Tutorials

Create and connect to a Linux instance

Before you start using your Linux instance, make sure that your project has at least one subnet, since if it is not specified, an instance cannot be created. If necessary, you can create a subnet on your own.

CROC Cloud supports SSH key authentication.

  1. To add an SSH key, go to the SSH keys section and click Add key.

  2. You can use cloud-generated or custom key. Enter its name and click Add.

  3. Store the private part of the key locally, since it will be used in the future to remotely access the Linux instance.

Create an instance

To create a new Linux instance, use instance wizard.

Linux instance preparation

After the instance has entered the Running state, you can connect to it.

VMs created from CROC Cloud templates are accessed under the ec2-user account for which access by password is disabled. For this account, only access by SSH key is possible.

To connect via SSH, allow access from an external network to the specific port. Port 22 is used by default:

  1. Go to the Security groups tab on the instance page and click ID of the group to which the instance belongs.

  2. On the security group page, go to the Inbound rules tab.

  3. Add an enabling rule for the tcp protocol and port 22.

  4. Associate Elastic IP with a network interface of this instance.

Any SSH client can be used to access the instance.

Connecting to a Linux instance from Windows using Putty

Let’s discuss connecting from Windows using Putty.

To use Putty with an SSH key pre-saved on a local computer in .pem format, it should be converted to .ppk format. For this purpose:

  1. Run PuTTY Key Generator (PUTTYGEN.EXE).

  2. Click Load to load the key in .pem format to it.

  3. After loading the key, click Save private key and save the key in .ppk format:

Now, you can connect using the SSH key:

  1. Open Putty (PUTTY.EXE).

  2. In the Session tab, enter Elastic IP of the instance network interface and port 22, then choose the SSH connection type.

  3. Then, go to the SSH section and choose the Auth category.

  4. Click Browse to specify the path to the saved private part of the key (in the .ppk format)

  5. Click Open.

  6. In the command line, specify the ec2-user login

  7. Connection is established.

Connecting to a Linux instance from MacOS

Let’s discuss connecting to Linux from MacOS:

  1. Open a terminal

  2. Grant the necessary rights to the private key downloaded at the VM creation step, using the command:

    chmod 0600 ~/Downloads/my_ssh_key.pem
    
  3. Using the private key located (in our case) at ~/Downloads/my_ssh_key.pem, connect to the server c2-217-73-60-2.elastic.cloud.croc.ru under the ec2-user account:

    ssh ec2-user@c2-217-73-60-2.elastic.cloud.croc.ru -i ~/Downloads/my_ssh_key.pem
    
  4. Connection is established.

Create and connect to a Windows instance

Before you start using your Windows instance, make sure that your project has at least one subnet, since if it is not specified, an instance cannot be created. If necessary, you can create a subnet on your own.

Create an instance

To create a new Windows instance, use instance wizard.

Note

For Windows, we recommend choosing instance types with at least 4,096 MB RAM.

Windows instance preparation

After the instance has entered the Running state, connect to it via Remote console.

  1. Go to the page of the running instance.

  2. In the Information tab, click Open console.

  3. Enter necessary parameters and the administrator password to be used to log in to the system.

  4. To log in to OS, press Ctrl+Alt+Delete. You can transfer this key combination to the OS by clicking a button in the top right corner of CROC Cloud remote console.

  5. Enter the administrator password and press Enter.

Connecting to a Windows instance via RDP

To connect to a Windows instance via RDP (Remote Desktop Protocol), you must allow access from an external network to the specific port:

  1. Go to the Security groups tab on the instance page and click ID of the group to which the instance belongs.

  2. On the security group page, go to the Inbound rules tab.

  3. Add an enabling rule for the tcp protocol and port 3389.

  4. Associate Elastic IP with a network interface of this instance.

You can use any RDP client to connect to the instance from Windows. Specify Elastic IP of the Windows VM network interface as the connection address. Use the standard Administrator login and the password you specified when you first logged in the system via remote console.

Migrate a Virtual Machine to the CROC Cloud

CROC Cloud Platform uses KVM hypervisor. So, before migration, please make sure that virtio drivers are installed and operating system supports using virtio controller. You can start the instance in CROC Cloud even if drivers are not installed, however, when using Volumes and network, the instance will show lower performance than with drivers installed.

  1. If operating system supports virtio controller then install virtio driver to use volumes and network.

  2. Export volumes from your virtualization platform.

    Important

    You can only import vmdk format volumes into CROC Cloud that were created through the OVF or OVA export process in VMware vSphere. For detailed information about vmdk files creation see the official VMware documentation.

  3. Convert Snapshots to qcow2 format using qemu-img utility. Below is a sample command for conversion from vmdk format:

    qemu-img convert -f vmdk -O qcow2 -p <image_name>.vmdk <image_name>.qcow2
    
  4. Upload snapshots to CROC Cloud Object Storage. For this purpose:

    • Log in to CROC Cloud web interface.

    • Go to the Object storage section.

    • If you do not have a bucket, create it.

    • Go into the bucket and click Upload.

    • Repeat the upload procedure for all necessary volumes.

  5. Select the uploaded snapshots one by one.

  6. Click Create volume snapshot.

  7. When all snapshots are created, go to the Templates subsection and click Create.

  8. In a window that opens, add volumes for the template.

  9. Select snapshots created at step 6, one by one.

  10. Position your volumes so that the root device is the first in the list.

  11. If your instance does not have virtio drivers, check the Enable support for legacy OS flag.

  12. Click Create template.

  13. Now you can deploy the instance from this template.

Start and stop an instance on schedule

Starting and stopping of the instance can be managed using the following instruction:

  1. Install c2-ec2 utility on Windows or Linux machine to be used for management. This can be either a cloud-based VM or any other computer with Internet access. Installation process is described in CROC Cloud API Client paragraph.

