Installing and Configuring Cloudify Manager
A Cloudify Manager is a compute host that runs the Cloudify Management service. For version 4.3 and higher, you can install a single RPM file that installs Cloudify Manager with all of its dependencies. The Cloudify Manager RPM file is self-contained and does not require an internet connection during installation.
The installation process installs all of the components that Cloudify depends on. You can run the install command again after the initial installation to reinstall and reconfigure the components. The configure command lets you reconfigure the components without reinstallation. When you install or configure the Cloudify Manager, you can specify the private IP address, public IP address and administrator password as command options, or specify these and other configuration settings in the config.yaml file.
You can install the Cloudify CLI on a separate host to manage your Cloudify Manager remotely.
Installing Cloudify Manager
The Cloudify Manager is installed from an RPM file. The installation can be customized with command-line flags and the config.yaml file. The Cloudify Manager installation FAQ includes more information about troubleshooting and advanced scenarios.
<div class="panel panel-primary panel-warning">
<div class="panel-heading">Best Practices</div>
<div class="panel-body">
We recommend that you do not skip validations or sanity checks, and that you review the security recommendations.
To install Cloudify Manager:
-
Download the Cloudify Manager RPM file.
-
Copy the RPM file to your target host.
-
From the terminal of your target host, run:
sudo yum install <RPM file path>
For example:
sudo yum install /home/centos/cloudify-manager-install-4.3.1ga.x86_64.rpm
-
Configure the Cloudify Manager networks in the config.yaml file.
-
Review the configuration settings in the
config.yaml
file and make any necessary changes. -
To install Cloudify Manager, run:
cfy_manager install [--private-ip <PRIVATE_IP>] [--public-ip <PUBLIC_IP>] [--admin-password <password>] [-v]
Other Installation Actions
License Activation
From version 4.6 on, in order to activate a Cloudify Premium Manager, a valid license is required. Before the Cloudify Manager is activated, most of the Cloudify REST APIs are blocked, and neither Cloudify CLI nor Cloudify Console is operational. Cloudify community version does not require a license, hence no activation is needed.
Learn more about license activation
Validating the Installation
When the installation process is complete, you can use cfy status
to make sure that all of the Cloudify services are running.
Cloudify Premium customers can access the Cloudify Console at:
- By default:
http://<manager_public_address>
- If you enable SSL in the config.yaml file:
https://<manager_public_address>
An example output:
$ cfy status
...
Retrieving manager services status... [ip=127.0.0.1]
Services:
+--------------------------------+---------+
| service | status |
+--------------------------------+---------+
| InfluxDB | running |
| Management Worker | running |
| Logstash | running |
| RabbitMQ | running |
| AMQP InfluxDB | running |
| PostgreSQL | running |
| Manager Rest-Service | running |
| Cloudify Stage | running |
| Webserver | running |
| Riemann | running |
| Webserver | running |
+--------------------------------+---------+
...
Configuring the Manager Settings
After you install Cloudify Manager, you can change the settings used by the installation without reinstalling the Cloudify components. The configure command accepts the same CLI inputs as the install command, and it reads the same config.yaml file for additional settings.
To change the Cloudify Manager installation settings:
- Edit the config.yaml file.
- To configure Cloudify Manager, run:
cfy_manager install [--private-ip <PRIVATE_IP>] [--public-ip <PUBLIC_IP>] [--admin-password <password>] [-v]
Additional Cloudify Manager Settings
In addition to the command line options, the /etc/cloudify/config.yaml
(View in GitHub) contains more advanced configuration settings, including:
- Administrator password (
admin_password
) - Private and public IP addresses (
private_ip
;public_ip
) - External REST communications over HTTPS (
ssl_enabled
) - Local path replacement for remote resources with a URL (
import_resolver
) - Multi-network management (
networks
) - LDAP connection information (
ldap
) - SSL communication settings (
ssl_inputs
)
The /etc/cloudify/config.yaml
file can be validated at any time using the cfy_manager validate
command. This performs the same checks that cfy_manager install
does.
