CliQr is now part of Cisco Learn More About Cisco

VMware Appliance Setup

To setup CloudCenter using appliances for VMware clouds, follow this process.

  1.  Prepare Infrastructure

    Prepare Infrastructure

    To prepare infrastructure for the appliance approach, follow this process.

    1. Download the OVA files from software.cisco.com to the /tmp folder. See Installation Overview > Installation Download Details for additional context.

    2. In the VMware Console, create a directory named CliqrTemplates and import the OVA file for each component.
    3. Prepare to launch the image for each component:

      Icon

      Verify that Port 22 is open to allow incoming connections from the client console.

      1. Required:

        • One CCM is required for each CloudCenter setup.

          Icon

          As a worker image is defined in the CCM, you do not need to launch an instance for the application VM.

        • One AMQP and CCO are required for each cloud region.

      2. Optional:
        • A monitor for each CloudCenter setup
        • An isolated Docker container 
    4. Launch the instance for each component using the imported images:
    5. After you launch the instance for each image:

      1. Power on the image.
      2. Log into the image.
      3. SSH into each component instance as the centos user, and run the following command as the root user:

        Before you proceed

        Icon

        This key-based authentication uses generic credentials – be sure to change the email address and password for the admin account after your first login.

    6. Setup hostname – For all launched VMs, update the hostname. Choose a hostname that matches the Role. For example:
      1. hostname – For all launched VMs, update the hostname.

        Icon

        Don't change the hostname after you install and configure a component as it may cause unknown issues.

        Icon

        Choose a hostname that matches the Role. For example:

        Example
      2. Setup the hostname resolution – Once you update the hostname, ensure that the VM host name is resolvable by running the following command
        1. hostname -i
        2. If the VM name is not resolvable, edit the file /etc/hosts and add your VM’s hostname.
          For example:

          Example
      3. Network routing loopback:
        1. Refers to deployed CCMs that are running behind the Network Address Translation (NAT).
        2. This setup places a restriction on machines from internal networks to ensure that they do not use an external IP to access the CCM.
        3. To address this restriction, you must add a line to the CCO and AMQP server's /etc/hosts file and include the internal private IP of the CCM. For example: If the CCM DNS name is ccm.example.com and it is behind a NAT, and the internal private IP address is 192.168.20.5 and its external public IP address is 54.16.20.5, then enter the following line in the local /etc/hosts file:

          Example
          Icon

          When configuring the CCM, the hostname used above (ccm.example.com) must match what you configure as the Public DNS while configuring CCM.

      4. Create the CloudCenter Descriptor JSON file:
        Once infrastructure has been setup for all the CloudCenter components, create a CloudCenter Descriptor JSON file that lists all the CloudCenter components with their modes and the IP address that correspond to infrastructure elements for each mode and role. This descriptor file will be used for network compliance check (Step #3). Following are a few sample descriptor files based on some common combination of component modes.

        Icon

        The overall file structure will depend on factors like modes of various components, number of cloud regions, use of conditional/optional components and repos etc. Also, the region names used in the file should be unique, but do not need to match up with any cloud or datacenter names. These strings are merely used to perform network compliance checks and report results: -

        Sample JSON File


  2.  Configure Network Rules

    Configure Network Rules

    In this phase, you must setup Network rules to enable communication across various components.

    Icon

    The network settings in this page provide the minimal port requirements for inter-component communication. In environments where all the components can communicate with each other via any port (typically POC environments or private datacenters), you can skip this phase.

    Production environments typically are secured by only allowing communication through the ports specified in this section.

    Security Groups

    To configure the network rules for each VM, you must setup appropriate inter-connectivity between CloudCenter Architecture.

    Icon
    • All port requirements use TCP protocol.
    • For all communication between the components and HTTPS access, use TLS as the SSL protocol.

     

    The tables in this section list the networking requirements for each Component Role.

     CCM Ports

    CCM Ports

    Port

    Direction

    Remote Source

    Notes

    80

    Ingress (optional)

    0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

    For HTTP to HTTPS redirection.

    Egress0.0.0.0/0To download installer or appliance packages.

    443      

    Egress0.0.0.0/0To download installer or appliance packages.

    Ingress

    0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

    For UI/API access.

    22

    Ingress (optional)

    Allowed SSH source IP

    For troubleshooting purposes.

