You ask for a certain amount of resources (CPUs, RAM, Disk Space). Safe Swiss Cloud provisions these resources and creates your cloud for you.
As a client you get access to the web control panel for your cloud. Through this interface you can create virtual machines, templates, network configurations and lots more.
We use the Interxion data center in Glattbrugg, near Zürich. This facility meets the requirements of the Swiss financial regulator FINMA - see the following KPMG document for the details: FINMA-RS 08/7: Outsourcing - banks
Limited support is available on a best effort basis between 08:00 to 20:00 Central European Time (CET - Switzerland).
If you are logged in to the website https://www.safeswisscloud.ch request support here: https://www.safeswisscloud.ch/en/node/add/support-ticket
If you forgot your password you can request support here without logging in:
Support contracts that guarantee certain service levels (SLAs) are available on request:
Please contact us if you need an SLA or a "Managed Service".
We use superior open source technologies to provide best of breed services for our clients.
This allows a client to move their computing and storage clouds to other providers with the same technology or move it in house if appropriate.
We are doing everything we can to ensure that there is no lock in and the data and systems are portable.
Conversions from AWS to our Compute Cloud offering are also supported through our AWS compatible APIs. You can run your AWS scripts to get your systems running on Safe Swiss Cloud.
You can reset your Safe Swiss Cloud Control panel password by going to My Account (if you are logged in) on the Safe Swiss Cloud website (https://www.safeswisscloud.ch). If you are not logged in, please login by going to https://www.safeswisscloud.ch/user or click the Login link at the top right hand corner of the Safe Swiss Cloud website.
Once logged in, you will be able to reset the password of your VDC from the "My Account" area.
If you forgot your password to the Safe Swiss Cloud website, please click on https://www.safeswisscloud.ch/en/user/password to request a password reset.
If you need additional help, you can always raise a ticket by going to the support tab of the "My Account" area on the Safe Swiss Cloud website.
Contact Safe Swiss Cloud support at Tel: +41 43 541 5704 if you still need help.
WARNING: We will never send you emails asking for your password. In fact we should never know your password. Do not ever give your password to anybody you do not trust and never share your password by Email.
Safe Swiss Cloud allows its users to install their own OpenShift cluster in their own private environment. This FAQ explains how to setup a private OpenShift cluster in Safe Swiss Cloud.
The cluster will be deployed by performing the following steps:
Use the "Openshift-deployer (experimental)" template in the Community section of templates in Safe Swiss Cloud. This experimental template is currently available only in the cloud region swiss2.
1. Deploy new vm from 'openshift-deployer' template into desired network. This template is password enabled, you will get root password after successful deployment.
2. Login into Deployer VM. If you allocated IP address for SSH access, then: etwork > VPC > Configure > Public IP addresses > Select IP > Enable Static NAT >and select your VM (or configure port forwarding). Otherwise use console for access
3. Login to deployer under root account
4. Change directory:
cd /opt
5. modify configuration file "hosts" file and update next sections and values:
vi hosts
[OSEv3:vars] section
api_server - Cloudstack API endpoint.
Sample:
api_server=https://swiss2.safeswisscloud.ch/client/api
api_key - your user API key. can be found at: Accounts > Select user > Click View Users > Select User
api_secret - your user API secret.
Sample:
api_key="gIqrOFs90BJSHCX2sMlPJx6FnBFjAda56jhf53uk00r15MHsznwPRDj5-AbexDOEZGZ4xcNGaokk_s1B5Cc"
api_secret="E5Ku2e12qoFVsg0D84YQ3fH7vp67cQ9TbFeHFC--xkfDDllgDCHRESAhBYgJG7RczpDEOYPSKJhGK4SGTB"
vm_network - Cloudstack / Safe Swiss Cloud network name: you must use the network in which the deployer VM is running
Sample:
vm_network="my-network01"
lb_ip_address - white IP address that was allocated for Load Balancer. Should not be assigned to any VM.
Sample:
lb_ip_address="185.39.123.123"
openshift_master_cluster_public_hostname - this host name should point to the Load Balancer IP address. Needs to be publicly resolvable (i.e. make a DNS entry or add it to your PC/Mac/Linux desktops /etc/hosts file.
openshift_master_default_subdomain - sub-domain for applications e.g. apps.mydomain.net, needs to be publicly resolvable, used for application web access
Sample:
openshift_master_cluster_public_hostname=openshift.safeswisscloud.net
openshift_master_default_subdomain=apps.safeswisscloud.net
[masters] section
List of master nodes. Should be in format: "<hostname>".
Sample:
[masters]
openshift-master01
openshift-master02
openshift-master03
[nodes] section
This section should contain list of compute nodes that will be used for application running. At least for one node must be specified additional parameter 'openshift_node_labels' with region='infra' inside, see sample. This is requirements for running router, console and docker registry container on this node.
Sample:
[nodes]
openshift-node01
openshift-node02
openshift-node03
[new_nodes] section
Leave this section empty
[new_masters] section
Leave this section empty
5. When you finish with inventory file, start deployment process with commands:
cd /opt
./prepare_vm.sh
./deploy_openshift.sh
Deployment process takes some time and at the end you should see statistic. Check that 'failed' field equals zero for each node
Sample:
PLAY RECAP *********************************************************************
localhost : ok=10 changed=0 unreachable=0 failed=0
openshift-master01 : ok=633 changed=171 unreachable=0 failed=0
openshift-master02 : ok=461 changed=126 unreachable=0 failed=0
openshift-master03 : ok=461 changed=126 unreachable=0 failed=0
openshift-node01 : ok=256 changed=56 unreachable=0 failed=0
openshift-node02 : ok=256 changed=56 unreachable=0 failed=0
openshift-node03 : ok=256 changed=56 unreachable=0 failed=0
For cluster status check execute next command from Deployer VM. Replace 'openshift-master01' with your any master node name:
ssh openshift-master01 oc get all
As result you will see cluster status, uptime, number of pods. Check that all pods up and running:
NAME READY STATUS RESTARTS AGE
po/docker-registry-1-fkkn8 1/1 Running 0 24m
po/registry-console-1-ec3sl 1/1 Running 0 23m
po/router-1-xe774 1/1 Running 0 24m
Status of compute nodes you can check as:
# ssh openshift-master01 oc get nodes
NAME STATUS AGE
openshift-master01.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-master02.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-master03.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-node01.safeswisscloud.net Ready 29m
openshift-node02.safeswisscloud.net Ready 29m
openshift-node03.safeswisscloud.net Ready 29m
Please be aware about 'openshift_master_cluster_public_hostname' variable in hosts file and check if you can resolve it via DNS. This name should point to load balancer IP address. Try to login into console:
https://<openshift_master_cluster_public_hostname>:8443/
Default credentials to login to the OpenShift Console is 'admin'/'admin'
1. login to Openshift GUI
2. In case it is first usage, you will see Welcome page, press New Project. Enter project name 'my-project1' and press 'Create' button. If you already created project, just press 'Add to Project'
3. Now you need select how application will be deployed. You have three chooses: Browse Catalog, Deploy Image and import YAML/JSON. We will deploy our application from docker hub, so press 'Deploy Image' tab.
4. Click 'Image Name' and print 'jenkins' and press Enter.
5. Now you can see metadata from Jenkins container. Press 'Create' at the bottom of the page. You will see summary and command line helpers.
6. Press 'Continue to overview' link
7. Wait until deployment finished. Now we will create route for this application. Select Applications > Routes > Create Route. Enter desirable route name, i.e. 'jenkins'. You can enter Hostname here or it will be generated automatically from your application and project name. Press 'Create' button.
8. Now you can see new route in Routes list. Note about Hostname - this is HTTP address of your application. Add it to DNS server records or local /etc/hosts file.
9. Try to access http://jenkins-my-project1.apps.safeswisscloud.net URL and check that application running
You can easily scale out cluster by adding new nodes with the following steps:
1. Edit inventory file 'hosts', and add new nodes to section [new_nodes] or [new_masters], depending which type of node you want to add.
Sample:
[new_nodes]
openshift-node04
2. Execute VM deployment script:
./prepare_vm.sh
3a. In case you adding master node, execute:
ansible-playbook -i hosts openshift-ansible/playbooks/byo/openshift-master/scaleup.yml
3b. In case you adding compute node, execute:
ansible-playbook -i hosts openshift-ansible/playbooks/byo/openshift-node/scaleup.yml
4. Edit 'hosts' file again and transfer newly added node to correspondent section [masters] for master node and [nodes] for compute node.
