Using the Azure Asset Manager

The Azure Asset Manager can be used in multiple operational scenarios. For example, it can launch a Broker and its Engines in Azure. It’s also possible to launch Engines in Azure from a Broker that is not launched in Azure. To use the Azure Asset Manager, perform the following tasks.

Prerequisites

Launch an OS Image

To begin, you must launch an OS image in an Azure VM for the Broker.

Procedure

  • Launch an OS Image (RHEL 7 64-bit), making sure public IP is enabled so you can do updates to the OS. A recommended image is STANDARD_D3_V2 with 200 GB of disk.

Create the Broker Image

Next, install the Broker in the VM.

Procedure

  1. Install the Broker and configure it normally, starting with the JDK. Install relevant distributions, Enablers, and Skyway templates as needed. See the Installing Brokers section of the Silver Fabric Installation Guide for more information.
  2. Install an rc script to start and stop the Broker, as shown in Example Unix Broker Startup Script.
  3. Install any other items you may want in the Broker VM, such as a reporting database, Maven repository, or LDAP server.
  4. Optionally, you can configure and run the NFS server on the Broker and export NFS directories. This makes it convenient to export the grid library location and a data directory used by components when they need a shared file system. Refer to the Silver Fabric Cloud Administration Guide for more information on configuring an NFS mount as an alternate shared Grid Library location.
  5. Clean up the /tmp directory and various system logs.
  6. Create the VM with the Broker shut down and snapshot the VM without system reboot.

Create an Engine Image

If you are using a customized Image, create the Engine image, or else use a standard image available in Azure marketplace can be used.

For standard images, the following table lists commonly-used Linux images:

PublisherName Offer Sku Version

RedHat

RHEL

7.2

latest

OpenLogic

CentOS

7.1

latest

Canonical

UbuntuServer

16.04-LTS

latest

The following procedure is used to create a customized image:

Procedure

  1. Launch an OS Image (Ubuntu server 16.04 LTS 64-bit) making sure public IP is enabled.
  2. Create an OS user named fabric if it was not created when the VM was launched.
  3. Chown the /opt directory with the fabric user and extract the Silver Fabric Engine installation TAR archive in the /opt directory, but don't configure or run the Engine.
  4. Use the /opt/sfengine script as the start stop script and configure start/stop with the systemd service. See the Example Sfengine Script for an example Ubuntu 16.04 start script.
    Note: Make sure that the sfengine script has execute privileges and is owned by the user fabric.
  5. Enable the systemd sfengine.service. See the Example Sfengine.service Script for an example script.
    Note: The example engine.sh and configure.sh scripts do not always work for various OSes and may require modifications for your system.
  6. Make sure that the NFS client is installed on the system.
  7. Before capturing the image, clean up the /tmp directory and various system logs. Capture the image with the Engine shut down and snapshot for Image without system reboot.
  8. Capture an Image as per the instructions given at https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-capture-image?toc=%2fazure%2fvirtual-machines%2flinux%2ftoc.json
  9. One way is as shown below with Azure CLI: 
    - azure config mode arm
- azure login
- azure vm deallocate -g <ResourceGroupName> -n <VmName>
- azure vm generalize -g <ResourceGroupName> -n <VmName>
- azure vm capture -g <ResourceGroupName> -n <VmName>
-p <VhdNamePrefix> -t <path-to-store-vhd>

Register your Application with Service Principal

You must create an Active Directory application and register a service principal in order to get the Client ID, Client Key and Tenant ID properties to configure the Asset Manager.

Procedure

Create a Virtual Network and Subnet for the Engine VM

A virtual network and subnet are a prerequisite with the Azure Asset Manager. You can use an existing virtual network and subnet, or create a new one where the VMs would be launched. Use the Azure portal to create a virtual network and subnet for the Engine VM.

Procedure

  • In the Azure portal, complete the steps detailed in https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-create-vnet-arm-pportal as applicable to your network.

