Welcome to the Flying Circus!
For this tutorial we assume that you have ordered a virtual machine and we finished provisioning it for you.
To get you started we would like to take you on a quick tour with the following parts:
When you ordered a virtual machine, we asked you for a project name. Let’s
assume your project is called
myapp. Based on this we gave your first virtual
machine the name
myapp00. This way you are ready to add more resources to
your project when needed without having to invent further names. Additional
virtual machines will be called subsequently:
myapp02, and so on.
At Flying Circus we use projects to describe that a set of resources (virtual machines) that belong together and have some common settings (like user permissions, firewalling, etc.).
To access any virtual machine in the Flying Circus, you need a personal user account. This account will automatically synchronize over all your virtual machines. Accounts are free, so don’t hesitate to create them as you need them!
To create your account, simply go to https://my.flyingcircus.io/signup and fill out the form. You will then receive an email in which you will be asked to verify your account. Please do so.
Once the verification is done, we get notified about your account creation automatically and will get in touch with you.
The user account is for maintenance purposes only. Do not consider to run your application in the user account context, since many fundamental features are not available. For information in how to deploy you application check the Application Deployment section in this tutorial.
Virtual machines can be accessed by simply using SSH.
Logging in requires you to use your personal username and the SSH key you provided us when establishing your account.
We do not allow password-based SSH logins. For details, check our data protection plan.
Every virtual machine will have a DNS name that follows the pattern
<virtualmachine>.gocept.net. For example, if your resource
group is called
myapp the first virtual machine will be known as
$ ssh firstname.lastname@example.org
Based on your SSH login you can also transfer files from and to the virtual machine using SFTP:
$ scp my-file email@example.com:
If you have problems connecting to the VM, check our section on Connecting to VMs.
Server applications should be running in a service user account and not in a
human user account. For every project we automatically
provide a service user with a matching name. For example: if your resource
group is named
myapp then there will also be a user account called
all virtual machines that belong to this project.
Change your user context to this user and perform the necessary tasks to deploy your application:
$ ssh firstname.lastname@example.org bob@myapp00 ~ $ sudo -u s-myapp -i s-myapp@myapp00 ~ $ # ... execute commands to install your application ...
The advantage of running applications in a service user is that applications are not bound to any individuals, but run in a rather neutral context. Some features like automatic service start on VM boot work only for service users. Further information about our user account concept can be found in the User accounts section.
For a detailed application deployment walk-through, please ref to the Application deployments section.
Anatomy of a Virtual Machine¶
Here is how the network for a virtual machine looks like:
ctheune@myapp00 ~ $ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN ... 2: ethfe: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 inet 220.127.116.11/27 brd 18.104.22.168 scope global ethfe inet 22.214.171.124/27 brd 126.96.36.199 scope global secondary ethfe inet6 2001:470:9aaf:2::1013/64 scope global valid_lft forever preferred_lft forever 3: ethsrv: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 inet 172.22.48.131/20 brd 188.8.131.52 scope global ethsrv inet6 2001:470:9aaf:3::1013/64 scope global valid_lft forever preferred_lft forever ...
There are always two network interfaces: one for public access from the Internet (ethfe, the frontend) and one for communication between VMs within the Flying Circus (ethsrv, the server network). Every virtual machine has public IPv6 enabled on all interfaces. IPv4 is enabled on the frontend when necessary, IPv4 on the server network is using a private IPv4 address space. Private IPv4 addresses provide connectivity within the data center, so you can use them to talk to other VMs and central services (like DNS or mail). Some VMs also have public IPv4 addresses on ethsrv.
Our firewalls allow all traffic from the internet on the public interface (ethfe) but restrict access to the server network (ethsrv) to select services like SSH, HTTP and HTTPS. You should therefore be careful to configure internally used software like databases to listen on the IPs of the server network only.
Further information about our networking concept can be found in the Networking section.
Every virtual machine has three disks mounted:
user@myapp00 ~ $ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT vda 253:0 0 10G 0 disk ├─vda1 253:1 0 10G 0 part / └─vda2 253:2 0 1M 0 part vdb 253:16 0 1G 0 disk [SWAP] vdc 253:32 0 5G 0 disk └─vdc1 253:33 0 5G 0 part /tmp
is the root partition with the size that you gave when ordering the virtual machine. This partition will hold your application’s data.
is a separate virtual disk mounted to /tmp. This disk has 10% of the size of the root disk but at least 5GiB. It is useful for putting temporary files into. However, note that it is automatically cleaned from a cronjob and reformatted when your virtual machine is restarted.
is the swap partition. It is generally half the amount of RAM, but at least 1GiB.
You can use our managed components/roles to avoid having to install and maintain complex setups yourself. Some examples for components we provide:
webgateway (nginx, haproxy)
mailserver (postfix, dovecot, roundcube)
The benefit of managed components are:
automated, repeatable installation and production-ready configuration
all maintenance included
fast security updates
regular upgrades and configuration optimization
For details on available software, have a look at the current NixOS platform documentation.
You can see and change the managed components/roles for your VMs by visiting the
My Flying Circus and selecting
the respective VM. Applied components are listed in the box labeled with
Access to Monitoring¶
Virtual machines are monitored by Sensu for correct operation. Check results are displayed on the status pages at My Flying Circus.