  2. Get API access settings. To do this, go to CROC Cloud management console https://console.cloud.croc.ru/, click the user login in the top right corner, select “Profile”, then “Get API access settings”.

  3. Change one line in these settings: export C2_PROJECT="your project ID here". Put your project ID in the quotation marks. You can view it on the cloud management console at https://console.cloud.croc.ru/

  4. You will need to export API access settings to the machine, which will start and stop the instance.

  5. Use the following commands to start/stop the instance (also should be performed on the machine used to start/stop the instance):

    c2-ec2 StartInstances InstanceId.1 <instance_id> InstanceId.2 <instance_id>
    c2-ec2 StopInstances InstanceId.1 <instance_id> InstanceId.2 <instance_id>
    
  6. The schedule is set using a task planner (such as crond in Linux).

See more detailed description of using c2-ec2 utility here: Supported API

How to hibernate an instance

To hibernate an instance, you should preconfigure the instance OS first.

Important

We do not guarantee that an instance without a proper preconfiguration will enter the hibernation mode after clicking the Hibernate button.

Attention

We do not recommend resizing the volume or changing the type of a hibernated instance. Otherwise, the OS will boot normally, and the saved VM memory state will be ignored.

How to configure Windows to support hibernation

To enable hibernation support for a recently launched Windows instance, follow these steps:

  1. Download the image with qemu-guest-agent and drivers.

  2. Mount the downloaded iso image in a virtual cdrom.

  3. Install the Virtioserial driver.

    ../_images/virtioserial.png
  4. Install qemu-guest-agent.

    ../_images/qemu-guest-agent.png
  5. To enable hibernation on a recently started Windows instance, we recommend disabling the commands, which qemu-guest-agent does not use for hibernation:

    sc config QEMU-GA binPath= "C:\Program Files\Qemu-ga\qemu-ga.exe -d --retry-path --blacklist=guest-get-osinfo,guest-get-timezone,guest-get-users,guest-get-host-name,guest-exec,guest-exec-status,guest-get-memory-block-info,guest-set-memory-blocks,guest-get-memory-blocks,guest-set-user-password,guest-get-fsinfo,guest-set-vcpus,guest-get-vcpus,guest-network-get-interfaces,guest-suspend-hybrid,guest-suspend-ram,guest-fstrim,guest-fsfreeze-thaw,guest-fsfreeze-freeze-list,guest-fsfreeze-freeze,guest-fsfreeze-status,guest-file-flush,guest-file-seek,guest-file-write,guest-file-read,guest-file-close,guest-file-open,guest-shutdown,guest-info,guest-set-time,guest-get-time,guest-sync,guest-sync-delimited"
    
  6. Restart the qemu-guest-agent service.

    ../_images/restart-qemu-guest-agent.png
  7. Activate the hibernation support with the command:

    powercfg /h on
    powercfg /h size 100
    

How to configure Linux to support hibernation

Linux requires a swap to enter the hibernation mode successfully.

For swap, you can use:

  • a separate volume,

  • a partition of an existing volume,

  • a file in the file system.

Important

Regardless of the swap type (file or volume), it must be larger than the RAM size of the instance.

Configure a swap partition/volume to support hibernation

  1. Create an additional partition (for example, /dev/vda3) on an existing volume or attach a new volume. This partition/volume will be used to move/store data exported from memory. How fast the instance enters/exits the hibernation mode depends on the performance of a volume used as swap.

  2. Format the created partition or attached volume as swap and activate it with the command:

    mkswap /dev/vda3
    swapon /dev/vda3
    
  3. Add the following record about the swap partition to /etc/fstab:

    /dev/vda3 swap swap defaults 0 0
    

    Instead of /dev/vda3, you may specify the partition ID UUID=b05509b2-82f1-4edb-a80e-ef8d0c100ac0 from the blkid output:

    blkid
    …
    /dev/vda3: UUID="2c031b77-92bd-45b4-876e-18f1de7d4674" TYPE="swap"
  4. Set kernel parameters. In /etc/default/grub, add the resume=/dev/vda3 parameter to the GRUB_CMDLINE_LINUX variable (you can also use UUID):

    GRUB_CMDLINE_LINUX="console=tty0 crashkernel=auto console=ttyS0,115200 resume=/dev/vda3"
    

    Generate a new configuration file for grub loader:

    grub2-mkconfig --output=/boot/grub2/grub.cfg
    
  5. For the resume parameter, set the following value:

    lsblk /dev/vda3
    NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
    vdb  253:16   0  32G  0 disk [SWAP]
    

    Use major:minor numbers of the swap partition:

    echo "253:16" > /sys/power/resume
    

Configure a swap file to support hibernation

Important

To configure a swap file for hibernation, OS reboot will be required.

