// removed jquery ui css and js

Per Cloud Region Installation (Required)


  •  AMQP (Required)

    Install AMQP Using Appliance                                                                                                            

     AMQP NON-HA

    AMQP NON-HA

    This component is required for each cloud region (public cloud, private cloud, or datacenter).

    Dedicated Gucamole Setup

    This GUA config wizard step is not required if you have set up a Dedicated Guacamole Server (Optional) server – A self-signed Guacamole certificate is provided out-of-box for Appliance installations.

    AMQP – Configure CCM/CCO Properties for Guacamole Server

    Configure the following gua_config_wizard.sh procedure on both the AMQP PRIMARY server and the AMQP SECONDARY server.

    1. Invoke the GUA wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

      Wizard Path
      /usr/local/cliqr/bin/gua_config_wizard.sh
    2. Configure the CCM and CCO (once installed) properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.

    3. Configure the properties for the CCM and CCO (once installed) VMs:

      Wizard MenuFieldPossible IP Addresses

      CCM_Info

      CCM Host

      CCM_IP or  CCM_SA_IP or CCM_LB_IP

      CCO_InfoCCO Host (once installed)
      CCO_IP or  CCO_LB_IP
      Config_CertsCerts Zip PathProvide the path for the certs.zip file. The default path is /tmp/certs.zip.
    4. Verify your changes and Exit the GUA configuration wizard.

    5. Select Yes, to restart the AMQP server and corresponding CloudCenter services.

      If you are installing the AMQP instance for the first time, then you may need to wait for a few minutes to ensure that all users are listed. You can verify that all users are listed by running the following commands:

      root> ls -alrt /usr/local/osmosix/etc/.RABBITINSTALLED
      -rw-r--r--. 1 root root o Feb 17 23:07 /user/local/osmosix/etc/.RABBITINSTALLED
      root> rabbitmqctl list_users
      Listing users ...
      cliqr   [administrator]
      cliqr_worker     []
      guest   [administrator]
      root>

      Reboot AMQP

      Reboot AMQP VM

      If you change the AMQP server's host name, the local AMQP database is renamed and you must reboot the AMQP VM.

      • To reboot the AMQP VM, run the following commands as root:

        rm /usr/local/osmosix/etc/.RABBITINSTALLED
        /usr/local/osmosix/bin/rabbit_config.sh
        reboot
      • If you reboot the VM, be aware of the following details:
        • You may end up with a new host name and database name after the reboot.

        • Some clouds set the host name automatically for each new instance or reboot – RabbitMQ uses a preset host name to set the database name.

        • If a database user exists and a login is not associated, this user may not be able to log into the AMQP server.

          • Ensure that the required users (cliqr and cliqr_worker) are setup in your database. If you have additional users in your database, they will also be displayed when you run the rabbitmqctl command.

            rabbitmqctl list_users
            Listing users ...
            cliqr [administrator]
            cliqr_worker []
          • If you do not see these users in your database, run the following commands as root (to recreate the users in the AMQP configuration):

            rm /usr/local/osmosix/etc/.RABBITINSTALLED
            bash /usr/local/osmosix/bin/rabbit_config.sh

    You have successfully configured the AMQP instance! Proceed to the CCO (Required) section.

     AMQP HA

    Install AMQP HA Using Appliances 

     

    AMQP_PRIMARY/SECONDARY – Exchange AMQP SSH Keys

    To exchange the SSH keys between the AMQP_PRIMARY and AMQP_SECONDARY instances, follow this procedure.

    1. On the AMQP_PRIMARY and AMQP_SECONDARY instances, execute the following commands to generate a new SSH key on each instance. 

      ssh-keygen -t rsa
      cd ~/.ssh
      cat id_rsa.pub >> authorized_keys
      chmod 600 authorized_keys
    2. Copy the id_rsa.pub content from both AMQP instances and paste the content into the authorized_keys file.

    3. Verify mutual SSH access between the AMQP_PRIMARY and AMQP_SECONDARY  by running the following command on each VM.

      ssh root@<AMQP_PRIMARY/AMQP_SECONDARY>



    This component is required for each cloud region (public cloud, private cloud, or datacenter).

    Dedicated Gucamole Setup

    This GUA config wizard step is not required if you have set up a Dedicated Guacamole Server (Optional) server – A self-signed Guacamole certificate is provided out-of-box for Appliance installations.

    AMQP – Configure CCM/CCO Properties for Guacamole Server

    Configure the following gua_config_wizard.sh procedure on both the AMQP PRIMARY server and the AMQP SECONDARY server.

