Getting Started with DAIR Cloud

Log in to the DAIR Cloud

• Navigate to https://cloud.canarie.ca/login/auth
• Use the credentials that were emailed to you

Security and Account Defaults

Creating and Using your Secure Shell protocol (SSH) key

SSH key logins are required in the DAIR Cloud.

On Windows 10

Prerequisites

• A system running Windows 10
• A user account with administrative privileges
• Access to the command prompt
• A web browser (optional, to download PuTTY)

Step 1: Verify if OpenSSH Client is installed

1. Open the Settings panel, then click Apps
2. Under the Apps and Features heading, click Optional Features
3. Scroll down the list to see if OpenSSH Client is listed

• If not, click the plus-sign next to Add a feature
• Scroll through the list to find and select OpenSSH Client
• Finally, click Install

Step 2: Open PowerShell

4. Press the Windows key
5. Type Windows PowerShell
6. Under Best Match, right-click Windows PowerShell
7. Click Run as Administrator
8. If prompted, click Yes in the Do you want to allow this app to make changes to your device? pop-up

Generating your SSK Keys

1. Open a terminal (for Mac and Linux users)
2. In PowerShell / terminal (all users) run this command:

$ ssh-keygen -t rsa -m PEM -C ”your email address”

Note: Be sure to replace ”your email address”

3. Enter a filename in which to save the key, for example: yourname-dair
4. PowerShell will generate the public and private keys in the PowerShell window

Note: If a file with the same name already exists, you will be asked whether you want to overwrite the file.

5. You’ll be asked to enter a passphrase. Add a passphrase if you want a more secure key; just don’t forget it!  Hit Enter to skip this step.
6. The system will generate the key pair and display the key fingerprint and a randomart image.
   • Follow the directions and name your key something memorable
   • This will create 2 files: “Name” (private key) and “name.pub”(public key)
7. Run the cat command on each file so you can copy and paste keys into your key-pair fields

Add Your SSH Key to DAIR Cloud

Paste Public Key in DAIR Cloud

1. Log in to your DAIR Cloud account (https://cloud.canarie.ca/login/auth)
2. From the Infrastructure tab, click Keys & Certs
3. Click +ADD
4. From the PowerShell window, copy and paste the public key into the PUBLIC KEY field

Paste Your Private Key in DAIR Cloud

1. From the PowerShell window, copy and paste the private key into the PRIVATE KEY field

Note: If you created a passphrase for the key, enter it here as well.

2. Click SAVE CHANGES

Creating Default Accounts for Your VMs

Configure Your Tenant Account

This must be done before deploying an instance.

1. Click the drop-down menu next to your username (top-right)
2. Select USER SETTINGS

Linux Settings

3. Set default Username, Password and SSH key

Windows Settings

4. Set Username and Password

5. Click the CANARIE logo (top left) to get back to main screen

Provisioning Settings

1. Go to Administration → Settings

2. The Cloud init username and password and SSH Key Pair must be setup for Linux instances

If you wish, Cloud init username and password can be the same as your user details.

3. In Windows Settings, set the Administrator Password

4. Click Save

Set Up Security Groups / Firewalls

Before you begin

Security group rules for SSH connections must not have a CIDR of 0.0.0.0/0

• The CIDR value specifies the allowable source IP address range for computers connecting to an instance
• A CIDR with all-zeroes will allow any computer to access your instance making it highly vulnerable to attacks

You must know the public IP address of the computer(s) you would like to permit access to your VMs in the DAIR Cloud.

• You can determine your IP by searching Google for “what is my IP” on each machine you want to give access to
• For example, to enable only a single IP address, make the CIDR aa.bb.cc.dd/32 (where aa.bb.cc.dd is your public IP numeric value)

Create a new rule for each IP address that you wish to grant SSH access.

Don’t Get Hacked – Secure your Instance!

Configure/Edit your Firewall Rules

1. Hover over Infrastructure
2. Select Network

3. Click on Security Groups tab

You will see the default rules listed.

4. Select your SECURITY GROUP

Each of the available clouds have their own Security Group (AWS is shown).

5. Click +ADD RULE

6. Configure your rule as shown below:

In AWS and OpenStack

In Azure

Note:

• For AWS, in the SOURCE field, enter your IP address (to find it, type “What is my IP?” in your browser.)
• For Azure, in the SOURCE field, enter 22.22.22.22/32
• *adding “/32” after IP allows only source IP access (not a range of IPs)

8. Click SAVE CHANGES

Creating an Instance or VM

Platform and Cloud

New instances may be provisioned based on OS type.

