Deploying virtual machines and containers to the public cloud (AWS and Azure)

Last updated 16 January, 2019

About virtual machines

As a consumer, you can use the HPE OneSphere application UI to deploy resources that the administrator has curated for your assigned projects.

You can then deploy virtual machines from the project based on the images that are made available through the connected Amazon Web Services or Microsoft Azure account.

Virtual machines deployed from HPE OneSphere to Amazon Web Services contain default ephemeral block storage and AWS networks, and contain the compute and memory resources that are defined in the selected image and virtual machine profile in the catalog.

Microsoft Azure Resource Manager (ARM) Templates and AWS CloudFormation Templates allow you to deploy and manage the components of your application, including virtual machines. Each project is assigned its own virtual private cloud (virtual network dedicated to the AWS or Azure account) and subnet.

Copying and importing an AWS image using the Amazon EC2 console

In Amazon EC2, copy public images to the region you will make available to HPE OneSphere. AWS images in an enabled region are added to the HPE OneSphere catalog when you add an Amazon provider and enable a region with a zone in the Amazon provider.

You can perform the following procedure before or after you add an AWS provider. After a provider is added, HPE OneSphere checks for images in the AWS region approximately every five minutes. Newly discovered images will automatically appear in the catalog.

Procedure
  1. Log in to the Amazon EC2 console.
  2. If the AMI you want to import to HPE OneSphere already exists, skip to step 3. If it does not exist, you can create an AMI from an instance snapshot using the EC2 console.
    1. Select an appropriate EBS-backed AMI to serve as a starting point for your new AMI, and configure as needed prior to launch.
    2. Choose Launch to launch an instance of the EBS-backed AMI. Accept the default values as you step through the wizard.
    3. While the instance is running, connect to it.
    4. In the navigation pane, choose Instances and select the instance.
    5. Click Actions, Image, and Create Image.
    6. In the Create Image dialog box, specify values for the available fields and choose Create Image.

      While your AMI is generating you can view its status by choosing AMIs in the navigation pane.

    7. Once finished, select Modify Image to update the visibility permissions to public. The image can now be successfully copied to other regions.
  3. From the console navigation bar, select the region that contains the AMI. In the navigation pane, choose Images and AMIs to display the list of AMIs available to you in the region.

    NOTE:

    This region is connected to HPE OneSphere when you add your AWS cloud provider.

  4. Select the AMI to copy and choose Actions and Copy AMI.
  5. In the Copy AMI dialog box, specify the required information and then click Copy AMI.
  6. If you have created an AWS provider in HPE OneSphere, from the HPE OneSphere main menu, select Catalog and verify that the image was added. The image may take several minutes to appear.

Deploying a virtual machine to an AWS public cloud

Deploy a virtual machine or another service to Amazon Web Services.

Prerequisites

The administrator:

  • Added a project

  • Assigned member(s) to a project (can also be done by a project creator)

  • Imported an AWS image to the catalog

  • Added an AWS public account and region

Procedure
  1. From the HPE OneSphere main menu, click Projects.

    (Administrator users can click Catalog, and skip step 2, 3, and 4.)

  2. Click a project that you want to associate with the virtual machine deployment.

    Members of the selected project can view and manage the virtual machine after it is deployed.

  3. On the Projects screen, click Deployments.
  4. From the top right corner, click the plus sign  to the right of Deployments. The Catalog screen opens.
  5. Browse or search the catalog for an image labeled AWS Private Images, or filter the results to show only AWS private images.

    The image is the software that will be deployed on the virtual machine.

  6. Click the three dots in the lower right corner of the catalog item, then select Deploy.
    If you selected the item, deselect it to see the three dots.
  7. On the Deploy panel:
    1. Enter a Name for the new virtual machine. 

      NOTE:

      Be sure to specify a unique name. HPE OneSphere does not prevent you from specifying a duplicate name if another virtual machine deployment is occurring at the same time.

      Do not specify restricted characters <>={}(),";& in the virtual machine name. These characters are used as dimension values in the HPE OneSphere monitoring service.

    2. From the Project drop-down menu, accept the default (the last project selected in HPE OneSphere) or select a different project into which to deploy the virtual machine.
    3. From the Zone drop-down menu, accept the default (the last zone selected in HPE OneSphere) or select a different zone into which to deploy the virtual machine.
    4. From the Virtual Machine Profile drop-down, select the pre-defined flavor.
    5. (Optional) Paste the contents of a cloud-init file into the text box.

