tt>Status</tt>" column. In the rightmost column called "<tt>Actions</tt>," you will see a drop-down menu for each instance. This menu lists the actions that are allowed for the given instance. Below we describe the typical states and list some of the common actions you will use to change instance state.<br />
<br />
==== Important States ====<br />
<br />
'''''Note: The only state where you are NOT being charged for computational resources is Shelved Offloaded'''''<br />
<br />
:* '''Active''': Instance is active, you can connect to it and are being billed for the computational resources dedicated to it.<br />
:* '''Shelved Offloaded''': The Instance is not resident on the compute host; this means you will not be billed for computational resources while the Instance is in this state (although you will be charged for the storage required to hold it). You can restart the server when you need it again.<br />
:* '''Paused''': In this state, the server state is preserved in RAM, but operations have been stopped and will resume when instructed. You are still being charged for the computational resources dedicated to the Instance.<br />
:* '''Suspended''': Instance state has been stored on disk, including the contents of its RAM. With Red Cloud's configuration, you are still paying for the computational resources you were using.<br />
:* '''Stopped''': This is like powering off a server; in this state, you are still being billed for the computational resources.<br />
:* '''Resized''': At this time, the Instance is being Resized to a different flavor&mdash;that is, a different allocation of vCPUs and RAM&mdash;and is not contactable.<br />
<br />
==== Operations to transition between states ====<br />
<br />
<br />
These options are available, subject to the current state of the Instances, from the dropdown available in the "Actions" column of the Instances page. ''Remember that Shelving is the only operation that will free up the computational resources your Instance has been using so that you stop being charged for them!''<br />
<br />
:* '''Pause Instance:''' Put instance into the Paused state.<br />
:* '''Suspend Instance''': Put instance into the Suspended state.<br />
:* '''Shelve Instance''': This is how you put the Instance aside so that you are no longer charged for computational resources being used; your Instance will still be visible on the Instances page with Status Shelved Offloaded. To get the Instance back up and running, select "Unshelve" from the actions menu.<br />
:* '''Resize Instance''': Allows you to select a new Instance flavor. After you have selected it, Status will be shown as "Confirm or Revert Resize/Migrate" you will have to confirm in the Actions dropdown, after which the Instance will be taken down and then come back up with the new computational resources available to it. On Linux you can check with commands such as <code>lscpu</code> or <code>cat /proc/cpuinfo</code>; on Windows you can, for example, use the "Performance" tab of Task Manager to see the available cores.<br />
:* '''Resume Instance''': Will restart the Instance from states of Paused and Suspended<br />
:* '''Soft Reboot Instance''' or '''Hard Reboot Instance''': Reboot your instance, either through issuing a command to the operation system ("Soft") or as if power-cycling the Instance ("Hard")<br />
:* '''Shut Off Instance''': Like powering off the Instance, an action you will need to confirm in a pop-up window. The Status shown will be Shutoff and you will need to "Restart" to get it back. Additionally, if you are logged into an instance and use an OS command such as <code>sudo poweroff</code> or <code>sudo init</code>, the Instances page will show the same status and you will need to select "Restart" to get the Instance back up and running. In this state, ''you are still being charged for computational resources''.<br />
<br />
===Deleting a Red Cloud instance===<br />
<br />
For data safety, make sure to back up any data you want to keep before deleting any volumes or instances. You can avoid creating orphaned boot volumes when deleting volumes by following the two-step procedure below. If the instance was deleted before the boot volume could identified, skip to step 2. <br />
<br />
'''Step 1: Identify the boot volumes before deleting the instances.''' <br />
<br />
* View your list of instances at https://redcloud.cac.cornell.edu/dashboard/project/instances/.<br />
* For each instance you would like to delete, click the instance name to load the overview page. Find the "Attached to" line in the "Volumes" section at the bottom of the page. It will look something like the entry below:<br />
<pre><br />
Volumes Attached<br />
Attached To d35e1234-b99d-48a9-a827-97d6f8eca4fb on /dev/vda<br />
</pre><br />
* Note the long alphanumeric string (<code>d35e1234-b99d-48a9-a827-97d6f8eca4fb</code>) and copy it to a note. If you created separate data storage volumes, you might see them attached to an instance as well (as second or third attached volumes).<br />
* After you have made notes about which attached volumes to remove in step 2, delete the instance using the drop down menu at the end of the instance row.<br />
* Repeat for each additional unwanted volume. <br />
<br />
<br />
'''Step 2: Manually delete the identified boot volumes after deleting the instances.''' <br />
<br />
* View your volumes at https://redcloud.cac.cornell.edu/dashboard/project/volumes/. <br />
* Depending on the options selected when the instance was created, a deleted instance might leave an orphaned boot volume behind.<br />
* Use the list of drive identifiers generated in step 1 to select and delete any orphaned volumes. You can use the drop down menu at the end of each row to delete each orphaned volume. <br />
* For the remaining volumes, click on the volume name to see the volume overview. It might be possible to identify unwanted volumes from this meta-data (i.e. you can tell it is a boot volume because it is based on an OS image). It is up to you to verify that volumes are truly unwanted and that important data has been backed up before deleting. <br />
** OS-image-based volumes are almost certainly boot volumes and if they are not attached to any current instance, they may be orphaned. <br />
** If you are left with unidentifiable volumes, it is possible to mount these to an instance and inspect their contents. <br />
** In some cases, it is easier to identify the volumes you want to keep by identifying the boot and data volumes attached to instances you are using. <br />
* The storage information updates about once every 4 hours. After you have deleted the volumes and the storage information updates, your project page should show a lower storage usage.<br />
<br />
== Migrate an Instance to a New Project ==<br />
<br />
Occasionally, you may have an instance in one Red Cloud project that you would like to migrate to a different project.<br />
If you have been working in an exploratory project and are transitioning to using a permanent project, you may want to bring along the instances you have created.<br />
Or, you may want to share an instance with someone who is working in another project.<br />
The [[Migrate_an_Instance_to_a_New_Project|steps to perform such migrations]] are not difficult and can be performed through the Red Cloud (Horizon) web interface.</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Red_Cloud&diff=3786Red Cloud2021-11-24T17:18:06Z<p>Cjc73: /* Common unintentional storage use patterns */</p>
<hr />
<div>This wiki provides documentation for [https://{{SERVERNAME}}/redcloud Red Cloud], an on-demand research [https://en.wikipedia.org/wiki/Cloud_computing cloud computing] service maintained and supported by the [https://www.cac.cornell.edu/ CAC]. At present, Red Cloud is an Infrastructure as a Service (IaaS) based on [[OpenStack]].<br />
<br />
Instructions on these pages apply to users who have a [https://www.cac.cornell.edu/services/projects.aspx Red Cloud subscription] they are managing, though some instructions may also apply to users of subscriptions managed by someone else. Individuals who manage a Red Cloud subscription can create, administer, and delete virtual servers and storage in Red Cloud.<br />
<br />
__TOC__<br />
<br />
== How To Read This Documentation ==<br />
<br />
:* '''Exploratory Account Users (if you received a trial account)'''<br />
:** Read through all the sections on this page targeting New Users.<br />
:** Look through the [[#Important Pages|Important Pages]] listed below to help you get started managing Red Cloud resources.<br />
:** Pay particular attention to the [[#Accounting:_Don.27t_Use_Up_Your_Subscription_by_Accident.21|Accounting]] section on this page, as your exploratory project ends when you have exhausted your subscription.<br />
:** An important point to remember is that you are ''not'' the PI on your account, so you can ignore any instructions targeting PIs on a project.<br />
:* '''New Users (if you are new to Red Cloud)'''<br />
:** Read through all the sections on this page targeting New Users.<br />
:** Look through the [[#Important Pages|Important Pages]] listed to help you get started managing Red Cloud resources.<br />
:** If you are ''not'' the PI on your account, you can ignore any instructions targeting PIs.<br />
:* '''Returning Users (all other users)'''<br />
:** Check out the section dedicated to [[#All Users|all users]].<br />
:** You may also want to look through the [[#Important Pages|Important Pages]] listed to help you manage Red Cloud resources.<br />
:** If you are ''not'' the PI on your account, you can ignore any instructions targeting PIs.<br />
<br />
'''Note:''' All links on our wiki are colored red and underlined. Each of the external links will have dotted underlining and an icon next to them that looks like an arrow pointing out of a box, whereas internal links have a solid underline and do not have any icon. This can help you navigate by knowing that the external links are not part of our documentation or "how to" instructions.<br />
<br />
=== Important Pages ===<br />
<br />
Here is a suggested list of pages to look over to help with getting started managing resources.<br />
<br />
# '''This page''' - includes information about:<br />
#* The [[#CAC_Account_First_Time_Login|first time you login]] to your [https://www.cac.cornell.edu/services/myacct.aspx CAC Account]<br />
#* [[#How_to_Access_Instances|Accessing resources]]<br />
#* [[#Accounting:_Don.27t_Use_Up_Your_Subscription_by_Accident.21|Accounting]]<br />
# '''[[OpenStack]]''' - a '''highly recommended''' quick-start page including instructions for:<br />
#* The [[OpenStack#Using_the_OpenStack_Web_Interface_.28Horizon.29|Web interface]]<br />
#* [[OpenStack#Instances|Managing instances]] including:<br />
#** [[OpenStack#Launching an Instance|launching a new instance]]<br />
#** [[OpenStack#Instance_States|changing instance state]]<br />
#* [https://www.youtube.com/channel/UCVPGMVWhp3sqWZFU5NntjTA CAC's YouTube Channel] also has a series of video tutorials on how to use the web interface ([https://www.youtube.com/playlist?list=PL8ErN3EFA8GwPNveay5j9crgGQ95iEObp playlist])<br />
# Either instructions for '''[[Red_Cloud_Linux_Instances|Linux Instances]]''' OR '''[[Red_Cloud_Windows_Instances|Windows Instances]]'''<br />
#* There are special instructions if you intend to use [[MATLAB Parallel Server in Red Cloud]]<br />
#* There is also a [[Linux Tutorial]] for those new to Linux system administration, or if you want a refresher<br />
# If you are planning to use '''GPUs in Red Cloud''':<br />
#* [[GPUs in Red Cloud]]<br />
#* [[Red Cloud GPU Image Usage]]<br />
<!-- #* [[Docker]] - coming soon --><br />
<br />
== New Users ==<br />
<br />
New users would be best served by reading this complete page first, then reading through the pages listed in the [[#Important Pages|Important Pages]] section. New users are also encouraged to explore the [[Getting Started]] page, which includes a lot more general information on using CAC resources beyond Red Cloud.<br />
<br />
'''Note for new Linux users:''' As the root user, you will have complete control over access to the system, such as setting up users and their permissions, defining the firewall, and more. This means that the primary user of a Linux system '''must be familiar with Linux system administration'''. Aside from the basics of using the command line, this includes familiarity with: creating and modifying users, installing software, configuring software for remote logins, and managing/transferring data. For users that want to use Red Cloud, but do not have much system administration experience, we've written a [[Linux Tutorial]] that should work for RedHat/CentOS and Ubuntu Linux systems. [https://{{SERVERNAME}}/services/ Consulting] is also available to answer general questions about systems administration, or for help on specific software and research problems.<br />
<br />
=== CAC Account First Time Login === <br />
<br />
When you are added to a CAC project, you will receive an e-mail confirming your Red Cloud access. You must '''change the automatically generated password immediately''' for security reasons and to access computing resources. Refer to the instructions for [[Getting_Started#Managing_your_password|managing your password]] as needed.<br />
<br />
If you are a PI or a PI's proxy for a new project (If you are not sure what your role is or what you can do, please review [https://www.cac.cornell.edu/Services/projects.aspx this page]), verify that you have added a subscription to your project; see the [https://www.cac.cornell.edu/Services/projects/manage.aspx Manage Projects] page. After waiting up to an hour for account information to propagate, you will then be ready to download the [[OpenStack]] credentials and start managing Red Cloud resources.<br />
<br />
=== How to Create and Manage Red Cloud Resources ===<br />
<br />
Red Cloud is a private research cloud with an '''OpenStack''' backend. Interacting with [[OpenStack]] is how resources can be managed. In this case, resources can refer to [[OpenStack#Instances|instances]] (or [//en.wikipedia.org/wiki/Virtual_machine#Definitions virtual machines]), [[Images|images]], and [[Volumes|volumes]]. <br />
<br />
An instance is a virtual machine (VM), which is the main computational resource. To create an instance, you will need an image. You can use default images to create your instance, or you can create and upload an image to OpenStack and use that to create your instance. A volume is a collection of data that is attached to the instance. You should start by creating an instance. For more information on each resource, click the corresponding links.<br />
<br />
There are two ways to interact with OpenStack:<br />
<br />
:* '''The OpenStack Web Interface (Horizon)'''<br />
:** Go to the [//redcloud.cac.cornell.edu OpenStack Web Interface]<br />
:** For a walk-through, see the [[OpenStack]] page, which includes step-by-step instructions to launch and configure your instance<br />
