Deploy CloudBolt HA Environment in AWS with MySQL

Overview

Walkthrough on deploying an HA Cloudbolt instance in AWS. This includes web/app EC instances, external db (RDS mySQL), ELB, and EFS.

Considerations

Need to have an understanding of AWS services. Create a private key for authentication and requires a Security group with correct ports for communication.

Procedure

Amazon EC2 Instances (Creation)

Create Primary CloudBolt Instance

Create Primary/First CloudBolt Instance
1. Log into AWS and go to the EC2 Services page
2. Select Launch Instance and locate the CloudBolt AMI from the AMS Marketplace and hit Select
  2. The next screen will give you an overview of CloudBolt and the pricing for each instance type. Click continue
  3. Select you Instance Type (We're using t3a.medium for this one) and click Configure Instance Details
  4. One the Configure Instance Details screen, we're only going to be changing the Subnet so that we can pick with Availability Zone (AZ) we're using (We're using us-east-2a for our first instance)
    2. If there are other changes you want to make on this page, make them now and click Add Storage when you're done
  5. If you want/need to add a second volume, please do it now and then click Add Tags
  6. If you want to add Tags, please do it now and then click Configure Security Groups
  7. On the Configure Security Group page you will need to create a new Security Group or use an Existing one
    1. Existing Security Group (if you have one that you want to use)
      1. Click Select an existing security group
      2. Select the Security Group you want to use and hit Review and Launch
    2. New Security Group (Preferred)
      1. Leave Create a new security group selected
      2. Fill out the Security group name field
      3. Update the Description field
      4. Add Rules for MySQL, NFS and anything else you would like
      5. Once you've added everything you want, select Review and Launch
  8. On the Review Instance Launch page, verify everything looks good and click Launch
  9. Select an existing key pair or create a new key pair
    1. New key pair (If you don't have an existing key pair that you want to use)
      1. Give it a name and download the key pair (DO NOT LOSE THIS)
    2. Existing key pair
      1. Select choose an existing key pair from the drop-down
      2. Select the key pair that you're going to use and check the box for the acknowledgement
      3. If everything looks good, click Launch instances

Create Secondary CloudBolt Instance

Create Second CloudBolt Instance
1. Follow the steps for the first instance.
2. Once you get to the Configure Instance Details page, you will need to select the subnet for a different Availability Zone (AZ)
  1. We're putting this second instance on us-east-2c, but yours will probably be different
3. Continue following the steps on the first instance until you get to Configure Security Group
  1. If you created a new Security Group for the first instance, you will need to select it here and click Review and Launch
4. Select your existing key pair and launch the instance
Once the EC2 instances are up and running, you will need to give them a name (by default they show up as ("-")
1. Click the notepad icon and fill out the name field. Click save
  1. From this screen, we can also see that each one is on a different Availability Zone

Create PPK from PEM File

PuTTYGen (Windows)

NOTE: Only follow this Step if you created a new key pair when we created the first instance. If you DID NOT, skip to the CloudBolt section

If you created a new key pair, you will need to take the .PEM file and convert/export it as a .PPK file (Can be done via PuTTYGen)
1. Open PuTTYGen or any other tool that you're using to do this
2. Click File → Load private key and select the .PEM file
3. Click OK on the successfully imported key window
4. Click Save private key and save the PPK file to your computer

PuTTY (Linux)

NOTE: Only follow this Step if you created a new key pair when we created the first instance. If you DID NOT, skip to the CloudBolt section

Install PuTTY by runing one of the following commands:
1. RPM-based
  sudo yum install putty
2. Dpkg-based
  sudo apt-get install putty-tools
On the instance shell, run the puttygen command to convert your .pem file to a .ppk file:
sudo puttygen /tmp/CloudBoltTest.pem -o /tmp/mykey.ppk -O private

CloudBolt

Initial Configuration

Launch the web interface for each instance
On the license page, paste in the license or upload the file and click Apply License
Log into the appliance with admin / admin
Read the EULA and select the I have read and accept the EULA. Once selected, click next
On the Proxy Settings page
1. If you have a Proxy, click Yes, configure now
  1. Fill in all of the fields and click Next
2. If you DO NOT have a Proxy, click No proxy
Fill out the Initial CB Administrator Account (Example below)
2. Once everything is filled out, click Finish
Verify everything looks good on the Setup Completed page
2. If everything looks good, click Start Using CloudBolt

Upgrade CloudBolt

SSH into both instances
1. Open Putty or whatever SSH client you're using and type in the FQDN or IP of the instances
2. Add your Private key into Putty and click Open
3. Click Yes to the security alert about the key
4. Login as admin and run the following commands on both instances
  1. sudo su -
    cd /tmp
    curl http://downloads.cloudbolt.io/9.4.1/cloudbolt_upgrader_9.4.1_62256aaa89.tgz | tar xvz
    cd cloudbolt_upgrader_9.4.1_62256aaa89/
    ./upgrade_cloudbolt.sh
5. Wait for upgrade to complete before continuing on (Can take up to 10 minutes)
6. Stay SSHd into both Instances because we will need to come back to it shortly
Once the upgrade has completed, log back into the web interface for both instances
1. If you're prompted to set a challenge question and answer, set one now and click Save answer
Verify the CloudBolt instances have been upgraded to the latest version
1. Go to Admin → Maintenance → Version & Upgrade Info