  1. Create a file (for example, 10 GB):

    dd if=/dev/zero of=/swapfile count=10 bs=1GiB
    
  2. Format the created file as swap and activate it using the commands:

    mkswap /swapfile
    chmod 600 /swapfile
    swapon /swapfile
    
  3. Add the following record about the swap file to /etc/fstab:

    /swapfile  swap swap defaults 0 0
    
  4. Determine the swap file offset on the volume. For the ext3/ext4 and xfs file systems, use the following command:

    filefrag -v /swapfile | awk '{ if($1=="0:"){print substr($4, 1, length($4)-2)} }'
    
  5. Set kernel parameters. In /etc/default/grub, add the resume=<partition name> resume_offset=<value> parameter to the GRUB_CMDLINE_LINUX variable:

    GRUB_CMDLINE_LINUX="console=tty0 crashkernel=auto console=ttyS0,115200 resume=/dev/vda1 resume_offset=181367"
    

    You can find out the <partition name> where the swapfile is located, as follows:

    findmnt -no SOURCE -T /swapfile
    /dev/vda1
    
  6. Generate a new configuration file for grub loader:

    grub2-mkconfig --output=/boot/grub2/grub.cfg
    
  7. Reboot the OS.

Configure qemu-guest-agent to hibernate a CentOS instance

  1. Make sure that qemu-guest-agent is installed or install it using the command:

    yum install qemu-guest-agent
    
  2. To enable hibernation on a recently started CentOS instance, we recommend disabling the commands, which qemu-guest-agent does not use for hibernation. To do this, change the BLACKLIST_RPC parameter in the /etc/sysconfig/qemu-ga configuration file:

    BLACKLIST_RPC=blacklist=guest-get-osinfo,guest-get-timezone,guest-get-users,guest-get-host-name,guest-exec,guest-exec-status,guest-get-memory-block-info,guest-set-memory-blocks,guest-get-memory-blocks,guest-set-user-password,guest-get-fsinfo,guest-set-vcpus,guest-get-vcpus,guest-network-get-interfaces,guest-suspend-hybrid,guest-suspend-ram,guest-fstrim,guest-fsfreeze-thaw,guest-fsfreeze-freeze-list,guest-fsfreeze-freeze,guest-fsfreeze-status,guest-file-flush,guest-file-seek,guest-file-write,guest-file-read,guest-file-close,guest-file-open,guest-shutdown,guest-info,guest-set-time,guest-get-time,guest-sync,guest-sync-delimited
    
  3. Restart the qemu-guest-agent service:

    systemctl restart qemu-guest-agent
    

Configure qemu-guest-agent to hibernate an Ubuntu instance

  1. Install qemu-guest-agent, using the following commands:

    sudo apt update
    sudo apt install qemu-guest-agent
    
  2. To enable hibernation on a recently started Ubuntu instance, we recommend disabling the commands, which qemu-guest-agent does not use for hibernation:

    cat <<EOT > /etc/qemu/qemu-ga.conf
    [general]
    blacklist=blacklist=guest-get-osinfo,guest-get-timezone,guest-get-users,guest-get-host-name,guest-exec,guest-exec-status,guest-get-memory-block-info,guest-set-memory-blocks,guest-get-memory-blocks,guest-set-user-password,guest-get-fsinfo,guest-set-vcpus,guest-get-vcpus,guest-network-get-interfaces,guest-suspend-hybrid,guest-suspend-ram,guest-fstrim,guest-fsfreeze-thaw,guest-fsfreeze-freeze-list,guest-fsfreeze-freeze,guest-fsfreeze-status,guest-file-flush,guest-file-seek,guest-file-write,guest-file-read,guest-file-close,guest-file-open,guest-shutdown,guest-info,guest-set-time,guest-get-time,guest-sync,guest-sync-delimited
    EOT
    
  3. Restart the qemu-guest-agent service:

    systemctl restart qemu-guest-agent
    

Create a VPN connection between CROC Cloud and AWS

To create a VPN connection between CROC Cloud and AWS using dynamic routing via BGP, follow these steps:

  1. In CROC Cloud, create a temporary customer gateway by selecting the ipsec.1 type and any IP address. To do this, go to the Customer gateways subsection and click Create.

  2. Create a VPN connection for the created customer gateway, using the VPC to which you need a VPN connection.

  3. For the created VPN connection, view the “VGW ASN” and “Outside IP VGW” parameters in the Generic configuration.

  4. In AWS, create a Customer Gateway, specify dynamic routing and the “BGP ASN” and “IP Address” parameters from the previous paragraph, whereafter delete the VPN connection and customer gateway from steps 1 and 2.

  5. In AWS create a Virtual Private Gateway and specify an ASN. It should be different from the VGW ASN on the CROC Cloud end.

  6. After the VGW is created, attach it to the VPC. To do this, select the created VGW and click Actions> Attach to VPC.

  7. In AWS, create a VPN connection in the Site-to-Site VPN Connections subsection. For convenience, use the following parameters:

    • Virtual Private Gateway – created in step 5.

    • Customer Gateway – created in step 4.

    • Routing Options – Dynamic.

    • Inside IP CIDR – Internal IP CIDR for the VPN-tunnel is selected from the address space 169.254.252.0/22 and must have /30 prefix.

      The following values will be used as an example:
      Inside IP CIDR for Tunnel1: 169.254.252.0/30
      Inside IP CIDR for Tunnel2: 169.254.252.4/30
      If these subnets are already reserved by other CROC Cloud VPN connections, use other free subnets with the prefix length /30 from the 169.254.252.0/22 address space.
    • Pre-Shared Key – you can specify an individual key for each tunnel. If you do not specify a PSK, it will be generated automatically. PSK must be 8 - 64 characters long, can contain alphanumeric characters, underscore or period, and cannot start with 0.