      A cloud-init file allows you to customize the virtual machine instance with a hostname, default locale, and other details. For examples, see http://cloudinit.readthedocs.io/en/latest/topics/examples.html.

    6. (Optional) Enable the Automatically Assign IP slider button.  

      If the slider button is enabled, a public IP address is assigned to the new instance from Amazon's pool of public IPv4 addresses, and is not associated with the connected AWS account. When a public address is disassociated from the virtual machine instance, it is released back into the public IPv4 address pool, and you cannot reuse it.

    7. (Optional) Enter an IP address in CIDR format under Accessible from CIDR IP address.

      The IP addresses in this range are allowed access to the virtual machine. If you do not enter a value, all IP addresses can access the virtual machine.

      Example: 192.168.2.0/24

    8. Enter one or more port numbers under Ports.

      These ports are opened on the virtual machine for incoming (ingress) traffic. If you do not enter a value, the security group created in AWS for the VM instance being deployed has no inbound rules. As a result, you cannot access the VM instance.

      Example: 22,448

    9. (Optional) Under SSH Public Key, click Choose File and browse to a file to upload, or paste a key into the text box.

      Public SSH keys are usually located at ~/.ssh/id_rsa.pub.

      See Creating an SSH public key pair.

  8. Click Deploy.

    Deploying the first virtual machine to AWS takes several minutes. Subsequent virtual machine deployments are faster because the network is already created.

    After the virtual machine is deployed, you can view the details of the created virtual machine in your project.

Deploying a Kubernetes cluster to an AWS public cloud

Use the following procedure to deploy a Kubernetes cluster in AWS. Creating a cluster takes about 10 to 15 minutes to complete.

See also Launching a Kubernetes cluster dashboard.

Prerequisites

In HPE OneSphere, the administrator:

  • Added a project that will be associated with an Amazon Web Services (AWS) public account

  • Assigned member(s) to a project (can also be done by a project creator)

  • Added an AWS public account

  • Enabled the HPE Catalog Registry that contains the Kubernetes cluster deployment image

In Amazon Web Services, the AWS administrator:

  • Enabled a required region in AWS

  • Created and configured a domain in the AWS member account using the Amazon Route 53 service

  • Ensured that at least one free subnet exists in the default VPC in the region that will be used to create the cluster

Procedure
  1. From the HPE OneSphere main menu, click Projects.

    (Administrator users can click Catalog, and skip step 2, 3, and 4.)

  2. Click the project created for AWS from which you want to deploy the Kubernetes cluster.
  3. On the Project screen, click Deployments.

    Members of the selected project can view and manage the cluster after it is deployed.

  4. Click the plus sign  to the right of the Deployments. The Catalog screen appears.
  5. Browse or search the catalog for the Kubernetes Cluster service from the HPE Catalog, or filter the catalog items and check HPE Catalog
  6. Click the three dots in the lower right corner of the catalog item, then select Deploy.
    If you selected the item, deselect it to see the three dots.
  7. On the Deploy panel:
    1. Enter a Name for the new Kubernetes cluster.

      NOTE:

      The cluster name can consist of lowercase, numeric, and hyphen characters. Do not specify restricted characters <>={}(),";& in the container name.

      The cluster name must follow the DNS name restrictions because the name is prefixed to the Route 53 domain name to create the final cluster name.

    2. From the Project drop-down list, select a project into which to deploy the Kubernetes cluster.
    3. From the Region drop-down list, select a region into which to deploy the Kubernetes cluster. 
    4. From the Zone drop-down menu, select a zone into which to deploy the Kubernetes cluster.
    5. From the Virtual Machine Profile drop-down, select the pre-defined flavor.

      HPE recommends using t2.medium or larger, or m4, c4, or r4. Hosts must be large enough to run the required load. A single host must be large if it has a single large container. The cluster can be scaled out to increase capacity for a large number of small containers, but the size of the hosts is fixed.

      Use the t2.small flavor for testing only, and not to run production workloads. See Amazon EC2 Instance Types in AWS Documentation for more information.