Pre-Database/EFS Config

Open the SSH session for your first CloudBolt instance
Run these commands to create/copy the PEM file to the CloudBolt instance
1. cd /tmp
2. vi mykey.pem
3. Copy the contents of your PEM file into this file and save
Update permissions on the new mykey.pem and secret-key-for-apache.bin file
1. Run these on first instance
  1. chmod 600 /tmp/mykey.pem
  2. chmod 777 /var/opt/cloudbolt/secrets/secret-key-for-apache.bin
2. Run this on the second instance
  1. chmod 777 /var/opt/cloudbolt/secrets/secret-key-for-apache.bin
Copy BIN file from the first CloudBolt Instance to the second
1. scp -v -i /tmp/mykey.pem /var/opt/cloudbolt/secrets/secret-key-for-apache.bin admin@CB_SECOND_NODE:/var/opt/cloudbolt/secrets/
Check customer_settings.py to verify the UNIQUE_TOKEN is the same on both instances
1. cat /var/opt/cloudbolt/proserv/customer_settings.py
  1. If the UNIQUE_TOKEN is different
    1. Copy the UNIQUE_TOKEN section from the first CloudBolt instance to the second CloudBolt instance
  2. If the UNIQUE_TOKEN is the same, you can continue ahead to the next step
Update the Job Engine supervisord configuration file on both instances
1. vi /etc/supervisord.d/jobengine.conf
2. Change the line that begins with autostart to autostart=false
3. Change the line that begins with autorestart to autorestart=false
4. supervisorctl reload
Dump existing SQL database
1. mysqldump -u root -pVi-gn3tt3 --opt cloudbolt > /tmp/cloudbolt.sql

Amazon Load Balancer (ELB)

Configure Amazon Load Balancer (ELB)

Log back into the AWS console and go to the EC2 services
Click on Load Balancers on the bottom left side
Once you're in the Load Balancers screen, click Create Load Balancer
On the Select load balancer type screen, we're going to click Create under the Application Load Balancer option
Configure Load Balancer - Basic Configuration
1. Fill out the Name field
2. Select HTTPS for the listener
3. Select your VPC and Availability Zones
4. Once you have that filled out, click Configure Security Settings
Configure Security Settings - Select default certificate
1. Select your Certificate Type, Certificate Name and Security Policy
2. Once you have everything selected, click Configure Security Groups
Select which Security Groups you want to attach and click Configure Routing
Configure Routing
1. For the Target group, we're going to select New target group
2. Provide a name for the Target group and select HTTPs for the Protocol
3. Fill out any additional options you want for the Health Check, etc and click Register Targets
Register Targets
1. Select your 2 new CloudBolt instances and click Add to registered
2. They should now show up on the top of the screen under Registered Targets
3. If everything looks good, click Review
Review your configuration and if everything looks good, click Create
Once the Load Balancer shows active for the state, click on Target Groups on the left side
Click on your Target group to open it up
If you look at the Attributes at the bottom, Stickiness should say disabled
1. If it's disabled, click edit to the right of Attributes
On the Edit attributes screen, select Stickiness and set the duration for 1 hour
1. We're going to leave the Load balancing algorithm to Round robin, but you can change it if you'd like
2. Click Save changes when you're done
Now you should be able to login into CloudBolt via the DNS name on the Load Balancer

Amazon Elastic File System (EFS)

Configure EFS

Open the EFS Services in the AWS Console and click Create file system
Fill out the Name (Optional, not required), select your VPC and click Customize
Make sure your Name is still filled out if you populated it and click Next
On the Network Access screen, Select your VPC and Security Groups
2. Once everything is selected, click Next
Update the File system policy if you want and click Next
Verify everything looks good on the Review and create screen and click Create
Now that you have the EFS File system created, click on the Name or File system ID to go into the settings
Once you're in the settings, click on Attach
In the Attach window, make note of the DNS name for the EFS file system (copy the name out, we'll need it later)
Close the attach window by clicking outside of it
Move onto the next step