  8. In AWS, for the created VPN connection, view:

    • Outside IP Address for each tunnel in the Tunnel Details tab or in the configuration.

    • Virtual Private Gateway ASN in the configuration

    • PSK, if it was generated automatically.

    Example of the required parameters from AWS Generic configuration:

    IPSec Tunnel #1
    #1: Internet Key Exchange Configuration
       - Pre-Shared Key           : .F8IuIiCPc73JCbqtqk9RjYsYKZ8yHlD
    #3: Tunnel Interface Configuration
    Outside IP Addresses:
      - Virtual Private Gateway         : 34.195.175.253
    Inside IP Addresses
      - Customer gateway                    : 169.254.252.2/30
      - Virtual Private Gateway             : 169.254.252.1/30
    #4: Border Gateway Protocol (BGP) Configuration:
      - Virtual Private  Gateway ASN          : 64512
    
    IPSec Tunnel #2
    #1: Internet Key Exchange Configuration
      - Pre-Shared Key           : mkTqMDq8YMOuQ0CR485g0uFB2Uo4P_zj
    #3: Tunnel Interface Configuration
    Outside IP Addresses:
      - Virtual Private Gateway         : 35.173.85.116
    Inside IP Addresses
      - Customer gateway                    : 169.254.252.6/30
      - Virtual Private Gateway             : 169.254.252.5/30
    #4: Border Gateway Protocol (BGP) Configuration:
      - Virtual Private  Gateway ASN          : 64512
    
  9. In CROC Cloud, create two customer gateways with parameters:

    • Type – ipsec.1.

    • IP address – <Outside IP Virtual Private Gateway> from AWS Generic configuration.

    • BGP ASN – <Outside IP Virtual Private Gateway ASN> from AWS Generic configuration.

  10. In CROC Cloud, create two VPN connections, using a web interface or API:

    In the web interface, go to the VPN Connections subsection and click Create. In the window that opens, specify the created customer gateway, as well as “Inside IP CIDR for the tunnel” and “Pre-shared Key for the tunnel” in the Tunnel parameters area, where “Inside IP CIDR for the tunnel” corresponds to the Inside IP Customer gateway from the AWS Generic configuration.

    ../_images/vpnaws1.png

    Note also that a VPN connection can be created in the Customer Gateways subsection by clicking Create VPN Connection or in the VPN Connections tab of a specific customer gateway page:

    ../_images/vpnaws2.png

    To create a VPN connection with the help of API, you may use c2-client or AWS CLI:

    c2-ec2 CreateVPNConnection CustomerGatewayId <cgw_id> Type <type> VPNGatewayId <vgw_id> Options.TunnelOptions.0.PreSharedKey <pre_shared_key> Options.TunnelOptions.0.TunnelInsideCidr <cidr,addr>
    or
    aws <...> create-VPN-connection --customer-gateway-id <cgw_id> --type <type> --VPN-gateway-id <vgw_id> --options "{\"TunnelOptions\": [{\"TunnelInsideCidr\": \"<cidr, addr>\", \"PreSharedKey\": \"<pre_shared_key>\"}]}"
    

    In this case:

    • <vgw_id> corresponds to the VPC to which a VPN connection has to be established. For convenience, vgw_id is identical to vpc_id (vgw-<...> / vpc-<...>). You can also use DescribeVpnGateways method to get vgw_id.

    • <pre_shared_key> – PSK that was specified or automatically generated in AWS.

    • <cidr,addr> – specify the second address from the /30``subnet, since AWS uses the first address from the ``/30``subnet, for example, ``169.254.255.2/30 for the first VPN connection and 169.254.255.6/30 for the second one.

    Example:

    For Tunnel 1 using c2-client:
    c2-ec2 CreateVPNConnection CustomerGatewayId cgw-6525809R Type ipsec.1 VPNGatewayId vgw-B3K13902 Options.TunnelOptions.0.PreSharedKey .F8IuIiCPc73JCbqtqk9RjYsYKZ8yHlD Options.TunnelOptions.0.TunnelInsideCidr 169.254.255.2/30
    
    For Tunnel 2 using AWS CLI:
    aws --profile <your_profile> --endpoint-url https://api.cloud.croc.ru:443 create-VPN-connection --customer-gateway-id cgw-845F0C92 --type ipsec.1 --VPN-gateway-id vgw-B3K13902 --options "{\"TunnelOptions\": [{\"TunnelInsideCidr\": \"169.254.255.6/30\", \"PreSharedKey\": \"mkTqMDq8YMOuQ0CR485g0uFB2Uo4P_zj\"}]}"
    

    Note that <vgw_id> will be the same for the first and second VPN connections, since they are created in one and the same VPC.

  11. In AWS, make sure that Route Propagation is enabled in Route Tables. This functionality allows you to automatically add a route to CIDR VPC of CROC Cloud to the routing table.

  12. As of now, a static route has a higher priority in CROC Cloud, therefore, for correct dynamic routing of VPN connections, remove the default entry 0.0.0.0/0 from the routing table.

  13. To check that the tunnels are successfully established and routes are received, go to the Site-to-Site VPN Connections > Tunnel Details tab in AWS.

Note

If necessary, you can change BGP ASN for VGW on the CROC Cloud side. To do this, contact support.

Create a VPN connection between two VPCs in CROC Cloud

This instruction describes how to create a VPN connection between two VPCs in CROC Cloud.

Note

Note that eBGP is used to exchange route information between 2 VPC. Thus you need to use different BGP ASN for VPCs. Please contact support to change BGP ASN for one of the VPCs.