    6. From the Domain drop-down list, select the domain to access the cluster from outside your environment.

      If no domains appear in the drop-down list, verify that a domain has been configured in the AWS member account using the Amazon Route 53 service.

    7. Under SSH Public Key, paste a key into the text box.

      Public SSH keys are usually located at ~/.ssh/id_rsa.pub.

      See Creating an SSH public key pair.

    8. Configure Worker nodes.

      At least one worker node is required for normal workloads. You can add a maximum of 20 worker nodes. 

      Kubernetes provides mechanisms to influence scheduling of workloads deployed at run time. In Kubernetes, taints are used to prevent workloads from running on master nodes. Taints can be overridden by adding tolerations to workloads. See Kubernetes Documentation for more information.

      NOTE:

      You can also edit the number of worker nodes after the Kubernetes cluster is deployed. See Updating the number of worker nodes in a Kubernetes cluster.

  8. Click Deploy.

    A Kubernetes cluster is deployed with three master nodes by default. When a Kubernetes cluster is deployed, a zone with the same cluster name is created in the AWS region.

    You can view the status of the deployed cluster (nodes) in AWS and details of the created cluster in Projects.

Updating the number of worker nodes in a Kubernetes cluster

Prerequisites
  • The administrator or consumer deployed a Kubernetes cluster.

Procedure
  1. From the HPE OneSphere main menu, click Projects.
  2. On the Projects screen, click the project name into which the Kubernetes cluster was deployed.
  3. On the selected project screen, click Deployments.
  4. On the Deployments screen, click the Kubernetes cluster.
  5. Click the Update Deployment link below the cluster name to display the Update Deployment panel.
  6. On the Update Deployment panel, enter the number of worker nodes or click the double-headed arrow to increase or decrease the worker nodes.
  7. Click Update Deployment.

    NOTE:

    You can add a maximum of 20 worker nodes.

Deploying a Kubernetes container application to an AWS public cloud

Use the following procedure to deploy a container app to a Kubernetes cluster in AWS.

Prerequisites

The administrator:

  • Added a project that will be associated with an Amazon Web Services (AWS) public account

  • Assigned member(s) to a project (can also be done by a project creator)

  • Registered and enabled the Docker RegistryDocker Hub Trusted RegistryPrivate Docker Hub, or Kubernetes Apps (for a Helm chart) catalog. (Docker Hub must be enabled but does not need to be registered.)

  • Deployed a Kubernetes cluster to a public cloud

In Amazon Web Services, the AWS administrator:

  • Enabled a region in AWS

Procedure
  1. From the HPE OneSphere main menu, click Projects.

    (Administrator users can click Catalog, and skip step 2, 3, and 4.)

  2. Click a project where you want to deploy the Kubernetes container application.
  3. On the Project screen, click Deployments.

    Members of the selected project can view and manage the cluster after it is deployed.

  4. Click the plus sign  to the right of the Deployments. The Catalog screen opens.
  5. Browse or search the catalog for a Kubernetes container image labeled Docker Hub, Docker RegistryDocker Hub Trusted RegistryPrivate Docker Hub, or Kubernetes Apps (for a Helm chart), or filter the results to show only these catalogs.

    The selected image will be deployed to the project in the public cloud.

  6. Click the three dots in the lower right corner of the catalog item, then select Deploy.
    If you selected the item, deselect it to see the three dots.
  7. On the Deploy panel:
    1. Enter a Name for the Kubernetes container.

      NOTE:

      The cluster name can consist of lowercase, numeric, and hyphen characters.

      Do not specify restricted characters <>={}(),";& in the container name.

    2. From the Project drop-down menu, select a project into which to deploy the Kubernetes container.
    3. From the Zone drop-down menu, select a zone containing a previously deployed Kubernetes cluster.
    4. (Optional) From the Version drop-down menu, select the latest version to deploy the Kubernetes container. If you do not select a version, by default the latest version (the first version listed in the drop-down list) is installed.
    5. (Optional) Enter User data.
    6. If you have selected the image from Docker Hub in the Catalog, enter the Service Input.

      These ports are opened on the container for incoming (ingress) traffic.

      NOTE:

      For information about the application that can help you determine the User Data and Service Input to enter, select the application on the Catalog screen, then click the Detailed Description link under the application name.

  • Click Deploy.

    The deployment of a Kubernetes container takes approximately two minutes.

