epam cloud orchestrator - cloud services guidep=c_services/csug... · o adobe aem service –...

Legal Notice: This document contains privileged and/or confidential information and may not be disclosed, distributed or

reproduced without the prior written permission of EPAM®.

EPAM Cloud Orchestrator

Services

User Guide

May 2018

CSUG-3

Version 3.22

EPAM Cloud Orchestrator - Cloud Services Guide

2 EPAM PUBLIC

CONTENT

Preface .......................................................................................................................................................... 8

About this Guide .................................................................................................................................... 8

Audience ................................................................................................................................................ 8

The structure of the Guide ..................................................................................................................... 8

Documentation References ................................................................................................................... 9

1 EPAM Cloud Services. General Notion ............................................................................................... 10

2 Infrastructure Services ......................................................................................................................... 12

2.1 Checkpoints Service .................................................................................................................. 12

2.1.1 Checkpoints Utilization .................................................................................................... 13

2.1.2 Limitations ....................................................................................................................... 14

2.1.3 Best Practices ................................................................................................................. 14

2.2 VM Images Service ................................................................................................................... 15

2.2.1 Preparing Windows OS Instances for Image Creation ................................................... 15

2.2.2 Preparing Linux OS Instances for Image Creation ......................................................... 20

2.2.3 Manipulating Images ....................................................................................................... 22

2.3 Infrastructure Scheduling Service (CRON) ............................................................................... 23

2.3.1 Scheduling Activation ...................................................................................................... 23

2.3.2 Describing Schedules ..................................................................................................... 24

2.3.3 Deleting Schedules ......................................................................................................... 24

2.3.4 Cron Reference ............................................................................................................... 24

2.3.5 Pricing ............................................................................................................................. 26

2.4 Static IP Provisioning ................................................................................................................ 27

3 Platform Services ................................................................................................................................. 28

3.1 Manage Services Wizard .......................................................................................................... 29

3.2 Auto Configuration Service (ACS) ............................................................................................. 31

3.2.1 Auto Configuration Procedure ......................................................................................... 31

3.2.2 Disabling Auto Configuration for Specific OS ................................................................. 31

3.2.3 Assigning Chef Roles ...................................................................................................... 32

3.2.4 Manipulating Chef Server ................................................................................................ 32

3.2.5 Collecting Info on Chef Clients ........................................................................................ 34


3 EPAM PUBLIC

3.2.6 Shared Chef Server ........................................................................................................ 34

3.2.7 Web UI ............................................................................................................................ 36

3.2.8 Pricing ............................................................................................................................. 36

3.3 Cloud Monitoring Services (CMS) ............................................................................................. 38

3.3.1 Default EPAM Monitoring ................................................................................................ 38

3.3.2 Telemetry as a Service (TMS) ........................................................................................ 39

3.3.3 Zabbix as a Service ......................................................................................................... 43

3.4 Log Aggregation Service (LAS) ................................................................................................. 47

3.4.1 Service Activation ............................................................................................................ 47

3.4.2 Service Manipulations ..................................................................................................... 47

3.4.3 Web UI and Viewing Logs ............................................................................................... 48

3.4.4 Pricing ............................................................................................................................. 48

3.5 Load Balancer Service (LBS) .................................................................................................... 49


3.5.2 Configuring the Load Balancer ....................................................................................... 49

3.5.3 Web UI ............................................................................................................................ 51

3.5.4 Pricing ............................................................................................................................. 51

3.6 FTP to AWS S3 Service (FTP2S3) ........................................................................................... 52

3.6.1 Pre-Requisites and Limitations ....................................................................................... 52


3.6.3 S3 Bucket Management .................................................................................................. 53

3.6.4 User Access Management .............................................................................................. 53

3.6.5 Accessing the FTP Server .............................................................................................. 54

3.6.6 Pricing ............................................................................................................................. 55

3.7 OpenShift as a Service (OSS) ................................................................................................... 55

3.7.1 Configuring Ansible ......................................................................................................... 55

3.7.2 Service Setup and Configuration .................................................................................... 56

3.7.3 Pricing ............................................................................................................................. 59

3.8 Docker Service (DOS) ............................................................................................................... 59


3.8.2 Working with Containers ................................................................................................. 61

3.8.3 Working with Docker Volumes ........................................................................................ 61


4 EPAM PUBLIC

3.8.4 Docker Info ...................................................................................................................... 64

3.8.5 Web UI ............................................................................................................................ 64

3.8.6 REST API ........................................................................................................................ 64

3.8.7 Working with Docker Images via Docker Registry .......................................................... 65

3.8.8 Pricing ............................................................................................................................. 68

3.8.9 EPAM-DKR – Dedicated Docker Region ........................................................................ 68

3.9 Kubernetes as a Service ........................................................................................................... 69


3.9.2 Kubernetes Info ............................................................................................................... 70

3.9.3 Kubernetes Pods Management ...................................................................................... 71

3.9.4 Kubernetes Namespaces Management .......................................................................... 71

3.9.5 Kubernetes Services Management ................................................................................. 71

3.9.6 Kubernetes Replication Controllers Management .......................................................... 72

3.9.7 Kubernetes Nodes Management .................................................................................... 72

3.9.8 Using the Service ............................................................................................................ 72

3.9.9 kubectl Configuration ...................................................................................................... 73

3.9.10 Web UI ............................................................................................................................ 73

3.9.11 Container Images ............................................................................................................ 75

3.9.12 Troubleshooting .............................................................................................................. 77

3.9.13 Pricing ............................................................................................................................. 78

3.10 Hadoop Data Platform Service (HDP) ....................................................................................... 79


3.10.2 Retrieving Hadoop Info ................................................................................................... 80

3.10.3 Running Jobs .................................................................................................................. 80

3.10.4 Manipulating Slaves and Clients ..................................................................................... 80

3.10.5 Web UI ............................................................................................................................ 81

3.10.6 Pricing ............................................................................................................................. 82

3.11 Ambari as a Service .................................................................................................................. 83

3.11.1 Starting One-Node Ambari Server and Configuring the Cluster ..................................... 83

3.11.2 Configuring and Starting Cluster Nodes ......................................................................... 84

3.11.3 Manipulating Cluster Nodes ............................................................................................ 85

3.11.4 Retrieving Information on Ambari Resources ................................................................. 85


5 EPAM PUBLIC

3.11.5 Web UI ............................................................................................................................ 86

3.11.6 Pricing ............................................................................................................................. 87

3.11.7 Default Blueprint .............................................................................................................. 87

3.11.8 Configuration Example .................................................................................................... 88

3.12 Splunk as a Service ................................................................................................................... 90

3.12.1 Service Architecture ........................................................................................................ 90

3.12.2 Splunk Service Activation ................................................................................................ 91

3.12.3 Splunk Proxy ................................................................................................................... 92

3.12.4 Service Manipulation ....................................................................................................... 92

3.12.5 Web UI ............................................................................................................................ 93

3.12.6 Pricing ............................................................................................................................. 93

3.13 Jenkins as a Service ................................................................................................................. 94


3.13.2 Service Manipulations ..................................................................................................... 95

3.13.3 Web UI ............................................................................................................................ 95

3.13.4 Pricing ............................................................................................................................. 96

3.13.5 Configuration File Example ............................................................................................. 96

3.14 Gerrit as a Service ..................................................................................................................... 98

3.14.1 Service Architecture ........................................................................................................ 98


3.14.3 Logging in to Gerrit ........................................................................................................ 101

3.14.4 Web UI .......................................................................................................................... 101

3.14.5 Dynamic Integration with Jenkins ................................................................................. 101

3.14.6 Pricing ........................................................................................................................... 101

3.15 Sonar as a Service .................................................................................................................. 103

3.15.1 Service Activation .......................................................................................................... 103

3.15.2 Service Manipulation ..................................................................................................... 104

3.15.3 Web UI .......................................................................................................................... 105

3.15.4 Pricing ........................................................................................................................... 106

3.16 Artifactory as a Service ........................................................................................................... 107




6 EPAM PUBLIC

3.16.3 Web UI .......................................................................................................................... 108

3.16.4 Pricing ........................................................................................................................... 108

3.17 Adobe AEM as a Service (AEM) ............................................................................................. 109

3.17.1 AEM Basic ..................................................................................................................... 110

3.17.2 AEM PaaS Mode ........................................................................................................... 113

3.17.3 Pricing ........................................................................................................................... 116

3.18 Sitecore as a Service .............................................................................................................. 117

3.18.1 Service Architecture ...................................................................................................... 117

3.18.2 Single Mode .................................................................................................................. 117

3.18.3 Large Mode ................................................................................................................... 119

3.19 Relational Database Service (RDB) ........................................................................................ 123

3.19.1 Service Activation and Manipulations ........................................................................... 123

3.19.2 Login to the DB ............................................................................................................. 124

3.19.3 Pricing ........................................................................................................................... 124

3.19.4 MS SQL with Guaranteed Capacities ........................................................................... 124

3.19.5 Database Comparison .................................................................................................. 125

3.20 Hybris as a Service ................................................................................................................. 128


3.20.2 Service Activation and Manipulation ............................................................................. 129

3.20.3 Hybris Info ..................................................................................................................... 130

3.20.4 Logging in to Service Nodes ......................................................................................... 130

3.20.5 Pricing ........................................................................................................................... 131

3.21 Magento as a Service .............................................................................................................. 131



3.21.3 Web UI .......................................................................................................................... 132

3.21.4 Pricing ........................................................................................................................... 133

3.22 ATG as a Service .................................................................................................................... 134




3.22.4 Service Configuration .................................................................................................... 136


7 EPAM PUBLIC

3.22.5 Logging In...................................................................................................................... 136

3.22.6 Pricing ........................................................................................................................... 136

3.23 Messaging Service (MES) ....................................................................................................... 137

3.23.1 Service Tokens ............................................................................................................. 137

3.23.2 Service Activation and Manipulations ........................................................................... 137

3.23.3 Managing the Service via AWS SDK ............................................................................ 138

3.23.4 Pricing ........................................................................................................................... 143

Annex A – PaaS Guest Operating Systems .............................................................................................. 144

Table of Figures ................................................................................................................................. 145

Version history ................................................................................................................................... 149


8 EPAM PUBLIC

PREFACE

ABOUT THIS GUIDE

The primary aim of EPAM Cloud is providing its users with virtual capacities. However, besides this, there

is a number of services that complement it and make EPAM Cloud usage more effective and easy in use.

These services are designed to improve virtual resources usage and automate infrastructure

manipulations and setup.

This guide describes the existing services and provides the guidelines and useful tips on their usage.

Please note that we are constantly developing and updating the services provided by EPAM cloud. This

document is not the final description of them, it is being constantly updated and developed together with

EPAM Cloud functionality.

AUDIENCE

This guide is designed for the users of all levels of expertise who need to simplify and automate their virtual

infrastructure usage processes.

THE STRUCTURE OF THE GUIDE

The guide consists of three main sections:

1. EPAM Cloud Services. General Notion – This section includes the generalized description of existing

EPAM Cloud services and their types.

2. Infrastructure Services – This section provides the details on existing infrastructure services and gives

step by step instructions on their usage.

3. Platform Services – This section provides the details on the auto-configuration service and other

platform services, based on it.


9 EPAM PUBLIC

DOCUMENTATION REFERENCES

EPAM Orchestration is described in details in a number of documents, oriented on different aspects of

Orchestration usage, and on different types of users.

You can find these documents on our Documentation page.

The answers to the most frequently asked questions can be found on the FAQ page.

EPAM Cloud terms and conditions are described in our Terms and Conditions document. Please take a

look at this document in order to avoid misunderstandings and conflicts that may arise during the service

usage.

The terminology of EPAM Cloud and the related products can be found on the Glossary page.

Please email your comments and feedback to EPAM Cloud Consulting at

[email protected] to help us provide you with documentation that is as clear,

correct and readable as possible.

https://cloud.epam.com/site/learn/documentation

https://cloud.epam.com/site/learn/f=a=q

https://cloud.epam.com/site/about/terms_and_agreements/EPC_Policy.pdf

https://cloud.epam.com/site/learn/glossary

mailto:[email protected]

https://kb.epam.com/display/EPMCITFAQ/Documentation


EPAM PUBLIC 10

1 EPAM CLOUD SERVICES. GENERAL NOTION

EPAM Private Cloud offers you a set of services, related to Cloud utilization. The main one is Cloud

Computing Service that allows you to create and manage your own infrastructure in Cloud.

The other services complement Cloud Computing and make it easier and faster in use.

There are two types of services provided by EPAM Cloud:

• Infrastructure services, providing additional facilities on the provisioned resources. They are:

o Checkpoints service – provides the ability to create instance recovery points on your VMs

o Images creation service – provides the ability to create images based on your existing VMs,

and use these images for creating new instances similar to the parent one.

o Scheduling service – allows to set up automatic instances manipulation

o Static IP service – allows to allocate static IPs to your VMs

• Platform services, providing auto configuration facilities and complex solutions, based on auto

configuration.

o Auto Configuration Service – Opscode Chef-based service, providing the ability to

automatically configure virtual resources

o Cloud Monitoring Service – allows to gather information on Cloud resources performance.

Based on Chef and Zabbix monitoring services.

o Log Aggregation Service – GrayLog-based service, allowing to collect logs from your

resources.

o Load Balancer Service – Nginx-based service, that allows to arrange load balancing for

your resources.

o FTP to AWS S3 Service – establishes FTP access to an AWS S3 bucket to store and share

large amounts of data

o Docker Service – allows to create a Docker cluster.

o Kubernetes as a Service – manages containers created by Docker or other

containerization services

o Hadoop data Platform Service – can be used by developers to test and debug their Hadoop

jobs before running them on production.

o Ambari Service – provides a web based UI and APIs for provisioning, management, and

monitoring of Hadoop clusters.

o Splunk as a Service – a big data management platform.

o Jenkins Service – sets up Jenkins from scratch, installs all necessary plugins and starts

collecting audit messages from Jenkins.

o Gerrit as a Service – a code review platform integrated with Jenkins

o Sonar as a Service – a code quality inspection service

o Artifactory as a Service – an artifact repository service

o Adobe AEM Service – provides your project with a web content management system,

equipped with a wide range of powerful tools.

o Sitecore as a Service – a platform for website content management and application

development

o Relational Database Service – automatically creates a database entity for your project.

o Hybris Service – provides your project with an e-commerce software platform.


EPAM PUBLIC 11

o Magento as a Service – an open-source e-commerce platform for building unique shopping

websites

o ATG as a Service - e-commerce platform widely used for creating and administering

commerce websites and managing their content

o Messaging Service – allows settings up a RabbitMQ server for message exchange.

Most services include creation of new resources, and these resources are charged according to EPAM

Cloud Billing policy, described in the Account Management Guide. There are no other fees for services

usage.

The service descriptions include referencing Maestro CLI commands. Please see Maestro CLI User Guide

for details on them.

https://cloud.epam.com/site/management/billing_and_quotas/ciug_7_billing.pdf

https://cloud.epam.com/site/develop/maestro_c=l=i/cirg_1_maestro_cli.pdf


EPAM PUBLIC 12

2 INFRASTRUCTURE SERVICES

Infrastructure services are those having to do directly with your Cloud resources. This can be either

automatic resources manipulation (scheduling), providing backups or updating networking settings.

EPAM Cloud supports the following infrastructure services:

• Creating checkpoints

• Creating images

• Providing static IP address

• Scheduling

These services are described in details further in this section.

2.1 CHECKPOINTS SERVICE

Checkpoints are instance recovery points, containing the data (storage, memory, other devices) of an

instance, including storage volumes at a specific point in time.

It is recommended to stop an instances before creating a checkpoint on it. This ensures seamless reverting

to the checkpoint. Otherwise, guest OS performance issues may occur.

Each checkpoint is billed per each GB of storage it takes. The size of the checkpoint depends on the

changes you make to the VM storage. The more changes you make, the heavier your checkpoint is.

The price of 1GB active checkpoint storage is about 3 times higher than the price of 1 GB of HDD running.

The table below compares the monthly price of a standard VMs of different shapes, with 100 GB storage

and with 10 GB checkpoint (in EPAM-BY1 Region).

Size Standard Price With Checkpoint (10GB)

MINI $51.87 $99.08

SMALL $55.52 $62.74

MEDIUM $73.05 $80.27

LARGE $92.04 $99.26

XL $105.92 $113.14

3XL $170.94 $178.15

Please note that the prices are true for January 18, 2016 and are given as an example. The prices, actual

at the moment when you are reading the guide, may differ from those given here. Please, use the Cost

Estimator tool for more precise estimations.

We strongly recommend to create checkpoints only before introducing critical changes to your VM, and

remove a checkpoint when it becomes clear that the changes are successful.

https://cloud.epam.com/site/competency_center/tools_and_capabilities/calculator



EPAM PUBLIC 13

Below, you can find the list of checkpoints-related commands:

Command Description

or2-create-checkpoint (or2ccp) Creates a new instance recovery point

or2-describe-checkpoints (or2dcp) Describes checkpoints created for a specific instance

or2-revert-to-checkpoint (or2rcp) Reverts instance to the latest available checkpoint

or2-go-to-checkpoint (or2gcp) Reverts instance to the specified checkpoint

or2-delete-checkpoint (or2delcp) Deletes the specified checkpoint

or2-stop-instances (or2stop) Stops the instance. Use the command before

creating a new checkpoint

2.1.1 Checkpoints Utilization

EPAM Orchestration currently allows performing the following operations with checkpoints:

• Creating a new checkpoint. This operation is performed in two steps:

o Stop the VM:

or2-stop-instance -p project -r region -i instance

o Create a checkpoint:

or2-create-checkpoint -p project -r region -i instance

-d checkpoint_description

• Describing the checkpoints created on a specified instance:

or2-describe-checkpoints -p project -r region -i instance

• Reverting the instance to the latest available checkpoint:

or2-revert-to-checkpoint -p project -r region -i instance

• Reverting the instance to a specified checkpoint:

or2-go-to-checkpoint -p project -r region -i instance

-c checkpoint_id

• Deleting an existing checkpoint. As with checkpoints creation, this needs two steps to be done:

• Stop the VM with:

or2-stop-instance -p project -r region -i instance

• Delete a checkpoint:

or2-delete-checkpoint -p project -r region -i instance

-c checkpoint_id

Deleting a checkpoint can take long time, even several hours. The parent VM is unavailable till the

deletion process is completed.


EPAM PUBLIC 14

2.1.2 Limitations

There are the following limitations on checkpoints usage in EPAM Cloud:

• Creation and management of instance checkpoint is not supported in EPAM OpenStack-based,

AWS, Azure and Google Cloud regions.

• All storage-related commands (or2attvol, or2addattvol, or2delvol, or2detvol) for the instance are

disabled once a checkpoint has been created.

• The default number of simultaneously available checkpoints is 1 for each instance. If you need more

checkpoints to perform your project functions, please contact our Consulting team to increase this

allowance.

• The checkpoint becomes larger throughout its existence, as the number of the changes on the VM

grows.

• The older the checkpoint is, the more difficult it is to revert to it.

• If a checkpoint is older than 30 days, reverting to it can fail or have unexpected consequences.

Moreover, in 30 days of checkpoint existence, the VM gets locked out of Active Directory.

2.1.3 Best Practices

Below are the tips on checkpoint usage best practices that will help you use the service more effectively.

• Do Not Use Checkpoints to Back up Your Instances

Checkpoints are not designed to be used as direct backups. A snapshot file is basically a change log of

the original disk volume. It combines with the original disk files to make up the current state of the virtual

machine.

If the base disks are deleted or corrupt, the snapshot files are useless.

• Do Not Use a Single Checkpoint for More Than 72 Hours

Otherwise they become too large and can compromise instance performance.

We recommend making checkpoints immediately before you introduce critical changes to an instance, and

deleting/reverting to the checkpoint as soon as you have verified proper working state of the instance.

• Mind Storage Usage

Checkpoint files can grow to the same size as the original base disk file.

This results in your storage utilization increase by an amount equal to the original size of instance multiplied

by the number of its checkpoints.

The good idea is, therefore, timely deleting unnecessary checkpoints to avoid high storage utilization and

related high costs.

• Do Not Create Long Checkpoint Chains

If your project is given an increased checkpoint quota, we recommend that you use only 2-3 checkpoints in

a chain.

An excessive number of checkpoints in a chain causes decreased instance and host performance, the way

large checkpoints also do.



EPAM PUBLIC 15

Checkpoints should only be present for the duration of the backup process.

2.2 VM IMAGES SERVICE

EPAM Orchestrator allows to create images from the existing instances. This allows to save the existing

settings and data and to create the necessary number of copies.

However, before creating an image, it is necessary to prepare the instance properly, to avoid further issues

with running new VM.

Please note that storing custom images is billed. The price depends on the image size, in GB. To find the

image storage price in a specific region, please, use the or2price command:

or2price -r region

The table below lists the commands used to work with images in EPAM Private Cloud.

Command Description

or2-create-image (or2cim) Creates a new image based on the specified instance

or2-describe-images (or2dim) Describes images available for your project/region

or2-delete-image (or2delim) Removes the specified custom image

The instruction below is actual for the instances in private regions and is not applicable for work in AWS

and Google Cloud regions.

Please see the information about virtual machines preparation in Microsoft Azure regions in the respective

sections describing workflows for Windows and Linux instances.

2.2.1 Preparing Windows OS Instances for Image Creation

Remove static IP settings (if applicable), configure DHCP respectively.


EPAM PUBLIC 16

Figure 1 - TCP/IP Configuration (Windows)

1. Create a user account and assign administrator privileges to it.

2. Click Start -> Control Panel

3. Click User Accounts

4. In a window that opens click Manage User Accounts

5. Move to the Advanced tab in the User Accounts window and click Advanced

6. Choose the Users group in the left part of the window that opens, then right-click on the right part

of the window and choose New user

7. Provide the data requested in the New user window and click Create to complete creation.


EPAM PUBLIC 17

Figure 2 - Creating Local Windows User

8. Return to the User Accounts window and click Manage User Accounts

9. Select the newly created user name in the User Accounts window and click Properties

10. Move to the Group Membership tab within the Properties window, choose the Administrator

option and click Apply.


EPAM PUBLIC 18

Figure 3 - Assigning Administrator Privileges to a Windows User

Make sure you remember these credentials. They are your only means to login to all instances, launched

on the created template.

Open Control Panel -> System and Security -> System. Click Change Settings.

11. In the System Properties window, click Change for the To rename the computer or change its

domain or workgroup option.

12. Exclude guest OS from domain:


EPAM PUBLIC 19

Figure 4 - Excluding Guest OS from Domain (Windows)

13. Rename guest OS by replacing digits at the end of its name with xxxx characters:

Figure 5 - Renaming Guest OS (Windows)

At this point, the system may prompt for reboot. Do not reboot the VM, continue with Step 15 instead.

14. Run the following command in Windows console.

ipconfig /release && shutdown -s -t 0

2.2.1.1 Preparing VMs in Microsoft Azure Regions

For virtual machines running in Microsoft Azure regions, use the Windows console to change the directory

to %windir%\system32\sysprep, then run sysprep.exe.

Make the following settings in the System Preparation Tool dialog window:

1. In the System Cleanup Action field, select the Enter System Out-of-Box Experience (OOBE)

option and check the Generalize checkbox.

2. In the Shutdown Options field, select Shutdown.


EPAM PUBLIC 20

Figure 6 - Rebooting a VM in Azure region

This reboots and stops the VM. After the command execution, the VM is ready for image creation.

2.2.2 Preparing Linux OS Instances for Image Creation

1. Remove static IP and any hardware-related settings (e.g. MAC address), if applicable. Set up

DHCP by editing configuration file.

For example:

RHEL-family - /etc/sysconfig/network-scripts/ifcfg-eth0

Debian-family - /etc/network/interfaces

2. Create a local user account:

RHEL-family:

# useradd username

# passwd username

Debian-family:

# adduser username

Adding user `username' ...

Adding new group `groupname' (1003) ...

Adding new user `username' (1004) with group `groupname' ...

Creating home directory `/home/username' ...

Copying files from `/etc/skel' ...

