Production Install - DB as a Service Backend

Overview

Scalr customers have the option of using the SaaS or on prem version of Scalr. For on prem, we recommend the following deployment, this can change based on customer needs. The guide below should be used for customers choosing to install all the database on a database as a service, like RDS.

../_images/scalr_arch.png

Prerequisites

  • Application component:

    • A single server with 4CPU x 16GB RAM and 50GB storage

    • OS: Ubuntu 16.04, RHEL/CentOS 7.x or 8.x, or Amazon Linux 2

    • Autoscaling ability coming soon.

  • Database component:

    • MySQL > 5.7.8 database as a service (i.e. RDS) instance with 4CPU x 16GB RAM and 500GB storage

    • Multi-AZ replication recommended.

  • Scalr download token

  • Scalr license file

  • SSL Cert

  • Internet Connectivity

  • A domain name, the URL should not resolve to an IP

Note

Because Terraform will run in a container, one of the following options must be applied to SELinux on the servers that Scalr is running on:

  • Disable SELinux

  • Update package container-selinux >= 2.107

  • Update Linux kernel >= 5.3

Automated Installation

You can automate the installation of Scalr with our Terraform template: https://github.com/scalr-eap/iacp-rds-install

Manual Installation

On the application server, get the scalr-server package:

# For Debian:
curl -s https://<token>:@packagecloud.io/install/repositories/scalr/scalr-server-ee-staging/script.deb.sh | sudo bash
# For RPM:
curl -s https://<token>:@packagecloud.io/install/repositories/scalr/scalr-server-ee-staging/script.rpm.sh | sudo bash

On the application server, install the package:

# For Debian:
apt-get install scalr-server
# For RPM:
yum install scalr-server

On the application server, run the following when prompted:

scalr-server-wizard

The step above did two things, created the /etc/scalr-server directory and the scalr-server-secrets.json file.

Please add the license file to the /etc/scalr-server directory on the application server:

##Paste the license.json file in the following location on each server:##
vi /etc/scalr-server/license.json

Update /etc/scalr-server/scalr-server.rb with the following contents. Be sure to update the values with the actual values for you installation:

enable_all true
product_mode :iacp
mysql[:enable] = false

# Mandatory SSL
# Update the below settings to match your FQDN and where your .key and .crt are stored
proxy[:ssl_enable] = true
proxy[:ssl_redirect] = true
proxy[:ssl_cert_path] = "/etc/scalr-server/organization.crt"
proxy[:ssl_key_path] = "/etc/scalr-server/organization.key"

routing[:endpoint_host] = "iacp.organization.com"
routing[:endpoint_scheme] = "https"

#Enter database name below
app[:mysql_scalr_host] = MYSQL_SERVER_HOST
app[:mysql_scalr_port] = 3306

#Add if you have a self signed cert, update with the proper location if needed
#ssl[:extra_ca_file] = "/etc/scalr-server/rootCA.pem"

#Add if you require a proxy, it will be used for http and https requests
#http_proxy "http://user:*****@my.proxy.com:8080"

#If a no proxy setting is needed, you can define a domain or subdomain like so: no_proxy=example.com,domain.com . The following setting would not work: *.domain.com,*example.com
#no_proxy example.com

####The following is only needed if you want to use a specific version of Terraform or OPA that Scalr may not included yet.####
#app[:configuration] = {
#:scalr => {
#  "tf_worker" => {
#      "default_terraform_version"=> "0.12.20",
#      "runner" => {
#          "run_time_limit": 720  # 12h #Default is 60/1hr
#       },
#      "terraform_images" => {
#          "0.12.10" => "hashicorp/terraform:0.12.10",
#          "0.12.20" => "hashicorp/terraform:0.12.20"
#      },
#      "default_opa_version" => "0.19.1",
#      "opa_images" => {
#          "0.16.2" => "openpolicyagent/opa:0.16.2",
#          "0.19.1" => "openpolicyagent/opa:0.19.1"
#       }
#    }
#  }
#}

Note

If you are using an external database that was not part of the Scalr installation, like AWS RDS, you must set the following that max_allowed_packet is equal to 256M . The following parameters must also be set as part of the parameter group: STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION.

Create the following databases and users on the database instance:

CREATE DATABASE scalr;
CREATE DATABASE analytics;
CREATE USER 'root'@'%' IDENTIFIED BY '<copy root password from scalr-server-secrets.json>';
CREATE USER 'scalr'@'%' IDENTIFIED BY '<copy scalr password from scalr-server-secrets.json>';
CREATE USER 'repl'@'%' IDENTIFIED BY '<copy repl password from scalr-server-secrets.json>';
GRANT ALL PRIVILEGES ON analytics.* TO 'root'@'%';
GRANT ALL PRIVILEGES ON scalr.* TO 'root'@'%';
GRANT ALL PRIVILEGES ON analytics.* TO 'scalr'@'%';
GRANT ALL PRIVILEGES ON scalr.* TO 'scalr'@'%';
GRANT ALL PRIVILEGES ON analytics.* TO 'repl'@'%';
GRANT ALL PRIVILEGES ON scalr.* TO 'repl'@'%';

Reconfigure the Scalr application server server:

/opt/scalr-server/bin/scalr-server-ctl reconfigure

You can now log into Scalr by putting the hostname that is listed as your endpoint in the scalr-server.rb into a browser. To log in the first time, please find the admin password in the /etc/scalr-server/scalr-server-secrets.json file. The username is admin.

"app": {
  "admin_password": "password123"