Deploy an OpenNebula Front-end on AWS

In this tutorial, we’ll install an OpenNebula Front-end in under ten minutes, using miniONE, the installation script provided by OpenNebula.

We’ll install our OpenNebula Front-end on a Virtual Machine in AWS. In later sections of this Quick Start Guide, you can use this Front-end to provision additional resources — such as Edge clusters or Kubernetes clusters — on your OpenNebula cloud.

To complete this tutorial, you will need an AWS account with the capacity to create a virtual machine and obtain public IP addresses.

miniONE is a simple Bash script. It automatically downloads, installs and configures an OpenNebula Front-end and all necessary components to manage and run virtual machines.

To install an OpenNebula Front-end using miniONE, we’ll need to complete the following high-level steps:

  1. Prepare the AWS VM where we’ll install miniONE.

  2. Update the OS in the VM.

  3. Download and run the miniONE script.

  4. Verify the installation.

The cloud environment installed by miniONE is mainly intended for evaluation, development and testing. However, it can also serve as a base for larger short-lived deployments.

Note

To complete this tutorial, you will need to log in to a remote Linux machine via SSH. If you follow this tutorial on a Windows machine, you will need to use an SSH client application such as PuTTY.

Tip

For a list of options supported by the script, run bash minione -h. The script supports several types of installations (such as installing a Front-end and a KVM hypervisor node) which are not covered in this tutorial.

Step 1. Prepare the VM in AWS

In order to SSH into the EC2 VM, you need to pass the correct user and PEM file (you can create one and download it prior to launching the instance). You’ll then be connecting to your Front-end using a command similar to:

As a first step, if you don’t already have one, create an account in AWS. AWS publishes a complete guide: How do I create and activate a new AWS account?

After you have created your account, you’ll need to obtain the access_key and secret_key of a user with the necessary permissions to manage instances. The relevant AWS guide is Configure tool authentication with AWS.

Next, you need to choose the region where you want to deploy the new resources. You can check the available regions in AWS’s documentation: Regions, Availability Zones, and Local Zones.

To run the miniONE script on AWS, you will need to instantiate a virtual machine with a supported operating system and the latest software updates, and without any customizations.

Supported operating systems:

  • RHEL/AlmaLinux 8 or 9

  • Debian 11 or 12

  • Ubuntu 22.04 or 24.04

Minimum hardware:

  • 4 GiB RAM

  • 80 GiB free disk space

Configuration:

  • Access to the privileged user (root) account

  • A public IP address

  • An SSH server running on port 22

  • Open ports:

    • 22 (SSH)

    • 80 (for the Ruby Sunstone GUI)

    • 2616 (for the FireEdge GUI)

    • 5030 (for the OneGate service)

Tip

To quickly deploy a suitable VM, browse the AWS AMI Catalog and select Ubuntu Server 24.04 LTS (HVM), SSD Volume Type:

../../_images/minione-aws-ubuntu24.04.png

Below is an example of a successfully-tested configuration (though by no means the only possible one):

  • Region: Frankfurt

  • Operating System: Ubuntu Server 24.04 LTS (HVM)

  • Tier: t2.medium

  • Open ports: 22, 80, 2616, 5030

  • Storage: 80 GB SSD

When configuring the VM, ensure to assign enough storage (by editing the Storage tab), since by default the VM is only assigned 8GB.

Likewise, ensure that the ports mentioned above are open for incoming connections, by editing the Security Group for the VM:

../../_images/aws_security_groups.png

When configuration is finished, launch an instance of the VM. (See Amazon’s tutorial if you have any doubts.) Once the VM is up and running we’ll need to log in to it, by following the steps below.

Step 1.1. Log in to the EC2 VM

To log in to your EC2 VM using SSH, you will need to generate a key pair (public and private key) for your Amazon EC2 instance. You will use your private key to log in to your EC2 VM.

You can generate a key pair from within Amazon EC2 itself. You can download the private key as a PEM file, and use this file to connect to your EC2 VM using SSH.

For complete instructions on creating key pairs and connecting to your Linux instance, see the AWS documentation: Create a key pair for your Amazon EC2 instance and Connect to your Linux instance from Linux or macOS using SSH.

After downloading the PEM file, make sure to set its file permissions to read-only, for the user only. On Linux, you can set these permissions with chmod 400 <PEM file>, for example chmod 400 ~/.ssh/aws_pemfile.pem.

