Install VeloCloud Orchestrator

This section discusses the VeloCloud Orchestrator installation.

Prerequisites

This section discusses the prerequisites that must be met before installing the VeloCloud Orchestrator.

Instance Requirements

Arista recommends installation of the Orchestrator and Gateway applications as a virtual machine (i.e., guest instance) on an existing hypervisor.

The VeloCloud Orchestrator requires the following minimal guest instance specifications:

  • 8 Intel vCPU's at 2.5 Ghz or higher
    Note: Although we recommend using Intel Xeon processors, similar Intel or AMD processors having the same or greater CPU frequency are also acceptable.
  • 64 GB of memory
  • Required Minimum IOPS: 5,000 IOPS
  • VeloCloud Orchestrator requires 4 SSD based persistent volumes (expandable through LVM if needed)
    • 192GB x 1 - Root
    • 1TB x 1 - Store
    • 500GB x 1 - Store2
    • 1TB x 1 - Store3
  • 1 Gbps NIC
  • Ubuntu x64 server VM compatibility
  • Single public IP address (Can be made available through NAT)

Upstream Firewall Configuration

The upstream firewall needs to be configured to allow inbound HTTP (TCP/80) as well as HTTPS (TCP/443). If a stateful firewall is in place, established connections that are outbound originated should also be allowed to facilitate upgrades and security updates.

External Services

The VeloCloud Orchestrator relies on several external services. Before proceeding with an installation, ensure that licenses are available for each of the services.

Google Maps

Google Maps is used for displaying Edges and data centers on a map. No account needs to be created with Google to utilize the functionality. However, Internet access must be available to the VeloCloud Orchestrator instance in order for the service to be available.

The service is limited to 25,000 map loads each day, for more than 90 consecutive days. Arista does not anticipate exceeding these limits for nominal use of the VeloCloud Orchestrator.

Twilio

Twilio is used for SMS-based alerting to enterprise customers to notify them of Edge or link outage events. An account needs to be created and funded at http://www.twilio.com.

The account can be provisioned in the VeloCloud Orchestrator through the Operator Portal's System Properties page. The account will be provisioned through a system property, as described later in the guide.

MaxMind

MaxMind is a geolocation service. It is used to automatically detect Edge and Gateway locations and ISP names based on IP address. If this service is deactivated, then geolocation information will need to be updated manually. The account can be provisioned in the VeloCloud Orchestrator through the Operator Portal's System Properties page.

For additional information, see Configure System Properties.

Installation Procedures

This section discusses installation.

Cloud-init Preparation

This section discusses how to use the cloud-init package to handle the early initialization of instances.

About cloud-init

Cloud-init is a Linux package responsible for handling the early initialization of instances. If available in the distributions, it allows for configuration of many common parameters of the instance directly after installation. This creates a fully functional instance that is configured based on a series of inputs.

Cloud-init's behavior can be configured via user-data. User-data can be given by the user at instance launch time. This is typically done by attaching a secondary disk in ISO format that cloud-init will look for at first boot time. This disk contains all early configuration data that will be applied at that time.

The VeloCloud Orchestrator supports cloud-init and all essential configurations can be packaged in an ISO image.

Create the Cloud-init meta-data File

The final installation configuration options are set with a pair of cloud-init configuration files. The first installation configuration file contains the metadata. Create this file with a text editor and label it meta-data. This file provides information that identifies the instance of VeloCloud Orchestrator being installed. The instance-id can be any identifying name, and the local-hostname should be a host name that follows your site standards, for example:

instance-id: vco01 local-hostname: vco-01

Additionally, you can specify network interface information (if the network is not configured via DHCP, for example):

instance-id: vco01 local-hostname: vco-01 network-interfaces: | auto eth0 iface eth0 inet static address 10.0.1.2 network 10.0.1.0 netmask 255.255.255.0 broadcast 10.0.1.255 gateway 10.0.1.1

Create the Cloud-init User-data File

The second installation configuration option file is the user data file. This file provides information about users on the system. Create it with a text editor and call it user-data. This file will be used to enable access to the installation of VeloCloud Orchestrator. The following is an example of what the user-data file will look like:

#cloud-config password: Velocloud123 chpasswd: {expire: False} ssh_pwauth: True ssh_authorized_keys: - ssh-rsa AAA...SDvz This email address is being protected from spambots. You need JavaScript enabled to view it. - ssh-rsa AAB...QTuo This email address is being protected from spambots. You need JavaScript enabled to view it. vco: super_users: list: | This email address is being protected from spambots. You need JavaScript enabled to view it.:password1 remove_default_users: True system_properties: list: | mail.smtp.port:34 mail.smtp.host:smtp.yourdomain.com service.maxmind.enable:True service.maxmind.license:todo_license service.maxmind.userid:todo_user service.twilio.phoneNumber:222123123 network.public.address:222123123 write_files: - path: /etc/nginx/velocloud/ssl/server.crt permissions: '0644' content: "-----BEGIN CERTIFICATE-----\nMI….ow==\n-----END CERTIFICATE-----\n" - path: /etc/nginx/velocloud/ssl/server.key permissions: '0600' content: "-----BEGIN RSA PRIVATE KEY-----\nMII...D/JQ==\n-----END RSA PRIVATE KEY-----\n" - path: /etc/nginx/velocloud/ssl/velocloudCA.crt
This user-data file enables the default user, vcadmin, to login either with a password or with an SSH key. The use of both methods is possible, but not required. The password login is enabled by the password and chpasswd lines.
  • The password contains the plain-text password for the vcadmin user.
  • The chpasswd line turns off password expiration to prevent the first login from immediately prompting for a change of password. This is optional.
Note: If you set a password, it is recommended that you change it when you first log in because the password has been stored in a plain text file.

The ssh_pwauth line enables SSH login. The ssh_authorized_keys line begins a block of one or more authorized keys. Each public SSH key listed on the ssh-rsa lines will be added to the vcadmin ~/.ssh/authorized_keys file.

In this example, two keys are listed. For this example, the key has been truncated. In a real file, the entire public key must be listed. Note that the ssh-rsa lines must be preceded by two spaces, followed by a hyphen, followed by another space.

The vco section specifies configured VeloCloud Orchestrator services.

super_users contains list of Arista Super Operator accounts and corresponding passwords.

The system_properties section allows to customize Orchestrator System Properties. See System Properties for details regarding system properties configuration.

The write_files section allows to replace files on the system. By default, VeloCloud Orchestrator web services are configured with self-signed SSL certificate. If you would like to provide different SSL certificate, the above example replaces the server.crt and server.key files in the /etc/nginx/velocloud/ssl/ folder with user-supplied files.
Note: The server.key file must be unencrypted. Otherwise, the service will fail to start without the key password.

Create an ISO file

Once you have completed your files, they need to be packaged into an ISO image. This ISO image is used as a virtual configuration CD with the virtual machine. This ISO image, called vco01-cidata.iso, is created with the following command on a Linux system:

genisoimage -output vco01-cidata.iso -volid cidata -joliet -rock user-data meta-data

Transfer the newly created ISO image to the datastore on the host running Arista.

Install on VMware

VMware vSphere provides a means of deploying and managing virtual machine resources. This section explains how to run the Orchestrator using the VMware vSphere Client.

Deploy OVA Template

Note: This procedure assumes familiarity with VMware vSphere and is not written with reference to any specific version of VMware vSphere.
  1. Log in to the vSphere Client.
  2. Select File > Deploy OVF Template .
  3. Respond to the prompts with information specific to your deployment.
    Table 1. OVF- Options and Descriptions
    Option Description
    Source Type a URL or navigate to the OVA package location.
    OVF template details Verify that you pointed to the correct OVA template for this installation.
    Name and location Name of the virtual machine.
    Storage Select the location to store the virtual machine files.
    Provisioning Select the provisioning type. "thin" is recommended for database and binary log volumes.
    Network mapping Select the network for each virtual machine to use.
    Important: Uncheck Power On After Deployment. Selecting it will start the virtual machine and it should be started later after the cloud-init ISO has been attached.
  4. Select Finish.
    Note: Depending on your network speed, this deployment can take several minutes or more.
Attach ISO Image as a CD/DVD to Virtual Machine
  1. Right-click the newly-added Orchestrator VM and select Edit Settings.
  2. From the Virtual Machine Properties window, select CD/DVD Drive.
  3. Select the Use an ISO image option.
  4. Browse to find the ISO image you created earlier (we called ours vco01-cidata.iso), and then select it. The ISO can be found in the datastore that you uploaded it to, in the folder that you created.
  5. Select Connect on Power On.
  6. Select OK to exit the Properties screen.
Run the Orchestrator Virtual Machine

To start up the Orchestrator virtual machine:

  1. Select to highlight it, then select the Power On button.
  2. Select the Console tab to watch as the virtual machine boots up.
    Note: If you configured Orchestrator as described here, you should be able to log into the virtual machine with the user name vcadmin and password that you defined when you created the cloud-init ISO.

Install on KVM

This section discusses how to run the Orchestrator using the libvirt. This deployment was tested in Ubuntu 18.04 LTS.

