Installing Cloudify Manager with an External Database

Every Cloudify Manager installation requires a PostgreSQL database to store its required data (such as blueprints, deployment, tenants, etc…). By default, Cloudify Manager is installed in an all-in-one topology, but using the regular familiar installation of Cloudify Manager, you can select to have a distributed installation, whether it would be using an existing PostgreSQL external database, or use Cloudify’s PostgreSQL package and installation methods.

Similarly to an all-in-one installation, depending on the service you want to install on a particular machine, the installation process installs all of the components that Cloudify depends on. To select a specific service to install (Manager or Database), you need to update the settings in the config.yaml file.

You can install the Cloudify CLI on a separate host to manage your Cloudify Manager remotely.

Cloudify Preqrequisites

The minimum requirements are enough for small deployments that only manage a few compute instances. Managers that manage more deployments or large deployments need at least the recommended resources.

Cloudify Manager and the PostgreSQL Database are supported for installation on a 64-bit host with RHEL/CentOS 7.4.

There are specific packages that are commonly included in RHEL/CentOS. You must have these packages installed before you install Cloudify Manager.

Hardware Requirements

Cloudify Manager Minimum Recommended
vCPU 2 8
RAM 4GB 16GB
Storage 5GB 64GB
PostgreSQL Database Minimum Recommended
vCPU 2 8
RAM 4GB 16GB
Storage 5GB 64GB

Software requirements

Package Description Cloudify Manager PostgreSQL Database
sudo Required to run commands with root privileges (note that this is still a requirement even when running with root user) V V
systemd-sysv Create Cloudify Services V V
yum Install Cloudify’s required packages V V
openssl-1.0.2k Generate internal/external certificates V
openssh-server Creating SSH keys during the sanity check V
logrotate Rotating Cloudify log files V
initscripts Required by RabbitMQ V
sed Required by the CLI V
tar Untar packages V
python-setuptools Required by Python V
python-backports Required by Python V
python-backports-ssl_match_hostname Required by Python V

Other requirements

A total of 3 certificates and 3 keys must be prepared prior to installing the PostgreSQL Client and Server:

Requirement Requiring package Description
Root/Intermediate CA certificate and key PostgreSQL Client and Server Used by both the client and the server to validate each other
PostgreSQL Client certificate and key PostgreSQL Client Used by the server to validate the client
PostgreSQL Server certificate and key PostgreSQL Server Used by the client to validate the server

Network Interfaces

Cloudify Manager requires at least two network interfaces:

In some cases, it is possible to use only one network interface, but this can lead to security problems.

Network Ports Requirements

Source <-> Target Port Description
CLI Client -> Cloudify Manager 80 REST API and UI. This port must be accessible when SSL is not enabled.
CLI Client -> Cloudify Manager 22 REST API and UI. This port must be accessible when SSL is enabled.
CLI Client -> Cloudify Manager 443 For remote access to the manager from the Cloudify CLI. (Optional)
Cloudify Agent -> Cloudify Manager 5671 RabbitMQ. This port must be accessible from agent VMs.
Cloudify Agent -> Cloudify Manager 53333 Internal REST communications. This port must be accessible from agent VMs.
Cloudify Manager -> PostgreSQL Server PORT Port required to communicate with the external database (usually 5432). This port can be changed after the installation.

Installing Cloudify Manager

The Cloudify Manager services are installed from an RPM file. The installation can be customized with command-line flags and the config.yaml file. The Cloudify Manager installation FAQ includes more information about troubleshooting and advanced scenarios.

Since Cloudify Manager relies on a PostgreSQL database to store its data on, you would need to have a database ready before you install it. To achieve that you can either:

  1. Have an existing PostgreSQL 9.5 server ready.
  2. Use Cloudify Manager’s installation rpm to install a new PostgreSQL 9.5 server with everything configured.

In case you chose 1, jump over to Installing Cloudify Manager service

Installing Cloudify Manager database service

To install Cloudify Manager database service:

  1. Download the Cloudify Manager RPM file.
  2. Copy the RPM file to your target host.
  3. From the terminal of your target host, run:

    sudo yum install <RPM file path>
    

    For example:

    sudo yum install /home/centos/cloudify-manager-install-4.5.1ga.x86_64.rpm
    
  4. Update the following sections in the config.yaml file as below:

postgresql_server:
  enable_remote_connections: true
  postgres_password: '<postgres user password to configure on the server>'
  ssl_enabled: true
.
.
.
ssl_inputs:
  postgresql_client_cert_path: '<PostgreSQL server certificate path>'
  postgresql_client_key_path: '<PostgreSQL server key path>'
  ca_cert_path: '<Root/Intermediate CA certificate path>'
  ca_key_path: '<Root/Intermediate CA certificate path>'
.
.
.
services_to_install:
  -  'database_service' 
  1. To install Cloudify Manager database, run: cfy_manager install [--private-ip <PRIVATE_IP>] [--public-ip <PUBLIC_IP>] [-v]

Once the installation is complete, feel free to move on and install the Cloudify Manager service

Installing Cloudify Manager service

To install Cloudify Manager:

  1. Download the Cloudify Manager RPM file.
  2. Copy the RPM file to your target host.
  3. From the terminal of your target host, run:

    sudo yum install <RPM file path>
    

    For example: sudo yum install /home/centos/cloudify-manager-install-4.5.1ga.x86_64.rpm

