POC Install

Note

This guide should only be used for POCs or Development environments.

Prerequisites

  • A single server:

    • OS: Ubuntu 16.04, RHEL/CentOS 7.x or 8.x, or Amazon Linux 2

    • Specs: 4CPU x 16GB RAM and 50GB storage

  • Scalr download token

  • Scalr license file

  • SSL Cert (can be self signed)

  • Internet Connectivity

  • A domain name, the URL should not resolve to an IP

Note

Because Terraform will run in a container, one of the following options must be applied to SELinux on the servers that Scalr is running on:

  • Disable SELinux

  • Update package container-selinux >= 2.107

  • Update Linux kernel >= 5.3

Installation

Get the scalr-server package:

# For Debian:
curl -s https://<token>:@packagecloud.io/install/repositories/scalr/scalr-server-ee-staging/script.deb.sh | sudo bash
# For RPM:
curl -s https://<token>:@packagecloud.io/install/repositories/scalr/scalr-server-ee-staging/script.rpm.sh | sudo bash

Install the package:

# For Debian:
apt-get install scalr-server
# For RPM:
yum install scalr-server

Run the following when prompted:

scalr-server-wizard

The step above did two things, created the /etc/scalr-server directory and the scalr-server-secrets.json file.

Please add the license file to the /etc/scalr-server directory

##Paste the license.json file in the following location on each server:##
vi /etc/scalr-server/license.json

Update /etc/scalr-server/scalr-server.rb with the following contents. Be sure to update the values with the actual values for you installation:

enable_all true
product_mode :iacp

# Mandatory SSL
# Update the below settings to match your FQDN and where your .key and .crt are stored
proxy[:ssl_enable] = true
proxy[:ssl_redirect] = true
proxy[:ssl_cert_path] = "/etc/scalr-server/organization.crt"
proxy[:ssl_key_path] = "/etc/scalr-server/organization.key"

routing[:endpoint_host] = "iacp.organization.com"
routing[:endpoint_scheme] = "https"

#Add if you have a self signed cert, update with the proper location if needed
#ssl[:extra_ca_file] = "/etc/scalr-server/rootCA.pem"

#Add if you require a proxy, it will be used for http and https requests
#http_proxy "http://user:*****@my.proxy.com:8080"

#If a no proxy setting is needed, you can define a domain or subdomain like so: no_proxy=example.com,domain.com . The following setting would not work: *.domain.com,*example.com
#no_proxy example.com

#If you are using an external database service or separating the database onto a different server.
#app[:mysql_scalr_host] = MASTER_MYSQL_SERVER_HOST
#app[:mysql_scalr_port] = 3306

####The following is only needed if you want to use a specific version of Terraform or OPA that Scalr may not included yet.####
#app[:configuration] = {
#:scalr => {
#  "tf_worker" => {
#      "default_terraform_version"=> "0.12.20",
#      "terraform_images" => {
#          "0.12.10" => "hashicorp/terraform:0.12.10",
#          "0.12.20" => "hashicorp/terraform:0.12.20"
#      },
#      "default_opa_version" => "0.19.1",
#      "opa_images" => {
#          "0.16.2" => "openpolicyagent/opa:0.16.2",
#          "0.19.1" => "openpolicyagent/opa:0.19.1"
#       }
#    }
#  }
#}

Note

If you are using an external database that was not part of the Scalr installation, like AWS RDS, you must set the following that max_allowed_packet is equal to 256M .

Reconfigure the Scalr server:

/opt/scalr-server/bin/scalr-server-ctl reconfigure

You can now log into Scalr by putting the hostname that is listed as your endpoint in the scalr-server.rb into a browser. To log in the first time, please find the admin password in the /etc/scalr-server/scalr-server-secrets.json file. The username is admin.

"app": {
  "admin_password": "password123"