    1. Invoke the GUA wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

      Wizard Path
      /usr/local/cliqr/bin/gua_config_wizard.sh
    2. Configure the CCM and CCO (once installed) properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.

    3. Configure the properties for the CCM and CCO (once installed) VMs:

      Wizard MenuFieldPossible IP Addresses

      CCM_Info

      CCM Host

      CCM_IP or  CCM_SA_IP or CCM_LB_IP

      CCO_InfoCCO Host (once installed)
      CCO_IP or  CCO_LB_IP
      Config_CertsCerts Zip PathProvide the path for the certs.zip file. The default path is /tmp/certs.zip.
    4. Verify your changes and Exit the GUA configuration wizard.

    5. Select Yes, to restart the AMQP server and corresponding CloudCenter services.

      If you are installing the AMQP instance for the first time, then you may need to wait for a few minutes to ensure that all users are listed. You can verify that all users are listed by running the following commands:

      root> ls -alrt /usr/local/osmosix/etc/.RABBITINSTALLED
      -rw-r--r--. 1 root root o Feb 17 23:07 /user/local/osmosix/etc/.RABBITINSTALLED
      root> rabbitmqctl list_users
      Listing users ...
      cliqr   [administrator]
      cliqr_worker     []
      guest   [administrator]
      root>

      Reboot AMQP

      Reboot AMQP VM

      If you change the AMQP server's host name, the local AMQP database is renamed and you must reboot the AMQP VM.

      • To reboot the AMQP VM, run the following commands as root:

        rm /usr/local/osmosix/etc/.RABBITINSTALLED
        /usr/local/osmosix/bin/rabbit_config.sh
        reboot
      • If you reboot the VM, be aware of the following details:
        • You may end up with a new host name and database name after the reboot.

        • Some clouds set the host name automatically for each new instance or reboot – RabbitMQ uses a preset host name to set the database name.

        • If a database user exists and a login is not associated, this user may not be able to log into the AMQP server.

          • Ensure that the required users (cliqr and cliqr_worker) are setup in your database. If you have additional users in your database, they will also be displayed when you run the rabbitmqctl command.

            rabbitmqctl list_users
            Listing users ...
            cliqr [administrator]
            cliqr_worker []
          • If you do not see these users in your database, run the following commands as root (to recreate the users in the AMQP configuration):

            rm /usr/local/osmosix/etc/.RABBITINSTALLED
            bash /usr/local/osmosix/bin/rabbit_config.sh

    You have successfully configured the AMQP instance! Proceed to the CCO (Required) section.

    AMQP_PRIMARY – Configure High Availability Properties

    Configure the following rabbit_config_wizard.sh procedure on only the AMQP PRIMARY server.

    1. Invoke the AMQP wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

      /usr/local/cliqr/bin/rabbit_config_wizard.sh
    2. Configure the CCM and CCO (once installed) properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.
    3. Configure the properties for the CCM and CCO (once installed) VMs:

      Wizard MenuFieldPossible IP Addresses

      Configure_HA

      Primary Node IP

      The IP address of the AMQP_PRIMARY instance.

      Primary Hostname

      The hostname of the  AMQP_PRIMARY instance.

      Secondary Node IP

      The IP address of the  AMQP_SECONDARY instance.

      Secondary Hostname

      The hostname of the  AMQP_PRIMARY instance.

    4. Verify your changes and Exit the AMQP configuration wizard.

    AMQP_LB

    The AMQP load balancing can be done through HAProxy, NGiNX, Apache2, or a cloud that is natively available to services, like AWS Elastic Load Balancer (ELB). To configure the load balancer service and ensure AMQP load balancing, be sure to listen on port 5671 and balance the request at 443 on both the AMQP_PRIMARY and AMQP_SECONDARY servers.

    See AMQP Firewall Rules > AMQP_LB Ports for the complete list of ports that need to be open for your deployment.

    If you configure a load balancer for any CloudCenter component, be aware that the firewalId is enabled by default and you must explicitly disable it to ensure that the CloudCenter component(s) can communicate with the load balancer. See Firewall Rules Overview for additional context.

    The following load balancing configuration was performed on CentOS7.x VM with HAProxy for the AMQP VM.