    8443

     

    Ingress

    CCO_IP or CCO_PRIMARY_IP &  CCO_SECONDARY_IP

    For two-way communication between the CCO and CCM VMs.

    Icon

    Required for all Cloud Regions supported by your CloudCenter deployment.

    Egress

    CCO_IP or CCO_LB_IP

    Ingress (optional)

    MON_IP or  MON_PRIMARY_IP &  MON_SECONDARY_IP

    For two-way communication between the Monitor CM and the CCM VM.

    Egress (Optional)

    MON_IP or MON_LB_IP

    Ingress

    AMQP_IP or AMQP_PRIMARY_IP & AMQP_SECONDARY_IP

    For Web SSH/VNC through Guacamole.

     AMQP Ports

    AMQP Ports

    Port

    Direction

    Remote Source

    Notes

    22

    Ingress (optional)

    Allowed SSH source IP

    For troubleshooting purposes.

    5671

    Ingress

    • CCO or
      CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
    • Worker VM IP Range

    For communication from the CCO VM and from launched VMs.

    7789

    Ingress

    Worker VM IP Range

    For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

    7788

    Ingress/Egress

    AMQP or
    AMQP_PRIMARY, AMQP_SECONDARY, and AMQP_LB

    For SSH/VNC access of launched VMs. Done through reverse proxy. Done through reverse proxy for loop back connection.

    443

    Ingress

    0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

    For SSH/VNC and RDP access of launched VMs.

    8443

    Egress

    • CCM or
      CCM_SA or CCM_SA_PRIMARY and CCM_SA_SECONDARY
    • CCO or
      CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY

    For SSH/VNC access of launched VMs. Guacamole server on AMQP VM communicates to the CCM and CCO VMs via this port.

     CCO Ports

    CCO Ports                                                                                                        

    Port

    Direction

    Remote Source

    Notes

    8443   

    Ingress/
    Egress

    • CCM or
    • CCM_SA or
    • CCM_SA_PRIMARY and CCM_SA_SECONDARY
    • Monitor

    For two-way communication between the CCO and CCM VMs.

    22

    Ingress (optional)

    Allowed SSH source IP

    For troubleshooting purposes.

    Egress0.0.0.0/0To download installer or appliance packages.
    443Egress0.0.0.0/0To download installer or appliance packages.

    All

    Egress (Conditional)

    Cloud Region EndPoints, Script Sources

    For cloud region endpoint access and for downloading scripts/packages defined in external services.

    2375

    Egress (Conditional)

    • Only for CloudCenter 4.6.x and earlier
    • Not used for CloudCenter 4.7.x and later

    EXT_SCRIPT_EXECUTOR

    For Docker container engine access to execute external scripts.

    2376Egress (Conditional)
    • Only for CloudCenter 4.7.x and later
    • Not used for CloudCenter 4.6.x and earlier
    EXT_SCRIPT_EXECUTORFor Docker container engine access to execute external scripts.

     Monitor Ports

    MON Ports

    Port

    Direction

    Remote Source

    Notes

    22

    Ingress (optional)

    Allowed SSH source IP

    For troubleshooting purposes.

    80Egress0.0.0.0./0To download installer or appliance packages.
    443Egress0.0.0.0/0To download installer or appliance packages.
    4560Ingress
    • CCM_IP or
      CCM_PRIMARY_IP and  CCM_SECONDARY_IP
    • CCO_IP or
      CCO_PRIMARY_IP, CCO_SECONDARY_IP, and CCO_TERTIARY_IP
    (Logstash) To collect, process, and push the logs to the CCM and/or CCO.
    8881Ingress
    • CCM_IP or
      CCM_PRIMARY_IP and  CCM_SECONDARY_IP
    • CCO_IP or
      CCO_PRIMARY_IP, CCO_SECONDARY_IP, and CCO_TERTIARY_IP
    (Elasticsearch) To download logs for the CCM and/or CCO.
    8882IngressPublic browser accessTo view the logs in the Kibana console.

    8443

     

    Ingress/ Egress

    • CCM or
    • CCM_SA or
    • CCM_SA_PRIMARY, CCM_SA_SECONDARY, and CCM_LB

    For two-way communication between the CCM and Monitor VMs.

    Egress

    CCO or CCO_LB

    For access to the CCO VM.