Enter new UNIX password:


EPAM PUBLIC 21

Retype new UNIX password:

passwd: password updated successfully

Changing the user information for username

Enter the new value, or press ENTER for the default

Full Name []: <Full Name>

Room Number []: <room number>

Work Phone []: <Phone>

Home Phone []: <Phone>

Other []: <Other>

Is the information correct? [Y/n] Y

Add the administrator rights to the user by editing the /etc/sudoers file as follows:

username ALL=(ALL:ALL) ALL

3. Remove UDEV settings for network devices, if applicable, by deleting all strings from /etc/udev/rules.d/70-persistent-net.rules

4. Rename guest OS by replacing digits at the end of its name with xxxx characters. For example:

RHEL-family - /etc/sysconfig/network

Debian-family - /etc/hostname

Please be aware that the path for CentOS7 is similar to the path for Debian.

5. Modify guest OS name in DHCP client settings by replacing digits at the end of its name with

xxxx characters. For example:

/etc/dhclient-eth0.conf.

2.2.2.1 Preparing VMs in Microsoft Azure Regions

For virtual machines running in Microsoft Azure regions, perform the following steps:

1. Connect to your VM via SSH.

2. Type the following command in the SSH window:

sudo waagent -deprovision+user

The command output may vary depending on the utility version.

This command is used to clean the system and prepare it for image creation. The following

actions are performed:

- SSH host keys are removed

- nameserver configuration in /etc/resolvconf is cleared


EPAM PUBLIC 22

- the root user’s password is removed from /etc/shadow

- cached DHCP client leases are removed

- the host name is reset to localhost.localdomain

- the last provisioned user account (obtained from /var/lib/waagent) and the associated

data is deleted

3. Type y to continue. To avoid this step, add the -force parameter to the command.

4. Type exit. This closes the SSH client.

2.2.3 Manipulating Images

After the instance is prepared, you can create an image of it.

This is done in two steps:

1. If the instance is running, stop it using or2stop command:

or2stop -r region -p project -i instance

2. Use the or2-create-image (or2cim) command to create a new image:

or2cim -r region -p project -i instance -n image_name -d image_description

In OpenStack regions, an image can be created only from instances that do not have additional volumes.

The following warnings do not concern AWS-type regions.

1. The created image will only be available for a single project (the one you use to create it).

2. Image name length must not exceed 255 characters and can only contain digits ('0-9'), letters ('a-z',

'A-Z'), dashes ('-') and underscores ('_').

3. All instances launched using the custom images will not be included in epam.com domain and will

be assigned a DNS name of the EVBYMINSD**** form. You will only be able to login to these instances

using their IP addresses.

To see the list of the available images, use the or2-describe-images (or2dim) command. The custom

images are marked as “project” ones:

Figure 7 - Custom images in or2dim command response

To remove a custom image, use the or2-delete-image (or2delim) command:

or2delim -i image_name -p project -r region -y

In AWS-type regions, this command is only available for ‘Project’ images.


EPAM PUBLIC 23

2.3 INFRASTRUCTURE SCHEDULING SERVICE (CRON)

EPAM Orchestrator allows scheduling instances manipulation so that their state is automatically changed

when needed, allowing to optimize the infrastructure load and costs. The schedules are set up with cron

expressions that are to be specified in the or2-create-schedule CLI command according to the specific

rules. Maestro CLI allows you to create a schedule, retrieve its info and delete. All these actions are

performed with different CLI commands described below in this section.

The table below provides the list of service-related commands and their descriptions.

Command Description

or2-create-schedule (or2addsch) Schedules a new action for the project and region

or2-schedule-add-instances (or2schaddi) Adds an instance to the existing schedule

or2-schedule-remove-instances (or2schremi)

Removes an instance from the specified schedule

or2-describe-schedules (or2dsch) Describes schedules existing on the specified project and region

or2-delete-schedule (or2delsch) Deletes the specified schedule

When working with cron and setting time values, GMT+0 time is used.

2.3.1 Scheduling Activation

Infrastructure scheduling is activated automatically as soon as the user specifies the schedule to be applied

to the selected instances. To set up a new schedule, use the or2-create-schedule (or2addsh) command

with the following flags:

or2-create-schedule -p project -r region -a action -c cronExpression

-i instanceID -n scheduleName

Here, the -a parameter specifies the action to be applied to the instances ('start', 'stop'), -c parameter

specifies the Cron expression used for scheduling the action, -i parameter specifies the instance or

instances to which the schedule should be applied, and the -n parameter sets the schedule name for further

reference.

Below, you can see examples of the most typical schedules used to automate Cloud infrastructure

manipulations:

• To switch on the VM every morning and shut it down every evening on weekdays, use the following

CLI Commands:

or2addsch -a start -c "0 0 5 ? * MON-FRI" -i SAMPLE

-n on_schedule -p sample -r sample

or2addsch -a stop -c "0 0 15 ? * MON-FRI" -i SAMPLE -n off_schedule -p

sample -r sample

The first schedule will start the VM at 8-00 Minsk time (UTC+3), and the second schedule will stop

it at 18-00 Minsk Time (UTC+3)


EPAM PUBLIC 24

• To start the VM on Monday morning and stop it on Friday evening:

or2addsch -a start -c "0 0 5 ? * MON" -i SAMPLE -n sample_schedule -p

sample -r sample

or2addsch -a stop -c "0 0 15 ? * FRI" -i SAMPLE -n sample_schedule -p

sample -r sample

The first schedule will start the VM on Mondays at 8-00 Minsk time (UTC+3), and the second

schedule will stop it on Fridays at 18-00 Minsk Time (UTC+3)

A schedule can be set for all instances within a region. For that purpose, use the or2addsch command with

the --all parameter and omit the -i/--instance parameter:

or2addsch -p project -r region -a action -c cronExpression -n

schedule_name --all

To create a schedule affecting only instances grouped by a certain principle, for example, only instances

used for testing, use tags. Add tags to the corresponding instances and set the schedule for them as follows:

or2addsch -p project -r region -n schedule_name -c cronExpression -t

prefix:key=value

To add an instance or instances to an existing schedule, use the or2schedule-add-instances (or2schaddi)

with the following flags:

or2schaddi -p project -r region -i instanceID -n scheduleName

Instances cannot be added to or removed from schedules created for the entire region (with the --all option)

or for instances with tags (with the -t/--tag option).

The details on the Cron rules creation are given in the section below.

2.3.2 Describing Schedules

It is possible to see the list of the schedules executed for your project. To get such list, use the or2-

describe-schedules (or2dscg) CLI Command with the following parameters:

or2dsch -p project -r region

2.3.3 Deleting Schedules

To remove a schedule that is no more needed, use the or2-delete-schedule (or2delsch) CLI Command

with the following parameters:

or2delsch -p project -r region -n schedule_name

2.3.4 Cron Reference

Below is an extract of cron rules, taken the quartz-scheduler.org. For additional information, please see the

source page.

http://quartz-scheduler.org/


EPAM PUBLIC 25

Cron expressions are comprised of 6 required fields and one optional field separated by white space. The

fields respectively are described as follows:

Field Name Allowed Values Allowed Special Characters

Seconds 0-59 , - * /

Minutes 0-59 , - * /

Hours 0-23 , - * /

Day-of-Month 1-31 , - * ? / L W

Month 1-12 or JAN-DEC , - * /

Day-of-Week 1-7 or SUN-SAT , - * ? / L #

Year (optional) empty, 1970-2199 , - * /

• The '*' character is used to specify all values. For example, "*" in the minute field means "every

minute".

• The '?' character is allowed for the day-of-month and day-of-week fields. It is used to specify 'no

specific value'. This is useful when you need to specify something in one of the two fields, but not

the other.

• The '-' character is used to specify ranges. For example, "10-12" in the hour field means "the hours

10, 11 and 12".

• The ',' character is used to specify additional values. For example "MON,WED,FRI" in the day-of-

week field means "the days Monday, Wednesday, and Friday".

• The '/' character is used to specify increments. For example, "0/15" in the seconds field means "the

seconds 0, 15, 30, and 45". And "5/15" in the seconds field means "the seconds 5, 20, 35, and 50".

Specifying '*' before the '/' is equivalent to specifying 0 is the value to start with. The '/' character

simply helps you turn on every "nth" value in the given set. Thus '7/6' in the month field only turns

on month '7', it does NOT mean every 6th month, please note that subtlety.

• The 'L' character is allowed for the day-of-month and day-of-week fields. This character is short-

hand for "last", but it has different meaning in each of the two fields. For example, the value "L" in

the day-of-month field means "the last day of the month" – day 31 for January, day 28 for February

on non-leap years. If used in the day-of-week field by itself, it simply means "7" or "SAT". But if

used in the day-of-week field after another value, it means "the last xxx day of the month" – for

example "6L" means "the last Friday of the month". You can also specify an offset from the last day

of the month, such as "L-3" which would mean the third-to-last day of the calendar month. When

using the 'L' option, it is important not to specify lists, or ranges of values, as you will get

confusing/unexpected results.

• The 'W' character is allowed for the day-of-month field. This character is used to specify the

weekday (Monday-Friday) nearest the given day. As an example, if you were to specify "15W" as

the value for the day-of-month field, the meaning is: "the nearest weekday to the 15th of the month".

So if the 15th is a Saturday, the trigger will fire on Friday the 14th.


EPAM PUBLIC 26

• The 'L' and 'W' characters can also be combined for the day-of-month expression to yield 'LW',

which translates to "last weekday of the month".

• The '#' character is allowed for the day-of-week field. This character is used to specify "the nth"

XXX day of the month. For example, the value of "6#3" in the day-of-week field means the third

Friday of the month (day 6 = Friday and "#3" = the 3rd one in the month).

The legal characters and the names of months and days of the week are not case sensitive.

2.3.5 Pricing

The Scheduling service is provided free of charge and is intended to help you optimize your infrastructure

utilization and minimize the costs through switching the VMs to passive state when they are not needed.


EPAM PUBLIC 27

2.4 STATIC IP PROVISIONING

EPAM Orchestrator allows setting static IPs for specific VMs to customize your infrastructure according

project needs.

The process consists of two common steps:

• Allocate a static IP for the specific project in the given region.

• Assign the specified static IP to the given VM.

Please note that the commands related to Static IPs manipulation have different effect for AWS and EPAM-

based infrastructure. In AWS, they deal with public IPs, and the manipulations do not need the VM to have

any specific state. In EPAM Cloud, these commands deal with private IPs, and you will have to stop your

VM before initiating any IP changes.

The service is not available in OpenStack regions.

The general flow for getting a static IP for your VM is quite simple: first, you allocate a static IP to your

project, and then you associate one of the allocated and free Static IPs with the VMs on this project:

Static IP 1

Static IP 2

Static IP 2

Project

VM2

VM3

VM1

Allocate Associate

Figure 8 - Static IPs manipulation scheme

When needed, you can disassociate the static IP from the VM and release it from the project.

Below, you can find the usage examples of static IP - related commands:

• Allocates a random static IP for a project:

or2alsip -p project -r region

• Assigns a static IP to a VM:

or2assip -p project -r region -i instance -a address

• Describes static IPs available for the project:

or2dsip -p project -r region

• Disassociates a static IP from a VM:

or2dissip -p project -r region -a address

• Removes the specified IP from the project pool:

or2relsip -p project -r region -a address


EPAM PUBLIC 28

3 PLATFORM SERVICES

EPAM Cloud platform services are software solutions that allow you to install and manipulate a component,

necessary for your project, with a simple set of Maestro CLI commands. This functionality is meant to

simplify your work with Orchestrator and give you the additional infrastructure monitoring and management

tools.

Below, you can see the list of the common commands used for services manipulation, and examples of

their usage:

• Starting a service: Most services are started with the or2-manage-service command with the

corresponding --service-name flag that identifies which service is to be started:

or2-manage-service -p project -r region -s service --activate

• Retrieving information on active services: The or2-describe-services command describes the

services activated for the given project in the given region:

or2-describe-services -p project -r region

• Getting information on a specific service: The corresponding or2-describe-[service] commands

can provide you with the necessary details on the instances involved into the service. For example,

the following command will return information about the Log Aggregation service:

or2-describe-logging -p project -r region

• Getting information on service-related instances: To see the list of all the instances involved into

a specific service, or into all services, you can use the or2din command with -S/--service parameter

followed by a service name or ‘any’ keyword (to get instances engaged in all services)

or2-describe-instances -p project -r region -S any

• Monitoring service performance: You can monitor the state and the performance of each service

using the or2-audit command with --group PROJECT flag. This command returns the list of the

service events that take place in the specified project during the current day.

or2-audit -p project -r region --group PROJECT

It is impossible to start services in a project/region, if its Chef mode is set to USER.

You can find the mapping table of the required images for EO PaaS services in Annex A.


EPAM PUBLIC 29

3.1 MANAGE SERVICES WIZARD

The most important and frequently used services can be managed via the Manage Services Wizard. The

Manage Services Wizard can be found on the Cloud Management Console page and allows configuring

the Auto Configuration Service, Cloud Monitoring Service, Load Balancer Service and Log Aggregation

Service, and reviewing the services that are currently active on your project.

Figure 9 – Manage Services Wizard

The wizard starts with the selection of service you need to manage, the project and region in which the

service is to be managed. The next windows depend on the selected service and its current status. For

example, if the service has not been activated, the next window will contain the ‘Activate service’ option. If

the service has been activated, the next window will have the ‘Deactivate service’ option while ‘Activate

service’ will be hidden.

Figure 10 – 'Select action' options

The wizard allows activating or deactivating the selected service, describing the service and adding

instances to the service. When the action has been successfully completed, the wizard displays the

‘Results’ window confirming the action success and containing the CLI command which can be used to

perform a similar action.

https://cloud.epam.com/maestro2/ui/home


EPAM PUBLIC 30

Figure 11 – ‘Results’ window

To review the services that are currently active on your project, select the” Browse activated services”

button on the Step 1 of the wizard. The “Show details” button on the Step 2 helps to receive the more

detailed information about the service VM.

Figure 12 - Detailed information about services

For more details on the Manage Services Wizard use, please visit the Manage Services Wizard page on

the EPAM Cloud website.

https://cloud.epam.com/site/competency_center/tools_and_capabilities/manage_services_wizard


EPAM PUBLIC 31

3.2 AUTO CONFIGURATION SERVICE (ACS)

Auto configuration service allows Cloud users running instances with pre-installed sets of software,

effectively eliminating the need to install and configure software manually.

EPAM Cloud uses Opscode Chef tool for configuration purposes. The tool uses Ruby system configuration

scripts, or recipes to automatically setup instances and is uses a client –server architecture.

The recipes are applied through roles that are assigned as instance properties with or2-set-instance-

properties (or2setp) command.

Auto Configuration Service is activated by default as soon as the project gets activated in Cloud.

However, you can change the Chef Server used at your project by switching the Chef mode. To do it, you

need to activate the Chef Server Service that is based on EPAM Private Cloud auto-configuration service,

and can be deployed in few Maestro CLI commands.


Command Description or2-set-instance-properties (or2setp) Used with -c/--chefattribute and -h/--chefrole

parameter, sets the desired chef attribute to be

used and the role to be set to the instance

or2-manage-service …. -s chef -a Starts the service in the specified project and

region

or2-chef-mode (or2cm) Sets one of the existing chef modes to the project

or2-describe-chef (or2dchef) Describes the project Chef Server mode

3.2.1 Auto Configuration Procedure

The whole procedure is as follows:

1. As we run an instance, our start up scripts download and install Chef Client automatically. Currently

Chef Client v.12.0.0 is supported by default (Chef 11 is available in EPC mode by request).

2. The same scripts connect to a dedicated configuration server and retrieve the Chef server address.

3. Another script retrieves properties assigned to the server from Orchestrator. The most important

property is 'ep_chefrole', however the rest of them can also contain important data.

4. All properties are stored by the chef client.

5. Chef client downloads necessary recipes from the Chef server, in accordance with the 'ep_chefrole'

property.

Using parameters from other properties, the recipes download and configure required software.

3.2.2 Disabling Auto Configuration for Specific OS

EPAM orchestrator allows to disable auto configuration for VMs with specific OS types, rather than for the

whole project.


EPAM PUBLIC 32

This is done by adding the --customize parameter to the or2-manage-service (or2ms) command with the

--activate flag:

or2ms -a -s chef -p project -r region --customize

When run, the command will prompt you for the ACS disable mode. As a response, specify the OS family

for which the auto configuration should be disabled (ALL, WINDOWS, LINUX):

Figure 13 - Disabling auto configuration for a specific OS

The information on the auto configuration disabling on the project can be found in the or2-describe-chef

(or2dchef) command:

Figure 14 - Reviewing information on the current status of the ACS

To enable auto configuration back, run the same or2ms command with the --customize parameter, and

select the NONE mode.

The new auto configuration disabling mode is applied only to the virtual instances that are launched after

the mode is changed. The virtual instances created earlier, will stick to the mode in which they were created.

3.2.3 Assigning Chef Roles

In order to set a role or several roles for an instance, assign a 'ep_chefrole' property to it. This is done by

means of the 'or2setp' command. The same command is used to change attributes for a recipe by means

of 'ep_chefattributes' property. Please, see example below:

or2-set-instance-properties -i XXXX -t "ep_chefrole=role1,role2" -t

"ep_chefattributes=attribute1=value1,recipename1.attribute1=value2"

Where:

• -i XXXX – Instance ID (XXXX here)

• -t ep_chefrole=role1,role2 – roles being assigned to the instance (role1 and role 2 here)

• -t ep_chefattributes=attribute1=value1 – assigning value 1 for attribute 1

The full list of available Chef recipes is given on this page. Chef recipes are currently under heavy

development by EPAM Cloud Infrastructure Team. This list will be updated regularly.

3.2.4 Manipulating Chef Server

The following ACS modes are available in EPAM Orchestrator:

https://kb.epam.com/display/EPMCITFAQ/Roles


EPAM PUBLIC 33

• Default mode (-m default) – the default mode for all projects in the EPAM Private Cloud. In this

case, a common Chef server is used for all production environment machines.

• EPC mode (-m epc) – use project-specific Chef server, created by EPAM Orchestrator for the

specified project.

• User mode (-m user) – use project-specific Chef server, created and properly configured by the

user. When switching to this mode, the user should provide Chef server instance ID (or instance

IP) and manually upload validation.pem file to the Orchestrator’s file storage. The user should also

provide the path to validation.pem file during the command invocation.

While working in the EPC mode, please consider specific details below:

• Chef 12 has improved security approaches, and using SSL encryption is obligatory.

• Chef 12 run on Azure needs the port 443 to be open on your project subscription.

• The 0.0.0.0/0 range should be prohibited.

• Chef 12 is available in all regions (including AWS, Azure, and GCP), except ESX-based ones.

• In case 25 and more clients are connected to Chef 12-based server, Chef UI becomes paid.

• You can request an EPC Chef server based on Chef 11, by adding the --version 11 parameter to the

or2cm command

Chef modes are managed with the or2-chef-mode (or2cm) command. To set up a non-default Chef server,

you should start the Chef Server Service by running the or2cm command setting the Chef mode to EPC:

or2-chef-mode -p project -r region –m epc -y

This command starts a virtual machine to act as your project Chef server. All instances started under your

project after the Chef mode switch, will be registered by the project server. To change the Chef version

(e.g. from 11 to 12) when the EPC mode is already used for the project, you have to return to the default

mode and then re-activate the EPC one specifying the necessary version.

To disable auto-configuration for your project, use the or2-manage-service (or2ms) command with the --

deactivate option:

or2-manage-service -p project -r region –s chef --deactivate

Note that the command disabling auto-configuration will not terminate the project Chef server, if existing,

neither remove any resources created during the service performance.

To revert to the default Chef server, use the or2-chef-mode (or2cm) command to set the Chef mode to

default. This command will automatically terminate the project Chef server.

It is impossible to start services in a project/region, if its Chef mode is set to USER.

Chef mode change can take about 30 minutes. During this period, the Chef service is in the ‘unavailable’

state.

To get the current Chef mode, Chef Server DNS and Chef Server state, you can use the or2-describe-

chef (or2dchef) command:

or2-describe-chef -p project -r region


EPAM PUBLIC 34

3.2.5 Collecting Info on Chef Clients

The or2-validate-chef (or2vchef) command of the new Maestro CLI allows the user to control and monitor

the work of the service indicating any errors occurred.

The command should be run in Maestro CLI on the target VM and does not need any parameters:

or2-validate-chef

The command output includes the following information:

Figure 15 - The or2-validate-chef command output

Please see the Maestro CLI Quick Start Guide for more information about Maestro CLI installation.

3.2.6 Shared Chef Server

You can share an existing EPC Chef server among several regions, projects and Cloud Platforms. To

connect another region or project to an existing EPC Chef server, you will have to add its Service ID to the

or2-manage-services command run for the project/region you want to add:

or2cm –p <project> -r <region> -m epc -S <serviceid>

The typical scenarios for the shared Chef Server usage are given below:

1. Sharing an existing chef server between regions within one project. It allows to use same

settings and unify your approaches. This is a convenient way in case you need to use same

settings throughout your project and need to unify your approaches.

2. Sharing an existing chef server between different projects that are used for the same

product/customer, to use similar Chef configuration in all of them.

https://cloud.epam.com/site/learn/quick_start/csug_01_quick_start.pdf


EPAM PUBLIC 35

To establish a cross-project connection, you should have permissions to run the or2-change-mode

(or2cm) command in the project which you will connect to the Chef server. In case you are not assigned

to the project hosting the existing chef server, the Project Coordinator should provide you with the server

service ID.

When setting up a cross-platform connection, please consider the specifics described below.

• General rules.

o Chef clients hosted in external clouds (AWS, Azure, Google), cannot reach a Chef Server

hosted in EPAM Cloud.

o Chef clients hosted in EPAM Cloud, can reach a Chef server, hosted in external clouds.

o For cross-platform Chef in external clouds, the host provider for the Chef Server does not

matter.

o In external providers, port 443 should be open on both Chef Server and Chef clients.

o If you use a Chef Server with clients on public providers, to allow the Client to connect to

the Server, after the port 443 is open, please run the following command:

knife ssl fetch -c /etc/chef/client.rb

This command will add the self-signed certificate of the Chef Server to the client’s trusted

storage.

• Google Cloud Platform Specifics

o As Chef 12 requires using SSL for ensuring better security, it is recommended to use a

public project FQDN and a valid SSL certificate.

o Google Cloud Platform does not allow to use self-signed certificates with Google FQDN.

Thus, in case the previous recommendation is not fulfilled, a special workaround is used

to allow proper usage of Chef.

On instance creation, a temporary self-signed certificate based on its public IP is created.

Please note that the IP will be changed after the first stop/reboot. Thus, please, take the

appropriate measures to complete your project infrastructure configuration (The

recommended solution is using a static IP).

• Microsoft Azure Specifics

o Unlike in AWS, the public DNS in Azure cannot be resolved in a private Azure network.

Thus, the same approach as with GCP is used – we create a self-signed certificate based


EPAM PUBLIC 36

on the instance public IP. The appropriate measures to complete the configuration are

needed after the instance start.

3.2.7 Web UI

It is possible to connect to Chef Server, created for EPC and USER modes, via HTTP connection and to

get the detailed information about the server.

The UI for the Default Chef server is not accessible.

To get the URL to be used for connection, use the or2-describe-chef command. Use the server DNS name

to connect.

To login to an EPC Chef Server, use the following login and password:

Login: user

Password: chef-server

For initial login to a User Chef Server, use the login and password provided in the left corner of the login

page. It is highly advisable that you change these default credentials to custom ones.

When you successfully login, you will get access to Chef Server information:

Figure 16 - Chef UI

3.2.8 Pricing

The service usage influences the project cost in case the Chef mode is switched to EPC. In this case, a

special VM for project Chef Server is created. This VM has the following parameters:

• Shape: MEDIUM


EPAM PUBLIC 37

• Image: Ubuntu16.04_64-bit/Ubuntu14.04_64-bit

It is billed just as any other VM of such type. Therefore, the approximate monthly cost of such server in

case of 100% and 24/7 load is about $42.2 in EPAM-BY2 region (as to 05/12/2017). The price can vary

depending on the region.

To get more detailed estimations, please, use our Cost Estimator tool.

When the Chef mode is switched from EPC to any other, the VM launched for EPC mode is stopped, and

is not billed any more.



EPAM PUBLIC 38

3.3 CLOUD MONITORING SERVICES (CMS)

EPAM Orchestrator provides the users with a set of monitoring tools that allow to get information on different

aspects of the service performance:

• Default EPAM monitoring based on Gnocchi/collectd

• Telemetry as a Service, based on Gnocchi/collectd

• Zabbix monitoring service.

The default Gnocchi/collectd-based EPAM monitoring service collects instance performance information

for resources hosted in OpenStack regions. The monitoring is performed on hardware level, so

some inaccuracies in metrics for specific instances can occur. This service is also provided for free and

does not need activation. More details can be found in the respective section.

Telemetry as a service is activated by users and uses Gnocchi/collectd to gather instances statistics. Unlike

the default EPAM telemetry, it needs its own server and collects data directly from VMs. The service is

described in details in this section.

Zabbix monitoring service allows the user to get Zabbix statistics on their infrastructure. The service needs

to be activated by the user. Currently, Zabbix version 3.2.1 is supported. Please see more information in

the Zabbix as a service section.

3.3.1 Default EPAM Monitoring

EPAM Orchestrator supports the default Collectd/Gnocchi-based monitoring for OpenStack regions. The

service is available for any VM as soon as it gets started. The statistics is gathered on the hardware side,

so this data is less precise than that collected from VMs directly. The following metrics are covered:

Metrics Comment

CPU Utilization CPU Utilization statistics

Disk r/w bytes Disk load in bytes. The value can include up to 10% deviation.

Disk r/w operations Disk load in operations. The value can include up to 10% deviation.

Memory used The metrics is not supported for Windows-based instances. For Ubuntu instances, the metrics combines used memory with RAM cash and the buffered memory.

Network in/out bytes Network traffic in bytes

Network in/out packages

Network traffic in packages

The metrics are available on the Monitoring page:

https://cloud.epam.com/maestro2/ui/monitoring


EPAM PUBLIC 39

Figure 17 - OpenStack Metrics on UI

Although being based on the same tools, the default EPAM Telemetry monitoring and Telemetry as a

Service monitoring have a number of differences, which one should take into account when deciding on

the approach to be used:

Parameter Default Telemetry Telemetry as a Service

Covered regions Private OpenStack All private

Covered operation systems All Ubuntu 14, Ubuntu 16, CentOs7

Data update frequency Each 5 minutes Each 10 seconds

Data accuracy Less precise More precise

Pricing Free Paid

3.3.2 Telemetry as a Service (TMS)

Telemetry as a Service allows collecting and storing your infrastructure metrics - CPU utilization, disk

Read/Write operations and network traffic. The service is based on Gnocchi, a metrics database platform,

and collectd, a service collecting the instance metrics and sending them to Gnocchi.

Currently, Telemetry as a Service allows gathering and storing metrics from the following images:

• Ubuntu 14.04-64_bit

• Ubuntu 16.04_64-bit (except EPAM-BY2 and EPAM-US1)

• CentOS 7

Support of other images will be implemented later.

At the moment, Telemetry as a Service is supported only in EPAM regions.

For more details on the components used in the service deployment, visit the official websites of Gnocchi

and collectd.

Gnocchi version 4.0 and collectd version 5.7 are supported.


http://gnocchi.xyz/

https://collectd.org/index.shtml


EPAM PUBLIC 40

Command Description

or2-manage-service …. -s telemetry -a Starts the service in the specified project and region

or2-start-telemetry (or2starttel) Includes an instance into monitoring

or2-describe-telemetry-agents (or2dtelag)

Retrieves the resources monitored by the Telemetry service

or2-get-telemetry (or2tel) Retrieves the metrics of the selected resources according to the specified parameters

or2-stop-telemetry (or2stoptel) Removes an instance from monitoring

3.3.2.1 Service Activation

To start the Telemetry service, run or2-manage-service (or2ms) command with the following parameters:

or2-manage-service -p project -r region -s telemetry --activate

The command will launch a MEDIUM Ubuntu16.04 64-bit instance with Gnocchi and PostgreSQL as well

as with a Gnocchi client (the Gnocchi shell utility allowing server manipulations via the command line).

To deactivate the service, use the same command with the -d/--deactivate flag.

3.3.2.2 Service Manipulations

After the Telemetry server has been deployed, you need to add instances to it. The instances added to

the monitoring will send their metrics to be stored in the Telemetry server database:

or2-start-telemetry -p project -r region -i instanceID

This command will invoke Chef auto-configuration and assign a special Chef role to the selected

instance. As the result, collectd client will be installed on the instance together with a Gnocchi plugin to

enable proper integration. After successful configuration, the instance will send its metrics to the Gnocchi

server.

The gathered metrics will be available on the Maestro CLI console. To retrieve the data for a certain

instance, you need to use its original resource ID (the instance reference generated by the Gnocchi

client) and its telemetry resource ID (the instance reference generated by the Gnocchi server). To find

these IDs, use the or2-describe-telemetry-agents (or2dtelag) command stating your project and

region:

or2-describe-telemetry-agents -p project -r region

In addition to the resource IDs, the command returns the date and time of instance inclusion into

Telemetry monitoring, as well as the state each agent:


EPAM PUBLIC 41

Figure 18 - List of Telemetry agents

The “state” column take the following values:

• RUNNING – the instance with the telemetry agent is in the RUNNING state

• STOPPED – the instance with the telemetry agent is in the STOPPED state

• SOURCE_UNAVAILABLE – the instance with the telemetry agent was terminated. Please

note, that in this case, the information that was gathered before instance termination, remains

on the server.

If you specify the original resource ID in the or2dtelag command, the command will also return the list

of metrics available for that agent:

or2-describe-telemetry-agents -p project -r region –o

original_resource_ID

Figure 19 - Telemetry agent with available metrics

Now you can request the instance metrics using the or2-get-telemetry (or2tel) command. The request

must always specify the metrics name (the available metrics can be found in the response to the or2dtelag

command). Additionally, the metrics to be returned can be filtered by granularity (metrics by minutes, hours

and days can be selected) or aggregation method (average, min, max, sum, count, standard). Also, you

can set the date range for which you would like to retrieve the instance metrics. The command retrieving

the metrics has the following format:

or2-get-telemetry -p project -r region –o telemetry_agent_id –m

metric_name –g granularity –a aggregation –f from –t to –c

records_count

If you are using the --from and --to parameters, make sure you enter the local time values. If you use GMT

values, the returned data will be inaccurate.


EPAM PUBLIC 42

Figure 20 - Instance metrics

Note that Telemetry as a Service returns metrics data in unnormalized form.

To stop monitoring of an instance, use the or2-stop-telemetry (or2stoptel) command:

or2-stop-telemetry -p project -r region –i instance_id

When an instance is removed from telemetry monitoring, no further data is collected from it. However, the

previously collected data will remain in the database and will be returned for the requests containing

references to the removed instance and the corresponding time period.

3.3.2.3 Web UI

The service Web UI is based on Grafana, an open-source platform for graphic data monitoring and analytics

over time. Data from Gnocchi is automatically transferred to Grafana and can be viewed on dynamic charts.

Grafana is installed on the same server which hosts Gnocchi during the activation of the Telemetry service.

Use of Grafana involves no additional virtual resources, thus having no influence on the service cost.

When Telemetry as a Service is activated, its information returned in response to the or2-describe-

services (or2dser) command contains the Web UI URL, login and password needed to access Grafana

and view the instance metrics collected by Gnocchi.

Figure 21 - Grafana Web UI URL and credentials

When you log in to Grafana using the data from the or2dser command response, select New dashboard

and configure it to display data received from Gnocchi by setting the Panel Data Source field to

gnocchi_database. The list of all connected resources can be found under Resource ID and the metrics

to be displayed on the chart – under Metric name. Each new query generates a line on the chart.

https://grafana.com/


EPAM PUBLIC 43

Figure 22 - Metric name

3.3.2.4 Pricing

The service usage price is defined by the price of the Telemetry Server VM.

The default parameters of a Telemetry Server VM are:

• Shape: MEDIUM

• Image: Ubuntu16.04_64-bit

Therefore, the approximate monthly cost of a Zabbix Server usage in case of 100% and 24/7 load is about

$42.2 in EPAM-BY2 region (as 0f 05/12/2017). The price can vary depending on the region.

To get more detailed estimations, use our Cost Estimator tool.

3.3.3 Zabbix as a Service


Command Description

or2-manage-service …. -s monitoring -a Starts the service in the specified project and region

or2-start-monitoring (or2mon) Adds an instance to the monitoring list



EPAM PUBLIC 44

or2-describe-monitoring (or2dmon) Retrieves information about the instances monitored by Zabbix server, Zabbix monitoring templates and Zabbix agent availability

or2-stop-monitoring (or2stopmon) Removes an instance from the monitoring list


To start Zabbix monitoring service, run or2-manage-service (or2ms) command with the following

parameters:

or2-manage-service -p project -r region -s monitoring --activate

Each project can have only one Zabbix server activated for it. If the server is already activated, you will get

the respective error message.

If there is no Zabbix server activated for your project, a special stack will be run to launch a VM with all the

corresponding Zabbix Server settings. The command response will give the ID of the executed stack.


• To start monitoring an instance, run:

or2-start-monitoring -p project -r region -i instanceID

For the correct Zabbix Monitoring service performance, it is recommended to add the custom image

based instances to the monitoring list only after they come to the running state. Otherwise, the

custom image can be indicated incorrectly and will be monitored as a Linux image (regardless of

its real type).

• To retrieve the information about the instances monitored by Zabbix server, Zabbix monitoring

templates and Zabbix agent availability, run:

or2-describe-monitoring -p project -r region

• To remove the instance from the Monitoring list, use:

or2-stop-monitoring -p project -r region -i instanceID

• To stop the Zabbix Monitoring Service and remove the Server VM, run the following command:

or2-manage-service -p project -r region -s monitoring --deactivate

3.3.3.3 Viewing the Results

When the Monitoring Service is set up, you can see the details about the server performance on the UI

Monitoring page.




EPAM PUBLIC 45

Figure 23 - Zabbix Statistics

3.3.3.4 Web UI

It is possible to connect to Zabbix server via HTTP connection and to get the detailed information about the

server. To get the URL to be used for connection, use the or2-describe-services --full command that

returns the list of the services activated for the project, their IP and DNS names and the web UI URL

addresses. Copy the webUiUrl value and paste it to the address line of your browser.

To login, use the following credentials:

Login: user

Password: zabbix

After the successful authorization, you will get access to Zabbix Server data:

Figure 24 - Zabbix UI


EPAM PUBLIC 46

Please remember that Zabbix statistics for an instance is shown only after the or2-start-monitoring

command adds this instance to the monitoring list.

3.3.3.5 Pricing

The service usage price is defined by the price of the Zabbix Server VM.

The default parameters of a Zabbix Server VM are:

• Shape: MEDIUM


Therefore, the approximate monthly cost of a Zabbix Server usage in case of 100% and 24/7 load is about

$42.2 in EPAM-BY2 region (as to 05/12/2017). The price can vary depending on the region.




EPAM PUBLIC 47

3.4 LOG AGGREGATION SERVICE (LAS)

EPAM Cloud Orchestrator provides the users with a GrayLog-based Log Aggregator Service that collects

the logs from the specified instances and gives an easy and visual access to them via a web-interface.


Command Description

or2-manage-service …. -s log -a Starts the service in the specified project and region

or2-start-logging (or2log) Start collecting logs from the specified instance

or2-describe-logging (or2dlog) Describes the project Log Aggregation server

or2-stop-logging (or2stoplog) Stops collecting logs from the specified instance

3.4.1 Service Activation

To start the service, use the or2-manage-service command with the following parameters:

or2-manage-service -p project -r region -s log --activate

During the service activation, a VM with is started and a GrayLog server is configured on it. The server

setup is a complicated process and can take up to an hour. If the project already has a GrayLog Server,

you will get the respective error message.

The GrayLog-based Log Aggregator Service is not available for Microsoft Azure.

3.4.2 Service Manipulations

EPAM Orchestrator supports the following commands for Log service manipulations:

• To add an instance to the logging list, and start collecting logs from these instances, run:

or2-start-logging -p project -r region -i instanceID

Please note: the service cannot collect data from the server where it is hosted, in EPAM-BY2.

EPAM-IN1, EPAM-US2, and AWS regions, until the server is rebooted.

• To get the list of the logged instances and the DNS name of the GrayLog Server, use:

or2-describe-logging -p project -r region

• To remove the instance from the Logging Service list, use:

or2-stop-logging -p project -r region -i instanceID

The server stops collecting the instance log data, but all the logs, previously aggregated, are kept.

• To stop the log aggregation service and remove the GrayLog Server VM, run the following

command:

or2-manage-service -p project -r region -s log --deactivate


EPAM PUBLIC 48

3.4.3 Web UI and Viewing Logs

You can view the collected logs by connecting to the Log Server via HTTP. The typical address template

for connecting to Log Server is:

http://<LogServerDNS>

You can see the Log Server instance DNS in the response of the or2-describe-logging command, as well

as of the or2-describe-services command.

The login and password that are to be used during the login to the server are returned at

or2-describe-services command call:

Figure 25 - Log service user/password details

When you log in, you will get to GrayLog Web Interface that provides you with the full access to the gathered

data:

Figure 26 - GrayLog UI

3.4.4 Pricing

The service usage price is defined by the price of the GrayLog Server VM.

The default parameters of a GrayLog Server VM are:

• Shape: MEDIUM


Therefore, the approximate monthly cost of a GrayLog Server usage in case of 100% and 24/7 load is

about $42.2 in EPAM-BY2 region (as of 05/12/2017). The price can vary depending on the region.

To get more detailed estimations, use our Cost Estimator tool.



EPAM PUBLIC 49

3.5 LOAD BALANCER SERVICE (LBS)

EPAM Cloud Orchestrator provides the users with a Nginx-based Load Balancing Service that allows the

user to arrange load balancing with a set of CLI commands.


Command Description

or2-manage-service …. -s load-balancer -a Starts the service in the specified project and region

or2-load-balancer-config (or2lbconf) Configures load balancing

or2-describe-load-balancing (or2dlb) Returns the list of the hosts manipulated by the Load Balancer and the information on their availability

The service is not supported in Google Cloud regions.


To start the Load Balancer Service, use the or2-manage-service command with the following parameters:

or2-manage-service -p project -r region -s load-balancer --activate

Only one Load Balancer can be created for a project. If your project already has a Load Balancer, the

command will return a corresponding error message.

To stop the Load Balancer Service and to remove the Load Balancer Server, perform the following

command:

or2-manage-service -p project -r region -s load-balancer --deactivate

This command does not remove any resources created during the service performance.

3.5.2 Configuring the Load Balancer

All the Load Balancer configuration actions are performed with or2-load-balancer-config (or2lbconf)

command. The command deals with four configuration areas, each having its own set of properties or

properties behavior:

• Balancing – this area deals with Load Balancer Server, balancing members, the details on the

balancer connections.

• Limits – this area deals with the user connections and requests limits

• Bans – this area allows to ban specific URLs or user IPs

• Cache – this area allows to set up Load Balancer caching

When used with --project and --region parameters only, the command displays the list of the configuration

settings applied to the Load Balancer.


EPAM PUBLIC 50

CLI Parameters

Parameter Name Description

General -p, --project Project ID

-r, --region Virtualization region

-P, --plain-output Use plain output view

--full Show full command output

--help Display command help

Balancing -b, --balancing Specifies the configuration area as "balancing"

--balancerName FQDN for the Load Balancer

-i, --instance The ID of the instance to be added or removed from the balancing members list

--port The port to route to. Default: 80

--permanent Enable/Disable "keep alive" feature: Nginx will open the specified number of connections with each host [0?]. Default 0.

--iphash Enable/disable "sticky session" [on/off] Default: on

-d, --remove Remove a host from the balancing members list

-d, --removeAll Remove all hosts from the balancing members list

Limits -l, --limit Specifies the configuration area as "limit"

--connections Specifies that the number of allowed simultaneous user connections should be set

--requests Specifies that the limit of requests per second should be set

--perIp Sets the connections or requests limit for a given IP (set 0 to remove the limit)

--total Sets the connections or requests limit for the whole balancer

Bans --ban Specifies the configuration area to "ban"

--ip Adds IP address to the ban list. Format: xxx.xxx.xxx.xxx

--url Sets the URL to return failure status code

--status Set status code for URL to return (Default: 403 Forbidden)

-d, --remove Removes ban from IP or URL

-d, --removeAll Removes all bans


EPAM PUBLIC 51

Cache --cache Specifies the configuration area to "cache"

--url Sets the URL to cache

--extension Sets the extensions of files to be cached

--expiration Sets the cache expiration time (in minutes)

-d, --remove Removes caching files or URLs

-d, --removeAll Disables caching

To get the list of the hosts manipulated by the Load Balancer and see their availability, use the or2-

describe-load-balancing (or2dlb) command:

or2-describe-load-balancing -p project -r region

Below, you can see some examples of Load Balancer configuration commands:

• Add an instance to the balancing group:

or2lbconf --balancing --instance instance1

• Change the port of instance1 to 2752:

or2lbconf --balancing --instance instance1 --port 2752

• Set maximum connections from a unique IP to 10 and the overall maximum connections to balancer

– to 50:

or2lbconf --balancing --instance instance1

• Set /maestro/ to return 404 Not found:

or2lbconf --ban --url /maestro/ --status 404

• Enable caching on /images/ with 10-minute expiration:

or2lbconf --cache --url /images/ --expiration 10

3.5.3 Web UI

Load Balancer service does not have any web UI. All the manipulations are to be performed via CLI.

3.5.4 Pricing

The service usage price is defined by the price of the Load Balancer Server VM.

The default parameters of a Load Balancer Server VM are:

• Shape: MEDIUM


Therefore, the approximate monthly cost of a Load Balancer Server usage in case of 100% and 24/7 load

is about $42.2 in EPAM-BY2 region (as to 05/12/2017). The price can vary depending on the region.




EPAM PUBLIC 52

3.6 FTP TO AWS S3 SERVICE (FTP2S3)

FTP to AWS S3 is the first step of the new data management service implementation, currently it is

represented as FTP access to AWS S3.

AWS Simple Storage Service (S3) is a service that allows you to store any amounts of your data in Cloud,

and share it with your colleagues. By default, storage management is performed via AWS Management

Console and AWS CLI.

Establishing FTP access to AWS S3 storage allows to bring data management to a more common format.

In addition, people who have access to S3 via FTP, do not need to have AWS credentials to work with the

storage, which increases the project security.

The service is available in AWS regions only.

3.6.1 Pre-Requisites and Limitations

The service can be described as a medium between users and AWS S3. That’s why, there are several pre-

requisites to be met for the successful service usage.

• The project should be activated in AWS and have S3 service in use.

• All bucket management operations – creating buckets, removing and renaming them – should be

performed by native AWS tools (Management Console and CLI).

• The user who will use the FTP access has to have the %maestro_cli%lib/default.cr file, created

by their or2access command call.


To activate FTP2S3, use the or2-manage-service (or2ms) command with the -a/--activate flag and the -

s/--service-name parameter with backup value. The -k key_name parameter is also necessary, as for

any instance in AWS:

or2ms –p project -r aws-region -a –s backup –k key_name

During the service activation, a VM of the following configuration is starts:

• Shape: SMALL


It is recommended to start the service in the region, in which the project’s S3 buckets are stored.

To deactivate the service, run the same command with the -d/--deactivate flag:

or2ms –p project -r aws-region -d –s backup


EPAM PUBLIC 53

3.6.3 S3 Bucket Management

By default, the service does not provide access to any S3 buckets. They need to be registered, or mounted,

on the FTP server. If necessary, the bucket can be deactivated on the server, so that FTP access to it gets

restricted. These manipulations are performed with the or2-manage-ftp (or2ftp) command.

The command references bucket names that must correspond to the AWS naming standards and be the

same as the name specified for the target AWS S3 bucket:

Figure 27 - Bucket Name in AWS Management Console

• To register a new S3 bucket, run the command with the -a mount action. The bucket name must

correspond to the AWS naming standards and be the same as the name specified for the target

AWS S3 bucket:

or2ftp –p project –r aws_region -a mount -b demo-ftp-to-s3-

bucket

To add several buckets, call the command for several times.

• To view the list of the buckets registered on the FTP server, run the command with the -a list

action:

or2ftp –p project –r aws_region -a list

• To restrict FTP access to an S3 bucket, use the -a unmount parameter:

or2ftp –p project –r aws_region -a unmount -b demo-ftp-to-s3-

bucket

Please note that this action does not block or restrict the bucket itself. It will still be available by

native AWS tools.

3.6.4 User Access Management

By default, users cannot access the FTP server. For each user, the access should be granted explicitly.

User access management is performed by means of the or2-ftp-access (or2ftpa) command:

• To grant access to a user, run the command with the -a grant action:

or2ftpa –p project –r aws_region -a grant -e [email protected]

• To see the list of the users to whom access is granted, run the command with the -a list action:


EPAM PUBLIC 54

or2ftpa –p project –r aws_region -a list

• To prohibit access to project S3 via FTP for a user to whom the access was granted, use the

-a revoke action:

or2ftpa –p project –r aws_region -a revoke -e [email protected]

The users who have access to FTP can read, upload, and delete from the buckets.

3.6.5 Accessing the FTP Server

The users can access the FTP server by any FTP client, convenient for them. The following login details

should be specified:

Parameter Value

Connection DNS or Public IP

User Name <epam_user>@epam.com

Password Token generated by Orchestrator at or2access command run and stored in the default.cr file.

Port (default) 2121

You can find the server DNS and Port in the webUiURL column of the or2-describe-services (or2dser)

command response:

Figure 28 - FTP Server Address and Port

When connected, the user can start working with the S3 storage. The buckets will be given as top-level

directories:

Figure 29 - S3 Buckets in an FTP Client View

Within each bucket, the users can create, change, and delete the necessary files.


EPAM PUBLIC 55

3.6.6 Pricing

The price of the service is composed of the price for the FTP Server instance (SMALL, Ubuntu14.04_64-

bit), the price of the S3 service used, and the price for additional services, such as data transfer.

Each of these points depends on AWS pricing policy in each specific region.

EPAM Cloud does not apply any additional costs.

3.7 OPENSHIFT AS A SERVICE (OSS)

OpenShift is a Platform as a Service for container management, using Docker containerization and

Kubernetes orchestration tools. The service allows to deploy the necessary environments in container-

based infrastructure, without need to look for higher hardware capacities.

In EPAM Cloud, OpenShift Origin v.3.7 is available as one of the services which can be quickly deployed

in EPAM Cloud in the self-service manner.

Currently, we strongly recommend to run the service in EPAM-BY2 region, where it can perform in a stable

and reliable manner.

OpenShift as a Service is based on Ansible configuration management solution, thus it is recommended to

use Linux-based workstations to set up the service. Due to Ansible limitations, the service cannot be run

from Windows workstations.

The service is managed with the native Linux tools and the following Maestro CLI commands:

Command Description

or2-manage-service …. -s open-shift -k key -a

Starts the service in the specified project and region

or2-openshift-client (or2osc) Installs and configures OpenShift Ansible client to manage OpenShift services.

3.7.1 Configuring Ansible

You need to have a pre-configured Ansible on your workstation in order to proceed with the OpenShift as

a Service setup. Below, you can find the instructions for Ubuntu and CentOS systems.

Linux (Ubuntu):

1. Install the software-properties-common package, which will enable working with PPAs easily:

sudo apt-get update

sudo apt-get install software-properties-common

2. Add Ansible PPA:

sudo apt-add-repository ppa:ansible/ansible

3. Refresh the system’s package index, to make the new package visible in PPA:

sudo apt-get update

4. Install Ansible:


EPAM PUBLIC 56

sudo apt-get install ansible

Linux (CentOS):

1. Make sure that the CenOS EPEL repository is installed

sudo yum install epel-release

2. Install Ansible:

sudo yum install ansible

3.7.2 Service Setup and Configuration

To activate OpenShift as a Service on your project, please perform the following steps:

1. Run Maestro CLI.

2. Create a new key to be used for the service setup:

or2addkey -p project -r region -k key_name

The key private part will be stored to %Maestro_Home%out/<project>/<region>.

