Create AWS Site

Objective

This guide provides instructions on how to create AWS VPC and deploy Volterra sites there. For more information on Volterra site, see Volterra Site.

You can deploy an AWS site in the following ways:

  • Using guided forms in VoltConsole
  • Using Volterra terraform

Volterra uses terraform to perform the site deployments. The wizard presents option to perform automatic deployment or assisted manual deployment with guided steps. In case of assisted deployment, Volterra generates the required terraform variables that can be downloaded and used in deploying using terraform.

Using the instructions provided in this guide, you can deploy an AWS single-interface site or two-interface site.


Prerequisites

The following prerequisites apply:


Deploy Using VoltConsole

The following video shows the AWS VPC creation and site deployment workflow using VoltConsole:

AWS VPC creation and management requires performing the following sequence of actions:

Phase Description
Create AWS VPC Object Create the VPC object in VoltConsole using the guided wizard.
Deploy Site Deploy the sites configured in the VPC object using automated or assisted method.

Create AWS VPC Object

The wizard to create the site object in AWS VPC guides you through the steps for required configuration. This document covers each guided step and explains the required actions to be performed for each step.

Perform the following steps:

Step 1: Log into the VoltConsole and start AWS VPC site management object creation.

Select Manage from the configuration menu in the system namespace. Select Site Management -> AWS VPC Site from the options. Click Add AWS VPC Site. Enter a name for your VPC object in the metadata section.

Step 2: Configure the VPC and site settings.

Go to Site Type Selection section` and perform the following:

Step 2.1: Set region and configure VPC.
  • Select a region in the AWS Region drop-down field.
  • Select an option for the Select existing VPC or create new VPC field and configure as per the following guidelines:

    • For the New VPC Parameters option, enter the name tag in the AWS VPC Name Tag field and enter the CIDR in the Primary IPv4 CIDR blocks field.
    • For the Existing VPC option, enter an existing VPC name in the Existing VPC field.

vpc nodetype
Figure: VPC and Node Type Configuration

Step 2.2: Set the node configuration.

Select an option for the Select Ingress Gateway or Ingress/Egress Gateway field and perform one of the following steps accordingly.

Step 2.2.1: Configure ingress gateway. For the `Ingress Gateway (One Interface)` option, perform configuration as per the following guidelines:
  • Select an option for the AWS AZ name field that matches the configured AWS Region.
  • Select Existing Subnet or New Subnet for the Select Existing Subnet or Create New field and enter a subnet address in the IPv4 Subnet or Existing Subnet options accordingly. Ensure that the subnet is part of the CIDR block set in the previous step.
  • Enter a value in GiB for the Cloud Disk Size field.

Note: The AWS Certified Hardware is set to aws-byol-voltmesh by default. You can add more than one node using the Add item option.

Step 2.2.2: Configure ingress/egress gateway. For the `Ingress/Egress Gateway (Two Interface)` option, click `Edit` to open the two-interface node configuration wizard and enter the configuration as per the following guidelines.
  • Select an option for the AWS AZ name field that matches the configured AWS Region.
  • Select Existing Subnet or New Subnet for the Select Existing Subnet or Create New field in the Subnet for Inside Interface section. Enter a subnet address in the IPv4 Subnet or Existing Subnet options accordingly.
  • Select Existing Subnet or New Subnet for the Select Existing Subnet or Create New field in the Subnet for Outside Interface section. Enter a subnet address in the IPv4 Subnet or Existing Subnet options accordingly.

    two int nodes
    Figure: Ingress/Egress Gateway Settings

  • In the Site Network Firewall section, optionally select Active Network Policies in the Manage Network Policy field. Select an existing network policy or click Create new network policy to create and apply a network policy. After creating the policy, click Continue to apply.
  • Optionally select Active Forward Proxy Policies in the Manage Forward Proxy Policy field. Select an existing forward proxy policy or click Create new forward proxy policy to create and apply a forward proxy policy. After creating the policy, click Continue to apply.

    twoint nwf
    Figure: Network Firewall Configuration for Node

  • In the advanced configuration section, enable the Show Advanced Fields option. Select Manage Static Routes for the Manage Static Routes for Inside Network field and click Add item for the Static route list field. Perform one of the following steps:

    • Select Simple Static Route and enter a static route in the Simple Static Route field.
    • Select Custom Static Route and click Configure under the Custom Static Route option and perform the following steps:
    • In the Subnets section, select IPv4 or IPv6 option for the Version field. Enter a prefix and prefix length for your subnet. You can use the Add item option to set more subnets.
    • In the Nexthop section, select a next-hop type for the Type field. Select IPv4 or IPv6 for the Version field in the Address section and enter an IP address accordingly. Click Select interface object and select a network interface or click Add new network interface to create and apply a new network interface. Click Select interface object to apply the interface.
    • In the Attributes section, select supported attributes in the Attributes field. You can select more than one from this list.
    • Click Apply to add the custom route.
  • Select Manage Static Routes for the Manage Static Routes for Outside Network field and click Add item for the Static route list field. Follow the same procedure as that of managing the static routes for inside network.
  • Click Apply.

Note: The AWS Certified Hardware is set to aws-byol-multi-nic-voltmesh by default. You can add more than one node using the Add item option.