    After the container is deployed, you can view the details of the created container in your project.

Updating a Kubernetes application deployment

After a Docker Hub or Helm Chart application is deployed to a Kubernetes cluster, you can update the application to a newer version.

Prerequisites
  • The administrator or consumer deployed an application to a Kubernetes cluster.

Procedure
  1. From the HPE OneSphere main menu, click Projects.
  2. On the Projects screen, click the project name into which the Docker Hub or Helm Chart was deployed.
  3. On the selected project screen, click Deployments.
  4. On the Deployments screen, select the Docker Hub or Helm Chart deployment you want to update.
  5. Click the Update Deployment link below the deployment name. The Update Deployment panel is displayed.
  6. On the Update Deployment panel, click the down arrow next to Version, and select a new version for your deployment.
  7. Click Update Deployment.

Deploying an AWS CloudFormation (CFN) template to AWS

AWS CloudFormation templates state the various resource objects that are required in a specific deployment within an AWS account. A template can be a single virtual machine instance (an AWS service) or a combination of virtual machines, container services, and other AWS services (DNS, load balancing, databases, firewalls, and so on) to deploy a full application stack (AWS App Frameworks).

For more information, see AWS CloudFormation Documentation and AWS CloudFormation sample templates.

Deploy an AWS CloudFormation (CFN) template registered in the HPE OneSphere catalog to AWS. 

Prerequisites

The administrator:

Procedure
  1. From the HPE OneSphere main menu, click Projects.

    (Administrator users can click Catalog, and skip step 2, 3, and 4.)

  2. Click a project that you want to associate with the CloudFormation stack deployment.
  3. On the Projects screen, click Deployments.

    Members of the selected project can view and manage the CloudFormation stack after it is deployed.

  4. From the top right corner, click the plus sign  to the right of Deployments. The Catalog screen opens.
  5. Browse or search the catalog for a template labeled AWS CFN Templates.

    The catalog items deploy a CloudFormation stack on AWS.

  6. Click the three dots in the lower right corner of the catalog item, then select Deploy.
    If you selected the item, deselect it to see the three dots.
  7. On the Deploy panel:
    1. Enter a Name of the new deployment.

      NOTE:

      Be sure to specify a unique name. HPE OneSphere does not prevent you from specifying a duplicate name if another CloudFormation stack deployment is occurring at the same time.

      Do not specify restricted characters <>={}(),";& in the CloudFormation stack name. These characters are used as dimension values in the HPE OneSphere monitoring service.

    2. From the Project drop-down menu, select the project in which you want to deploy the CFN template.
    3. From the Region drop-down menu, select the region from the drop-down list into which to deploy the CloudFormation stack. All enabled regions of the Public Provider are listed.
    4. From the Version drop-down, select the version of the application you want to deploy.
    5. Fill in the remaining fields with the appropriate parameters that appear after you select the version.
       
      To find the information required by these fields, refer to the file (json, yml, and template) for the template you registered. You can also select the template on the Catalog screen; click the Detailed Description link under the template name.
    6. (Optional) Click Customize Deployment to see additional parameters. These parameters display the default values that are set on the CFN template.
  8. Click Deploy.

    After the application is deployed, you can view the details of the created application in your project.

    You can also verify the application deployed successfully by logging into your https://console.aws.amazon.com account. After you log in, select the Region, and under Service select the CloudFormation.

Deploying an Open Service Broker (OSB) service to AWS

Open Service Broker is a standard API that allows you to deliver services to applications running within cloud native platforms. After registering services offered by third party OSB brokers into the HPE OneSphere Catalog, you can deploy OSB images into your AWS project.

Refer to the Open Service Broker specification to create a template and the Open Service Broker API for more information.

After you deploy an OSB service, you cannot update it to make changes (for example, to change the name).

Prerequisites

The administrator:

Procedure
  1. From the HPE OneSphere main menu, click Projects.
  2. Click a project that you want to associate with the OSB deployment.

    Members of the selected project can view and manage the OSB deployment after it is deployed.

  3. On the Projects screen, click Deployments.
  4. From the top right corner, click the plus sign  to the right of Deployments. The Catalog screen opens.
  5. Browse or search the catalog and select a template from the catalog labeled Open Service Broker, or filter the results to show only Open Service Broker image.