    1. SSH into the VM instance using the key pair that you used to launch the VM.
    2. Install HAProxy as the root user.

      yum install –y haproxy
      
    3. Modify HAProxy config file as displayed in the following code block.

      vi /etc/haproxy/haproxy.cfg
      
      #configuration to listen on 5671 and loadbalance
      frontend amqps-in
          mode tcp
          log global
          bind *:5671
          default_backend amqps
      backend amqps
          mode tcp
          balance roundrobin
          option ssl-hello-chk
          server amqp1 <AMQP_PRIMARY>:5671 check
          server amqp2 <AMQP_SECONDARY>:5671 check
      
      #configuration to listen on 443 and loadbalance
      frontend gua-in
          mode tcp
          log global
          bind *:443
          default_backend guas
      backend guas
         mode tcp
         balance roundrobin
         option ssl-hello-chk
         server amqp1 <AMQP_PRIMARY>:443 check
         server amqp2 <AMQP_SECONDARY>:443 check backup
       
      #configuration to listen on 7788 and loadbalance
      frontend gua-wrk-in
          mode tcp
          log global
          bind *:7788
          default_backend gua-wrk
      backend gua-wrk
         mode tcp
         balance roundrobin
         server amqp1 <AMQP_PRIMARY>:7788 check
         server amqp2 <AMQP_SECONDARY>:7788 check backup
       
      #configuration to listen on 7789 and loadbalance
      frontend gua-rev-in
          mode tcp
          log global
          bind *:7789
          default_backend gua-rev
      backend gua-rev
         mode tcp
         balance roundrobin
         server amqp1 <AMQP_PRIMARY>:7789 check
         server amqp2 <AMQP_SECONDARY>:7789 check backup
    4. To bind to 5671 port you must disable SELinux – run the following command to disable SELinux.

      setenforce 0
      sed -i 's/=enforcing/=permissive/g' /etc/selinux/config*
      #This command ensures that SELINUX is disabled permanently and the changes  are retained even in case of reboot 
    5. Start the HAProxy service and check the status, it should be active


      systemctl start haproxy
      systemctl status haproxy 
      
    6. Optionally, to view the HAProxy stats use the following configuration to access the HAProxy from a web browser. These stats allow you to view the status of the nodes from a web browser and allows admins to drain/stop nodes without accessing the VMs directly.

      https://myAMQP_LB_IP/haproxy_stats:9000

      listen stats 0.0.0.0:9000 #Listen on all IP's on port 9000
       mode http
       balance
       timeout client 5000
       timeout connect 4000
       timeout server 30000
      
      #This is the virtual URL to access the stats page
       stats uri /haproxy_stats
      
      #Authentication realm. This can be set to anything. Escape space characters with a backslash.
       stats realm HAProxy\ Statistics
      
      #The user/pass you want to use. Change this password!
       stats auth admin:<password>
      
      #This allows you to take down and bring up back end servers.
       #This will produce an error on older versions of HAProxy.
       stats admin if TRUE

    You have successfully configured the AMQP instance! Proceed to the CCO (Required) section.

     

     

  •  CCO (Required)

    Install CCO Using Appliance (Required)


     CCO NON-HA

    Configure CCO Wizard Properties

    This component is required for each cloud region (public cloud, private cloud, or datacenter).

    1. Invoke the CCO wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

      CCO Wizard Path
      /usr/local/cliqr/bin/cco_config_wizard.sh
    2. Configure the server properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.
      Wizard MenuFieldNotes

      Bundle Server Info

      Agent Bundle URLThe URL for the Management Agent bundle – Use the default, cdn.cliqr.com, or replace with your custom bundle store IP or DNS.

      Enter AMQP Parameters

      AMQP Server IP

      AMQP_IP or AMQP_LB_IP

      AMQP Port5671
      Enter Connection Broker ParametersConnection Broker Host

      AMQP_IP or AMQP_LB_IP


      NetworkHostnameConfigure the Network details for your CCO environment. This is an optional step to configure the Private IP of the VM. You can generally configure this information if the VM does not have preset IP or hostname or if you need to override an existing IP or Hostname.

      Private Registry (for Out-of-Box CloudCenter Services)

      Docker Registry URL

      Set only if custom Docker registry is used.

      Docker CA Cert URL

      Set only if docker registry uses SSL with custom CA Certificates.

      See Certificate Authentication > Dedicated Components for additional context.

      Enter Log Collector Parameters

      ELK HostSpecify the IP address for the Log Collector host.
      Host IdentifierThe Unique ID for the server – be sure to prefix the unique identifier with CCO_ for example, CCO_Openstack_regionOne or CCO_Amazon_east.
      If not set, the CloudCenter platform uses the CCO server date.
      Host Identifier List 
      This field only applies to environments using the HA mode – provide a list of comma separated unique host Identifiers for all Log Collector hosts in a HA setup = for example, CCO1,CCO2,myCCO.