  4. Update the following sections in the config.yaml file as below:

postgresql_client:
  host: '<External database host[:<External database port>]>'
  postgres_password: '<postgres password configured on the external PostgreSQL server>'
  ssl_enabled: true
.
.
.
ssl_inputs:
  postgresql_client_cert_path: '<PostgreSQL server certificate path>'
  postgresql_client_key_path: '<PostgreSQL server key path>'
  ca_cert_path: '<Root/Intermediate CA certificate path>'
  ca_key_path: '<Root/Intermediate CA certificate path>'
.
.
.
services_to_install:
  -  'composer_service' 
  -  'queue_service' 
  -  'manager_service' 
  1. Review other configuration settings in the config.yaml file and make any necessary changes.
  2. To install Cloudify Manager, run: cfy_manager install [--private-ip <PRIVATE_IP>] [--public-ip <PUBLIC_IP>] [--admin-password <password>] [-v]
Best Practices

We recommend that you do not skip validations or sanity checks, and that you review the security recommendations.

Other Installation Actions

License Activation

From version 4.6 on, in order to activate a Cloudify Premium Manager, a valid license is required. Before the Cloudify Manager is activated, most of the Cloudify REST APIs are blocked, and neither Cloudify CLI nor Cloudify Console is operational. Cloudify community version does not require a license, hence no activation is needed. Learn more about license activation

Validating the Installation

When the installation process is complete, you can use cfy status to make sure that all of the Cloudify services are running. Cloudify Premium customers can access the Cloudify Console at:

An example output:

$ cfy status

...

Retrieving manager services status... [ip=127.0.0.1]

Services:
   +--------------------------------+---------+
   |            service             |  status |
   +--------------------------------+---------+
   | InfluxDB                       | running |
   | Management Worker              | running |
   | AMQP-Postgres                  | running |
   | RabbitMQ                       | running |
   | AMQP InfluxDB                  | running |
   | PostgreSQL                     |  remote |
   | Manager Rest-Service           | running |
   | Cloudify Stage                 | running |
   | Webserver                      | running |
   | Riemann                        | running |
   | Webserver                      | running |
   +--------------------------------+---------+

   ...
   

Configuring the Manager Settings

After you install Cloudify Manager, you can change the settings used by the installation without reinstalling the Cloudify components. The configure command accepts the same CLI inputs as the install command, and it reads the same config.yaml file for additional settings.

To change the Cloudify Manager installation settings:

  1. Edit the config.yaml file.
  2. To configure Cloudify Manager, run: cfy_manager install [--private-ip <PRIVATE_IP>] [--public-ip <PUBLIC_IP>] [--admin-password <password>] [-v]

Additional Cloudify Manager Settings

In addition to the command line options, the /etc/cloudify/config.yaml (View in GitHub) contains more advanced configuration settings, including:

The /etc/cloudify/config.yaml file can be validated at any time using the cfy_manager validate command. This performs the same checks that cfy_manager install does.

Multi-Network Management

Cloudify Manager uses Cloudify Agents to execute tasks and collect information about the resources that it manages. You must specify the Cloudify Manager IP addresses or DNS names that your agents will use to communicate with it.

Multi-network management can be configured both before installing a new Manager and after.

Option 1: Configure multi-network management before installing a new Manager:

The Cloudify Manager networks are configured in the agent:networks section of the /etc/cloudify/config.yaml file, for example:

agent:
  networks:
    default: <privately_routable_ip>
    external: <externally_routable_ip>
  broker_port: 5671
  min_workers: 2
  max_workers: 5

You must specify the name of the Cloudify Manager network for each agent that deployed in your blueprint with this syntax:

  host:
    type: cloudify.nodes.Compute
    properties:
      agent_config:
        network: external
        install_method: remote
        user: { get_input: username }
        key: { get_secret: agent_key_private }
        port: 22
      ip: { get_input: host_ip }
Option 2: Add new networks to a running Manager:

Security Recommendations

For security considerations, we recommend that you:

Adding Environment Variables

In certain cases, it may be required to add environment variables to the processes that run Cloudify Manager. For example, certain organizations impose restrictions on the installation-default temporary files directory (usually /tmp), requiring the adjustment of the TEMP / TMP / TMPDIR environment variables accordingly.

This can be achieved by providing additional settings in config.yaml:

For example, to override the TEMP environment variable with /var/tmp:

mgmtworker:
  extra_env:
    TEMP: /var/tmp

restservice:
  extra_env:
    TEMP: /var/tmp

Additional Cloudify Console Settings

You can customize Cloudify Console by modifying userConfig.json file.

Emptying the Cloudify Manager Database

Data Loss

Emptying the Cloudify Manager database erases Cloudify data and is irreversible.

During both installation and configuration of Cloudify Manager, you can use the --clean-db option to empty all of the data from the Cloudify Manager database. The initial installation does not require the --clean-db flag.

This should be run from the Cloudify Manager machine, not the database machine.

Uninstalling Cloudify Manager

Data Loss

Uninstalling the Cloudify Manager erases all Cloudify data and is irreversible.

Next Steps

After Cloudify Manager is installed, you can configure your Cloudify Manager for your environment, including: