// removed jquery ui css and js

Per Cloud Region Installation (Required)


  •  AMQP (Required)

    Install AMQP Using Appliance                                                                                                            

     AMQP NON-HA

    AMQP NON-HA

    This component is required for each cloud region (public cloud, private cloud, or datacenter).

    Dedicated Gucamole Setup

    This GUA config wizard step is not required if you have set up a Dedicated Guacamole Server (Optional) server – A self-signed Guacamole certificate is provided out-of-box for Appliance installations.

    AMQP – Configure CCM/CCO Properties for Guacamole Server

    Configure the following gua_config_wizard.sh procedure on both the AMQP PRIMARY server and the AMQP SECONDARY server.

    1. Invoke the GUA wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

      Wizard Path
      /usr/local/cliqr/bin/gua_config_wizard.sh
    2. Configure the CCM and CCO (once installed) properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.

    3. Configure the properties for the CCM and CCO (once installed) VMs:

      Wizard MenuFieldPossible IP Addresses

      CCM_Info

      CCM Host

      CCM_IP or  CCM_SA_IP or CCM_LB_IP

      CCO_InfoCCO Host (once installed)
      CCO_IP or  CCO_LB_IP
      Security_InfoProtocol

      The default RDP protocol is TLS (supports Windows 2008 R2, 2012 R2 and 2016).

      If you prefer to use older versions of Windows that only support RDP SSL, change the default to RDP from the default TLS.

      Config_CertsCerts Zip PathProvide the path for the certs.zip file. The default path is /tmp/certs.zip.
    4. Verify your changes and Exit the GUA configuration wizard.

    5. Select Yes, to restart the AMQP server and corresponding CloudCenter services.

      If you are installing the AMQP instance for the first time, then you may need to wait for a few minutes to ensure that all users are listed. You can verify that all users are listed by running the following commands:

      root> ls -alrt /usr/local/osmosix/etc/.RABBITINSTALLED
      -rw-r--r--. 1 root root o Sep 10 23:07 /user/local/osmosix/etc/.RABBITINSTALLED
      root> rabbitmqctl list_users
      Listing users ...
      cliqr   [administrator]
      cliqr_worker     []
      guest   [administrator]
      root>

      Reboot AMQP

      Reboot AMQP VM

      If you change the AMQP server's host name, the local AMQP database is renamed and you must reboot the AMQP VM.

      • To reboot the AMQP VM, run the following commands as root:

        rm /usr/local/osmosix/etc/.RABBITINSTALLED
        /usr/local/osmosix/bin/rabbit_config.sh
        reboot
      • If you reboot the VM, be aware of the following details:
        • You may end up with a new host name and database name after the reboot.

        • Some clouds set the host name automatically for each new instance or reboot – RabbitMQ uses a preset host name to set the database name.

        • If a database user exists and a login is not associated, this user may not be able to log into the AMQP server.

          • Ensure that the required users (cliqr and cliqr_worker) are setup in your database. If you have additional users in your database, they will also be displayed when you run the rabbitmqctl command.

            rabbitmqctl list_users
            Listing users ...
            cliqr [administrator]
            cliqr_worker []
          • If you do not see these users in your database, run the following commands as root (to recreate the users in the AMQP configuration):

            rm /usr/local/osmosix/etc/.RABBITINSTALLED
            bash /usr/local/osmosix/bin/rabbit_config.sh

    You have successfully configured the AMQP instance! Proceed to the CCO (Required) section.

     AMQP HA

    Install AMQP HA Using Appliances 

     

    AMQP_PRIMARY/SECONDARY – Exchange AMQP SSH Keys

    To exchange the SSH keys between the AMQP_PRIMARY and AMQP_SECONDARY instances, follow this procedure.

    1. On the AMQP_PRIMARY and AMQP_SECONDARY instances, execute the following commands to generate a new SSH key on each instance. 

      ssh-keygen -t rsa
      cd ~/.ssh
      cat id_rsa.pub >> authorized_keys
      chmod 600 authorized_keys
    2. Copy the id_rsa.pub content from both AMQP instances and paste the content into the authorized_keys file.

    3. Verify mutual SSH access between the AMQP_PRIMARY and AMQP_SECONDARY  by running the following command on each VM.

      ssh root@<AMQP_PRIMARY/AMQP_SECONDARY>



    This component is required for each cloud region (public cloud, private cloud, or datacenter).

    Dedicated Gucamole Setup

    This GUA config wizard step is not required if you have set up a Dedicated Guacamole Server (Optional) server – A self-signed Guacamole certificate is provided out-of-box for Appliance installations.

    AMQP – Configure CCM/CCO Properties for Guacamole Server

    Configure the following gua_config_wizard.sh procedure on both the AMQP PRIMARY server and the AMQP SECONDARY server.