Images

For KVM deployment, Arista provides the Orchestrator in four qcow images.
  • ROOTFS
  • STORE
  • STORE2
  • STORE3

The images are thin provisioned on deployment.

Start by copying the images to the KVM server. In addition, you must copy the cloud-init iso build as described in the previous section.

XML Sample

Note: For the images in the images/vco folder, you will need to edit from the XML.
<domain type='kvm' id='49'> <name>vco</name> <uuid>b0ff25bc-72b8-6ccb-e777-fdc0f4733e05</uuid> <memory unit='KiB'>12388608</memory> <currentMemory unit='KiB'>12388608</currentMemory> <vcpu>2</vcpu> <resource> <partition>/machine</partition> </resource> <os> <type>hvm</type> </os> <features> <acpi/> <apic/> <pae/> </features> <cpu mode='custom' match='exact'> <model fallback='allow'>SandyBridge</model> <vendor>Intel</vendor> <feature policy='require' name='vme'/> <feature policy='require' name='dtes64'/> <feature policy='require' name='invpcid'/> <feature policy='require' name='vmx'/> <feature policy='require' name='erms'/> <feature policy='require' name='xtpr'/> <feature policy='require' name='smep'/> <feature policy='require' name='pbe'/> <feature policy='require' name='est'/> <feature policy='require' name='monitor'/> <feature policy='require' name='smx'/> <feature policy='require' name='abm'/> <feature policy='require' name='tm'/> <feature policy='require' name='acpi'/> <feature policy='require' name='fma'/> <feature policy='require' name='osxsave'/> <feature policy='require' name='ht'/> <feature policy='require' name='dca'/> <feature policy='require' name='pdcm'/> <feature policy='require' name='pdpe1gb'/> <feature policy='require' name='fsgsbase'/> <feature policy='require' name='f16c'/> <feature policy='require' name='ds'/> <feature policy='require' name='tm2'/> <feature policy='require' name='avx2'/> <feature policy='require' name='ss'/> <feature policy='require' name='bmi1'/> <feature policy='require' name='bmi2'/> <feature policy='require' name='pcid'/> <feature policy='require' name='ds_cpl'/> <feature policy='require' name='movbe'/> <feature policy='require' name='rdrand'/> </cpu> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/bin/kvm-spice</emulator> <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/images/vco/rootfs.qcow2'/> <target dev='hda' bus='ide'/> <alias name='ide0-0-0'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/ images/vco/store.qcow2'/> <target dev='hdb' bus='ide'/> <alias name='ide0-0-1'/> <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/ images/vco/store2.qcow2'/> <target dev='hdc' bus='ide'/> <alias name='ide0-0-2'/> <address type='drive' controller='0' bus='1' target='0' unit='0'/> </disk> <disk type='file' device='disk'> <driver name='qemu' type='qcow2' /> <source file='/images/vco/store3.qcow2' /> <target dev='hdd' bus='ide' /> <alias name='ide0-0-3' /> <address type='drive' controller='0' bus='1' target='0' unit='1' /> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/ images/vco/seed.iso'/> <target dev='sdb' bus='sata'/> <readonly/> <alias name='sata1-0-0'/> <address type='drive' controller='1' bus='0' target='0' unit='0'/> </disk> <controller type='usb' index='0'> <alias name='usb0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> </controller> <controller type='pci' index='0' model='pci-root'> <alias name='pci.0'/> </controller> <controller type='ide' index='0'> <alias name='ide0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <interface type='direct'> <source dev='eth0' mode='vepa'/> </interface> <serial type='pty'> <source path='/dev/pts/3'/> <target port='0'/> <alias name='serial0'/> </serial> <console type='pty' tty='/dev/pts/3'> <source path='/dev/pts/3'/> <target type='serial' port='0'/> <alias name='serial0'/> </console> <memballoon model='virtio'> <alias name='balloon0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </memballoon> </devices> <seclabel type='none' /> <!-- <seclabel type='dynamic' model='apparmor' relabel='yes'/> --> </domain>

Create the VM

To create the VM using the standard virsh commands:

virsh define vco.xml virsh start vco.xml

Install on AWS

This section discusses how to install VeloCloud Orchestrator on AWS.

Minimum Instance Requirements

See the first section of the Orchestrator Installation, titled Instance Requirements, and select an AWS instance type matching these requirements. Both CPU and Memory requirements must be satisfied. Example: use c4.2xlarge or larger; r4.2xlarge or larger

 

Request an AMI Image

Request an AMI ID from Arista. It will be shared with the customer account. Have an Amazon AWS account ID ready when requesting AMI access.