Configure the Azure Asset Manager

In the Silver Fabric Administration Tool, configure the Azure Asset Manager with the details from above steps.

The following apply to Asset Manager configuration:
  • Admin User : The name for OS user which will be created as part of the VM deployment. Admin User must satisfy these criterias : It must be 1-64 characters long; It cannot contain uppercase characters A-Z, special characters \\/\"\"[]:|<>+=;,?*@#()! or start with '$' or '-'; It should not be from the reserved words.
  • Admin Password: The Admin Password must be 12-72 characters, having at least three of the following: one lowercase character, one uppercase character, one number, and one special character.
  • For security purposes, the values for the ClientId, ClientKey, and TenantId properties can be provided in an AzureConfig.properties file instead of providing them in the Administration Tool. The values in this file will be encrypted after the first read. The format for the AzureConfig.properties file is as follows: 
    ClientId=<clientid>
ClientKey=<clientkey>
TenantId=<tenantid>
    After creating a AzureConfig.properties file, copy it to the SF_HOME/webapps/livecluster/WEBINF/assets/azure directory.
  • If Require Policy Rule is selected, AssetManagerId is a must Component rule.
  • If the AssetManagerId component rule is selected, it will always be validated against the value given in the Asset Manager configuration irrespective of the Require Policy Rule value.
  • If the resource preference rule is set with an equal operator for the properties azureLocation, azureVmType, azureVnetName, or azureSubnetName, the respective property values from the Asset Manager configuration will be overriden with the values defined in the Component Policy rules.
  • Initially-launched Engines will have the Engine Group property value set to initial. In order to use the initially-launched Engines for allocation, the Component Policy rule Group should be set to initial with the equal operator.
  • If the Broker is SSL-enabled and Engine-Broker communication has to be SSL-enabled with the standard image, SSL certificates that need to be copied to the Engine can be specified in the AzureConfig.properties file. If these values are not provided , the Asset Manager will copy the certificates from default location (SF_HOME/webapps/livecluster/engineUpdate/shared). Specify the certificates as follows in AzureConfig.properties: 
    SslKeyFile=ssl key file absolute path including file name  (such as /opt/SF/fabric/webapps/livecluster/WEB-INF/certs/ssl.pem)
SslKeystoreFile=ssl keystore file absolute path including file name  (such as /opt/SF/fabric/webapps/livecluster/WEB-INF/certs/ssl.keystore)
    After creating a AzureConfig.properties file, copy it to the SF_HOME/webapps/livecluster/WEB-INF/assets/azure directory. For custom images, SSL certificates need to be copied to the Engine before creating an Engine image.

Procedure

  1. In the Silver Fabric Administration Tool, go to Admin > Assets.
  2. Select the Actions control for the Azure Asset Manager.
  3. Select Edit Asset Manager.
  4. Click Configure the Asset Manager's properties.
  5. Edit the required properties and any optional properties as detailed in Azure Asset Manager Configuration Properties.
  6. Click Finish.

Enable the Azure Asset Manager

After it is configured, enable the Azure Asset Manager.

Procedure

  1. In the Silver Fabric Administration Tool, go to Admin > Assets.
  2. Select the Actions control for the Azure Asset Manager.
  3. Select Enable Asset Manager.

Important General Notes

The following notes apply to the Azure Asset Manager:

  • If any changes needs to be done to an enabled Asset Manager, disable the Asset Manager first, make changes and enable it again. If several configuration changes needs to be done to an Asset Manager, it is advisable to create another asset manager instance with the different configuration.
  • You do not need to manually launch a Silver Fabric Engine Azure VM. The Silver Fabric Engine image is automatically used by the Broker Azure Asset Manager to create Azure VMs, as needed.

You can connect to any running Silver Fabric Engine Azure VM by using the command ssh user@azure-vm-ip.

Do not manually start or stop Azure vms for Silver Fabric Engines.