    The selected image is the software that will be deployed in the project.

  6. Click the three dots in the lower right corner of the catalog item, then select Deploy.
  7. On the Deploy panel:
    1. Enter a Name for the new OSB image deployment.

      NOTE:

      Be sure to specify a unique name. HPE OneSphere does not prevent you from specifying a duplicate name if another OSB image is being deployed at the same time.

      Do not specify restricted characters <>={}(),";& in the OSB deployment name. These characters are used as dimension values in the HPE OneSphere monitoring service.

    2. From the Project drop-down menu, select the project where the OSB image will be deployed.
    3. From the Version drop-down list, select the version type of OSB image.
    4. Fill in the remaining fields that appear after you select the version.

      NOTE:

      To find the information required by these fields, refer to the OSB template you registered. You can also select the template on the Catalog screen, then click the Detailed Description link under the template name.

      HPE OneSphere does not recognize minLength and maxLength for string, securestring, and array.

      HPE OneSphere does not recognize minLength and maxLength for string, securestring, and array.

  • Click Deploy.

    After the OSB image is deployed, you can view the details of the created OSB deployment in your project.

Deploying an Azure Resource Manager application to a Microsoft Azure public cloud

Deploy an application to Microsoft Azure using an Azure Resource Manager (ARM) template registered in the HPE OneSphere catalog.

ARM templates are JSON files that define the resources, including virtual machines, that you need to deploy for your solution.

For more information, see Azure Resource Manager Documentation and Azure Quickstart Templates.

Prerequisites

The administrator:

Procedure
  1. From the HPE OneSphere main menu, click Projects.

    (Alternatively, click Catalog, and skip steps 2, 3, and 4.)

  2. Click a project that you want to associate with the application deployment.
  3. On the Projects screen, click Deployments.

    Members of the selected project can view and manage the application after it is deployed.

  4. From the top right corner, click the plus sign  to the right of Deployments to open the Catalog screen.
  5. Browse or search the catalog and select a Template from the catalog labeled Azure ARM Templates.

    The selected Template is the application that will be deployed on the Microsoft Azure.

  6. Click the three dots in the lower right corner of the catalog item, then select Deploy.
  7. On the Deploy panel:
    1. Enter a Name for the new application.

      NOTE:

      Be sure to specify a unique name. HPE OneSphere does not prevent you from specifying a duplicate name if another virtual machine deployment is occurring at the same time.

      Do not specify restricted characters <>={}(),";& in the application name. These characters are used as dimension values in the HPE OneSphere monitoring service.

    2. From the Project drop-down menu, select the project you want to assign your application deployment to.
    3. From the Version drop-down, select the version of the application you want to deploy.

      NOTE:

      Updating an Azure application to a new version is not currently supported.

    4. Fill in the remaining fields that appear after you select the version.

      NOTE:

      You must specify a new, unique resource group for each deployment.

      To find the information required by these fields, refer to the .json file for the template you registered. You can also select the template on the Catalog screen, then click the Detailed Description link under the template name.

    5. (Optional): Click Customize Deployment to see additional parameters. These parameters display the default values that are set in the ARM Template. You can change these parameters on this screen.
  8. Click Deploy.

    After the application is deployed, you can view the details of the created application in your project.

    You can also verify the application deployed successfully by logging into your https://portal.azure.com account and clicking Resource Groups. If access details are available with your Template, you will be able to see access details in your deployment in the Access section.

Creating an SSH public key pair

Create a key pair to use SSH to log in to a virtual machine instance after it is deployed.

Procedure
  1. Create an SSH public key pair. From the command line of a workstation or PC accessible to the browser used to access HPE OneSphere, enter:
    ssh-keygen -t rsa -f cloud-key

    This command generates two files:

    • cloud-key, a private key you keep secret

    • cloud-key.pub, a public key you enter on the HPE OneSphere Virtual Machine panel

      You enter the public key when you deploy a virtual machine to the public cloud or private cloud.

  2. (Optional) Log in to the deployed virtual machine from the command line.
    ssh -i cloud-key username@vm-instance-ip-address

    You can also log in to the deployed virtual machine in HPE OneSphere. Under Projects, select a deployment, then click the Console icon.

    The console is launched if the proper routing and firewall rules are in place from the host to your local client.