This was originally posted here. Visit VMGuru for more content from Dimitri de Swart and Erik Scholten.
In the previous post we’ve seen how to setup Cloud Automation Services, how to use Cloud Assembly to create a fully Cloud agnostic blueprint, how to use input variables and how to integrate Cloud Automation Services with Puppet. Now, I’ll discuss how to access your deployments in a secure way.
When using VMware Cloud Assembly, deploying new virtual machines becomes very simple and straightforward. But you would want to access these virtual machines after you’ve created them. To do this you have three options:
- usernamePassword
- generatedPublicPrivatekey
- publicPrivateKey
- sshKeyName
At the moment Cloud Assembly supports the first three methods (A, B and C) on Azure and the last three options (B, C and D) on AWS.
usernamePassword
Available on: Azure, vSphere
This is the classic username and password method. Specify ‘usernamePassword’ as the remote access authenticationType in Cloud Assembly. You then need to supply the username and password to the deployment. See the example below:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
inputs: {}
resources:
Cloud_Machine_1:
type: Cloud.Machine
properties:
image: Windows
flavor: medium
remoteAccess:
authentication: usernamePassword
username: vmguru
password: VMware1!
networks:
– name: ‘${Cloud_Network_1.name}‘
constraints:
– tag: ‘env:test’
Cloud_Network_1:
type: Cloud.Network
properties:
name: Cloud Network
networkType: existing
|
(env:test – refers to my Azure cloud zone, image: Windows refers to the ‘WindowsServer:2016-Datacenter:latest’ image on Azure)
Once the deployment is complete, you can check the deployment details. At the bottom of the Cloud_Machine_1 properties you will find the provided username and password in the Custom Properties section.
If you follow the link to the Azure console, you can connect to the virtual machine using ssh or RDP.
generatedPublicPrivatekey
Available on: AWS, Azure
When you specify generatedPublicPrivatekey as the remote access authenticationType in Cloud Assembly, the system will generate a public and private key for you which you can use login to the machine using the private key. The only requirement is the image has to be cloudinit enabled. See the example below:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
inputs: {}
resources:
Cloud_Machine_1:
type: Cloud.Machine
properties:
image: Linux
flavor: small
remoteAccess:
authentication: generatedPublicPrivateKey
networks:
– name: ‘${Cloud_Network_1.name}‘
constraints:
– tag: ‘env:dev’
Cloud_Network_1:
type: Cloud.Network
properties:
name: Cloud Network
networkType: existing
|
(env:dev – refers to my AWS cloud zone, image: Linux refers to an Ubuntu 16.04 image on AWS)
When the deployment is complete, you can check the deployment details. At the bottom of the Cloud_Machine_1 properties you will find the generated public key and private key in the Custom Properties section.
Copy the private key and create a [certificate_name].pem file like the example below:
Once created run the following command to change the permissions of the .pem file so only the root user can read it.
1
|
chmod 400 [certificate_name].pem
|
You can now access the virtual machine using ssh by running the following command:
1
|
ssh –i generated–private–key.pem ubuntu@13.58.75.209
|
The IP address being the public IP address which you can find in the Deployment details under the General section. ‘ubuntu’ is the default username for EC2 Ubuntu deployments. For other Linux flavours check the Amazon EC2 documentation.
publicPrivateKey
Available on: AWS, Azure
When you specific publicPrivateKey, you need to generate a public and private key yourself. You can do this by using Puttygen for example. You now have to pass the public key to the deployment as ‘sshkey’ in your Cloud Assembly code. See the example below:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
inputs: {}
resources:
Cloud_Machine_1:
type: Cloud.Machine
properties:
image: Linux
flavor: small
remoteAccess:
authentication: publicPrivateKey
sshKey: [Enter_Public_key_here]
networks:
– name: ‘${Cloud_Network_1.name}‘
constraints:
– tag: ‘env:dev’
Cloud_Network_1:
type: Cloud.Network
properties:
name: Cloud Network
networkType: existing
|
(env:dev – refers to my AWS cloud zone)
The machine will be provisioned with that public key. You can login with private key in the same way.
Store the generated private key and create a [certificate_name].pem file and change the permissions of the .pem file by using the following command.
1
|
chmod 400 [certificate_name].pem
|
You can now access the virtual machine using ssh by using the following command:
1
|
ssh –I [certificate_name].pem [username]@[IP_address]
|
Again, Ubuntu is the default password for Ubuntu deployments on AWS. For other Linux flavours check the Amazon EC2 documentation.
sshKeyName
Available on: AWS
The last method for now is using a predefined key pair. For now this is only available on AWS.
If you do not have a key pair defined, first create a new key pair. Go to AWS > Services > EC2 > Network & Security > Key Pairs and create a key pair. When completed you should automatically have downloaded a new private key file with the name [key_pair_name].pem. Store this private key on the desired location and change the permissions of the .pem file by using the following command.
1
|
chmod 400 [certificate_name].pem
|
In VMware Cloud Assembly simply refer ‘sshKeyName‘ to the predefined key pair and you are done. Note: a little inconsistency here, ‘sshKeyName’ does not require the ‘remoteAccess‘ property.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
inputs: {}
resources:
Cloud_Machine_1:
type: Cloud.Machine
properties:
image: Linux
flavor: small
sshKeyName: Demo-pair
networks:
– name: ‘${Cloud_Network_1.name}‘
constraints:
– tag: ‘env:dev’
Cloud_Network_1:
type: Cloud.Network
properties:
name: Cloud Network
networkType: existing
|
(env:dev – refers to my AWS cloud zone, image: Linux refers to an Ubuntu 16.04 image on AWS)
Once the deployment is complete, you can check the deployment details. At the bottom of the Cloud_Machine_1 properties you will find the name of the key pair which is used under the Custom Properties section.
You can now access the virtual machine using ssh by running the following command:
1
2
3
|
ssh –I [certificate_name].pem [username]@[IP_address]
ssh –i generated–private–key.pem ubuntu@18.191.246.122
|
Happy deploying!
This is not the end of this series because there are a lot of topics still to be explained. So check-in regular for new content!