Leasing a Yandex BareMetal server connected to Cloud Backup

In the management console, select the folder you want to lease a server in.

In the list of services, select BareMetal and click Lease server.

In the Availability zone field, select the availability zone the server will be leased in.

In the Pool field, select the pool the server will be leased from.

Under Configuration, select the appropriate server configuration.

(Optional) Under Disk, configure disk partitioning:

1. Click Configure disk layout.

2. Specify the partitioning parameters. To create a new partition, click Add partition.

   To build RAID arrays and configure disk partitions yourself, click Remove RAID.

3. Click Save.

Under Image, select Marketplace and an OS supported in Cloud Backup.

Under Lease conditions:

1. In the Number of servers field, specify the number of servers you want to lease.

2. In the Lease duration field, select a lease period: 1 day, 1 month, 3 months, 6 months, or 1 year.

   When this period expires, server lease will automatically be renewed for the same period. You cannot terminate the lease during the specified lease period, but you can refuse to extend the server lease further.

1. Under Private network, in the Private subnet field, select an existing private subnet or click Create to create a new one.

2. Under Public network, in the Public address field, select a public IP address assignment method:

   • From ephemeral subnet: Assign a random IP address. If you need to get the IP address when creating a server via a request to a DHCP server, enable Assign via DHCP.

   • From a dedicated subnet: To assign an IP address from the range of addresses of a dedicated public subnet.

     In the field that opens, select a public subnet or click Order to order a new one.

     Warning

     The dedicated public subnet does not have a DHCP server; therefore, on the network interface of the server connected to such subnet, you should manually configure a static IP address from the subnet’s range of available public IP addresses and specify the default gateway address.

   For the Cloud Backup agent to exchange data with the backup provider servers, make sure the server has network access to the IP addresses of Cloud Backup resources based on the following table:

   Port range	Protocol	Destination name	CIDR blocks
   80	TCP	CIDR	213.180.193.0/24
   80	TCP	CIDR	213.180.204.0/24
   443	TCP	CIDR	84.47.172.0/24
   443	TCP	CIDR	84.201.181.0/24
   443	TCP	CIDR	178.176.128.0/24
   443	TCP	CIDR	213.180.193.0/24
   443	TCP	CIDR	213.180.204.0/24
   7770-7800	TCP	CIDR	84.47.172.0/24
   8443	TCP	CIDR	84.47.172.0/24
   44445	TCP	CIDR	51.250.1.0/24

   Tip

   When installing the Cloud Backup agent on your VM or BareMetal server, you might need to install missing software components from the internet. To do this, add the following outbound traffic rule to the security group:

   • Port range: 0-65535
   • Protocol: Any (Any)
   • Destination name: CIDR
   • CIDR blocks: 0.0.0.0/0

   Once the Cloud Backup agent is installed, you can delete this rule.

Under Access:

1. In the Password field, select one of the following options to create a root password:

   • To generate a new root password, select New password and click Generate.

     Warning

     This option requires you to maintain password security. Save the password you generated in a secure location. Yandex Cloud does not store it, and you will not be able to retrieve it once the server is deployed.

   • To use the root password saved in a Yandex Lockbox secret, select Lockbox secret.

     In the Name, Version, and Key fields, select the secret containing your password, its version, and its key, respectively.

     If you do not have a Yandex Lockbox secret, click Create to create it.

     Choose the Custom secret type to specify a custom password or Generated to generate password automatically.

2. In the Public SSH key field, select the SSH key saved in your organization user profile.

   If there are no SSH keys in your profile or you want to add a new key:

   1. Click Add key.

   2. Enter a name for the SSH key.

   3. Select one of the following:

      • Enter manually: Paste the contents of the public SSH key. You need to create an SSH key pair on your own.

      • Load from file: Upload the public part of the SSH key. You need to create an SSH key pair on your own.

      • Generate key: Automatically create an SSH key pair.

        When adding a new SSH key, an archive containing the key pair will be created and downloaded. In Linux or macOS-based operating systems, unpack the archive to the /home/<user_name>/.ssh directory. In Windows, unpack the archive to the C:\Users\<user_name>/.ssh directory. You do not need additionally enter the public key in the management console.

   4. Click Add.

   The system will add the SSH key to your organization user profile. If the organization has disabled the ability for users to add SSH keys to their profiles, the added public SSH key will only be saved in the user profile inside the newly created resource.

Enable server backup in Cloud Backup:

1. Enable Backup.
2. Select an existing backup policy or create a new one.
3. Select a service account with the baremetal.editor and backup.editor roles assigned or create a new one.

Under Server information:

1. Specify the server name in the Name field.
2. Optionally, add a server description in the Description field.
3. Optionally, set labels in the Labels field.

Click Lease server.