  1. Create a temporary customer gateway of ipsec.1 type using any IP address and BGP ASN. To do this, go to the Customer Gateways subsection and click Create.

  2. In the VPN Connections section, create two VPN connections, using the temporary customer gateway and specifying the VPCs to be linked together. In the example, “vpc1” and “vpc2” will be used.

  3. Save the parameters from the configurations of the VPN connections you have created in the previous step. The Generic configuration will be used as an example.

    For vpc1:
    
    ### Tunnel Interface Configuration
    Outside IP Addresses:
     - Virtual Private Gateway         : 217.73.59.143
    ### Border Gateway Protocol (BGP) Configuration:
    BGP Configuration Options:
     - Virtual Private Gateway ASN     : 51219
    
    For vpc2:
    
    ### Tunnel Interface Configuration
    Outside IP Addresses:
     - Virtual Private Gateway         : 217.73.59.29
    ### Border Gateway Protocol (BGP) Configuration:
    BGP Configuration Options:
     - Virtual Private Gateway ASN     : 64512
    

    Delete temporary VPN connections and temporary customer gateway as their number is limited.

  4. In the VPN Connections subsection, create two VPN connections with correct customer gateways, using the saved parameters from the previous paragraph and specifying the tunnel parameters:

    • Inside IP CIDR for tunnel - Tunnel address with /30 prefix from the 169.254.252.0/22 address space.

    • Pre-shared Key for tunnel - Key to authenticate a remote party. PSK must be 8 - 64 characters long, can contain alphanumeric values, underscore or period, and cannot start with 0.

    The following values will be used as an example:
    Inside IP CIDR for tunnel on the vpc1 side: 169.254.255.1/30
    Inside IP CIDR for tunnel on the vpc2 side: 169.254.255.2/30
    Pre-shared Key for tunnel: qwerty123

    Creating a VPN connection for vpc1:

    ../_images/vpnvpc1.png

    Creating a VPN connection for vpc2:

    ../_images/vpnvpc2.png

Now you can check connectivity between instances from different VPCs. Note that to permit the passing of the necessary traffic, it must be enabled in a security group, and subnets must not overlap.

Add an SSH public key in Linux

Follow the instruction below to add public key in Linux distribution:

  1. Determine a file, in which public keys are stored in the system by executing the following command:

    $ cat /etc/ssh/sshd_config | grep -i authorizedkeysfile
    AuthorizedKeysFile .ssh/authorized_keys
    
  2. In home directory, create a subdirectory with a file in it if they do not exist (from command output at clause 1 - this is .ssh directory where the authorized_keys file is stored).

    Important

    The .ssh directory and authorized_keys file should belong to user who will log in to the system (if the directory is created by a superuser then root will be its owner). To change the directory owner, use sudo chown -R ec2-user command:ec2-user /home/<username>/.ssh/

  3. Use a text editor (vim, nano, etc.) to add public key content to the authorized_keys file (if another public key is already stored there, do not delete it; instead, add new one to the file. This will let you use two different private keys to log in to the system using ssh). An example of public key is shown below:

    ../_images/chern.png

    Important

    Public key shall be a continuous text without any spaces or line breaks.

  4. After a new public key is added, you have to restart sshd:

  • For systems running SysVinit (CentOS 6):

    sudo /etc/init.d/sshd restart
    
  • For systems running Systemd (CentOS 7):

    sudo systemctl restart sshd
    

Add an SSH public key in Putty

Putty uses its own format for keys (.ppk). To use a third-party private key in Putty, you have to convert it to puttygen first:

  1. Open PuTTY Key Generator application and select Conversions-> Import key

    ../_images/putty.png
  2. In a window that opens, select private key (usually it is in OpenSSH format and has the name .private)

  3. After selecting, the window will be filled with the data from the key.

    ../_images/putty2.png
  4. In this window you can leave a comment in the Key Comment line. In addition, you need to add a password to the private key in Key Passphrase and Confirm Passphrase lines.

  5. Click Save Private Key to save the private key in the format acceptable by PuTTY.

If the same public key is used on multiple severs then you do not need to store private key on each server in order to attach to another server. You can use Pagent (PuTTY authentication agent) for this purpose. To add a key to Pagent:

  1. Run pagent.exe. After startup, the program icon will appear in the system tray.

    ../_images/putty3.png
  2. Double-click the icon in the system tray to manage keys.

    ../_images/putty4.png
  3. In a window that opens, click Add Key and select private key in .ppk format. If the key has a password, enter it in the dialog when adding the key.

Alternatively, you can use the following feature to add a private key to Pagent easier:

  1. Create a shortcut for Pagent software

  2. Right-click the shortcut and select Properties

  3. In the Target field add space and add complete path to the private key in .ppk format

When you open this shortcut next time, private key will be automatically added to Pagent.

To use Pagent in PuTTY:

  1. Run putty.exe

  2. Select Attachment->SSH->Auth

../_images/putty5.png
  1. Check Allow Agent Forwarding box on this tab

  2. Open Session tab, select Default Settings, and click Save

../_images/putty6.png

Now, when a new attachment is created, its settings will include the use of Pageant for key transmission. The use of Pagent can be avoided if you select Browse instead of Allow Agent Forwarding on step 3 and select a private key to be used for attaching to the instance via ssh.

Advanced Object storage management features (s3cmd)

The s3cmd utility provides advanced features. Follow the steps below to install and set it up in CentOS 6.

