Skip to main content

Mid-proxy server installation and configuration

By
This document is helpful while setting up Jumphost server(mid-proxy) and configuring it with RabbitMQ.
image2016-4-22-12-5-29
  • Each private network is (normally) dedicated to a single tenant. Within that private network, there is a jumphost that can access the other VMs within the private network. No network access is required to the jumphost from outside. This jumphost run an agent (the "AMP Jumphost" product).
  • A clustered message broker (e.g. RabbitMQ) is used send requests to the jumphost, and to receive responses from it.
  • Through this mechanism, commands are executed on VMs within the private network.
    The sequence for command execution (e.g. SSH or WinRM on a VM in the private network) is:
    1. Manual pre-configuration:
    i. The message broker cluster is pre-installed.
    ii. For a new private network, the jumphost is manually set up within private network. On startup it automatically
    subscribes to the message broker to receive the relevant requests.
    2. AMP subscribes to a response queue, ready to receive the result.
    3. AMP publishes a request to the appropriate queue on the message broker; this request describes the command to be
    executed and the response queue to use.
    4. The jumphost picks up the request, validates it, and executes it.
    5. The jumphost publishes the result to a response queue (e.g. exit status, stdout and stderr).
    6. AMP receives the response via the message broker. The AMP instances and the jumphost access the message broker via AMQP.

Step-by-step guide

  • RabbitMQ installation and configuration steps:
    1. RabbitMQ is a message bus that acts as messaging broker - an intermediary for messaging. It gives your applications a common platform to send and receive messages, and your messages a safe place to live until received.
    2. RabbitMQ runs on the Erlang runtime, so before you can install and run RabbitMQ, you’ll need to install Erlang.
    3. Add the Erlang Solutions YUM repository:
      sudo wget http://packages.erlang-solutions.com/erlang-solutions-1.0-1.noarch.rpm 
      sudo rpm -Uvh erlang-solutions-1.0-1.noarch.rpm
    4. Install Erlang:
      redhat_release=`cat /etc/redhat-release | awk {'print int($3)'}` 
      sudo yum install -y erlang-18.2-1.el${redhat_release}
    5. Download the signing key for the RabbitMQ YUM repository, and then download and install RabbitMQ 3.6.0 using the rpm utility:
      sudo rpm --import http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
    6. You can update your yum repository to update to the latest version of RabbitMQ
      sudo yum update
    7. You can check the version of RabbitMQ in yum with the following command
      su -c 'yum list rabbitmq'
    8. Install the rabbitmq with the following command
      yum install rabbitmq
    9. Add the rabbitmq to run on startup and start the rabbitmq service
      sudo chkconfig rabbitmq-server on
      sudo /etc/init.d/rabbitmq-server start
    10. The rabbitmq default administrator username is guest and password is guest.
    11. Nat your rabbitmq for the port 5672 externally. You will need the external IP and port in jumphost properties. This is all the configuration needed for installation of RabbitMQ.
  • Jumphost (mid-proxy) installation and configuration steps:
    1. You will have to edit limits.conf file
      sudo vi /etc/security/limits.conf
      Add the following lines in it.
      amp soft nproc 16384
      amp hard nproc 16384
      amp soft nofile 16384
      amp hard nofile 16384
    2. Reboot the machine after this step.
    3. Download jumphost by the following command:
      wget https://artifactory.cloudsoftcorp.com/artifactory/libs-release-local/io/cloudsoft/amp/jumphost/jumphost/1.0.0-20160121.1603/jumphost-1.0.0-20160121.1603-dist.tar.gz
    4. Install jumphost by unpacking the tar with the following command
      tar -zxvf  jumphost-1.0.0-20160121.1603-dist.tar.gz
    5. Make a file in /home/user/.brooklyn/ named jumphost.propertiesjumphost.id=JUMPHOST_123 
      tenant.id=TENANT_123
      messageManager.rabbitmq.host=<rabbitmq ip> 
      messageManager.rabbitmq.port=<rabbitmq port>
      messageManager.rabbitmq.username=guest
      messageManager.rabbitmq.password=guest
      messageManager.crypto.secretKey=UmFuZG9tRW5jcnlwdEtleQ==
      messageManager.crypto.initVector=UmFuZG9tSW5pdFZlY3Rvcg==
      jumphost.id, tenant.id values can be anything you want.
      messageManager.rabbitmq.host is the external ip of rabbitmqmessageManager.rabbitmq.port is the external port of rabbitmqNo other properties need to be edited.
    6. You will also need to check the value of Entropy on your jumphost server.  An entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators. A lack of entropy can have a negative impact on performance and security.
          1. You can check the value of Entropy by the following command cat /proc/sys/kernel/random/entropy_avail
          2.  It is recommended for it to be more than 1000. To increase your entropy execute the following commands.
                sudo yum -y -q install rng-tools
                sudo chmod 666 /etc/sysconfig/rngd (this step to be performed only if you are not logged in as root)
                vi /etc/sysconfig/rngd
                Edit the EXTRAOPTIONS as follows           EXTRAOPTIONS=”-r /dev/urandom”
                sudo chmod 640 /etc/sysconfig/rngd (this step to be performed only if you are not logged in as root)
                sudo chkconfig rngd on
                sudo service rngd start   3. Now check your Entropy again cat /proc/sys/kernel/random/entropy_avail. It should be increased to more than 1000.
    7. You can now launch jumphost with the following command
      cd cloudsoft-jumphost-1.0.0-20160330.1541
      ./bin/jumphost launch > /dev/null &
    8. This launches the jumphost and this is all you need to install and start your mid-proxy server.
  • Configuring AMP to route through RabbitMQ and Jumphost:
    1. Edit brooklyn.properties in the properties section of any location add the following properties for the location your jumphost is
      brooklyn.location.named.MyPrivateLocation_TAI_Test.requiresSubnetTier=false
      brooklyn.location.named.MyPrivateLocation_TAI_Test.useJcloudsSshInit=false
      brooklyn.location.named.MyPrivateLocation_TAI_Test.pollForFirstReachableAddress=false
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass=io.cloudsoft.amp.jumphost.ssh.client.SshProxiedTool
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.jumphost.id=JUMPHOST_123  ##jumphost.id given in jumphost.properties
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.tenant.id=TENANT_123   ##tenant.id given in jumphost.properties
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.rabbitmq.host=<rabbitmq_ip>   ##internal rabbitmq ip
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.rabbitmq.port=<rabbitmq_port>  ##internal rabbitmq port
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.rabbitmq.username=guest
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.rabbitmq.password=guest
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.crypto.secretKey=UmFuZG9tRW5jcnlwdEtleQ==
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.crypto.initVector=UmFuZG9tSW5pdFZlY3Rvcg==

    2. Save the brooklyn.properties and reload properties in console.
    3. Then you can deploy any BP via the location you have just configured. It will use RabbitMQ and jumphost to deploy the BP in the private network.
    4. Following is the list of config keys to pass for respective BPs:
      For JBoss AS 7, use httpMonitoring.enabled: false .
      For JBoss AS 6, use jmx.enabled: false .
      For Tomcat, use jmx.enabled: false .
      For MongoDB, use clientMonitoring.enabled: false (though this will not work for clustered MongoDB).
      For Riak, use httpMonitoring.enabled: false .
      For Cassandra, use thriftMonitoring.enabled: false and jmx.enabled: false .
    5. You can verify that the deployment took place via jumphost by checking if the newly created VM's IP has been natted in sensors tab. In case of the use of jumphost the IP address will not be natted will show internal IP in sensors tab.
Labels:

Comments

Post a Comment

Popular posts from this blog

Terraform

By
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions. Configuration files describe to Terraform the components needed to run a single application or your entire datacenter. Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform is able to determine what changed and create incremental execution plans which can be applied. The infrastructure Terraform can manage includes low-level components such as compute instances, storage, and networking, as well as high-level components such as DNS entries, SaaS features, etc. The key features of Terraform are: Infrastructure as Code : Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and...
16 comments
Read more

Salt stack issues

By
The function “state.apply” is running as PID Restart salt-minion with command:  service salt-minion restart No matching sls found for ‘init’ in env ‘base’ Add top.sls file in the directory where your main sls file is present. Create the file as follows: 1 2 3 base: 'web*' : - apache If the sls is present in a subdirectory elasticsearch/init.sls then write the top.sls as: 1 2 3 base: '*' : - elasticsearch.init How to execute saltstack-formulas create file  /srv/pillar/top.sls  with content: base : ' * ' : - salt create file  /srv/pillar/salt.sls  with content: salt : master : worker_threads : 2 fileserver_backend : - roots - git gitfs_remotes : - git://github.com/saltstack-formulas/epel-formula.git - git://github.com/saltstack-formulas/git-formula.git - git://github.com/saltstack-formulas/nano-formula.git - git://github.com/saltstack-f...
12 comments
Read more

Helm: Installation and Configuration

By
PREREQUISITES You must have Kubernetes installed. We recommend version 1.4.1 or later. You should also have a local configured copy of  kubectl . Helm will figure out where to install Tiller by reading your Kubernetes configuration file (usually  $HOME/.kube/config ). This is the same file that  kubectl  uses. To find out which cluster Tiller would install to, you can run  kubectl config current-context or  kubectl cluster-info . $ kubectl config current-context my-cluster INSTALL HELM Download a binary release of the Helm client. You can use tools like  homebrew , or look at  the official releases page . For more details, or for other options, see  the installation guide . INITIALIZE HELM AND INSTALL TILLER Once you have Helm ready, you can initialize the local CLI and also install Tiller into your Kubernetes cluster in one step: $ helm init This will install Tiller into the Kubernetes cluster you saw with  kubectl config current-context . TIP:  Want to install into a different cl...
4 comments
Read more