There are no tags associated with this article.

How to run visual applications?

You can access visual applications in two ways:

  • X11 forwarding
  • X2GO (NX standard)

X11 forwarding

The simplest (but inefficient for intense pixel graphics, as in satellite imagery analysis programs) is X-over-ssh.  The window of a single application is just displayed on terminal screen.

To allow X11 forwarding:

make sure that /etc/ssh/sshd_config on the virtual machine contains:

X11Forwarding yes
X11DisplayOffset 10

Now you can establish an ssh session including -X parameter:

user@CREODIAS:~$ ssh -X eouser@instance_ip

From manual:

-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file.
X11 forwarding should be enabled with caution.
Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection.
An attacker may then be able to perform activities such as keystroke monitoring.


Other solution is NX standard which, however, requires X2Go software, which is not supported directly by linux distributions. Nevertheless, it can be used and many people prefer it over VNC.  Clients are available for linux, Windows, and Mac. You can gather more information in separate article:

How to use GUI in VM with Linux?

The installation and configuration is well guided on X2Go official site



What is the difference between Portal user (portal.creodias.eu) and OpenStack Dashboard (Horizon) user?

There are two different groups of users.

  1. The User of CREODIAS Portal (main account or subaccount):

  • is able to check the invoicing;
  • has access to the billing statistics;
  • may communicate with support team by using ticketing system;
  • can place order for additional credit units;
  • is able to add another user in the same domain (main account);
  • can buy services, which are not available in Horizon (e.g. bare metal machines, fixed term services).


By registering to CREODIAS portal the main account is created and the user automatically obtains an account in OpenStack Dashboard.

Portal overview:

Logging site:

Here you can sign in and make an account.

Checking the account settings. Click on the "My Account" button in the upper-right-corner:

Choose "Account Home" label.

Here you can monitor statistics of your running services, opened tickets etc.

  • Support – Here you can verify the status of your tickets.

  • Billing – Check the general info regarding billing per usage in your domain and percentage in whole credit expenditure.

  • Invoicing – Check your invoices and payment status.

In Contacts/Subaccounts field click on the "Update" button to add subaccount to our domain:


Subaccounts created in CREODIAS Portal have no access to the Horizon dashboard. Only the main account has access to Horizon account.

2. OpenStack (Horizon) user:

  • is capable of performing operations on virtual machines;
  • is able to use OpenStack CLI to monitor behaviour of instances;
  • can gain access to virtual machines via SPICE terminal (Horizon Console);
  • can generate ec2 credentials for object storage (See:  How to generate ec2 credentials?

OpenStack (Horizon) user overview

You can login to Horizon at:  https://cf2.cloudferro.com

Click on "OpenID Connect" and choose "Keystone Credentials".

You can also access the Horizon account from CREODIAS portal.

Click on the "Your Cloud Environment" in "My Account" tab.

Choose OpenID Connect.

In Compute → Overview you may check all diagrams showing your Limit Summary (Quota for particular resources). You can also see resource usage (Usage Summary) determined by selected time interval.

We can see the users having access to the project by clicking on "Identity" tab and choosing "Users" option.

In the example above John Doe is the main account. It means that John Doe has got two accounts: one in Horizon (OpenStack Dashboard) and one in CREODIAS Portal.

By clicking on the chosen user you will see additional information:


Clicking on the "Edit" button allows you to modify user's data.

You can also create new user that will have access to the project by clicking on "Create User" button.

How to Shelve/Unshelve your VM?

If you are not using your VM for a while, or want to turn it off say for a night, you can use Shelve option instead of Pause, Suspend or Shutoff.

