Microsoft Azure¶

Microsoft supplies a prebuilt HPE Helion Stackato image on its Azure platform.

Important

The HPE Helion Stackato image on the Microsoft Azure platform is provided on the basis of the Bring Your Own License model: it is subject to the Software License Terms and requires a software license key.

Ensure that you have a Microsoft Azure account with sufficient credit to cover the hosting costs for your image.
Ask your administrator to add your microsoftonline.com or live.com account to your company's Azure account and then log into Azure.

To Create a Resource Group¶

A resource group is necessary for storing resources such as storage accounts, virtual networks, virtual machines, network interfaces, network security groups, public IP addresses, and extensions.

Tip

If you plan to create multiple Helion Stackato instances, it is a good practice to create them under the same resource group.

In Azure, on the left panel, click Resource groups and then click Add.
Enter the Resource group name.
Select your Subscription.
Select the Resource group location.
Click Create.

The resource group is created.

To Create a Virtual Network¶

A virtual network is necessary for the virtual machines in your cluster to communicate together on an internal, private network.

In Azure, on the left panel, click Browse.
Enter network into the Filter search field, click Virtual Networks, and then click Add.
Enter the virtual network Name, Address space (in CIDR notation), Subnet name, and Subnet address range (in CIDR notation).
Select your Subscription.
Under Resource Group, click Select Existing, click Not configured, and then select the resource group that you have created earlier.
Select the virtual network Location.
Click Create.

The virtual network is created and associated with your resource group.

To Create Network Security Groups¶

It is a good practice to set up the smallest possible profile for the public gateway of a cluster while allowing the functional components inside the cluster to communicate freely on various required ports. You can add this functionality by creating two partially-overlapping security groups.

Note

For more information on how Helion Stackato uses ports, see the Helion Stackato port requirements.

In Azure, on the left panel, click Browse.
Enter security into the Filter search field, click Network security groups, and then click Add.
On the Create network security group dialog box, enter the security group Name.
Select your Subscription.
Under Resource Group, click Select Existing, click Not configured, and then select the resource group that you have created earlier.
Select the virtual network Location.
Click Create.

The security group is created and associated with your resource group.

Create a Public-Facing Network Security Group¶

On the Settings panel, click Inbound security rules, and then click Add.

On the Add inbound security rule panel, enter the following rules and click OK.

Name	Priority	Source	Protocol	Source Port Range	Destination	Destination Port Range	Action
SSH	100	Any	TCP	*	Any	22	Allow
HTTP	200	Any	TCP	*	Any	80	Allow
HTTPS	300	Any	TCP	*	Any	443	Allow

Create an Internal Network Security Group¶

Default security group rules allow for internal communication within the virtual network.

Enable Communications Between Network Security Groups¶

As long as the two network security groups are on the same subnet, no additional settings are necessary for the network security groups to communicate with each other. However, if they are on different subnets, add a rule to each network security group that specifies the CIDR address of the other network security group in the Source field.

To Create a Storage Account¶

A storage account is necessary for storing the virtual disks of your virtual machines.

In Azure, on the left panel, click Browse.
Enter storage into the Filter search field, click Storage accounts, and then click Add.
Enter the storage account Name and select the storage account Type.
(Optional) To disable metric and log request diagnostics, click Disable (enabled by default).
Select your Subscription.
Under Resource Group, click Select Existing, click Not configured, and then select the resource group that you have created earlier.
Select the storage account Location.
Click Create.

The storage account is created and associated with your resource group.

To Deploy a Helion Stackato Virtual Machine¶

In Azure, on the left panel, click New.
Next to Marketplace, click See all.
On the Everything pane, enter stackato into the Search Compute field, press Enter, and click the Helion Stackato row.
On the Helion Stackato pane, click Create.

The Create virtual machine and Basics panes are displayed.

Configure Basic Settings¶

On the Basics pane, enter the virtual machine Name.
Enter stackato for the virtual machine User name.

Important

If you set your username to anything other than stackato, after you set up your VM, you must run the following command on the core node using your public IP (in the following example, 203.0.113.0) in order to run kato commands, for example:

sudo passwd stackato
sudo su - stackato
kato node rename 203.0.113.0.xip.io --no-restart
kato node setup core api.203.0.113.0.xip.io
ip -4 address

After you run the command, you will receive your private IP address (in the following example, 192.0.2.0). You can use this IP address to configure all your other nodes by running the following command, for example:

sudo su - stackato
kato node attach -e ROLE 192.0.2.0

Ensure that the Authentication type is set to Password and enter a Password for the virtual machine.
Select the Subscription.
Under Resource Group, click Select Existing, click Not configured, and then select the resource group that you have created earlier.
Select the virtual machine Location.
Click OK.

Choose Virtual Machine Size¶

On the Choose a size pane, select the virtual machine size. The following three recommended deployments are displayed.

A2 Basic	A2 Standard	D2 Standard
2 cores 3.5 GB 4 data disks 4x300 Max IOPS	2 cores 3.5 GB 4 data disks 4x500 Max IOPS Load balancing Auto scale	2 cores 7 GB 4 data disks 4x500 Max IOPS 100 GB Local SSD Auto scale

To view all possible configurations, click View all.

Click Select.

Configure Optional Features¶

On the Settings pane, you can configure the following optional features.

Storage¶

Under Disk type you can select Standard (magnetic disk) or Premium (SSD) depending on your virtual machine size configuration.
Under Storage account, the storage account that you have created earlier should be already selected. If it is not, select it.

Network¶

Under Virtual network and Subnet, the virtual network and its subnet that you have created earlier should be both already selected. If they are not, select it.
For the core node:
- Do not configure the Public IP Address. It will be created automatically.
- Under Network security group, select the public-facing network security group that you have created earlier.
For non-core nodes:
- Click Public IP address and then on the Choose public IP address panel click None.
- Under Network security group, select the internal network security group that you have created earlier.

Monitoring¶

(Optional) To disable metric diagnostics, click Disable (enabled by default).
Under Diagnostics storage account, the storage account that you have created earlier should be already selected. If it is not, select it.

Availability¶

(Optional) To provide redundancy for your application, you can select an Availability set.

When you finish configuring the optional features, click OK.

Summary¶

On the Summary pane, you can review your selections.

To return to any of the previous pane, click a step on the Create virtual machine pane.
When you are satisfied with your selections, click OK.

Purchase¶

On the Purchase pane, you can read the offer details, the Terms of use, and the Privacy policy and familiarize yourself with the Pricing for other VM sizes, Azure infrastructure costs, and the Azure Marketplace Terms.

When you are satisfied with all of the terms and conditions, click Purchase.

The Helion Stackato virtual machine, its network interface, and IP address are created and associated with your resource group.

To Configure a Helion Stackato Virtual Machine¶

Set the Hostname and DNS¶

To be able to access the web interface and applications that will be hosted on Helion Stackato, you must set the hostname on your public-facing node to a corresponding wildcard DNS record. You can use the xip.io service to obtain wildcard DNS resolution for your Elastic IP address.

ssh to your instance, for example:
```
$ ssh stackato@203.0.113.0
```

Rename the hostname, for example:

$ kato node rename 203.0.113.0.xip.io

At the end of the process, the address of the API endpoint is displayed, for example:

Stackato Micro Cloud:-
  endpoint: api.203.0.113.0.xip.io
  mbusip: 127.0.0.1
  micro cloud: true
  eth0 IP: 198.0.2.0

You can now connect to the web console of your instance by entering the API endpoint into your browser.

Configure the First Administrative Account¶

Enter the address of the web console of your instance into a web browser, for example:
```
api.203.0.113.0.xip.io
```
When you first connect to the web console, you will receive a warning about an untrusted connection. Add an exception for the provided certificate and proceed.
Important

For production systems, add a signed certificate and a real DNS record to your domain. You can publish the public-facing address of your domain name either using DNS or dynamic DNS. For example, a static DNS zone file for stackato-test on example.com would have the following entries (note the . that terminates the A record):
```
stackato-test      IN  A       <Elastic-IP>.
\*.stackato-test   IN  CNAME   stackato-test
```
For more information on DNS configuration, see DNS.
On the Set Up First Admin User page, enter the Username, Email Address, and Password for the first administrative account, the first Organization Name and Space Name.

Tip

The password you specify for this account will also become the password for the stackato system user, removing the warning displayed after connecting to the instance using ssh.
Review the Stackato Terms of use, click Yes, I agree, and click Set Up First Admin User.

To Deploy a Helion Stackato Cluster¶

Create Non-Core Instances¶

To setup a multi-node, clustered Helion Stackato PaaS, see Cluster Setup
To create a single cluster, create the required number of additional Helion Stackato instances using the same resource group and follow the same steps and instance types you used to create your core VM.

Configure the Core Node¶

ssh to your core instance, for example:
```
$ ssh stackato@203.0.113.0
```
Set up the core node:
```
$ kato node setup core
```
Press y when prompted for an endpoint or enter a name for the endpoint.
Enter your password when prompted.

Helion Stackato disables all the roles that will be delegated to other nodes and configures itself to listen on the node's internal MBUS IP address. At the end of the process, the internal MBUS IP address and the assigned and available roles are displayed, for example:
```
Stackato Cluster:-
  endpoint: api.203.0.113.0.xip.io
  mbusip: 198.0.2.24
  micro cloud: false
Stackato Node [198.0.2.0]
  assigned roles : base,controller,primary,router
  available roles: base,mdns,primary,controller,router,dea,postgresql,mysql,rabbit,rabbit3,mongodb,redis,filesystem,harbor,memcached,load_balancer
```
Tip

Note the internal MBUS IP address. You will need it to configure your non-core nodes.

Configure the Non-Core Nodes¶

In Azure, on the left panel, click Resource groups and then click the name of your resource group.
On the Resource group panel, click the Network interface of your VM.
On the Network interface panel, note the Private IP address of the VM.
ssh to your core instance, for example:
```
$ ssh stackato@203.0.113.0
```
ssh to your non-core instance from the core instance, for example:
```
$ ssh stackato@198.0.2.24
```
Important

There is no other way to access the non-core instances. When you ssh into non-core instances, use the stackato username and password. You can later simplify setup and maintenance operations by configuring passwordless SSH authentication between the core and non-core nodes.

Create Droplet Execution Agent (DEA) Nodes¶

Create the required number of DEAs from the non-core node using the internal MBUS IP address of the core node, for example:
```
$ kato node attach -e dea 198.0.2.0
```
Note

The -e option enables the specified role on the node and disables all other roles. While kato node attach commands run on various cluster nodes, the web console may display Node Degraded! error messages. However after the commands finish, you can view the operational cluster nodes by navigating to the Helion Stackato web console and clicking Admin > Cluster or by running the kato node list and kato status commands after you ssh into your core node.
Enter your password for the non-core node and core node when prompted.

Create a Data Service Node¶

data-services is a meta-tag that enables support for MySQL, PostreSQL, MongoDB, RabbitMQ, Memcached, and the Filesystem service.

Create a data service node from the non-core node using the internal MBUS IP of the core node, for example:
```
$ kato node attach -e data-services 198.0.2.1
```
Enter your password for the non-core node and core node when prompted.