    1. Invoke the GUA wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

      Wizard Path
      /usr/local/cliqr/bin/gua_config_wizard.sh
    2. Configure the CCM and CCO (once installed) properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.

    3. Configure the properties for the CCM and CCO (once installed) VMs:

      Wizard MenuFieldPossible IP Addresses

      CCM_Info

      CCM Host

      CCM_IP or  CCM_SA_IP or CCM_LB_IP

      CCO_InfoCCO Host (once installed)
      CCO_IP or  CCO_LB_IP
      Security_InfoProtocol

      The default RDP protocol is TLS (supports Windows 2008 R2, 2012 R2 and 2016).

      If you prefer to use older versions of Windows that only support RDP SSL, change the default to RDP from the default TLS.

      Config_CertsCerts Zip PathProvide the path for the certs.zip file. The default path is /tmp/certs.zip.
    4. Verify your changes and Exit the GUA configuration wizard.

    5. Select Yes, to restart the AMQP server and corresponding CloudCenter services.

      If you are installing the AMQP instance for the first time, then you may need to wait for a few minutes to ensure that all users are listed. You can verify that all users are listed by running the following commands:

      root> ls -alrt /usr/local/osmosix/etc/.RABBITINSTALLED
      -rw-r--r--. 1 root root o Sep 10 23:07 /user/local/osmosix/etc/.RABBITINSTALLED
      root> rabbitmqctl list_users
      Listing users ...
      cliqr   [administrator]
      cliqr_worker     []
      guest   [administrator]
      root>

      Reboot AMQP

      Reboot AMQP VM

      If you change the AMQP server's host name, the local AMQP database is renamed and you must reboot the AMQP VM.

      • To reboot the AMQP VM, run the following commands as root:

        rm /usr/local/osmosix/etc/.RABBITINSTALLED
        /usr/local/osmosix/bin/rabbit_config.sh
        reboot
      • If you reboot the VM, be aware of the following details:
        • You may end up with a new host name and database name after the reboot.

        • Some clouds set the host name automatically for each new instance or reboot – RabbitMQ uses a preset host name to set the database name.

        • If a database user exists and a login is not associated, this user may not be able to log into the AMQP server.

          • Ensure that the required users (cliqr and cliqr_worker) are setup in your database. If you have additional users in your database, they will also be displayed when you run the rabbitmqctl command.

            rabbitmqctl list_users
            Listing users ...
            cliqr [administrator]
            cliqr_worker []
          • If you do not see these users in your database, run the following commands as root (to recreate the users in the AMQP configuration):

            rm /usr/local/osmosix/etc/.RABBITINSTALLED
            bash /usr/local/osmosix/bin/rabbit_config.sh

    You have successfully configured the AMQP instance! Proceed to the CCO (Required) section.

    Unable to render {include} The included page could not be found.

    AMQP_LB – HAProxy Installers

    The AMQP load balancing can be done through HAProxy, NGiNX, Apache2, or a cloud that is natively available to services, like AWS Elastic Load Balancer (ELB). To configure the load balancer service and ensure AMQP load balancing, be sure to listen on port 5671 and balance the request at 443 on both the AMQP_PRIMARY and AMQP_SECONDARY servers.

    See AMQP Firewall Rules > AMQP_LB Ports for the complete list of ports that need to be open for your deployment.

    If you configure a load balancer for any CloudCenter component, be aware that the firewalId is enabled by default and you must explicitly disable it to ensure that the CloudCenter component(s) can communicate with the load balancer. See Firewall Rules Overview for additional context.

    The following load balancing configuration was performed on CentOS7.x VM with HAProxy for the AMQP VM.

    1. SSH into the VM instance using the key pair that you used to launch the VM.
    2. Install HAProxy as the root user.

      yum install -y haproxy
      
    3. Modify HAProxy config file as displayed in the following code block.

      vi /etc/haproxy/haproxy.cfg
      
      #configuration to listen on 5671 and loadbalance
      frontend amqps-in
          mode tcp
          log global
          bind *:5671
          default_backend amqps
      backend amqps
          mode tcp
          balance roundrobin
          option ssl-hello-chk
          server amqp1 <AMQP_PRIMARY>:5671 check
          server amqp2 <AMQP_SECONDARY>:5671 check
      
      #configuration to listen on 443 and loadbalance
      frontend gua-in
          mode tcp
          log global
          bind *:443
          default_backend guas
      backend guas
         mode tcp
         balance roundrobin
         option ssl-hello-chk
         server amqp1 <AMQP_PRIMARY>:443 check
         server amqp2 <AMQP_SECONDARY>:443 check backup
       
      #configuration to listen on 7788 and loadbalance
      frontend gua-wrk-in
          mode tcp
          log global
          bind *:7788
          default_backend gua-wrk
      backend gua-wrk
         mode tcp
         balance roundrobin
         server amqp1 <AMQP_PRIMARY>:7788 check
         server amqp2 <AMQP_SECONDARY>:7788 check backup
       