Multi-Network Management
Cloudify Manager uses Cloudify Agents to execute tasks and collect information about the resources that it manages. You must specify the Cloudify Manager IP addresses or DNS names that your agents will use to communicate with it.
Multi-network management can be configured both before installing a new Manager and after.
Option 1: Configure multi-network management before installing a new Manager:
The Cloudify Manager networks are configured in the agent:networks
section of the /etc/cloudify/config.yaml
file, for example:
agent:
networks:
default: <privately_routable_ip>
external: <externally_routable_ip>
broker_port: 5671
min_workers: 2
max_workers: 5
You must specify the name of the Cloudify Manager network for each agent that deployed in your blueprint with this syntax:
host:
type: cloudify.nodes.Compute
properties:
agent_config:
network: external
install_method: remote
user: { get_input: username }
key: { get_secret: agent_key_private }
port: 22
ip: { get_input: host_ip }
Option 2: Add new networks to a running Manager:
- In order to add networks to a running Manager use the
cfy_manager add-networks
command. - New networks should be supplied as a JSON string. It is possible to add multiple new networks using one command (as shown in the example below).
- Please note that you can only add networks with unique names, otherwise an error will be raised.
- If using a Cloudify Manager cluster, the command will add the network only for the node it is run on. The command needs to be run separately on each node in the cluster, for the newly-installed agents to be able to contact all nodes in the cluster.
cfy_manager add-networks --networks '{"<network-name>": "<ip>", "<network-name>":"<ip>"}'
Security Recommendations
For security considerations, we recommend that you:
- Specify an administrator password according to your security policy
- Set SSL in the config.yaml file to
enabled
- Set gunicorn to bind to localhost
To set gunicorn to listen on localhost only:
- Edit the
/usr/lib/systemd/system/cloudify-restservice.service
file. - Find this line:
-b 0.0.0.0:${REST_PORT} \
- Replace the line with:
-b localhost:${REST_PORT} \
- To restart the dependent services, run:
sudo systemctl daemon-reload sudo systemctl restart cloudify-restservice
- Edit the
Adding Environment Variables
In certain cases, it may be required to add environment variables to the processes that run Cloudify Manager.
For example, certain organizations impose restrictions on the installation-default temporary files directory (usually
/tmp
), requiring the adjustment of the TEMP
/ TMP
/ TMPDIR
environment variables accordingly.
This can be achieved by providing additional settings in config.yaml
:
-
The
extra_env
key under therestservice
category contains a dictionary of environment variables to be added to Cloudify’s REST Service. -
The
extra_env
key under themgmtworker
category is read as dictionary of environment variables to be added to Cloudify’s Management Workers Service.
For example, to override the TEMP
environment variable with /var/tmp
:
mgmtworker:
extra_env:
TEMP: /var/tmp
restservice:
extra_env:
TEMP: /var/tmp
Additional Cloudify Console Settings
You can customize Cloudify Console by modifying userConfig.json file.
Emptying the Cloudify Manager Database
<div class="panel panel-primary panel-warning">
<div class="panel-heading">Data Loss</div>
<div class="panel-body">
Emptying the Cloudify Manager database erases Cloudify data and is irreversible.
During both installation and configuration of Cloudify Manager, you can use the --clean-db
option to empty all of the data from the Cloudify Manager database. The initial installation does not require the --clean-db
flag.
Uninstalling Cloudify Manager
<div class="panel panel-primary panel-warning">
<div class="panel-heading">Data Loss</div>
<div class="panel-body">
Uninstalling the Cloudify Manager erases all Cloudify data and is irreversible.
-
To uninstall the Cloudify Manager, run:
sudo cfy_manager remove -f
-
To remove all of the files that the installation process extracted, run:
sudo yum remove cloudify-manager-install
Next Steps
After Cloudify Manager is installed, you can configure your Cloudify Manager for your environment, including:
-
Upload plugins to add functionality to Cloudify Manager
-
To use Cloudify with LDAP users, setup the LDAP connection.
-
Build the secrets store for your tenants.
The secrets store lets you store data variables that you do not want to expose in plain text in Cloudify, such as login credentials for a platform.