Configure EFS on EC2 Instances

SSH into both CloudBolt instances
Install NFS Client on BOTH instances
1. sudo yum install nfs-utils
Run these commands on BOTH instances (replace EFS_DNS_NAME with the DNS name you copied out above)
1. mkdir /mnt/efs
  sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport EFS_DNS_NAME:/ /mnt/efs
Run these commands on the first instance ONLY
1. mv /var/opt/cloudbolt /mnt/efs/cloudbolt
  mv /var/log/cloudbolt/jobs /mnt/efs/jobs
  mv /var/www/html/cloudbolt/static /mnt/efs/static
  mkdir /var/opt/cloudbolt
  mkdir /var/log/cloudbolt/jobs
  mkdir /var/www/html/cloudbolt/static
  sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport EFS_DNS_NAME:/cloudbolt /var/opt/cloudbolt
  sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport EFS_DNS_NAME:/jobs /var/log/cloudbolt/jobs
  sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport EFS_DNS_NAME:/static /var/www/html/cloudbolt/static
Run these commands on the second instance ONLY
1. rm -rf /var/opt/cloudbolt
  rm -rf /var/log/cloudbolt/jobs
  rm -rf /var/www/html/cloudbolt/static
  mkdir /var/opt/cloudbolt
  mkdir /var/log/cloudbolt/jobs
  mkdir /var/www/html/cloudbolt/static
  sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport EFS_DNS_NAME:/cloudbolt /var/opt/cloudbolt
  sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport EFS_DNS_NAME:/jobs /var/log/cloudbolt/jobs
  sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport EFS_DNS_NAME:/static /var/www/html/cloudbolt/static
Update fstab file on BOTH instances to automount NFS share
1. vi /etc/fstab
2. Add these 3 lines (replace EFS_DNS_NAME)
  EFS_DNS_NAME:/cloudbolt /var/opt/cloudbolt nfs rw,hard,intr,rsize=8192,wsize=8192,timeo=14 0 0
  EFS_DNS_NAME:/jobs /var/log/cloudbolt/jobs nfs rw,hard,intr,rsize=8192,wsize=8192,timeo=14 0 0
  EFS_DNS_NAME:/static /var/www/html/cloudbolt/static nfs rw,hard,intr,rsize=8192,wsize=8192,timeo=14 0 0
3. Once you've added those lines, save the file
4. Run mount -fav to verify the new lines we imported work
5. Once you have everything saved and the mount command came back successful, move onto the Step 8

Amazon RDS Database

MySQL

Open the RDS Services in the AWS Console and click Create database
Create Database
1. Select Standard Create for the creation method
2. Select MySQL for the Engine type under Engine options
3. Select which SQL Version you'd like to use
4. Select the Production template since we need HA
5. Fill out the DB instance identifier, Master username and Master password
6. Select your DB instance class, Size and what Storage you would like to use
7. Make sure you select the correct VPC, Subnet group and security group
8. Fill in the initial database name (IMPORTANT)
9. Select your DB parameter group, Option Group and if you want Backups, etc
10. Go through the rest of the options and once everything looks good, click Create database
Once the database is up and running, click on your new database to open the configuration and copy out the Endpoint address
Move onto Step 9

Aurora

Open the RDS Services in the AWS Console and click Create database
Create Database
1. Select Standard Create for the creation method
2. Select Amazon Aurora for the Engine type under Engine options
3. Select Amazon Aurora with MySQL compatibility for the Edition
4. Select Provisioned for the Capacity Type
5. Select Single-master for the Replication features
6. Select which version of Aurora you want to use
7. Select the Production or Dev/Test template
8. Fill out the DB instance identifier, Master username and Master password
9. Select your DB instance size and the Create an Aurora Replica or Reader node in a different AZ option
10. Make sure you select the correct VPC, Subnet group and security group
11. Fill in the initial database name (IMPORTANT)
12. Select your DB parameter group, Option Group and if you want Backups, etc
13. Go through the rest of the options and once everything looks good, click Create database
Once the database is up and running, click on your new database to open the configuration and copy out the Endpoint address
Move onto Step 9

Amazon EC2 Instances (DB Config)

Configure Database

SSH into your first instance
Copy SQL backup to new MySQL Database (replace DB_DNS_NAME, USERNAME, PASSWORD and DATABASENAME with the information from your database)
1. mysql -h DB_DNS_NAME -u USERNAME-pPASSWORD DATABASENAME< /tmp/cloudbolt.sql
Connect to MySQL Database
1. mysql -u USERNAME -h DB_DNS_NAME -pPASSWORD
Now that you're connected to the Database, run these commands to see if you get anything back
1. show databases;
2. use cloudbolt;
3. show tables;
4. Type exit to get out of the SQL database
5. Copy the DATABASES section from /opt/cloudbolt/settings_local.py to /var/opt/cloudbolt/proserv/customer_settings.py
  1. Update the Name, User, Password and Host fields in the table
6. SSH into your second instance now and run these next commands on BOTH instances
7. Stop/Disable MYSQL Services on BOTH instances
  1. systemctl stop mysqld
    systemctl disable mysqld
8. Restart HTTPD Service on BOTH instances
  1. systemctl restart httpd
9. Update the Job Engine supervisord configuration file on both instances
  1. vi /etc/supervisord.d/jobengine.conf
  2. Change the line that begins with autostart to autostart=true
  3. Change the line that begins with autorestart to autorestart=true
10. Reboot both instances
  1. sudo reboot
11. Once the instances are backup, verify that you can log into the appliances

Additional information

Include links to outside source articles, Freshdesk tickets, JIRA tasks, etc. Anything that is helpful in providing more data for this KB