      #configuration to listen on 7789 and loadbalance
      frontend gua-rev-in
          mode tcp
          log global
          bind *:7789
          default_backend gua-rev
      backend gua-rev
         mode tcp
         balance roundrobin
         server amqp1 <AMQP_PRIMARY>:7789 check
         server amqp2 <AMQP_SECONDARY>:7789 check backup
    4. To bind to 5671 port you must disable SELinux – run the following command to disable SELinux.

      setenforce 0
      sed -i 's/=enforcing/=permissive/g' /etc/selinux/config*
      #This command ensures that SELINUX is disabled permanently and the changes  are retained even in case of reboot 
    5. Start the HAProxy service and check the status, it should be active


      systemctl start haproxy
      systemctl status haproxy 
      
    6. Optionally, to view the HAProxy stats use the following configuration to access the HAProxy from a web browser. These stats allow you to view the status of the nodes from a web browser and allows admins to drain/stop nodes without accessing the VMs directly.

      https://AMQP_LB_IP:9000/haproxy_stats

      listen stats 0.0.0.0:9000 #Listen on all IP's on port 9000
       mode http
       balance
       timeout client 5000
       timeout connect 4000
       timeout server 30000
      
      #This is the virtual URL to access the stats page
       stats uri /haproxy_stats
      
      #Authentication realm. This can be set to anything. Escape space characters with a backslash.
       stats realm HAProxy\ Statistics
      
      #The user/pass you want to use. Change this password!
       stats auth admin:<password>
      
      #This allows you to take down and bring up back end servers.
       #This will produce an error on older versions of HAProxy.
       stats admin if TRUE


      Back to: AMQP (Required)



  •  CCO (Required)

    Install CCO Using Appliance (Required)

    If you are configuring a Kubernetes-specific CCO, be sure to perform the procedure provided in Container Clouds before configuring the CCO wizard properties.

    If you do not have access to CloudCenter CDN (cdn.cliqr.com) due to a lack of Internet access, then you must install the Repo server to ensure that you have downloaded the dependent CloudCenter components.

    You may sometimes notice a spike in the resource utilization – this is an expected behavior. The resource utilization stabilizes once the AMQP configuration is up and running.

     Optional: Convert to a Kubernetes Specific CCO

    Convert an Existing CCO to a Kubernetes-Specific CCO

    While you still need to configure a Kubernetes-specific CCO, you can continue to launch the CCO VM on any cloud of your choice – the CloudCenter platform does not require any Kubernetes-specific instructions to install a Kubernetes-specific CCO.

    Follow these steps to convert the CCO to a Kubernetes-specific CCO.

    1. Your choice of cloud depends on your Kubernetes environment (a close match to the Kubernetes control endpoint is preferable, but not stipulated) .

    2. Follow the Install instructions to set up the CCO on the cloud of choice.

    3. Download package files:

      See Virtual Appliance Overview to understand the required components.

      See Virtual Appliance Process to understand the process.

      See Phase 4 Overview  to understand the various types of software download files.

      1. SSH into the VM instance designated for this component by using the key pair that you used to launch the VM.

        Along with the key pair, you may need to use your login credentials for sudo or root access based on your environment.

      2. Download the following required files for this component from software.cisco.com. Be aware that the following files are contained in a file name that uses the following syntax:

        cloudcenter-release-<release.tag>-installer-artifacts.tar

        • cco-installer.jar

        • cco-response.xml

    4. Edit the cco-response.xml file to change the value for the cloud_name setting from default to kubernetes.

      <entry key="cloud_name" value="default"/>
      
      #Change "default" in the above line to "kubernetes"
      
      <entry key="cloud_name" value="kubernetes"/>
    5. Run the following command from the same folder where you downloaded the files in Step 3 above.

      java -jar cco-installer.jar cco-response.xml

    Back to: Cloud Nuances

    Back to: Container Clouds

     Optional: Proxy Settings

    Proxy Settings

    If you need a proxy server to connect to the internet, be sure to configure the Proxy setting for the underlying services on the CCM and CCO servers.

    Guidelines

    Adhere to these guidelines if you decide to use a proxy server to connect to the internet:

    • Set the proxy variables before starting the installation processes. 

    • Proxy configuration is only applicable to the CCM and CCO instances – they are not applicable for any other components.

    • The process differs based on the CloudCenter version.

    • These proxy values are used by the CCM or CCO. In some cases, your worker VM agent might also require a proxy connection to communicate with the outside world. 

      • If so, configure the values as described in the Repo (Conditional) or REPO Upgrade (Conditional) sections. 

      • If not provided, then the CloudCenter platform copies the proxy values from the CCO settings, assuming that the CCO and agent are located in the same network.

    Wizard Configuration

    If you have a local custom repository, then configure the non-proxy host variable in the wizard.