After the key creation, you will need to change the key permission to 600 in order to make it suitable

for working with OpenShift:

# run chmod 600 %key_path_and_name%.pem

3. Start the OpenShift service by calling the or2-manage-service (or2ms) command with the

following parameters:

or2ms -p project -r region -a -s open-shift -v 3.7 -k key_name

Wait until all the instances are up and running (there should be four LARGE CentOS 7 64-bit ones).

You can use the or2din command to see the VMs status.

The service, when run, creates four VMs with the pre-configured OpenShift:

VM Role Guest OS Shape Additional Storage

OpenShift Master CentOS_7-64-bit LARGE 30GB

WildCard Node CentOS_7-64-bit LARGE 30GB

Node 1 (work node) CentOS_7-64-bit LARGE 30GB

Node 2 (work node) CentOS_7-64-bit LARGE 30GB

4. Run the or2-openshift-client (or2osc) to install the Ansible client that will be used to configure the

service VMs. The archive will be downloaded to your workstation:

or2osc -a install

The target archive location and name is: %MAESTRO_HOME%lib/openShift/archive.zip.

5. Submit a support request for creating a wildcard record on DNS server. In the request, specify the

DNS server of the service Wildcard node. This is the instance that was the second to be launched

https://support.epam.com/esp/ess.do?orderitem=caNetworkCommunicationsChangeDNS-DHCP-WINS


EPAM PUBLIC 57

during the service activation (you can use the or2din command with the --full flag to find this

instance):

The approximate request text should be:

“Please create the wildcard

*.<wildcard_name>.<region_name>.<project_name>.<projects.epam.com> for

<WILDCARD_NODE_DNS> for dns service discovery.”

The following can be used as an example of wildcard specification:

*.openshift.epam-by2.epm-csup.projects.epam.com

Proceed when the request is resolved.

6. Integrate Maestro CLI with Ansible

a. Switch the command line to : %MAESTRO_HOME%lib/openShift.

b. Install Git, clone the OpenShif-Ansible repository, and check out to release 3.7:

# git clone https://github.com/openshift/openshift-ansible.git

…

# cd openshift-ansible

# git checkout release-3.7

# git checkout c34badae29db15906b4d6a1365f98af9aef1e81e

c. Get back to the %MAESTRO_HOME%bin directory and run or2-openshift-client

command with the following parameters to configure the wildcard:

https://github.com/openshift/openshift-ansible.git


EPAM PUBLIC 58

or2-openshift-client -a configure -p project -r region

-w <wildcard_name>

An example of the command invocation is:

or2-openshift-client –a configure –p project –r region –w

*.openshift.epam-by2.epm-csup.projects.epam.com

7. Run the first playbook to prepare environment for OpenShift installation:

a. Login to each OpenShift Service VM using the SSH key in order to add it to the known

hosts.

b. On your workstation, switch to the OpenShift directory in Maestro -

%MAESTRO_HOME%lib/openShift/.

c. Call the following command to prepare for installing the necessary versions of OpenShift

(3.7), Docker, and Kubernetes:

ansible-playbook -i edp-oc-install/epam-cloud-

preinstall/inventory/openshift -u <EPAM email> --private-key

<path_to_private_key> edp-oc-install/epam-cloud-

preinstall/os_prepare.yml

8. Call the following playbook to install OpenShift:

ansible-playbook -i openshift-ansible/inventory/byo/service -u <EPAM

email> --private-key <path_to_private_key> openshift-

ansible/playbooks/byo/config.yml

When the installation is completed, you will see the final status:

9. Login to the Master node and run the following command to retrieve the information on the service:

# oc status

The command output will include the link to the OpenShift UI:


EPAM PUBLIC 59

10. Set up a user and a password to be used for logging in to the OpenShift UI:

# htpasswd -c /etc/origin/master/htpasswd admin

3.7.3 Pricing

Service includes four Large Linux instances, each having additional 30GB storage volumes. When you start

the service, you pay only for the used virtual resources. As of March 26, 2018, the approximate monthly

price in EPAM-BY2 region is about $260.29.

3.8 DOCKER SERVICE (DOS)

Docker is a new approach to virtual resources provisioning. It allows you to get virtual environments

(containers) within minutes, as they are created based on shared kernel (node). Meanwhile Docker

Containers remain independent in manipulation.

EPAM Private Cloud allows you to have Docker as a Service for your project needs. Docker 1.9 and Docker

Swarm 1.0.0 are supported.

Below, you can see the list of the main Docker concepts:

• Master – a Docker host with a Docker manager (swarm) that performs Docker cluster health check,

load balancing on containers creation, and collects information on existing images, containers,

configuration, statuses etc.

• Node – a VM that plays a role of a base for containers. A Node VM is created by Orchestrator on

Docker Service activation

• Container – a node-hosted resource that uses a part of node capacities and can be used as a

typical virtual server.

• Container Image – an image stored on the node VM and used for containers creation


EPAM PUBLIC 60

• Volume – a container directory mapped to a host directory and used to store and share data

• Docker Registry – a repository service that allows you to share VM images between nodes.

Registry is hosted on a separate VM that is used as a storage for container images.

• Repository – an entity within a registry, in which the images are grouped. Typically, repository

names are taken according to the OS family used on the images that will be stored in this or that

repository (e.g., CentOS).

• Tag – images in repositories are referenced by tags, which are typically given according to image

OS version (e.g., 6, 7, etc.).

The service performs in cluster mode (based on Docker Swarm). When a user activates the Docker service

in a region for their project, Orchestration starts a VM which hosts a Docker Master that becomes the entry

point to the cluster. Master VM is also the first node where you can run containers.

After the Master VM is started, you can create new nodes to increase your Docker cluster capacity.

To find out more details on Docker as a product, please visit the Official Docker Web-Site.


Command Description

or2-manage-service …. -s docker -a Starts the service in the specified project and region

or2-manage-service …. -s docker-registry -a Starts a Docker registry in the specified project and region

or2-docker-container (or2dc) Manipulates Docker containers

or2-docker-volume (or2dv) Manipulates Docker volumes

or2-docker-image (or2di) Manipulates images available for containers creation

or2-describe-docker (or2dd) Gives the list of existing Docker elements and their details

or2-docker-registry-image (or2dri) Manipulates images in a registry

As Docker uses multiple clusters, all Docker-related commands should specify the cluster name as the -

c or -cn parameter.



To start the Docker Service, use the or2-manage-service (or2ms) command with the following flags:

or2-manage-service -p project -r region -s docker –c cluster_name

--activate

The command runs a Maestro Stack that creates and configures a Docker Master VM.

If you need a new node to be added to your Docker cluster, just repeat the or2-manage-service command.

By default, Docker nodes are MEDIUM-shaped VM with Ubuntu 14.04 operating system. If needed, you

can use the --shape parameter with the or2-manage-service command to run a node with a non-default

shape.

https://www.docker.com/

https://kb.epam.com/display/EPMCITFAQ/Documentation


EPAM PUBLIC 61

To stop the service, use --deactivate and –i instance_id to deactivate nodes one by one, with the Docker

Master being deactivated the last.

3.8.2 Working with Containers

The node VM plays a role of a base for containers that use the node resources. To run, terminate, stop and

start the containers, the or2-docker-container (or2dc) command is used.

• To run a new container, call the or2dc command with the following parameters:

or2-docker-container -p project -r region -a run -i image_id

–cn cluster_name

Here, the -a parameter specifies the action to be performed (run), and -i parameter specifies the

container image to be used.

Docker manager will automatically select the node with the lowest load and run the container there.

To see the list of available images, run the or2di command with the -a describe flag:

or2-docker-image -p project -r region -a describe –cn cluster_name

While running a new container, you can specify an entry point command by setting it in the --cmd

parameter:

or2-docker-container -p project -r region -a run -i image_id

–cn cluster_name --cmd "/bin/bash"

• To stop or start a container, use the or2dc command with the following parameters:

or2-docker-container -p project -r region -a stop[or start]

-c container_name –cn cluster_name

The stop command shuts down the container and releases some of the resources occupied by it.

The start command re-launches the stopped container.

• To remove a container, call the or2dc command with the following parameters:

or2-docker-container -p project -r region -a terminate

-c container_name –cn cluster_name

Here, the -a parameter specifies the action to be performed (terminate) and -c specifies the

container name or ID.

3.8.3 Working with Docker Volumes

When a container is used, changes to its data are not stored and may be lost if the container is deleted.

Running a container from an image will not include any modified data.

In order to save the data and share it between the Docker containers, Docker Swarm volumes are used. A

volume is a directory within a container mapped to a directory on a host. The data is stored in the volume

and can be used later.

Volume management is performed with the or2-docker-volume (or2dv) command.

To create a Docker volume, run the or2dv command with the following parameters:


EPAM PUBLIC 62

or2-docker-volume -p project -r region -a create –cn cluster_name

–v volume

Figure 30 - Docker volume creation

To view the list of all volumes available on the Docker Swarm for the specified project and region, run the

or2dv command with the following parameters:

or2-docker-volume -p project -r region -a describe –cn cluster_name

Figure 31 - List of Docker volumes

To delete the specified Docker volume, run the or2dv command with the following parameters:

or2-docker-volume -p project -r region -a delete –cn cluster_name

–v volume

Figure 32 - Docker volume deletion

Docker volumes are mapped to host directories by means of binding performed during the or2dc command

execution. To bind a volume, run the or2dc command with the -v (--volume) parameter.


EPAM PUBLIC 63

Figure 33 - Running Docker container with a volume


EPAM PUBLIC 64

3.8.4 Docker Info

The or2-describe-docker (or2dd) command allows to get the list of the existing Docker elements and their

details.

Using this command with different parameters, you can get the following information:

• General overview of the Docker service resources with their details and roles:

or2dd -p project -r region –cn cluster_name

Figure 34 - List of Docker resources

• The detailed information on a Docker cluster:

or2dd -p project -r region -t cluster –cn cluster_name

Figure 35 - Docker cluster data

3.8.5 Web UI

The Docker service does not have any web UI. All the manipulations are to be performed via CLI.

3.8.6 REST API

Docker manipulations are performed via CLI.

However, there is a REST API you can use for your needs. The connection details can be found in or2dser

command response.

Access to the REST API is established via SSL and requires the CA certificate, the host certificate signed

by the same CA certificate and the host private key:

/etc/docker/ca.crt /etc/docker/host.crt /etc/docker/host.key

For Docker Swarm, use the following request:

curl --cacert /etc/docker/ca.crt --cert /etc/docker/host.crt --key

/etc/docker/host.key https://{INSTANCE_PUBLIC_IP}:4000/info

Please note, that while in EPAM-DKR Swarm API endpoint can be reached via port 4000, in other regions

it can be reached via port 5001.


EPAM PUBLIC 65

For Docker host, use the following request:

curl --cacert /etc/docker/ca.crt --cert /etc/docker/host.crt --key

/etc/docker/host.key https://{INSTANCE_PUBLIC_IP}:2376/info

3.8.7 Working with Docker Images via Docker Registry

Docker service is provided together with the Docker Registry facilities – a repository service that allows

you to share images within the Docker service.

A Registry is created on a separate VM and is used as a storage for images. Images in a registry are

organized as a catalog: they are grouped in repositories and tagged.

Node1

REGION

Container Image

Node 2

Image Container

REGISTRY

Repository 2 Repository 3

Repository

Image(tag)

Image_3(tag_3)

Image_2(tag_2)

Figure 36 - Docker Registry flow

We typically recommend to name repositories after the OS family (e.g. CentOS), and give images tags

according to the OS version (6,7, etc.).

Docker service and registry manipulations are performed with a set of the following Maestro CLI commands:

The typical Docker images manipulation flow can be described in the following steps:

1. Create a new Docker Registry:

or2ms -p project -r region -a –s docker-registry

On the command call, Orchestrator launches a SMALL VM based on Ubuntu12.04_64-bit image.

The command response will return the ID of the stack, used to create the new registry:


EPAM PUBLIC 66

Figure 37 - Docker registry creation

2. Find the DNS of the Registry VM, using the or2-describe-sevices (or2dser) command:

or2dser -p project -r region

The command output will give the list of active project services, where you can find the details:

Figure 38 - Docker registry in the list of services

3. Create a new image from an existing container, using or2-docker-image (or2di) command with -a commit property:

or2di -p project -r region -a commit -c container_id -n image_name

-t image_tag –cn cluster_name

Where:

• -a – the action to be taken

• -c – the ID of the container that will be used to create an image

• -i – the ID of the image to be created

• -t – the tag of the image to be created

• -cn – the name of the Docker cluster to be used

When the command is executed, you will find the following response:

Figure 39 - Docker image creation

4. Push the new image to an existing Registry, using or2-docker-image (or2di) command with -a push property:

or2di -p project -r region -a push -R target_repo_name

-i image_name -t image_tag -dr dockerRegistryInstanceID

–cn cluster_name

You can check whether the image was uploaded to the registry by calling the or2-describe-

registry-image (or2dri) command:

or2dri -p project -r region -dr registry_instance_id


EPAM PUBLIC 67

Please note, that on the registry, the image name is treated as a repository name:

Figure 40 - Image pushed to Docker registry

5. Pull the image from the Registry to all existing nodes, using or2-docker-image (or2di) command with -a pull property:

or2di -p project -r region -a pull –cn cluster_name

-i image_name -t image_tag -dr dockerRegistryInstanceID

After this, you can check the images on other nodes and find the imported one there. Please note

that the image name includes the hostname of the registry where it is taken from:

Figure 41 - Image pulled from Docker registry

After this, the new image can be used to run containers in the Docker cluster.

You can also pull images from public Docker Registry (https://index.docker.io). To do this, run the

or2di -a pull command without the -dr parameter.

6. To delete a repository with all included images (tags) from a registry, run the or2dri command with the -a delete parameter:

or2dri -p project -r region -a delete –cn cluster_name

-dr dockerRegistryInstanceId -R repository_name

You can delete only the registry with all included tags. It is impossible to remove a single tag (image)

https://index.docker.io/


EPAM PUBLIC 68

3.8.8 Pricing

The service usage price is defined by the price of the Docker node VM.

The default parameters of a Docker node VM are:

• Shape: MEDIUM


Therefore, the approximate monthly cost of a Docker Server usage in case of 100% and 24/7 load is about

$42.2 in EPAM-BY2 region (as to 05/12/2017). The price can vary depending on the region and the shape

you select for the Docker node VM. To get more detailed estimations, please, use our Cost Estimator tool.

3.8.9 EPAM-DKR – Dedicated Docker Region

EPAM-DKR is a dedicated Docker region. This region is based on OpenStack and is designed specifically

for Docker clusters management, and has some specifics:

• The region is intended only for running Docker-related services and resources

• Each Docker Service instance is hosted on a separate hardware server

• Only the Large shape is available for Docker instances

• In EPAM-DKR region, Docker VMs are run under KVM and use CoreOS guest operating system

VMs in the EPAM-DKR region are billed for electricity consumption only at the rate of $33 per month.

Docker service in EPAM-DKR region is manipulated in the same way as in any other region. For example,

to start the service, run:

or2-manage-service -p project -r EPAM-DKR -s docker --activate

–c cluster -k ssh_key_name

Please note, that currently more than one cluster becomes available for each project in any region. Thus,

Docker-related commands now require -c/--cluster-name parameter to be specified.

There are some specifics in Docker service performance and usage:

• Login to Docker VMs can be performed only with SSH key and user ‘core’.

• Docker commands can be performed either via Docker toolset or after login to any node via SSH.

• Each node in Docker Swarm cluster is a master.

• Swarm API endpoint can be reached at <any_cluster_ip_address>:4000. For example:

docker -H hostname:4000 --tlsverify --tlscacert=/etc/docker/ca.crt --

tlscert=/etc/docker/host.crt --tlskey=/etc/docker/host.key info



EPAM PUBLIC 69

3.9 KUBERNETES AS A SERVICE

Kubernetes is an open-source container management platform delivered by Google. In a containerized

infrastructure, applications are deployed as isolated, independent entities, the so-called containers.

Containerization has multiple benefits over the traditional deployment – faster and more efficient

installation, environment consistency, portability, security.

EPAM Cloud supports Docker as a containerization service to deploy applications. Kubernetes as a Service

is used to manage, schedule and run containerized applications created by various container engines, such

as Docker or rkt. One or more containers to be managed as a single application are grouped into ‘pods’

which will be running on clusters of virtual machines.

Within a cluster, one virtual machine functions as a master node consisting of a stateless API server,

scheduler and controller manager. Additionally, the master node includes an etcd key-value store for data

storing in the cluster. The master node manages the workload and provides communication within the

cluster through the API server. Other virtual machines are worker nodes subordinate to the master.

The basic concepts used in Kubernetes are as follows:

- Master – the main VM from which the Kubernetes environment is managed

- Node – VM on which containers are deployed and running

- Cluster – a set of virtual or physical machines on which applications are running

- Pod – one or several containers to be run as a single application and the related container options

- Service – the functionality within the Kubernetes environment balancing the load between the pods

and providing DNS names

- Replication Controller – the entity setting the number of pods to be running

- Networking – the service allowing to configure IP address ranges and the related settings

- Namespace – a virtual cluster within a physical cluster

EPAM Cloud supports Kubernetes 1.9 version.

For more details on Kubernetes, please visit the Official Kubernetes Website.


Command Description

or2-manage-service …. -s kubernetes -a Starts the service in the specified project and region

or2-kubernetes-pods...-cn cluster_name Lists the Kubernetes pods in the specified cluster

or2-kubernetes-namespaces...-cn

cluster_name

Lists the Kubernetes namespaces in the specified cluster

or2-kubernetes-services...-cn cluster_name Lists the Kubernetes services in the specified cluster

or2-kubernetes-replication-controllers...-cn

cluster_name

Lists the Kubernetes replication controllers in the

specified cluster

or2-kubernetes-nodes...-cn cluster_name Lists the Kubernetes nodes in the specified cluster

http://kubernetes.io/


EPAM PUBLIC 70


Kubernetes as a Service can only be activated in OpenStack private regions. For a cluster proper

configuration, you need to activate Kubernetes Master and at least one worker (UI Dashboard, Proxy,

Addons for DNS).

To start the Kubernetes Service, use the or2-manage-service (or2ms) command with the following

parameters:

or2-manage-service -p project -r region -s kubernetes –c cluster_name

-k key_name --activate

To start the service as a Kubernetes master, run the command with the -s (--service-name) parameter

containing ‘kubernetes’ or ‘kubernetes-master’. To start the service as a Kubernetes worker, run the

command with the -s (--service-name) parameter containing ‘kubernetes-worker’.

or2-manage-service -p project -r region -s kubernetes-worker –c

cluster_name -k key_name --activate

You can activate a worker node only if a master node has already been activated in the same cluster.

If you need a new node to be added to your Kubernetes cluster, just repeat the or2-manage-service

command.

By default, Kubernetes nodes are LARGE-shaped VMs with CoreOS_1632_64-bit operating system.

To stop the service, use --deactivate and -i instance_id parameters to deactivate nodes one by one, with

the Kubernetes Master being deactivated the last.

You can start more than one Kubernetes cluster for the same project and region. To login in every instance

in the cluster, use the following user with the private SSH key with which you activate the service:

User: Core

3.9.2 Kubernetes Info

To view the list of the existing Kubernetes nodes and their parameters, run the or2-describe-services

(or2dser) command specifying your project and region:

or2dser -p project -r region –s kubernetes

Figure 42 - List of Kubernetes nodes (shown in two lines for better visibility)


EPAM PUBLIC 71

3.9.3 Kubernetes Pods Management

To view the list of pods within a particular Kubernetes cluster, use the or2-kubernetes-pods (or2kp)

command:

or2kp -p project -r region –cn cluster_name

The command will return the list of all Kubernetes pods within the cluster specified in the command, together

with their state and start date.

Figure 43 - List of pods in a Kubernetes cluster

3.9.4 Kubernetes Namespaces Management

To view the list of all namespaces (virtual clusters) within the particular physical cluster, use the or2-

kubernetes-namespaces (or2kns) command:

or2kns -p project -r region –cn cluster_name

The response will contain the list of namespaces and their state.

Figure 44 - List of namespaces in a Kubernetes cluster

3.9.5 Kubernetes Services Management

To view the list of services in the particular Kubernetes cluster, run the or2-kubernetes-services (or2ks)

command:

or2ks -p project -r region –cn cluster_name

The command returns the list of Kubernetes services in the specified cluster and their types.


EPAM PUBLIC 72

Figure 45 - List of services in a Kubernetes cluster

3.9.6 Kubernetes Replication Controllers Management

Replication controllers are used to run Kubernetes pods from the so-called pod templates, thus creating

the specified number of identical pods. To view the list of replication controllers in the particular Kubernetes

cluster, use the or2-kubernetes-replication-controllers (or2krc) command:

or2krc -p project -r region –cn cluster_name

The command returns the list of all replication controllers used in the cluster, the pod template used for

replication, the target number of replicas, the number of currently existing replicas and the number of

completed replicas.

Figure 46 - List of replication controllers

3.9.7 Kubernetes Nodes Management

To view the list of nodes within the specified Kubernetes cluster, use the or2-kubernetes-nodes (or2kn)

command:

or2kn -p project -r region –cn cluster_name

The command response contains the list of nodes, their state, number of pods in each node, the CPU count

and the memory size.

Figure 47 - List of Kubernetes nodes

3.9.8 Using the Service

When the Kubernetes service is activated, you can use it via the native command line interface, kubectl,

which is automatically available on the master virtual machine on which Kubernetes is activated.

For other machines, download the kubectl executable and install it.

For more details on using kubectl, on the available commands, syntax and parameters, refer to the kubectl

Overview page of the official Kubernetes website.

https://storage.googleapis.com/kubernetes-release/release/v1.2.2/bin/linux/amd64/kubectl

http://kubernetes.io/docs/user-guide/kubectl-overview/

http://kubernetes.io/docs/user-guide/kubectl-overview/


EPAM PUBLIC 73

3.9.9 kubectl Configuration

Before using Kubernetes via the local kubectl, configure kubectl to work with the cluster using the following

kubectl commands:

kubectl config set-cluster default-cluster --

server=https://MASTER_PUBLIC_IP --certificate-

authority=/etc/kubernetes/ssl/ca.pem

where MASTER_PUBLIC_IP is the public IP of the master node which you are accessing.

kubectl config set-credentials default-admin --certificate-

authority=/etc/kubernetes/ssl/ca.pem --client-

key=/etc/kubernetes/ssl/admin-key.pem --client-

certificate=/etc/kubernetes/ssl/admin.pem

kubectl config set-context default-system --cluster=default-cluster

--user=default-admin

kubectl config use-context default-system

The commands use the SSL credentials stored in the following files:

/etc/kubernetes/ssl/ca.pem

/etc/kubernetes/ssl/admin-key.pem

/etc/kubernetes/ssl/admin.pem

These files can be obtained from the master node.

To find the certificate Common Name, use the following command:

openssl x509 -noout -subject -in ~/.kube/admin.pem

3.9.10 Web UI

The Kubernetes service has a web UI which is automatically available as soon as the service is activated

in the cluster. It is accessible via a URL over the https connection. The Web UI URL can be found from the

Kubernetes node details returned by the or2dser command.

The web UI has most of the functionality supported by the CLI in an intuitive format.


EPAM PUBLIC 74

Figure 48 - Kubernetes Dashboard

Clicking ‘Deploy an App’ opens the application deployment wizard helping you to set up your application

either by specifying its parameters manually or by uploading a YAML or JSON file containing the application

configuration.

When the application is running, you can use the Kubernetes Dashboard to monitor its performance, debug

errors and delete applications.

Heapster, a cluster-wide aggregator of monitoring and event data, enables Container Cluster Monitoring

and Performance Analysis for Kubernetes. With Heapster gathering and interpreting various signals like

compute resource usage, lifecycle events etc., you can monitor the respective information on the

Kubernetes Dashboard.

Figure 49 - Heapster Gathered Data


EPAM PUBLIC 75

Kubernetes Dashboard supports basic authentication using login and password. With service activation, a

login and password are generated to be used for accessing the Web UI. The login and password for each

Kubernetes node can be retrieved by means of the or2-describe-services (or2dser) command.

Figure 50 - Username and password in or2dser response

3.9.11 Container Images

During Docker container management Kubernetes refers to the Docker repository where Docker container

images are stored. Kubernetes supports image retrieval from the public Docker registry available at

https://index.docker.io as well as from the private Docker registry.

To use an image from the private Docker registry to create a Kubernetes pod, perform the following actions:

Prerequisites: 1. Docker service activated in one of the OpenStack private region.

2. Docker private registry activated in one of the OpenStack private region.

3. Kubernetes Master activated in one of the OpenStack private region.

In the example below, a Kubernetes pod will be created on the basis of a Jenkins image from the Docker

private registry. Use the same sequence with other images.

1. On the Docker VM, pull the latest Jenkins image and push it to your Private Docker registry:

$ docker pull jenkins

$ docker login -e [email protected] -u eo -p 12345

ecs000******.epam.com:5000

WARNING: login credentials saved in /root/.docker/config.json

Login Succeeded

where ecs000******.epam.com:5000 is the URL of the Docker private registry

$ docker images

REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE

jenkins latest 5cd2a48c61ac 3 days ago 714.5 MB

$ docker tag 5cd2a48c61ac ecs000******.epam.com:5000/myjenkins:1.1

$ docker push ecs000******.epam.com:5000/myjenkins:1.1

2. On the Kubernetes VM, run the following commands:

https://index.docker.io/


EPAM PUBLIC 76

$ docker login -e [email protected] -u eo -p 12345

ecs000******.epam.com:5000

WARNING: login credentials saved in /root/.docker/config.json

Login Succeeded

$ echo $(cat ~/.docker/config.json)

{ "auths": { "ecs000******.epam.com:5000": { "auth":

"ZW86UGw4aWhXa3BpYW8w", "email": "[email protected]" } } }

$ cat ~/.docker/config.json | base64

ewoJImF1dGhzIjogewoJCSJlY3MwMDBiMzAwOTV0Ni5lcGFtLmNvbTo1MDAwIjogewoJCQkiY

XV0

aCI6ICJaVzg2VUd3NGFXaFhhM0JwWVc4dyIsCgkJCSJlbWFpbCI6ICJSb21hbl9SYXN0aWVoY

Wll

dkBlcGFtLmNvbSIKCQl9Cgl9Cn0=

3. Create a Kubernetes secret containing credentials of your private Docker registry:

$ cat > /tmp/docker-registry-secret.yaml <<EOF

apiVersion: v1

kind: Secret

metadata:

name: ecs000******-key

data:

.dockerconfigjson:

ewoJImF1dGhzIjogewoJCSJlY3MwMDBiMzAwOTV0Ni5lcGFtLmNvbTo1MDAwIjogewoJCQkiY

XV0aCI6ICJaVzg2VUd3NGFXaFhhM0JwWVc4dyIsCgkJCSJlbWFpbCI6ICJSb21hbl9SYXN0aW

VoYWlldkBlcGFtLmNvbSIKCQl9Cgl9Cn0=

type: kubernetes.io/dockerconfigjson

EOF

$ kubectl create -f /tmp/docker-registry-secret.yaml

secret "ecs000******-key" created

4. Create a Kubernetes pod using the image from your private Docker registry and specifying the

secret you have just created:

$ cat > /tmp/myjenkins-pod.yaml <<EOF

apiVersion: v1


EPAM PUBLIC 77

kind: Pod

metadata:

name: myjenkins

spec:

containers:

- name: myjenkins

image: ecs000******.epam.com:5000/myjenkins:1.1

imagePullPolicy: Always

command: [ "echo", "SUCCESS" ]

imagePullSecrets:

- name: ecs000******-key

EOF

$ kubectl create -f /tmp/myjenkins-pod.yaml

pod "myjenkins" created

3.9.12 Troubleshooting

If the Kubernetes service is not performing as expected, you can try to identify the root cause of the issue

and, in certain cases, debug it yourself. The first step is to determine whether the issue concerns your

application or your cluster.

If the application is not performing correctly, run the following kubectl commands on your master VM to

diagnose the application:

Command Description

# kubectl get pods Lists the pods included in your application with their statuses

# kubectl get services Lists the services running in your Kubernetes environment

# kubectl get replicationControllers Lists the replication controllers and the containers they have started

# kubectl describe pods $ {pod_name} Displays the status of a particular pod

If pods or replication controllers are not performing properly, the cause may be insufficient resources. This

can be resolved by adding more nodes to the cluster or terminating the pods which are no longer needed.

If the issue occurred in the Kubernetes services, check whether the service exists and if it is correctly

configured.

Otherwise, contact the Level 3 Support Team.

mailto:%20%[email protected]


EPAM PUBLIC 78

If the issue is within the cluster, run the following kubectl commands on your master VM to diagnose the

nodes:

Command Description

# kubectl get nodes Lists the nodes in the cluster with their statuses

Contact the Level 3 Support Team for assistance with node issues.

3.9.13 Pricing

The Kubernetes service is available in the OpenStack private regions and is billed according to the VM

billing in that region. The default parameters of a Kubernetes VM are:

• Image: CoreOs_1632_64-bit

• Shape: LARGE

Therefore, the approximate monthly cost in case of 100% and 24/7 load is about $61.04 in EPAM-BY2

region (as of April 4, 2018). To get more detailed estimations, please, use our Cost Estimator tool.

mailto:%20%[email protected]



EPAM PUBLIC 79

3.10 HADOOP DATA PLATFORM SERVICE (HDP)

Hadoop is an open-source solution that provides storage and computing facilities for processing large-scale

data in clusters.

EPAM Private Cloud provides Hadoop capacities that can be used by developers to test and debug their

Hadoop jobs before running them on production.

EPAM Private Cloud Hadoop Data Platform Service is based on Hortonworks Hadoop solution.


Command Description

or2-manage-service …. -s hadoop -a -l slaves -h shape


or2-describe-hadoop (or2dh) Gives the list, the states, and the DNS names of existing Hadoop resources.

or2-manage-hadoop (or2mh) Creates and removes Hadoop resources



To start the Hadoop service, run the or2-manage-service (or2ms) command with --activate (-a), --

service-name (-s) hadoop and other necessary flags:

or2ms -p project -r region -a -s hadoop -l slaves -h shape

where:

• -l (--hadoop-slave-count) specifies the number of Hadoop slave machines that will be run (1 by default, if the property is not specified)

• -h (--shape) specifies the instance shape for Hadoop slave machines (MEDIUM by default, if the property is not specified)

You can also use the -k (--key-name) option to specify the SSH key for all the created resources.

The service when activated, by default starts the following virtual machines:

VM Role OS Shape Number

Hadoop Client Ubuntu 12.04 x64 SMALL 1

Hadoop Resource Manager Ubuntu 12.04 x64 MEDIUM 1

Hadoop Name Node Ubuntu 12.04 x64 MEDIUM 1

Hadoop Slave Ubuntu 12.04 x64 MEDIUM (alterable with -h parameter)

1 (alterable with -l parameter)

To check whether Hadoop has started properly, you should login to the client and run a test job. The cluster

is ready to work if the test job is performed without issues.

Each project can have only one Hadoop service activated for the region, but the service can include several

Hadoop clients, each responsible for its own job. For more details on new Hadoop resources creation, see

the Manipulating Slaves and Clients section.


EPAM PUBLIC 80

3.10.2 Retrieving Hadoop Info

To see the list, the states and the DNS names of Hadoop resources, run the or2-describe-hadoop (or2dh)

command:

or2dh -p project -r region

You can also use the or2-describe-services (or2dser) command with the -s Hadoop flag to find the

Hadoop client DNS.

3.10.3 Running Jobs

To run a Hadoop job, you have to connect to the Hadoop Client you want to use. To connect, use the DNS

name retrieved by the or2dh command and the following credentials:

• User: hdfs

• Password: user

When connected to the Client, run the following command on it:

hadoop jar job_path [job parameters]

Where:

• job_path stands for the path to the .jar file describing the Hadoop job

• job_parameters stands for the list of the parameters that can be accepted by the current job

Each Hadoop client has a set of pre-installed demo jobs you can run to check how the service works. For

example, the command below will call the job with a program that is intended to calculate the Pi number:

hadoop jar /usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples-

2.4.0.2.1.5.0-695.jar pi 10 20

Here,

• pi specifies the name of a valid program available within the specified job

• 10 stands for an integer specifying the number of mappings

• 20 stands for an integer specifying the number of samples per map.

You can also see the other examples in the /usr/lib/hadoop-mapreduce/ folder.

3.10.4 Manipulating Slaves and Clients

It is possible to change the number of existing Hadoop Clients and Slaves after the service activation. This

can be done with the or2-manage-hadoop (or2mh) command:

or2mh -p project -r region -a -c number -s resource_type

where:

• -a (--add) - a flag identifying that a resource should be added

• resource_type is a type of the Hadoop resource (client, slave)

• number identifies the number of the new resources to be created (1 by default)

You can also specify the resource shape with the -h / --shape parameter.

To remove a slave, use the or2mh command with the -m /--remove parameter:


EPAM PUBLIC 81

or2mh -p project -r region -c number -s resource_type --remove

When you remove a slave, it will still be detected as active on Resource Manager and Name Nod UIs for

some time.

3.10.5 Web UI

To monitor the Hadoop Service performance, you can login to the Hadoop Resource Manager and Hadoop

Name Node. For Resource Manager, use its DNS name and port 8088:

http://hadoop_rm_dns:8088

When you connect, you can see the list of the performed jobs (called Applications here), their status, and

get the access to other details:

Figure 51 - Hadoop RM Web UI

To login to Hadoop Name Node UI, use the Name Node DNS and the 50070 port:

http://hadoop_nn_dns:50070

Figure 52 - Hadoop Name Node Web UI


EPAM PUBLIC 82

You do not have to specify any credentials to connect to Hadoop Resource Manager and Name Node web

interfaces.

3.10.6 Pricing

The service usage price is defined by the price of the created Hadoop Resources.

The default parameters of a minimum set of Hadoop VMs are:


• Shapes: MEDIUM (three VMs)

SMALL (one VM)

Therefore, the approximate monthly cost of minimum set of Hadoop Data Platform Service in case of 100%

and 24/7 load is about $155 in EPAM-BY2 region (as to 05/12/2017). The price can vary depending on the

region, the number of clients and slaves and their shapes. To get more detailed estimations, please, use

our Cost Estimator tool.



EPAM PUBLIC 83

3.11 AMBARI AS A SERVICE

Apache Ambari is an open-source software that provides a web based UI and APIs for provisioning,

management and monitoring of Hadoop clusters.

As EPAM Cloud Service, Ambari creates an Ambari-Server for your project, sets up a cluster of Ambari-

Agents that deploy a chosen stack of Hadoop bundle for you and provide the existing Ambari facilities for

managing the Hadoop cluster of yours.

Ambari as a Service is based on Hortonworks Ambari 2.2.0.

You can create Ambari resources in both AWS and standard EPAM Cloud regions.

Please, keep in mind the following service performance specifics:

• If you need to create at least one Cluster resource in Amazon, Ambari server should also be hosted

in AWS, in the same region.

• All AWS-hosted Ambari resources should be hosted in the same region.

• You can run Cluster resources in several regions simultaneously, including both EPAM and AWS

regions. In this case, the server should be hosted in AWS.

• When an AWS-based Ambari resource is stopped and started again, it changes DNS and loses

connection to other Ambari resources. Please, keep your AWS Ambari resources running.

Ambari as a Service is delivered in cooperation with Big Data Competency Center, who are

responsible for the application initial settings and performance. In case you encounter any issues

with the service usage, please contact the Big Data CC.


Command Description

or2-manage-service …. -s ambari -a -c cluster_name -k key


or2-ambari-cluster (or2ac) Sets up an Ambari cluster for the project

or2-describe-maestro-stack-resources -p project -r region -s cluster_stack_name

Retrieves the information on the resources created in the Ambari cluster

or2-describe-instances -p project -r region -l “cluster_name=your_cluster_name”

3.11.1 Starting One-Node Ambari Server and Configuring the Cluster

To activate the service and create an Ambari server, run the or2-manage-service (or2ms) command with

--activate (-a) --service-name (-s) ambari and other necessary flags:

or2ms -p project -r region -a -s ambari -c cluster_name -k key

--customize

where:

• -c (--cluster-name) specifies the name for the newly created Ambari cluster.



EPAM PUBLIC 84

• k (--key-name) the SSH key name that will be used for all Ambari resources

• --customize is an optional parameter that allows to customize the parameters defined in the service stack template, including the blueprint to be used, in case you don't want to use the default one(see the details below).

Ambari Blueprint is a declarative definition of a cluster. With a Blueprint, you specify a Stack, the Component layout and the Configurations to materialize a Hadoop cluster instance (via a REST API) without having to use the Ambari Cluster Install Wizard.

The service, when activated, starts an Ambari server (CentOS6_64-bit, MEDIUM) and reserves a cluster

with the specified name and configuration parameters.

3.11.2 Configuring and Starting Cluster Nodes

When the Server is up and running, you can start setting up the Ambari-Agents and describe the cluster

configuration parameters.

All the settings are taken from two files:

• The blueprint file you specified at the Ambari-Serveractivation step. It provides the information on

the software stack to be installed on the cluster’s VMs.

• The configuration file you specify with the or2-ambari-cluster command describes the cluster’s

hardware stack (the number of VMs in each group, additional volumes attached to those, etc.). The

command is called as follows:

or2ac -p project -r region --cluster-name name --action create

–config-file json

where:

• --cluster-name is the name of the Ambari cluster you want to set up

• --config-file is the full path to a locally stored .json file with cluster configurations (see Configuration Example).

To make sure that the cluster was started successfully, use the or2-describe-services Maestro CLI command:

Figure 53 - Ambari service check

https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=38571133


EPAM PUBLIC 85

3.11.3 Manipulating Cluster Nodes

The or2-abmari-cluster (or2ac) command can also be used to start and stop all existing Ambari clusters

at once:

• To stop all the existing cluster instances, run the or2ac command with the -a stop parameter:

or2ac --cluster-name name –p project –r region –a stop

• To start all the stopped Ambari cluster instances and all the services in Abmari, use the or2ac

command with -a start parameter:

or2ac --cluster-name name –p project –r region –a stop

3.11.4 Retrieving Information on Ambari Resources

There are several ways to get the information on the resources engaged in Ambari Service:

• To get the service availability, the name of the stack that launched the service and the details on the Ambari Server, use:

or2-describe-services -p project -r region

• To get the information on the resources created in the Ambari cluster, use the following commands:

or2-describe-maestro-stack-resources -p project -r region

-s cluster_stack_name

or

or2-describe-instances -p project -r region -l

“cluster_name=your_cluster_name”

or

or2-ambari-cluster -p project -r region –a describe

Before you start creating an Ambari cluster, please, make sure that the action will not exceed the project

resource quota (either daily or monthly). If it does, the cluster creation will fail, but some of the resources

may remain active and billed.

To see your monthly quota usage info, please, call the command:

or2report -p project -r region -y year -m month -t quota

To see your project daily quota limitation, use:

or2dpro -p project --full

and see the volumeCreationInterval_count, instanceCreationInterval_count and maxVolumeSizw_GB

values for resource creation and volumes size limits.

For more details on quotas in EPAM Cloud, see the Account Management Guide.

https://cloud.epam.com/site/management/account_activity/csug_05_account_management.pdf


EPAM PUBLIC 86

3.11.5 Web UI

When you start the Ambari service and the server is run, you can loin to it using its DNS name and port

8080:

http://ambari_server:8080

The server URL is also returned as a part of or2-describe-services command output.

Use the following credentials to login to the Ambari server in EPAM regions:

Login: admin

Password: admin

To login to the Ambari Server hosted in AWS, please, use the centos login and the SSH key you specified

at service start.

However, there is no information on the server until the Ambari cluster resources are up and running. After

the or2-ambari-cluster command execution, the information on the cluster resources appear on the

Server. You will see an operation on maestro on the main toolbar, and if you click it, you will get the

statistics on the cluster resources setup:

Figure 54 - Cluster resources setup

It is strongly recommended not to perform any operations on the server till the setup is finished.

When the setup is completed, the Ambari service is ready to use.

http://ambari_server:8080/


EPAM PUBLIC 87

3.11.6 Pricing

The service usage price is defined by the price of the created Ambari Resources and will depend on the

number and parameters of cluster VMs.


3.11.7 Default Blueprint

As it has been mentioned before, the blueprint file contains the information on the software that should be

installed on Ambari Cluster VMs. In case you specify no Blueprint, the default one will be used. It contains

the following settings:

hgroup1 hgroup2 hgroup3

ZOOKEEPER_SERVER ZOOKEEPER_CLIENT PIG HISTORYSERVER NAMENODE HCAT TEZ_CLIENT AMBARI_SERVER APP_TIMELINE_SERVER SQOOP HDFS_CLIENT HIVE_CLIENT NODEMANAGER YARN_CLIENT MAPREDUCE2_CLIENT DATANODE GANGLIA_MONITOR

ZOOKEEPER_SERVER ZOOKEEPER_CLIENT PIG HIVE_SERVER HCAT SECONDARY_NAMENODE TEZ_CLIENT HIVE_METASTORE GANGLIA_SERVER SQOOP HDFS_CLIENT HIVE_CLIENT NODEMANAGER YARN_CLIENT MAPREDUCE2_CLIENT DATANODE MYSQL_SERVER GANGLIA_MONITOR WEBHCAT_SERVER RESOURCEMANAGER

ZOOKEEPER_CLIENT PIG SQOOP HIVE_CLIENT HDFS_CLIENT YARN_CLIENT HCAT MAPREDUCE2_CLIENT TEZ_CLIENT DATANODE NODEMANAGER GANGLIA_MONITOR



EPAM PUBLIC 88

3.11.8 Configuration Example

The configuration file describes the configuration of cluster to be created, by instances.

Each instance includes the following properties:

Property Name Description

group Host group. The following values can be used:

• hgroup1 – main management host group

• hgroup2 – secondary nodes host group

• hgroup3 – slave nodes (yarn, hdfs)

zone Virtualization zone

shape Host shape (MEDIUM+ are recommended)

count The count of hosts. Should be 1 for hgroup1 and hgroup2, and can be more for hgroup3.

volumes The description of additional volumes. The number of volumes allowed depends on the resource quota of your project. Each volume has the following parameters:

• size – volume size, in GB;

• mount – volume mount point. Set it as /hadoop/hdfs to make the volume be used for Hadoop Distributed File System (HDFS).

• fs – file system to be used. Currently, ext3 and ext4 are supported.

The code on the page below provides an example of a configuration file.

https://kb.epam.com/display/EPMCITFAQ/Project+Quotas


EPAM PUBLIC 89

{

"instances": [{

"group": "hgroup1",

"zone": "EPAM-BY1",

"shape": "medium",

"count": 1,

"volumes": [{

"size": 30,

"mount": "/hadoop/hdfs",

"fs": "ext4"

}, {

"size": 10,

"mount": "/some/tmp/mount/point",

"fs": "ext3"

}]

}, {

"group": "hgroup2",

"zone": "EPAM-BY1",

"shape": "medium",

"count": 1,

"volumes": [{

"size": 30,


"fs": "ext4"

}]

}, {

"group": "hgroup3",

"zone": "EPAM-BY1",

"shape": "medium",

"count": 3,

"volumes": [{

"size": 30,


"fs": "ext4"

}]

}]

}


EPAM PUBLIC 90

3.12 SPLUNK AS A SERVICE

Splunk Enterprise is a big data management platform allowing to receive, analyze and process large

volumes of data. Splunk Enterprise collects data from various sources and turns it into Operational

Intelligence. Data gathered by Splunk can be searched, indexed, visualized, monitored and organized as

reports.

EPAM Cloud supports Splunk as a Service based on Splunk Enterprise 6.3.1.

For more information on Splunk products and usage, visit the official Splunk website.


Command Description

or2-manage-service …. -s splunk -a Starts the Splunk service in the specified project and region

or2-manage-service …. -s splunk-proxy -a Starts a Splunk proxy service in the specified project and region

or2-splunk-proxy -p project -r region -a create -n endpoint_name -i splunk_instance -x proxy_instance -t port -q quota

Manages Splunk proxy endpoints

or2-describe-instances… -S splunk Displays the details of VMs created during the service activation

or2-describe-services… -s splunk Describes the Splunk service activated in the specified project and region


3.12.1 Service Architecture

When Splunk as a Service is activated, it starts a virtual machine with a trial version of Splunk Enterprise

installed. This version allows using Splunk free of charge up to the limit of 500 Mb of data per day for 60

days. After 60 days, the trial license can be converted into a perpetual free license with the same conditions.

You can change the license from trial to free using Splunk Web.

https://www.splunk.com/


EPAM PUBLIC 91

Figure 55 - Changing Splunk license type

Several Splunk instances can be started for a project and region combination.

If necessary, a Splunk proxy server can also be created to manage data traffic from various endpoints.

When the Splunk proxy server is running, you can specify the endpoints from which traffic is to be managed

and set the quota to limit the traffic from a particular endpoint.

Several Splunk proxy servers can be created for a project and region.

3.12.2 Splunk Service Activation

Splunk as a Service is started by means of the or2-manage-services (or2ms) command. To activate the

service, send the command with the -a/--activate parameter and indicate splunk in the -s/--service-name

parameter:

or2ms -p project -r region –a –s splunk

When the service is activated, it starts a MEDIUM-shaped Ubuntu14.04_64-bit virtual machine.

When Splunk as a Service has been activated, its details data can be retrieved by means of the or2-

describe-services command.


EPAM PUBLIC 92

3.12.3 Splunk Proxy

To start a Splunk proxy server, use the same command (or2-manage-services).

or2ms -p project -r region –a –s splunk-proxy

Once a Splunk proxy server has been activated, you can add and manage endpoints to limit traffic from.

For this purpose, a special command, or2-splunk-proxy (or2sp), is used:

or2sp -p project -r region -a create –n endpoint_name –i

splunk_instance –x proxy_instance –t port –q quota

This command should specify the endpoint action to be performed (describe, create or delete), the IDs of

the Splunk service instance and the Splunk proxy instance, the endpoint name and the data traffic quota in

Mb set for the endpoint (for the ‘create’ action). The cumulative daily quota of all endpoints should not

exceed 500 Mb.

To retrieve data on the endpoints configured for a particular Splunk proxy instance, use the or2sp command

with the -a describe parameter:

or2sp -p project -r region -a describe –x proxy_instance

The command returns the list of all endpoints with their maximum quotas and current quota usage:

Figure 56 - List of Splunk proxy endpoints

To delete a Splunk proxy endpoint, use the or2sp command with the -a delete parameter:

or2sp -a delete –x proxy_instance –n endpoint_name

3.12.4 Service Manipulation

As soon as the Splunk or Splunk proxy service is activated, its data can be retrieved using the or2-

describe-services (or2dser) command.

Figure 57 – Splunk service info (shown in two lines for better visibility)

You can find the details on the VMs created within the service activation, by calling the or2-describe-

instances (or2din) command with -S splunk or splunk-proxy parameter:

or2din –p project -r region –S splunk


EPAM PUBLIC 93

3.12.5 Web UI

The Splunk service has a web UI which is automatically available as soon as the service is activated.

The server URL and credentials are also returned as part of the or2-describe-services command

response:

Figure 58 - Splunk service credentials

Using the provided URL, login and password, you can access the Splunk Web UI:

Figure 59 - Splunk UI

3.12.6 Pricing

The service usage price is defined by the price of the VMs created during the Splunk service activation.