:** New users may particularly benefit from viewing the video tutorials available on [https://www.youtube.com/channel/UCVPGMVWhp3sqWZFU5NntjTA CAC's YouTube Channel] ([https://www.youtube.com/playlist?list=PL8ErN3EFA8GwPNveay5j9crgGQ95iEObp playlist])<br />
:* '''The Command-Line Interface (CLI) called the OpenStack CLI'''<br />
:** Linux command-line tools provided by [[OpenStack]]<br />
:** For a walk-through, see the [[OpenStack CLI]] page<br />
:** Also see the [https://docs.openstack.org/python-openstackclient/pike/ official OpenStack CLI documentation]<br />
<br />
'''Note:''' Regardless which method you choose (Web Interface or Command Line Interface), you must first follow the [[#First Time Login | First Time Login]] instructions.<br />
<br />
=== How to Access Instances ===<br />
<br />
Depending on which operating system you are planning on running on your instances, you should also refer to one of the following pages:<br />
:* [[Red Cloud Linux Instances | Linux Instances]] - especially the [[Red_Cloud_Linux_Instances#Accessing_Instances|accessing instances]] section (also see [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting]] if needed)<br />
:* [[Red Cloud Windows Instances | Windows Instances]] - especially the [[Red_Cloud_Windows_Instances#Accessing_Instances|accessing instances]] section<br />
<br />
=== Accounting: Don't Use Up Your Subscription by Accident! ===<br />
<br />
To understand how billing works, it is necessary to understand a bit about how Red Cloud operates. Red Cloud enables the user to [[OpenStack#Instance_States|control the state]] of system [//en.wikipedia.org/wiki/Virtual_machine#Definitions virtual machines (VMs)], such as start, pause, suspend, shelve, and delete (see [[OpenStack#Instance_States|Instance States]] for a full list). Since starting a VM allocates memory and CPU resources on a physical machine to that VM,''' subscriptions are billed based on the length of time a VM is running, even if it is idle and doing NO work for the user'''. This is fair because your running [[OpenStack#Instances|instance]] will prevent others from using the hardware, even if the hardware is idle.<br />
<br />
Thus, '''the best way to avoid using up your subscription''' needlessly is to make sure you [[OpenStack#Instance_States|'''''shelve''''']] your Red Cloud instance any time you are not using it. It is very simple to do this via the menu in the [[OpenStack#Using_the_OpenStack_Web_Interface_.28Horizon.29|OpenStack Web Interface]]. You can always start the instance again later, and the disk contents will be unchanged. It is just like shutting down your laptop.<br />
<br />
Whenever you have one or more instances that are up and running, the amount that is deducted from your Red Cloud subscription is: the length of time that your instances are running, multiplied by the number of cores that you are occupying with those instances. This implies that you should also take advantage of the various [[OpenStack#Instances|instance sizes]] available. For example, it is usually best to choose a small instance type to do your development work.<br />
<br />
It is worth pointing out that Red Cloud allows the [[Resizing an Instance| instance type]] to be changed if the VM is stopped (i.e. shut down). This allows you to "scale up" an instance at any time by stopping it, choosing a larger size for it, and starting it back up. You can shrink an instance in the same way. If you intend to use a large instance, we '''recommend''' that you start with the smallest instance size you can to install software and get used to your instance ''before'' [[Resizing an Instance|resizing your instance]] to the full size you would like.<br />
<br />
Here are a couple of motivating examples for you. Let's say you have an exploratory account, with just 165 core hours to start. If you leave a 1-core node running around the clock, you will use up the entire account in a little less than a week. Similarly, let's say you are on a CAC project with a Red Cloud subscription (8,585 core hours). If you start up an instance with 4 cores (sometimes called CPUs in [[OpenStack]]), and you leave the instance running for a week, or 168 hours, you will use up (168 hours)*(4 cores) or 672 core hours, or 8% of the subscription.<br />
<br />
All of the above is true for [[Red Cloud Linux Instances | Linux instances]] and [[Red Cloud Windows Instances | Windows instances]]; note that Cornell users do not need to pay for a [[Red Cloud Windows Instances#Windows_Activation|Windows license]] in Red Cloud.<br />
<br />
We recommend you check your balance frequently using pages provided for [https://{{SERVERNAME}}/services/cu/Memberlimits.aspx Cornell]<br />
or<br />
[https://{{SERVERNAME}}/services/external/Memberlimits.aspx external]<br />
users.<br />
<br />
===Accounting: What is using my Red Cloud storage space?===<br />
<br />
If a project is using more storage space than expected, the CAC Project PI or a CAC Project Proxy should view the volumes associated with the project at the [https://www.cac.cornell.edu/Services/Projects/manage.aspx project management page]. The ''Red Cloud Storage'' entry in the ''Project Resource Limits'' section shows the total amount of storage used and identifies the volumes associated with the project. It should resemble the output shown below. This information is also available in a less compact form at the project's Red Cloud [https://redcloud.cac.cornell.edu/dashboard/project/volumes/ Openstack dashboard] <br />
<br />
{| class="wikitable"<br />
|-<br />
|'''272 GB used as of 11/23/2021 4:01:42 PM'''<br />
|-<br />
|<br />
* 36 GBs on 7e6de1a7-1e01-4ccc-99d7-f98b140f7525<br />
* 50 GBs on b5f02c0f-1dba-45d4-a029-94b2714bedbe<br />
* 100 GBs on 3483f718-6673-4080-9b89-97d3c578bf19<br />
* 36 GBs on 739ee9dc-3fb3-46a1-98d8-3e994b31f0aa<br />
* 50 GBs on cf4787b6-3afd-4606-ad11-caa0bed1b61f<br />
|-<br />
|+ Example of storage usage.<br />
|}<br />
<br />
====Common unintentional storage use patterns====<br />
<br />
<!--- =====Orphaned boot volumes===== ---><br />
<br />
The most common cause of unintentional storage use is orphaned boot volumes left behind from deleted instances. When a project member deletes an instance without noting and deleting the corresponding boot volume, the boot volume will remain in the project storage. While it is possible to configure an instance to delete the boot volume when the instance is deleted, this option is not the default setting and must be selected when the instance is created. <br />
<br />
Your project might be storing orphaned boot images if you have more volumes than instances. The default size of boot volumes tends to be in the 30-50 GB range. Your project may also use volumes for data storage but these volumes tend to be larger than 50 GB. <br />
<br />
You can avoid creating orphaned boot volumes by following a two step procedure when [https://www.cac.cornell.edu/wiki/index.php?title=OpenStack#Deleting_a_Red_Cloud_instance deleting a Red Cloud instance]. If the instances were already deleted at some point in the past, skip to step 2 in [https://www.cac.cornell.edu/wiki/index.php?title=OpenStack#Deleting_a_Red_Cloud_instance deleting a Red Cloud instance].<br />
<br />
== All Users ==<br />
<br />
Please refer to the [[OpenStack]] page for more in-depth guidance on how to use Red Cloud, and read either [[Red Cloud Linux Instances | Linux instances]] or [[Red Cloud Windows Instances | Windows instances]] based on what systems will be used. <br />
<br />
