-
Notifications
You must be signed in to change notification settings - Fork 0
Cloudify Manager 3 (OLD)
!!! This documentation is obsolete, you should install Cloudify Manager 4 !!!
Now, we describe how to setup the Cloudify Manager. You need to have Cloudify CLI (cfy) working and a dedicated remote host.
Download and extract Cloudify Manager blueprints (deployment scripts) into cfy-manager/:
mkdir cfy-manager
wget -O manager.tar.gz \
'https://github.com/cloudify-cosmo/cloudify-manager-blueprints/archive/3.4.2.tar.gz'
tar -xvf manager.tar.gz -C cfy-manager/ --strip-components=1
You need another RHEL/CentOS 7.x host accessible via SSH from your host with Cloudify CLI (cfy). Public key authentication is required for the new host, and you need to have your SSH private key available to the Cloudify CLI. Preferably, you create a new SSH key pair only for the Cloudify Manager deployment.
On the current host, run ssh-keygen and DON'T use any passphrase:
$ ssh-keygen -f id_rsa-cfy
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa-cfy.
Your public key has been saved in id_rsa-cfy.pub.
The key fingerprint is:
bc:8f:6a:34:7a:09:7e:24:4b:91:bc:99:96:24:e5:8e [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| + . |
| . * . |
| = * S |
| E @ + . |
| + B o. |
| + = o |
| +... . |
+-----------------+
On the new host, append content of just generated id_rsa-cfy.pub into /root/.ssh/authorized_keys.
Now check the SSH connection to the new host is working:
ssh -i id_rsa-cfy [email protected]
From previous steps, we have Cloudify Manager blueprints ready in the directory cfy-manager/. We'll use simple-manager-blueprint.yaml and simple-manager-blueprint-inputs.yaml, these are able to deploy on existing host.
We need to modify the simple-manager-blueprint-inputs.yaml to set the connection parameters for the new host. Edit the file and change following parameters appropriately to have a simple Cloudify Manager host deployed without any security features (authentication, encryption):
- public_ip: (put remote host name or IP)
- private_ip: (put remote host name or IP)
- ssh_user: 'root'
-
ssh_key_filename: (put absolute path to the SSH private key, e.g.
/root/cfy-manager/id_rsa-cfy) - agents_user: 'cfy'
If you are deploying your very first Cloudify Manager instance, it's recommended to go just the easy way and skip the security configuration below. But for production use, the security features are highly recommended. Use the following blueprint inputs to enable the encryption and user authentication:
- security_enabled: true
- ssl_enabled: true
- admin_username: 'admin'
- admin_password: (put secure password)
- insecure_endpoints_disabled: true
- rabbitmq_username: 'cloudify'
- rabbitmq_password: (put secure password)
- rabbitmq_ssl_enabled: true
- rabbitmq_cert_private: (put private key in PEM format, see below)
- rabbitmq_cert_public: (put public key in PEM format, see below)
SSL certificate for the web/API needs to be placed into directory resources/ssl/.
-
server.crt- certificate -
server.key- private key
There may be already a testing certificate in the directory, don't use it and replace with your own.
For the RabbitMQ, you can generate just single purpose self-signed certificate by running:
openssl req -x509 -nodes -newkey rsa:2048 -days 1000 -batch \
-keyout rabbitmq_cert_private \
-out rabbitmq_cert_public
Two files are created. You have to paste the content of each file as a value of the inputs parameter of the same name. Multiline format of the value has following syntax:
rabbitmq_cert_private: |
-----BEGIN PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END PRIVATE KEY-----
rabbitmq_cert_public: |
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----In case you are using self-signed certificate for the web/API (RabbitMQ isn't the case), you have to hack the blueprint and script to skip the sanity checking and service tests to avoid fatal SSL verification failure.
In simple-manager-blueprint.yaml, comment the sanity node by placing # at the start of each relevant line. The commented section may look like:
# #################################
# # Sanity
# #################################
# sanity:
# type: manager.nodes.Sanity
# relationships:
# - type: cloudify.relationships.contained_in
# target: manager_host
# - type: sanity_to_mgr_config
# target: manager_configuration
# - type: cloudify.relationships.depends_on
# target: python_runtime
# - type: cloudify.relationships.depends_on
# target: java_runtime
# - type: cloudify.relationships.depends_on
# target: elasticsearch
# - type: cloudify.relationships.depends_on
# target: logstash
# - type: cloudify.relationships.depends_on
# target: influxdb
# - type: cloudify.relationships.depends_on
# target: nginx
# - type: cloudify.relationships.depends_on
# target: riemann
# - type: cloudify.relationships.depends_on
# target: rest_service
# - type: cloudify.relationships.depends_on
# target: mgmt_worker
# - type: cloudify.relationships.depends_on
# target: manager_resources
# - type: cloudify.relationships.depends_on
# target: amqp_influxEdit components/nginx/scripts/start.py and disable call of the utils.verify_server_http. The commented lines may look like:
#utils.verify_service_http(NGINX_SERVICE_NAME, nginx_url, check_response,
# headers=headers)We are now ready to setup the Cloudify Manager on the new host:
# (re-)initialize the Cloudify environment
cfy init -rIf security was configured, you need to have the authentication parameters exported as the environment variables:
export CLOUDIFY_USERNAME='admin'
export CLOUDIFY_PASSWORD='put configured password'
export CLOUDIFY_SSL_TRUST_ALL=true # only in case self-signed certificate is used for web/API and
# effective only for post-deploy operations
And bootstrap the Cloudify Manager:
# bootstrap Cloudify Manager
cfy bootstrap --install-plugins \
-i simple-manager-blueprint-inputs.yaml \
-p simple-manager-blueprint.yamlSuccessful bootstrap should finish with a similar message:
...
Bootstrap complete
Manager is up at myhost.mydomain.com
You can also check a state of the Cloudify Manager services by running cfy status, e.g.:
cfy status
Retrieving manager services status... [ip=myhost.mydomain.com]
Services:
+--------------------------------+---------+
| service | status |
+--------------------------------+---------+
| InfluxDB | running |
| Celery Management | running |
| Logstash | running |
| RabbitMQ | running |
| AMQP InfluxDB | running |
| Manager Rest-Service | running |
| Cloudify UI | running |
| Webserver | running |
| Riemann | running |
| Elasticsearch | running |
+--------------------------------+---------+