 

Installation

  1. Launch the EC2 instance in AWS cloud.

    Example: http://docs.aws.amazon.com/efs/latest/ug/gs-step-one-create-ec2-resources.html

  2. Configure the security group to allow inbound HTTP (TCP/80) as well as HTTPS (TCP/443).
  3. After the instance is launched, point the web browser to the Operator login URL: https://<name>/operator.

Initial Configuration Tasks

Complete the following initial configuration tasks:
  • Configure system properties
  • Set up initial operator profile
  • Set up operator accounts
  • Create gateways
  • Setup gateway pools
  • Create customer account / partner account

Install an SSL Certificate

This section discusses how to install an SSL certificate.

To install an SSL certificate:

  1. Login into the Orchestrator CLI console through SSH. If you configured the Orchestrator as described here, you should be able to log into the virtual machine with the user name vcadmin and password that you defined when you created the cloud-init ISO.
  2. Generate the Orchestrator private key. 
    openssl genrsa -out server.key 2048
    Note: Do not encrypt the key. It must remain unencrypted on the Orchestrator system.
  3. Generate a certificate request. Customize -subj according to your organization information. 
    openssl req -new -key server.key -out server.csr -subj "/C=US/ST=California/L=Mountain View/O=Velocloud Networks Inc./OU=Development/CN=vco.velocloud.net"
    Table 2. Subject- Options and Descriptions
    Option Description
    C country
    ST state
    L locality (city)
    O company
    OU department (optional)
    CN Orchestrator fully qualified domain name
  4. Send server.csr to a Certificate Authority for signing. You should get back the SSL certificate (server.crt). Ensure that it is in the PEM format.
  5. Install the certificate (which requires root access). Orchestrator SSL certificates are located in /etc/nginx/velocloud/ssl/. 
    cp server.key server.crt /etc/nginx/velocloud/ssl/ chmod 600 /etc/nginx/velocloud/ssl/server.key
  6. Restart nginx. 
    systemctl restart nginx

Configure System Properties

This section discusses how to configure System Properties, which provide a mechanism to control the system-wide behavior of the VeloCloud SD-WAN.

System Properties can be set initially using the cloud-init config file. For additional information, see Cloud-init Preparation. The following properties need to be configured to ensure proper operation of the service.

System Name

Enter a fully qualified Arista domain name in the network.public.address system property.

Google Maps

Google Maps is used for displaying edges and data centers on a map. Maps may fail to display without a license key. The Orchestrator will continue to function properly, but browser maps will not be available in this case.

  1. Login into https://console.developers.google.com.
  2. Create a new project, if one is not already created.
  3. Locate the button Enable API. Select the Google Maps APIs and enable both Google Maps JavaScript API and Google Maps Geolocation API.
  4. On the left side of the screen, click the Credentials link.
  5. Under the Credentials page, click Create Credentials, then select API key. Create an API key.
  6. Set the service.client.googleMapsApi.key system property to API key.
  7. Set service.client.googleMapsApi.enable to “true.”
Twilio

Twilio is a messaging service that allows you to receive alerts via SMS. It is optional. The account details can be entered into Arista through the Operator Portal's System Properties page. The properties are called:

  • service.twilio.enable allows the service to be deactivated in the event that no Internet access is available to the Arista
  • service.twilio.accountSid
  • service.twilio.authToken
  • service.twilio.phoneNumber in (nnn)nnn-nnnn format

Obtain the service at https://www.twilio.com.

MaxMind

MaxMind is a geolocations service. It is used to automatically detect Edge and Gateway locations and ISP names based on an IP address. If this service is deactivated, then geolocation information will need to be updated manually. The account details can be entered into the Arista through the Operator Portal's System Properties page. You can configure:

  • service.maxmind.enable allows the service to be deactivated in the event that no Internet access is available to the Arista
  • service.maxmind.userid holds the user identification supplied by MaxMind during the account creation
  • service.maxmind.license holds the license key supplied by MaxMind

Obtain the license at: https://www.maxmind.com/en/geoip-api-web-services.

Email

Email services can be used for both sending the Edge activation messages as well as for alarms and notifications. It is not required, but it is strongly recommended that you configure this as part of Arista operations. The following system properties are available to configure the external email service used by the Orchestrator:

  • mail.smtp.auth.pass- SMTP user password.
  • mail.smtp.auth.user- SMTP user for authentication.
  • mail.smtp.host- relay server for email originated from Arista.
  • mail.smtp.port- SMTP port.
  • mail.smtp.secureConnection- use SSL for SMTP traffic.

Upgrade VeloCloud Orchestrator

This section discusses how to upgrade the VeloCloud Orchestrator.

To upgrade the Orchestrator:

  1. Upload the image to the Orchestrator system using any file transfer tool available in your infrastructure, for example “scp.” Copy the image to the following location on the system: /var/lib/velocloud/software_update/vco_update.tar.
  2. Connect to the SD-WAN Orchestrator console and run: 
    sudo /opt/vc/bin/vco_software_update
    Note: If you configured the Orchestrator as described here, you should be able to log into the virtual machine with the user name vcadmin and the password that you defined when you created your the cloud-init configuration files.

    For instructions on how to upgrade the SD-WAN Orchestrator with DR deployment, see the topic Upgrade an Orchestrator.

Expand Disk Size

All storage volumes are configured as LVM devices. They can be resized online by providing the underlying virtualization technology to support online disk expansion. Disks are expanded automatically via cloud-init when the VM boots.

To expand disks after boot:

  1. Login into the VeloCloud Orchestrator system console.
  2. Identify the physical disks that support the database volume. 
    vgs -o +devices store
    Example: 
    root@vco:~# vgs -o +devices db_data \ VG #PV #LV #SN Attr VSize VFree Devices store 1 1 0 wz--n- 500.00g 125.00g /dev/sdb(0)
  3. Identify the physical disk attachment. 
    lshw -class volume
    Example: 
    /dev/sdb is attached to scsi@2:0.1.0 (Host: scsi2 Channel: 00 Id: 01 Lun: 00)
    root@vco:~# lshw -class volume *-volume description: EXT4 volume vendor: Linux physical id: 1 bus info: scsi@2:0.0.0,1 logical name: /dev/sda1 logical name: / version: 1.0 serial: 9d212247-77c4-4f98-a5c2-7f8470fa2da8 size: 10239MiB capacity: 10239MiB capabilities: primary bootable journaled extended_attributes large_files huge_files dir_nlink recover extents ext4 ext2 initialized configuration: created=2016-02-22 20:49:38 filesystem=ext4 label=cloudimg-rootfs lastmountpoint=/ modified=2016-02-22 21:18:58 mount.fstype=ext4 mount.options=rw,relatime,data=ordered mounted=2016-10-06 23:22:04 state=mounted *-disk:1 description: SCSI Disk physical id: 0.1.0 bus info: scsi@2:0.1.0 logical name: /dev/sdb serial: v5V2zm-Lvbh-Mfx3-W8ki-COI9-DAtP-RXndhu size: 500GiB capacity: 500GiB capabilities: lvm2 configuration: sectorsize=512 *-disk:2 description: SCSI Disk physical id: 0.2.0 bus info: scsi@2:0.2.0 logical name: /dev/sdc serial: fTQFJ2-giAV-WsXL-1Wha-V305-oQkV-qqS3SA size: 100GiB capacity: 100GiB capabilities: lvm2 configuration: sectorsize=512
  4. On the hypervisor host, locate the disk attached to the VM using bus information. Example: SCSI(0:1)
  5. Extend the virtual disk. For instructions, see the KB article Increasing the disk size on a Virtual Machine.
  6. View the disk input/output statistics. These statistics are displayed twice, at an interval of 10 seconds. 
    sar -d -p 10 2
    Note: This step is optional.
  7. View detailed device utilization statistics, that provides insights into individual storage device performance. 
    iostat -d -x
    Note: This step is optional.
  8. Re-login into the VeloCloud Orchestrator system console.
  9. Re-scan the block device for the resized physical volume.

    Example:

    echo 1 > /sys/block/$DEVICE/device/rescan

    Example:

    echo 1 > /sys/block/sdb/device/rescan
  10. Resize the LVM physical disk. 
    pvresize /dev/sdb
  11. Determine the amount of free space in the database volume group. 
    vgdisplay store |grep Free

    Example:

    root@vco:~# vgdisplay store |grep Free Free PE / Size 34560 / 135.00 GiB
  12. Extend the database logical volume. 
    lvextend -r -L+#G /dev/store/data

    Example:

    root@vco1:~# lvextend -r -L+1G /dev/store/data Size of logical volume store/data changed from 400.00 GiB (102400 extents) to 401.00 GiB (102656 extents). Logical volume store/data successfully resized. resize2fs 1.44.1 (24-Mar-2018) Filesystem at /dev/mapper/store-data is mounted on /store; on-line resizing required old_desc_blocks = 50, new_desc_blocks = 51 The filesystem on /dev/mapper/store-data is now 105119744 (4k) blocks long.
  13. View the new size of the volume. 
    df -h /dev/store/data

    Example:

    root@vco:~# df -h /dev/store/data Filesystem Size Used Avail Use% Mounted on /dev/mapper/store-data 379G 1.2G 359G 1% /store