CliQr is now part of Cisco Learn More About Cisco

AWS Configurations

AWS ID Format

The AWS ID is transparent to CloudCenter. If AWS returns a longer instance ID, the CloudCenter platform accepts this AWS ID as is. While the Java string does not have a length limit the database schema is limited to 255 characters.

CloudCenter AMI Details

If you need to share CloudCenter AMIs, contact CloudCenter Support with the following information:

  • AWS account number
  • CloudCenter version
  • Contact email
  • Customer name
  • Customer ID (CID)

On-Demand Instance

With Attach Multiple Volumes to Tiers configured when deploying the application on AWS, users have the option to select pricing by using the On-Demand Instance.

IAM Role

Identity and Access Management (IAM) Role and Security Token Service (STS) are supported by the CloudCenter platform.

Feature Depedency

Icon
These two features are dependent on the CCO being launched (and establishing a trust relationship in AWS) using an IAM role. See http://docs.aws.amazon.com for additional details.
Icon

To use IAM roles, you must launch the CCO VM using the admin role so you can use the IAM role at any point in the future. Launching a CCO VM with the admin role allows you to use either the IAM role or the classic key/secret key access at any time.

  • For IAM role-based accounts, the CloudCenter platform requires the EC2fullAccess role (minimum requirement).
  • If using the CloudCenter RDS out-of-box service, your account additionally requires RDSfullAccess as well.

Instead of specifying the access key and secret key and so forth, you can manage instance types by using an IAM role. By default, this feature is disabled and you must explicitly enable the IAM role by toggling this button to ON when you configure an AWS cloud.

Icon

You can launch RDS instances using IAM role-based accounts if you meet the following requirements:

  • If a Docker container is not part of the CCO, then you must assign the Docker container VM to the same IAM role as the CCO server.
  • Be sure to attach the following sts:GetFederationToken custom policy to IAM roles (with RDSfullAccess):

 Configuring HA for PostgreSQL Database on AWS

Configuring HA for PostgreSQL Database on AWS

Prerequisites

Be sure to configure the following dependencies before starting the HA configuration procedure.

  • The required IAM policies – see AWS Configurations > IAM and STS for additional context. Verify that the IAM policy and role has been used and has worked prior to starting this procedure.
  • The roles and modes for the components used in your environment – see Component Modes and Roles.
    • CloudCenter 4.7.x supports the RDS setup for NON_HA, HA, and NON_HA_SA modes.
    • The HA modes and roles for each component are identified in blue.
  • This procedure assumes that you are using:

Process

Icon

This procedure may differ based on your AWS version and is intended to provide a point of reference if you choose to configure HA for the PostgreSQL database.

To configure HA for a PostgreSQL database setup on AWS, follow this procedure.

  1. Launch a RDS database Instance and select the PostgreSQL Engine.
    1. Access your AWS RDS console.
    2. Launch a database instance.
    3. Select the PostgreSQL Engine.
    4. Select PostgreSQL with Multi-AZ Deployment, and click on Next Step.
    5. Provide the following values along with the pre-populated value:

      1. DB Instance Identifier – A unique name to identify the AWS database instance account.
      2. Master Username – cliqr (The username for this account – you must use cliqr for this field)
      3. Master Password – The password for this account (8 characters, case insensitive).
      4. Confirm Password – Repeat the master password.
    6. Configure the Advanced Settings:

      1. Change the Backup, Monitoring & Maintenance configuration based on your usage requirements.

      2. Select the VPC Security Group(s) to allow Port 5432 and ensure Database connection.

      3. In the Database Name field, enter cliqrdb.
      4. Click Launch DB Instance.
    You have now launched the database instance. The RDS instance takes some time to come up as it involves creating, modifying -> backing-up process on the backend.
  2. Once the instance is up and available, view the cliqrdb instance using the PSQL remote host command. Here is a sample command:

    Sample Command


  3. Launch an instance for CCM, download the installer artifacts, and run the core_installer.
  4. To install DB in remote host, change the ccm-response.xml for CCM and provide the RDS canonical name for the following items and run the appliance installer:
    1. db_host = the remote host name
    2. db_user = cliqr 
    3. db_pass = the password used to launch the RDS instance
  5. Configure HA for the RDS instance.
    1. Select the RDS instance and choose Create Read Replica from the Instance Actions.
    2. Create the read replica of the master RDS instance by providing the required details.