Lets look at all this options:
The pause command stores the state of the VM in RAM. A paused instance becomes frozen.
When you suspend an instance, its VM state is stored on disk, all memory is written to disk, and the virtual machine is stopped. Suspending an instance is similar to placing a device in hibernation; memory and vCPUs become available to create other instances.
But it is still counted in RAM quota, even though the RAM is released so that it can be used by other projects, for example.
Resume will put the suspended server back to an active state.
Shut Off:
The virtual machine is not running and is in a powered off state. However a shut off virtual machine still consumes billing units in the same way as an Active virtual machine. This is because active/powered off virtual machine reserves same computing resources on compute nodes.
Shelving an instance means to put aside your instance along with its resources (can be volume) and later if you unshelve it you get the same instance you have shelved earlier.
Unshelve is the reverse operation of Shelve. It builds and boots the server again, on a new scheduled host if it was offloaded, using the shelved image in the glance repository if booted from image.

It is important to remember, that from the billing point of view "Paused", "Suspended" and "Shut Off" states are billed the same way (RAM and storage), yet the option that frees RAM and CPU resouces and is only billed for the storage (SSD) is the Shelve option.

How to Shelve the VM:
Go to Instances in Horizon, then choose "Shelve Instance" option from the drop down menu:



The Shelving may take several minutes you will most likely see something like this:

Then this:

Finaly it will go to „Shelved Oflloaded” state:You can leave it in this state and it will save your billing costs.

To boot your VM again simply go to Instances menu and choose „Unshelve” option:

Again it may take serveral minutes, you will see the progress of it booting:

And when its completed it will go back to „Running” state:


How to download EO DATA products using s3cmd?

Establishing connection

At first, please verify your connection with EO DATA bucket by using list command.


You should obtain this output.

2017-12-11 15:30 s3://DIAS

2017-12-11 15:30 s3://EOCLOUD

2017-12-11 15:30 s3://EODATA

If you have encountered any problems, please check all steps from this tutorial.


Downloading EOData product

Entire product is being structured in a whole directory, not a single file. Therefore, you have to use –recursive parameter in order to avoid any “skipping” of files.

 Example for downloading a Sentinel-1 product:

s3cmd get --recursive s3://EODATA/Sentinel-1/SAR/SLC/2018/10/01/S1B_IW_SLC__1SDV_20181001T030840_20181001T030907_012953_017EC9_BA79.SAFE

The above command will download S1B_IW_SLC__1SDV_20181001T030840_20181001T030907_012953_017EC9_BA79.SAFE product to your local folder from which you are issuing the command.
Please mind that if you get the path of the product from our Finder, you will have to alter the original path received from Finder. You have to replace /eodata with s3://EODATA.
Please see it at presented example:

a) original path:

b) altered path for s3cmd:


If nothing happens or you could not download a product properly, please issue -d switch to see a debug output for further diagnosis:

s3cmd -d get --recursive s3://EODATA/Sentinel-1/SAR/SLC/2016/05/14/S1A_IW_SLC__1SDV_20160514T030935_20160514T031002_011249_011058_2013.SAFE

Alternative solution

For syncing you are able to use s3cmd sync command (for the first time it downloads a whole product).

We can find a description in manual page (man s3cmd):

Synchronize a directory tree to S3 (checks files freshness using size and md5 checksum, unless overridden by options, see below)

In order to sync data to local folder, you have to put a dot (. → location of the current directory) as a last sign.

s3cmd sync s3://EODATA/Sentinel-1/SAR/SLC/2016/05/14/S1A_IW_SLC__1SDV_20160514T030935_20160514T031002_011249_011058_2013.SAFE .

How to create a set of VMs using OpenStack Heat (Orchestration)?

Heat is an OpenStack component responsible for Orchestration. Its purpose is to deliver automation engine and optimize processes.
Heat uses templates in most-popular for devops culture syntax → yaml. Those templates describe the whole infrastructure that you are able to deploy. The deployed environment is being called stack. It can consists of many different resources.

You can leverage Heat templates using python-heatclient in CLI or using Horizon dashboard in the web browser.