    To connect to the Internet using a proxy server, follow this process:

    1. Modify your proxy environment to reflect your proxy settings.

    2. Invoke the CCM or CCO wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

      CCM Wizard Path
      /usr/local/cliqr/bin/ccm_config_wizard.sh
      CCO Wizard Path
      /usr/local/cliqr/bin/cco_config_wizard.sh
    3. Configure the Proxy server configuration.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.

      If you do not configure any of these settings, the default settings are used as follows:

      • CCM: No proxy configuration is set

      • CCO: No proxy configuration is set

      No other default value is updated automatically – if the value is default, then the value for that field is considered to be empty.

      Wizard Menu

      Field

      Description

      Proxy servers configuration


      HTTPS Proxy Host

      Provide the proxy host if using the HTTPS protocol.

      HTTPS Proxy Port

      Provide the HTTPS proxy port.

      If you update the host, you must update the port as well.

      HTTP Proxy Host

      Provide the proxy host if using the HTTP protocol

      HTTP Proxy Port

      Provide the HTTP proxy port.

      If you update the host, you must update the port as well.

      No Proxy Hosts

      Use a | (pipe) character to separate the list of domain extensions which do not need the proxy configuration. For example:

      localhost|devCC|127.0.0.1
      HTTPS Proxy Host for Agent

      Provide the proxy host if using the HTTPS protocol for the agent bundles to be downloaded based on the agent proxies.


      HTTPS Proxy Port for Agent

      Provide the HTTPS proxy port.

      If you update the host, you must update the port as well.

      HTTP Proxy Host for Agent

      Provide the proxy host if using the HTTP protocol for the agent bundles to be downloaded based on the agent proxies.

      HTTP Proxy Port for Agent

      Provide the HTTP proxy port.

      If you update the host, you must update the port as well.

      No Proxy Hosts for Agent

      Use a | (pipe) character to separate the list of domain extensions which do not need the proxy configuration. For example:

      localhost|127.0.0.1|cisco.com
    4. Verify your changes.

    5. Restart the server and corresponding CloudCenter services.

    6. Exit the CCM or CCO configuration wizard after you have configured the remaining CCM or CCO wizard settings.

      1.  Configure Remaining CCM Wizard Settings

        Configure CCM Wizard Properties

        To configure the CCM wizard properties, follow this procedure.

        1. Invoke the CCM wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

          CCM Wizard Path
          /usr/local/cliqr/bin/ccm_config_wizard.sh
        2. Configure the server properties.

          Write this down for future reference!

          Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.

          Wizard Menu

          Field

          Description

          Server_Info – Configure Server Info (Required)

          Mgmtserver DNS Name

          DNS (or IP address) of the CCM management server.

          If you are configuring the HA environment, enter the CCM_LB DNS (or IP) in this field.

          DB – Configure DatabaseIP or Hostname

          DNS or IP of the database.

          DB Username and Password

          The following credentials are pre-populated:

          Default username = cliqr (cannot be changed)

          Default password = cliqr (must be changed)

          Be sure to change the default password immediately after your first login. See PostgreSQL Password for additional context.

          ELK_Info –  Configure Log Collector InfoELK Host

          Specify the IP address for the Log Collector host.

          Elasticsearch PortDisplays 8881 by default.
          Kibana PortDisplays 8882 by default.
          ELK UserThe default ELK Username = logreader.
          ELK PasswordThe default ELK Password is re@d0nly (zero between d and n) (change this password after the initial login – see Download Log File for additional context).
          Host Identifier

          A Unique ID for the server – be sure to prefix the unique identifier with CCM_ for example, CCM_1
          If not set, the CloudCenter platform uses the CCM server date.

          The Host Identifier cannot contain capital letters for both CCM and CCO configurations.

          Host Identifier List

          Only applies to environments using the HA mode – provide a list of comma separated unique host identifiers for all Log Collector hosts in a HA setup = for example, CCM_1,CCM_2,myCCM.

          The Host Identifier List cannot contain capital letters for both CCM and CCO configurations.

          In an environment operating in HA mode, if you have two CCM instances with unique IDs configured as CCM_1,CCM_2 in their respective server.properties file, then this property should state CCM_1,CCM_2 in both CCM instances. Each CCM must be aware of the unique ID of the other CCM(s) when in HA mode.

          Custom Certs Menu
          Generate_CertsTo generate new certificates for CloudCenter components. See Certificate Authentication > Generate and Update the certs.zip File on the CCM for additional context.
          Update_CertsTo update certificates for CloudCenter components. See Certificate Authentication > Generate and Update the certs.zip File on the CCM for additional context.
        3. Exit the CCM configuration wizard.

        4. Select Yes, to restart the CCM server and corresponding CloudCenter services.

        You have successfully installed the CCM instance! You can now proceed to the next step:

        • Configure the Log Collector details in the CCM wizard's Configure Log Collector Info menu.

        • If you are installing the Enterprise Service Bus (ESB), do so at this point.

        Back to: CCM (Required)

      2.  Configure Remaining CCO Wizard Settings

        Configure CCO Wizard Properties

        This component is required for each cloud region (public cloud, private cloud, or datacenter).

        1. Invoke the CCO wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

          CCO Wizard Path
          /usr/local/cliqr/bin/cco_config_wizard.sh
        2. Configure the server properties.

          Write this down for future reference!

          Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.

          Wizard MenuFieldNotes

          Bundle Server Info

          Agent Bundle URL

          The URL for the Management Agent bundle – Use the default, (cdn.cliqr.com), or replace the default with your custom bundle store URL as demoed below.

          Use the HTTP protocol to configure this URL.

          For example:

          http://<myIpOrDns>/release-<4.10.0.1-20180725.1>/bundle 

          where:

          <myIpOrDns> = your bundle server IP/DNS

          <4.10.0.1-20180725.1> = your CloudCenter release being used

          Update this URL if you are installing or upgrading a custom bundle server.

          Custom Repo URL

          The URL containing the package store repository.

          Use the HTTP protocol to configure this URL.

          For example:

          http://<myCustomRepoURL>

          where <myCustomRepoURL> = your custom

          Update this URL if you are installing a custom repo server.

          You can enter NULL ( case insensitive) in the Custom Repository field in the CCO wizard menu for the Agent Bundle – this setting allows users to override the default when using plain OS services like CentOS, RHEL, Ubuntu where Java or any other services are not installed.

          Enter AMQP Parameters

          AMQP Server IP

          AMQP_IP or AMQP_LB_IP

          AMQP Port5671
          Enter Connection Broker ParametersConnection Broker Host

          AMQP_IP or AMQP_LB_IP


          NetworkHostnameConfigure the Network details for your CCO environment. This is an optional step to configure the Private IP of the VM. You can generally configure this information if the VM does not have preset IP or hostname or if you need to override an existing IP or Hostname.

          Private Registry (for Out-of-Box CloudCenter Services)

          Docker Registry URL

          Set only if custom Docker registry is used.

          Docker CA Cert URL

          Set only if docker registry uses SSL with custom CA Certificates.

          See Certificate Authentication > Dedicated Components for additional context.

          Docker Bridge IPUse this setting to bypass the default subnet when you need to change the current segment to a new segment. By default, Docker Containers use the Bridge IP subnet 172.7.0.0/18.

          Enter Log Collector Parameters

          ELK HostSpecify the IP address for the Log Collector host.
          Host Identifier
          The Unique ID for the server – be sure to prefix the unique identifier with CCO_ for example, CCO_Openstack_regionOne or CCO_Amazon_east.
          If not set, the CloudCenter platform uses the CCO server date.

          The Host Identifier cannot contain capital letters for both CCM and CCO configurations.

          Host Identifier List 

          This field only applies to environments using the HA mode – provide a list of comma separated unique host Identifiers for all Log Collector hosts in a HA setup = for example, CCO1,CCO2,myCCO.

          The Host Identifier List cannot contain capital letters for both CCM and CCO configurations.

          In an environment operating in HA mode, if you have three CCO instances with unique IDs configured as CCO_1,CCO_2,CCO_3 in their respective server.properties file, then this property should state CCO_1,CCO_2,CCO_3 in each CCO instance. Each CCO must be aware of the unique ID of the other CCO(s) when in HA mode.

          Enter External Script Executor ParametersDocker Server IPThe default IP is 127.0.0.1.
          Enter the IP address of a dedicated Docker server, if applicable.
          Docker Server PortDefaults to 2376
          Docker Container Timeout

          Defaults to 10m (minutes)


          Config_CertsCerts Zip PathProvide the path for the certs.zip file. The default path is /tmp/certs.zip.

          Config_Duration

          Bootstrap Wait TimeDefaults to 15 minutes
          Max Bootstrap Wait TimeDefaults to 3600 seconds
          Change the default value if this event takes a longer time to complete. The settings range is 3,600 to 2,000,000 seconds.
          Node Heartbeat TimeDefaults to 180000 milliseconds
          Change the default value if this event takes a longer time to complete. The settings range is 180,000 to 2,000,000 milliseconds.
          Node Cleanup TimeoutDefaults to 300 seconds
          Change the default value if this event takes a longer time to complete. The settings range is 300 to 2,000,000 seconds.
        3. Verify your changes and Exit the CCO configuration wizard.

        4. Select Yes, to restart the server and corresponding CloudCenter services

        You have successfully configured the CCO instance! You can now proceed to the next step:

        • If you are configuring CCO HA – see CCO_LB to complete the HA configuration.

        • If you are installing a dedicated Docker component – see Dedicated Docker Registry Installation (Optional).

        • If you are not installing a dedicated Docker component – see Configure the Admin Account and proceed with configuring and setting up CloudCenter.

