Production Install - Private Cloud

Tip

All shell commands are run as root.

1. Create an Instance for the Scalr MySQL database

   • MySQL > 5.7.8 database instance with 4CPU x 16GB RAM and 500GB storage

2. Create an instance in EC2 for the Scalr App Server.

   • A single server with minimum 4CPU x 16GB RAM and 50GB storage

   • OS: Ubuntu 16.04, RHEL/CentOS 7.x or 8.x, or Amazon Linux 2

3. On the Scalr App Server, get the scalr-server package and install it:

   # For Debian:
   curl -s https://<token>:@packagecloud.io/install/repositories/scalr/scalr-server-ee-staging/script.deb.sh | sudo bash
   apt-get install scalr-server
   
   # For RPM:
   curl -s https://<token>:@packagecloud.io/install/repositories/scalr/scalr-server-ee-staging/script.rpm.sh | sudo bash
   yum install scalr-server
   

4. On the Scalr App Server, run the following when prompted:

   scalr-server-wizard
   

   This command creates the /etc/scalr-server directory and the scalr-server-secrets.json file.

5. On the Scalr App Server copy create/copy the following:

   1. Your Scalr license file to /etc/scalr-server/license.json.

   2. Your SSL Cert to a suitable location, e.g. /etc/scalr-server/organization.crt

   3. Your SSL key to a suitable location, e.g. /etc/scalr-server/organization.key

6. On the Scalr App Server, edit the Scalr configuration file /etc/scalr-server/scalr-server.rb to match your set up. This example can be pasted to the file and edited. Make sure to update the values with the actual values for you installation. You will need to check and/or update the following:

   • proxy[:ssl_cert_path]

   • proxy[:ssl_key_path]

   • routing[:endpoint_host]

   • app[:mysql_scalr_host]

     enable_all true
     product_mode :iacp
     mysql[:enable] = false
     
     # Mandatory SSL
     # Update the below settings to match your FQDN and where your .key and .crt are stored
     proxy[:ssl_enable] = true
     proxy[:ssl_redirect] = true
     proxy[:ssl_cert_path] = "/etc/scalr-server/organization.crt"
     proxy[:ssl_key_path] = "/etc/scalr-server/organization.key"
     
     routing[:endpoint_host] = "iacp.organization.com"
     routing[:endpoint_scheme] = "https"
     
     #Enter the IP or domain name of your MySQL instance
     app[:mysql_scalr_host] = MYSQL_SERVER_HOST
     app[:mysql_scalr_port] = 3306
     
     #Add if you have a self signed cert, update with the proper location if needed
     #ssl[:extra_ca_file] = "/etc/scalr-server/rootCA.pem"
     
     #Add if you require a proxy, it will be used for http and https requests
     #http_proxy "http://user:*****@my.proxy.com:8080"
     
     #If a no proxy setting is needed, you can define a domain or subdomain like so: no_proxy=example.com,domain.com . The following setting would not work: *.domain.com,*example.com
     #no_proxy example.com
     
     ####The following is only used for optional configuration as needed.####
     #app[:configuration] = {
     #:scalr => {
     #  "tf_worker" => {
     #      "default_terraform_version"=> "0.12.20",
     #      "runner" => {
     #            "run_time_limit": 720  # 12h #Default is 60/1hr,
     #           "docker" => {
     #              "device_read_iops" => 500, #Limit read rate (IO per second) from the device(s). This option will only work in conjunction with `tf_worker.runner.docker.storage_devices` option. Disabled by default.
     #              "device_write_iops" => 500, #Limit write rate (IO per second) from the device(s). This option will only work in conjunction with `tf_worker.runner.docker.storage_devices` option. Disabled by default.
     #              "storage_devices" => ["/dev/sda"], #The list of block devices for the `device_read_iops` and `device_write_iops` options. The device(s) must exist on the Docker node. Usually, there should be one device on which the `/opt/scalr-server/` directory is mounted, unless you are using custom docker daemon with non-default configuration. Warn: The non-existent device in this list will break the Terraform Runs. Default is [].
     #              "mem_limit" => 256, #Memory limit in megabytes. Optional, default value: 256 (mb).
     #              "cpu_period" => 100000, #Limit CPU CFS (Completely Fair Scheduler) period (in microseconds). Optional, default value: 100000 (μs).
     #              "cpu_quota" => 50000 #CPU time that the container can get in a CPU period (in microseconds). Optional, default value: 50000 (μs).
     #           }
     #       },
     #      "terraform_images" => {
     #          "0.12.10" => "hashicorp/terraform:0.12.10",
     #          "0.12.20" => "hashicorp/terraform:0.12.20"
     #      },
     #      "default_opa_version" => "0.19.1",
     #      "opa_images" => {
     #          "0.16.2" => "openpolicyagent/opa:0.16.2",
     #          "0.19.1" => "openpolicyagent/opa:0.19.1"
     #       }
     #    }
     #  }
     #}
     

7. On the Scalr MySQL Server, get the scalr-server package and install it:

   # For Debian:
   curl -s https://<token>:@packagecloud.io/install/repositories/scalr/scalr-server-ee-staging/script.deb.sh | sudo bash
   apt-get install scalr-server
   
   # For RPM:
   curl -s https://<token>:@packagecloud.io/install/repositories/scalr/scalr-server-ee-staging/script.rpm.sh | sudo bash
   yum install scalr-server
   

8. On the Scalr MySQL Server, create the directory /etc/scalr-server and copy and the scalr-server-secrets.json file from the Scalr App Server to this directory.

9. On the Scalr MySQL Server copy create/copy the following:

   1. Your Scalr license file to /etc/scalr-server/license.json.

   2. Your SSL Cert to a suitable location, e.g. /etc/scalr-server/organization.crt

   3. Your SSL key to a suitable location, e.g. /etc/scalr-server/organization.key

10. On the Scalr MySQL Server, edit the Scalr configuration file /etc/scalr-server/scalr-server.rb to match your set up. This example can be pasted to the file and edited. Make sure to update the values with the actual values for you installation. You will need to check and/or update the following:

• proxy[:ssl_cert_path]

• proxy[:ssl_key_path]

• routing[:endpoint_host]

• app[:mysql_scalr_host]

  enable_all false
  product_mode :iacp
  mysql[:enable] = true
  
  # Mandatory SSL
  # Update the below settings to match your FQDN and where your .key and .crt are stored
  proxy[:ssl_enable] = true
  proxy[:ssl_redirect] = true
  proxy[:ssl_cert_path] = "/etc/scalr-server/organization.crt"
  proxy[:ssl_key_path] = "/etc/scalr-server/organization.key"
  
  routing[:endpoint_host] = "iacp.organization.com"
  routing[:endpoint_scheme] = "https"
  
  #Enter the IP or domain name of your MySQL instance (this instance)
  app[:mysql_scalr_host] = MASTER_MYSQL_SERVER_HOST
  app[:mysql_scalr_port] = 3306
  
  #Add if you have a self signed cert, update with the proper location if needed
  #ssl[:extra_ca_file] = "/etc/scalr-server/rootCA.pem"
  

11. On the Scalr MySQL Server, reconfigure Scalr:

    /opt/scalr-server/bin/scalr-server-ctl reconfigure
    

12. On the Scalr App Server, reconfigure Scalr:

    /opt/scalr-server/bin/scalr-server-ctl reconfigure
    

You can now log into Scalr by putting the hostname that is listed as your endpoint in the scalr-server.rb into a browser. To log in the first time, please find the admin password in the /etc/scalr-server/scalr-server-secrets.json file. The username is admin.

"app": {
  "admin_password": "password123"