      1. DB Instance Identifier – The master RDS instance
      2. Destination Region –  Within the same region or a different region
      3. Availability Zone – Any availability zone
    3. Click Create Read Replica to launch the replica.

    4. Once launched, the instances are displayed on the RDS console with the replication role master and replica.

    5. Connect to the replica instance, and verify that the data is synchronized.

 

 


Ephemeral Disks

When you configure 100 GB of disk space, you may only get 20GB VM. This is because CloudCenter only used the root disk size in earlier CloudCenter releases. You can attach one ephemeral disks if you configure a larger size in the instance type (see Map Images > Instance Types for additional context).

Root Volume Size

See Multiple Volumes and the Submit Job (v2) API for additional context.

Instance Profile

Effective CloudCenter 4.6.1, an optional Instance Profile field is available when you configure Deployment Environments or set the Deployment Environment Defaults. If you configure this field, provide the Amazon Resource Name (ARN) used for the Instance Profile configured in your AWS Cloud account.

If you specify the Instance Profile name, the CloudCenter platform launches VMs within the IAM role that is associated with the corresponding instance profile.

To successfully launch the AWS cloud account (either using as IAM role or the account secret key) you must have the required permission to pass the IAM role associated with the specified instance profile.

VPC

If the application VMs run in isolated networks (like Amazon's VPC), be sure to setup proper NAT rule (only outgoing needed) to allow application VMs to connect to RabbitMQ. See Per CloudCenter Region Installation (Required) > AMQP for additional context.

The CCM instance that interacts with the CloudHSM server must reside inside the same VPC as the CCM. See CloudHSM for additional context.

Refer to https://aws.amazon.com/articles/0639686206802544 for additional context.

CloudCenter ELB Representation

 AWS allows either internal or internet facing ELBs and they are associated to subnets that the instances will be on. The CloudCenter platform uses this information by allowing you to select internal or external within each ELB tier of the CloudCenter application profile. From there, the subnet for the ELB is determined by where the application tier instances are instantiated.

Refer to the Amazon Documentation for additional context.

Availability Zones and Sets

  • API:
    nics
    • Description: Details about the AWS Network Interface Cards (NICs) configuration. See IP Allocation Mode for additional details. The concept of Availability Sets and Zones in AWS is mapped to the subnet as you can have multiple subnets for a each zone. So you must input the list of subnets as the input for an availability set. During an API job deployment, the availability set input is provided as part of the NIC information. To be more specific the first NIC will contain the information as the comma separated subnet list as shown in the example.
    • Type: Object

      networkId
      • Description: The network identifier for each required tier (web application jobs).
      • Type: String

      Required (if configured in your application profile)

      privateIPAllocationMode
      • Description: Identifies the allocation strategy used to configure the NIC for an AWS cloud
      • Type: Enumeration

        EnumerationDescriptionCloudCenter Release Support
        DHCP (default)This strategy allows the IP to be allocated by the DHCP server to the instance on server boot up. This IP address is not known prior to server boot up.
        • CloudCenter 3.x
        • CloudCenter 4.x
        Pre-allocate IP

        This strategy allows the cloud infrastructure IP allocation to be dynamically provided before the server boots up. This strategy is specific to the following OpenStack applications:

        • CISCO CSR1000: Configuration drive file IP populated with the pre-allocated IPs known before server boot up.
        • CISCO F5 Load Balancer: Multiple NIC support.
        • CloudCenter 3.x
        • CloudCenter 4.x
        Static IPThis strategy allows the customer to provide the IP address. As this IP address may or may not be available to the server (based on the availability), you must perform adequate checks to ensure IP availability before using this strategy.
        • CloudCenter 3.x

       

      order
      • Description: The number at which a resource is to be attached. When updating a phase, use this order to re-order the resource to a different position in the array of resources.
      • Type: Long

      Required (if configured in your application profile)

      nicNetworkType
      • Description: The type of network for this NIC. A corresponding list of domains are attached to each option.
      • Type: Enumeration

        EnumerationDescription
        NETWORKA private network that supports IP ranges which overlap with another private network
        BRIDGE_DOMAINA set of logical ports that share the same flooding or broadcast characteristics. Used for ACI environments.
    • Example:


  • No labels