Thursday, June 30, 2016

NOI on AWS


Yum Configure

Login to IBM ftp site. click download, click configure yum repo and follow the steps to register your system with IBM satellite.

# rhnreg_ks --force --username=<username> --password=<password>

# cd /etc/yum/yum.repos.d

# yum clean all
# yum repolist
# yum list
# yum install <package>
# yum install zip
# yum install unzip.x86_64


Install AWS CLI

# curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"

# unzip awscli-bundle.zip
# ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
# /usr/local/bin/aws --version

# cd /etc/yum.repos.d/
# touch docker.repo
# add the following lines to the repo

[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg

# yum install docker-engine


To increase the docker file system
# rpm -ql docker-engine.x86_64
# cd /usr/lib/systemd/system/
# cp docker.service docker.service.BACKUP-ORIG
modify docker.service below line
ExecStart=/usr/bin/docker daemon -H fd://
ExecStart=/usr/bin/docker daemon -H fd:// --storage-driver devicemapper --storage-opt dm.basesize=50G

# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
# systemctl start docker
# ls -l /var/lib/docker

# yum list *firewall*
# yum install firewalld.noarch
# systemctl enable firewalld
# systemctl start firewalld
# systemctl status firewalld
# iptables -I INPUT 1 -i docker0 -j ACCEPT
# systemctl restart docker

Download the APM container files from S3
# aws configure
AWS Access Key ID [None]: AKIAJLSZNLHQXXOWWNEA
AWS Secret Access Key [None]: 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
Default region name [None]: us-east-1
Default output format [None]:

[root@ip-172-31-7-49 apm-813]# aws s3 cp s3://apmdockerimage/apmmongodb813.tgz .
download: s3://apmdockerimage/apmmongodb813.tgz to ./apmmongodb813.tgz
[root@ip-172-31-7-49 apm-813]#
[root@ip-172-31-7-49 apm-813]#
[root@ip-172-31-7-49 apm-813]# aws s3 cp s3://apmdockerimage/apmpoc.sh .
download: s3://apmdockerimage/apmpoc.sh to ./apmpoc.sh
[root@ip-172-31-7-49 apm-813]# aws s3 cp s3://apmdockerimage/apmprefetch813.tgz .
download: s3://apmdockerimage/apmprefetch813.tgz to ./apmprefetch813.tgz
[root@ip-172-31-7-49 apm-813]#
[root@ip-172-31-7-49 apm-813]# aws s3 cp s3://apmdockerimage/apmrepository813.tgz .
download: s3://apmdockerimage/apmrepository813.tgz to ./apmrepository813.tgz
[root@ip-172-31-7-49 apm-813]# aws s3 cp s3://apmdockerimage/apmserver813.tgz .
download: s3://apmdockerimage/apmserver813.tgz to ./apmserver813.tgz
[root@ip-172-31-7-49 apm-813]#
[root@ip-172-31-7-49 apm-813]# aws s3 cp s3://apmdockerimage/license.txt .
download: s3://apmdockerimage/license.txt to ./license.txt
[root@ip-172-31-7-49 apm-813]# aws s3 cp s3://apmdockerimage/non_ibm_license .
download: s3://apmdockerimage/non_ibm_license to ./non_ibm_license
[root@ip-172-31-7-49 apm-813]# aws s3 cp s3://apmdockerimage/notices .
download: s3://apmdockerimage/notices to ./notices
[root@ip-172-31-7-49 apm-813]#
[root@ip-172-31-7-49 apm-813]# aws s3 cp s3://apmdockerimage/ipm_docker_deployment813.pdf .
download: s3://apmdockerimage/ipm_docker_deployment813.pdf to ./ipm_docker_deployment813.pdf
[root@ip-172-31-7-49 apm-813]#

# chmod +x apmpoc.sh
# ./apmpoc.sh load /opt/software/apm-813
Loading image /opt/software/apm-813/apmserver813.tgz
5f70bf18a086: Loading layer [==================================================>] 1.024 kB/1.024 kB
69bd93b9db4e: Loading layer [==================================================>] 197.1 MB/197.1 MB
7ca31c1c8f15: Loading layer [==================================================>] 301.7 MB/301.7 MB
47a652b006c4: Loading layer [==================================================>] 650.9 MB/650.9 MB
ec52018fcd4b: Loading layer [==================================================>] 5.862 GB/5.862 GB
8cda3b07e39a: Loading layer [==================================================>]  2.56 kB/2.56 kB
f388e8bbb12c: Loading layer [==================================================>] 4.608 kB/4.608 kB
2291ceb277ef: Loading layer [==================================================>] 7.168 kB/7.168 kB
Loading image /opt/software/apm-813/apmprefetch813.tgz
61c2826d1468: Loading layer [==================================================>] 3.904 GB/3.904 GB
8bbdbb89e7c3: Loading layer [==================================================>] 4.096 kB/4.096 kB
e8a13e75cfc4: Loading layer [==================================================>] 6.569 GB/6.569 GB
Loading image /opt/software/apm-813/apmmongodb813.tgz
135429191ba6: Loading layer [==================================================>] 144.2 MB/144.2 MB
1d07907a2969: Loading layer [==================================================>] 3.584 kB/3.584 kB
Loading image /opt/software/apm-813/apmrepository813.tgz
4a3dfbaf0a3f: Loading layer [==================================================>] 1.945 GB/1.945 GB
e5c4553eb906: Loading layer [==================================================>]  5.12 kB/5.12 kB
c16f09940a6c: Loading layer [==================================================>] 4.096 kB/4.096 kB




