Creating a Hyper Protect Virtual Server instance

You can provision a Hyper Protect Virtual Server instance on the Secure Service Container partition by using the hpvs-op-ssh base image provided in the IBM Hyper Protect Virtual Servers, and later connect to the instance by using the secure shell. This is useful when you want to debug your application deployed in the Hyper Protect Virtual Server container before publishing the application into your production environment. You can also provision a Hyper Protect Virtual Server instance on the Secure Service Container partition by using the hpvs-op base image provided in the IBM Hyper Protect Virtual Servers when you want to deploy your application in the Hyper Protect Virtual Server container for your production environment.

This procedure is intended for users with the role cloud administrator.

Before you begin

  • Refer to the checklist that you prepared for the Hyper Protect Virtual Server this topic in the topic Planning for the environment.

  • Ensure the IBM Hyper Protect Virtual Servers CLI is ready for use. For more information, see Setting up the environment by using the setup script.

  • You can use the hpvs host list command to verify if a host is already set. When multiple hosts are available, and you want to use a particular host, you can use the hpvs host set command. For more information about the hpvs host commands, see Commands in IBM Hyper Protect Virtual Servers.

  • Use the following commands to generate and export the SSH public key as the environment variable for the instance provisioning. Setting a passphrase for the key is not supported.

    ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f $HOME/hpvs/config/hpvsopbasessh/id_rsa

    Run the following command to convert the .pub file to base64 format.

    echo $(cat $HOME/hpvs/config/hpvsopbasessh/id_rsa.pub | base64)| tr -d ' ' > /$HOME/hpvs/config/hpvsopbasessh/keys/id_rsa_base64.pub

    Note: Applicable only for a virtual server created by using the hpvs-op-ssh base image.

Procedure

Choose one of the options to provision the instance: * By using the yaml configuration file and hpvs deploy command * By using the hpvs vs create command

By using the yaml configuration file and hpvs deploy command

This is the recommended option to provision the instance because of it's ease of use and is also an easier method of creating multiple instances quickly.

  1. Update the template file $HOME/hpvs/config/templates/virtualserver.template.yml based on the networking configuration, quotagroup and resource settings of the Hyper Protect Virtual Server instance if necessary. You must specify the details for the network based on your network configurations. The vs_hpvsopbasessh.yml that has the configuration details for the virtual server refers to the corresponding sections of the virtualserver.template.yml when you run the hpvs deploy command. For example, the resourcedefinition: ref value refers to the resourcedefinitiontemplate definition in the template file. The quotagroup: ref value refers to the quotagrouptemplates definition in the template file. The network: ref value refers to the networktemplates definition in the template file.

    version: v1
type: virtualserver-template
networktemplates:
- name: external_network
  subnet: "10.20.4.0/22"
  gateway: "10.20.4.1"
  parent: "encf900"
  driver: "macvlan"
- name: internal_network
  subnet: "192.168.40.0/24"
  gateway: "192.168.40.1"
  parent: "encf900"
  driver: "bridge"
quotagrouptemplates:
# Passthrough quotagroup templates - A quotagroup will be dynamically created based
# on the template and attached as single volume mount point to the virtual server.
# Allowed filesystem types for the passthrough type quogagroup are btrfs, ext4, xfs
- name: p-small
  size: 20GB
  filesystem : ext4
  passthrough: true
- name: p-medium
  size: 50GB
  filesystem : ext4
  passthrough: true
- name: p-large
  size: 100GB
  filesystem : ext4
  passthrough: true
- name: p-xlarge
  size: 200GB
  filesystem : ext4
  passthrough: true
- name: p-xxlarge
  size: 400GB
  filesystem : ext4
  passthrough: true
# Non passthrough quotagroup definitions - This quotagroups can be shared by
# creating multiple volume mountpoints with the same virtual server or multiple
# virtual server.  A non passthrough quotagroup will be dynamically created based
# on the template and attached as volume mount points to the virtual server.
# Only brtfs filesystem is supported in non passthrough quotagroups
# mount points attached to virtual server can have filesystem btrfs, ext4, xfs
- name: np-small
  size: 20GB
  passthrough: false
- name: np-medium
  size: 50GB
  passthrough: false
- name: np-large
  size: 100GB
  passthrough: false
- name: np-xlarge
  size: 200GB
  passthrough: false
- name: np-xxlarge
  size: 400GB
  passthrough: false
resourcedefinitiontemplates:
- name: default
  cpu: 1
  memory: 1024
- name: small
  cpu: 2
  memory: 2048
- name: large
  cpu: 4
  memory: 4096
- name: xl
  cpu: 8
  memory: 8192
- name: xxl
  cpu: 12
  memory: 12288

    For more information about the template file for a Hyper Protect Virtual Server instance, see Virtual server template file.

  2. Create the configuration yaml file $HOME/hpvs/config/hpvsopbasessh/demo_server_configfile.yml for the instance by referring to the example file $HOME/hpvs/config/hpvsopbasessh/vs_hpvsopbasessh.yml. The following is an example of a vs_hpvsopbasessh.yml file.

    version: v1
type: virtualserver
virtualservers:
- name: test-hpvsopbasessh
  host: SSC_LPAR_NAME
  hostname: hpvsopbasessh-container
  repoid: HpvsopBaseSSH
  imagetag: 1.2.7.2
  imagefile: HpvsopBaseSSH.tar.gz
  imagecache: true
  resourcedefinition:
     ref: small
  environment:
   - key: LOGTARGET
     value: "/dev/console"
   - key: ROOTFS_LOCK
     value: "y"
   - key: ROOT_SSH_KEY
     value: "@/root/hpvs/config/hpvsopbasessh/keys/id_rsa_base64.pub" # provide ssh key in base64 format
   - key: RUNQ_ROOTDISK
     value: newroot
  networks:
   - ref:  external_network
     ipaddress: 10.20.4.12
  volumes:
   - name: qg_hpvsopbasessh
     ref : np-medium
     mounts:
      - mount_id: newroot
        mountpoint: /newroot
        filesystem: ext4
        size: 10GB
        reset_root: false
      - mount_id: data
        mountpoint: /data
        filesystem: ext4
        size: 10GB

    Note:

    • You must configure the mount point as /newroot when you deploy the HpvsopBaseSSH image.
    • For creating a virtual server using the hpvs-op base image, use the vs_hpvsopbase.yml configuration file.
    • resourcedefinition: ref value refers to the resourcedefinitiontemplate definition in the template file.
    • quotagroup: ref value refers to the quotagrouptemplates definition in the template file.
    • network: ref value refers to the networktemplates definition in the template file.
    • When you specify @ at the beginning of a file path, it indicates that the path mentioned is read as a file and the content within the file is assigned as the value.
    • For more information about the configurations for a Hyper Protect Virtual Server instance, see Virtual server configuration file.
    • In this example, the network definition is for an external network. For more information on other network configurations, see Network requirements for Hyper Protect Virtual Server.
    • For more information about quotagroups in IBM Hyper Protect Virtual Servers, see Overview of quotagroups for IBM Hyper Protect Virtual Servers.

  3. Create the instance by using the configurations in the yaml file.

    hpvs deploy --config $HOME/hpvs/config/hpvsopbasessh/demo_server_configfile.yml

    If you create a new template file and refer to the this template file from the virtual server configuration file, then you must add the --template parameter to specify the absolute path to the template file when running the hpvs deploy command.

    Note:

    • You can use the hpvs undeploy command to delete this virtual server. For more information, see Undeploying virtual servers.
    • You can update the resources or configuration of a virtual server after the completion of the deploy operation by using the -u, or the --update flag of the hpvs deploy command. For more information, see Updating virtual servers.

By using the hpvs vs create command

  1. Load the hpvs-op-ssh base image to the Secure Service Container partition.

    hpvs image load --file=$HOME/hpvs/config/hpvsopbasessh/images/HpvsopBaseSSH.tar.gz

    Note: For creating a virtual server using the hpvs-op base image, use the HpvsopBase.tar.gz image from the $HOME/hpvs/config/hpvsopbase/images/ directory. For creating a virtual server using the hpvs-op-ssh base image, use the HpvsopBaseSSH.tar.gz image from the $HOME/hpvs/config/hpvsopbasessh/images/ directory.

  2. Create the quotagroup for the instance. The following is an example.

    hpvs quotagroup create --name qg_hpvsopbasessh --size=40GB

    Note: If you create a non-passthrough quotagroup for the instance, ensure that you specify a value that is at least 5 GB greater than the size you require for the virtual server.
    For more information about the hpvs quotagroup command, see Commands in IBM Hyper Protect Virtual Servers. For more information about quotagroups in IBM Hyper Protect Virtual Servers, see Overview of quotagroups for IBM Hyper Protect Virtual Servers.

  3. Create the network for the instance to be connected externally. The following is an example.

    hpvs network create --name external_net --driver macvlan --parent encf900 --subnet 10.20.4.0/22 --gateway 10.20.4.1

    For more information about the hpvs network command, see Commands in IBM Hyper Protect Virtual Servers. For more information about the network in IBM Hyper Protect Virtual Servers, see Network requirements for Hyper Protect Virtual Server.

  4. Create the network for the instance to be connected within your intranet. The following is an example.

    hpvs network create --name internal_net --driver bridge --parent encf900 --subnet 192.168.40.0/24 --gateway 192.168.40.1

  5. Create the instance. The following is an example.

    hpvs vs create --name demo_server --repo HpvsopBaseSSH --tag 1.2.7.2 \
--cpu 2 --ram 2048 --env={LOGTARGET=/dev/console,ROOTFS_LOCK=y,ROOT_SSH_KEY="$key",RUNQ_ROOTDISK=new} \
--quotagroup "{quotagroup = qg_hpvsopbasessh, mountid = new,mount = /newroot, filesystem = ext4, size = 30GB, reset_root = true}" \
--network "{name = external_net, ip = 10.20.4.12}" --network "{name = internal_net,ip = 192.168.40.23}"

    Note:

    • You must configure the mount point as /newroot when you deploy the HpvsopBaseSSH, or HpvsopBase image.
    • For creating a virtual server using the hpvs-op base image, use the repo ID HpvsopBase, and for the virtual server using the hpvs-op-ssh base image, use the repo ID HpvsopBaseSSH.
    • In this example, the network definition is for an external network and an internal network. For more information on other network configurations, see Network requirements for Hyper Protect Virtual Server.
    • For more information about quotagroups in IBM Hyper Protect Virtual Servers, see Overview of quotagroups for IBM Hyper Protect Virtual Servers.
    • You can update the resources or configuration of a virtual server after the virtual server is created by using the hpvs vs update command. For more information, see Updating Hyper Protect Virtual Server containers.

Next

You can connect to the provisioned Hyper Protect Virtual Server instance by using the secure shell and the respective private key. For example,

ssh root@10.20.4.12 -i $HOME/hpvs/config/hpvsopbasessh/id_rsa

Note: Applicable only for a virtual server created by using the hpvs-op-ssh base image.