Install a Dedicated Guacamole Server                                                                                                             

This component is required to restrict AMQP server access.

 GUAC NON-HA


If used, this component is installed for each cloud region (public cloud, private cloud, or datacenter).


Deploy this optional component if you do not want to expose the AMQP servers to end users. By default, the Guacamole server is installed on the same VM as AMQP:

  • The CloudCenter platform use a Guacamole server to enable web based SSH/VNC/RDP to Virtual Machines (VMs) launched during the application lifecycle process. The Guacamole component is embedded, by default, in the AMQP server.

  • If you do not want the AMQP IP address to be routable by the end user, you may opt to setup a dedicated (standalone) Guacamole server for a cloud region.

Install GUAC NON-HA Using Installer                                                                                           

  1.  GUAC - Run Core Installers

    GUAC – Run Core Installers

    1. Download package files:

      See Installer Overview to understand the required components.

      See Phase 4 Overview  to understand the various types of software download files.

      1. SSH into the VM instance designated for this component by using the key pair that you used to launch the VM.

      2. Download the following required files for this component from software.cisco.com to the /tmp folder on that VM:

        • core_installer.bin

        • cco-installer.jar

        • conn_broker-response.xml

    2. Run the core installer to setup core system components using the following commands:

      sudo -i
      cd /tmp
      chmod 755 core_installer.bin
      
      #Set the following only if a local package store is setup export CUSTOM_REPO=<http://local_package_store ip>
      
      ./core_installer.bin <ostype> <cloudtype> rabbit

      For example:

      ./core_installer.bin centos7 amazon rabbit
      

      Syntax:

      • <ostype>= centos7, rhel7

      • <cloudtype>= amazon, azureclassic, azurerm, azurepack, google,  opsource, openstack, softlayer, vmware, vcd

    3. Remove the core_installer.bin file.

      rm core_installer.bin 
      
    4. Log off and log back in as the root user to set the JAVA home.

      exit 
      sudo -i 


    5. Change to the /tmp directory. 

      cd /tmp


    6. Run the appliance installer to setup GUAC.

      java -jar cco-installer.jar conn_broker-response.xml 


    7. Reboot the GUAC VM.
  2.  GUAC - Configure CCM/CCO Properties for Guacamole

    GUAC – Configure CCM/CCO Properties for Guacamole

      1. SSH into the GUA instance as a centos user.
      2. Run the following command:

        sudo -i
    1. Invoke the GUA wizard.

      GUA Wizard Path
      /usr/local/cliqr/bin/gua_config_wizard.sh
    2. Configure the CCO and CCM properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.
    3. Configure the properties for the CCM and CCO VMs:

      Group

      FieldPossible IP Addresses

      CCM_Info

      CCM Host

      CCM_IP or  CCM_SA_IP or CCM_LB_IP

      CCO_InfoCCO HostCCO_IP or CCO_LB_IP
    4. Verify your changes and Exit the GUA configuration wizard.

    You have successfully configured a Guacamole server! You can now proceed to the AMQP (Required) section.

 GUAC HA

If used, this component is installed for each cloud region (public cloud, private cloud, or datacenter).


Deploy this optional component if you do not want to expose the AMQP servers to end users. By default, the Guacamole server is installed on the same VM as AMQP:

  • The CloudCenter platform use a Guacamole server to enable web based SSH/VNC/RDP to Virtual Machines (VMs) launched during the application lifecycle process. The Guacamole component is embedded, by default, in the AMQP server.

  • If you do not want the AMQP IP address to be routable by the end user, you may opt to setup a dedicated (standalone) Guacamole server for a cloud region.

Install GUAC HA Using Installer

  1.  GUAC_PRIMARY - Run Core and Appliance Installers

    GUAC_PRIMARY – Run Core and Appliance Installers

    1. Download package files:

      See Installer Overview to understand the required components.

      See Phase 4 Overview  to understand the various types of software download files.

      1. SSH into the VM instance designated for this component by using the key pair that you used to launch the VM.

      2. Download the following required files for this component from software.cisco.com to the /tmp folder on that VM:

        • core_installer.bin 

        • cco-installer.jar

        • conn_broker-response.xml

    2. Run the core installer to setup core system components using the following commands:

      sudo -i
      cd /tmp
      chmod 755 core_installer.bin
      
      #Set the following only if a local package store is setup export CUSTOM_REPO=<http://local_package_store ip>
      
      ./core_installer.bin <ostype> <cloudtype> rabbit

      For example:

      ./core_installer.bin centos7 amazon rabbit
      

      Syntax:

      • <ostype>= centos7, rhel7

      • <cloudtype>= amazon, azureclassic, azurerm, azurepack, google,  opsource, openstack, softlayer, vmware, vcd (run the ./core_installer.bin help command for a complete list)

    3. Remove the core_installer.bin file.

      rm core_installer.bin 
      
    4. Log off and log back in as the root user to set the JAVA home.

      exit 
      sudo -i 


    5. Change to the /tmp directory. 

      cd /tmp


    6. Run the appliance installer to setup GUAC.

      java -jar cco-installer.jar conn_broker-response.xml 


    7. Reboot the GUAC_PRIMARY VM.

  2.  GUAC_SECONDARY - Run Core and Appliance Installers

    GUAC_SECONDARY – Run Core and Appliance Installers

    1. Download package files:

      See Installer Overview to understand the required components.

      See Phase 4 Overview  to understand the various types of software download files.

      1. SSH into the VM instance designated for this component by using the key pair that you used to launch the VM.

      2. Download the following required files for this component from software.cisco.com to the /tmp folder on that VM:

        • core_installer.bin

        • cco-installer.jar

        • conn_broker-response.xml

    2. Run the core installer to setup core system components using the following commands:

      sudo -i
      cd /tmp
      chmod 755 core_installer.bin
      
      #Set the following only if a local package store is setup export CUSTOM_REPO=<http://local_package_store ip>
      
      ./core_installer.bin <ostype> <cloudtype> rabbit

      For example:

      ./core_installer.bin centos7 amazon rabbit
      

      Syntax:

      • <ostype>= centos7, rhel7

      • <cloudtype>= amazon, azureclassic, azurerm, azurepack, google,  opsource, openstack, softlayer, vmware, vcd (run the ./core_installer.bin help command for a complete list)

    3. Remove the core_installer.bin file.

      rm core_installer.bin 
      
    4. Log off and log back in as the root user to set the JAVA home.

      exit 
      sudo -i 


    5. Change to the /tmp directory. 

      cd /tmp


    6. Run the appliance installer to setup GUAC.

      java -jar cco-installer.jar conn_broker-response.xml 


    7. Reboot the GUAC_SECONDARY VM.

  3.  GUAC_PRIMARY - Configure CCM/CCO Properties for Guacamole

    GUAC – Configure CCM/CCO Properties for Guacamole

      1. SSH into the GUA instance as a centos user.
      2. Run the following command:

        sudo -i
    1. Invoke the GUA wizard.

      GUA Wizard Path
      /usr/local/cliqr/bin/gua_config_wizard.sh
    2. Configure the CCO and CCM properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.
    3. Configure the properties for the CCM and CCO VMs:

      Group

      FieldPossible IP Addresses

      CCM_Info

      CCM Host

      CCM_IP or  CCM_SA_IP or CCM_LB_IP

      CCO_InfoCCO HostCCO_IP or CCO_LB_IP
    4. Verify your changes and Exit the GUA configuration wizard.

    You have successfully configured a Guacamole server! You can now proceed to the AMQP (Required) section.

  4.  GUAC_SECONDARY - Configure CCM/CCO Properties for Guacamole

    GUAC – Configure CCM/CCO Properties for Guacamole

      1. SSH into the GUA instance as a centos user.
      2. Run the following command:

        sudo -i
    1. Invoke the GUA wizard.

      GUA Wizard Path
      /usr/local/cliqr/bin/gua_config_wizard.sh
    2. Configure the CCO and CCM properties.

      Write this down for future reference!

      Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.
    3. Configure the properties for the CCM and CCO VMs:

      Group

      FieldPossible IP Addresses

      CCM_Info

      CCM Host

      CCM_IP or  CCM_SA_IP or CCM_LB_IP

      CCO_InfoCCO HostCCO_IP or CCO_LB_IP
    4. Verify your changes and Exit the GUA configuration wizard.

    You have successfully configured a Guacamole server! You can now proceed to the AMQP (Required) section.

  5.  GUAC_LB

    GUAC_LB

    The GUAC load balancing can be done through HAProxy, NGiNX, Apache2, or a cloud that is natively available to services, like AWS Elastic Load Balancer (ELB). To configure the load balancer service and ensure GUAC load balancing, be sure to listen on port 5671 and balance the request at 443 on both the GUAC_PRIMARY and GUAC_SECONDARY servers.

    The following load balancing configuration was performed on CentOS7.x VM with HAProxy for the GUAC VM.

    1. SSH into the VM instance using the key pair that you used to launch the VM.
    2. Install HAProxy as the root user.

      yum install -y haproxy
      
    3. Modify HAProxy config file as below

      vi /etc/haproxy/haproxy.cfg
      
      #configuration to listen on 443 and loadbalance
      frontend gua-in
          mode tcp
          log global
          bind *:443
          default_backend guas
      backend guas
         mode tcp
         balance roundrobin
         option ssl-hello-chk
         server amqp1 <AMQP_PRIMARY>:443 check
         server amqp2 <AMQP_SECONDARY>:443 check backup
       
      #configuration to listen on 7788 and loadbalance
      frontend gua-wrk-in
          mode tcp
          log global
          bind *:7788
          default_backend gua-wrk
      backend gua-wrk
         mode tcp
         balance roundrobin
         server amqp1 <AMQP_PRIMARY>:7788 check
         server amqp2 <AMQP_SECONDARY>:7788 check backup
       
      #configuration to listen on 7789 and loadbalance
      frontend gua-rev-in
          mode tcp
          log global
          bind *:7789
          default_backend gua-rev
      backend gua-rev
         mode tcp
         balance roundrobin
         server amqp1 <AMQP_PRIMARY>:7789 check
         server amqp2 <AMQP_SECONDARY>:7789 check backup
      
    4. To bind to 443 port you must disable SELinux – run the following command to disable SELinux.

      setenforce 0
      sed -i 's/=enforcing/=permissive/g' /etc/selinux/config*
      #This command ensures that SELINUX is disabled permanently and the changes are retained even in case of reboot 


    5. Start the HAProxy service and check the status, it should be active


      systemctl start haproxy
      systemctl status haproxy 
      

 

  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved