Deploy Your First Server

Bare metal infrastructure acts a lot like the hyperscaler clouds you may know, while providing a lot more control and power. But if you’re new to the space, these capabilities can feel a bit overwhelming. The high performance, low latency infrastructure that puts you in control of your stack is well worth learning it.

If you haven’t been introduced to the Equinix Metal console, we recommend you take some time to orient yourself to your new platform.

Now, let’s make it practical by deploying a server.

We've broken it all down to a few simple steps to get up and running quickly, as easy as 1, 2, 3, 4.

1. The basics: register for an account, create an organization, and create a project.
2. Set up access: create an SSH key pair and upload it to your account.
3. Deploy your server: create a server, attach an elastic IP, and connect to it.
4. Deploy your networking: create an elastic IP and attach it to the server.

1: The basics

Start by sending your browser to the Equinix Metal Console at https://console.equinix.com. If you have an account, go ahead and log in; if not, select "Create your account".

This will set up your account, ask you for the name of a new organization, and request your billing information. Don’t worry, you won’t be charged until after you spin up your first server. But we do need a credit card on file to prevent fraudulent activity and to help keep our servers safer for your consumption.

If you already have an account, go ahead and log in. Select the organization you want to work in.

We will create a new project with which to work. In the upper-left corner, under "PROJECT", click the pull-down and then "All Projects" from the drop-down.

This will fill the Main Panel with information on projects in your organization.

Click the "Add new" button, give it a name, for example, "Getting Started", and confirm.

You now have a new project named "Getting Started"!

2: Set up access

Deploying a server by itself is not very useful; you need to be able to access it so you can deploy and start the software that will make that server useful.

A Quick SSH Key Refresher Crash Course

SSH is a secure way to authenticate to a server. Everyone is familiar with usernames and passwords. Passwords prove who you are, i.e. authenticate you. You send it, hopefully over a secure channel, to another service, like a server. That server then compares your secret password with a safely stored copy it has of it, and lets you in if it matches. SSH, on the other hand, use public key cryptography to secure your communications in two ways. First, it creates an encrypted communications channel. SSH the protocol will communicate to the server only over that encrypted channel. Second, it uses mathematical calculations to generate a pair of keys, or keypair: a public key that goes to all the servers with which you want to communicate; and a secret private key which never leaves your personal laptop or desktop computer. When you connect with the server, additional calculations prove that you are in possession of the secret private key, without it ever being sent to the server.

You can read more about how Equinix Metal uses SSH keys, as well as how to add personal ones or project ones, and their differences, in the Equinix Metal SSH Keys Documentation. For a more detailed dive into SSH keys, read about them at the SSH Academy.

In order to use SSH keys, you need to do two things: generate a keypair; and share your public key with the target server.

Generate a keypair

How you generate an SSH keypair depends on your platform, Windows vs Linux, macOS and similar Unix-like systems.

To keep things simple, we will show you how to generate a keypair on Linux or macOS. Look at our Equinix Metal SSH Keys Documentation for more options and other platforms.

First, open the terminal, and then run the command ssh-keygen -t rsa, and follow the prompts.

It asks a few things:

1. Where to store the keypair; the default location is shown, so you just hit enter to accept it.
2. The passphrase to encrypt the private key. This is especially important on shared devices, or if the key needs to be kept extremely secure, beyond just the workstation on which it is kept. You can leave enter a passphrase, or, if you don't need to encrypt it, just hit "Return". In this instance, since we are using it entirely locally, we will not encrypt it.

The above generate a new keypair of type RSA, storing it in the default locations:

• ~/.ssh/id_rsa for the private key
• ~/.ssh/id_rsa.pub for the public key

Upload the public key to Equinix Metal

Equinix Metal takes care of deploying the public key to the servers for you. You just upload the public key you generated to Equinix Metal, and it will ensure each server you deploy has it installed in the right location, so you can log in.

Select your picture on the upper-right in the "Personal area", and then "My Profile" from the drop-down.

Now select "SSH Keys" from the tabs.