  1. Before installation, you have to obtain the API access settings in Cloud management console: https://console.cloud.croc.ru. Click on the user login in the upper right corner, select Profile, then click Get API access settings.

  2. Installation:

    # cd /etc/yum.repos.d
    # wget http://s3tools.org/repo/RHEL_6/s3tools.repo
    # yum -y install s3cmd
    
  3. Then you have to configure s3cmd (secret and secret key can be obtained from API access settings):

    # s3cmd --configure
    
    Enter new values or accept defaults in brackets with Enter.
    Refer to user manual for detailed description of all options.
    Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.
    
    Access Key: <Project ID in CROC Cloud>:<Your login in CROC Cloud>
    Secret Key: XXXXXXXXXXXXXXXXXXXXXX
    
    Default Region [US]:
    
    Encryption password is used to protect your files from reading by unauthorized persons while in transfer to S3
    Encryption password:
    
    Path to GPG program [/usr/bin/gpg]:
    
    When using secure HTTPS protocol all communication with Amazon S3 servers is protected from 3rd party eavesdropping. This method is slower than plain HTTP, and can only be proxied with Python 2.7 or newer
    
    Use HTTPS protocol [No]: yes
    
    New settings:
    Access Key: <Project ID in CROC Cloud>:<Your login in CROC Cloud>
    Secret Key: XXXXXXXXXXXXXXXXXXXXXX
    Default Region: US
    Encryption password:
    Path to GPG program: /usr/bin/gpg
    Use HTTPS protocol: True
    HTTP Proxy server name:
    HTTP Proxy server port: 0
    Test access with supplied credentials? [Y/n] y
    Save settings? [y/N] y
    
  4. Then edit /root/.s3cfg configuration file:

    host_base = storage.cloud.croc.ru
    host_bucket = %(bucket)s.storage.cloud.croc.ru
    signature_v2 = True
    

Now you can use s3cmd utility. Enter s3cmd –help command to learn how to use the utility

Allocate multiple Elastic IP addresses to the same instance in a subnet

Important

If the private IP you try to allocate is already allocated to another instance or belongs to a different subnet, an error message appears. Also, the first and the last IP addresses of a subnet cannot be allocated.

To allocate multiple external Elastic IP addresses to an instance (for example, to configure VRRP), follow the steps:

  1. In the Network interfaces section, create a network interface in the subnet where the instance is located. When creating an interface, specify a Private IP from the CIDR block of the selected subnet.

  2. Disable Source/Destination check both on the existing interface attached to the instance and on the new network interface (by default, this function is enabled for all subnet interfaces you create).

  3. In the Elastic IPs section, select an Elastic IP and associate it with the network interface you have created.

  4. Associate the Private IP as the second address on the interface inside Windows or Linux.

An example below shows how to make it in Windows:

  1. Start -> Control Panel -> Network and Internet -> Network and Sharing Center -> Change Adapter Settings.

  2. Select Local network connection, right-click, and select Properties.

    ../_images/svoi.png
  3. Select Internet Protocol version 4 (TCP/IPv4) and click Properties.

    ../_images/protokol.png
  4. In the window that opens, select Use the following IP Address and click More…

  5. Specify the Private IP that the cloud DHCP server allocated to the instance when it was created and the new Private IP that was allocated in step 1. To view the current local address, use ipconfig (WIN+R->cmd->ipconfig) or open the instance page.

    ../_images/protokol2.png

Important

If you assign addresses manually, keep in mind that 255.255.255.0 mask is used and the last octet of the gateway address is 1. For example, the default gateway for 10.70.120.4 is 10.70.120.1.

Configuration example is shown below:

../_images/protokol3.png

Now, the Windows VM instance will be accessible at the additional external Elastic IP.

An example of how to make assignment in Linux:

  1. First, let’s see what interfaces are available, using ifconfig:

    ../_images/ifconfig.png
  2. In the example, it is eth0. To add the second Elastic IP address in CentOS 7, set up an alias:

    nano /etc/sysconfig/network-scripts/ifcfg-eth0:0
    
  3. Add the following parameters:

    BOOTPROTO=static
    IPADDR=172.31.1.9
    NETMASK=255.255.255.0
    ONBOOT=yes
    

    where DEVICE is an alias name, BOOTPROTO is an IP allocation method (static), IPADDR is a Private IP of the second network interface, NETMASK is a subnet mask (it can be found in the Subnets section), and ONBOOT specifies whether this interface should be brought up when starting the network service.

  4. Save the file and close the editor (CTRL + O; Enter; CTRL + X)

  5. Reload configurations after making changes:

    systemctl restart network
    

Now, the Linux instance will be accessible at the additional external Elastic IP.

How to manually configure attached interfaces from different subnets

How to manually configure attached interfaces from different subnets in the UNIX-based OS

The instruction describes the minimum required configuration of attached interfaces to ensure correct operation. This allows you to attach multiple network interfaces belonging to different subnets and having different Elastic IP addresses, to an instance.