      In an environment operating in HA mode, if you have three CCO instances with unique IDs configured as CCO_1,CCO_2,CCO_3 in their respective server.properties file, then this property should state CCO_1,CCO_2,CCO_3 in each CCO instance. Each CCO must be aware of the unique ID of the other CCO(s) when in HA mode.

      Enter External Script Executor ParametersDocker Server IPThe default IP is 127.0.0.1.
      Enter the IP address of a dedicated Docker server, if applicable.
      Docker Server PortDefaults to 2376
      Docker Container Timeout

      Defaults to 10m (minutes)


      Config_CertsCerts Zip PathProvide the path for the certs.zip file. The default path is /tmp/certs.zip.

      Config_Duration

      Bootstrap Wait TimeDefaults to 15 minutes
      Max Bootstrap Wait TimeDefaults to 3600 seconds
      Change the default value if this event takes a longer time to complete. The settings range is 3,600 to 2,000,000 seconds.
      Node Heartbeat TimeDefaults to 180000 milliseconds
      Change the default value if this event takes a longer time to complete. The settings range is 180,000 to 2,000,000 milliseconds.
      Node Cleanup TimeoutDefaults to 300 seconds
      Change the default value if this event takes a longer time to complete. The settings range is 300 to 2,000,000 seconds.
    3. Verify your changes and Exit the CCO configuration wizard.

    4. Select Yes, to restart the server and corresponding CloudCenter services

    You have successfully configured the CCO instance! You can now proceed to the next step:

    • If you are configuring CCO HA – see CCO_LB to complete the HA configuration.
    • If you are installing a dedicated Docker component – see Dedicated Docker Registry Installation (Optional).
    • If you are not installing a dedicated Docker component – see Configure the Admin Account and proceed with configuring and setting up CloudCenter.

     CCO HA

    Install CCO HA Using Appliance

     

    Exchange CCO SSH Keys

    To exchange the SSH keys between the CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY instances, follow this procedure.

    1. On the CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY instances, execute the following commands to generate a new SSH key on each instance. 

      ssh-keygen -t rsa
      cd ~/.ssh
      cat id_rsa.pub >> authorized_keys
      chmod 600 authorized_keys
    2. Copy the id_rsa.pub content from all three CCO instances and paste the content into the authorized_keys file.

    3. Verify mutual SSH access between the CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY by running the following command on each VM.

      ssh root@<CCO_PRIMARY/CCO_SECONDARY/CCO_TERTIARY>


    CCO_PRIMARY – Configure CCO Properties


    To ensure that all three CCOs communicate with each other, you must configure the following HA-specific information in the CCO_PRIMARY wizard.

    You can configure the information for all three CCO servers by providing the following details ONLY in the CCO_PRIMARY wizard.

    This section ONLY provides the HA details for EMPHASIS – In addition to this HA information, you must also configure the generic information in the CCO_PRIMARY details provided in the next section

    Wizard MenuFieldNotes

    Enter CCO HA Info
    CCO HA Info – Specify the following details in the primary CCO server.

    Primary Node IP

    Enter the IP address of the Primary CCO instance.

    Secondary Node IPEnter the IP address of the Secondary CCO instance.
    Tertiary Node IPEnter the IP address of the Tertiary CCO instance

    Configure CCO Wizard Properties

    This component is required for each cloud region (public cloud, private cloud, or datacenter).

    1. Invoke the CCO wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

      CCO Wizard Path
      /usr/local/cliqr/bin/cco_config_wizard.sh
    2. Configure the server properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.
      Wizard MenuFieldNotes

      Bundle Server Info

      Agent Bundle URLThe URL for the Management Agent bundle – Use the default, cdn.cliqr.com, or replace with your custom bundle store IP or DNS.

      Enter AMQP Parameters

      AMQP Server IP

      AMQP_IP or AMQP_LB_IP

      AMQP Port5671
      Enter Connection Broker ParametersConnection Broker Host

      AMQP_IP or AMQP_LB_IP


      NetworkHostnameConfigure the Network details for your CCO environment. This is an optional step to configure the Private IP of the VM. You can generally configure this information if the VM does not have preset IP or hostname or if you need to override an existing IP or Hostname.

      Private Registry (for Out-of-Box CloudCenter Services)

      Docker Registry URL

      Set only if custom Docker registry is used.

      Docker CA Cert URL

      Set only if docker registry uses SSL with custom CA Certificates.

      See Certificate Authentication > Dedicated Components for additional context.

      Enter Log Collector Parameters

      ELK HostSpecify the IP address for the Log Collector host.
      Host IdentifierThe Unique ID for the server – be sure to prefix the unique identifier with CCO_ for example, CCO_Openstack_regionOne or CCO_Amazon_east.
      If not set, the CloudCenter platform uses the CCO server date.
      Host Identifier List 
      This field only applies to environments using the HA mode – provide a list of comma separated unique host Identifiers for all Log Collector hosts in a HA setup = for example, CCO1,CCO2,myCCO.


