/
Yarnman Photon Powered (YM-PH) - Installation and Upgrade Guide

Yarnman Photon Powered (YM-PH) - Installation and Upgrade Guide

 

Compute Requirements

Hardware

Specification

Virtual Machines

  • 4 vCPU

  • 8 GB vRAM (16GB required for larger deployments)

  • Disks 102GB

    • 1 x 30GB - OS

    • 1 x 60GB - Database

    • 1 x 12GB - Logs

NFS datastores are not supported by the underlying yarnman database (Couchdb) and using NFS could lead to dataloss if NFS connectivity is interupted during write operations

For large wrangler deployments the OVA requires 8vCPU and 16GB of vRAM - >20k users/devices in source system

Storage Notes

  • Storage latency < 20 ms (no spikes above)

  • POSIX-compatible filesystem

Virtualization software

VMware vSphere ESXi 6 or higher

VMware Workstation support 12 or higher

Yarnman Deployment

Setup Process

Steps

Purpose

Notes

Dependancies

Steps

Purpose

Notes

Dependancies

1

Deploy OVA

Deploy all yarnman virtual machines

 

 

2

Set IP address

Set static IP address for yarnman

 

 

3

Generate Certificates

Generate service container certificates

 

If changes are required at this step the script can be started

Yarnman Photon Powered (YM-PH) - Command Line Interface Guide (CLI) | ym generate certs.sh

 

4

Install yarnman

Install yarnman and initialise system

If changes are required at this step the script can be started

Yarnman Photon Powered (YM-PH) - Command Line Interface Guide (CLI) | ym install.sh

 

5

Encrypt configuration

Encrypt keys and config using clevis/tang

 

The other nodes must be deployed and initalised before this step can be performed

6

Local node customisation

Customise local node

 

 

7

Enable Couchd clustering

Only required for clustered yarnman deployments

 

Local node customisation

 

Deploy Yarnman OVA

1. Deploy yarnman OVA to VMware 

Yarnman ova can be depoyed either using VMware OVFtool or by uploading the ova to vSphere/ESXi 

OVA file format yarnman-ph4-<version>-<build>.ova

Note that this file format may change

If using Ovftool to deploy

  1. ovftool --name="<VMNAME>" --powerOn --datastore="<datastore>" --net:"nat"="<network name>" <Yarnman OVA> "<VI path >"

  2. VI Paths

  3. Direct ESXI "vi://<vmware username>@<ESXI IP>"

  4. Direct ESXI with resource pool "vi://<vmware username>@<ESXI IP>/<resource Pool>"

  5. vSphere Host "vi://<vmware username>@<vSphere>/<datacenter name/host/<Host IP or name>"

  6. vSphere Cluster "vi://<vmware username>@<vSphere>/<datacenter name/host/<cluster name>/<Host IP or name>"

  • if you use a "@" or any other special characters in your username or password it must be converted to ASCI and prefixed with % e.g. test@yarnlab.io is test%40yarnlab.io 



2. Using VMware Console log into Yarnman to bootstrap configuration

1. login to to yarnman using the VMware console

Default username: root Password: yarnman

Note that you will be prompted to change the root password on first login, note that the root account cannot be used for SSH

 

2. Set the static ip and other network settings

root@yarnman [ ~ ]# ym-set-static-ip.sh Do you want to set a static IP? Y or Ny set static Please, select a network interface from the numberic index: 0 eth0 1 docker0 0 Selected eth0 *** Please enter the following details: *** Hostname: yarnman-test IP Address: 10.101.10.37 Netmask Bits: 24 Gateway: 10.101.10.1 DNS: 10.101.205.200 Domain: lab.yarnlab.io NTP: 10.101.205.200

 

3. Confirm Network Settings

Applying the following configuration: Interface = eth0 Hostname = yarnman-test IP Address = 10.101.10.37 Netmask = 24 Gateway = 10.101.10.1 DNS = 10.101.205.200 Domain = lab.yarnlab.io NTP = 10.101.205.200 Is this correct? Y or N

Console output from previous set - no action required

setting static ip - netmgr ip4_address --set --interface eth0 --mode static --addr 10.101.10.37/24 --gateway 10.101.10.1 IPv4 Address Mode: static IPv4 Address=10.101.10.37/24 IPv4 Gateway=10.101.10.1 use --dhcp default value 0. use --autoconf default value 0. setting hostname - netmgr hostname --set --name yarnman-test Hostname: yarnman-test # Begin /etc/hosts (network card version) ::1 ipv6-localhost ipv6-loopback 127.0.0.1 localhost.localdomain 127.0.0.1 localhost 127.0.0.1 yarnman # End /etc/hosts (network card version) 10.101.10.37 yarnman-test setting dns servers - netmgr dns_servers --set --mode staic --servers 10.101.205.200 DNSMode=static DNSServers=127.0.0.53 nameserver 10.101.205.200 setting dns servers - netmgr dns_domains --set --domains lab.yarnlab.io Domains=domains. setting dns servers - netmgr ntp_servers --set --servers 10.101.205.200 NTPServers= 10.101.205.200 Bootstrap configuration complete

 

4. Set the password for the yarnman user

This user is used for ssh with a userid of yarnman

yarnman user not found adding now Set yarnman password New password: BAD PASSWORD: The password is shorter than 8 characters New password: Retype new password: passwd: password updated successfully Adding yarnman-user to SSH allowed groups

