Production Install - All Server Based

Overview

Scalr customers have the option of using the SaaS or on prem version of Scalr. For on prem, we recommend the following deployment, this can change based on customer needs. The guide below should be used for customers choosing to install all components on servers.

../_images/scalr_arch.png

Prerequisites

  • Application component:

    • A single server with 4CPU x 16GB RAM and 50GB storage

    • OS: Ubuntu 16.04, RHEL/CentOS 7.x or 8.x, or Amazon Linux 2

  • Database component:

    • 2 servers with with 4CPU x 16GB RAM and 500GB storage

    • MySQL 5.7 installed with the Scalr package

    • Replication recommended

  • Scalr download token

  • Scalr license file

  • SSL Cert

  • Internet Connectivity

  • A domain name, the URL should not resolve to an IP

Note

Because Terraform will run in a container, one of the following options must be applied to SELinux on the servers that Scalr is running on:

  • Disable SELinux

  • Update package container-selinux >= 2.107

  • Update Linux kernel >= 5.3

Installation

Get the scalr-server package, run on ALL servers:

# For Debian:
curl -s https://<token>:@packagecloud.io/install/repositories/scalr/scalr-server-ee-staging/script.deb.sh | sudo bash
# For RPM:
curl -s https://<token>:@packagecloud.io/install/repositories/scalr/scalr-server-ee-staging/script.rpm.sh | sudo bash

Install the package, run on ALL servers:

# For Debian:
apt-get install scalr-server
# For RPM:
yum install scalr-server

Run the following on only the application server when prompted:

scalr-server-wizard

The step above did two things, created the /etc/scalr-server directory and the scalr-server-secrets.json file.

On the database servers, create the /etc/scalr-server directory and copy the scalr-server-secrets.json to them. The scalr-server-secrets.json should be exactly the same on all servers.

Please add the license file to the /etc/scalr-server directory on ALL servers:

##Paste the license.json file in the following location on each server:##
vi /etc/scalr-server/license.json

Update /etc/scalr-server/scalr-server.rb on the app server with the following contents. Be sure to update the values with the actual values for you installation:

enable_all true
product_mode :iacp
mysql[:enable] = false

# Mandatory SSL
# Update the below settings to match your FQDN and where your .key and .crt are stored
proxy[:ssl_enable] = true
proxy[:ssl_redirect] = true
proxy[:ssl_cert_path] = "/etc/scalr-server/organization.crt"
proxy[:ssl_key_path] = "/etc/scalr-server/organization.key"

routing[:endpoint_host] = "iacp.organization.com"
routing[:endpoint_scheme] = "https"

#Enter database name below
app[:mysql_scalr_host] = MASTER_MYSQL_SERVER_HOST
app[:mysql_scalr_port] = 3306

#Add if you have a self signed cert, update with the proper location if needed
#ssl[:extra_ca_file] = "/etc/scalr-server/rootCA.pem"

#Add if you require a proxy, it will be used for http and https requests
#http_proxy "http://user:*****@my.proxy.com:8080"

#If a no proxy setting is needed, you can define a domain or subdomain like so: no_proxy=example.com,domain.com . The following setting would not work: *.domain.com,*example.com
#no_proxy example.com

####The following is only used for optional configuration as needed.####
#app[:configuration] = {
#:scalr => {
#  "tf_worker" => {
#      "default_terraform_version"=> "0.12.20",
#      "runner" => {
#          "run_time_limit": 720  # 12h #Default is 60/1hr,
#           "docker" => {
#              "device_read_iops" => 500, #Limit read rate (IO per second) from the device(s). This option will only work in conjunction with `tf_worker.runner.docker.storage_devices` option. Disabled by default.
#              "device_write_iops" => 500, #Limit write rate (IO per second) from the device(s). This option will only work in conjunction with `tf_worker.runner.docker.storage_devices` option. Disabled by default.
#              "storage_devices" => ["/dev/sda"], #The list of block devices for the `device_read_iops` and `device_write_iops` options. The device(s) must exist on the Docker node. Usually, there should be one device on which the `/opt/scalr-server/` directory is mounted, unless you are using custom docker daemon with non-default configuration. Warn: The non-existent device in this list will break the Terraform Runs. Default is [].
#              "mem_limit" => 256, #Memory limit in megabytes. Optional, default value: 256 (mb).
#              "cpu_period" => 100000, #Limit CPU CFS (Completely Fair Scheduler) period (in microseconds). Optional, default value: 100000 (μs).
#              "cpu_quota" => 50000 #CPU time that the container can get in a CPU period (in microseconds). Optional, default value: 50000 (μs).
#           }
#       },
#      "terraform_images" => {
#          "0.12.10" => "hashicorp/terraform:0.12.10",
#          "0.12.20" => "hashicorp/terraform:0.12.20"
#      },
#      "default_opa_version" => "0.19.1",
#      "opa_images" => {
#          "0.16.2" => "openpolicyagent/opa:0.16.2",
#          "0.19.1" => "openpolicyagent/opa:0.19.1"
#       }
#    }
#  }
#}

Update /etc/scalr-server/scalr-server.rb on the database servers with the following contents. Be sure to update the values with the actual values for you installation:

enable_all false
product_mode :iacp
mysql[:enable] = true

# Mandatory SSL
# Update the below settings to match your FQDN and where your .key and .crt are stored
proxy[:ssl_enable] = true
proxy[:ssl_redirect] = true
proxy[:ssl_cert_path] = "/etc/scalr-server/organization.crt"
proxy[:ssl_key_path] = "/etc/scalr-server/organization.key"

routing[:endpoint_host] = "iacp.organization.com"
routing[:endpoint_scheme] = "https"

#Enter database name below
app[:mysql_scalr_host] = MASTER_MYSQL_SERVER_HOST
app[:mysql_scalr_port] = 3306

#Add if you have a self signed cert, update with the proper location if needed
#ssl[:extra_ca_file] = "/etc/scalr-server/rootCA.pem"

#Add if you require a proxy, it will be used for http and https requests
#http_proxy "http://user:*****@my.proxy.com:8080"

#If a no proxy setting is needed, you can define a domain or subdomain like so: no_proxy=example.com,domain.com . The following setting would not work: *.domain.com,*example.com
#no_proxy example.com

####The following is only needed if you want to use a specific version of Terraform or OPA that Scalr may not included yet.####
#app[:configuration] = {
#:scalr => {
#  "tf_worker" => {
#      "default_terraform_version"=> "0.12.20",
#      "terraform_images" => {
#          "0.12.10" => "hashicorp/terraform:0.12.10",
#          "0.12.20" => "hashicorp/terraform:0.12.20"
#      },
#      "default_opa_version" => "0.19.1",
#      "opa_images" => {
#          "0.16.2" => "openpolicyagent/opa:0.16.2",
#          "0.19.1" => "openpolicyagent/opa:0.19.1"
#       }
#    }
#  }
#}

Reconfigure the database servers first:

/opt/scalr-server/bin/scalr-server-ctl reconfigure

When the database servers are done, reconfigure the application server:

/opt/scalr-server/bin/scalr-server-ctl reconfigure

You can now log into Scalr by putting the hostname that is listed as your endpoint in the scalr-server.rb into a browser. To log in the first time, please find the admin password in the /etc/scalr-server/scalr-server-secrets.json file. The username is admin.

"app": {
  "admin_password": "password123"