  • To configure interfaces, you need to specify the following variables:

# You can learn the interface name from the "ip a" command output; it can be eth, ens, etc.
# We will use eth1 in the example.
interface_name="eth1"
# rtable – routing table; you can use anyone, provided that it is different for each interface.
# In the example, we will use 10000 + interface number.
rtable="10001"
# gateway – subnet gateway; it gets the first address in a CIDR block (for example, if the CIDR block is 172.31.1.0/24, then the gateway will be 172.31.1.1)
gateway="172.31.1.1"
# CIDR block is a subnet to which the interface is connected.
cidr="172.31.1.0/24"
# primary_ipv4 – IP address allocated to the interface.
primary_ipv4="172.31.1.4"
  • Debian 8 and later, as well as Ubuntu up to 18.04:

# It is important that the file /etc/network/interfaces containes the line: source /etc/network/interfaces.d/*
# Besides, in some versions the file /etc/network/interfaces can contain a pre-installed configuration of interfaces.
# This can cause conflicts.
# Next, you need to execute:
cat <<- EOF > /etc/network/interfaces.d/config-${interface_name}.cfg
auto ${interface_name}
allow-hotplug ${interface_name}
iface ${interface_name} inet dhcp
post-up ip route add default via ${gateway} dev ${interface_name} table ${rtable}
post-up ip route add ${cidr} dev ${interface_name} proto kernel scope link src ${primary_ipv4} table ${rtable}
post-down ip route del default via ${gateway} dev ${interface_name} table ${rtable}
post-down ip route del ${cidr} dev ${interface_name} proto kernel scope link src ${primary_ipv4} table ${rtable}
EOF
ip rule add from ${primary_ipv4} lookup ${rtable}
ifup ${interface_name}

See more information on how to configure interfaces for Debian and Ubuntu 16.04.

  • CentOS 7 and later, as well as Fedora 28 and later:

# It is required to execute:
hwaddr=$(cat /sys/class/net/${interface_name}/address 2>/dev/null)
cat <<- EOF > /etc/sysconfig/network-scripts/ifcfg-${interface_name}
DEVICE=${interface_name}
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=no
HWADDR=${hwaddr}
DEFROUTE=no
EOF
ip rule add from ${primary_ipv4} lookup ${rtable}
ip route add default via ${gateway} dev ${interface_name} table ${rtable}
ip route add -net ${cidr} dev ${interface_name} proto kernel scope link src ${primary_ipv4} table ${rtable}
ifup ${interface_name}
  • Ubuntu 18 and later:

# It is required to execute:
cat <<- EOF > /etc/netplan/config-${interface_name}.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    ${interface_name}:
    dhcp4: true
    dhcp4-overrides:
            use-routes: false
    routes:
      - to: 0.0.0.0/0
        via: ${gateway}
        table: ${rtable}
      - to: ${cidr}
        via: ${gateway}
        table: ${rtable}
EOF
ip rule add from ${primary_ipv4} lookup ${rtable}
ip link set ${interface_name} up

See the following links for more information on how to configure interfaces for Ubuntu 18.04 and 20.04: https://help.ubuntu.com/18.04/serverguide/network-configuration.html https://ubuntu.com/server/docs/network-configuration

How to automatically configure attached interfaces from different subnets in the UNIX-based OS

To automatically configure the attached interfaces, you can use CROC templates designated as [Cloud Image]. They have the c2-ec2-netutils package installed. This utility performs the following actions.

  • When attaching an interface to a running VM:
    • Creates an interface configuration using Instance Metadata API; the configuration can be found in the default path depending on the OS.

    • Adds routing rules.

    • Adds necessary routes.

    • Brings up an interface.

  • When attaching an interface to a stopped VM:
    • After starting a VM, the ec2ifscan service will run and perform the setup.

    • If after the start any interfaces remain unconfigured for some reason, you can run the scanning service manually: systemctl start ec2net-scan.service

  • When detaching an interface from a running instance:
    • The entire configuration will be deleted.

  • When detaching an interface from a stopped instance:
    • The configuration will not be deleted, but the next time the interface is attached, its MAC address is validated and, if it does not match, the configuration is generated again.

The generated configuration contains the EC2SYNC parameter, whose default value is yes. If it is set to no, the interface configuration will not change. This feature is useful when you need to create a custom interface configuration. Important notice: the EC2SYNC record structure is not changeable – you can change only the parameter value, which can be yes or no.

  • To delete the interface configuration and routes and put the interface in the DOWN state, you can use the commands:
    • For CentOS: systemctl stop ec2net-ifup@<interface>.service

    • For Ubuntu: ec2ifdown <interface>

  • To restore the interface and its configuration after deleting the configurations, you can use the commands:
    • For CentOS: systemctl start ec2net-ifup@<interface>.service

    • For Ubuntu: ec2ifup <interface>

Now, the functionality is available in the following CROC templates [Cloud Image]:

  • CentOS 7.5

  • CentOS 7.8

  • CentOS 8.2

  • Ubuntu 18.04

  • Ubuntu 20.04

  • Debian 8

  • Debian 9

  • Debian 10

Source code can be found at https://github.com/C2Devel/c2-ec2-netutils

How to automatically configure attached interfaces from different subnets in Windows

For the correct operation of several interfaces created in different subnets, having different Elastic IP addresses and connected to the same Windows instance, when connecting for the first time, you must enable the option for the VM to be discovered by other networks.

After confirmation, OS will configure the appropriate settings automatically. Then, configure security policies for the Windows firewall and add an inbound rule for tcp protocol and 3389 port in the security groups assigned to the network interfaces.

You can use any RDP client to connect to the instance from Windows.

Setup website redirect rules

A bucket running in website mode can be configured to redirect all or some incoming requests to other buckets or external resources.

The documentation contains the list of commands supported in CROC Cloud s3api <https://docs.cloud.croc.ru/en/api/s3/features.html> and configuration instructions AWS CLI.