For installing python-heatclient run pip command (strongly recommended virtual environment activated):

pip install python-heatclient

To run a prepared template in order to deploy a stack, you have to use this command:

openstack stack create -t template.yml <stackname>
-t : assign template for deployment
<stackname>: defines a name for the stack


Log in to the Horizon dashboard and choose Orchestration tab.

Click on the Stacks.

Navigate to the right part of the screen and choose “Launch Stack”.

Enroll Template Source selector and choose a particular file, Direct Input or URL to your template.

Basic template

Using this snippet, you can create one virtual machine, booted from ephemeral disk.

heat_template_version: 2015-04-30       
    type: OS::Nova::Server              
      flavor: eo1.xsmall                
      image: Ubuntu 18.04 LTS (19.18)
        - network: private_network_0XXXX
        - network: eodata               
      key_name: your_key
        - allow_ping_ssh_rdp
        - default


heat_template_version → strictly a version of heat template. Each of them varies in many ways (including different modules support, more parameters customization etc.)

resources → entry to commence providing particular components for deployment

instance → name of resource (you can type in anything on your own)

type → definition of an OpenStack component (a comprehensive list: https://docs.openstack.org/heat/latest/template_guide/openstack.html)

properties → under this tab provide required parameters for deploying an component (in the case of virtual machine such as flavor, image networks etc.)

Please customize the filled-in values for your project purposes.
Check if you are using tabs for indentation. YAML doesn’t allow tabs; it requires spaces.

More advanced template

In this example, we will attach parameters, ResourceGroup with counter, VM booted from Cinder Volume and predefined outputs.

heat_template_version: 2015-04-30

        type: string
        label: Key Name
        description: SSH key to be used for all instances
        default: your_key
        type: string
        label: Image ID
        description: Image to be used. Check all available options in Horizon dashboard or by using openstack image list command.
        default: Ubuntu 18.04 LTS (19.18)
        type: string
        description: ID/Name of private network
        default: private_network_0XXXX
        type: string
        description: ID/Name of eodata network
        default: eodata

                type: OS::Heat::ResourceGroup
                        count: 2
                                type: OS::Nova::Server
                                        name: my_vm%index%
                                        flavor: eo1.xsmall
                                        image: { get_param: image_id }
                                                - network: { get_param: private_net_id }
                                                - network: { get_param: eodata_net_id }
                                        key_name: { get_param: key_name }
                                                - allow_ping_ssh_rdp
                                                - default

                type: OS::Cinder::Volume
                        name: vol
                        size: 20
                        image : { get_param: image_id }

                type: OS::Nova::Server
                        flavor: eo1.xsmall
                        block_device_mapping: [{"volume_size": 20, "volume_id": { get_resource: VOL_FAQ }, "delete_on_termination": False, "device_name": "/dev/vda" }]
                                 - network: { get_param: private_net_id }
                                 - network: { get_param: eodata_net_id }
                        key_name: { get_param: key_name }
                                 - allow_ping_ssh_rdp
                                 - default
                        image : { get_param: image_id }

                description: Shows details of all virtual servers.
                value: { get_attr: [ Group_of_VMs, show ] }     
As you can see,  firstly you have to create a real volume (called VOL_FAQ). After that you can proceed to create a VM (With_volume).


Parameters →  a solution to provide default values, which you can later inject into resource defintions using {get param: param_name }

ResourceGroup → component being used for repeating deployment, e.g two identical VM’s

Count → defines a variable for iterative operations

resource_def → starting statement for defining group resources

%index% → in this way we can easily add iterative number to the VM name, increasing values starting from 0.

block_device_mapping → property to define a bootable Cinder volume for instance

outputs → Additional information concerning deployed elements of the stack. In this case it returns a “show” attribute output. You can examine this kind of information by using openstack stack output list. Available attributes for every component can be found here: https://docs.openstack.org/heat/latest/template_guide/openstack.html

Please customize the filled-in values for your project purposes.