Click "Add new key", give it a name, e.g. "My new key", and paste in the public key you generated in the previous section. Be sure that you paste in only the public portion, not the private portion. Click "Add SSH key".

3: Deploy your server

Only a few steps in, and we are ready to deploy a server! Even better, all of the steps we did until now do not have to be repeated for the following servers. You already will have a project and ssh keys. If you've gotten this far, you likely know what type of server you want to deploy, and for what purpose. If you are not quite sure yet, or just want to see the options, check out pur broad list of on-demand server configurations here.

Back to the left-hand-side, select "Getting Started" from the projects pull-down.

Now, click "Bare metal servers -> On Demand".

Select any metro. For our example, we are going to use Dallas, because it is a great city!

Choose the server type. As we don't have plans to run anything heavy on this server, we will select the t3.small.x86. If you already know what server you want, go ahead and pick your preference.

Choose an operating system. We have lots of choices, but it is hard to go wrong with Ubuntu 20.04 LTS. If you have a different preference, go ahead and select it.

Select the number of our servers. As all of these servers are in the same project, they will be able to communicate directly with each other over private 10.0.0.0/8 addresses. As this is our first server, we will start with just one.

We could go straight to "Deploy Now", but let's be sure that the public IPs and ssh keys are set correctly. Select "Optional Settings" Under "Configure IPs", make sure that "Deploy with Equinix Metal Public IPv4" is selected. This will give us a public IPv4 address that we can use to log into the server.

Under "SSH Keys", make sure to select your key that you uploaded earlier. This will ensure that the key is loaded onto the server and you can log in.

Click "Deploy Now".

You will see a progress bar, and then a list of servers that were deployed.

At any time, click on the server name to see the details.

When the server is ready, the status will indicate it, and you can see the public IP.

Now, let's log in!

On Linux, macOS and other Unix-like operating systems, we do ssh root@<ip> from the terminal; on Windows, we use Putty.

The first connection will ask you to confirm the authenticity of the server. This is a security measure performed by ssh. Once it succeeds, you will see the login message of the server, and finally a command prompt.

Success!

4: Deploy your networking

Now you have a server deployed, and it came with both a private Equinix-managed IP address, and a public Equinix-owned IP address. When that server goes away, so does the public IP address.

You aren't deploying a server just for the fun of it (although it is fun!). You are deploying it so you can deploy services on it. If those services are Internet-facing, you are going to want a consistent IP address, one that you can use not only on this server, but on any server that replaces it in the future. For that matter, you might make your service highly available, on multiple servers at the same time.

Go to your project's main page. On the left-hand-side, select "IPs" from under the "Networking" section.

You now see all of the IP ranges that are affiliated with your project. Note that the "IP Type" of the existing ranges is "Management". This means that they are provided by Equinix Metal. These will last as long as your server. When it is deleted, the Public IPv4 "Management" ones will disappear, will the Public IPv6 and Private IPv4 may continue to exist through the life of the project.

In the upper-right-hand corner, click "Request IP Addresses".

You now can request a public IP, or more correctly, a block of several contiguous public IPs.

You have a choice between a regular Public IPv4, on the left, which is affiliated with just one region, and a Global IPv4, on the right, which is affiliated with all regions.

As you can see, there is a significant price difference between the two. As we are deploying services only in one region, Dallas, we will pick the regular Public IPv4.

Make sure to select the same location as your servers, in our case, Dallas.

Next, select how many contiguous IPs you want. We will select 1. If you want more than one, pick a larger number. Remember that you pay for these IPs by the hour, so more IPs will cost you more. In addition, larger contiguous sets are subject to Equinix supply controls. If you pick too large a block, you may need to wait for Equinix to approve it.

With just one requested:

Finally, click "Submit Request".

This should bring us back to the main "IPs" page. Because we requested just a single IP, it was ready for us immediately. Notice that we now have and additional IP Block, whose type is "Elastic", unlike the others, which are "Management".

At any point, you can delete the IP block by clicking the garbage can icon. If you do, you will stop being charged for it.

Now, we can allocate the IP to the server!

Select "Manage Servers" from the left-hand-side.

