Prerequisites
Hardware | Specification |
Virtual Machines |
NFS datastores are not supported by the underlying yarnman database (Couchdb) and using NFS could lead to dataloss if NFS connectivity is interupted during write operations For large wrangler deployments the OVA requires 8vCPU and 16GB of vRAM - >20k users/devices in source system Storage Notes
|
Virtualization software | VMware vSphere ESXi 6 or higher VMware Workstation support 12 or higher |
Yarnman Deployment
Setup Process
Steps | Purpose | Notes | Dependancies | |
---|---|---|---|---|
1 | Deploy OVA | Deploy all yarnman virtual machines | ||
2 | Set IP address | Set static IP address for yarnman | ||
3 | Generate Certificates | Generate service container certificates | If changes are required at this step the script can be started | |
4 | Install yarnman | Install yarnman and initialise system | If changes are required at this step the script can be started | |
5 | Encrypt configuration | Encrypt keys and config using clevis/tang | The other nodes must be deployed and initalised before this step can be performed | |
6 | Local node customisation | Customise local node | ||
7 | Enable Couchd clustering | Only required for clustered yarnman deployments | Local node customisation |
Deploy Yarnman OVA
1. Deploy yarnman OVA to VMware
Yarnman ova can be depoyed either using VMware OVFtool or by uploading the ova to vSphere/ESXi
OVA file format yarnman-ph4-<version>-<build>.ova
Note that this file format may change
If using Ovftool to deploy
ovftool --name="<VMNAME>" --powerOn --datastore="<datastore>" --net:"nat"="<network name>" <Yarnman OVA> "<VI path >"
VI Paths
Direct ESXI "vi://<vmware username>@<ESXI IP>"
Direct ESXI with resource pool "vi://<vmware username>@<ESXI IP>/<resource Pool>"
vSphere Host "vi://<vmware username>@<vSphere>/<datacenter name/host/<Host IP or name>"
vSphere Cluster "vi://<vmware username>@<vSphere>/<datacenter name/host/<cluster name>/<Host IP or name>"
if you use a "@" or any other special characters in your username or password it must be converted to ASCI and prefixed with % e.g. test@yarnlab.io is test%40yarnlab.io
2. Using VMware Console log into Yarnman to bootstrap configuration
1. login to to yarnman using the VMware console
Default username: root Password: yarnman
Note that you will be prompted to change the root password on first login, note that the root account cannot be used for SSH
2. Set the static ip and other network settings
root@yarnman [ ~ ]# ym-set-static-ip.sh Do you want to set a static IP? Y or Ny set static Please, select a network interface from the numberic index: 0 eth0 1 docker0 0 Selected eth0 *** Please enter the following details: *** Hostname: yarnman-test IP Address: 10.101.10.37 Netmask Bits: 24 Gateway: 10.101.10.1 DNS: 10.101.205.200 Domain: lab.yarnlab.io NTP: 10.101.205.200
3. Confirm Network Settings
Applying the following configuration: Interface = eth0 Hostname = yarnman-test IP Address = 10.101.10.37 Netmask = 24 Gateway = 10.101.10.1 DNS = 10.101.205.200 Domain = lab.yarnlab.io NTP = 10.101.205.200 Is this correct? Y or N
Console output from previous set - no action required
setting static ip - netmgr ip4_address --set --interface eth0 --mode static --addr 10.101.10.37/24 --gateway 10.101.10.1 IPv4 Address Mode: static IPv4 Address=10.101.10.37/24 IPv4 Gateway=10.101.10.1 use --dhcp default value 0. use --autoconf default value 0. setting hostname - netmgr hostname --set --name yarnman-test Hostname: yarnman-test # Begin /etc/hosts (network card version) ::1 ipv6-localhost ipv6-loopback 127.0.0.1 localhost.localdomain 127.0.0.1 localhost 127.0.0.1 yarnman # End /etc/hosts (network card version) 10.101.10.37 yarnman-test setting dns servers - netmgr dns_servers --set --mode staic --servers 10.101.205.200 DNSMode=static DNSServers=127.0.0.53 nameserver 10.101.205.200 setting dns servers - netmgr dns_domains --set --domains lab.yarnlab.io Domains=domains. setting dns servers - netmgr ntp_servers --set --servers 10.101.205.200 NTPServers= 10.101.205.200 Bootstrap configuration complete
4. Set the password for the yarnman user
This user is used for ssh with a userid of yarnman
yarnman user not found adding now Set yarnman password New password: BAD PASSWORD: The password is shorter than 8 characters New password: Retype new password: passwd: password updated successfully Adding yarnman-user to SSH allowed groups
5. If certificates are not present the script will ask the user to automatically generate local certificates
These certificate are for local services and there is no advantage for using signed certificates - These are not the brower certificates
Certificates not present Do you want to generate certificates? Y or N
Certificate verification
Applying the following configuration: Certificate Duration Days = 3650 Certificate Country = AU Certificate State = NSW Certificate Location = yarnlab Certificate Organisation = yarnlab Certificate Common Name = yarnman-test.lab.yarnlab.io Certificate Alt Names = DNS:yarnman-test.local,IP:10.101.10.37 Is this correct? Y or N
If you dont accept the certificate you can use the script ym-generate-certs.sh
Certificate generation output
Cenerating Certificates Generating yarnman rootCA Generating Certificates for registry Certificate request self-signature ok subject=C = AU, ST = NSW, L = yarnlab, O = yarnlab, CN = yarnman-test.lab.yarnlab.io writing RSA key Generating Certificates for couchdb Certificate request self-signature ok subject=C = AU, ST = NSW, L = yarnlab, O = yarnlab, CN = yarnman-test.lab.yarnlab.io writing RSA key Certificates Generated Yarnman local.yaml is not present
6. If yarnman has not been installed the script will prompt to set the database password for yarnman
Yarnman local.yaml is not present Do you want to install yarnman? Y or Ny Install Yarnman Set Couch DB password: Couch password (again):
After setting the couch DB password there will be a large amount of console output and any 404 error log entries can be ignored e.g.
1660723081311 DEBUG CouchDB Exception: Bad response (404) trying to load yarnman-ucmc-schema-object '8971f9e766db0be257d35c8344c93f5df72eb0f1ed662e2a6fec5630870d2448' in couch.
{ error: 'not_found', reason: 'missing' }
1660723089554 INFO Default authentication database has been created and prepared. 1660723089564 INFO Default role default created. 1660723089622 INFO Password changed for user yarnman successfully. 1660723089632 INFO Default Yarnman User yarnman created. 1660723089647 INFO Default role default has had its permissions updated. 1660723089657 INFO Default policy Central DB-Only Policy created. 1660723089666 INFO We have successfully enrolled the node. 1660723089678 INFO We have successfully created a node registration. 1660723089693 INFO Configuration Standalone Yarnman Proxy has been successfully created. 1660723089702 INFO Configuration Standalone Yarnman Administration App has been successfully created. 1660723089711 INFO Configuration Standalone Yarnman Workflow Service has been successfully created. 1660723089740 INFO Both public and private encryption keys been located and verified. 1660723090021 INFO SSL key and cert have been generated (self-signed). 1660723090022 WARN Setting directory permissions. 1660723090022 INFO Installation process for Yarnman Standalone Core has been completed successfully. 1660723090022 INFO Go to Admin-App and then add services. Imported 1 GPG key to remote "photon" * photon 6271beba2e07da40ad3480af0fbba313a3c26e63f425174e9b25b14b302a1f09.0 Version: 4.0_yarnman origin refspec: photon:photon/4.0/x86_64/yarnman GPG: Signature made Wed 17 Aug 2022 05:50:59 AM UTC using RSA key ID 876CE99C337FE298 GPG: Good signature from "Yarnlab Photon Test Key <contact@yarnlab.io>" GPG: Key expires Wed 29 May 2024 09:30:23 AM UTC [+] Running 4/4 ⠿ Container ym-yarnman Removed 10.3s ⠿ Container ym-couchdb Removed 1.6s ⠿ Container ym-redis Removed 0.2s ⠿ Network yarnman_yl-yarnman Removed 0.1ss removing yarnman registry Stopping local registry containers Removing local registry images ● yarnman.service - yarnman Loaded: loaded (/usr/lib/systemd/system/yarnman.service; disabled; vendor preset: enabled) Active: active (running) since Wed 2022-08-17 07:58:32 UTC; 6ms ago Process: 4211 ExecStartPre=/usr/bin/docker-compose -f docker-compose.yml down (code=exited, status=0/SUCCESS) Main PID: 4221 (docker-compose) Tasks: 5 (limit: 4694) Memory: 4.9M CGroup: /system.slice/yarnman.service └─4221 /usr/bin/docker-compose -f docker-compose.yml -f docker-compose-override.yml up --remove-orphans Aug 17 07:58:32 yarnman-test systemd[1]: Starting yarnman... Aug 17 07:58:32 yarnman-test docker-compose[4211]: yarnman Warning: No resource found to remove Aug 17 07:58:32 yarnman-test systemd[1]: Started yarnman. Created symlink /etc/systemd/system/multi-user.target.wants/yarnman.service → /usr/lib/systemd/system/yarnman.service. Yarnman installation finished
3 Minute screen cast of deployment https://youtu.be/F_JBA5B_QzI https://youtu.be/F_JBA5B_QzI
7. Web Browser, browse to Yarnman IP and set the administrator account password.
Accept the End User License Agreement by selecting the check box.
Under the Set Administrator Password option, enter the password that is used later to log in to the GUI & click "Save Acceptance and Update Administrator".
Login with the username of the administrator and password that you created.
Yarnman is installed