 

5. If certificates are not present the script will ask the user to automatically generate local certificates

These certificate are for local services and there is no advantage for using signed certificates - These are not the brower certificates

Certificates not present Do you want to generate certificates? Y or N

Certificate verification

Applying the following configuration: Certificate Duration Days = 3650 Certificate Country = AU Certificate State = NSW Certificate Location = yarnlab Certificate Organisation = yarnlab Certificate Common Name = yarnman-test.lab.yarnlab.io Certificate Alt Names = DNS:yarnman-test.local,IP:10.101.10.37 Is this correct? Y or N

If you dont accept the certificate you can use the script ym-generate-certs.sh

Certificate generation output

Cenerating Certificates Generating yarnman rootCA Generating Certificates for registry Certificate request self-signature ok subject=C = AU, ST = NSW, L = yarnlab, O = yarnlab, CN = yarnman-test.lab.yarnlab.io writing RSA key Generating Certificates for couchdb Certificate request self-signature ok subject=C = AU, ST = NSW, L = yarnlab, O = yarnlab, CN = yarnman-test.lab.yarnlab.io writing RSA key Certificates Generated Yarnman local.yaml is not present

6. If yarnman has not been installed the script will prompt to set the database password for yarnman

 

Yarnman local.yaml is not present Do you want to install yarnman? Y or Ny Install Yarnman Set Couch DB password: Couch password (again):

 

After setting the couch DB password there will be a large amount of console output and any 404 error log entries can be ignored e.g.

1660723081311 DEBUG CouchDB Exception: Bad response (404) trying to load yarnman-ucmc-schema-object '8971f9e766db0be257d35c8344c93f5df72eb0f1ed662e2a6fec5630870d2448' in couch.
{ error: 'not_found', reason: 'missing' }

 

1660723089554 INFO Default authentication database has been created and prepared. 1660723089564 INFO Default role default created. 1660723089622 INFO Password changed for user yarnman successfully. 1660723089632 INFO Default Yarnman User yarnman created. 1660723089647 INFO Default role default has had its permissions updated. 1660723089657 INFO Default policy Central DB-Only Policy created. 1660723089666 INFO We have successfully enrolled the node. 1660723089678 INFO We have successfully created a node registration. 1660723089693 INFO Configuration Standalone Yarnman Proxy has been successfully created. 1660723089702 INFO Configuration Standalone Yarnman Administration App has been successfully created. 1660723089711 INFO Configuration Standalone Yarnman Workflow Service has been successfully created. 1660723089740 INFO Both public and private encryption keys been located and verified. 1660723090021 INFO SSL key and cert have been generated (self-signed). 1660723090022 WARN Setting directory permissions. 1660723090022 INFO Installation process for Yarnman Standalone Core has been completed successfully. 1660723090022 INFO Go to Admin-App and then add services. Imported 1 GPG key to remote "photon" * photon 6271beba2e07da40ad3480af0fbba313a3c26e63f425174e9b25b14b302a1f09.0 Version: 4.0_yarnman origin refspec: photon:photon/4.0/x86_64/yarnman GPG: Signature made Wed 17 Aug 2022 05:50:59 AM UTC using RSA key ID 876CE99C337FE298 GPG: Good signature from "Yarnlab Photon Test Key <contact@yarnlab.io>" GPG: Key expires Wed 29 May 2024 09:30:23 AM UTC [+] Running 4/4 ⠿ Container ym-yarnman Removed 10.3s ⠿ Container ym-couchdb Removed 1.6s ⠿ Container ym-redis Removed 0.2s ⠿ Network yarnman_yl-yarnman Removed 0.1ss removing yarnman registry Stopping local registry containers Removing local registry images ● yarnman.service - yarnman Loaded: loaded (/usr/lib/systemd/system/yarnman.service; disabled; vendor preset: enabled) Active: active (running) since Wed 2022-08-17 07:58:32 UTC; 6ms ago Process: 4211 ExecStartPre=/usr/bin/docker-compose -f docker-compose.yml down (code=exited, status=0/SUCCESS) Main PID: 4221 (docker-compose) Tasks: 5 (limit: 4694) Memory: 4.9M CGroup: /system.slice/yarnman.service └─4221 /usr/bin/docker-compose -f docker-compose.yml -f docker-compose-override.yml up --remove-orphans Aug 17 07:58:32 yarnman-test systemd[1]: Starting yarnman... Aug 17 07:58:32 yarnman-test docker-compose[4211]: yarnman Warning: No resource found to remove Aug 17 07:58:32 yarnman-test systemd[1]: Started yarnman. Created symlink /etc/systemd/system/multi-user.target.wants/yarnman.service → /usr/lib/systemd/system/yarnman.service. Yarnman installation finished

3 Minute screen cast of deployment Yarnman PH4 Install Beta https://youtu.be/F_JBA5B_QzI

 

7. Web Browser, browse to Yarnman IP and set the administrator account password.

  • Accept the End User License Agreement by selecting the check box.

  • Under the Set Administrator Password option, enter the password that is used later to log in to the GUI & click "Save Acceptance and Update Administrator".

  • Login with the username of the administrator and password that you created.

  • Yarnman is installed

 

Upgrade Guide

refer to Yarnman Photon Powered (YM-PH) - Command Line Interface Guide (CLI) | Upgrade

 

yarnlab website