This brings you back to your list of servers. Click on the server hostname.

This brings you to the detailed view of your server. Across the top are tabs, providing the things you can do to manage the server. Select "Network".

Now, you are in the "Manage Network" page for your server. At the bottom right, click "Assign an Elastic IP".

Select the address type, in our case, "Public IPv4", and the specific block. In our case, we only have one that we just allocated. If you have more than one Elastic IP Block with available addresses, they will appear here. Then click "Add".

Behold! Your IP now is assigned to your server!

It can take up to a minute for the allocation to take effect.

As far as Equinix Metal is concerned, all traffic for your Elastic IP will be routed to the server. You may, however, need to tell the server to accept the traffic on that new IP. One way to do that is just to add it as an address on the main bond0 interface.

We connect to the server via ssh, and add it.

ssh root@147.28.148.33
Welcome to Ubuntu 20.04.5 LTS (GNU/Linux 5.4.0-137-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Thu Mar  2 14:05:26 UTC 2023

  System load:  0.01               Processes:              205
  Usage of /:   0.7% of 218.00GB   Users logged in:        0
  Memory usage: 3%                 IPv4 address for bond0: 147.28.148.33
  Swap usage:   0%                 IPv6 address for bond0: 2604:1380:a0:6500::1

 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
   just raised the bar for easy, resilient and secure K8s cluster deployment.

   https://ubuntu.com/engage/secure-kubernetes-at-the-edge

 * Introducing Expanded Security Maintenance for Applications.
   Receive updates to over 25,000 software packages with your
   Ubuntu Pro subscription. Free for personal use.

     https://ubuntu.com/pro

0 updates can be applied immediately.


The list of available updates is more than a week old.
To check for new updates run: sudo apt update
New release '22.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.


Last login: Thu Mar  2 14:03:45 2023 from 5.29.14.9
root@t3-small-x86-01:~#
root@t3-small-x86-01:~#
root@t3-small-x86-01:~# # we are going to add the elastic IP address to interface bond0
root@t3-small-x86-01:~# ip addr add 147.28.141.220 dev bond0
root@t3-small-x86-01:~#
root@t3-small-x86-01:~#
root@t3-small-x86-01:~# # now we check that it took, see the #4 interface, bond0
root@t3-small-x86-01:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp3s0f0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
    link/ether b4:96:91:89:70:68 brd ff:ff:ff:ff:ff:ff
3: enp3s0f1: <NO-CARRIER,BROADCAST,MULTICAST,SLAVE,UP> mtu 1500 qdisc mq master bond0 state DOWN group default qlen 1000
    link/ether b4:96:91:89:70:68 brd ff:ff:ff:ff:ff:ff
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b4:96:91:89:70:68 brd ff:ff:ff:ff:ff:ff
    inet 147.28.148.33/31 brd 255.255.255.255 scope global bond0
       valid_lft forever preferred_lft forever
    inet 10.1.13.129/31 brd 255.255.255.255 scope global bond0:0
       valid_lft forever preferred_lft forever
    inet 147.28.141.220/32 scope global bond0
       valid_lft forever preferred_lft forever
    inet6 2604:1380:a0:6500::1/127 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::b696:91ff:fe89:7068/64 scope link
       valid_lft forever preferred_lft forever

Now we can check it by pinging the server from anywhere:

$ ping 147.28.141.220
PING 147.28.141.220 (147.28.141.220): 56 data bytes
64 bytes from 147.28.141.220: icmp_seq=0 ttl=47 time=185.140 ms
64 bytes from 147.28.141.220: icmp_seq=1 ttl=47 time=184.757 ms
64 bytes from 147.28.141.220: icmp_seq=2 ttl=47 time=183.440 ms
64 bytes from 147.28.141.220: icmp_seq=3 ttl=47 time=184.044 ms
^C
--- 147.28.141.220 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 183.440/184.345/185.140/0.654 ms

All in a quick and easy way.

Of course, once you are done, if you weren't intending to keep using the server, be sure to delete it; otherwise, you will be charged for it. You also should detach and deprovision the Elastic IP, as you are charged for that as well.