Microsoft supplies a prebuilt HPE Helion Stackato image on its Azure platform.
Important
The HPE Helion Stackato image on the Microsoft Azure platform is provided on the basis of the Bring Your Own License model: it is subject to the Software License Terms and requires a software license key.
A resource group is necessary for storing resources such as storage accounts, virtual networks, virtual machines, network interfaces, network security groups, public IP addresses, and extensions.
Tip
If you plan to create multiple Helion Stackato instances, it is a good practice to create them under the same resource group.
In Azure, on the left panel, click Resource groups and then click Add.
Enter the Resource group name.
Select your Subscription.
Select the Resource group location.
Click Create.
The resource group is created.
A virtual network is necessary for the virtual machines in your cluster to communicate together on an internal, private network.
In Azure, on the left panel, click Browse.
Enter network
into the Filter search field, click Virtual Networks, and then click Add.
Enter the virtual network Name, Address space (in CIDR notation), Subnet name, and Subnet address range (in CIDR notation).
Select your Subscription.
Under Resource Group, click Select Existing, click Not configured, and then select the resource group that you have created earlier.
Select the virtual network Location.
Click Create.
The virtual network is created and associated with your resource group.
It is a good practice to set up the smallest possible profile for the public gateway of a cluster while allowing the functional components inside the cluster to communicate freely on various required ports. You can add this functionality by creating two partially-overlapping security groups.
Note
For more information on how Helion Stackato uses ports, see the Helion Stackato port requirements.
In Azure, on the left panel, click Browse.
Enter security
into the Filter search field, click Network security groups, and then click Add.
On the Create network security group dialog box, enter the security group Name.
Select your Subscription.
Under Resource Group, click Select Existing, click Not configured, and then select the resource group that you have created earlier.
Select the virtual network Location.
Click Create.
The security group is created and associated with your resource group.
On the Settings panel, click Inbound security rules, and then click Add.
On the Add inbound security rule panel, enter the following rules and click OK.
Name | Priority | Source | Protocol | Source Port Range | Destination | Destination Port Range | Action |
---|---|---|---|---|---|---|---|
SSH | 100 | Any | TCP | * | Any | 22 | Allow |
HTTP | 200 | Any | TCP | * | Any | 80 | Allow |
HTTPS | 300 | Any | TCP | * | Any | 443 | Allow |
Default security group rules allow for internal communication within the virtual network.
As long as the two network security groups are on the same subnet, no additional settings are necessary for the network security groups to communicate with each other. However, if they are on different subnets, add a rule to each network security group that specifies the CIDR address of the other network security group in the Source field.
A storage account is necessary for storing the virtual disks of your virtual machines.
In Azure, on the left panel, click Browse.
Enter storage
into the Filter search field, click Storage accounts, and then click Add.
Enter the storage account Name and select the storage account Type.
(Optional) To disable metric and log request diagnostics, click Disable (enabled by default).
Select your Subscription.
Under Resource Group, click Select Existing, click Not configured, and then select the resource group that you have created earlier.
Select the storage account Location.
Click Create.
The storage account is created and associated with your resource group.
In Azure, on the left panel, click New.
Next to Marketplace, click See all.
On the Everything pane, enter stackato
into the Search Compute field, press Enter, and click the Helion Stackato row.
On the Helion Stackato pane, click Create.
The Create virtual machine and Basics panes are displayed.
stackato
for the virtual machine User name.Important
If you set your username to anything other than stackato
, after you set up your VM, you must run the following command
on the core node using your public IP (in the following example, 203.0.113.0
) in order to run kato
commands, for example:
sudo passwd stackato
sudo su - stackato
kato node rename 203.0.113.0.xip.io --no-restart
kato node setup core api.203.0.113.0.xip.io
ip -4 address
After you run the command, you will receive your private IP address (in the following example, 192.0.2.0
).
You can use this IP address to configure all your other nodes by running the following command, for example:
sudo su - stackato
kato node attach -e ROLE 192.0.2.0
On the Choose a size pane, select the virtual machine size. The following three recommended deployments are displayed.
A2 Basic | A2 Standard | D2 Standard |
---|---|---|
|
|
|
To view all possible configurations, click View all.
Click Select.
On the Settings pane, you can configure the following optional features.
When you finish configuring the optional features, click OK.
On the Summary pane, you can review your selections.
