VCD Container Service Extension Series-Part 2: CSE Server Installation

In first Post of this series, I talked about high level architecture of CSE infrastructure. I also discussed about various components that makes up the CSE platform. In this post I will walk through steps of installing & configuring CSE server.

CSE Installation Prerequisites

Before starting with CSE server installation, make sure following requirements are met:

1: VCD installed & configured: For Lab/POC environment, single node VCD installation is sufficient. For production environment 3 or more nodes (configured behind lb) is recommended.

2: Organization & Catalog for CSE: Dedicated Org created in VCD for CSE consumption. This org should have a Routed Org Network which has outbound connectivity to internet. Also this org should have a catalog created in advance. This catalog holds the K8’s ready vApp templates and will be shared to tenants for consumption.

3: AMQP broker configured in VCD: To extend VCD Public API, AMQP broker needs to be configured beforehand. 

4: Dedicated Service Account for CSE (with System Admin Rights)

5: Dedicated Exchange and Service Account for CSE in AMQP. This needs to be different than what is configured in VCD.

6: Cent OS (or any other linux distro) VM with 1 CPU, 4 GB Mem and 25 GB disk.

Below slideshow depicts the above requirements configured in my lab.

Yum setup & Python Installation

Once above prerequisites are met, connect to the linux vm designated for CSE installation and run following commands:

Install CSE Modules

Enable CSE Client

vcd version command creates a file named .vcd-cli/profile.yaml in the directory from where this command was run. Edit profile.yaml file and add below line at the end of the file (as shown in screenshot)

extensions:
– container_service_extension.client.cse

CSE Server Configuration File

CSE server installation is controlled by a yaml configuration file that needs to be filled before performing installation. You can generate a sample using command:

# cse sample -o config.yaml

This file has various sections that needs to be filled as per your infrastructure details. These sections are explained in greater detail here

This is how my config.yaml file looks like

CSE Server Installation

Starting with CSE 2.6.0, CSE server commands will accept only encrypted configuration files by default. Run below command to generate encrypted config file:

# cse encrypt config.yaml –output encrypted-config.yaml

Also we need to change the permission of encrypted file so that only current user can modify it.

# chmod 600 encrypted-config.yaml

Before installing CSE, ensure that your encrypted config file is valid. This validation is done by running command:

# cse check encrypted-config.yaml

Note: Above command ask for decryption password which you set while encrypting your original config file and then performs number of checks. 

Now we are ready to install CSE server.

# cse install -c encrypted-config.yaml

cse install command will start installing the templates as per templates defined in templates.yaml file (in config.yaml). To know more about templates available in current release of VSE, please check out CSE Template Announcements

You can also list available templates by running command: 

# cse template list -d remote -c encrypted-config.yaml

Note: CSE installation takes a bit of time as templates are pulled from internet and then uploaded into CSE catalog.

Once the templates are uploaded, CSE deploys a temporary vm (per template) and install the Kubernetes inside those vm’s and then re-export modified vm’s as templates in CSE catalog. These new template will then be used by CSE to create Kubernetes clusters when tenants invokes vcd-cli to create K8 clusters.

Note: Customization of temp vm’s are carried out by various scripts that are located in directory .cse_scripts/<template-name>/

Validate CSE Installation: Once CSE is installed, we can use cse check command to validate it has been installed correctly or not.

# cse check -i -s

Run CSE Service: Once K8’s templates are installed in VCD, we can run CSE server  service by invoking command:

# cse run -c encrypted-config.yaml

Note: If you press ctrl+c here, CSE service is stopped, so we need to find a way to control CSE service automatic startup/shutdown. This is achieved by creating a script file that systemd process can reference to control the service using regular systemctl command.

Controlling CSE service with systemctl

Create a script file as shown below

# vim cse.sh

# chmod +x cse.sh

Create cse.service file so that systemd can control it.

# vim /etc/systemd/system/cse.service

# systemctl enable cse

Created symlink from /etc/systemd/system/multi-user.target.wants/cse.service to /etc/systemd/system/cse.service.

# systemctl start cse

Now if we run the systemctl status cse command, we will see service is now running and since we have enabled this service, it will be persistent across system reboot. 

And that completes the CSE server installation & configuration. In next post of this series, I will walk through CSE client setup and K8 cluster deployment.

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂

Leave a ReplyCancel reply