      In an environment operating in HA mode, if you have three CCO instances with unique IDs configured as CCO_1,CCO_2,CCO_3 in their respective server.properties file, then this property should state CCO_1,CCO_2,CCO_3 in each CCO instance. Each CCO must be aware of the unique ID of the other CCO(s) when in HA mode.

      Enter External Script Executor ParametersDocker Server IPThe default IP is 127.0.0.1.
      Enter the IP address of a dedicated Docker server, if applicable.
      Docker Server PortDefaults to 2376
      Docker Container Timeout

      Defaults to 10m (minutes)


      Config_CertsCerts Zip PathProvide the path for the certs.zip file. The default path is /tmp/certs.zip.

      Config_Duration

      Bootstrap Wait TimeDefaults to 15 minutes
      Max Bootstrap Wait TimeDefaults to 3600 seconds
      Change the default value if this event takes a longer time to complete. The settings range is 3,600 to 2,000,000 seconds.
      Node Heartbeat TimeDefaults to 180000 milliseconds
      Change the default value if this event takes a longer time to complete. The settings range is 180,000 to 2,000,000 milliseconds.
      Node Cleanup TimeoutDefaults to 300 seconds
      Change the default value if this event takes a longer time to complete. The settings range is 300 to 2,000,000 seconds.
    3. Verify your changes and Exit the CCO configuration wizard.

    4. Select Yes, to restart the server and corresponding CloudCenter services

    You have successfully configured the CCO instance! You can now proceed to the next step:

    • If you are configuring CCO HA – see CCO_LB to complete the HA configuration.
    • If you are installing a dedicated Docker component – see Dedicated Docker Registry Installation (Optional).
    • If you are not installing a dedicated Docker component – see Configure the Admin Account and proceed with configuring and setting up CloudCenter.

    CCO_LB

    Load balancing can be done through HAProxy, NGiNX, Apache2, or a cloud that is natively available to services, like AWS Elastic Load Balancer (ELB). To configure the load balancer service and ensure CCO load balancing, be sure to listen on port 8443 and balance the request at 8443 on both the CCO_PRIMARY and CCO_SECONDARY servers.

    See CCO Firewall Rules > CCO_LB Ports for the complete list of ports that need to be open for your deployment.

    If you configure a load balancer for any CloudCenter component, be aware that the firewalId is enabled by default and you must explicitly disable it to ensure that the CloudCenter component(s) can communicate with the load balancer. See Firewall Rules Overview for additional context.

    The following load balancing configuration was performed on CentOS7.x VM with HAProxy for the CCO VM.

    1. SSH into the VM instance using the key pair that you used to launch the CCO VM.
    2. Install HAProxy as the root user.

      yum install -y haproxy
      
    3. Modify HAProxy config file as follows.

      vi /etc/haproxy/haproxy.cfg        
                                               
      # listen on 8443 with SSL certs and loadbalance
      frontend httpsalt-in
          mode tcp
          log global
          bind *:8443
          default_backend ccos
      
      backend ccos
          mode tcp
          balance roundrobin
          option ssl-hello-chk
          server  cco1 <CCO_PRIMARY_IP>:8443
          server  cco2 <CCO_SECONDARY_IP>:8443 
          server  cco3 <CCO_TERTIARY_IP>:8443 
    4. Start the HAProxy service and check the status to ensure that it is active


      systemctl start haproxy
      systemctl status haproxy 
      
    5. Optionally, to view the HAProxy stats use the following configuration to access the HAProxy from a web browser. These stats allow you to view the status of the nodes from a web browser and allows admins to drain/stop nodes without accessing the VMs directly.

      https://myCCO_LB_IP/haproxy_stats:9000

      listen stats 0.0.0.0:9000 #Listen on all IP's on port 9000
       mode http
       balance
       timeout client 5000
       timeout connect 4000
       timeout server 30000
      
      #This is the virtual URL to access the stats page
       stats uri /haproxy_stats
      
      #Authentication realm. This can be set to anything. Escape space characters with a backslash.
       stats realm HAProxy\ Statistics
      
      #The user/pass you want to use. Change this password!
       stats auth admin:<password>
      
      #This allows you to take down and bring up back end servers.
       #This will produce an error on older versions of HAProxy.
       stats admin if TRUE



  • No labels
© 2017-2018 Cisco Systems, Inc. All rights reserved