1. Go to Provisioning → Instances → +ADD
2. Select the type of instance (e.g., Windows, Ubuntu, etc.)
3. Click NEXT

The following instructions are for Linux instances; exceptions for GPU and Azure instances are noted in the box below.

IMPORTANT
For DAIR-GPU instances, in the CONFIGURE tab, set VOLUMES to Local.

For instances created in Azure, you can specify an AVAILABILITY SET if you need redundancy across two zones (HA).

GROUP tab

1. Choose your Group/Cloud (e.g., AWS-tenantname, Azure-Canada, Openstack-tenantname)
2. Choose your GROUP and give your instance a NAME

3. Create a name
4. Click Next

CONFIGURE tab

5. Define your settings

Reminder to see above for exceptions for DAIR-GPU and Azure instances.

6. Click Next

AUTOMATION Tab

7. Set up any advanced configurations you prefer
8. Review and Complete

When the instance has finished provisioning, the status icon will change from  to

Note: Ensure you’ve updated the security group once your instance is deployed, so that you are allowing only the ports your application needs open. If you skipped this step, go back to Set Up Security Groups/Firewalls section.

Secure VNC to XWindows for Linux GPU-Based Instances

Log in: VNC to XWindows (MAC or Linux)

For MacOS, Windows, and Linux
Run this command like any other SSH command and it will create a tunnel for the port.

In this case, the port is 5901.

In all commands replace uname with your user name and IP with your instance IP

1. Replace uname with your username and replace yourkey with your ssh private key

$ ssh -i ~/yourkey -p 22 uname@208.75.7x.xxx -L 5901:127.0.0.1:5901 sleep 2h

Note: This terminal will be unusable until you terminate the tunnel.

2. Use the username and password you set up in the DAIR Cloud account setup

$ ssh -i /{downloadsDirectory}/{Keypair}.pem uname@208.75.7x.xxx

$ sudo passwd uname
New Password:
Re-enter New Password

3. Install TurboVNC
4. Run TurboVNC viewer
5. Connect as illutrated:

6. Enter the username and password you configured when you setup your account.

You are logged into XWindows

7. Select Use default config

You now have access to XWindows and can run GPU GUI applications.

Creating User Accounts

1. Connect to your Linux instance using SSH, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
2. Use the adduser command to add a new user account to an EC2 instance (replace new_user with the new account name). The following example creates an associated group, home directory, and an entry in the /etc/passwd file of the instance:

$ sudo adduser new_user

Note: If you add the new_user to an Ubuntu instance, include the —disabled-password option to avoid adding a password to the new account:

$ sudo adduser —disabled-password new_user

3. Change the security context to the new_user account so that folders and files you create will have the correct permissions:

$ sudo su - new_user

Note: When you run the sudo su new_user command, the name at the top of the command shell prompt changes to reflect the new user account context of your shell session.

4. Create a .ssh directory in the new_user home directory:

$ mkdir .ssh

5. Use the chmod command to change the .ssh directory’s permissions to 700. Changing the permissions restricts access so that only the new_user can read, write, or open the .ssh directory

$ chmod 700 .ssh 

6. Use the touch command to create the authorized_keys file in the .ssh directory:

$ touch .ssh/authorized_keys

7. Use the chmod command to change the .ssh/authorized_keys file permissions to 600, changing the file permissions restricts read or write access to the new_user

$ chmod 600 .ssh/authorized_keys

8. Open their public key in a text editor and edit with vi or other Linux text edit and insert the private key then save the file

$ vi .ssh/authorized_keys

Using the Budget Function

DAIR Cloud allows you to set and review your monthly budget.

1. Go to Operations → Costing

2. Click +Add

3. Enter a name and the correct year (leave the rest as defaults)
4. Copy and paste your desired amount for each month (up to a maximum of $300)

5. Click SAVE CHANGES
6. Select your budget from the list to view a Summary Report

Morpheus Command Line

Anything you perform through the Dashboard may be performed through CLI commands or the Morpheus API.

Documentation can be found here:

CLI: https://clidocs.morpheusdata.com/en/latest/CLI-Manual.html

API: https://apidocs.morpheusdata.com/