To log in to your EC2 VM, use ssh as user ubuntu, specifying the PEM file you downloaded, by running this command:

ssh <public IP of the VM> -l ubuntu -i <PEM file>

For example:

ssh <IP> -l ubuntu -i ~/.ssh/aws_pemfile.pem

Warning

Ensure you have set the appropriate permissions for the PEM file, or for security reasons SSH will refuse to connect.

Step 1.2. Update the VM Operating System

Once you have logged in to the VM as user ubuntu, use the sudo command to become the root user (no password is required):

sudo -i

Then, update the system to its latest software packages by running the following command:

apt update && apt upgrade

After updating, you will probably need to restart the VM to run the latest kernel. Check the output of the apt upgrade command for lines similar to the following:

Pending kernel upgrade!
Running kernel version:
  6.8.0-1012-aws
Diagnostics:
  The currently running kernel version is not the expected kernel version 6.8.0-1014-aws.

In this example, you need to restart the VM in order to upgrade to kernel 6.8.0-1014-aws. To restart the VM, run:

shutdown -r now

You will be immediately logged out of the VM as it restarts. Wait a few moments for the VM to finish rebooting, then log in again using the same procedure as before. After logging back into the VM, you can check the running kernel version with:

uname -a

For example, in this case:

$ uname -a
Linux ip-172-31-3-252 6.8.0-1014-aws #15-Ubuntu SMP Thu Aug  8 19:13:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Your AWS VM is now ready. In the next steps, we’ll download the miniONE script, upload it to the VM, and run the installation.

Step 3: Download and install miniONE

To download miniONE, please fill the required form.

Step 3.1. Copy the miniONE script to the AWS VM

After downloading miniONE, you will need to copy it to your AWS VM.

  • On Linux and Mac:

    If you’re on Linux, you can copy it with the scp command, providing the same user and PEM file as when logging in via SSH. For example, the command below copies the miniONE script to the ubuntu user’s home directory:

    scp -i <path to PEM file> <path to minione script> ubuntu@<public IP of the VM>:~

  • On Windows:

    You can use either of two methods:

    • The GUI tool WinSCP, which allows you to copy files by drag-and-drop

    • The command-line tool PuTTY Secure Copy, which emulates the Unix scp tool.

    For both methods you will need to provide the private key file for authentication.

Step 3.2. Run the miniONE script on the AWS VM

After copying the miniONE script to the VM, log in to the VM (as described above).

Use the sudo command to become the root user:

sudo -i

If necessary, use the cd command to navigate to the folder where you copied the miniONE script. For example, if you copied it to the home directory of user ubuntu run:

cd ~ubuntu

Next, ensure that the minione file has execute permissions, by running:

chmod +x minione

To install miniONE, run as root:

bash minione --frontend

The miniONE script will begin the installation, logging output to the terminal. Installation may take about a minute. When it’s finished, miniONE shows a report with connection parameters and login credentials:

### Report
OpenNebula 6.10 was installed
Sunstone is running on:
http://<omitted>/
FireEdge is running on:
http://<omitted>:2616/
Use following to login:
   user: oneadmin
   password: lCmPUb5Gwk

At this point, you have successfully installed miniONE. OpenNebula services should be running, and the system should be ready for your first login.

Important

In this configuration, the Ruby and FireEdge Sunstone endpoints, and the OneGate endpoint expose HTTP on a public network interface. miniONE is an evaluation tool, and this configuration should not be used in production environments.

Step 4: Verify the Installation

We will verify the installation by logging in to OpenNebula’s FireEdge Sunstone GUI.

Note

When running miniONE within an AWS instance, the reported IP may be a private address that’s not reachable over the Internet. Use the instance’s public IP address to connect to the FireEdge and Ruby Sunstone services.

Point your browser to the FireEdge IP and port provided by the miniONE output shown above, i.e. <public IP>:2616. You should be greeted with the Sunstone login screen:

../../_images/sunstone-login.png

In the Username input field, type oneadmin. For Password, enter the password provided by miniONE, then press Enter or click SIGN IN.

The screen should display the Sunstone Dashboard:

../../_images/sunstone-dashboard.png

This is the default view for cloud administrators. From this view in Sunstone, you have complete control over your OpenNebula infrastructure. (The Cloud View interface is much simpler, intended for end users.) To explore what you can do in the GUI, open the left-hand panel by clicking on the hamburger icon on the top left:

../../_images/sunstone-dashboard_hamb_menu.png

Congratulations — you have deployed an OpenNebula Front-end node, which is ready to provision resources on cloud infrastructure.

Next Steps

You can now try out the GUI-based automatic provisioning features in the Operations Guide to quickly and easily add a remote Edge Cluster on AWS to your shiny new OpenNebula cloud!