To obtain the current configuration of the website of a specific bucket, you can use the aws s3api get-bucket-website command.

aws --profile croc --endpoint-url https://storage.cloud.croc.ru s3api get-bucket-website --bucket bucket1

{
  "IndexDocument": {
      "Suffix": "index.html"
  }
}

To configure the bucket website, use the s3api put-bucket-website command.

There are several redirect options:

Supported redirect rule parameters

Condition is a container for describing a condition that must be met for the specified redirect to be applied.

Redirect is a container for information redirection. You can redirect requests to a different host, different page, or via a different protocol. In case of an error, you can specify a different error code for return.

Container

Parameter

Description

Condition

HttpErrorCodeReturnedEquals

HTTP error code when to apply a redirect. If an error code is equal to this value, then the specified redirect is applied. Required if the Condition container is specified and KeyPrefixEquals is not specified. If both conditions are specified, then both must be met to apply the redirect.

Condition

KeyPrefixEquals

An object key name prefix when to apply a redirect. For example, to redirect requests to ExamplePage.html, the key prefix will be ExamplePage.html. To redirect a request for all pages with docs/ prefix, the key prefix will be docs/, which identifies all objects in the docs/ folder. Required when Condition is specified and HttpErrorCodeReturnedEquals is not specified. If both conditions are specified, then both must be met to apply the redirect.

Redirect

HostName

Hostname in a redirect request

Redirect

HttpRedirectCode

HTTP code in the response to a redirect request.

Redirect

Protocol

A protocol to be used to redirect requests. By default, the protocol of the original request is used.

Redirect

ReplaceKeyPrefixWith

An object key prefix to be used in a redirect request. For example, to redirect requests for all pages with docs/``prefix (objects in the ``docs/ folder) to documents/, you can specify KeyPrefixEquals as docs/ and in the Redirect container specify ReplaceKeyPrefixWith as `` documents/. It can only be used if ``ReplaceKeyWith is not used.

Redirect

ReplaceKeyWith

A specific object key prefix to be used in a redirect request. For example, a redirect request to error.html. It can only be used if ReplaceKeyPrefixWith is absent.

Redirect all requests to another resource

If you want to redirect all requests to another resource, prepare a JSON file with the following bucket parameters bucket1.json:

{
  "RedirectAllRequestsTo": {
    "HostName": "new-site.ru",
    "Protocol": "http"
  }
}

In this example, a bucket bucket1.website.cloud.croc.ru is configured as a website. However, the configuration specifies that all GET requests for the bucket1.website.cloud.croc.ru website endpoint will be redirected to the example.ru host. Such a redirect can be useful when you have two websites – an old one old-site.ru and a new one new-site.ru – and wish to redirect all incoming requests from the old website to the new one.

aws --profile croc --endpoint-url https://storage.cloud.croc.ru s3api put-bucket-website --bucket old-site.ru --website-configuration file://bucket1.json

Note

If you specify the RedirectAllRequestTo parameter in the configuration, you will not be able to specify another parameter.

Configure flexible redirect rules to another resource

If you want to flexibly configure redirect rules to one or more objects, add routing rules.

Suppose your bucket2 contains the following objects:

index.html
docs/site1.html
docs/site2.html

If you want to rename the docs/ folder to documents/, you need to redirect requests to the docs/ prefix to documents/. For example, if a request for docs/site1.html should be redirected to documents/ site1.html, you need to update the website configuration and add a routing rule as shown in the following JSON file bucket2.json:

{
  "IndexDocument": {
    "Suffix": "index.html"
  }
  "ErrorDocument": {
    "Key": "Error.html"
  }

  "RoutingRules": [
    {
    "Condition": {
      "KeyPrefixEquals": "docs/"
    }
    "Redirect": {
      "ReplaceKeyPrefixWith": "documents/"
    }
  }
  ]
}
aws --profile croc --endpoint-url https://storage.cloud.croc.ru s3api put-bucket-website --bucket bucket2 --website-configuration file://bucket2.json

Configure multiple redirect rules to another resource

If you want to use multiple redirect rules at the same time, prepare an appropriate JSON file. For example, to configure different redirect rules for the Russian and English website versions, you need to prepare a JSON file bucket3.json:

{
  "IndexDocument": {
      "Suffix": "index.html"
  },
  "ErrorDocument": {
      "Key": "error.html"
  },
  "RoutingRules": [
      {
          "Redirect": {
              "ReplaceKeyWith": "ru/data.html",
              "HostName": "new-site.ru",
              "Protocol": "https",
              "HttpRedirectCode": "302"
          },
          "Condition": {
              "KeyPrefixEquals": "ru/manual/data.html"
          }
      },
      {
          "Redirect": {
              "ReplaceKeyWith": "en/data.html",
              "HostName": "new-site.ru",
              "Protocol": "https",
              "HttpRedirectCode": "302"
          },
          "Condition": {
              "KeyPrefixEquals": "en/manual/data.html"
          }
      }
  ]
}
aws --profile croc --endpoint-url https://storage.cloud.croc.ru s3api put-bucket-website --bucket old-site --website-configuration file://bucket3.json

How to correct the resetting time error in Windows

To solve the time problem, you have to edit Windows registry so that it accepts time from BIOS as UTC:

  1. Open Windows registry (Win+R -> regedit -> Enter)

  2. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation

  3. Create new DWORD, name it RealTimeIsUniversal, and set value to 1

    ../_images/okno.png
  4. Reboot your instance