  3.  Perform Network Compliance Check

    Perform Network Compliance Check

    You must perform the network compliance check to ensure that all network rules for inter-component communication between CloudCenter component VMs, application VMs and end user access are accurately setup.

    CloudCenter Component VMs

    To perform network compliance checks for CloudCenter components, perform this procedure on each VM launched as part of the 1. Prepare Infrastructure process.

    1. Upload the deployment descriptor JSON file created in 1. Prepare Infrastructure to the /tmp location.
    2. Upload the validator script called validator.py to the /tmp location (available with the CloudCenter appliance files).
    3. Execute the following command from the location /tmp location.

      Command

      Examples:

      • python network_validator.py –-role=CCM --deploymentDetails=deployment.json

      • python network_validator.py –-role=CCO --region=AmazonEast1 --deploymentDetails=deployment.json

      • python network_validator.py –-role=AMQP --region=AmazonEast1 --deploymentDetails=deployment.json

    4. Verify the results to ensure that there are no failures and that all required network rules are setup accurately. In case of failures, update network settings as appropriate and repeat the test.

    Application VMs

    To ensure that application VMs (that are launched as part of application orchestration) can communicate with relevant CloudCenter components and repositories, perform this procedure:

    1. Launch a test VM in every cloud environment intended to be managed by CloudCenter.
    2. Upload the deployment descriptor JSON file to the /tmp location.
    3. Upload the validator script called validator.py to the /tmp location.
    4. Execute the following command from the /tmp location.

      Command

      Example:
      python network_validator.py –-role=AGENT --region=AmazonEast1 --deploymentDetails=deployment.json

    5. Verify the results to ensure that there are no failures and that all required network rules are setup accurately. In case of failures, update network settings as appropriate and repeat the tests

    6. Once network compliance check is successful, terminate the test VMs.
    Client Test

    Some CloudCenter components (CCM, AMQP or GUAC) must be accessible to end users to ensure UI or REST API access. To ensure client access to these components, perform this procedure:

    1. Identify the Linux, Windows (Python Enabled), or MacOSX systems running in networks accessed by end users.
    2. Upload the deployment descriptor file to this client system.
    3. Upload the validator.py to the client system.
    4. Execute the following command from the python script location.

      Command
    5. Verify the results to ensure that there are no failures and that all required network rules are setup accurately. In case of failures, update network settings as appropriate and repeat the test.

    Icon

    Before proceeding to to the next section, ensure that network compliance check is successful.

  4.  Configure Components

    Configure Components

    Launch the CloudCenter wizard for each component:

    1.  CCM Wizard Properties

      CCM Wizard Properties

      To configure the CCM wizard properties, follow this procedure.

        1. SSH into the CCM instance as a centos user.
        2. Run the following command:

      1. Invoke the CCM wizard.

        CCM Wizard Path
      2. Configure the basic properties. The wizard includes several menu groups with different properties.

        Write this down for future reference!

        Icon
        Write down the Field details in a printed version of the Your Notes section for later use.

        CCM Properties

        Field

        Description

        Mail

        • SMTP Host
        • SMTP Port
        • SMTP Auth

        SMTP server details to send mail notifications.

        Mail_User

        • Mail User
        • Password
        • From User
        • Display Name

        Mail authentication and configuration details to send mail notifications. If you retain the default settings, the mail functionality will not be configured.

        Server_info (Required)
        • Public DNS
        • DNS or IP of the CCM.
        • Used by the CCO VM to communicate with the CCM VM.
        • Monitor URL
        • Monitor VM's complete URL. For example, https://<MON or MON_LB IP address>:8443.
        • Must use HTTPS protocol.
        • Used by the CCM VM to retrieve the health status from the Monitor VM.
        • Hazelcast IP
        • Private IP address of the CCM VM.
        • Used internally by the CloudCenter platform.
        • External URL
        • Optional for non-HA CCM scenarios.

        Config_App_Logo

        No fields listed

        Used by the application profile templates.

        ESB_InfoNo fields listed

        Required only if you installed Enterprise Service Bus (ESB), an optional component that is not installed in CloudCenter appliances by default.

        Network

        • Hostname
        • Interface

        Use the defaults if you are not making any changes to these settings.