        Back to: CCO (Required)

    CLI Configuration

    To connect to the Internet using a proxy server, follow this CLI-based process:

    1. Invoke the CCM or CCO config CLI as a root user.

      Be sure to provide arguments in the same order.

      Provide default as an argument, instead of providing empty values.

      /usr/local/cliqr/bin/ccm_config_cli.sh proxy_config  <https_proxy_host>
      <https_proxy_port> <http_proxy_host> <http_proxy_port>
      <http_non_proxy_hosts> <agent_https_proxy_host> <agent_https_proxy_port>
      <agent_http_proxy_host> <agent_http_proxy_port>
      <agent_http_non_proxy_hosts>
      
    2. Restart the service.


    Back to:

     CCO NON-HA

    Configure CCO Wizard Properties

    This component is required for each cloud region (public cloud, private cloud, or datacenter).

    1. Invoke the CCO wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

      CCO Wizard Path
      /usr/local/cliqr/bin/cco_config_wizard.sh
    2. Configure the server properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.

      Wizard MenuFieldNotes

      Bundle Server Info

      Agent Bundle URL

      The URL for the Management Agent bundle – Use the default, (cdn.cliqr.com), or replace the default with your custom bundle store URL as demoed below.

      Use the HTTP protocol to configure this URL.

      For example:

      http://<myIpOrDns>/release-<4.10.0.1-20180725.1>/bundle 

      where:

      <myIpOrDns> = your bundle server IP/DNS

      <4.10.0.1-20180725.1> = your CloudCenter release being used

      Update this URL if you are installing or upgrading a custom bundle server.

      Custom Repo URL

      The URL containing the package store repository.

      Use the HTTP protocol to configure this URL.

      For example:

      http://<myCustomRepoURL>

      where <myCustomRepoURL> = your custom

      Update this URL if you are installing a custom repo server.

      You can enter NULL ( case insensitive) in the Custom Repository field in the CCO wizard menu for the Agent Bundle – this setting allows users to override the default when using plain OS services like CentOS, RHEL, Ubuntu where Java or any other services are not installed.

      Enter AMQP Parameters

      AMQP Server IP

      AMQP_IP or AMQP_LB_IP

      AMQP Port5671
      Enter Connection Broker ParametersConnection Broker Host

      AMQP_IP or AMQP_LB_IP


      NetworkHostnameConfigure the Network details for your CCO environment. This is an optional step to configure the Private IP of the VM. You can generally configure this information if the VM does not have preset IP or hostname or if you need to override an existing IP or Hostname.

      Private Registry (for Out-of-Box CloudCenter Services)

      Docker Registry URL

      Set only if custom Docker registry is used.

      Docker CA Cert URL

      Set only if docker registry uses SSL with custom CA Certificates.

      See Certificate Authentication > Dedicated Components for additional context.

      Docker Bridge IPUse this setting to bypass the default subnet when you need to change the current segment to a new segment. By default, Docker Containers use the Bridge IP subnet 172.7.0.0/18.

      Enter Log Collector Parameters

      ELK HostSpecify the IP address for the Log Collector host.
      Host Identifier
      The Unique ID for the server – be sure to prefix the unique identifier with CCO_ for example, CCO_Openstack_regionOne or CCO_Amazon_east.
      If not set, the CloudCenter platform uses the CCO server date.

      The Host Identifier cannot contain capital letters for both CCM and CCO configurations.

      Host Identifier List 

      This field only applies to environments using the HA mode – provide a list of comma separated unique host Identifiers for all Log Collector hosts in a HA setup = for example, CCO1,CCO2,myCCO.

      The Host Identifier List cannot contain capital letters for both CCM and CCO configurations.

      In an environment operating in HA mode, if you have three CCO instances with unique IDs configured as CCO_1,CCO_2,CCO_3 in their respective server.properties file, then this property should state CCO_1,CCO_2,CCO_3 in each CCO instance. Each CCO must be aware of the unique ID of the other CCO(s) when in HA mode.

      Enter External Script Executor ParametersDocker Server IPThe default IP is 127.0.0.1.
      Enter the IP address of a dedicated Docker server, if applicable.
      Docker Server PortDefaults to 2376
      Docker Container Timeout

      Defaults to 10m (minutes)


      Config_CertsCerts Zip PathProvide the path for the certs.zip file. The default path is /tmp/certs.zip.

      Config_Duration

      Bootstrap Wait TimeDefaults to 15 minutes
      Max Bootstrap Wait TimeDefaults to 3600 seconds
      Change the default value if this event takes a longer time to complete. The settings range is 3,600 to 2,000,000 seconds.
      Node Heartbeat TimeDefaults to 180000 milliseconds
      Change the default value if this event takes a longer time to complete. The settings range is 180,000 to 2,000,000 milliseconds.
      Node Cleanup TimeoutDefaults to 300 seconds
      Change the default value if this event takes a longer time to complete. The settings range is 300 to 2,000,000 seconds.
    3. Verify your changes and Exit the CCO configuration wizard.

