Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Compute Requirements

Hardware

Specification

Virtual Machines

  • 4 vCPU

  • 8 GB vRAM (16GB required for larger deployments)

  • Disks 97GB102GB

    • 1 x 30GB - OS

    • 1 x 60GB - Database

    • 1 x 12GB - Logs

Note

NFS datastores are not supported by the underlying yarnman database (Couchdb) and using NFS could lead to dataloss if NFS connectivity is interupted during write operations

Warning

For large wrangler deployments the OVA requires 8vCPU and 16GB of vRAM - >20k users/devices in source system

Storage Notes

  • Storage latency < 20 ms (no spikes above)

  • POSIX-compatible filesystem

Virtualization software

VMware vSphere ESXi 6 or higher

VMware Workstation support 12 or higher

Yarnman Deployment

Setup Process

Steps

Purpose

Notes

Dependancies

1

Deploy OVA

Deploy all yarnman virtual machines

2

Set IP address

Set static IP address for yarnman

3

Generate Certificates

Generate service container certificates

If changes are required at this step the script can be started

https://yarnlab.atlassian.net/wiki/spaces/YSP/pages/2916745332/Yarnman+Photon+Powered+YM-PH+-+Command+Line+Interface+Guide+CLI#ym-generate-certs.sh

4

Install yarnman

Install yarnman and initialise system

If changes are required at this step the script can be started

https://yarnlab.atlassian.net/wiki/spaces/YSP/pages/2916745332/Yarnman+Photon+Powered+YM-PH+-+Command+Line+Interface+Guide+CLI#ym-install.sh

5

Encrypt configuration

Encrypt keys and config using clevis/tang

The other nodes must be deployed and initalised before this step can be performed

6

Local node customisation

Customise local node

7

Enable Couchd clustering

Only required for clustered yarnman deployments

Local node customisation

Deploy Yarnman OVA

1. Deploy yarnman OVA to VMware 

Yarnman ova can be depoyed either using VMware OVFtool or by uploading the ova to vSphere/ESXi 

...

Info

If using Ovftool to deploy

  1. ovftool --name="<VMNAME>" --powerOn --datastore="<datastore>" --net:"nat"="<network name>" <Yarnman OVA> "<VI path >"

  2. VI Paths

  3. Direct ESXI "vi://<vmware username>@<ESXI IP>"

  4. Direct ESXI with resource pool "vi://<vmware username>@<ESXI IP>/<resource Pool>"

  5. vSphere Host "vi://<vmware username>@<vSphere>/<datacenter name/host/<Host IP or name>"

  6. vSphere Cluster "vi://<vmware username>@<vSphere>/<datacenter name/host/<cluster name>/<Host IP or name>"

  • if you use a "@" or any other special characters in your username or password it must be converted to ASCI and prefixed with % e.g. test@yarnlab.io is test%40yarnlab.io 


2. Using VMware Console log into Yarnman to bootstrap configuration

1. login to to yarnman using the VMware console

Info

Default username: root Password: yarnman

...

Note that you will be prompted to change the root password on first login, note that the root account cannot be used for SSH

2. Set the static ip and other network settings

...

Code Block
root@yarnman [ ~ ]# ym-set-static-ip.sh
Do you want to set a static IP? Y or Ny
set static
Please, select a network interface from the numberic index:
0 eth0
1 docker0
0
Selected eth0

 *** Please enter the following details: ***

Hostname: yarnman-test
IP Address: 10.101.10.37
Netmask Bits: 24
Gateway: 10.101.10.1
DNS: 10.101.205.200
Domain: lab.yarnlab.io
NTP: 10.101.205.200

3. Confirm Network Settings

...

Code Block
Applying the following configuration:

Interface = eth0
Hostname = yarnman-test
IP Address = 10.101.10.37
Netmask = 24
Gateway = 10.101.10.1
DNS = 10.101.205.200
Domain = lab.yarnlab.io
NTP = 10.101.205.200

Is this correct? Y or N

Console output from previous set - no action required

...

Code Block
setting static ip - netmgr ip4_address --set --interface eth0 --mode static --addr 10.101.10.37/24 --gateway 10.101.10.1
IPv4 Address Mode: static
IPv4 Address=10.101.10.37/24
IPv4 Gateway=10.101.10.1
use --dhcp default value 0.
use --autoconf default value 0.
setting hostname - netmgr hostname --set --name yarnman-test
Hostname: yarnman-test
# Begin /etc/hosts (network card version)

::1         ipv6-localhost ipv6-loopback
127.0.0.1   localhost.localdomain
127.0.0.1   localhost
127.0.0.1   yarnman
# End /etc/hosts (network card version)
10.101.10.37    yarnman-test
setting dns servers - netmgr dns_servers --set --mode staic --servers 10.101.205.200
DNSMode=static
DNSServers=127.0.0.53
nameserver 10.101.205.200
setting dns servers - netmgr dns_domains --set --domains lab.yarnlab.io
Domains=domains.
setting dns servers - netmgr ntp_servers --set --servers 10.101.205.200
NTPServers= 10.101.205.200
Bootstrap configuration complete

4. Set the password for the yarnman user

This user is used for ssh with a userid of yarnman

...

Code Block
yarnman user not found adding now
Set yarnman password
New password:
BAD PASSWORD: The password is shorter than 8 characters
New password:
Retype new password:
passwd: password updated successfully
Adding yarnman-user to SSH allowed groups

5. If certificates are not present the script will ask the user to automatically generate local certificates

Note

These certificate are for local services and there is no advantage for using signed certificates - These are not the brower certificates

...

Code Block
Certificates not present
Do you want to generate certificates? Y or N

Certificate verification

...

Code Block
Applying the following configuration:

Certificate Duration Days = 3650
Certificate Country = AU
Certificate State = NSW
Certificate Location = yarnlab
Certificate Organisation = yarnlab
Certificate Common Name = yarnman-test.lab.yarnlab.io
Certificate Alt Names = DNS:yarnman-test.local,IP:10.101.10.37

Is this correct? Y or N
Info

If you dont accept the certificate you can use the script ym-generate-certs.sh

Certificate generation output

...

Code Block
Cenerating Certificates
Generating yarnman rootCA
Generating Certificates for registry
Certificate request self-signature ok
subject=C = AU, ST = NSW, L = yarnlab, O = yarnlab, CN = yarnman-test.lab.yarnlab.io
writing RSA key
Generating Certificates for couchdb
Certificate request self-signature ok
subject=C = AU, ST = NSW, L = yarnlab, O = yarnlab, CN = yarnman-test.lab.yarnlab.io
writing RSA key
Certificates Generated
Yarnman local.yaml is not present

6. If yarnman has not been installed the script will prompt to set the database password for yarnman

...

Code Block
Yarnman local.yaml is not present
Do you want to install yarnman? Y or Ny
Install Yarnman
Set Couch DB password:
Couch password (again):

...

Code Block
1660723089554 INFO  Default authentication database has been created and prepared.
1660723089564 INFO  Default role default created.
1660723089622 INFO  Password changed for user yarnman successfully.
1660723089632 INFO  Default Yarnman User yarnman created.
1660723089647 INFO  Default role default has had its permissions updated.
1660723089657 INFO  Default policy Central DB-Only Policy created.
1660723089666 INFO  We have successfully enrolled the node.
1660723089678 INFO  We have successfully created a node registration.
1660723089693 INFO  Configuration Standalone Yarnman Proxy has been successfully created.
1660723089702 INFO  Configuration Standalone Yarnman Administration App has been successfully created.
1660723089711 INFO  Configuration Standalone Yarnman Workflow Service has been successfully created.
1660723089740 INFO  Both public and private encryption keys been located and verified.
1660723090021 INFO  SSL key and cert have been generated (self-signed).
1660723090022 WARN  Setting directory permissions.
1660723090022 INFO  Installation process for Yarnman Standalone Core has been completed successfully.
1660723090022 INFO  Go to Admin-App and then add services.
Imported 1 GPG key to remote "photon"
* photon 6271beba2e07da40ad3480af0fbba313a3c26e63f425174e9b25b14b302a1f09.0
    Version: 4.0_yarnman
    origin refspec: photon:photon/4.0/x86_64/yarnman
    GPG: Signature made Wed 17 Aug 2022 05:50:59 AM UTC using RSA key ID 876CE99C337FE298
    GPG: Good signature from "Yarnlab Photon Test Key <contact@yarnlab.io>"
    GPG: Key expires Wed 29 May 2024 09:30:23 AM UTC
[+] Running 4/4
 ⠿ Container ym-yarnman        Removed 10.3s
 ⠿ Container ym-couchdb        Removed 1.6s
 ⠿ Container ym-redis          Removed 0.2s
 ⠿ Network yarnman_yl-yarnman  Removed 0.1ss
removing yarnman registry
Stopping local registry containers
Removing local registry images
● yarnman.service - yarnman
     Loaded: loaded (/usr/lib/systemd/system/yarnman.service; disabled; vendor preset: enabled)
     Active: active (running) since Wed 2022-08-17 07:58:32 UTC; 6ms ago
    Process: 4211 ExecStartPre=/usr/bin/docker-compose -f docker-compose.yml down (code=exited, status=0/SUCCESS)
   Main PID: 4221 (docker-compose)
      Tasks: 5 (limit: 4694)
     Memory: 4.9M
     CGroup: /system.slice/yarnman.service
             └─4221 /usr/bin/docker-compose -f docker-compose.yml -f docker-compose-override.yml up --remove-orphans

Aug 17 07:58:32 yarnman-test systemd[1]: Starting yarnman...
Aug 17 07:58:32 yarnman-test docker-compose[4211]: yarnman  Warning: No resource found to remove
Aug 17 07:58:32 yarnman-test systemd[1]: Started yarnman.
Created symlink /etc/systemd/system/multi-user.target.wants/yarnman.service → /usr/lib/systemd/system/yarnman.service.
Yarnman installation finished
Tip

3 Minute screen cast of deployment https://youtu.be/F_JBA5B_QzI https://youtu.be/F_JBA5B_QzI

7. Web Browser, browse to Yarnman IP and set the administrator account password.

  • Accept the End User License Agreement by selecting the check box.

  • Under the Set Administrator Password option, enter the password that is used later to log in to the GUI & click "Save Acceptance and Update Administrator".

  • Login with the username of the administrator and password that you created.

  • Yarnman is installed

Upgrade Guide

refer to https://yarnlab.atlassian.net/wiki/spaces/YSP/pages/2916745332/Yarnman+Photon+Powered+YM-PH+-+Command+Line+Interface+Guide+CLI#Upgrade