Each Splunk or Splunk proxy server has the following configuration:


• Shape: MEDIUM

Therefore, the approximate monthly cost of one Splunk or Splunk proxy instance of 100% and 24/7 load is

about $42.2 in EPAM-BY2 region (as of 05/12/2017). The price can vary depending on the region and the

usage pattern.




EPAM PUBLIC 94

3.13 JENKINS AS A SERVICE

EPAM Orchestrator was initially created, based on the concept of CI/CD processes automation. EPAM

Orchestration is intended to deliver Cloud for developers, providing them with all the capabilities, necessary

to build effective CI/CD processes.

Jenkins as a service sets up a Jenkins server from scratch, installs all the necessary plugins and starts

collecting audit messages from Jenkins (this information becomes available on the Audit page, without

need to connect Jenkins directly).

The service manipulation commands are:

Command Description

or2-describe-jenkins-jobs (or2djj) Describes the existing jobs

or2-create-jenkins-job (or2cjj) Creates a new Jenkins job

or2-trigger-jenkins-job (or2tjj) Triggers a Jenkins job execution

or2-remove-jenkins-job (or2rjj) Removes an existing Jenkins job

or2-manage-jenkins-plugins (or2mjp) Manages Jenkins plugins

or2audit -p project -r region -g jenkins Retrieves the audit on Jenkins performance

Since September 3, 2016, Jenkins version 2.107.1 is supported.



To start the Jenkins service, run the or2-manage-service (or2ms) command with --activate (-a), --

service-name (-s) Jenkins and other necessary flags:

or2ms -p project -r region -a -s jenkins -k key_name

where:

-k (--key-name) is the SSH key name that will be used to run the service VM. The key is necessary for

running the service in AWS, and is not obligatory for Azure.

The service, when activated, by default starts a Jenkins server VM with the following configuration:

• OS: Ubuntu 16.04 x64

• Shape: MEDIUM

You can run one Jenkins server in each region in which your project is activated.

To create a Jenkins cluster, repeat the or2ms command to start Jenkins slaves. Repeat the command as

many times as you need slave instances. The Jenkins slave instances will have the same configuration as

https://cloud.epam.com/maestro2/ui/events


EPAM PUBLIC 95

the master instance (MEDIUM Ubuntu16.04_64-bit). All integrations between the master and the slaves will

be performed automatically.

3.13.2 Service Manipulations

EPAM Orchestrator supports the following commands for Jenkins service manipulations:

• To create a new Jenkins job, run the or2-create-jenkins-job (or2cjj) command specifying the -c/-

-config property with the Job XML config file:

or2cjj -j "new job" -p demo -r region --config [path to job XML config

file]*

*see the Configuration File Example page.

The or2cjj command verifies whether all required for the selected configuration are available. If one

or several plugins are missing, the job is not created, and the system returns an error message listing

the missing plugins.

• To manage Jenkins plugins, use the or2-manage-jenkins-plugins (or2mjp) command. This

command is used to describe the available plugins, install or uninstall plugins.

Describing plugins:

or2mjp -p project -r region

Installing a plugin:

or2mjp -p project -r region –a install –n plugin-name

Uninstalling a plugin:

or2mjp -p project -r region –a uninstall –n plugin-name

• To describe the existing Jenkins jobs, run the or2-describe-jenkins-jobs (or2djj) command:

or2djj -p project -r region

• To trigger a Jenkins job, run the or2-trigger-jenkins-job (or2tjj) command:

or2tjj -p project -r region -j “job_name”

• To remove a Jenkins job, run the or2-remove-jenkins-job (or2rjj) command (use the -y parameter

for automatic confirmation of the action):

or2rjj -p projct -r region -j “job_name”

• To stop the Jenkins service and remove the Jenkins Server VM, run the following command:

or2ms -p project -r region -s jenkins --deactivate

The command terminates the existing Jenkins server

3.13.3 Web UI

You can connect the Jenkins server by its DNS address and 8080 port:


EPAM PUBLIC 96

http://<JenkinsServerDNS>:8080

You can see the Jenkins Server instance DNS in the response of the or2-describe-services command,

as well as the server URL and credentials:

Figure 60 - The or2-describe-services output

When you log in, you will get to Jenkins server info and statistics:

Figure 61 - Jenkins UI

3.13.4 Pricing

The service usage price is defined by the price of the Jenkins Server VM.

The default parameters of a Jenkins Server VM are:

• Shape: MEDIUM


The other significant factor is the Cloud provider and the region you use.

To estimate the price of the AWS-based infrastructure you plan to create, you can use the AWS Simple

Monthly Calculator. To estimate prices in Azure, see the Azure Pricing page.

3.13.5 Configuration File Example

Below, you can find an example of an XML configuration file to be used during the Jenkins job creation.

<?xml version='1.0' encoding='UTF-8'?>

<project>

<actions/>

http://calculator.s3.amazonaws.com/calc5.html


http://azure.microsoft.com/uk-ua/pricing/


EPAM PUBLIC 97

<description></description>

<keepDependencies>false</keepDependencies>

<properties/>

<scm class="hudson.scm.NullSCM"/>

<canRoam>true</canRoam>

<disabled>false</disabled>

<blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuild

ing>

<blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>

<triggers/>

<concurrentBuild>false</concurrentBuild>

<builders>

<hudson.tasks.Shell>

<command>#!/bin/bash

echo "START"

sleep 15

echo "END"</command>

</hudson.tasks.Shell>

</builders>

<publishers/>

<buildWrappers/>

</project>


EPAM PUBLIC 98

3.14 GERRIT AS A SERVICE

Gerrit is a code-review tool working together with Git version control system. Gerrit becomes an additional

stage before code commit, where the code is reviewed and analyzed. Such additional review improves

code consistency and reduces the chance of errors.

In EPAM Cloud, Gerrit is implemented as a platform service, allowing Git users to include Gerrit into their

development process by running it on a virtual machine.

For more details on Gerrit features and functions, please refer to the Official Gerrit website.


Gerrit as a Service is deployed with two virtual machines each performing the dedicated function. The main

VM hosts the Gerrit server together with three additional storage volumes:

- Git data

- Cache

- Gerrit site

Such distribution enhances the system security by safekeeping the data in case of the Gerrit server failure.

Additionally, with such configuration the system capacity and, therefore, efficiency is increased.

The second VM hosts the PostgreSQL database to which Gerrit refers.

The service can also be effectively integrated with Jenkins, if they both are run on the project.

VM 1: Gerrit VM 2: PostgreSQL

git.epam.com

SSH

VM 3: Jenkins

EPAM AD

Volume 1

Git dataGit data

Volume 2

CacheCache

Volume 3

SiteSite

SSH

Figure 62 - Gerrit Service Architecture

https://www.gerritcodereview.com/index.md


EPAM PUBLIC 99

Since September 3, 2016, Gerrit as a Service uses PostgreSQL database instead of MySQL. The previous

version is supported, however, all Gerrit instances activated before that date will not be modified

automatically. If you need to use the PostgreSQL database in your Gerrit service, you need to terminate

the existing Gerrit instance and activate a new one.


Before you activate Gerrit as a service, make sure that the following pre-requisites are met:

• There is an empty Git repository which will be served by Gerrit.

• You have an SSH key created in the same project and region where Gerrit service will be run. If no

key is available, use the or2-create-keypair command to obtain an SSH key.

The user activating Gerrit automatically becomes the Gerrit administrator to whom the SSH key is assigned.

Gerrit as a Service can only be activated in EPAM regions. AWS, Microsoft Azure and Google Cloud regions

are currently not supported.

To activate Gerrit as a Service, use the or2-manage-service (or2ms) command with the -a/--activate flag

and the -s/--service-name parameter with gerrit value:

or2ms –p project -r region -a –s gerrit –k key_name –h shape

Add the SSH key created in the previous step and use the -h option to specify the shape, if necessary. If

you send no SSH key during activation, you will have to enter it additionally to access the Gerrit UI.

When the command is called, the system prompts for the path to the Git repository to be served by Gerrit.

The Git repository is a mandatory parameter. If the or2ms command is sent with no ‘Git repository’ value,

an error message will be returned, and the service will not be activated.

Figure 63 - Gerrit service activation

For additional customization, add the --customize flag to the or2ms command.

The following parameters can be customized during service activation:

Description Type Default Value

Min Value Max Value Required

Disk size for attached volumes number 100 50 250 No

Name of general storage device* string <empty> No

Name of git replica dir device* string <empty> No

Name of cache directory device* string <empty> No


EPAM PUBLIC 100

Git repository to be served by Gerrit

string Yes

*Used only in AWS regions. Skip these options for service activation in an EPAM region.

The service, when activated, by default starts a Gerrit server VM and a VM hosting the PostgreSQL

database with the following configuration:

• Image: Ubuntu14.04 64-bit LTS

• Shape: MEDIUM

• Additional volumes: 3 volumes 100 GB each (only for the Gerrit server)

After the Gerrit service has been activated, you will receive an email containing the stack completion

confirmation and an SSH key to be used with the Git repository.

Figure 64 - Email containing SSH key

Copy this key and add it to any account that has sufficient permissions to replicate in the Git repository.

Figure 65 - Adding SSH key


EPAM PUBLIC 101

Now you can manage Gerrit via ssh:

ssh -i /home/mprod/maestro-cli/out/PROJECT/REGION/gerrit_test.pem -p

29418 firstname_lastname@ECSC********.epam.com gerrit

3.14.3 Logging in to Gerrit

Authentication to Gerrit is performed through the LDAP protocol referring to EPAM Active Directory. Use

your domain credentials (without @epam.com) to log in.

Your login (firstname_lastname) must be up to 20 characters long. If your first and last name are longer

than that, truncate your last name. The login must be entered in lowercase.

3.14.4 Web UI

Gerrit has an own Web UI where code review can be performed.

Figure 66 - Gerrit Web UI

3.14.5 Dynamic Integration with Jenkins

For additional convenience of the development process, EPAM Cloud supports dynamic integration of

Gerrit and Jenkins. Such integration allows checking builds for consistency and reports any errors detected.

To integrate Gerrit and Jenkins, activate a Jenkins service for the same project for which you have already

activated Gerrit. During its activation, it creates a special user within Gerrit. When the Jenkins service is

activated, it automatically creates its dedicated SSH key, Gerrit access settings and a Jenkins job. This job

receives data from the Git repository specified in Gerrit and writes to the Gerrit database whenever any

build errors are found.

3.14.6 Pricing

The Gerrit service usage price is defined by the price of the VM on which Gerrit is running:

The default parameters of a Gerrit server VM are:

• Shape: MEDIUM


• Additional volumes: 3 volumes 100 GB each


EPAM PUBLIC 102

The approximate monthly cost of a Gerrit server with 100% and 24/7 load is about $62.36 in EPAM-BY2

region (as of 05/12/2017).

The default parameters of a PostgreSQL database VM are:

• Shape: MEDIUM


The approximate monthly cost of a PostgreSQL database VM with 100% and 24/7 load is about $42.2 in

EPAM-BY2 region (as of 05/12/2017).

Therefore, the total price of a Gerrit service with the configuration and usage pattern described above is

$104.56 per month.

The price can vary depending on the region and the usage pattern.




EPAM PUBLIC 103

3.15 SONAR AS A SERVICE

Sonar as a Service is based on SonarQube, an open-source code quality inspection component. Together

with Jenkins and Gerrit, it forms a complete CI/CD environment.

Sonar as a Service supports SonarQube versions 5.2 and 5.6.

For more details on working with SonarQube, visit the official SonarQube website.


Command Description

or2-manage-service...-s sonar -a Activates the Sonar service in the specified project and region

or2-describe-instances… -S sonar Displays the details of VM's created during the service activation

or2-describe-services… -s sonar Describes the Sonar service activated in the specified project and region

or2-sonar-quality-profiles… -a create -n name -l language

Creates a Sonar quality profile for the specified project and region

or2-sonar-quality-profiles… -a delete -q quality_profile_key

Deletes a Sonar quality profile for the specified project and region

or2-sonar-quality-profiles… -a activate-rules -q quality_profile_key -R rule_key

Activates a Sonar rule for the specified quality profile

or2-sonar-quality-profiles… -a deactivate-rules -q quality_profile_key -R rule_key

Deactivates a Sonar rule for the specified quality profile

or2-sonar-rules... Retrieves Sonar rules from the specified repository or quality profile

Please note that Sonar as a Service is not supported in AWS and Google Cloud regions.


To activate Sonar as a Service, use the or2-manage-service (or2ms) command with the -a/--activate flag

and the -s/--service-name parameter with sonar value:

or2ms -p project -r region -a –s sonar

By default, the service starts SonarQube version 5.6. To start version 5.2, add the -v/--version parameter

to the or2ms command:

or2ms -p project -r region -a –s sonar –v 5.2

This command creates a Sonar server based on the virtual machine with the following parameters:

Image: Ubuntu14.04_64-bit

Shape: MEDIUM

During the service activation, a PostgreSQL database is installed on the same virtual machine.

http://www.sonarqube.org/


EPAM PUBLIC 104


or2ms –p project -r region -d –s sonar


As soon as the service gets activated, its data can be retrieved using the or2-describe-services (or2dser)

command.

or2dser –p project -r region –s sonar

Figure 67 – Sonar Service Info (shown in two lines for better visibility)


instances (or2din) or command with -S sonar parameter:

or2din –p project -r region –S sonar

After activating Sonar as a Service, you can set up a Sonar quality profile for your project and populate it

with rules by which the code quality will be verified.

To set up a Sonar quality profile, use the or2-sonar-quality-profiles (or2sqp) command with the -a create

option. Specify the project and region to which the quality profile is to apply, the quality profile name and

the profile language:

or2sqp -p project -r region –a create –n profile_name –l language

During a quality profile creation, a profile key is generated to be used in all further profile management

actions:

Figure 68 - Sonar quality profile creation

You can use the same command to retrieve the list of all quality profiles set for the project and region (just

send the -p project and -r region parameters) or delete a quality profile (send the -a delete parameter and

specify the key of the profile to be deleted).

To activate Sonar rules for a quality profile, use the or2-sonar-quality-profiles (or2sqp) command with

the -a activate-rules parameter. The command should contain one or several keys of the rules to be

activated:


EPAM PUBLIC 105

or2sqp -p project -r region –a activate-rules –q quality_profile_key –R

rule_key1 –R rule_key2

Figure 69 - Rules activation for Sonar quality profile

The same command with the -a deactivate-rules parameter will deactivate the rules with the specified

keys.

To retrieve the Sonar rules from a repository or a quality profile, use the or2-sonar-rules(or2sr) command.

For example, to obtain the list of Sonar rules from a repository run the command as follows:

or2sr -p project -r region –R repository –n page_number

Figure 70 - Sonar rules retrieval from repository

To retrieve Sonar rules from a quality profile, send the -q quality_profile_key parameter instead of -R

repository.

3.15.3 Web UI

Once the Sonar service has been activated, you can access its Web UI. The URL, login and password can

be found in the response to the or2dser command. The password is generated dynamically for each Sonar

instance.

Figure 71 - Sonar Web UI credentials

In addition, Sonar supports integration with Active Directory with users added to static groups where the

permissions are applied to the entire group. Groups are to be created and configured according to the

Group Mapping rules.

Use these credentials to login to the SonarQube Web UI.

http://docs.sonarqube.org/display/PLUG/LDAP+Plugin#LDAPPlugin-GroupMapping


EPAM PUBLIC 106

Figure 72 – SonarQube Web UI

3.15.4 Pricing

The service usage price is defined by the price of the VMs created during the Sonar service activation.

Each Sonar server has the following configuration:


• Shape: MEDIUM

Therefore, the approximate monthly cost of an instance of 100% and 24/7 load is about $42.2 in EPAM-

BY2 region (as of 05/12/2017). The price can vary depending on the region and the usage pattern.




EPAM PUBLIC 107

3.16 ARTIFACTORY AS A SERVICE

An artifact repository is one of the important components of the CI/CD flow storing artifact collections and

metadata. Artifactory as a Service is a cloud-based platform service which, together with Jenkins, Gerrit

and SonarQube, forms a consistent CI/CD environment.

Artifactory as a Service is based on Artifactory version 4.15.0.

For more details on working with Artifactory, visit the official Artifactory website.


Command Description

or2-manage-service...-s artifactory -a Activates the Artifactory service in the specified project and region

or2-describe-instances… -S artifactory Displays the details of VMs created during the service activation

or2-describe-services… -s artifactory Describes the Artifactory service activated in the specified project and region



To activate Artifactory as a Service, use the or2-manage-service (or2ms) command with the -a/--activate

flag and the -s/--service-name parameter with artifactory value:

or2ms -p project -r region -a –s artifactory

After the command is sent, the system requests an admin password. The password created by the user

starting the service is then used to access the Artifactory server. This is an additional security measure

protecting the repositories in the storage.

This command creates an Artifactory server based on the virtual machine with the following parameters:

Image: CentOS7_64-bit

Shape: MEDIUM

Additional storage: 300 GB

All artifacts are stored on the additional disk. No root disk space is used for artifact storage which

guarantees reliable performance and availability.


or2ms –p project -r region -d –s artifactory


As soon as the service is activated, its data can be retrieved using the or2-describe-services (or2dser)

command.

https://www.jfrog.com/artifactory/


EPAM PUBLIC 108

or2dser –p project -r region –s artifactory

Figure 73 – Artifactory Service Info (shown in two lines for better visibility)


instances (or2din) or command with -S artifactory parameter:

or2din –p project -r region –S artifactory

3.16.3 Web UI

Once the Artifactory service has been activated, you can access its Web UI. Use the URL returned in the

response to the or2ser command and log in under the username "admin" and the password specified at

service activation. After you have logged in as administrator, you can create accounts for other service

users.

Figure 74 – Artifactory Web UI

3.16.4 Pricing

The service usage price is defined by the price of the VMs created during the Sonar service activation.

Each Sonar server has the following configuration:


• Shape: MEDIUM

• Additional storage: 300 GB






EPAM PUBLIC 109

3.17 ADOBE AEM AS A SERVICE (AEM)

Adobe AEM service can provide your project with a web content management system, equipped with a

wide range of powerful tools.

The service is available only in EPAM and AWS regions.

The service, when activated, includes a number of VMs with installed Adobe AEM (versions 6.0, 6.1 and

6.2 are supported), and gives users the following facilities:

• websites development;

• websites authoring and management;

• environments administering in order to ensure that the configuration fits project requirements;

• defining and managing workflows for different tasks, including content creation and management;

• digital assets repository management;

• social community tools setup, and others.

An AEM cluster represents a set of AEM instances: single author instance and publish instances as many

as needed for project. Replication is configured from author instance to all publish instances within the

cluster. In addition, there is one dispatcher above author instance (hosted on it), needed for caching pages.

EPAM Orchestrator supports two technologies of creating AEM clusters and deploying AEM as a Service

– AEM Basic and AEM PaaS Mode.

In AEM Basic, the cluster is formed by creating an author instance with a dispatcher and a number of

publish instances with one dispatcher above all publish instances (hosted on the first one) acting as a load

balancer.

The generalized diagram of the elements interrelation is shown on the figure below:

VM2 - Publish

VM3 - Publish

VM4 - Publish

Dispatch

Author

Dispatch

VM1

Figure 75 - Adobe AEM Service Diagram

In AEM PaaS Mode you also create a cluster of author and publish instances, however, the technology of

its creation is different. Each instance, both author and publish, is created with its own dispatcher.


EPAM PUBLIC 110

Replication is configured from author instance to all publish instances within the cluster. In addition, there

is one dispatcher above author instance (hosted on it), needed for caching pages.

The diagram of an AEM cluster created in the AEM PaaS Mode is shown on the figure below:

Author

Publish

Publish

Publish

Dispatch

Dispatch

Dispatch

Dispatch

VM1

VM2

VM3

VM4

Replication

Figure 76 - Adobe AEM Service Diagram

AEM as a Service is delivered in cooperation with Content Management Competency Center, who are

responsible for the application initial settings and performance. In case you encounter any issues with the

service usage, please address the Competency Content Service Desk.

3.17.1 AEM Basic


Command Description

or2-manage-service ... -s aem -a -c cluster-name

Used to create a new cluster in the specified project and region

or2-manage-aem (or2aem) Used to create a new cluster and perform environment manipulations


There are two ways to activate the service:

• By calling the or2-manage-service Maestro CLI command:

or2ms -s aem --activate -p project -r region -h shape -c cluster_name

where --shape is an optional parameter specifying the shape of the author instance (MEDIUM is

the default and the smallest possible one).

• By calling the or2-manage-aem (or2aem) command with the activate-cluster action:

or2aem –p project -r region -s shape --action activate-cluster –c

cluster_name



EPAM PUBLIC 111

Both commands, when called, initiate the running of an author instance, used to create and manage content

and to administer a website. By default, this is s MEDIUM CentOS6_64-bit instance. You can change the

shape by using the optional --shape parameter, but the shape should not be smaller than MEDIUM.

The cluster name should be unique for a project within a region.

The admin password is specific for each AEM instance, and can be seen in the --full output of cluster or

publish instance creation command, or the or2aem command with the describe action:

or2aem -p project -r region -a describe

EPAM Orchestrator supports two versions of AEM – 6.0 and 6.1. The 6.0 version is the default one and is

activated when the version is not specified explicitly. To activate AEM version 6.1, use the or2aem or

or2ms command with the –v/--version parameter:

or2aem –p project –r region –s shape –a action –v version

AEM Service is activated by a Maestro Stack execution which refers to the default parameter values.

However, when the AEM service is activated by means of the or2-manage-services (or2ms) command,

the service configuration can be customized. For that purpose, run the or2ms command with the --

customize option:

or2ms -s aem --activate -p project -r region -h shape -c cluster_name --

customize

With customization enabled, the stack execution allows modifying the default parameter values. The

following parameters can be customized during service activation:

Description Type Default Value Min Value Max Value Required

AEM Minimum Heap Size number 128 128 256 No

AEM Maximum Heap Size number 2048 2048 4096 No

AEM PermGen Size number 512 512 1024 No

Java version* string 7 No

AEM version* string 6.0 No

AEM license URL string <empty> No

Install Dispatcher ** string <empty> No

*Currently, changes to these parameters will have no effect on service activation

**Only for aem-publish instances

Parameter customization is not required for proper service activation. Use the --customize option to

adapt the service settings to suit your project requirements.

After the command is executed, the system prompts for parameter values one by one showing the default

ones, as well. You can specify a custom value when necessary or skip a parameter to keep the default

setting.


EPAM PUBLIC 112


Once you have created an Adobe AEM author instance, you can work with the publish instances:

• To get information about the AEM service in your project, use the or2-manage-aem (or2aem)

command with the describe action:

or2aem -p project -r region -a describe

The command response provides service elements details including login URLs and user

name/passwords for each element of the cluster.

• To create a new publish instance, run the or2-manage-aem (or2aem) command with the attach-

publish action:

or2aem -p project -r region -s shape -a attach-publish –c cluster_name

If you need to activate a publish instance at once, without waiting for the author to become

available, use the --force option. As far as there can be several AEM clusters within your project

in one zone, the parameter --c (--cluster-name) becomes mandatory for such action. Shape

requirements for publish instance are the same as those for the author.

• To detach an existing publish instance and terminate it, use the or2-manage-aem (or2aem)

command with the detach-publish action:

or2aem -p project -r region -a detach-publish –i instance_id

You can also use the --service-id parameter instead of --instance.

• To deactivate an AEM cluster, use the or2-manage-aem (or2aem) command with the deactivate-

cluster action:

or2aem -p project -r region -a deactivate-cluster -c cluster_name

To deactivate a cluster, you need to detach all relative publish instances from it first.

3.17.1.3 Web UI

The service provides UIs for both author and publish instances.

The URLs and login/passwords are given in the or2aem -a describe command response:

Figure 77 - Cluster connection details

Use these credentials to login to the necessary instances’ UI:


EPAM PUBLIC 113

Figure 78 - AEM Author Login Page

3.17.2 AEM PaaS Mode


Command Description

or2-manage-service ... -s aem-author-paas -a --customize

Starts an AEM author instance in the specified project and region

or2-manage-service ... -s aem-publish-paas -a --customize

Starts an AEM publish instance in the specified project and region


To activate the AEM as a Service in PaaS Mode, use the or2-manage-service Maestro CLI command

specifying aem-author-paas as the -s/--service-name parameter value:

or2ms -s aem-author-paas --activate -p project -r region --customize

This command will start an AEM author instance and creates an AEM environment.

Please note that the command will require inputting the environment name when run.

To start an AEM publish instance and add it to the environment, use the same command with aem-publish-

paas as the -s/--service-name value:

or2ms -s aem-publish-paas --activate -p project -r region --customize

By default, both types of instances will be started as MEDIUM CentOS6_64-bit virtual machines. You can

change the shape by using the optional --shape parameter, but the shape should not be smaller than

MEDIUM.


EPAM PUBLIC 114

AEM PaaS Mode (both author and publish instances) is activated by a Maestro Stack execution which

requires certain custom parameters to be specified. For that purpose, the or2ms command has to include

the --customize option:

or2ms aem-author-paas --activate -p project -r region --customize

With customization enabled, the stack execution requests custom parameter values during execution. The

following parameters can be customized during service activation:

Description Type Default Value Required

AEM version string 6.2 No

Environment string <empty> Yes

AEM instance port number 4502 No

AEM dispatcher apache version string 2.4 No

After the command is executed, the system prompts for parameter values one by one showing the default

ones, as well. You can specify a custom value when necessary or skip a parameter to keep the default

setting. AEM PaaS Mode supports AEM versions 6.0, 6.1 and 6.2 which you can select by entering the

value in the AEM version line. The default version is 6.2.

Only the ‘Environment’ parameter is mandatory for AEM PaaS Mode activation. ‘Environment’ defines the

name of the environment in which AEM as a Service in PaaS Mode will be used and links author and

publish instances to each other. Specify a unique environment name and make sure that the same name

is used for author and publish instances.

Figure 79 - AEM PaaS Mode activation


When the AEM PaaS Mode has been activated, you can retrieve its details with the or2-describe-services

command:


EPAM PUBLIC 115

Figure 80 - AEM PaaS Mode description (shown in two lines for better visibility)

To deactivate AEM PaaS Mode, you have to deactivate all service instances one by one. Use the or2ms

command with the --deactivate option:

or2ms aem-author-paas --deactivate -p project -r region -i instance_id

3.17.2.3 Web UI

The service provides UIs for both author and publish instances.

The URLs are provided in the or2dser command response:

Figure 81 - Cluster connection details

Use the admin/admin credentials to login to the necessary instance UI.

Figure 82 - AEM Author Login Page


EPAM PUBLIC 116

3.17.3 Pricing

The service usage price is defined by the price of the VMs engaged in each cluster.

The default parameters of an AEM instance are:

• Shape: MEDIUM

• Image: CentOS6_64-bit

One cluster needs at least two instances – an author and a publish one.

Therefore, the approximate monthly cost of a cluster case of 100% and 24/7 load is about $84.4 in EPAM-

BY2 region (as to 05/12/2017). The price can vary depending on the region.




EPAM PUBLIC 117

3.18 SITECORE AS A SERVICE

Sitecore is a convenient and reliable platform for website content management and application

development based on the customer experience management approach. Sitecore is a comprehensive

marketing and CMS solution offering advanced tools for website editing, monitoring and organization. The

service is based on Microsoft .NET which allows taking advantage of all features and functionality supported

by this development platform.

EPAM Cloud offers Sitecore as a Service in the form of a virtual Sitecore server.

In the current implementation EPAM Cloud supports Sitecore.NET 8.1 (rev. 160302) version.

For more information on Sitecore and its features please visit the Official Sitecore Website.



In EPAM Cloud, Sitecore as a Service is supported in two deployment modes – Sitecore Single and Sitecore

Large:

• Single Mode – one Windows Server 2012 R2 virtual machine is launched. This VM acts as the

Sitecore server and also hosts the MS SQL relational database management system and the

MongoDB database

• Large Mode – five VMs are launched, each performing its dedicated function:

1. Sitecore Server + MongoDB

2. MS SQL

3. Jenkins Master

4. Jenkins Slave

5. Load Balancer

Auto-configuration is performed by a combination of Chef service and Windows Powershell DSC, a native

Microsoft application and environment configuration tool. Such combination ensures the required

consistency and reliability of auto-configuration processes.

3.18.2 Single Mode


Sitecore in the Single Mode is activated via the Maestro CLI by means of the or2-manage-service (or2ms)

command with the -a/--activate flag and the -s/--service-name parameter with sitecore-single value:

or2ms –p project -r region -a –s sitecore-single

When you input the command, the command line will prompt for additional parameters:

• SSH key – the name of an SSH key existing in the target region. Skip to use no key

• Shape – skip to use LARGE as the default shape

http://www.sitecore.net/


EPAM PUBLIC 118

The service, when activated, by default starts a Sitecore server VM with the following configuration:

• Image: Windows Server 2012 R2

• Shape: LARGE (also, the MEDIUM shape is available)

Sitecore service activation takes approximately 1 hour. You can be sure that the service has been properly

deployed and configured when the auto-configuration is complete (autoConfigurationState = SUCCESS).

You can start more than one Sitecore server for the same project and region.

To stop the service, use the or2-manage-service (or2ms) command with the --deactivate and -i

instance_id parameters.

Figure 83 - Sitecore service activation

3.18.2.2 Sitecore Info

To view the list of the existing Sitecore instances and their parameters, run the or2-describe-services

(or2dser) command specifying your project and region:


Figure 84 - List of Sitecore instances

3.18.2.3 Web UI

Sitecore has an own Web UI available on the VM with the Sitecore service activated.


EPAM PUBLIC 119

Figure 85 - Sitecore Web UI

To access Sitecore Web UI, use the instance name of the VM on which Sitecore is running to create the

URL as follows: http://ecs********.epam.com:8080, where ecs******** stands for the instance name.

The first access to Sitecore Web UI is performed with the default credentials which should be changed.

3.18.3 Large Mode


To activate Sitecore Large, use the or2-manage-service (or2ms) command. The value of the -s/--service-

name parameter depends on the role of virtual machine started by the command:

or2ms –p project -r region -a –s sitecore-dev-paas -v 8.1 –c cluster_name

This command starts two VMs – a Sitecore server also containing MongoDB and a VM with MS SQL

installed. This is the minimum configuration for Sitecore service to function properly.

or2ms –p project -r region -a –s sitecore-ci-paas –v 8.1 –c cluster_name

This command creates two VMs – Jenkins Master and Jenkins Slave to provide CI/CD and adds them to

the Sitecore cluster.

or2ms –p project -r region -a –s sitecore-lb-paas –v 8.1 –c cluster_name --

customize

This command starts a VM serving as the Load Balancer. This VM may be required for clusters involving

several VMs.

Four VMs started under the Sitecore Large service (all except the VM hosting the Load Balancer) have the

following configuration:

• Image: W2012R2Std

http://ecs********.epam.com:8080/


EPAM PUBLIC 120

• Shape: MEDIUM

The virtual machine serving as the Load Balancer has the following configuration:


• Shape: SMALL

The command activating the Load Balancer requires custom parameters to be specified. For that purpose,

the or2ms command has to include the --customize option:

or2ms –s sitecore-lb-paas --activate -p project -r region –v 8.1 –c

cluster_name --customize

The following parameters are to be specified during the activation of Sitecore-LB:

Description Type Default Value Required

Stack ID string sitecore_stack_dev Yes

Environment string DEV Yes

The ‘Environment’ and ‘Stack ID’ parameters are mandatory for Sitecore-LB activation. They define how

the Sitecore cluster components will be linked. The values must be the same as those used in the

Sitecore-DEV service. To find the values, use the or2-describe-instance-properteis (or2getp) command

and specify the Sitecore server instance ID.

Figure 86 - Sitecore-LB activation

You can start more than one Sitecore server for the same project and region.

To stop the service, use the or2-manage-service (or2ms) command with the --deactivate and -i

instance_id parameters. You have to deactivate all three components of the service.

3.18.3.2 Sitecore Info

To view the list of the existing Sitecore Large instances and their parameters, run the or2-describe-

services (or2dser) command specifying your project and region:



EPAM PUBLIC 121

Figure 87 - Sitecore Info (shown in two lines for better visibility)

To retrieve the list of all instances started under the Sitecore Large service, use the or2-describe-

instances (or2din) command:

or2din -p project -r region

Figure 88 - Sitecore instances info (shown in two lines for better visibility)

If you use the or2din command with the -S sitecore-dev[ci, lb]-paas parameter, the command will not

return all VMs started by the corresponding Maestro Stack. To retrieve data on all Sitecore-related VMs,

use the or2din command without specifying the -S parameter or use the or2-describe-maestro-stack-

resources (or2dmsr) command specifying the ID of the corresponding Maestro Stack.

3.18.3.3 Logging In

Access to each of the services started under the Sitecore Large service is performed via the URL provided

in the response to the or2dser command:


EPAM PUBLIC 122

Figure 89 - Sitecore WebUI URLs

3.18.3.4 Pricing

The Sitecore service usage price is defined by the price of the VM on which Sitecore is running:

Four VMs started under the Sitecore Large service (all except the VM hosting the Load Balancer) have the

following configuration:

• Image: W2012R2Std

• Shape: MEDIUM

The virtual machine serving as the Load Balancer has the following configuration:


• Shape: SMALL

Therefore, the approximate monthly cost of a Sitecore cluster of 100% and 24/7 load is about $219.8 in

EPAM-BY2 region (as of 05/12/2017). The price can vary depending on the region and the usage pattern.




EPAM PUBLIC 123

3.19 RELATIONAL DATABASE SERVICE (RDB)

The Relational Database (RDB) service automatically creates a database entity for your project. It is

possible to create several entities within one project/region.

The service is available only in EPAM regions. Still, it is similar to AWS RDS service, and the set of the

databases provided by the two platforms, is similar. The table below provides the list of databases

supported by EPAM orchestrator, and their versions:

Database PostgreSQL MySQL MariaDB Oracle MS SQL Server

Version 9.3 5.5 5.5 11.2.0 2012 (64-bit) 2014 (64-bit)

Host VM Shape

MEDIUM MEDIUM MEDIUM MEDIUM MEDIUM (for 2012)

Host VM Image

Ubuntu14.04 64-bit

Ubuntu14.04 64-bit

Ubuntu14.04 64-bit

OracleLinux7 64-bit

W2012R2Std (for 2012)

Below, you can see the command which is most responsible for the service manipulations:

Command Description

or2-manage-rdb --action [describe, install, remove] starts the service in the specified project and region

The service is not available in Google Cloud regions.

3.19.1 Service Activation and Manipulations

The service is manipulated with the or2-manage-rdb (or2rdb) command with different --action/-a

parameter values (describe, install, remove).

All you have to do to start the service in the default configuration is run the command with the following

parameters:

or2rdb -p project -r region -a install -t type [-n db_name] -u db_username

[-pwd db_password] [-d description] [-f file_path]

Where:

• -a install – obligatory parameter; the action parameter specifying that a new database instance

should be created

• -t type – obligatory parameter; the type of the database to be installed (mysql, postgresql, mmsql,

oracle, mariadb)

• -u db_username – obligatory parameter; the username that will be used to login to the created

database

• -n db_name – optional parameter; the name of the database to be created; if not specified, will be

generated automatically

• -pwd db_password – optional parameter; the password to be used to login to the created

database. If not specified, a random password will be generated.

• -d description – optional parameter; the description of the new database.


EPAM PUBLIC 124

• -f file_path – the parameter specifying the path to the initialization script used for database

configuration.

When the command is launched, Orchestrator runs a respective VM, attaches three 100GB volumes to it,

installs the necessary database and applies all the settings.

An extended system disk can be used instead of attaching three additional 100GB storages for MS SQL

and MySQL databases. The allowed system disk sizes are 100, 200, 300, and 500 GB. To use this option,

add the --use-sys-disk-size parameter to the or2-manage-rdb (or2rdb) command at the service start:

or2rdb -p project -r region -a install -t type [-n db_name] -u db_username

[-pwd db_password] [-d description] [-f file_path] --use-sys-disk-size 200

To deactivate the RDB service, run the same or2rdb command with the -a remove option. This command

deactivates the service and terminates the virtual machine created for it:

or2rdb -p project -r region -a remove -S service_id

3.19.2 Login to the DB

When the configuration is over, you can login to your instance and start using the database with the

credentials specified/generated during the service start.

Please note, that if you run the service with MSSQL, you have admin access to the whole MSSQL instance

and can login to it using your domain credentials.

3.19.3 Pricing

The service usage price is defined by the price of the DB VM and all the attached storages.

The default parameters of the instance are DB:

• Shape: MEDIUM


• Additional Storages: 3x100GB

Therefore, the approximate monthly cost of one RDB instance in case of 100% and 24/7 load is about

$62.36 in EPAM-BY2 region (as to 05/12/2017). The price can vary depending on the region and database

used.


To estimate the price of the AWS-based infrastructure you plan to create, you can use the AWS Simple

Monthly Calculator.

3.19.4 MS SQL with Guaranteed Capacities

In addition to databases hosted on virtual machines, EPAM Cloud offers the option of creating MS SQL

instances on hardware servers. This way, the capacity of the database is always guaranteed, which may





EPAM PUBLIC 125

be one of the critical factors of its reliable performance. In addition, MS SQL instance deployment on a

hardware server is faster and easier.

The hardware servers used for database hosting are specially configured for this purpose and have

independent disk subsystems. EPAM Cloud supports guaranteed capacities for MS SQL 2014 instances

which, when requested via the Orchestrator, will be deployed on a dedicated hardware DBMS server.

To order an MS SQL 2014 instance with guaranteed capacities, run the or2-manage-rdb (or2rdb)

command with the following parameters:

or2rdb –p project -r EPAM-BY1 –a install –v 2014 –s 50 –t mssql

Where:

• -r EPAM-BY1 – the virtualization region. The service is available only in EPAM-BY1

• -v 2014 – version number. Specify 2014 to order a MS SQL 2014 instance with guaranteed

capacity. If other version is specified, the standard VM-based service will be launched

• -s 50 – database disk quota limit, in GB. Allowed values: 50, 100, 150. If not specified, the storage

size will be set to 100.

The default maximum memory size used for one database instance is 4GB and currently cannot be

changed.

When ordering an MS SQL 2014 instance, you do not have to specify user name and password. Instance

users have dbcreator rights and can access database by using their domain credentials.

If you do not want to use your domain credentials (Windows authorization), you can use the login and

password generated during the service activation (use SQL authorization).

The instance connection information can be found in or2-manage-rdb (or2rdb) command with -a describe

parameter:

or2rdb -p project -r region -a describe

Please note that the service has a specific billing approach. Typically, platform services in EPAM Cloud are

billed according to the price of resources needed to run these servers.

As MS SQL 2014 database instances are based on hardware, their pricing policy differs. Their billing directly

depends on the used storage volume, as it is calculated according to the following scheme:

DB Storage Volume Creation Fee (one-time) Monthly Price

50 GB

$10

$50

100 GB $62

150 GB $74

3.19.5 Database Comparison

When Cloud users get to using the RDB service, they face the issue of selecting a database that would

meet their needs the best way. Thus, there is a number of standard questions that are frequently asked.

The answers to these questions can be a good basis for database choice.


EPAM PUBLIC 126

• What is security level of solution?

Each solution can handle SSL connections, provide wide range of authentication methods but not

every have small amount of CVEs. From this point of view, MongoDB and MariaDB win, but if we

consider authentication methods PostgreSQL will be at the top.

• Is it fast and scalable enough?

Differences are not significant. Postgres 9.4 is faster than MongoDB, MariaSQL should be faster

than PostgreSQL in read operations. When we consider scalability, MongoDB should win.

• Does it have good usability and ability to development?

MongoDB has the best support in node.js: plenty of libraries, ORMs and information across the

Internet. When we consider power of engine the winner will be PostgreSQL (JSON support,

plPgSQL, various data types and many more).

Below, you can find the comparison of strong and weak points of each database supported by the RDB

service.

Database Pros Cons

MariaDB - Natural relations between tables (JOINs) - Complex multi-row transactions - Various performance enhancements - Consistency - Dynamic columns (columns in columns) - Connection through SSL - Additional authentication mechanisms

supported: pluggable authentication, LDAP - Replication (also with master-master) - Node.js ORM: Sequelize

- Stiff scheme (bad flexibility) according to non-relational DBs

- Uncertain future (developed mainly by a small company)

- Possible SQL Injections (according to noSQL databases)

- No. of related CVEs (Common Vulnerabilities and Exposures): 15 (last 04/16/2015)

MongoDB - Data representation achieved by JSON document (more natural way of storing data according to node.js)

- Single operations are atomic - Schema is dynamic (allows extends objects

inside scheme e.g. user/admin/guest) - Performance (also with when we use ORM) - Simplified app development and mapping

to OOP languages - No. of related CVEs (Common

Vulnerabilities and Exposures): 3 (last 12/25/2014)

- Replication (replica set) – slave becomes master if primary save goes down

- Connection through SSL - Additional authentication mechanisms:

LDAP, AD, Kerberos - Supports sharding (more machines to

support data growth and demands of read and write operations)

- Node.js ORM: mongoose

- Lack of relations however we can deal with it in a quite smart way (e.g. https://docs.mongodb.org/manual/tutorial/model-referenced-one-t o-many-relationships-between-documents/ )

- No transactions


EPAM PUBLIC 127

PostgreSQL - Natural relations between tables - Better JOINs (according to MariaDB) - Complex multi-row transactions - Consistency (data integrity) - Better JSON support (JSONB support since

9.4 version) - Handy PlPgSQL language - Connection through SSL - Additional authentication mechanisms:

LDAP, AD, Kerberos, RADIUS, PAM and many more

- Node.js ORM: Sequelize




MySQL - Easy to use (although node.js support is rather poor)

- Natural relations between tables (JOINs) - Complex multi-row transactions - Connection through SSL - Additional authentication mechanisms:

Windows Native Authentication - Replication (only master-save) - Node.js ORM: Sequelize

- Performance (slower than MariaDB, doesn’t scale well)

- Slow security releases (Oracle security releases are making every 3 months, MySQL releases every 2 months)

- Stability - Functionality dependent on

addons - Owned by corporation instead

of community (sort of open-source - commercial license; we can say that MySQL is a thorn in Oracle’s

- side, because MySQL is a competition to its products)





EPAM PUBLIC 128

3.20 HYBRIS AS A SERVICE

Hybris is one of the world top commerce software platforms, which includes omni-channel commerce,

product information management, order management solutions, as well as remarketing tools and powerful

product search and promotion facilities (for more details, please refer to Hybris info page).

The Hybris platform is extensively used by the EPAM e-commerce team, for which purpose Orchestrator

offers an own solution of accessing Hybris with the Orchestrator tools. Currently, Hybris as a Service

supports Hybris version 6.2.

Hybris as a Service is based on materials provided by Hybris Competency Center, who are responsible for

the application initial settings and performance. In case you encounter any issues with the service usage,

please address the Hybris CC team.


Command Description

or2-manage-service...-s hybris -a Activates the Hybris service in the specified project and region

or2-describe-instances… -S hybris Displays the details of VM's created during the service activation

or2-describe-services… -s hybris Describes the Hybris services activated in the specified project and region



Hybris service can be provided in three configurations:

• SMALL, in which one CentOS7_64-bit LARGE machine with Hybris, MySQL and Apache Solr is

launched

• MEDIUM, in which three virtual machines are created with the following components:

o Hybris (CentOS7_64-bit, LARGE)

o MySQL (CentOS7_64-bit, MEDIUM)

o Apache Solr (CentOS7_64-bit, MEDIUM)

Figure 90 - Hybris MEDIUM configuration

• LARGE, in which six or more virtual machines are created. You can specify the number of Hybris

nodes required for your project during the service activation. In the minimum configuration, the

following VMs are started:

https://www.hybris.com/en/commerce



EPAM PUBLIC 129

o Apache Web Server (CentOS7_64-bit, MEDIUM)

o 2 Hybris nodes (CentOS7_64-bit, LARGE)

o Apache Solr Master (CentOS7_64-bit, MEDIUM)

o Apache Solr Slave (CentOS7_64-bit, MEDIUM)

o MySQL with NFS (CentOS7_64-bit, MEDIUM)

Figure 91 - Hybris LARGE configuration

All nodes are gathered in one cluster and communicate with each other.

3.20.2 Service Activation and Manipulation

To activate Hybris as a Service, use the or2-manage-service (or2ms) command with the -a/--activate flag

and the -s/--service-name parameter with hybris value:

or2ms –p project -r region -a –s hybris

Optionally, you can add the -h/--shape parameter to the or2ms command to start all instances in the

MEDIUM or LARGE configuration with the same shape. The minimum available value of the -h/--shape

parameter is LARGE.

After the or2ms command execution, you will be prompted to enter custom parameters:

- Configuration (SMALL, MEDIUM or LARGE)

- Whether to install SPARK – a demo Hybris application. If you skip this parameter, only the Hybris

administrator console will be deployed

- Number of Hybris nodes to create (the minimum number is 2, the maximum is 10)

Figure 92 - Hybris activation


EPAM PUBLIC 130

3.20.3 Hybris Info

After the service has been activated, you can find its details in the response to the or2dser command. The

details of all VMs started during the service activation will be available in the response to the or2din

command with the -S hybris parameter.

or2din –p project -r region –S hybris

Figure 93 - List of Hybris instances

3.20.4 Logging in to Service Nodes

To log in to a Hybris node, use its DNS and the appropriate port. The ports are listed in the table below:

Node Port

Apache Web server/Load balancer -

Hybris node (administrator console) :9001, :9002

Hybris node (backoffice) :9002/backoffice/

MySQL Server :3306

Solr node :8983

If you have not installed the demo Spark application during service activation, you will be able to access

the Hybris admin page only:

Figure 94 - Hybris administration console


EPAM PUBLIC 131

If the Spark application has been installed, you can access it from the Apache Web server and any of the

Hybris nodes. In this case, use the following ports:

Node Port

Apache Web server/Load balancer -/sparkstorefront/

Hybris node :9002/sparkstorefront/

Figure 95 - Spark demo application

3.20.5 Pricing

The service price depends on the price of the VMs included to one service instance.

For example, the approximate price of Hybris service in the MEDIUM configuration in EPAM-BY1 region

will be the price for two MEDIUM Linux VMs and one LARGE Linux VM, which is $141.6 per month (as of

05/12/2017; the calculations are based on 24/7 usage).

The price can vary depending on the region and the usage pattern.


3.21 MAGENTO AS A SERVICE

Magento is an open-source e-commerce platform allowing to quickly build unique shopping websites both

for the B2B and B2C industries. Now Magento is available for EPAM developers as a Cloud service based

on Magento 2.0.

For more details on Magento platform, visit the official Magento website.


Command Description

or2-manage-service...-s magento -a Activates the Magento service in the specified project and region

or2-describe-instances… -S magento Displays the details of VM's created during the service activation

or2-describe-services –s magento Describes the Magento service activated in the specified project and region


https://magento.com/


EPAM PUBLIC 132



To activate Magento as a Service, use the or2-manage-service (or2ms) command with the -a/--activate

flag and the -s/--service-name parameter with magento value:

or2ms –p project -r region -a –s magento


or2ms –p project -r region -d –s magento



command.

or2dser –p project -r region –s magento

Figure 96 – Magento Service Info (shown in two lines for better visibility)


instances (or2din) or command with -S magento parameter:

or2din –p project -r region –S magento

3.21.3 Web UI

Once the Magento service has been activated, you can access its Web UI. The URL, login and password

can be found in the response to the or2dser command.

Figure 97 - Magento Web UI credentials

Use these credentials to login to the Magento Web UI.


EPAM PUBLIC 133

Figure 98 - Magento UI

3.21.4 Pricing

The service usage price is defined by the price of the VMs created during the Magento service activation.

Each Magento server has the following configuration:

• Image: CentOS7

• Shape: MEDIUM






EPAM PUBLIC 134

3.22 ATG AS A SERVICE

Oracle ATG Web Commerce is an e-commerce platform widely used for creating and administering

commerce websites and managing their content.