    4. Select Yes, to restart the server and corresponding CloudCenter services

    You have successfully configured the CCO instance! You can now proceed to the next step:

    • If you are configuring CCO HA – see CCO_LB to complete the HA configuration.

    • If you are installing a dedicated Docker component – see Dedicated Docker Registry Installation (Optional).

    • If you are not installing a dedicated Docker component – see Configure the Admin Account and proceed with configuring and setting up CloudCenter.

    Back to: CCO (Required)

     CCO HA

    Install CCO HA Using Appliance

     

    Exchange CCO SSH Keys

    To exchange the SSH keys between the CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY instances, follow this procedure.

    SSH access between HA CCOs is configured using root user.

    The properties are replicated to all other CCOs if the user inputs those properties in the CCO wizard before configuring HA on the CCO_PRIMARY.

    If the Configure HA step is already run on the CCO_PRIMARY, then you must input the properties in the CCO wizard in each CCO individually.


    1. On the CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY instances, execute the following commands to generate a new SSH key on each instance. 

      ssh-keygen -t rsa
      cd ~/.ssh
      cat id_rsa.pub >> authorized_keys
      chmod 600 authorized_keys
    2. Copy the id_rsa.pub content from all three CCO instances and paste the content into the authorized_keys file.

    3. Verify mutual SSH access between the CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY by running the following command on each VM.

      ssh root@<CCO_PRIMARY/CCO_SECONDARY/CCO_TERTIARY>


    CCO_PRIMARY – Configure CCO Properties


    To ensure that all three CCOs communicate with each other, you must configure the following HA-specific information in the CCO_PRIMARY wizard.

    You can configure the information for all three CCO servers by providing the following details ONLY in the CCO_PRIMARY wizard.

    This section ONLY provides the HA details for EMPHASIS – In addition to this HA information, you must also configure the generic information in the CCO_PRIMARY details provided in the next section

    Wizard MenuFieldNotes

    Enter CCO HA Info
    CCO HA Info – Specify the following details in the primary CCO server.

    Primary Node IP

    Enter the IP address of the Primary CCO instance.

    Secondary Node IPEnter the IP address of the Secondary CCO instance.
    Tertiary Node IPEnter the IP address of the Tertiary CCO instance

    Configure CCO Wizard Properties

    This component is required for each cloud region (public cloud, private cloud, or datacenter).

    1. Invoke the CCO wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

      CCO Wizard Path
      /usr/local/cliqr/bin/cco_config_wizard.sh
    2. Configure the server properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.

      Wizard MenuFieldNotes

      Bundle Server Info

      Agent Bundle URL

      The URL for the Management Agent bundle – Use the default, (cdn.cliqr.com), or replace the default with your custom bundle store URL as demoed below.

      Use the HTTP protocol to configure this URL.

      For example:

      http://<myIpOrDns>/release-<4.10.0.1-20180725.1>/bundle 

      where:

      <myIpOrDns> = your bundle server IP/DNS

      <4.10.0.1-20180725.1> = your CloudCenter release being used

      Update this URL if you are installing or upgrading a custom bundle server.

      Custom Repo URL

      The URL containing the package store repository.

      Use the HTTP protocol to configure this URL.

      For example:

      http://<myCustomRepoURL>

      where <myCustomRepoURL> = your custom

      Update this URL if you are installing a custom repo server.

      You can enter NULL ( case insensitive) in the Custom Repository field in the CCO wizard menu for the Agent Bundle – this setting allows users to override the default when using plain OS services like CentOS, RHEL, Ubuntu where Java or any other services are not installed.

      Enter AMQP Parameters

      AMQP Server IP

      AMQP_IP or AMQP_LB_IP

      AMQP Port5671
      Enter Connection Broker ParametersConnection Broker Host

      AMQP_IP or AMQP_LB_IP


      NetworkHostnameConfigure the Network details for your CCO environment. This is an optional step to configure the Private IP of the VM. You can generally configure this information if the VM does not have preset IP or hostname or if you need to override an existing IP or Hostname.

      Private Registry (for Out-of-Box CloudCenter Services)

      Docker Registry URL

      Set only if custom Docker registry is used.

      Docker CA Cert URL

      Set only if docker registry uses SSL with custom CA Certificates.

      See Certificate Authentication > Dedicated Components for additional context.

      Docker Bridge IPUse this setting to bypass the default subnet when you need to change the current segment to a new segment. By default, Docker Containers use the Bridge IP subnet 172.7.0.0/18.

      Enter Log Collector Parameters

      ELK HostSpecify the IP address for the Log Collector host.
      Host Identifier
      The Unique ID for the server – be sure to prefix the unique identifier with CCO_ for example, CCO_Openstack_regionOne or CCO_Amazon_east.
      If not set, the CloudCenter platform uses the CCO server date.