On the Purchase pane, you can read the offer details, the Terms of use, and the Privacy policy and familiarize yourself with the Pricing for other VM sizes, Azure infrastructure costs, and the Azure Marketplace Terms.
When you are satisfied with all of the terms and conditions, click Purchase.
The Helion Stackato virtual machine, its network interface, and IP address are created and associated with your resource group.
To be able to access the web interface and applications that will be hosted on Helion Stackato, you must set the hostname on your public-facing node to a corresponding wildcard DNS record. You can use the xip.io service to obtain wildcard DNS resolution for your Elastic IP address.
ssh
to your instance, for example:
$ ssh stackato@203.0.113.0
Rename the hostname, for example:
$ kato node rename 203.0.113.0.xip.io
At the end of the process, the address of the API endpoint is displayed, for example:
Stackato Micro Cloud:-
endpoint: api.203.0.113.0.xip.io
mbusip: 127.0.0.1
micro cloud: true
eth0 IP: 198.0.2.0
You can now connect to the web console of your instance by entering the API endpoint into your browser.
Enter the address of the web console of your instance into a web browser, for example:
api.203.0.113.0.xip.io
When you first connect to the web console, you will receive a warning about an untrusted connection. Add an exception for the provided certificate and proceed.
Important
For production systems, add a signed certificate and a real DNS record to your domain. You can publish the public-facing address of your domain
name either using DNS or dynamic DNS. For example, a static DNS zone file for
stackato-test
on example.com
would have the following entries (note the .
that terminates the A
record):
stackato-test IN A <Elastic-IP>.
\*.stackato-test IN CNAME stackato-test
For more information on DNS configuration, see DNS.
On the Set Up First Admin User page, enter the Username, Email Address, and Password for the first administrative account, the first Organization Name and Space Name.
Tip
The password you specify for this account will also become the password for the stackato
system user, removing the warning displayed after
connecting to the instance using ssh
.
Review the Stackato Terms of use, click Yes, I agree, and click Set Up First Admin User.
ssh
to your core instance, for example:
$ ssh stackato@203.0.113.0
Set up the core node:
$ kato node setup core
Press y
when prompted for an endpoint or enter a name for the endpoint.
Enter your password when prompted.
Helion Stackato disables all the roles that will be delegated to other nodes and configures itself to listen on the node's internal MBUS IP address. At the end of the process, the internal MBUS IP address and the assigned and available roles are displayed, for example:
Stackato Cluster:-
endpoint: api.203.0.113.0.xip.io
mbusip: 198.0.2.24
micro cloud: false
Stackato Node [198.0.2.0]
assigned roles : base,controller,primary,router
available roles: base,mdns,primary,controller,router,dea,postgresql,mysql,rabbit,rabbit3,mongodb,redis,filesystem,harbor,memcached,load_balancer
Tip
Note the internal MBUS IP address. You will need it to configure your non-core nodes.
In Azure, on the left panel, click Resource groups and then click the name of your resource group.
On the Resource group panel, click the Network interface of your VM.
On the Network interface panel, note the Private IP address of the VM.
ssh
to your core instance, for example:
$ ssh stackato@203.0.113.0
ssh
to your non-core instance from the core instance, for example:
$ ssh stackato@198.0.2.24
Important
There is no other way to access the non-core instances. When you ssh
into non-core instances, use the stackato
username and password.
You can later simplify setup and maintenance operations by configuring passwordless SSH authentication
between the core and non-core nodes.
Create the required number of DEAs from the non-core node using the internal MBUS IP address of the core node, for example:
$ kato node attach -e dea 198.0.2.0
Note
The -e
option enables the specified role on the node and disables all other roles. While kato node attach
commands run on various cluster
nodes, the web console may display Node Degraded!
error messages. However after the commands finish, you can view the operational cluster nodes
by navigating to the Helion Stackato web console and clicking Admin > Cluster or by running the kato node list
and kato status
commands
after you ssh
into your core node.
Enter your password for the non-core node and core node when prompted.
data-services
is a meta-tag that enables support for MySQL, PostreSQL, MongoDB, RabbitMQ, Memcached, and the Filesystem service.
Create a data service node from the non-core node using the internal MBUS IP of the core node, for example:
$ kato node attach -e data-services 198.0.2.1
Enter your password for the non-core node and core node when prompted.