The current [https://www.cac.cornell.edu/RedCloud/status/ Red Cloud System Status] can be checked anytime.<br />
<br />
=== Common Tasks ===<br />
<br />
Here are some links to help you with particular aspects of using Red Cloud: <br />
:* [[Linux Tutorial]] - This may help you get up and running with some basic systems administration tasks. It is not intended to be comprehensive.<br />
:* Information on choosing [[Instance Types | instance flavor]] (the CPU and RAM configuration of the virtual machine). <br />
:* [[Resizing volumes | Extending or shrinking a volume]] is a separate issue, and is somewhat more involved.<br />
:* [//it.cornell.edu/services/ezbackup/ EZ-backup] - a CIT solution for backups. Data stored on Red Cloud is not backed up by default; users are responsible for their own backups.<br />
:* Data in CAC [[Archival_Storage| Archival Storage]] is intended to be an additional copy of user data; CAC Archival Storage is not backed up or snapshotted.<br />
:* All CAC resources are suitable for unregulated, non-confidential data ([https://it.cornell.edu/security-and-policy/data-types-confidential-regulated-restricted-public reference] for details). <br />
<!-- :* [[GPUs in Red Cloud]] --><br />
<br />
===Acknowledging CAC===<br />
{{:Acknowledging CAC}}<br />
<br />
== Software on Red Cloud ==<br />
<br />
Generally, new instances launched on Red Cloud will contain basic operating system software and utilities, but will not contain pre-installed scientific applications. It is your responsibility to install any relevant applications either using a built-in package manager or by transferring your application code to the instance (e.g., via scp or sftp). In some cases, however, there are resources available to support running particular applications, as described below:<br />
:* On Linux instances, information on using package managers to install software: ( [[Linux Tutorial#Installing_Software | Using apt on Ubuntu]] ) ([[Linux Tutorial#Installing_Software_2 | Using yum on Centos]] )<br />
:* [[Installing R| Installing R]], a commonly used programming language and statistical analysis environment<br />
:* Running [[MATLAB Parallel Server in Red Cloud | MATLAB Parallel Server in Red Cloud]]<br />
:* Running [[OpenFOAM | OpenFOAM-7 in a Docker container]]<br />
:* Creating and using a [[Red Cloud GPU Image Usage | GPU Instance with pre-installed software]] (CUDA, NVIDIA Driver, Anaconda, Docker, Jupyter, MATLAB, etc.)<br />
<br />
== FAQ ==<br />
<br />
:* [[FAQ#Red_Cloud| Red Cloud FAQ]]</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Red_Cloud&diff=3785Red Cloud2021-11-24T17:17:26Z<p>Cjc73: /* Accounting: What is using my Red Cloud storage space? */</p>
<hr />
<div>This wiki provides documentation for [https://{{SERVERNAME}}/redcloud Red Cloud], an on-demand research [https://en.wikipedia.org/wiki/Cloud_computing cloud computing] service maintained and supported by the [https://www.cac.cornell.edu/ CAC]. At present, Red Cloud is an Infrastructure as a Service (IaaS) based on [[OpenStack]].<br />
<br />
Instructions on these pages apply to users who have a [https://www.cac.cornell.edu/services/projects.aspx Red Cloud subscription] they are managing, though some instructions may also apply to users of subscriptions managed by someone else. Individuals who manage a Red Cloud subscription can create, administer, and delete virtual servers and storage in Red Cloud.<br />
<br />
__TOC__<br />
<br />
== How To Read This Documentation ==<br />
<br />
:* '''Exploratory Account Users (if you received a trial account)'''<br />
:** Read through all the sections on this page targeting New Users.<br />
:** Look through the [[#Important Pages|Important Pages]] listed below to help you get started managing Red Cloud resources.<br />
:** Pay particular attention to the [[#Accounting:_Don.27t_Use_Up_Your_Subscription_by_Accident.21|Accounting]] section on this page, as your exploratory project ends when you have exhausted your subscription.<br />
:** An important point to remember is that you are ''not'' the PI on your account, so you can ignore any instructions targeting PIs on a project.<br />
:* '''New Users (if you are new to Red Cloud)'''<br />
:** Read through all the sections on this page targeting New Users.<br />
:** Look through the [[#Important Pages|Important Pages]] listed to help you get started managing Red Cloud resources.<br />
:** If you are ''not'' the PI on your account, you can ignore any instructions targeting PIs.<br />
:* '''Returning Users (all other users)'''<br />
:** Check out the section dedicated to [[#All Users|all users]].<br />
:** You may also want to look through the [[#Important Pages|Important Pages]] listed to help you manage Red Cloud resources.<br />
:** If you are ''not'' the PI on your account, you can ignore any instructions targeting PIs.<br />
<br />
'''Note:''' All links on our wiki are colored red and underlined. Each of the external links will have dotted underlining and an icon next to them that looks like an arrow pointing out of a box, whereas internal links have a solid underline and do not have any icon. This can help you navigate by knowing that the external links are not part of our documentation or "how to" instructions.<br />
<br />
=== Important Pages ===<br />
<br />
Here is a suggested list of pages to look over to help with getting started managing resources.<br />
<br />
# '''This page''' - includes information about:<br />
#* The [[#CAC_Account_First_Time_Login|first time you login]] to your [https://www.cac.cornell.edu/services/myacct.aspx CAC Account]<br />
#* [[#How_to_Access_Instances|Accessing resources]]<br />
#* [[#Accounting:_Don.27t_Use_Up_Your_Subscription_by_Accident.21|Accounting]]<br />
# '''[[OpenStack]]''' - a '''highly recommended''' quick-start page including instructions for:<br />
#* The [[OpenStack#Using_the_OpenStack_Web_Interface_.28Horizon.29|Web interface]]<br />
#* [[OpenStack#Instances|Managing instances]] including:<br />
#** [[OpenStack#Launching an Instance|launching a new instance]]<br />
#** [[OpenStack#Instance_States|changing instance state]]<br />
#* [https://www.youtube.com/channel/UCVPGMVWhp3sqWZFU5NntjTA CAC's YouTube Channel] also has a series of video tutorials on how to use the web interface ([https://www.youtube.com/playlist?list=PL8ErN3EFA8GwPNveay5j9crgGQ95iEObp playlist])<br />
# Either instructions for '''[[Red_Cloud_Linux_Instances|Linux Instances]]''' OR '''[[Red_Cloud_Windows_Instances|Windows Instances]]'''<br />
#* There are special instructions if you intend to use [[MATLAB Parallel Server in Red Cloud]]<br />
#* There is also a [[Linux Tutorial]] for those new to Linux system administration, or if you want a refresher<br />
# If you are planning to use '''GPUs in Red Cloud''':<br />
#* [[GPUs in Red Cloud]]<br />
#* [[Red Cloud GPU Image Usage]]<br />
<!-- #* [[Docker]] - coming soon --><br />
<br />
== New Users ==<br />
<br />
New users would be best served by reading this complete page first, then reading through the pages listed in the [[#Important Pages|Important Pages]] section. New users are also encouraged to explore the [[Getting Started]] page, which includes a lot more general information on using CAC resources beyond Red Cloud.<br />
<br />