      The Host Identifier cannot contain capital letters for both CCM and CCO configurations.

      Host Identifier List 

      This field only applies to environments using the HA mode – provide a list of comma separated unique host Identifiers for all Log Collector hosts in a HA setup = for example, CCO1,CCO2,myCCO.

      The Host Identifier List cannot contain capital letters for both CCM and CCO configurations.

      In an environment operating in HA mode, if you have three CCO instances with unique IDs configured as CCO_1,CCO_2,CCO_3 in their respective server.properties file, then this property should state CCO_1,CCO_2,CCO_3 in each CCO instance. Each CCO must be aware of the unique ID of the other CCO(s) when in HA mode.

      Enter External Script Executor ParametersDocker Server IPThe default IP is 127.0.0.1.
      Enter the IP address of a dedicated Docker server, if applicable.
      Docker Server PortDefaults to 2376
      Docker Container Timeout

      Defaults to 10m (minutes)


      Config_CertsCerts Zip PathProvide the path for the certs.zip file. The default path is /tmp/certs.zip.

      Config_Duration

      Bootstrap Wait TimeDefaults to 15 minutes
      Max Bootstrap Wait TimeDefaults to 3600 seconds
      Change the default value if this event takes a longer time to complete. The settings range is 3,600 to 2,000,000 seconds.
      Node Heartbeat TimeDefaults to 180000 milliseconds
      Change the default value if this event takes a longer time to complete. The settings range is 180,000 to 2,000,000 milliseconds.
      Node Cleanup TimeoutDefaults to 300 seconds
      Change the default value if this event takes a longer time to complete. The settings range is 300 to 2,000,000 seconds.
    3. Verify your changes and Exit the CCO configuration wizard.

    4. Select Yes, to restart the server and corresponding CloudCenter services

    You have successfully configured the CCO instance! You can now proceed to the next step:

    • If you are configuring CCO HA – see CCO_LB to complete the HA configuration.

    • If you are installing a dedicated Docker component – see Dedicated Docker Registry Installation (Optional).

    • If you are not installing a dedicated Docker component – see Configure the Admin Account and proceed with configuring and setting up CloudCenter.

    Back to: CCO (Required)

    CCO_LB – HAProxy Installers

    Load balancing can be done through HAProxy, NGiNX, Apache2, or a cloud that is natively available to services, like AWS Elastic Load Balancer (ELB). To configure the load balancer service and ensure CCO load balancing, be sure to listen on port 8443 and balance the request at 8443 on both the CCO_PRIMARY and CCO_SECONDARY servers.

    See CCO Firewall Rules > CCO_LB Ports for the complete list of ports that need to be open for your deployment.

    If you configure a load balancer for any CloudCenter component, be aware that the firewalId is enabled by default and you must explicitly disable it to ensure that the CloudCenter component(s) can communicate with the load balancer. See Firewall Rules Overview for additional context.

    The following load balancing configuration was performed on CentOS7.x VM with HAProxy for the CCO VM.

    1. SSH into the VM instance using the key pair that you used to launch the CCO VM.
    2. Install HAProxy as the root user.

      yum install -y haproxy
      
    3. Modify HAProxy config file as follows.

      vi /etc/haproxy/haproxy.cfg        
                                               
      # listen on 8443 with SSL certs and loadbalance
      frontend httpsalt-in
          mode tcp
          log global
          bind *:8443
          default_backend ccos
      
      backend ccos
          mode tcp
          balance roundrobin
          option ssl-hello-chk
          server  cco1 <CCO_PRIMARY_IP>:8443
          server  cco2 <CCO_SECONDARY_IP>:8443 
          server  cco3 <CCO_TERTIARY_IP>:8443 
    4. Start the HAProxy service and check the status to ensure that it is active


      systemctl start haproxy
      systemctl status haproxy 
      
    5. Optionally, to view the HAProxy stats use the following configuration to access the HAProxy from a web browser. These stats allow you to view the status of the nodes from a web browser and allows admins to drain/stop nodes without accessing the VMs directly.

      https://CCO_LB_IP:9000/haproxy_stats

      listen stats 0.0.0.0:9000 #Listen on all IP's on port 9000
       mode http
       balance
       timeout client 5000
       timeout connect 4000
       timeout server 30000
      
      #This is the virtual URL to access the stats page
       stats uri /haproxy_stats
      
      #Authentication realm. This can be set to anything. Escape space characters with a backslash.
       stats realm HAProxy\ Statistics
      
      #The user/pass you want to use. Change this password!
       stats auth admin:<password>
      
      #This allows you to take down and bring up back end servers.
       #This will produce an error on older versions of HAProxy.
       stats admin if TRUE

    Back to: CCO (Required)

  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved