How to deploy Virtuozzo Hybrid Server 7 (Virtuozzo 7) on the Amazon EC2

Release Notes

Run multiple applications or sites inside isolated system containers on a single EC2 instance and achieve higher utilization of provisioned resources

Note: Virtuozzo Hybrid Server 7 will also support running your payloads in virtual machines on i3.metal instances as soon as this instance type becomes available on AWS Marketplace.

In this article:

• Steps to subscribe to Virtuozzo Hybrid Server 7 offering
• Steps to deploy using AWS Marketplace user interface
• Guidelines to deploy using AWS Management Console user interface
• Accessing your instance
• Troubleshooting
• Launching your first Virtuozzo system container with external IP address
• Configuring NAT on the instance
• Networking Requirements
• Integration Notices

Steps to subscribe to Virtuozzo Hybrid Server 7 offering

Note: these instructions assume you're logged in AWS and you're granted sufficient permissions.

1. Go to the Virtuozzo Hybrid Server 7 offering page. There you can review product description, pricing and terms. If you're ready to proceed, click "Continue to Subscribe" button at the top of the screen.
2. On the next screen you need to accept Virtuozzo End-User License Agreement and pricing by explicitly clicking "Accept Terms" button.
3. Afterwards you'll be shown a message that your subscription is pending. After sign-up process is complete, you will be notified in several ways:
   • A notification will be pop up on the current screen and "Continue to Configuration" button becomes unlocked.
   • A email notification is sent to you. By default, the receiver address is the same as email address of "root" account within your AWS account.
   • Virtuozzo Hybrid Server 7 will be listed in your AWS Marketplace Library

Steps to deploy using AWS Marketplace user interface

1. On the final screen in subscription sequence click "Continue to Configuration" button.
2. On the following screen you should choose:
   • Fulfillment Option: leave as is (there is only one option: 64-bit AMI)
   • Software Version: the latest update of Virtuozzo Hybrid Server 7 is highly recommended (do not use previous versions for evaluation or for new projects. If you installed a previous version, please update it to the latest Virtuozzo Hybrid Server version first)
   • Region: choose the geographic location that best suits you needs
   Note: next to region selection you can find AMI ID that can be used for programmatic instance launch of chosen AMI version in chosen AWS region.
   Proceed by clicking "Continue to Launch".
3. Next, you need to specify more detailed about instance to be launched:
   • Choose Action: leave as is with "Launch from Website"
   • EC2 Instance Type: choose instance type that best suits your needs (see comparison if in doubt)
   • VPC Settings: choose VPC to launch into.

     VPC (Virtual Private Cloud) is virtual network and compartmentalization technology, see introduction for more information.
     Select a pre-existing VPC (by default, a so-called default VPC is pre-created in each region) or, none exists or none suit your needs, you can use "Create a VPC in EC2" link to AWS Management Console (opened in new tab) to adjust your configuration. When you're done configuring VPCs, return to Marketplace launch wizard and hit a "refresh" icon.

   • Subnet Settings: choose subnet for primary network interface (choices presented here depend on your previous VPC choice). Similarly to above, you can temporarily go to AWS Console, adjust settings and refresh the list on return.
   • Security Group Settings: choose a pre-existing security group (choices presented here depend on your previous VPC choice) or create a new one based on recommendations (using "Create New Based On Seller Settings" – only name and description are required). If you don't use recommended configuration, check with Networking Requirements listed below.
   • Key Pair Settings: choose an existing key pair to securely gain access to instance after launch or, similarly to above, you can temporarily go to AWS Management Console, import or create a new one and refresh the list on return.

Guidelines to deploy using AWS Management Console user interface

For more fine-grained control you can use standard EC2 instance launch wizard. The only difference is that you need to use "AWS Marketplace" tab and use "Virtuozzo 7" as search criterion

You can adjust some settings, e.g. launch with a larger EBS disk or specify User Data for instance customization (use `cloud-init` compatible formats)

It is recommended to use elastic IP addresses. Otherwise, the public IP address won't be preserved after instance shutdown. For more info, see EC2 documentation

Accessing your instance

Initially, the instance is only accessible via SSH.

For authentication, use private key from key pair used for instance launch.

The default user name is cloud-user, unless overridden in User Data.

For example,

$ ssh -i "path_to_your_private_key" cloud-user@"elastic_ip_or_temporary_public_ip"

Note: prior to version 7.0.7.2 the default user name used to be `ec2-user`

On successful login you get access to non-privileged shell, but the default user has unrestricted `sudo` capabilities. To enter privileged shell, use

$ sudo -i

Troubleshooting

If the network is not configured properly, the instance might fail to obtain a valid license. The instance is not fully functional without a valid license. To check whether the instance is licensed, issue the following command:

$ systemctl status vz-cloud-licensing.service

and verify that service status is

"SUCCESS: licensed"

.

If it's not the case, configure the network in accordance to Networking Requirements. Instance should pick up within 10 minutes. If it doesn't, contact Virtuozzo customer support.

Note: this facility is introduced in version Virtuozzo Hybrid Server 7.0.7.2. Using the latest available Virtuozzo Hybrid Server 7 version is highly recommended

Launching your first Virtuozzo system container with external IP address

One way to enable access over Internet to your container is to

• first, attach additional Private IP to Virtuozzo Hybrid Server 7 instance,
• second, associate an Elastic IP with this new Private IP address

To assign an additional private IP address to an instance using EC2 Management Console:

1. Find the instance and select it
2. Click "Actions" "Networking" "Manage IP Addresses"
3. Click "Assign new IP" beside IPv4 address list beside the "eth0" interface
4. Enter new IPv4 address of leave the field as is (i.e. auto-assign)
5. Remember the network mask of the corresponding subnet (the number after slash, e.g. 24, will be needed at a later point)
6. Click "Yes, Update"

To allocate and assign an elastic IP address using EC2 Management Console:

1. Go to Elastic IPs screen
2. Click "Allocate new address", choose "VPC" if asked between "VPC" and "Classic", then click "Allocate" in next screen.
3. On next screen click on the IP address link, so that it will be automatically selected.
4. Click "Actions" "Associate address"
5. Choose:
   • a Virtuozzo Hybrid Server 7 instance from drop-down list of instances
   • private IP address allocated previously from drop-down list of private IP addresses
   then click "Associate"

To actually launch a Virtuozzo Hybrid Server 7 system container leveraging this network configuration

1. Login to privileged shell in your Virtuozzo Hybrid Server 7 instance.
2. Review

   /etc/resolv.conf

   file and identify name servers (will be needed at a later point)
3. Create a new system container named ct_name:

   # prlctl create ct_name --vmtype ct

4. Configure container networking (use private IP address, subnet and name server from previous steps):

   # prlctl set ct_name --ipadd private_ip_address/subnet

    

   # prlctl set ct_name --nameserver name_server

5. Start the container:

   # prlctl start ct_name

6. In order to enable SSH access to the new container, one needs to configure authentication.
   The simplest (but not the most secure) way is to enter the container and set root password:

   # prlctl enter ct_name

    

   # passwd

   and follow interactive prompts.
7. At this point you can access the container over Internet like this:

   $ ssh root@elastic_ip_address

There is a limit on number of private IP addresses per network interface. There is also a limit on number of network interfaces per instance. Both these limits depend on instance type, see the comparison. Using multiple network interface is an advanced configuration. If you need to ensure optimal performance and connectivity, it is recommended to use host-routed container networking in conjunction with source-based routing.

For more information about instance networking, see EC2 documentation on this matter, end especially multiple IP address topic.

Configuring NAT on the instance

If you do not want to attach multiple Elastic IPs to your instance you may also configure NAT on your Virtuozzo Hybrid Server 7 instance. Please follow instructions in this article: https://kb.virtuozzo.com/2539901

Networking Requirements

1. SSH : by default, a new instance is managed with SSH. You need to ensure that there is an ingress rule granting access to SSH (TCP port 22). For initial evaluation, it's recommended to open this port to any IPv4 address (security is provided with strong SSH encryption and authentication). If you have peculiar security architecture, take it into account when granting access to SSH.
2. Internet Gateway: if the instance is to be accessed from outside AWS cloud, you need to add an Internet Gateway to your VPC and reconfigure routing tables accordingly. Default pre-configured VPCs are already configured this way, so no further action is required.
3. A completely locked-down deployment is not supported: at least, instances need to contact Virtuozzo licensing server. Minimally, you need to ensure unobstructed access to the following IP addresses:
   • 34.250.37.247
   • 159.100.247.0
4. Further requirements might be imposed depending on the way you're granting network access to containers and virtual machines that run within your instances.

Integration Notices

With the latest versions of Virtuozzo Hybrid Server 7 AMI is shipped with additional component for cloud integration

• `cloud-init` is installed and mandatorily enabled. Feel free to customize your instances using User Data feature of Amazon EC2. Keep in mind that the AMI is configured to reboot after initial `cloud-init` run. It's required to initialize several system components so don't override this behavior in User Data
• Amazon Systems Manager (SSM) Agent is installed and enabled by default. You can unlock AWS-native remote management capabilities by following these instructions