-
Notifications
You must be signed in to change notification settings - Fork 8
0.7 Platform Deployment Procedure
Trusted Analytics Platform (TAP) can be deployed on Amazon Web Services (AWS) using the AWS CloudFormation template or on OpenStack using OpenStack Heat Orchestraton Template.
+--------------------+
| AWS CloudFormation |
| OpenStack HOT |
+---------+----------+
|
+-----------v------------+
| User Data Shell Script |
+-----------+------------+
|
+-----------v------------+
| cfn-init Helper Script <-+
+-----------+------------+ |
| |
+-------v--------+ |
| cfn-hup Helper +-----+
+-------+--------+
|
+----v----+
| Ansible |
+---------+
ℹ️ Information |
---|
Provisioning should be done in Ansible playbooks. Any changes in existing user data contents causes replacement (termination) of an existing EC2 instance. |
-
The first step of the provisioning uses Cloud Formation / HOT to create a base for the TAP infrastructure:
-
get all of the environment parameters from the user:
- CDH worker size and the amount of workers,
- Cloud Foundry domain, password and the amount of workers,
- SMTP server parameters that will be used for sending invitation e-mails,
- Quay.io username for downloading restricted Docker images,
- Logsearch parameters on the platform,
- a keypair used for platform access,
- Elastic IP used for platform access.
-
create the network infrastructure:
- VPC (AWS only),
- Subnets,
- Security Groups.
-
create the machines:
-
-
To start the provisioning process and provide machines with necessary automation tooling:
-
an user data shell script(common for every instance/VM) is used to:
- install pip(with get-pip.py),
- install Ansible's dependencies using an OS-specific package management system (
apt-get
for Debian/Ubuntu andyum
for RHEL/CentOS), - install Ansible(via pip),
- install CloudFormation Helper Scripts,
- call the cfn-init script.
The log can be found in
/var/log/cloud-init-output.log
file on each of the machines created. -
cfn-init helper script is used to:
- create an Upstart job for running cfn-hup daemon,
- create a configuration for cfn-hup daemon,
- create a configuration for Ansible,
- create an Ansible's inventory,
- create hooks configurationfor cfn-hup daemon,
- start the cfn-hup daemon service.
The log can be found in
/var/log/cfn-init.log
file on each of the machines created. -
cfn-hup hooks are used to:
- run the cfn-init helper script,
- run the ansible-pull,
when the metadata of the instance is changed. The log can be found in
/var/log/cfn-hup.log
file.
-
-
To provision the software the platform is using Ansible is executed on the Jump Box and Nginx machines:
-
on the Jump Box:
- BOSH is installed,
- Cloud Foundry is provisioned.
-
on the Nginx host:
- Nginx is installed and configured.
In both cases, the ansible-playbooks repository is used (described in more detail in the repos section).
The log can be found in
/var/log/ansible.log
file on both of the machines.** **
- Nginx is installed and configured.
In both cases, the ansible-playbooks repository is used (described in more detail in the repos section).
The log can be found in
-
-
To provision the CDH cluster and TAP applications:
-
the user logs in to Jump Box and executes the tqd.sh shell script:
- environment variables
KERBEROS_ENABLED
andPUSH_APPS
are checked to see if the script should enable Kerberos and pushing apps.PLATFORM_ANSIBLE_ARCHIVE
is checked for an URL with the platform-ansible archive, - python and virtualenv are installed and set-up on the Jump Box,
- a legacy version of Ansible (1.9.4) is installed in the virtualenv,
- the platform-ansible archive is downloaded and untared,
- Java 1.8 and JCE 8 is downloaded for use with platform-ansible,
- Ansible inventory generation script (ec2.py) is downloaded and set up and platform-ansible is ran.
All logs from the script are available on screen to the user.
- environment variables
-
the main steps during the platform-ansible (described in more detail in the repos section) run are:
-
Provisioning is done from the root
user on platform machines.
The image above shows the resulting AWS infrastructure, with all of the VMs used by Cloud Foundry and Cloudera.
+---------+
| Ansible |
+----+----+
|
+---------v--------+
| Cloudera Manager |
+------------------+
The deployment of Cloudera Manager and CDH follows Installation Path B from Cloudera Installation Overview.
-
Ansible is used to:
- install Cloudera Manager Server (only on Cloudera Manager instance/VM),
- install Cloudera Manager Agent (on every Cloudera instance/VM),
- install JDK,
- use Cloudera Manager API (via Python client binding).
The log can be found in
/var/log/ansible.log
file. -
Cloudera Manager API is used to deploy CDH.
+---------+
| Ansible |
+----+----+
|
+---v--+
| BOSH |
+------+
Cloud Foundry is deployed by BOSH triggered from a Jump Box instance/VM.
-
Ansible is used to:
- generate an SSH key for BOSH(and as a technical key used to access other instances/VMs),
- import the generated key as a new EC2 Key Pair,
- install bosh-init,
- install BOSH CLI,
- install Cloud Foundry CLI,
- install UAA CLI.
The log can be found in
/var/log/ansible.log
file. -
bosh-init is used to deploy the BOSH Director.
-
BOSH Director is used to deploy Cloud Foundry and Docker Service Broker.
+---------+
| Ansible |
+----+----+
|
+---------v--------+
| Logsearch |
+------------------+
The deployment of Logsearch uses both Ansible and BOSH:
-
Ansible is used to:
- generate a BOSH manifest from the provided template,
- run the BOSH cli, initiating Logsearch deployment.
-
BOSH Director is used to deploy Logsearch.
-
A BOSH errand job is used to push Kibana to the platform.
Logsearch exposes a syslog sink to which Cloud Foundry exposes all of the application logs. The fields collected for applications are:
- time - The time the log line was produced
- application name - The application name
- level - The severity level, like INFO, WARN, etc.
- message - The actual log line
For more information regarding using Logsearch, please consult the TAP Logsearch documentation.
-
Please make sure that all nodes of your platform installation are secured with up-to-date anti-virus solution.
-
Please keep all login credentials and deployment private keys in a secure store within your organization.
This repository contains the Troposphere TAP.py script that is used to generate the Cloud Formation template used to bootstrap the platform. It won't be used by end-users, as they will only use the generated template which isn't a part of the repository.
This repository contains the TAP.yaml HEAT template that is used to boostrap the platform. As it is not generated, this is the artifact that the end user uses to bootstrap the platform.
This repository contains all of the Ansible playbooks developed for TAP Quick Deployment with Cloud Orchestration (think Cloud Formation/HOT templates) in mind. It is downloaded by ansible-pull on the non-CDH machines during the 3rd step of the Provisioning Workflow.
The repository structure follows the default ansible directory layout with top-level playbooks for each of the host roles (ex. nginx.yml used for the load balancer).
Roles that are used in the deployment are described in the ROLES.md file inside the repository.
This repository long predates the TAP Quick Deployment, and as such has accumulated some technical debt. It wasn't written with Cloud Orchestration in mind, but rather to be run on already existing machines. It will eventually be obsoleted and incorporated into the ansible-playbooks repo.
As of now, it contains the parts that bootstrap the platform CDH, Consul and Logsearch components. The CDH provisioning part is described in greater detail in the Layers/Cloudera part.
It is run automatically when the user runs the tqd.sh script during the 4th step of the Provisioning Workflow.