# ./apmpoc.sh create 172.31.7.49
Creating container prefetch
ffc369a653a82e50f410cae43697254dcf92985f6df0a0561197723efc687193
Creating container mongodb
f21033534eef482719e658b6bbbec451e66767d3ed0047376a6c62672fadc737
Creating container server
c6fa27b6ed69947d1c6d8ea710102f242036f6b348d44333113cc326ab8e740a
Creating container repository
1123651c80beea0a92f6aba7566bd607c4652ba974259a40e5dd6d0f160e4b10
[root@ip-172-31-7-49 apm-813]# docker ps -a
CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS              PORTS               NAMES
1123651c80be        apmrepository:latest   "/bin/sh -c /opt/star"   12 seconds ago      Created                                 apmrepository
c6fa27b6ed69        apmserver:latest       "/bin/sh -c /opt/ibm/"   15 seconds ago      Created                                 apmserver
f21033534eef        apmmongodb:latest      "/bin/sh -c /usr/bin/"   19 seconds ago      Created                                 apmmongodb
ffc369a653a8        apmprefetch:latest     "/bin/sh -c '/bin/sh "   21 seconds ago      Created                                 apmprefetch


# ./apmpoc.sh start
Starting container prefetch
apmprefetch
Starting container mongodb
apmmongodb
Starting container server
apmserver
Starting container repository
apmrepository
Performance Management console ( https://172.31.7.49:9443 ) will be accessible in about 10 minutes. In meantime you can install monitoring agents - execute apmpoc.sh status to get URLs to download preconfigured agent images.
[root@ip-172-31-7-49 apm-813]#


# ./apmpoc.sh status
Container server is running
Port mapping for container
2181/tcp -> 0.0.0.0:32773
8090/tcp -> 0.0.0.0:32772
8091/tcp -> 0.0.0.0:32771
8099/tcp -> 0.0.0.0:8099
9092/tcp -> 0.0.0.0:32770
10001/tcp -> 0.0.0.0:10001
80/tcp -> 0.0.0.0:80
9443/tcp -> 0.0.0.0:9443

Container prefetch is running
Port mapping for container
50000/tcp -> 0.0.0.0:32768

Container mongodb is running
Port mapping for container
27000/tcp -> 0.0.0.0:32769

Container repository is running
Port mapping for container
80/tcp -> 0.0.0.0:32774


Use following links to download preconfigured agent images:
http://172.31.7.49:32774/ipm_apm_advanced_agents_aix_8.1.3.tar
http://172.31.7.49:32774/ipm_apm_advanced_agents_xlinux_8.1.3.tar
http://172.31.7.49:32774/ipm_apm_advanced_agents_win_8.1.3.zip
[root@ip-172-31-7-49 apm-813]#




Login into ECS service
#aws configure
#aws ecr get-login --region us-east-1


One time only Setup CLI into AWS:
    http://docs.aws.amazon.com/cli/latest/userguide/installing.html#cli-test-the-setup
        $ curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
        $ unzip awscli-bundle.zip
        $ sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws

One time only:  "aws configure"

Each Day run this to get current day login string:   "aws ecr get-login --region us-east-1"

----------------------------------------------------------------------------------------------------

If all your AWS instances do not have BTRFS file system formatting, then the default max disk space
size for docker containers will be 10GB.  This is too small for the IBM Dash Docker container.

Steps to setup docker service on rhel7 to have large enough to support the IBM Dash docker container
    1. stop docker
    2. remove directory /var/lib/docker (this will remove any pulled images)
    3. edit /usr/lib/systemd/system/docker.service
            update line starting with ExecStart to :
            ExecStart=/usr/bin/docker daemon -H fd://  --storage-driver devicemapper --storage-opt dm.basesize=50G
        save the file
    4. systemctl daemon-reload
    5. start docker

----------------------------------------------------------------------------------------------------

Steps to upload NOI Docker containers:

Example to connect:
    docker login  -u AWS  -p <big_long_encrypted_hash>  -e none   https://093244773991.dkr.ecr.us-east-1.amazonaws.com

Example to tag an existing container:
    run - to tag Dash container       "docker tag noi1401-ifix/dash:latest 093244773991.dkr.ecr.us-east-1.amazonaws.com/itsm01:dash"
    run - to tag Impactcore container "docker tag noi1401-ifix/impactcore:latest 093244773991.dkr.ecr.us-east-1.amazonaws.com/itsm01:impactcore"

Example to load an existing local container after it has been tagged using AWS syntax
    docker push 093244773991.dkr.ecr.us-east-1.amazonaws.com/itsm01:dash

----------------------------------------------------------------------------------------------------

Create your AWS instance (virtual machine)

----------------------------------------------------------------------------------------------------

Connecting to your AWS instance
    https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

# Setup the aws command line environment (aws configure)

# Get info about specific instance (validate its existence)
    aws ec2 get-console-output --instance-id i-0ea22089a33d69cdd
                or
                aws ec2 get-console-output --headers --instance-id i-0ea22089a33d69cdd

# Obtain the PEM certificate file (Private Key File when Instance was created)

# ssh in Linux
    chmod 400 /root/Desktop/itsm-noi-14.pem
    ssh -i /root/Desktop/itsm-noi-14.pem ec2-user@ec2-54-235-4-35.compute-1.amazonaws.com

----------------------------------------------------------------------------------------------------

Docker setup Once logged into AWS instance

- setup docker repo - https://docs.docker.com/engine/installation/linux/rhel/
                             sudo tee /etc/yum.repos.d/docker.repo <<-EOF
                                    [dockerrepo]
                                    name=Docker Repository
                                    baseurl=https://yum.dockerproject.org/repo/main/centos/7
                                    enabled=1
                                    gpgcheck=1
                                    gpgkey=https://yum.dockerproject.org/gpg
                                    EOF
- install docker-engine (sudo yum install docker-engine)
- download AWS command line tool
- Install AWS command line tools
- run "aws configure"
- run "aws ecr get-login --region us-east-1"  <-- this produces the next line for "docker login"
- run "docker login  -u AWS  -p <big_long_encrypted_hash>  -e none   https://093244773991.dkr.ecr.us-east-1.amazonaws.com"
- run - download Omnibus container  "docker pull 093244773991.dkr.ecr.us-east-1.amazonaws.com/itsm01:omnibus"
    (This pulls the docker container from the AWS repository to local host)
    Now tag the pulled AWS container to have the same name which the IBM deployment scripts use:
        run "docker tag 093244773991.dkr.ecr.us-east-1.amazonaws.com/itsm01:omnibus noi1401-ifix/omnibus:latest"

- run (if not using the IBM deployment scripts) ...  "docker run -d -i --ulimit nofile=8192:8192 --ulimit nproc=16384:16384 -p 4100:4100 -p 45037:45037 -p 162:162 -p 162:162/udp -p 9002:9001 -p 9093:9090 -p 9098:9095 -p 9998-9999:9998-9999 -h omnibus --name=omnibus -u netcool c6cae41ef50b"  #( This is not including the other parameters to build the /etc/hosts file for this container which is part of an NOI install - eg multiple docker containers)

----------------------------------------------------------------------------------------------------

Copy IBM Created docker images into AWS instance (as needed - this is not needed if "docker push" steps were performed above
    scp -i /root/Desktop/itsm-noi-14.pem database.tgz  ec2-user@ec2-54-164-87-185.compute-1.amazonaws.com:/home/ec2-user/database

----------------------------------------------------------------------------------------------------

Ensure there is sufficient disk space in your AWS instance
     -AND-
The filesystem space must be formatted "btrfs"
Create BTRFS file system for docker images
    (recall an additional storage block space has been allocated to our AWS instance)
    (recall also Docker loads its file system in /var/lib/docker)
        lsblk  (lists device files)
        mkfs.btrfs /dev/xvdb
        mkdir /opt/IBMDocker
        Edit /etc/fstab , add entry
              --->  /dev/xvdb                                 /opt/IBMDocker                  btrfs   defaults        0 0
        mount -a

----------------------------------------------------------------------------------------------------

Copying files from AWS S3 storage into your AWS instance
    - setup aws authentication session
    - run "aws s3 cp s3://noidockerimages/dash.tgz My_dash.tgz"

----------------------------------------------------------------------------------------------------

Uploading DB2 docker tarball - this is the case if not using AWS Docker service (basically we build our own private docker hub within our AWS instance)

    Ensure all unix commands required by IBM deployment script are present
       
  mkdir /tmp/database ( This becomes full path /home/ec2-user/database )
        (perform the scp copy for each IBM docker instance tarball file)
  scp -i /root/Desktop/itsm-noi-14.pem   database.tgz   ec2-user@ec2-54-164-87-185.compute-1.amazonaws.com:/home/ec2-user/database

----------------------------------------------------------------------------------------------------

Using existing IBM docker deployment script. (So this ignores the AWS Docker service)
    Setup passwordless ssh for "root" account in your AWS instance
        cd /root/.ssh
        cp authorized_keys authorized_keys.OLD
        cat id_rsa.pub >> authorized_keys
        ssh root@172.31.8.223   (validation step)

    Ensure all unix commands required by IBM deployment script ( ./noi-docker.sh ) are present
        yum install bind-utils.x86_64   

    Start AWS container networking in proper order required for Docker port maps
        systemctl stop docker
        systemctl restart firewalld
        iptables -I INPUT 1 -i docker0 -j ACCEPT   <---- You might need to run this after starting the docker service
        systemctl start docker
        ./noi-docker.sh -start database omnibus impactcore impactgui dash