Sample:
[nodes]
openshift-node01
openshift-node02
openshift-node03
openshift-node04
5. Verify that new node was added successfully. Execute from deployer node:
ssh <any_master_node_name> oc get nodes
Sample:
# ssh openshift-master01 oc get nodes
NAME STATUS AGE
openshift-master01.safeswisscloud.net Ready 3h
openshift-master02.safeswisscloud.net Ready 3h
openshift-node01.safeswisscloud.net Ready 3h
openshift-node02.safeswisscloud.net Ready 3h
openshift-node03.safeswisscloud.net Ready 3h
openshift-node04.safeswisscloud.net Ready 14m
You can remove all VM's with command
./clean_vm.sh
Beware: this will delete your cluster completely and all deployed applications and data will be lost.
In order to cancel the Safe Swiss Cloud VDC account, the customer needs to go to his User page (Manage account>>Account) at the Safe Swiss Cloud Portal.
If the Safe Swiss Cloud Portal account of a customer has not been blocked permanently by the Safe Swiss Cloud administration, a customer may enable his Safe Swiss Cloud VDC account by clicking on "Enable account" button at his User page (Manage account>>Account).
If the Safe Swiss Cloud VDC account was enabled successfully, the customer is again able to login to his Safe Swiss Cloud VDC account.
Note! If a customer has running Virtual Machines (VMs), these VMs are stopped after cancelation. A customer might start the VMs again after re-activation of his Safe Swiss Cloud VDC account.
Our customer is able to involve his team members in the process of the Safe Swiss Cloud VDC account management.
Our customer, as VDC holder is a Parent user. Via the Safe Swiss Cloud Portal a Parent user is able to create one or more Sub-users. Each Sub-user will obtain access to his Safe Swiss Cloud Portal sub-account.
We provide two different levels of access for:
The difference between Accounting staff Sub-users and Technical staff Sub-users are described in the following use case table
| Use case | Technical staff | Accounting staff | |
| 1 | Sub-user has the possibility to see/create/edit all tickets related to the parent customer account (VDC holder) | Yes | Yes |
| 2 | Sub-user has accesses to the Usage table with Total resource cost per month. | Yes | Yes |
| 3 | Two-factor authentication (TFA) | Yes | Yes |
| 4 | Sub-user has full access to VDC account owned by VDC holder (parent customer) | Yes | No |
| 5 | Sub-user can add VPC and VR to VDC via Safe Swiss Cloud Portal tools | Yes | No |
| 6 | Sub-user can change his user password to VDC via Safe Swiss Cloud Portal | Yes | No |
| 7 | Sub-user has the possibility to change billing information. | No | Yes |
| 8 | Sub-user has the possibility to request a currency change (CHF/EURO). | No | Yes |
| 9 | Sub-user has the possibility to change/add a discount code (Gift code). | No | Yes |
| 10 | Sub-user has the possibility to change/add a new credit card. | No | Yes |
| 11 | Sub-user has access to the list of invoices. | No | Yes |
Note! All use cases mentioned above are also available for the Parent user.
In order to create/edit a sub-user, the Parent user needs to:
If a Parent user already has one or multiple sub-users, he will see the table with the list of the current sub-users:
Two Factor Authentication functionality is optional and available for any user at the "Two-factor authentication settings" page :
A user may activate or deactivate the TFA.
When navigating to "Two-factor authentication settings" page (via menu or via link), the user sees:
In order to activate the TFA, the user needs to click on the "Set up SMS delivery" link.
After the password confirmation the user sees the page where he can enter his mobile phone number:
If the user enters his mobile phone and presses "Send SMS", he receives the verification code. This verification code needs to be entered in the next window:
In the next step the user gets to the list of recovery codes, which can be used in emergency cases (no mobile, ect.).
The user can save these codes somewhere or skip them.
The idea of the recovery codes is that the user can enter these codes instead of an SMS code. The recovery codes can be used if the user does not have access to his mobile phone.
As soon as the TFA is activated, the client sees the page like:
The user can reset SMS delivery, view unused recovery codes, get new recovery codes, disable TFA:
If the user skips the recovery codes, he can get the recovery codes later.
| Virtual Data Center (VDC) | A Virtual Data Center is a single customer account with Safe Swiss Cloud. It can contain one or more VPCs. |
|---|---|
| Software Defined Data Center (SDDC) | Software Defined Data Center is just another name for a VDC, a virtual data center. |
| Virtual Private Cloud (VPC) |
Virtual Private Cloud (VPC) is a private, isolated part of Safe Swiss Cloud. A VPC acts as a container for multiple isolated networks that can communicate with each other via its virtual router. |
No.
We do not restrict the number of virtual machines (VM) you can start in each Virtual Data Center.
There are also no changes associated with a VM - you pay for the total amount of CPU, RAM and Storage you allocate.
Resizing on the fly is coming soon.
In the Safe Swiss Cloud administration (control) panel:
The NIC of your VM will now be allocated an additional IP.
Don't forget to manually configure/add the new IP inside the VM.
See attached screenshots for details.
Additional Public IP addresses are usually added to the Virtual Router which guards each Virtual Private Cloud (VPC). Each Virtual Data Center has at least one VPC.
We recommend adding virtual machine (VM) instances to an internal network segment of the Virtual Router of a VPCs. The VM instance will have a private IP address. After obtaining an additional public IP address, setup port forwarding or a static NAT from the Virtual Router to the VM.
To add a new public IP address follow this menu trail:
Network > Select view: VPC > Click Configure next to your VPC name
Now you will see a graphical representation of your VPC (Virtual Private Cloud):
You will need to setup a static NAT or Port Forwarding rule to an internal virtual machine instance of your choice in order to allow traffic to the new public IP address to reach its intended destination.
Yes - there are various ways to do this.
You need to export your VM to a file and convert it to qcow2 format. Safe Swiss Cloud uses KVM virtualization using the qcow2 format, so VMs in this format can easily be imported.
We have migrated VMs from most commonly used hypervisors including VMware, Hyper-V and KVM. If you need assistance with your migration we will be happy to help you.
Yes.
We use KVM for our virtualisation, so we will be able to take your KVM VMs and run them practically unchanged. We might suggest some tuning to improve I/O and network throughput at Safe Swiss Cloud.
Safe Swiss Cloud allows its users to install their own OpenShift cluster in their own private environment. This FAQ explains how to setup a private OpenShift cluster in Safe Swiss Cloud.
The cluster will be deployed by performing the following steps:
Use the "Openshift-deployer (experimental)" template in the Community section of templates in Safe Swiss Cloud. This experimental template is currently available only in the cloud region swiss2.
1. Deploy new vm from 'openshift-deployer' template into desired network. This template is password enabled, you will get root password after successful deployment.
2. Login into Deployer VM. If you allocated IP address for SSH access, then: etwork > VPC > Configure > Public IP addresses > Select IP > Enable Static NAT >and select your VM (or configure port forwarding). Otherwise use console for access
3. Login to deployer under root account
4. Change directory:
cd /opt
5. modify configuration file "hosts" file and update next sections and values:
vi hosts
[OSEv3:vars] section
api_server - Cloudstack API endpoint.
Sample:
api_server=https://swiss2.safeswisscloud.ch/client/api
api_key - your user API key. can be found at: Accounts > Select user > Click View Users > Select User
api_secret - your user API secret.
Sample:
api_key="gIqrOFs90BJSHCX2sMlPJx6FnBFjAda56jhf53uk00r15MHsznwPRDj5-AbexDOEZGZ4xcNGaokk_s1B5Cc"
api_secret="E5Ku2e12qoFVsg0D84YQ3fH7vp67cQ9TbFeHFC--xkfDDllgDCHRESAhBYgJG7RczpDEOYPSKJhGK4SGTB"
vm_network - Cloudstack / Safe Swiss Cloud network name: you must use the network in which the deployer VM is running
Sample:
vm_network="my-network01"
lb_ip_address - white IP address that was allocated for Load Balancer. Should not be assigned to any VM.
Sample:
lb_ip_address="185.39.123.123"
openshift_master_cluster_public_hostname - this host name should point to the Load Balancer IP address. Needs to be publicly resolvable (i.e. make a DNS entry or add it to your PC/Mac/Linux desktops /etc/hosts file.
openshift_master_default_subdomain - sub-domain for applications e.g. apps.mydomain.net, needs to be publicly resolvable, used for application web access
Sample:
openshift_master_cluster_public_hostname=openshift.safeswisscloud.net
openshift_master_default_subdomain=apps.safeswisscloud.net
[masters] section
List of master nodes. Should be in format: "<hostname>".