With ATG Web Commerce, you receive unique flexibility of a multi-channel tool and the advantages of a

personalization engine.

For more details, visit the official Oracle ATG Web Commerce website.

In the current implementation EPAM Cloud supports ATG 11.2 version.


Command Description

or2-manage-service...-s atg-small -a Activates the ATG service in the specified project and region

or2-describe-instances… -S atg-small Displays the details of VM's created during the service activation

or2-describe-services… -s atg-small Describes the ATG service activated in the specified project and region

The service is not available in Google Cloud regions.


When the service is activated, it starts two virtual machines each serving its dedicated purpose:

1. ATG server also containing an Endeca full-text search engine together with Experience Manager,

a JBoss application server (JBoss 6.1), Java 1.7

2. Oracle database server

To ensure correct performance, start a separate Jenkins Service. The integration between ATG and Jenkins

is established automatically. The Jenkins server creates ATG-related jobs and this way, a fully-functional

environment is deployed.

http://www.oracle.com/us/products/applications/atg/web-commerce/index.html


EPAM PUBLIC 135

VM 2: OracleDB

VM 3: Jenkins

VM 1: ATG

Figure 99 - ATG as a Service architecture

ATG as a Service, when started, deploys Oracle Commerce applications - Commerce Store Accelerator

and Commerce Reference Store. To deploy either of these applications, you only need to select the

corresponding Jenkins jobs.


To activate ATG as a Service, use the or2-manage-service (or2ms) command with the -a/--activate flag

and the -s/--service-name parameter with atg-small value:

or2ms –p project -r region -a –s atg-small

Both virtual machines started under the ATG Service have the following default configuration:


• Shape: MEDIUM



command.

Figure 100 – ATG service info


instances (or2din) command with -S atg-small parameter:

or2din –p project -r region –S atg-small

http://docs.oracle.com/cd/E55783_02/CRS.11-2/CSAInstall/html/s0101introduction01.html

http://docs.oracle.com/cd/E55783_02/CRS.11-2/index.html


EPAM PUBLIC 136

Figure 101 - ATG instance details

3.22.4 Service Configuration

For the ATG environment to work, create the Jenkins jobs which will compile, build and deploy the ATG

application on the virtual machine which is to function as the ATG server. Additionally, create Jenkins jobs

to start and stop JBoss on the same virtual machine.

Currently, ATG as a Service contains the components prepared for installing any ATG application. Install

and configure the application components according to your requirements.

Activation of ATG as a Service includes start-up scripts for Oracle DB instances and Endeca service.

However, for JBoss you need to create your own start-up script or use the appropriate Jenkins job.

3.22.5 Logging In

When activated, ATG as a Service provides the user with access to the ATG server and Oracle DB server

by connecting directly to the virtual machines started for the respective service.

To access the Jenkins Master, follow the instructions in the Jenkins Service description.

3.22.6 Pricing

The service usage price is defined by the price of the virtual machines created during the ATG service

activation. Each ATG VM has the following configuration:


• Shape: MEDIUM

Therefore, the approximate monthly cost of two instances used in ATG as a Service with 100% and 24/7

load is about $84.4 in EPAM-BY2 region (as of 05/12/2017). The price can vary depending on the region

and the usage pattern.




EPAM PUBLIC 137

3.23 MESSAGING SERVICE (MES)

The Messaging Service allows to set up a RabbitMQ server (v.3.1.5) for message exchange. The service

is similar to Amazon SQS and is available in EPAM regions only.


Command Description

or2-manage-queues (or2mq) Used to create and manage existing Rabbit queues

or2-manage-messages (or2mm) Used to send, receive, and delete Rabbit messages

3.23.1 Service Tokens

EPAM Private Cloud provides a special entry point in the Messaging service that may be used for

communication between AWS SDK and the service.

Please note that when working with the Messaging Service, Maestro CLI addresses the service API directly,

omitting Orchestrator.

USER

RabbitMQMaestro CLI

AWS SDK

Maestro API

AWS API

EPAM Orchestration

Messaging Service

Figure 102 - Messaging service performance scheme

In both cases, to use the service, you need to create a token that will be used to reach the RabbitMQ

server. The token is created by the or2-manage-service (or2ms) command with the --init-entry-point

flag:

or2ms –p project –r region –s messaging --init-entry-point

For each project-region combination, there should be a special token created. The token is stored in the

default.properties file, and has the following structure:

messaging.demopro.demoreg.access=http://service_VM_DNS:5673#token

3.23.2 Service Activation and Manipulations

The typical flow of the service usage, with respective commands, is:

• Activate the service using the or2ms command with -a -s messaging parameters:

or2ms –p project –r region –s messaging –-activate

On the service activation, Orchestrator launches a MEDIUM Ubuntu14.04_64-bit VM with

RabbitMQ server on it.

A project can have only one Messaging service in each region.

http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/Welcome.html


EPAM PUBLIC 138

• Create a new queue with the or2-manage-queues (or2mq) command:

or2mq –p project –r region –a create -q queue-name [–v

visibility_timeout]

Where:

o queue-name specifies the name of the new que

o visibility-timeout specifies the time, in seconds, after which the messages taken by the

consumer get back to the queue. The default and the minimum value here is 30.

You can also use the or2mq command to clear the queue (-a purge), to view the information

about queues (-a describe), or to remove an existing queue (-a delete).

• Manage messages using the or2-manage-messsages (or2mm) command. To create a new

message and send it to RabbitMQ, use the command with the -a send parameter:

or2mm –p project –r region -q queue-name -a send –m message-content

Where message-content is the content of the message to be sent, 256KB max. You can specify

the “file” prefix to get the message from a specific file, e.g.: -m file:D:/message.txt.

To receive messages, use the or2mm command with the –a receive action:

or2mm –p project –r region -q queue-name -a receive –c messages-count –w

wait-time

Where:

o messages-count is the number of messages the consumer should take from the queue

o wait-time is the time the consumer waits for the messages. Only the messages coming

during this time will be received.

To delete a message from the queue, use the or2mm command with -a delete action:

or2mm –p project –r region -q queue-name -a delete –i message-id

3.23.3 Managing the Service via AWS SDK

To work with Messaging service via AWS SDK, you should provide credentials that contain your username

(name_surname in lower case) and token, generated by or2ms --init-entry-point command.

You should also provide endpoint as Error! Hyperlink reference not valid..

Below, you can find some examples tested on Java SDK with v. 1.10.39:

AWSCredentials CREDENTIALS = new BasicAWSCredentials("ivan_ivanov", "token");

String ENDPOINT = "http://ecs00000000:5673/amazon/";

There are 7 actions implemented:

1. Create queue

1.1 Create queue:


EPAM PUBLIC 139

@Test

public void createQueue() {

AmazonSQS sqs = new AmazonSQSClient(CREDENTIALS);

sqs.setEndpoint(ENDPOINT);

CreateQueueResult queue = sqs.createQueue("queue-name");

String queueUrl = queue.getQueueUrl();

}

1.2. Create queue with attributes:

@Test

public void createQueueWithAttributes() {



Map<String, String> queueAttributes = new HashMap<String, String>();

queueAttributes.put("VisibilityTimeout", "100");

CreateQueueRequest createQueueRequest = new CreateQueueRequest();

createQueueRequest.setQueueName("queue-name");

createQueueRequest.setAttributes(queueAttributes);

CreateQueueResult queue = sqs.createQueue(createQueueRequest);

String queueUrl = queue.getQueueUrl();

}

2. List queues: 2.1 List queues:

@Test

public void listQueues() {



ListQueuesResult listQueuesResult = sqs.listQueues();

List<String> queueUrls = listQueuesResult.getQueueUrls();

}


EPAM PUBLIC 140

2.2 List queues with queue name prefix:

@Test

public void listQueuesWithQueueNamePrefix() {



ListQueuesRequest request = new ListQueuesRequest();

request.setQueueNamePrefix("q");

ListQueuesResult listQueuesResult = sqs.listQueues(request);

List<String> queueUrls = listQueuesResult.getQueueUrls();

}

3. Purge queue:

@Test

public void purgeQueue() {



PurgeQueueRequest request = new PurgeQueueRequest();

request.setQueueUrl(ENDPOINT + "queue-name");

sqs.purgeQueue(request);

}

4. Delete queue:

@Test

public void deleteQueue() {



DeleteQueueRequest request = new DeleteQueueRequest();

request.setQueueUrl(ENDPOINT + " queue-name");

sqs.deleteQueue(request);

}


EPAM PUBLIC 141

5. Send message:

5.1 Send message:

@Test

public void sendMessage() {



SendMessageRequest request = new SendMessageRequest();

request.setMessageBody("TEST MESSAGE");


SendMessageResult sendMessageResult = sqs.sendMessage(request);

String messageId = sendMessageResult.getMessageId();

String md5OfMessageBody = sendMessageResult.getMD5OfMessageBody();

String md5OfMessageAttributes =

sendMessageResult.getMD5OfMessageAttributes();

}

5.2 Send message with attributes:

@Test

public void

sendMessageWithAttributesShouldReturn501NotImplementedException() {



SendMessageRequest request = new SendMessageRequest();

request.setMessageBody("TEST MESSAGE");


Map<String, MessageAttributeValue> attributeValueMap = new

HashMap<String, MessageAttributeValue>();

MessageAttributeValue attributeValue = new MessageAttributeValue();

attributeValue.setStringValue("attributeValue");

attributeValue.setDataType("String");

attributeValue.setStringListValues(Arrays.asList("1", "2", "3"));

attributeValueMap.put("attributeKey", attributeValue);

request.setMessageAttributes(attributeValueMap);

SendMessageResult sendMessageResult = sqs.sendMessage(request);

String messageId = sendMessageResult.getMessageId();

String md5OfMessageBody = sendMessageResult.getMD5OfMessageBody();

String md5OfMessageAttributes =

sendMessageResult.getMD5OfMessageAttributes();

}


EPAM PUBLIC 142

(!) Message attributes can be specified but it will have no effect as such functionality is not implemented for Messaging service.

6. Receive messages:

@Test

public void receiveMessage() {



ReceiveMessageRequest request = new ReceiveMessageRequest();


request.setMaxNumberOfMessages(1);

ReceiveMessageResult receiveMessageResult =

sqs.receiveMessage(request);

List<Message> messages = receiveMessageResult.getMessages();

}

(!) Instead of receiptHandle, messageID is returned. The same messageID should be specified in delete message action.

7. Delete message:

@Test

public void deleteMessage() {



DeleteMessageRequest request = new DeleteMessageRequest();


request.setReceiptHandle("eefe4fdf-571d-4972-8551-942b9e38484e");

sqs.deleteMessage(request);

}

In case of errors, the standard AWS response is returned. For example:

<ErrorResponse>

<Error>

<Type>Sender</Type>

<Code>InvalidParameterValue</Code>

<Message> Queue name should be not empty</Message>

</Error>

<RequestId>eede4adf-571d-4972-8551-942bbcde484e</RequestId>

</ErrorResponse>


EPAM PUBLIC 143

3.23.4 Pricing

The service usage price is defined by the price of the Rabbit VM.

The default parameters of the instance are:

• Shape: MEDIUM


Therefore, the approximate monthly cost of one Messaging service instance in case of 100% and 24/7 load

is about $42.2 in EPAM-BY2 region (as to 05/12/2017). The price can vary depending on the region.




EPAM PUBLIC 144

ANNEX A – PAAS GUEST OPERATING SYSTEMS

Service name Used Image

Adobe AEM as a Service (AEM) CentOS6_64-bit

Ambari Service (AAS) CentOS6_64-bit

Artifactory as a Service (AFS) CentOS7_64-bit

ATG as a Service (ATG) CentOS6_64-bit

Auto Configuration Service (ACS): Chef server (epc/user modes) version 11/version 12 Ubuntu14.04_64-bit/Ubuntu16.04_64-bit

Cloud Monitoring Service (CMS): Zabbix Ubuntu16.04_64-bit

Docker/Docker registry (DOS) (with volumes) CoreOS_899.13_64-bit

Docker/Docker registry Service (DOS) Ubuntu16.04_64-bit/Ubuntu14.04_64

FTP to AWS SE Service (FTP2S3) Ubuntu14.04_64-bit

Gerrit as a Service (GAS) Ubuntu14.04_64-bit

Hybris as a Service (HAS) CentOS7_64-bit

Jenkins as a Service (JAS) Ubuntu16.04_64-bit

Kubernetes as a Service (KUB) CoreOS_1632_64-bit

Load Balancer Service (LBS) Ubuntu16.04_64-bit

Log Aggregation Service (LAS) Ubuntu16.04_64-bit

Magento as a Service (MAS) CentOS7_64-bit

Messaging Service (MES) Ubuntu14.04_64-bit

Relational Data Base Service (RDB) Mariadb Ubuntu14.04_64-bit

Relational Data Base Service (RDB) MSSQL (2012) W2012R2Std

Relational Data Base Service (RDB) MSSQL (2014) hardware W2012R2Std

Relational Data Base Service (RDB) MySQL Ubuntu14.04_64-bit

Relational Data Base Service (RDB) Oracle OracleLinux7_64-bit

Relational Data Base Service (RDB) PostgreSQL Ubuntu14.04_64-bit

Sitecore as a Service (SAS) W2012R2Std

Sonar as a Service (SQS) Ubuntu14.04_64-bit

Splunk as a Service (SPS) Ubuntu14.04_64-bit

Telemetry as a Service (TMS) Ubuntu16.04_64-bit


EPAM PUBLIC 145

TABLE OF FIGURES

Figure 1 - TCP/IP Configuration (Windows) ................................................................................................ 16

Figure 2 - Creating Local Windows User .................................................................................................... 17

Figure 3 - Assigning Administrator Privileges to a Windows User .............................................................. 18

Figure 4 - Excluding Guest OS from Domain (Windows) ............................................................................ 19

Figure 5 - Renaming Guest OS (Windows) ................................................................................................. 19

Figure 6 - Rebooting a VM in Azure region ................................................................................................. 20

Figure 7 - Custom images in or2dim command response .......................................................................... 22

Figure 8 - Static IPs manipulation scheme .................................................................................................. 27

Figure 9 – Manage Services Wizard ........................................................................................................... 29

Figure 10 – 'Select action' options ............................................................................................................... 29

Figure 11 – ‘Results’ window ....................................................................................................................... 30

Figure 12 - Detailed information about services .......................................................................................... 30

Figure 13 - Disabling auto configuration for a specific OS .......................................................................... 32

Figure 14 - Reviewing information on the current status of the ACS .......................................................... 32

Figure 15 - The or2-validate-chef command output .................................................................................... 34

Figure 16 - Chef UI ...................................................................................................................................... 36

Figure 17 - OpenStack Metrics on UI .......................................................................................................... 39

Figure 18 - List of Telemetry agents............................................................................................................ 41

Figure 19 - Telemetry agent with available metrics ..................................................................................... 41

Figure 20 - Instance metrics ........................................................................................................................ 42

Figure 21 - Grafana Web UI URL and credentials ...................................................................................... 42

Figure 22 - Metric name .............................................................................................................................. 43

Figure 23 - Zabbix Statistics ........................................................................................................................ 45

Figure 24 - Zabbix UI ................................................................................................................................... 45

Figure 25 - Log service user/password details ............................................................................................ 48

Figure 26 - GrayLog UI ................................................................................................................................ 48

Figure 27 - Bucket Name in AWS Management Console ........................................................................... 53

Figure 28 - FTP Server Address and Port ................................................................................................... 54

Figure 29 - S3 Buckets in an FTP Client View ........................................................................................... 54

Figure 30 - Docker volume creation ............................................................................................................ 62

Figure 31 - List of Docker volumes.............................................................................................................. 62


EPAM PUBLIC 146

Figure 32 - Docker volume deletion ............................................................................................................ 62

Figure 33 - Running Docker container with a volume ................................................................................. 63

Figure 34 - List of Docker resources ........................................................................................................... 64

Figure 35 - Docker cluster data ................................................................................................................... 64

Figure 36 - Docker Registry flow ................................................................................................................. 65

Figure 37 - Docker registry creation ............................................................................................................ 66

Figure 38 - Docker registry in the list of services ........................................................................................ 66

Figure 39 - Docker image creation .............................................................................................................. 66

Figure 40 - Image pushed to Docker registry .............................................................................................. 67

Figure 41 - Image pulled from Docker registry ............................................................................................ 67

Figure 42 - List of Kubernetes nodes (shown in two lines for better visibility) ............................................ 70

Figure 43 - List of pods in a Kubernetes cluster .......................................................................................... 71

Figure 44 - List of namespaces in a Kubernetes cluster ............................................................................. 71

Figure 45 - List of services in a Kubernetes cluster .................................................................................... 72

Figure 46 - List of replication controllers ..................................................................................................... 72

Figure 47 - List of Kubernetes nodes .......................................................................................................... 72

Figure 48 - Kubernetes Dashboard ............................................................................................................. 74

Figure 49 - Heapster Gathered Data ........................................................................................................... 74

Figure 50 - Username and password in or2dser response ......................................................................... 75

Figure 51 - Hadoop RM Web UI .................................................................................................................. 81

Figure 52 - Hadoop Name Node Web UI .................................................................................................... 81

Figure 53 - Ambari service check ................................................................................................................ 84

Figure 54 - Cluster resources setup ............................................................................................................ 86

Figure 55 - Changing Splunk license type .................................................................................................. 91

Figure 56 - List of Splunk proxy endpoints .................................................................................................. 92

Figure 57 – Splunk service info (shown in two lines for better visibility) ..................................................... 92

Figure 58 - Splunk service credentials ........................................................................................................ 93

Figure 59 - Splunk UI .................................................................................................................................. 93

Figure 60 - The or2-describe-services output ............................................................................................. 96

Figure 61 - Jenkins UI ................................................................................................................................. 96

Figure 62 - Gerrit Service Architecture ........................................................................................................ 98

Figure 63 - Gerrit service activation ............................................................................................................ 99


EPAM PUBLIC 147

Figure 64 - Email containing SSH key ...................................................................................................... 100

Figure 65 - Adding SSH key ...................................................................................................................... 100

Figure 66 - Gerrit Web UI .......................................................................................................................... 101

Figure 67 – Sonar Service Info (shown in two lines for better visibility) .................................................... 104

Figure 68 - Sonar quality profile creation .................................................................................................. 104

Figure 69 - Rules activation for Sonar quality profile ................................................................................ 105

Figure 70 - Sonar rules retrieval from repository ....................................................................................... 105

Figure 71 - Sonar Web UI credentials ....................................................................................................... 105

Figure 72 – SonarQube Web UI ................................................................................................................ 106

Figure 73 – Artifactory Service Info (shown in two lines for better visibility) ............................................. 108

Figure 74 – Artifactory Web UI .................................................................................................................. 108

Figure 75 - Adobe AEM Service Diagram ................................................................................................. 109

Figure 76 - Adobe AEM Service Diagram ................................................................................................. 110

Figure 77 - Cluster connection details ....................................................................................................... 112

Figure 78 - AEM Author Login Page ......................................................................................................... 113

Figure 79 - AEM PaaS Mode activation .................................................................................................... 114

Figure 80 - AEM PaaS Mode description (shown in two lines for better visibility) .................................... 115

Figure 81 - Cluster connection details ....................................................................................................... 115

Figure 82 - AEM Author Login Page ......................................................................................................... 115

Figure 83 - Sitecore service activation ...................................................................................................... 118

Figure 84 - List of Sitecore instances ........................................................................................................ 118

Figure 85 - Sitecore Web UI ...................................................................................................................... 119

Figure 86 - Sitecore-LB activation ............................................................................................................. 120

Figure 87 - Sitecore Info (shown in two lines for better visibility) .............................................................. 121

Figure 88 - Sitecore instances info (shown in two lines for better visibility) .............................................. 121

Figure 89 - Sitecore WebUI URLs ............................................................................................................. 122

Figure 90 - Hybris MEDIUM configuration ................................................................................................ 128

Figure 91 - Hybris LARGE configuration ................................................................................................... 129

Figure 92 - Hybris activation ...................................................................................................................... 129

Figure 93 - List of Hybris instances ........................................................................................................... 130

Figure 94 - Hybris administration console ................................................................................................. 130

Figure 95 - Spark demo application .......................................................................................................... 131


EPAM PUBLIC 148

Figure 96 – Magento Service Info (shown in two lines for better visibility) ............................................... 132

Figure 97 - Magento Web UI credentials .................................................................................................. 132

Figure 98 - Magento UI ............................................................................................................................. 133

Figure 99 - ATG as a Service architecture ................................................................................................ 135

Figure 100 – ATG service info ................................................................................................................... 135

Figure 101 - ATG instance details ............................................................................................................. 136

Figure 102 - Messaging service performance scheme ............................................................................. 137


EPAM PUBLIC 149

VERSION HISTORY

Version Date Summary

3.22 May 18, 2018 - Updated the info about Kubernetes as a Service

3.21 April 4, 2018

- Updated the info about Kubernetes as a Service

- Removed info about RBAC authorization

- Updated the OpenShift Service information

3.20 March 24, 2018

- Updated the info on instances preparation to image

creation.

- Added the OpenShift Service Description.

3.19 February 22, 2018

- Added 2 sections about the VMs in Azure regions to the

Section 2.2

- Updated Cloud Monitoring Service info

- Removed info about default chef server monitoring

- Updated the information on ambary cluster starting

3.18 January 4, 108 - RDB Service info updated

- Schedules info updated

3.17 December 22, 2017

- RDB Service info updated

- OS for Platform Services table added

- Manage Services Wizard info updated

3.16 December 15, 2017 - ACS updates

3.15 December 1, 2017 - Shared Chef Server info updated

- Chef 12 and Chef 11 availability info updated

3.14 November 11, 2017

- Added the default EPAM telemetry info

- Added Chef 12 info

- Added Ubuntu 12 info

3.13 September 9, 2017

- Docker, Load Balancer, Log Aggregation services info

updated with the new images details

- Checkpoints limitations updated with the restriction for

OpenStack regions

- Updated Telemetry as a Service description

3.12 July, 2017 - fixed-ip parameter removed from the description of the

or2-allocate-static-ip command


EPAM PUBLIC 150

- Description of Telemetry as a Service added

3.11 May 20, 2017 - Description of Cloudify as a Service removed

3.10 April 7, 2017 - Jenkins information updated (or2mjp command added,

cluster creation information added)

3.9 February 25, 2017

- Artifactory as a Service description added

- Description of Hybris as a Service updated

- Description of ATG as a Service updated

- Description of AEM as a Service updated

- Description of Sonar as a Service updated

3.8 December 16, 2016

- Description of Kubernetes commands added

- Sonar as a Service info added

- or2dr command removed

- Classification changed from Confidential to Public,

approved by Dzmitry Pliushch

3.7 October 29, 2016

- Backup Service info added

- Docker version updated

- Info about VM preparation for image creation updated

3.6 September 3, 2016

- Note about Chef mode change time added

- Splunk as a Service description added

- Magento as a Service description added

- ATG as a Service description added

- AEM as a Service description updated

- Sitecore as a Service description updated

- Jenkins and Gerrit upgrade notices added

3.5 July 1, 2016

- Added services cooperation disclaimer

- Added DB versions to RDB service description

- Updated images info for RDB service

3.4 May 22, 2016

- Kubernetes as a Service description added

- Gerrit as a Service description added

- Docker volume description added

- SItecore as a Service description added

- Updated Chef Modes disclaimer

3.3 March 26, 2016

- EPAM-DKR information added

- Hybris as a Service description added

- Chef Client version updated

3.2 February 13, 2015 - Added DB comparison to RDB Service description

- Updated checkpoints cost example


EPAM PUBLIC 151

- Updated RDB login info

- Updated Ambari service info

3.1 December 20, 2015 - Updated RDB service info

- Added MES service info

3.0 November 7, 2015

- Restructured

- Merged with Cloudify Guide

- Merged with Auto Configuration Guide

- Merged with Checkpoints Guide

- Static IP manipulations added

2.3 August 7, 2015 - Added the UI part

epam cloud orchestrator - cloud services guidep=c_services/csug... · o adobe aem service –...

Documents