        DB
        (Effective CloudCenter 4.7.0)
        • IP or Hostname
        • Username
        • Password
        • DNS or IP of the Database
          • Local host: Default, does not include the flyway migrate configuration
          • Remote host, includes the flyway migrate configuration – see the last bullet in this row.
        • Authentication credentials (username and Password) for the database (either local or remote).
        • Optional – Flyway Migrate. Remote Host Configure the CCM to a remote database by providing the IP address of the remote database. When you provide the IP address, you see an additional screen to configure the flyway migrate process.
          • Yes: Flyway migration takes place.
          • No: Only the configuration files are updated.
          Icon

          DB configuration is required for standalone database deployments.

        ELK_Info
        (Effective CloudCenter 4.7.0)
        • ELK Host
        • Elasticearch Port
        • Logstash Port
        • Kibana Port
        • ELK Password
        • ELK Username
        • Host Identifier
        • Host Identifier List
        • Specify the IP address for the ELK/Monitor host.
        • The Elasticearch Port displays 8881 by default.
        • The Logstash Port displays 4560 by default.
        • The Kibana Port displays 8882 by default.
        • The default ELK Password is re@d0nly (zero between d and n) (change this password after the initial login – see Download Log File for additional context).
        • The default ELK Username = logreader.
        • The Host Identifier is a Unique ID for the server – be sure to prefix the unique identifier with CCM_ for example, CCM_1
        • The Host Identifier List field only applies to environments using the HA mode – provide a list of comma separated unique host identifiers for all ELK/Monitor hosts in a HA setup = for example, CCM_1,CCM_2,myCCM.

          Icon

          In an environment operating in HA mode, if you have two CCM instances with unique IDs configured as CCM_1,CCM_2 in their respective server.properties file, then this property should state CCM_1,CCM_2 in both CCM instances. Each CCM must be aware of the unique ID of the other CCM(s) when in HA mode.

      3. Exit the CCM configuration wizard.

      4. Select Yes, to restart the Tomcat service for the changes to be effective.

      You have successfully installed the CCM component! You can now proceed to the next step – Per CloudCenter Region Installation.

       

    2.  AMQP - CCM/CCO Wizard Properties

      AMQP  – Configure CCM/CCO Properties for Guacamole Server

      Dedicated GUAC Setup?

      Icon

      This GUA config wizard step is not required if you have set up a dedicated Guacamole server.

        1. SSH into the GUA instance as a centos user.
        2. Run the following command:

      1. Invoke the GUA wizard.

        GUA Wizard Path
      2. Configure the CCO and CCM properties. The wizard includes multiple menu groups with different properties. The table below lists each property and highlights the common properties in bold text.

        Write this down for future reference!

        Icon
        Write down the Field details in a printed version of the Your Notes section for later use.
      3. Configure the properties for the CCM and CCO VMs:

        GroupHostPossible IP Addresses

        CCM_Info

        CCM Host

        CCM_IP or  CCM_SA_IP or CCM_LB_IP
        CCO_InfoCCO HostCCO_IP or  CCO_LB_IP
      4. Verify your changes and Exit the GUA configuration wizard.

      You have successfully configured the AMQP server! You can now proceed to the next step.

      Post-Install Setup

      Icon

      Any change in the hostname may result in a VM bounce/reboot.

      If you change the AMQP server's hostname, the local AMQP database is renamed and you may need to rerun the AMQP configuration.

      Some clouds set the hostname automatically for each new instance or boot and RabbitMQ uses the a pre-set hostname to set the database name. In these cases, you must run the following commands as root to rerun the AMQP configuration:

      You will also need to run these commands again if the node is rebooted, as you may end up with a new hostname and database name.

      If a database user exists and a login is not associated, this user may not be able to log into the AMQP server.

      Ensure that the required users (cliqr and cliqr_worker) are setup in your database. If you have additional users in your database, they will also be displayed when you run the rabbitmqctl command.

      If you do not see these users in your database, run the following commands as root (to recreate the users in the AMQP configuration):

      Reboot the AMQP Server

      Reboot the AMQP server.

      Start the Wizard

      Use the following command to start the guacamole wizard if you need to change settings as required by your deployment. See Per CloudCenter Region Installation (Required) > AMQP  for additional context.

    3.  CCO Wizard Properties

      CCO – Configure CCO Wizard Properties

        1. SSH into the CCO instance as a centos user.
        2. Run the following command:

      1. Invoke the CCO wizard.

        CCO Wizard Path
      2. Configure the Agent bundle, AMQP server, Guacamole server, and Docker server properties. The wizard includes multiple menu groups with different properties. The table below lists each property and highlights the common properties in bold text.

        Write this down for future reference!

        Icon
        Write down the Field details in a printed version of the Your Notes  section for later use.
      3. Configure the properties for the Agent bundle, AMQP server, Guacamole server, and Docker VMs:

        GroupPropertiesNotes

        AgentBundle

         

        Use the defaults.

        • If you are using the custom bundle, replace cdn.cliqr.com with the custom bundle store IP or DNS
        • If you are using the package store, replace repo.cliqrtech.com with the custom package store IP or DNS

        AMQP_Server

        • AMQP Server IP
        • AMQP Port
        • AMQP_IP or AMQP_LB_IP
        • 5671
        Network
        • Hostname
        Configure the Network details for your CCO environment. This is an optional step to configure the Private IP of the VM. You can generally configure this information if the VM does not have preset IP or hostname or if you need to override an existing IP or Hostname.

        Guacamole

         

        • Connection Broker Host
        • Connection Broker Port1
        • Connection Broker Port2
        • AMQP_IP or AMQP_LB_IP 
        • 7788
        • 7789

        Docker

        • Docker Registry URL
        • Docker CACert URL
        • Set only if custom docker registry is used
        • Set only if docker registry uses SSL with custom CA Certificates

        ELK_Info

        (Effective CloudCenter 4.7.0)

        • ELK Host
        • Elasticearch Port
        • Logstash Port
        • Host Identifier
        • Host Identifier List
        • Specify the IP address for the ELK/Monitor host.
        • The Elasticearch Port displays 8881 by default.
        • The Logstash Port displays 4560 by default.
        • The Host Identifier is a Unique ID for the server – be sure to prefix the unique identifier with CCO_ for example, CCO_Openstack_regionOne or CCO_Amazon_east.
        • The Host Identifier List field only applies to environments using the HA mode – provide a list of comma separated unique host Identifiers for all ELK/Monitor hosts in a HA setup = for example, CCO1,CCO2,myCCO.

          Icon

          In an environment operating in HA mode, if you have three CCO instances with unique IDs configured as CCO_1,CCO_2,CCO_3 in their respective server.properties file, then this property should state CCO_1,CCO_2,CCO_3 in each CCO instance. Each CCO must be aware of the unique ID of the other CCO(s) when in HA mode.

      4. Verify your changes and Exit the CCO configuration wizard.

      You have successfully configured the CCO! You can now proceed to the next step.

    4.  Monitor - CCM Wizard Properties

      Monitor – Configure Monitor Properties

        1. SSH into the MONITOR instance as a centos user.
        2. Run the following command:

      1. Invoke the wizard.

        Monitor Wizard Path
      2. Configure the basic properties for each MONITOR server. The wizard includes several menu groups with different properties.

        Write this down for future reference!

        Icon

         Write down the Field details in a printed version of the Your Notes section for later use.

        GroupPropertiesNotes
        CCM_Info
        • Monitor ID
        • CCM Hostname/URL
        • Monitor User
        • Monitor ID – A unique (alphanumeric) identifier used as the name for the health check instances and volumes created on the cloud provider
        • CCM Hostname/URL – REQUIRED!
          • CCM_IP or 
          • CCM_SA_IP or
          • CCM_LB_IP
        • Monitor User – The User ID configured on the CCM server (to enable health check for cloud  regions).
          • To perform a health check on all activated cloud regions, set this value as 2 (2 is the CloudCenter’s root administrator’s User ID).
          • To perform a health check on specific cloud regions, create and activate a new user with those specific regions and use that user’s User ID as value for this property. To get the User ID, use the v1 User Management APIs.
        ELK_Login
        • Elasticsearch
        • Logstash
        • Kibana
        For the ELK/Monitor host.
        • ELK username = logreader (default)
        • ELK password = re@d0nly (zero between d and n) (see Download Log File > Change Default ELK Password for additional context)
      3. Exit the Monitor wizard.

      You have successfully configured the Monitor! You can now proceed to the next step.

 

 

 

 

  • No labels