Sample:
[masters]
openshift-master01
openshift-master02
openshift-master03
[nodes] section
This section should contain list of compute nodes that will be used for application running. At least for one node must be specified additional parameter 'openshift_node_labels' with region='infra' inside, see sample. This is requirements for running router, console and docker registry container on this node.
Sample:
[nodes]
openshift-node01
openshift-node02
openshift-node03
[new_nodes] section
Leave this section empty
[new_masters] section
Leave this section empty
5. When you finish with inventory file, start deployment process with commands:
cd /opt
./prepare_vm.sh
./deploy_openshift.sh
Deployment process takes some time and at the end you should see statistic. Check that 'failed' field equals zero for each node
Sample:
PLAY RECAP *********************************************************************
localhost : ok=10 changed=0 unreachable=0 failed=0
openshift-master01 : ok=633 changed=171 unreachable=0 failed=0
openshift-master02 : ok=461 changed=126 unreachable=0 failed=0
openshift-master03 : ok=461 changed=126 unreachable=0 failed=0
openshift-node01 : ok=256 changed=56 unreachable=0 failed=0
openshift-node02 : ok=256 changed=56 unreachable=0 failed=0
openshift-node03 : ok=256 changed=56 unreachable=0 failed=0
For cluster status check execute next command from Deployer VM. Replace 'openshift-master01' with your any master node name:
ssh openshift-master01 oc get all
As result you will see cluster status, uptime, number of pods. Check that all pods up and running:
NAME READY STATUS RESTARTS AGE
po/docker-registry-1-fkkn8 1/1 Running 0 24m
po/registry-console-1-ec3sl 1/1 Running 0 23m
po/router-1-xe774 1/1 Running 0 24m
Status of compute nodes you can check as:
# ssh openshift-master01 oc get nodes
NAME STATUS AGE
openshift-master01.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-master02.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-master03.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-node01.safeswisscloud.net Ready 29m
openshift-node02.safeswisscloud.net Ready 29m
openshift-node03.safeswisscloud.net Ready 29m
Please be aware about 'openshift_master_cluster_public_hostname' variable in hosts file and check if you can resolve it via DNS. This name should point to load balancer IP address. Try to login into console:
https://<openshift_master_cluster_public_hostname>:8443/
Default credentials to login to the OpenShift Console is 'admin'/'admin'
1. login to Openshift GUI
2. In case it is first usage, you will see Welcome page, press New Project. Enter project name 'my-project1' and press 'Create' button. If you already created project, just press 'Add to Project'
3. Now you need select how application will be deployed. You have three chooses: Browse Catalog, Deploy Image and import YAML/JSON. We will deploy our application from docker hub, so press 'Deploy Image' tab.
4. Click 'Image Name' and print 'jenkins' and press Enter.
5. Now you can see metadata from Jenkins container. Press 'Create' at the bottom of the page. You will see summary and command line helpers.
6. Press 'Continue to overview' link
7. Wait until deployment finished. Now we will create route for this application. Select Applications > Routes > Create Route. Enter desirable route name, i.e. 'jenkins'. You can enter Hostname here or it will be generated automatically from your application and project name. Press 'Create' button.
8. Now you can see new route in Routes list. Note about Hostname - this is HTTP address of your application. Add it to DNS server records or local /etc/hosts file.
9. Try to access http://jenkins-my-project1.apps.safeswisscloud.net URL and check that application running
You can easily scale out cluster by adding new nodes with the following steps:
1. Edit inventory file 'hosts', and add new nodes to section [new_nodes] or [new_masters], depending which type of node you want to add.
Sample:
[new_nodes]
openshift-node04
2. Execute VM deployment script:
./prepare_vm.sh
3a. In case you adding master node, execute:
ansible-playbook -i hosts openshift-ansible/playbooks/byo/openshift-master/scaleup.yml
3b. In case you adding compute node, execute:
ansible-playbook -i hosts openshift-ansible/playbooks/byo/openshift-node/scaleup.yml
4. Edit 'hosts' file again and transfer newly added node to correspondent section [masters] for master node and [nodes] for compute node.
Sample:
[nodes]
openshift-node01
openshift-node02
openshift-node03
openshift-node04
5. Verify that new node was added successfully. Execute from deployer node:
ssh <any_master_node_name> oc get nodes
Sample:
# ssh openshift-master01 oc get nodes
NAME STATUS AGE
openshift-master01.safeswisscloud.net Ready 3h
openshift-master02.safeswisscloud.net Ready 3h
openshift-node01.safeswisscloud.net Ready 3h
openshift-node02.safeswisscloud.net Ready 3h
openshift-node03.safeswisscloud.net Ready 3h
openshift-node04.safeswisscloud.net Ready 14m
You can remove all VM's with command
./clean_vm.sh
Beware: this will delete your cluster completely and all deployed applications and data will be lost.
Swiss1 endpoint: https://swiss1.safeswisscloud.ch/client/api
Swiss2 endpoint: https://swiss2.safeswisscloud.ch/client/api
Any operating system of your choice such as Linux and Windows, but also all kinds of BSD. Most operating systems that run on Intel and compatible processors can be run on Safe Swiss Cloud.
You can always create your own templates from ISO files.
In the Safe Swiss Cloud Control Panel:
I just started a new VM from the Continuous Integration template. What do I have to do next?
The default hypervisor is KVM.
For special requirements (minimum 10 physical servers), we can enable cloud infrastructure based on the following hypervisors:
Our Virtual Data Center offering is based on Apache CloudStack - the leading mature, open source cloud technology.
Safe Swiss Cloud allows its users to install their own OpenShift cluster in their own private environment. This FAQ explains how to setup a private OpenShift cluster in Safe Swiss Cloud.
The cluster will be deployed by performing the following steps:
Use the "Openshift-deployer (experimental)" template in the Community section of templates in Safe Swiss Cloud. This experimental template is currently available only in the cloud region swiss2.
1. Deploy new vm from 'openshift-deployer' template into desired network. This template is password enabled, you will get root password after successful deployment.
2. Login into Deployer VM. If you allocated IP address for SSH access, then: etwork > VPC > Configure > Public IP addresses > Select IP > Enable Static NAT >and select your VM (or configure port forwarding). Otherwise use console for access
3. Login to deployer under root account
4. Change directory:
cd /opt
5. modify configuration file "hosts" file and update next sections and values:
vi hosts
[OSEv3:vars] section
api_server - Cloudstack API endpoint.
Sample:
api_server=https://swiss2.safeswisscloud.ch/client/api
api_key - your user API key. can be found at: Accounts > Select user > Click View Users > Select User
api_secret - your user API secret.
Sample:
api_key="gIqrOFs90BJSHCX2sMlPJx6FnBFjAda56jhf53uk00r15MHsznwPRDj5-AbexDOEZGZ4xcNGaokk_s1B5Cc"
api_secret="E5Ku2e12qoFVsg0D84YQ3fH7vp67cQ9TbFeHFC--xkfDDllgDCHRESAhBYgJG7RczpDEOYPSKJhGK4SGTB"
vm_network - Cloudstack / Safe Swiss Cloud network name: you must use the network in which the deployer VM is running
Sample:
vm_network="my-network01"
lb_ip_address - white IP address that was allocated for Load Balancer. Should not be assigned to any VM.
Sample:
lb_ip_address="185.39.123.123"
openshift_master_cluster_public_hostname - this host name should point to the Load Balancer IP address. Needs to be publicly resolvable (i.e. make a DNS entry or add it to your PC/Mac/Linux desktops /etc/hosts file.
openshift_master_default_subdomain - sub-domain for applications e.g. apps.mydomain.net, needs to be publicly resolvable, used for application web access
Sample:
openshift_master_cluster_public_hostname=openshift.safeswisscloud.net
openshift_master_default_subdomain=apps.safeswisscloud.net
[masters] section
List of master nodes. Should be in format: "<hostname>".
Sample:
[masters]
openshift-master01
openshift-master02
openshift-master03
[nodes] section
This section should contain list of compute nodes that will be used for application running. At least for one node must be specified additional parameter 'openshift_node_labels' with region='infra' inside, see sample. This is requirements for running router, console and docker registry container on this node.
Sample:
[nodes]
openshift-node01
openshift-node02
openshift-node03
[new_nodes] section
Leave this section empty
[new_masters] section
Leave this section empty
5. When you finish with inventory file, start deployment process with commands:
cd /opt
./prepare_vm.sh
./deploy_openshift.sh
Deployment process takes some time and at the end you should see statistic. Check that 'failed' field equals zero for each node
Sample:
PLAY RECAP *********************************************************************
localhost : ok=10 changed=0 unreachable=0 failed=0
openshift-master01 : ok=633 changed=171 unreachable=0 failed=0
openshift-master02 : ok=461 changed=126 unreachable=0 failed=0
openshift-master03 : ok=461 changed=126 unreachable=0 failed=0
openshift-node01 : ok=256 changed=56 unreachable=0 failed=0
openshift-node02 : ok=256 changed=56 unreachable=0 failed=0
openshift-node03 : ok=256 changed=56 unreachable=0 failed=0
For cluster status check execute next command from Deployer VM. Replace 'openshift-master01' with your any master node name:
ssh openshift-master01 oc get all
As result you will see cluster status, uptime, number of pods. Check that all pods up and running:
NAME READY STATUS RESTARTS AGE
po/docker-registry-1-fkkn8 1/1 Running 0 24m
po/registry-console-1-ec3sl 1/1 Running 0 23m
po/router-1-xe774 1/1 Running 0 24m
Status of compute nodes you can check as:
# ssh openshift-master01 oc get nodes
NAME STATUS AGE
openshift-master01.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-master02.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-master03.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-node01.safeswisscloud.net Ready 29m
openshift-node02.safeswisscloud.net Ready 29m
openshift-node03.safeswisscloud.net Ready 29m
Please be aware about 'openshift_master_cluster_public_hostname' variable in hosts file and check if you can resolve it via DNS. This name should point to load balancer IP address. Try to login into console:
https://<openshift_master_cluster_public_hostname>:8443/
Default credentials to login to the OpenShift Console is 'admin'/'admin'
1. login to Openshift GUI
2. In case it is first usage, you will see Welcome page, press New Project. Enter project name 'my-project1' and press 'Create' button. If you already created project, just press 'Add to Project'
3. Now you need select how application will be deployed. You have three chooses: Browse Catalog, Deploy Image and import YAML/JSON. We will deploy our application from docker hub, so press 'Deploy Image' tab.
4. Click 'Image Name' and print 'jenkins' and press Enter.
5. Now you can see metadata from Jenkins container. Press 'Create' at the bottom of the page. You will see summary and command line helpers.
6. Press 'Continue to overview' link
7. Wait until deployment finished. Now we will create route for this application. Select Applications > Routes > Create Route. Enter desirable route name, i.e. 'jenkins'. You can enter Hostname here or it will be generated automatically from your application and project name. Press 'Create' button.
8. Now you can see new route in Routes list. Note about Hostname - this is HTTP address of your application. Add it to DNS server records or local /etc/hosts file.
9. Try to access http://jenkins-my-project1.apps.safeswisscloud.net URL and check that application running
You can easily scale out cluster by adding new nodes with the following steps:
1. Edit inventory file 'hosts', and add new nodes to section [new_nodes] or [new_masters], depending which type of node you want to add.
Sample:
[new_nodes]
openshift-node04
2. Execute VM deployment script:
./prepare_vm.sh
3a. In case you adding master node, execute:
ansible-playbook -i hosts openshift-ansible/playbooks/byo/openshift-master/scaleup.yml
3b. In case you adding compute node, execute:
ansible-playbook -i hosts openshift-ansible/playbooks/byo/openshift-node/scaleup.yml
4. Edit 'hosts' file again and transfer newly added node to correspondent section [masters] for master node and [nodes] for compute node.
Sample:
[nodes]
openshift-node01
openshift-node02
openshift-node03
openshift-node04
5. Verify that new node was added successfully. Execute from deployer node:
ssh <any_master_node_name> oc get nodes
Sample:
# ssh openshift-master01 oc get nodes
NAME STATUS AGE
openshift-master01.safeswisscloud.net Ready 3h
openshift-master02.safeswisscloud.net Ready 3h
openshift-node01.safeswisscloud.net Ready 3h
openshift-node02.safeswisscloud.net Ready 3h
openshift-node03.safeswisscloud.net Ready 3h
openshift-node04.safeswisscloud.net Ready 14m
You can remove all VM's with command
./clean_vm.sh
Beware: this will delete your cluster completely and all deployed applications and data will be lost.
VirtIO drivers are paravirtualization drivers, that enables VMs running on KVM hypervisor, to perform much better than with regular hardware emulation (intel nic and ide drivers), and these drivers are required for normal Windows OS functioning on KVM hypervisor.
SSC/HIAG uses latest version of VirtIO drivers inside all Windows templates, at the time the templates are built for our customers. Before templates are published to our customers, we do our best to test drivers stability by running series of rigorous tests, including heavy load tests, that stress CPU/RAM/NETWORK/STORAGE subsystems.
Still in very rare cases of customers having issues with system stability (i.e. certain combination of some new software and existing drivers), it is sometimes advised to update VirtiO drivers inside VM to the latest versions available, as per official recommendation from http://libvirt.org
Please find below the general instructions on how to update VirtIO drivers.
Note: VirtIO drivers are distributed as part of ISO file, containing all necessary drivers. You can either attach the already provided VirtIO drivers ISO file in our cloud platform, or you can download your own ISO with drivers. If you choose the second option, please follow the instructions for ISO upload to Cloud platform.
There are total of 5 devices currently using VirtIO drivers inside your VMs - and all 4 devices need to have updated driver version (when you choose to update the drivers).
On the image below is shown the folder structure of the ISO file, where in the root of ISO file, there are folders for every VirtIO devices available, including the 4 already mentioned devices. Please check how the folder with drivers names, correspond the the exact device inside your VM, and then choose the correct folder and later subfolder (with Operating System version - Windows 2008 R2, or Windows 2012 R2, etc).
Please make sure to not make mistake during choosing the correct folder with specific version of the driver, or you might cause issues within VM, and even total system crash. We suggest following the procedure first time on the test VM, and only continue with production VMs once you feel comfortable with the procedure.
NOTE: Please note that the VirtIO Baloon Driver and VirtIO Serial Drivers can not be started by Windows - yellow exclamation sign (since we are not providing these features on VM) - which is fine and expected behaviour, and should not be considered a problem. Although these 2 devices are not really available, it is still advised to update these drivers together with the other 2 VirtIO devices/drivers (Network Adapter and SCSI Controller)
Actual driver upgrade procedure is the same as for any other driver update - please right click on the device and choose "Upgrade Driver Software..." and on the new screen, select the "Browse my computer for drivers" button and then browse for the correct drivers (main folder with driver and subfolder with correct OS version).
Please check the images below
NOTE: During the driver upgrade procedure for VirtIO Baloon and Virtio Serial drivers, at the end of the procedure, you will get confirmation that the driver has been successfully installed, but the device can not be started. We already explained this is fine and expected result.
After all drivers are updated, please reboot the Windows, so the new drivers are active.
Resizing on the fly is coming soon.
The newly attached volume will appear as a device called /dev/vdb or /dev/vdc etc. (instead of /dev/sdb, /dev/sdc etc.). For more information about how to partition, format and mount the device, please see http://www.cyberciti.biz/faq/linux-disk-format/
For more information on how to use the newly attached volume, please see http://technet.microsoft.com/en-us/magazine/dd637755.aspx
In the Safe Swiss Cloud Control Panel:
No.
We do not restrict the number of virtual machines (VM) you can start in each Virtual Data Center.
There are also no changes associated with a VM - you pay for the total amount of CPU, RAM and Storage you allocate.
Any operating system of your choice such as Linux and Windows, but also all kinds of BSD. Most operating systems that run on Intel and compatible processors can be run on Safe Swiss Cloud.
You can always create your own templates from ISO files.
The default hypervisor is KVM.
For special requirements (minimum 10 physical servers), we can enable cloud infrastructure based on the following hypervisors:
We provide the following templates "out of the box". You can always create your own with your own ISO.
Please make sure to get the proper licenses for commercial operating systems like Windows. These are not included by default.
Yes - there are various ways to do this.
You need to export your VM to a file and convert it to qcow2 format. Safe Swiss Cloud uses KVM virtualization using the qcow2 format, so VMs in this format can easily be imported.
We have migrated VMs from most commonly used hypervisors including VMware, Hyper-V and KVM. If you need assistance with your migration we will be happy to help you.
Yes.
We use KVM for our virtualisation, so we will be able to take your KVM VMs and run them practically unchanged. We might suggest some tuning to improve I/O and network throughput at Safe Swiss Cloud.
We will use Ubuntu here as an example.
apt-get install python-pip
pip install --upgrade pip
pip install cloudmonkey
mkdir .cloudmonkey
cat <<'EOF' > .cloudmonkey/config
[core]
profile = ssc
asyncblock = true
paramcompletion = true
history_file = /root/.cloudmonkey/history
log_file = /root/.cloudmonkey/log
cache_file = /root/.cloudmonkey/cache
[ui]
color = true
prompt = >
display = default
[swiss1]
url = https://swiss1.safeswisscloud.ch:443/client/api
username = [YOUR USER NAME]
apikey = [YOUR API KEY]
secretkey = [YOUR SECRET KEY]
timeout = 3600
expires = 600
domain = /[YOUR DOMAIN]
signatureversion = 3
verifysslcert = true
password = [YOUR PASSWORD]
[swiss2]
url = https://swiss2.safeswisscloud.ch:443/client/api
username = [YOUR USER NAME]
apikey = [YOUR API KEY]
secretkey = [YOUR SECRET KEY]
timeout = 3600
expires = 600
domain = /[YOUR DOMAIN]
signatureversion = 3
verifysslcert = true
password = [YOUR PASSWORD]
EOF
3.1 First for swiss1
# cloudmonkey -p swiss1
Apache CloudStack cloudmonkey 5.3.2. Type help or ? to list commands.
Using management server profile: ssc
(ssc) > sync
274 APIs discovered and cached
(ssc) >
3.2 Now add the ssh key
(ssc) > register sshkeypair name=my-ssh publickey='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuvwUV7YLiOpjJoNMeD3dNlcLVejDrYOK1yH9GGnpgL7QeuQ/8vltUSzS1D9IaDEpdRQS8MxkDQWH4zToh0HeqIGI5Y WrEQfSTl5ZhySWWRAid4/FN56KgsSK2A5KlHbQkXMpyKQooI96aCjVzDMB8pqhyhYyyDhnCYVuV9b0/qzuAX8E9S8dMwvrBrUaStWBNaDBpPvDibEAlQ465 GNVAHvsDRq4w9TYCHizHuvl1Idr67POm7eJcJYvbUel71VkEH/b7LaKRU1iQyWOmRb65ROjI3qLVu2DzbSRnKujIUye3ABoo/gjNH0zc/sYnMfEwFGESKsfJFbt 5sOV7tdiQ=='
3.3 Next deploy a VM containing the ssh key
(ssc) > deploy virtualmachine serviceofferingid=a0236e81-1152-4191-9f14-3fe322dc40c4 templateid=09e9b37e-9435-49c8-85b8-ee915c1bc155 keypair=my-ssh networkids=[YOUR_NETWORK_ID] name=my-coreos displayname=my-coreos zoneid=1d954519-907f-45c0-bd56-36b38ff6bbe4
3.4 Use the same procedure for swiss2, but with different ids for zone, network, template and serviceoffering:
# cloudmonkey -p swiss2
Apache CloudStack cloudmonkey 5.3.2. Type help or ? to list commands.
Using management server profile: ssc
(ssc) > sync
274 APIs discovered and cached
(ssc) >
3.5 Add the ssh key
(ssc) > register sshkeypair name=my-ssh publickey='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuvwUV7YLiOpjJoNMeD3dNlcLVejDrYOK1yH9GGnpgL7QeuQ/8vltUSzS1D9IaDEpdRQS8MxkDQWH4zToh0HeqIGI5Y WrEQfSTl5ZhySWWRAid4/FN56KgsSK2A5KlHbQkXMpyKQooI96aCjVzDMB8pqhyhYyyDhnCYVuV9b0/qzuAX8E9S8dMwvrBrUaStWBNaDBpPvDibEAlQ465 GNVAHvsDRq4w9TYCHiz/Huvl1Idr67POm7eJcJYvbUel71VkEH/b7LaKRU1iQyWOmRb65ROjI3qLVu2DzbSRnKujIUye3ABoo/gjNH0zc/sYnMfEwFGESKsfJF bt5sOV7tdiQ=='
3.6 Now deploy a VM containing the ssh key
(ssc) > deploy virtualmachine serviceofferingid=1e0a3524-abcf-479d-8a8c-146d74c8e81b templateid=f0f96794-7904-4dab-828d-94bdd4401f5c keypair=my-ssh networkids=[YOUR_NETWORK_ID] name=my-coreos displayname=my-coreos zoneid=9e165259-d754-4704-9813-f235c4f613f7
NOTE: Replace the ssh key and network id with your own. You can also change the serviceoffering ID to suit your needs.
You are able to list your own networks with the following commands:
#For Swiss1
cloudmonkey -p swiss1 list networks filter=name,id
#For Swiss2
cloudmonkey -p swiss2 list networks filter=name,id
Similar for serviceofferings:
cloudmonkey -p swiss1 list serviceofferings filter=name,id
cloudmonkey -p swiss2 list serviceofferings filter=name,id
ssh core@[YOUR_VMs_PUBLIC_IP]
| name | id |
| DC-ZURICH-GLATTBRUGG | 3d1dcf11-d482-4f28-a2dd-6afcb51545d2 |
| name | id |
| FREE - Clustered (1 vCPU - 512M RAM) | bbd12548-9a33-46df-a9f9-97b190c4d2a2 |
| Micro - Clustered HA (1 vCPU - 1 GB) | 632e628e-4ee9-4808-a27b-53a8e580187f |
| Mini - Clustered HA (2 vCPU, 2GB) | efd10c0c-431e-4819-abb4-c13c5a28e8fd |
| Small - Clustered HA (2 vCPU - 4GB) | 013c5e22-2f83-48e5-afec-31e1307f4b15 |
| Medium-S Clustered HA (4 vCPU - 4 GB) | 90ffeca2-1116-4bbe-bce4-61351a60fcd6 |
| Medium - Clustered HA (4 vCPU - 8GB) | f202ca2c-790a-4047-85cb-d831e4e94e7e |
| Medium-L - Clustered HA (4 vCPU - 16GB) | 992ec625-9180-44a2-8bf1-e08bb87025d5 |
| Large-S - Clustered HA (8 vCPU - 8 GB) | 9a953625-8081-4e56-aa14-5507ae0b0bcf |
| Large-6-16 - Clustered HA (6 vCPU - 16 GB) | 482a5570-2f7e-4fec-9aa8-ff8ef10bd311 |
| Large - Clustered HA (8 vCPU - 16 GB) | 6dadbc20-2020-4980-af15-5ce3c247e21c |
| XLarge - Clustered HA (8 vCPU - 32 GB) | b738293e-98bf-49c8-837b-09dc0b192ec7 |
| id | name |
| 0c8f4b3b-cc0a-488e-b3c5-214b9b63ec0a | tv-Template-MS-Server-2012R2-RDP |
If you are logged in SafeSwissCloud VDC, perform the following steps to add an affinity group:
1. On the left panel, click Affinity Groups.
2. The Affinity Groups page displays. You need to press '+Add new affinity group'
3. The Add new affinity group dialog box displays. Define a name using which you can identify the affinity group; enter a description for the affinity group (this description will help you to identify the affinity group when you need to select one for creating an instance) and press "OK".
New affinity group will be created and added.
See this post of Roger L. on how to configure a remote VPN on Windows 7.
How can I use advanced network featues like NAT, Portforwarding, Loadbalancing, VPN ?
Safe Swiss Cloud allows its users to create and deploy network components with a few clicks. The virtual router is implemented in Safe Swiss Cloud as something called a VPC (virtual private cloud).
Video: Safe Swiss Cloud Networking
Some basic Terms in Safe Swiss Cloud and what they mean:
| Virtual Router (VR) | Router, Firewall, VPN, Local Networks, HA Proxy web load balancer |
| Virtual Machine (VM) | VM, instance, VPS etc. are all one and the same thing in Safe Swiss Cloud - an instance of a virtual machine. |
| Virtual Private Cloud (VPC) | When a virtual router is created, it defines and creates a virtual private cloud. Each VPC can contain multiple virtual machine instances, network segments, load balancers etc. |
| Virtual Data Center (VDC) | A virtual data center is a single customer account with Safe Swiss Cloud. It can contain one or more VPCs. |
| Guest Network or Tier |
A private network segment in Safe Swiss Cloud connected to a VR and managed from this virtual router. |
A VPC is an isolated part of Safe Swiss Cloud, with the virtual router (VR) as the gatekeeper. It can have one or more private networks (i.e. 10.0.1.0/24, 10.0.2.0/24), connected together through the Virtual Router (VR) which is also connected to the internet. Inside these private networks you can deploy one or more VMs which will not be direcly accessible from the Internet since they are on a private network.
Safe computing is enabled in Safe Swiss Cloud by making access to internal VMs go through Virtual Router Firewall. The following network features can be activated:
| Public IP Addresses | Public IP is needed for any of the following services: Port Forwarding rule, Load Balancing rule, Static NAT etc. |
| Port forwarding | Forward traffic on a particular port e.g. 443 to access an internal VM's https service. |
| Static NAT | Static Network Address Translation enables forwarding of public network traffic on all ports one to one to an internal VM. |
| Remote VPN | Access a VM in the cloud from a single machine (desktop, mobile phone, tablet etc.) through a VPN tunnel |
| Site to Site VPN | Connect two networks through a VPN tunnel, e.g connect your office and your virtual data center with an IPsec VPN tunnel |
| ACLs | Specify what kind of traffic is allowed between different private networks, and also from any private network to the internet |
| Public Load Balancer | Load balancing for web traffic coming in through the Internet and implemented in the virtual router (VR) as an HA Proxy. |
| Internal Load Balancer | A load balancer for internal workloads, not accessible from the Internet. |
With this approach, you can really create your own Virtual Data Centar by having different private networks that are protected by one or more virtual routers.
An example of a VR (VPC in the GUI), which is using public load balancer features, is shown in the diagram below.
In this example we have one VR with public IP address, and two private networks behind the VR (web tier and app tier). We have activated load balancing features on the VR, so VR accepts web traffic from internet and distributes connection in i.e. round-robin fashion to 3 web servers. Inside app network, beside having 6 app servers, we also have activated 2 internal load balancers (small VMs) which accept connections from web servers, and distribute them among the 6 app servers.
This scenario is an example of using both public and private load balancing features of the VR/VPC.
Additional Public IP addresses are usually added to the Virtual Router which guards each Virtual Private Cloud (VPC). Each Virtual Data Center has at least one VPC.
We recommend adding virtual machine (VM) instances to an internal network segment of the Virtual Router of a VPCs. The VM instance will have a private IP address. After obtaining an additional public IP address, setup port forwarding or a static NAT from the Virtual Router to the VM.
To add a new public IP address follow this menu trail:
Network > Select view: VPC > Click Configure next to your VPC name
Now you will see a graphical representation of your VPC (Virtual Private Cloud):
You will need to setup a static NAT or Port Forwarding rule to an internal virtual machine instance of your choice in order to allow traffic to the new public IP address to reach its intended destination.
Yes we do.
You can run IPSec tunnels with a multitude of encryption and other options.
Everything is fully software configurable from the Safe Swiss Cloud Control Panel.
Safe Swiss Cloud allows its users to install their own OpenShift cluster in their own private environment. This FAQ explains how to setup a private OpenShift cluster in Safe Swiss Cloud.
The cluster will be deployed by performing the following steps:
Use the "Openshift-deployer (experimental)" template in the Community section of templates in Safe Swiss Cloud. This experimental template is currently available only in the cloud region swiss2.
1. Deploy new vm from 'openshift-deployer' template into desired network. This template is password enabled, you will get root password after successful deployment.
2. Login into Deployer VM. If you allocated IP address for SSH access, then: etwork > VPC > Configure > Public IP addresses > Select IP > Enable Static NAT >and select your VM (or configure port forwarding). Otherwise use console for access
3. Login to deployer under root account
4. Change directory:
cd /opt
5. modify configuration file "hosts" file and update next sections and values:
vi hosts
[OSEv3:vars] section
api_server - Cloudstack API endpoint.
Sample:
api_server=https://swiss2.safeswisscloud.ch/client/api
api_key - your user API key. can be found at: Accounts > Select user > Click View Users > Select User
api_secret - your user API secret.
Sample:
api_key="gIqrOFs90BJSHCX2sMlPJx6FnBFjAda56jhf53uk00r15MHsznwPRDj5-AbexDOEZGZ4xcNGaokk_s1B5Cc"
api_secret="E5Ku2e12qoFVsg0D84YQ3fH7vp67cQ9TbFeHFC--xkfDDllgDCHRESAhBYgJG7RczpDEOYPSKJhGK4SGTB"
vm_network - Cloudstack / Safe Swiss Cloud network name: you must use the network in which the deployer VM is running
Sample:
vm_network="my-network01"
lb_ip_address - white IP address that was allocated for Load Balancer. Should not be assigned to any VM.
Sample:
lb_ip_address="185.39.123.123"
openshift_master_cluster_public_hostname - this host name should point to the Load Balancer IP address. Needs to be publicly resolvable (i.e. make a DNS entry or add it to your PC/Mac/Linux desktops /etc/hosts file.
openshift_master_default_subdomain - sub-domain for applications e.g. apps.mydomain.net, needs to be publicly resolvable, used for application web access
Sample:
openshift_master_cluster_public_hostname=openshift.safeswisscloud.net
openshift_master_default_subdomain=apps.safeswisscloud.net
[masters] section
List of master nodes. Should be in format: "<hostname>".
Sample:
[masters]
openshift-master01
openshift-master02
openshift-master03
[nodes] section
This section should contain list of compute nodes that will be used for application running. At least for one node must be specified additional parameter 'openshift_node_labels' with region='infra' inside, see sample. This is requirements for running router, console and docker registry container on this node.
Sample:
[nodes]
openshift-node01
openshift-node02
openshift-node03
[new_nodes] section
Leave this section empty
[new_masters] section
Leave this section empty
5. When you finish with inventory file, start deployment process with commands:
cd /opt
./prepare_vm.sh
./deploy_openshift.sh
Deployment process takes some time and at the end you should see statistic. Check that 'failed' field equals zero for each node
Sample:
PLAY RECAP *********************************************************************
localhost : ok=10 changed=0 unreachable=0 failed=0
openshift-master01 : ok=633 changed=171 unreachable=0 failed=0
openshift-master02 : ok=461 changed=126 unreachable=0 failed=0
openshift-master03 : ok=461 changed=126 unreachable=0 failed=0
openshift-node01 : ok=256 changed=56 unreachable=0 failed=0
openshift-node02 : ok=256 changed=56 unreachable=0 failed=0
openshift-node03 : ok=256 changed=56 unreachable=0 failed=0
For cluster status check execute next command from Deployer VM. Replace 'openshift-master01' with your any master node name:
ssh openshift-master01 oc get all
As result you will see cluster status, uptime, number of pods. Check that all pods up and running:
NAME READY STATUS RESTARTS AGE
po/docker-registry-1-fkkn8 1/1 Running 0 24m
po/registry-console-1-ec3sl 1/1 Running 0 23m
po/router-1-xe774 1/1 Running 0 24m
Status of compute nodes you can check as:
# ssh openshift-master01 oc get nodes
NAME STATUS AGE
openshift-master01.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-master02.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-master03.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-node01.safeswisscloud.net Ready 29m
openshift-node02.safeswisscloud.net Ready 29m
openshift-node03.safeswisscloud.net Ready 29m
Please be aware about 'openshift_master_cluster_public_hostname' variable in hosts file and check if you can resolve it via DNS. This name should point to load balancer IP address. Try to login into console:
https://<openshift_master_cluster_public_hostname>:8443/
Default credentials to login to the OpenShift Console is 'admin'/'admin'
1. login to Openshift GUI
2. In case it is first usage, you will see Welcome page, press New Project. Enter project name 'my-project1' and press 'Create' button. If you already created project, just press 'Add to Project'
3. Now you need select how application will be deployed. You have three chooses: Browse Catalog, Deploy Image and import YAML/JSON. We will deploy our application from docker hub, so press 'Deploy Image' tab.
4. Click 'Image Name' and print 'jenkins' and press Enter.
5. Now you can see metadata from Jenkins container. Press 'Create' at the bottom of the page. You will see summary and command line helpers.
6. Press 'Continue to overview' link
7. Wait until deployment finished. Now we will create route for this application. Select Applications > Routes > Create Route. Enter desirable route name, i.e. 'jenkins'. You can enter Hostname here or it will be generated automatically from your application and project name. Press 'Create' button.
8. Now you can see new route in Routes list. Note about Hostname - this is HTTP address of your application. Add it to DNS server records or local /etc/hosts file.
9. Try to access http://jenkins-my-project1.apps.safeswisscloud.net URL and check that application running
You can easily scale out cluster by adding new nodes with the following steps:
1. Edit inventory file 'hosts', and add new nodes to section [new_nodes] or [new_masters], depending which type of node you want to add.
Sample:
[new_nodes]
openshift-node04
2. Execute VM deployment script:
./prepare_vm.sh
3a. In case you adding master node, execute:
ansible-playbook -i hosts openshift-ansible/playbooks/byo/openshift-master/scaleup.yml
3b. In case you adding compute node, execute:
ansible-playbook -i hosts openshift-ansible/playbooks/byo/openshift-node/scaleup.yml
4. Edit 'hosts' file again and transfer newly added node to correspondent section [masters] for master node and [nodes] for compute node.