'''Note for new Linux users:''' As the root user, you will have complete control over access to the system, such as setting up users and their permissions, defining the firewall, and more. This means that the primary user of a Linux system '''must be familiar with Linux system administration'''. Aside from the basics of using the command line, this includes familiarity with: creating and modifying users, installing software, configuring software for remote logins, and managing/transferring data. For users that want to use Red Cloud, but do not have much system administration experience, we've written a [[Linux Tutorial]] that should work for RedHat/CentOS and Ubuntu Linux systems. [https://{{SERVERNAME}}/services/ Consulting] is also available to answer general questions about systems administration, or for help on specific software and research problems.<br />
<br />
=== CAC Account First Time Login === <br />
<br />
When you are added to a CAC project, you will receive an e-mail confirming your Red Cloud access. You must '''change the automatically generated password immediately''' for security reasons and to access computing resources. Refer to the instructions for [[Getting_Started#Managing_your_password|managing your password]] as needed.<br />
<br />
If you are a PI or a PI's proxy for a new project (If you are not sure what your role is or what you can do, please review [https://www.cac.cornell.edu/Services/projects.aspx this page]), verify that you have added a subscription to your project; see the [https://www.cac.cornell.edu/Services/projects/manage.aspx Manage Projects] page. After waiting up to an hour for account information to propagate, you will then be ready to download the [[OpenStack]] credentials and start managing Red Cloud resources.<br />
<br />
=== How to Create and Manage Red Cloud Resources ===<br />
<br />
Red Cloud is a private research cloud with an '''OpenStack''' backend. Interacting with [[OpenStack]] is how resources can be managed. In this case, resources can refer to [[OpenStack#Instances|instances]] (or [//en.wikipedia.org/wiki/Virtual_machine#Definitions virtual machines]), [[Images|images]], and [[Volumes|volumes]]. <br />
<br />
An instance is a virtual machine (VM), which is the main computational resource. To create an instance, you will need an image. You can use default images to create your instance, or you can create and upload an image to OpenStack and use that to create your instance. A volume is a collection of data that is attached to the instance. You should start by creating an instance. For more information on each resource, click the corresponding links.<br />
<br />
There are two ways to interact with OpenStack:<br />
<br />
:* '''The OpenStack Web Interface (Horizon)'''<br />
:** Go to the [//redcloud.cac.cornell.edu OpenStack Web Interface]<br />
:** For a walk-through, see the [[OpenStack]] page, which includes step-by-step instructions to launch and configure your instance<br />
:** New users may particularly benefit from viewing the video tutorials available on [https://www.youtube.com/channel/UCVPGMVWhp3sqWZFU5NntjTA CAC's YouTube Channel] ([https://www.youtube.com/playlist?list=PL8ErN3EFA8GwPNveay5j9crgGQ95iEObp playlist])<br />
:* '''The Command-Line Interface (CLI) called the OpenStack CLI'''<br />
:** Linux command-line tools provided by [[OpenStack]]<br />
:** For a walk-through, see the [[OpenStack CLI]] page<br />
:** Also see the [https://docs.openstack.org/python-openstackclient/pike/ official OpenStack CLI documentation]<br />
<br />
'''Note:''' Regardless which method you choose (Web Interface or Command Line Interface), you must first follow the [[#First Time Login | First Time Login]] instructions.<br />
<br />
=== How to Access Instances ===<br />
<br />
Depending on which operating system you are planning on running on your instances, you should also refer to one of the following pages:<br />
:* [[Red Cloud Linux Instances | Linux Instances]] - especially the [[Red_Cloud_Linux_Instances#Accessing_Instances|accessing instances]] section (also see [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting]] if needed)<br />
:* [[Red Cloud Windows Instances | Windows Instances]] - especially the [[Red_Cloud_Windows_Instances#Accessing_Instances|accessing instances]] section<br />
<br />
=== Accounting: Don't Use Up Your Subscription by Accident! ===<br />
<br />
To understand how billing works, it is necessary to understand a bit about how Red Cloud operates. Red Cloud enables the user to [[OpenStack#Instance_States|control the state]] of system [//en.wikipedia.org/wiki/Virtual_machine#Definitions virtual machines (VMs)], such as start, pause, suspend, shelve, and delete (see [[OpenStack#Instance_States|Instance States]] for a full list). Since starting a VM allocates memory and CPU resources on a physical machine to that VM,''' subscriptions are billed based on the length of time a VM is running, even if it is idle and doing NO work for the user'''. This is fair because your running [[OpenStack#Instances|instance]] will prevent others from using the hardware, even if the hardware is idle.<br />
<br />
Thus, '''the best way to avoid using up your subscription''' needlessly is to make sure you [[OpenStack#Instance_States|'''''shelve''''']] your Red Cloud instance any time you are not using it. It is very simple to do this via the menu in the [[OpenStack#Using_the_OpenStack_Web_Interface_.28Horizon.29|OpenStack Web Interface]]. You can always start the instance again later, and the disk contents will be unchanged. It is just like shutting down your laptop.<br />
<br />
Whenever you have one or more instances that are up and running, the amount that is deducted from your Red Cloud subscription is: the length of time that your instances are running, multiplied by the number of cores that you are occupying with those instances. This implies that you should also take advantage of the various [[OpenStack#Instances|instance sizes]] available. For example, it is usually best to choose a small instance type to do your development work.<br />
<br />
It is worth pointing out that Red Cloud allows the [[Resizing an Instance| instance type]] to be changed if the VM is stopped (i.e. shut down). This allows you to "scale up" an instance at any time by stopping it, choosing a larger size for it, and starting it back up. You can shrink an instance in the same way. If you intend to use a large instance, we '''recommend''' that you start with the smallest instance size you can to install software and get used to your instance ''before'' [[Resizing an Instance|resizing your instance]] to the full size you would like.<br />
<br />
Here are a couple of motivating examples for you. Let's say you have an exploratory account, with just 165 core hours to start. If you leave a 1-core node running around the clock, you will use up the entire account in a little less than a week. Similarly, let's say you are on a CAC project with a Red Cloud subscription (8,585 core hours). If you start up an instance with 4 cores (sometimes called CPUs in [[OpenStack]]), and you leave the instance running for a week, or 168 hours, you will use up (168 hours)*(4 cores) or 672 core hours, or 8% of the subscription.<br />
<br />
All of the above is true for [[Red Cloud Linux Instances | Linux instances]] and [[Red Cloud Windows Instances | Windows instances]]; note that Cornell users do not need to pay for a [[Red Cloud Windows Instances#Windows_Activation|Windows license]] in Red Cloud.<br />
<br />
We recommend you check your balance frequently using pages provided for [https://{{SERVERNAME}}/services/cu/Memberlimits.aspx Cornell]<br />
or<br />
[https://{{SERVERNAME}}/services/external/Memberlimits.aspx external]<br />
users.<br />
<br />
===Accounting: What is using my Red Cloud storage space?===<br />
<br />
If a project is using more storage space than expected, the CAC Project PI or a CAC Project Proxy should view the volumes associated with the project at the [https://www.cac.cornell.edu/Services/Projects/manage.aspx project management page]. The ''Red Cloud Storage'' entry in the ''Project Resource Limits'' section shows the total amount of storage used and identifies the volumes associated with the project. It should resemble the output shown below. This information is also available in a less compact form at the project's Red Cloud [https://redcloud.cac.cornell.edu/dashboard/project/volumes/ Openstack dashboard] <br />
<br />
{| class="wikitable"<br />
|-<br />
|'''272 GB used as of 11/23/2021 4:01:42 PM'''<br />
|-<br />
|<br />
* 36 GBs on 7e6de1a7-1e01-4ccc-99d7-f98b140f7525<br />
* 50 GBs on b5f02c0f-1dba-45d4-a029-94b2714bedbe<br />
* 100 GBs on 3483f718-6673-4080-9b89-97d3c578bf19<br />
* 36 GBs on 739ee9dc-3fb3-46a1-98d8-3e994b31f0aa<br />
* 50 GBs on cf4787b6-3afd-4606-ad11-caa0bed1b61f<br />
|-<br />
|+ Example of storage usage.<br />
|}<br />
<br />
====Common unintentional storage use patterns====<br />
<br />
<!--- =====Orphaned boot volumes===== ---><br />
<br />
The most common cause of unintentional storage use is orphaned boot volumes left behind from deleted instances. When a project member deletes an instance without noting and deleting the corresponding boot volume, the boot volume will remain in the project storage. While it is possible to configure an instance to delete the boot volume when the instance is deleted, this option is not the default setting and must be selected when the instance is created. <br />
<br />
Your project might be storing orphaned boot images if you have more volumes than instances. The default size of boot volumes tends to be in the 30-50 GB range. Your project may also use volumes for data storage but these volumes tend to be larger than 50 GB. <br />
<br />
You can avoid creating orphaned boot volumes by following a two step procedure when [https://www.cac.cornell.edu/wiki/index.php?title=OpenStack#Deleting_a_Red_Cloud_instance deleting a Red Cloud instance]. If the instances were already deleted at some point in the past, skip to step 2.<br />
<br />
== All Users ==<br />
<br />
Please refer to the [[OpenStack]] page for more in-depth guidance on how to use Red Cloud, and read either [[Red Cloud Linux Instances | Linux instances]] or [[Red Cloud Windows Instances | Windows instances]] based on what systems will be used. <br />
<br />
The current [https://www.cac.cornell.edu/RedCloud/status/ Red Cloud System Status] can be checked anytime.<br />
<br />
=== Common Tasks ===<br />
<br />
Here are some links to help you with particular aspects of using Red Cloud: <br />
:* [[Linux Tutorial]] - This may help you get up and running with some basic systems administration tasks. It is not intended to be comprehensive.<br />
:* Information on choosing [[Instance Types | instance flavor]] (the CPU and RAM configuration of the virtual machine). <br />
:* [[Resizing volumes | Extending or shrinking a volume]] is a separate issue, and is somewhat more involved.<br />
:* [//it.cornell.edu/services/ezbackup/ EZ-backup] - a CIT solution for backups. Data stored on Red Cloud is not backed up by default; users are responsible for their own backups.<br />
:* Data in CAC [[Archival_Storage| Archival Storage]] is intended to be an additional copy of user data; CAC Archival Storage is not backed up or snapshotted.<br />
:* All CAC resources are suitable for unregulated, non-confidential data ([https://it.cornell.edu/security-and-policy/data-types-confidential-regulated-restricted-public reference] for details). <br />
<!-- :* [[GPUs in Red Cloud]] --><br />
<br />
===Acknowledging CAC===<br />
{{:Acknowledging CAC}}<br />
<br />
== Software on Red Cloud ==<br />
<br />
Generally, new instances launched on Red Cloud will contain basic operating system software and utilities, but will not contain pre-installed scientific applications. It is your responsibility to install any relevant applications either using a built-in package manager or by transferring your application code to the instance (e.g., via scp or sftp). In some cases, however, there are resources available to support running particular applications, as described below:<br />
:* On Linux instances, information on using package managers to install software: ( [[Linux Tutorial#Installing_Software | Using apt on Ubuntu]] ) ([[Linux Tutorial#Installing_Software_2 | Using yum on Centos]] )<br />
:* [[Installing R| Installing R]], a commonly used programming language and statistical analysis environment<br />
:* Running [[MATLAB Parallel Server in Red Cloud | MATLAB Parallel Server in Red Cloud]]<br />
:* Running [[OpenFOAM | OpenFOAM-7 in a Docker container]]<br />
:* Creating and using a [[Red Cloud GPU Image Usage | GPU Instance with pre-installed software]] (CUDA, NVIDIA Driver, Anaconda, Docker, Jupyter, MATLAB, etc.)<br />
<br />
== FAQ ==<br />
<br />
:* [[FAQ#Red_Cloud| Red Cloud FAQ]]</div>Cjc73https://www.cac.cornell.edu/wiki/index.php?title=Red_Cloud&diff=3784Red Cloud2021-11-24T16:38:07Z<p>Cjc73: /* Common unintentional storage use patterns */</p>
<hr />
<div>This wiki provides documentation for [https://{{SERVERNAME}}/redcloud Red Cloud], an on-demand research [https://en.wikipedia.org/wiki/Cloud_computing cloud computing] service maintained and supported by the [https://www.cac.cornell.edu/ CAC]. At present, Red Cloud is an Infrastructure as a Service (IaaS) based on [[OpenStack]].<br />
<br />
Instructions on these pages apply to users who have a [https://www.cac.cornell.edu/services/projects.aspx Red Cloud subscription] they are managing, though some instructions may also apply to users of subscriptions managed by someone else. Individuals who manage a Red Cloud subscription can create, administer, and delete virtual servers and storage in Red Cloud.<br />
<br />
__TOC__<br />
<br />
== How To Read This Documentation ==<br />
<br />
:* '''Exploratory Account Users (if you received a trial account)'''<br />
:** Read through all the sections on this page targeting New Users.<br />
:** Look through the [[#Important Pages|Important Pages]] listed below to help you get started managing Red Cloud resources.<br />
:** Pay particular attention to the [[#Accounting:_Don.27t_Use_Up_Your_Subscription_by_Accident.21|Accounting]] section on this page, as your exploratory project ends when you have exhausted your subscription.<br />
:** An important point to remember is that you are ''not'' the PI on your account, so you can ignore any instructions targeting PIs on a project.<br />
:* '''New Users (if you are new to Red Cloud)'''<br />
:** Read through all the sections on this page targeting New Users.<br />
:** Look through the [[#Important Pages|Important Pages]] listed to help you get started managing Red Cloud resources.<br />
:** If you are ''not'' the PI on your account, you can ignore any instructions targeting PIs.<br />
:* '''Returning Users (all other users)'''<br />
:** Check out the section dedicated to [[#All Users|all users]].<br />
:** You may also want to look through the [[#Important Pages|Important Pages]] listed to help you manage Red Cloud resources.<br />
:** If you are ''not'' the PI on your account, you can ignore any instructions targeting PIs.<br />
<br />
'''Note:''' All links on our wiki are colored red and underlined. Each of the external links will have dotted underlining and an icon next to them that looks like an arrow pointing out of a box, whereas internal links have a solid underline and do not have any icon. This can help you navigate by knowing that the external links are not part of our documentation or "how to" instructions.<br />
<br />
=== Important Pages ===<br />
<br />
Here is a suggested list of pages to look over to help with getting started managing resources.<br />
<br />
# '''This page''' - includes information about:<br />
#* The [[#CAC_Account_First_Time_Login|first time you login]] to your [https://www.cac.cornell.edu/services/myacct.aspx CAC Account]<br />
#* [[#How_to_Access_Instances|Accessing resources]]<br />
#* [[#Accounting:_Don.27t_Use_Up_Your_Subscription_by_Accident.21|Accounting]]<br />
# '''[[OpenStack]]''' - a '''highly recommended''' quick-start page including instructions for:<br />
#* The [[OpenStack#Using_the_OpenStack_Web_Interface_.28Horizon.29|Web interface]]<br />
#* [[OpenStack#Instances|Managing instances]] including:<br />
#** [[OpenStack#Launching an Instance|launching a new instance]]<br />
#** [[OpenStack#Instance_States|changing instance state]]<br />
#* [https://www.youtube.com/channel/UCVPGMVWhp3sqWZFU5NntjTA CAC's YouTube Channel] also has a series of video tutorials on how to use the web interface ([https://www.youtube.com/playlist?list=PL8ErN3EFA8GwPNveay5j9crgGQ95iEObp playlist])<br />
# Either instructions for '''[[Red_Cloud_Linux_Instances|Linux Instances]]''' OR '''[[Red_Cloud_Windows_Instances|Windows Instances]]'''<br />
#* There are special instructions if you intend to use [[MATLAB Parallel Server in Red Cloud]]<br />
#* There is also a [[Linux Tutorial]] for those new to Linux system administration, or if you want a refresher<br />
# If you are planning to use '''GPUs in Red Cloud''':<br />
#* [[GPUs in Red Cloud]]<br />
#* [[Red Cloud GPU Image Usage]]<br />
<!-- #* [[Docker]] - coming soon --><br />
<br />
== New Users ==<br />
<br />
New users would be best served by reading this complete page first, then reading through the pages listed in the [[#Important Pages|Important Pages]] section. New users are also encouraged to explore the [[Getting Started]] page, which includes a lot more general information on using CAC resources beyond Red Cloud.<br />
<br />
'''Note for new Linux users:''' As the root user, you will have complete control over access to the system, such as setting up users and their permissions, defining the firewall, and more. This means that the primary user of a Linux system '''must be familiar with Linux system administration'''. Aside from the basics of using the command line, this includes familiarity with: creating and modifying users, installing software, configuring software for remote logins, and managing/transferring data. For users that want to use Red Cloud, but do not have much system administration experience, we've written a [[Linux Tutorial]] that should work for RedHat/CentOS and Ubuntu Linux systems. [https://{{SERVERNAME}}/services/ Consulting] is also available to answer general questions about systems administration, or for help on specific software and research problems.<br />
<br />
=== CAC Account First Time Login === <br />
<br />
When you are added to a CAC project, you will receive an e-mail confirming your Red Cloud access. You must '''change the automatically generated password immediately''' for security reasons and to access computing resources. Refer to the instructions for [[Getting_Started#Managing_your_password|managing your password]] as needed.<br />
<br />
If you are a PI or a PI's proxy for a new project (If you are not sure what your role is or what you can do, please review [https://www.cac.cornell.edu/Services/projects.aspx this page]), verify that you have added a subscription to your project; see the [https://www.cac.cornell.edu/Services/projects/manage.aspx Manage Projects] page. After waiting up to an hour for account information to propagate, you will then be ready to download the [[OpenStack]] credentials and start managing Red Cloud resources.<br />
<br />
=== How to Create and Manage Red Cloud Resources ===<br />
<br />
Red Cloud is a private research cloud with an '''OpenStack''' backend. Interacting with [[OpenStack]] is how resources can be managed. In this case, resources can refer to [[OpenStack#Instances|instances]] (or [//en.wikipedia.org/wiki/Virtual_machine#Definitions virtual machines]), [[Images|images]], and [[Volumes|volumes]]. <br />
<br />
An instance is a virtual machine (VM), which is the main computational resource. To create an instance, you will need an image. You can use default images to create your instance, or you can create and upload an image to OpenStack and use that to create your instance. A volume is a collection of data that is attached to the instance. You should start by creating an instance. For more information on each resource, click the corresponding links.<br />
<br />
There are two ways to interact with OpenStack:<br />
<br />
:* '''The OpenStack Web Interface (Horizon)'''<br />
:** Go to the [//redcloud.cac.cornell.edu OpenStack Web Interface]<br />
:** For a walk-through, see the [[OpenStack]] page, which includes step-by-step instructions to launch and configure your instance<br />
:** New users may particularly benefit from viewing the video tutorials available on [https://www.youtube.com/channel/UCVPGMVWhp3sqWZFU5NntjTA CAC's YouTube Channel] ([https://www.youtube.com/playlist?list=PL8ErN3EFA8GwPNveay5j9crgGQ95iEObp playlist])<br />
:* '''The Command-Line Interface (CLI) called the OpenStack CLI'''<br />
:** Linux command-line tools provided by [[OpenStack]]<br />
:** For a walk-through, see the [[OpenStack CLI]] page<br />
:** Also see the [https://docs.openstack.org/python-openstackclient/pike/ official OpenStack CLI documentation]<br />
<br />
'''Note:''' Regardless which method you choose (Web Interface or Command Line Interface), you must first follow the [[#First Time Login | First Time Login]] instructions.<br />
<br />
=== How to Access Instances ===<br />
<br />
Depending on which operating system you are planning on running on your instances, you should also refer to one of the following pages:<br />
:* [[Red Cloud Linux Instances | Linux Instances]] - especially the [[Red_Cloud_Linux_Instances#Accessing_Instances|accessing instances]] section (also see [[Red_Cloud_Linux_Instances#Troubleshooting|troubleshooting]] if needed)<br />
:* [[Red Cloud Windows Instances | Windows Instances]] - especially the [[Red_Cloud_Windows_Instances#Accessing_Instances|accessing instances]] section<br />
<br />
=== Accounting: Don't Use Up Your Subscription by Accident! ===<br />
<br />
To understand how billing works, it is necessary to understand a bit about how Red Cloud operates. Red Cloud enables the user to [[OpenStack#Instance_States|control the state]] of system [//en.wikipedia.org/wiki/Virtual_machine#Definitions virtual machines (VMs)], such as start, pause, suspend, shelve, and delete (see [[OpenStack#Instance_States|Instance States]] for a full list). Since starting a VM allocates memory and CPU resources on a physical machine to that VM,''' subscriptions are billed based on the length of time a VM is running, even if it is idle and doing NO work for the user'''. This is fair because your running [[OpenStack#Instances|instance]] will prevent others from using the hardware, even if the hardware is idle.<br />
<br />