Sample:
[nodes]
openshift-node01
openshift-node02
openshift-node03
openshift-node04
5. Verify that new node was added successfully. Execute from deployer node:
ssh <any_master_node_name> oc get nodes
Sample:
# ssh openshift-master01 oc get nodes
NAME STATUS AGE
openshift-master01.safeswisscloud.net Ready 3h
openshift-master02.safeswisscloud.net Ready 3h
openshift-node01.safeswisscloud.net Ready 3h
openshift-node02.safeswisscloud.net Ready 3h
openshift-node03.safeswisscloud.net Ready 3h
openshift-node04.safeswisscloud.net Ready 14m
You can remove all VM's with command
./clean_vm.sh
Beware: this will delete your cluster completely and all deployed applications and data will be lost.
You can set up the schedules for:
5.2 In order to set up "Weekly" schedule, Click on the "Weekly" tab --> In the field "Time" specify the time, when recurring backup has to be created -->In the field "Day of Week" select the desired day of week --> In the field "Timezone" select the desired Time zone -->In the field "Keep" specify maximum number of backups to be kept(If "Keep" field has value 3 and 4th backup is created, the oldest backup will removed automatically.) --> press "Add" blue link --> press "Done"
5.3 In order to set up "Monthly" schedule, Click on the "Monthly" tab --> In the field "Time" specify the time, when recurring backup has to be created --> In the field "Day of Month" select the desired day of month --> In the field "Timezone" select the desired Time zone --> In the field "Keep"specify number of backups to be kept(If "Keep" field has value 1 and 2d backup is created, the oldest backup will removed automatically.) --> press blue "Add" link --> press "Done"
If all possible schedules are defined, the "Recurring Backups" window looks like: 
If user wants to change/remove the schedules, at first he has remove the previous schedules, by clicking 
tool near the previous schedule.
New created backup "testbackup" will be available: "Storage" left navigation menu --> Select view "Backups" --> Find your backup by name --> Click on the name of volume, which was backuped.
Check your Linux Kernel version. If it is below version 3.19.0-65 please upgrade to at least version 3.19.0-65
We know that version 3.19.0-65 does not have the problem.
This procedure presents a high level procedure and the considerable precautions when resizing volumes/disks in CloudStack (release 4.5.1-SSC-2). Volume resizing is supported for DATA disks only.
The high level procedure looks as following:
All steps performed so far result in having the "physical" volume/disk resized.
But this does not resize partitions and file-systems inside the volume/disk. Resizing partitions and file-systems is up to the user to do on his/her own, taking into consideration many different type of setups that can exist with different partition types, different file-systems etc.
Here is a high-level procedure for increasing partition and file-system size, for Linux/CentOS - using just basic tools (optionally you can use dedicated Live Linux or Windows distribution with special partition-managing tools.
As already mentioned, although you can shrink volumes (reduce volume size), it is absolutely not recommended to do so, unless you are very proficient with the whole file-system and partition resize procedure and understand the math and calculations behind disk sectors. Incorrect volume shrinking will result in corrupted and unusable file-systems, so please be warned.
For volume shrinking, the procedure is reverse to that of volume size increasing.
If i.e. resizing a volume from 50GB to 10GB, the safest (but not most accurate) option would be to resize the file-system to 9.5GB, then resize the partition to 9.7GB and finally resize the volume to 10GB. This way, although some amount of space is "wasted", the volume is still big enough to hold the whole partition, and the partition is big enough to hold the whole file-system, so no corruption would happen in this case.
The newly attached volume will appear as a device called /dev/vdb or /dev/vdc etc. (instead of /dev/sdb, /dev/sdc etc.). For more information about how to partition, format and mount the device, please see http://www.cyberciti.biz/faq/linux-disk-format/
For more information on how to use the newly attached volume, please see http://technet.microsoft.com/en-us/magazine/dd637755.aspx
Yes. We are happy to serve resellers.
As a reseller, you are welcome to create white label or value added services.
For further information please contact us via Email or call +41 43 541 5704.
To start off with your Virtual Data Center please contact us and we gladly set up an account for you. There is a no risk trial period.
Once you have one or more Virtual Data Centers, you just fire up as many virtual machine instances as you need from the Virtual Data Center Control Panel.
At the end of each month you are actually charged for the cloud computing resources like CPUs, RAM, disk storage that you actually allocated when you created a virtual machine instance.
The pricelist for our current services can be found on our pricing page.
All services will be billed monthly. You can cancel anytime*.
(*Applies only for clients with no long-term contract)
Two payment methods are available for Safe Swiss Cloud customers:
Our customers might check their current payment method at the "Stored Cards" page of their Safe Swiss Cloud portal account (when logged in at https://www.safeswisscloud.ch). Note, that the "Stored Cards" page is not available for Technical sub-users.
A logged in users need to go to Usage and Billing>Credit cards sub-menu.
If the current payment method is Bank Transfer, at the bottom of the page the logged in user will see: "Your current payment method is Bank Transfer. Click here to send a request for changing your payment method to "Credit card"
If the current payment method is Credit Card, at the bottom of the page the logged in user will see: "Your current payment method is Credit card. Click here to send a request for changing your payment method to "Bank Transfer"
Users can request to change their payment method by clinking on the link mentioned above (Click here to send a request for changing your payment method to "Credit card" or Click here to send a request for changing your payment method to "Bank Transfer"). As soon as our administrator receives the payment method changing request, the payment method will be changed for the respective customer.
Users are able to add one or more credit cards by clicking on the "Add a card" button at the "Stored Cards" page (Usage and Billing>Credit cards sub-menu). Users are able to define the default credit card and delete credit cards. Furthermore they are able to edit the expiration date of the existing credit card and define any stored card as default card. Only the default credit card will be used to settel the monthly invoices (if credit card method is used by this user).
Note! We don't store any credit card information on our servers. All credit card information is sent via a secure connection to Saferpay where it is safely processed and stored for the monthly billing process. Saferpay is a service of the Six Group, which operates the Swiss Stock Exchange and other financial infrastructure services in Switzerland.
We use the Interxion data center in Glattbrugg, near Zürich. This facility meets the requirements of the Swiss financial regulator FINMA - see the following KPMG document for the details: FINMA-RS 08/7: Outsourcing - banks
Respect for the privacy of individual and company data is required by Swiss law: SR 235.1 Federal Act on Data Protection. Safe Swiss Cloud computing resources and data are accordingly only accessible to our client or parties authorized by them.
In the European Commission Decision 2000/518/EC (Official Journal L 215/1 of 25.8.2000) the Commission states that Swiss law provides adequate protection of personal data and data transfers from Member States to Switzerland are therefore, permitted under Art. 25(1) of the EU Directive.
This means that Safe Swiss Cloud is a great choice for EU companies and individuals who want to ensure compliance with EU data protection directives.
All data and computing resources are stored in Switzerland. This means that Safe Swiss Cloud is a great choice for EU companies and individuals who want to ensure compliance with EU data protection directives.
We use the Interxion data center in Glattbrugg, near Zürich. This facility meets the requirements of the Swiss financial regulator FINMA - see the following KPMG document for the details: FINMA-RS 08/7: Outsourcing - banks
VirtIO drivers are paravirtualization drivers, that enables VMs running on KVM hypervisor, to perform much better than with regular hardware emulation (intel nic and ide drivers), and these drivers are required for normal Windows OS functioning on KVM hypervisor.
SSC/HIAG uses latest version of VirtIO drivers inside all Windows templates, at the time the templates are built for our customers. Before templates are published to our customers, we do our best to test drivers stability by running series of rigorous tests, including heavy load tests, that stress CPU/RAM/NETWORK/STORAGE subsystems.
Still in very rare cases of customers having issues with system stability (i.e. certain combination of some new software and existing drivers), it is sometimes advised to update VirtiO drivers inside VM to the latest versions available, as per official recommendation from http://libvirt.org
Please find below the general instructions on how to update VirtIO drivers.
Note: VirtIO drivers are distributed as part of ISO file, containing all necessary drivers. You can either attach the already provided VirtIO drivers ISO file in our cloud platform, or you can download your own ISO with drivers. If you choose the second option, please follow the instructions for ISO upload to Cloud platform.
There are total of 5 devices currently using VirtIO drivers inside your VMs - and all 4 devices need to have updated driver version (when you choose to update the drivers).
On the image below is shown the folder structure of the ISO file, where in the root of ISO file, there are folders for every VirtIO devices available, including the 4 already mentioned devices. Please check how the folder with drivers names, correspond the the exact device inside your VM, and then choose the correct folder and later subfolder (with Operating System version - Windows 2008 R2, or Windows 2012 R2, etc).
Please make sure to not make mistake during choosing the correct folder with specific version of the driver, or you might cause issues within VM, and even total system crash. We suggest following the procedure first time on the test VM, and only continue with production VMs once you feel comfortable with the procedure.
NOTE: Please note that the VirtIO Baloon Driver and VirtIO Serial Drivers can not be started by Windows - yellow exclamation sign (since we are not providing these features on VM) - which is fine and expected behaviour, and should not be considered a problem. Although these 2 devices are not really available, it is still advised to update these drivers together with the other 2 VirtIO devices/drivers (Network Adapter and SCSI Controller)
Actual driver upgrade procedure is the same as for any other driver update - please right click on the device and choose "Upgrade Driver Software..." and on the new screen, select the "Browse my computer for drivers" button and then browse for the correct drivers (main folder with driver and subfolder with correct OS version).
Please check the images below
NOTE: During the driver upgrade procedure for VirtIO Baloon and Virtio Serial drivers, at the end of the procedure, you will get confirmation that the driver has been successfully installed, but the device can not be started. We already explained this is fine and expected result.
After all drivers are updated, please reboot the Windows, so the new drivers are active.
Safe Swiss Cloud allows its users to install their own OpenShift cluster in their own private environment. This FAQ explains how to setup a private OpenShift cluster in Safe Swiss Cloud.
The cluster will be deployed by performing the following steps:
Use the "Openshift-deployer (experimental)" template in the Community section of templates in Safe Swiss Cloud. This experimental template is currently available only in the cloud region swiss2.
1. Deploy new vm from 'openshift-deployer' template into desired network. This template is password enabled, you will get root password after successful deployment.
2. Login into Deployer VM. If you allocated IP address for SSH access, then: etwork > VPC > Configure > Public IP addresses > Select IP > Enable Static NAT >and select your VM (or configure port forwarding). Otherwise use console for access
3. Login to deployer under root account
4. Change directory:
cd /opt
5. modify configuration file "hosts" file and update next sections and values:
vi hosts
[OSEv3:vars] section
api_server - Cloudstack API endpoint.
Sample:
api_server=https://swiss2.safeswisscloud.ch/client/api
api_key - your user API key. can be found at: Accounts > Select user > Click View Users > Select User
api_secret - your user API secret.
Sample:
api_key="gIqrOFs90BJSHCX2sMlPJx6FnBFjAda56jhf53uk00r15MHsznwPRDj5-AbexDOEZGZ4xcNGaokk_s1B5Cc"
api_secret="E5Ku2e12qoFVsg0D84YQ3fH7vp67cQ9TbFeHFC--xkfDDllgDCHRESAhBYgJG7RczpDEOYPSKJhGK4SGTB"
vm_network - Cloudstack / Safe Swiss Cloud network name: you must use the network in which the deployer VM is running
Sample:
vm_network="my-network01"
lb_ip_address - white IP address that was allocated for Load Balancer. Should not be assigned to any VM.
Sample:
lb_ip_address="185.39.123.123"
openshift_master_cluster_public_hostname - this host name should point to the Load Balancer IP address. Needs to be publicly resolvable (i.e. make a DNS entry or add it to your PC/Mac/Linux desktops /etc/hosts file.
openshift_master_default_subdomain - sub-domain for applications e.g. apps.mydomain.net, needs to be publicly resolvable, used for application web access
Sample:
openshift_master_cluster_public_hostname=openshift.safeswisscloud.net
openshift_master_default_subdomain=apps.safeswisscloud.net
[masters] section
List of master nodes. Should be in format: "<hostname>".
Sample:
[masters]
openshift-master01
openshift-master02
openshift-master03
[nodes] section
This section should contain list of compute nodes that will be used for application running. At least for one node must be specified additional parameter 'openshift_node_labels' with region='infra' inside, see sample. This is requirements for running router, console and docker registry container on this node.
Sample:
[nodes]
openshift-node01
openshift-node02
openshift-node03
[new_nodes] section
Leave this section empty
[new_masters] section
Leave this section empty
5. When you finish with inventory file, start deployment process with commands:
cd /opt
./prepare_vm.sh
./deploy_openshift.sh
Deployment process takes some time and at the end you should see statistic. Check that 'failed' field equals zero for each node
Sample:
PLAY RECAP *********************************************************************
localhost : ok=10 changed=0 unreachable=0 failed=0
openshift-master01 : ok=633 changed=171 unreachable=0 failed=0
openshift-master02 : ok=461 changed=126 unreachable=0 failed=0
openshift-master03 : ok=461 changed=126 unreachable=0 failed=0
openshift-node01 : ok=256 changed=56 unreachable=0 failed=0
openshift-node02 : ok=256 changed=56 unreachable=0 failed=0
openshift-node03 : ok=256 changed=56 unreachable=0 failed=0
For cluster status check execute next command from Deployer VM. Replace 'openshift-master01' with your any master node name:
ssh openshift-master01 oc get all
As result you will see cluster status, uptime, number of pods. Check that all pods up and running:
NAME READY STATUS RESTARTS AGE
po/docker-registry-1-fkkn8 1/1 Running 0 24m
po/registry-console-1-ec3sl 1/1 Running 0 23m
po/router-1-xe774 1/1 Running 0 24m
Status of compute nodes you can check as:
# ssh openshift-master01 oc get nodes
NAME STATUS AGE
openshift-master01.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-master02.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-master03.safeswisscloud.net Ready,SchedulingDisabled 29m
openshift-node01.safeswisscloud.net Ready 29m
openshift-node02.safeswisscloud.net Ready 29m
openshift-node03.safeswisscloud.net Ready 29m
Please be aware about 'openshift_master_cluster_public_hostname' variable in hosts file and check if you can resolve it via DNS. This name should point to load balancer IP address. Try to login into console:
https://<openshift_master_cluster_public_hostname>:8443/
Default credentials to login to the OpenShift Console is 'admin'/'admin'
1. login to Openshift GUI
2. In case it is first usage, you will see Welcome page, press New Project. Enter project name 'my-project1' and press 'Create' button. If you already created project, just press 'Add to Project'
3. Now you need select how application will be deployed. You have three chooses: Browse Catalog, Deploy Image and import YAML/JSON. We will deploy our application from docker hub, so press 'Deploy Image' tab.
4. Click 'Image Name' and print 'jenkins' and press Enter.
5. Now you can see metadata from Jenkins container. Press 'Create' at the bottom of the page. You will see summary and command line helpers.
6. Press 'Continue to overview' link
7. Wait until deployment finished. Now we will create route for this application. Select Applications > Routes > Create Route. Enter desirable route name, i.e. 'jenkins'. You can enter Hostname here or it will be generated automatically from your application and project name. Press 'Create' button.
8. Now you can see new route in Routes list. Note about Hostname - this is HTTP address of your application. Add it to DNS server records or local /etc/hosts file.
9. Try to access http://jenkins-my-project1.apps.safeswisscloud.net URL and check that application running
You can easily scale out cluster by adding new nodes with the following steps:
1. Edit inventory file 'hosts', and add new nodes to section [new_nodes] or [new_masters], depending which type of node you want to add.
Sample:
[new_nodes]
openshift-node04
2. Execute VM deployment script:
./prepare_vm.sh
3a. In case you adding master node, execute:
ansible-playbook -i hosts openshift-ansible/playbooks/byo/openshift-master/scaleup.yml
3b. In case you adding compute node, execute:
ansible-playbook -i hosts openshift-ansible/playbooks/byo/openshift-node/scaleup.yml
4. Edit 'hosts' file again and transfer newly added node to correspondent section [masters] for master node and [nodes] for compute node.
Sample:
[nodes]
openshift-node01
openshift-node02
openshift-node03
openshift-node04
5. Verify that new node was added successfully. Execute from deployer node:
ssh <any_master_node_name> oc get nodes
Sample:
# ssh openshift-master01 oc get nodes
NAME STATUS AGE
openshift-master01.safeswisscloud.net Ready 3h
openshift-master02.safeswisscloud.net Ready 3h
openshift-node01.safeswisscloud.net Ready 3h
openshift-node02.safeswisscloud.net Ready 3h
openshift-node03.safeswisscloud.net Ready 3h
openshift-node04.safeswisscloud.net Ready 14m
You can remove all VM's with command
./clean_vm.sh
Beware: this will delete your cluster completely and all deployed applications and data will be lost.
© 2013-2017 Safe Swiss Cloud AG. All rights reserved.