Thus, '''the best way to avoid using up your subscription''' needlessly is to make sure you [[OpenStack#Instance_States|'''''shelve''''']] your Red Cloud instance any time you are not using it. It is very simple to do this via the menu in the [[OpenStack#Using_the_OpenStack_Web_Interface_.28Horizon.29|OpenStack Web Interface]]. You can always start the instance again later, and the disk contents will be unchanged. It is just like shutting down your laptop.<br />
<br />
Whenever you have one or more instances that are up and running, the amount that is deducted from your Red Cloud subscription is: the length of time that your instances are running, multiplied by the number of cores that you are occupying with those instances. This implies that you should also take advantage of the various [[OpenStack#Instances|instance sizes]] available. For example, it is usually best to choose a small instance type to do your development work.<br />
<br />
It is worth pointing out that Red Cloud allows the [[Resizing an Instance| instance type]] to be changed if the VM is stopped (i.e. shut down). This allows you to "scale up" an instance at any time by stopping it, choosing a larger size for it, and starting it back up. You can shrink an instance in the same way. If you intend to use a large instance, we '''recommend''' that you start with the smallest instance size you can to install software and get used to your instance ''before'' [[Resizing an Instance|resizing your instance]] to the full size you would like.<br />
<br />
Here are a couple of motivating examples for you. Let's say you have an exploratory account, with just 165 core hours to start. If you leave a 1-core node running around the clock, you will use up the entire account in a little less than a week. Similarly, let's say you are on a CAC project with a Red Cloud subscription (8,585 core hours). If you start up an instance with 4 cores (sometimes called CPUs in [[OpenStack]]), and you leave the instance running for a week, or 168 hours, you will use up (168 hours)*(4 cores) or 672 core hours, or 8% of the subscription.<br />
<br />
All of the above is true for [[Red Cloud Linux Instances | Linux instances]] and [[Red Cloud Windows Instances | Windows instances]]; note that Cornell users do not need to pay for a [[Red Cloud Windows Instances#Windows_Activation|Windows license]] in Red Cloud.<br />
<br />
We recommend you check your balance frequently using pages provided for [https://{{SERVERNAME}}/services/cu/Memberlimits.aspx Cornell]<br />
or<br />
[https://{{SERVERNAME}}/services/external/Memberlimits.aspx external]<br />
users.<br />
<br />
===Accounting: What is using my Red Cloud storage space?===<br />
<br />
If a project is using more storage space than expected, the CAC Project PI or a CAC Project Proxy can view the volumes associated with the project at the [https://www.cac.cornell.edu/Services/Projects/manage.aspx project management page]. The Red Cloud Storage entry in the Project Resource Limits shows the total amount of storage used and identifies the volumes associated with the project. It should resemble the output shown below. <br />
<br />
{| class="wikitable"<br />
|-<br />
|'''272 GB used as of 11/23/2021 4:01:42 PM'''<br />
|-<br />
|<br />
* 36 GBs on 7e6de1a7-1e01-4ccc-99d7-f98b140f7525<br />
* 50 GBs on b5f02c0f-1dba-45d4-a029-94b2714bedbe<br />
* 100 GBs on 3483f718-6673-4080-9b89-97d3c578bf19<br />
* 36 GBs on 739ee9dc-3fb3-46a1-98d8-3e994b31f0aa<br />
* 50 GBs on cf4787b6-3afd-4606-ad11-caa0bed1b61f<br />
|-<br />
|+ Example of storage usage.<br />
|}<br />
<br />
====Common unintentional storage use patterns====<br />
<br />
<!--- =====Orphaned boot volumes===== ---><br />
<br />
The most common cause of unintentional storage use is orphaned boot volumes left behind from deleted instances. When a project member deletes an instance without noting and deleting the corresponding boot volume, the boot volume will remain in the project storage. While it is possible to configure an instance to delete the boot volume when the instance is deleted, this option is not the default setting and must be selected when the instance is created. <br />
<br />
Your project might be storing orphaned boot images if you have more volumes than instances. The default size of boot volumes tends to be in the 30-50 GB range. Your project may also use volumes for data storage but these volumes tend to be larger than 50 GB. <br />
<br />
You can avoid creating orphaned boot volumes by following a two step procedure when [https://www.cac.cornell.edu/wiki/index.php?title=OpenStack#Deleting_a_Red_Cloud_instance | deleting a Red Cloud instance]. If the instances were already deleted at some point in the past, skip to step 2.<br />
<br />
== All Users ==<br />
<br />
Please refer to the [[OpenStack]] page for more in-depth guidance on how to use Red Cloud, and read either [[Red Cloud Linux Instances | Linux instances]] or [[Red Cloud Windows Instances | Windows instances]] based on what systems will be used. <br />
<br />
The current [https://www.cac.cornell.edu/RedCloud/status/ Red Cloud System Status] can be checked anytime.<br />
<br />
=== Common Tasks ===<br />
<br />
Here are some links to help you with particular aspects of using Red Cloud: <br />
:* [[Linux Tutorial]] - This may help you get up and running with some basic systems administration tasks. It is not intended to be comprehensive.<br />
:* Information on choosing [[Instance Types | instance flavor]] (the CPU and RAM configuration of the virtual machine). <br />
:* [[Resizing volumes | Extending or shrinking a volume]] is a separate issue, and is somewhat more involved.<br />
:* [//it.cornell.edu/services/ezbackup/ EZ-backup] - a CIT solution for backups. Data stored on Red Cloud is not backed up by default; users are responsible for their own backups.<br />
:* Data in CAC [[Archival_Storage| Archival Storage]] is intended to be an additional copy of user data; CAC Archival Storage is not backed up or snapshotted.<br />
:* All CAC resources are suitable for unregulated, non-confidential data ([https://it.cornell.edu/security-and-policy/data-types-confidential-regulated-restricted-public reference] for details). <br />
<!-- :* [[GPUs in Red Cloud]] --><br />
<br />
===Acknowledging CAC===<br />
{{:Acknowledging CAC}}<br />
<br />
== Software on Red Cloud ==<br />
<br />
Generally, new instances launched on Red Cloud will contain basic operating system software and utilities, but will not contain pre-installed scientific applications. It is your responsibility to install any relevant applications either using a built-in package manager or by transferring your application code to the instance (e.g., via scp or sftp). In some cases, however, there are resources available to support running particular applications, as described below:<br />
:* On Linux instances, information on using package managers to install software: ( [[Linux Tutorial#Installing_Software | Using apt on Ubuntu]] ) ([[Linux Tutorial#Installing_Software_2 | Using yum on Centos]] )<br />
:* [[Installing R| Installing R]], a commonly used programming language and statistical analysis environment<br />
:* Running [[MATLAB Parallel Server in Red Cloud | MATLAB Parallel Server in Red Cloud]]<br />
:* Running [[OpenFOAM | OpenFOAM-7 in a Docker container]]<br />
:* Creating and using a [[Red Cloud GPU Image Usage | GPU Instance with pre-installed software]] (CUDA, NVIDIA Driver, Anaconda, Docker, Jupyter, MATLAB, etc.)<br />
<br />
== FAQ ==<br />
<br />
:* [[FAQ#Red_Cloud| Red Cloud FAQ]]</div>Cjc73