Step 2.3: Set the deployment type.

Select an option for the Select Automatic or Assisted Deployment field and perform further actions as per the following guidelines.

  • For the Automatic Deployment option, select an existing AWS credentials object or click Create new aws cred option to load new credential creation wizard. Create the new credentials as per the following guidelines:

    • Enter a name in the metadata section. Optionally set labels and enter a description.
    • Select AWS Secret Key in the Select Cloud Credential Type field. Enter the AWS access ID in the Access Key ID field and click Configure under the Secret Key field.
    • Select an option for the Secret Info. If you select Blindfold Secret, enter the secret in the Location field. If you select Clear Secret, enter the secret in the Clear Secret field in either ASCII or base64(binary) formats. Click Apply.
    • Click Continue to add the new credentials.

Note: Refer to the Cloud Credentials guide for more information.

  • For the Assisted Deployment option, obtain the AWS parameters after this VPC object is created in VoltConsole and perform the site deployment as per the instructions in the AWS Installation guide.

    auto deployment
    Figure: Deployment Configuration

Step 3: Set the site node parameters.

Go to the Site Node Parameters section and enable the Show Advanced Fields option. Perform the following:

  • Set the AWS instance type by selecting an option for the AWS Instance Type for Node field.
  • Set a scaling limit for the worker nodes by configuring a value for the Auto Scale Limit field.
  • Enter your SSH key in the Public SSH key field.

    site node params
    Figure: Site Node Parameters Configuration

Step 4: Complete the AWS VPC site object creation.

Click Continue to complete creating the AWS VPC site.

Note: The Status field for the VPC object shows Generated. You can navigate to the created AWS VPC object using the Manage -> Site Management -> AWS VPC Site option.

Step 5: Optionally, perform the terraform plan activity.
  • Navigate to the created AWS VPC object using the Manage -> Site Management -> AWS VPC Site option.
  • Find your AWS VPC object and click ... -> Plan (Optional) for your AWS VPC to start the action of terraform plan. This creates the execution plan for terraform.
Step 6: Download the terraform variables in case of assisted deployment.
  • Navigate to the created AWS VPC object using the Manage -> Site Management -> AWS VPC Site option.
  • Find your VPC object and click ... -> Terraform Parameters for it.

Deploy Site

Creating the AWS VPC object in VoltConsole generates the plan and terraform objects required for deployment. You can deploy the site using automatic or assisted deployment, depending on your VPC object configuration.

Navigate to your VPC object and perform one of the following:

Automatic Deployment: Deploy the site using the automatic deployment method.

Perform this procedure in case you created the VPC object with automatic deployment option.

  • Navigate to the created AWS VPC object using the Manage -> Site Management -> AWS VPC Site option. Find your AWS VPC object and click Apply under the Actions column. The Status field for your AWS VPC object changes to Applying.
  • Wait for the apply to complete and the status to change to Applied.
  • Navigate to Sites -> Sites List. Find your site from the displayed list and verify that the status is ONLINE.

Note: It takes a few minutes for the site to be deployed and status to become ONLINE.

Assisted Deployment: Deploy the site using the terraform obtained from the VPC object.

Perform this procedure in case you created the VPC object with assisted deployment option.

  • Download Volterra quickstart utility.
docker pull volterraio/volt-terraform
  • Run the terraform container.
docker run --entrypoint tail --name terraform-cli -d -it \
-w /terraform/templates \
-v ${HOME}/.ssh:/root/.ssh \
volterraio/volt-terraform:latest \
-f /dev/null
  • Copy the downloaded terraform variables file to the container. The following example copies to the /var/tmp folder on the container.
docker cp /Users/ted/Downloads/system-aws-vpc-a.json terraform-cli:/var/tmp
  • Enter the terraform container.
docker exec -it terraform-cli sh
  • Configure AWS API access and secret key.
aws configure

Note: For more information, refer to AWS documentation.

  • Change to the VPC template directory and set the environment variable for API credentials password.
cd /terraform/templates/views/assisted/aws-volt-node
export VES_P12_PASSWORD=<api_cred_password>

Note: See the Generate API Certificate for information on API credentials.

  • Deploy the nodes by executing the terraform commands.
terraform init
terraform apply -var-file=/var/tmp/system-aws-vpc-a.json

Note: The terraform init command brings up the AWS cloud resources. When the terraform apply command is executed, it prompts for user input to proceed. Enter yes to begin deploying the node(s) and wait for the deployment to complete.

  • Navigate to Sites -> Sites List. Find your site from the displayed list and verify that the status is ONLINE.

Note: It takes a few minutes for the site to be deployed and status to become ONLINE.


Delete VPC Site

You can delete the VPC object from the VoltConsole. Perform the following to delete the VPC object:

  • Navigate to the created AWS VPC object using the Manage -> Site Management -> AWS VPC Site option.
  • Find your AWS VPC object and click ... -> Delete.
  • Click Delete in the confirmation window.

Note: Deleting the VPC object deletes the sites and nodes from the VPC and deletes the VPC. In case the delete operation does not remove the object and returns any error, check the error from the status, fix the error, and re-attempt the delete operation. If the problem persists, contact technical support. You can check the status using the ... ->Terraform Parameters-> Apply status option.


Deploy Site Using Volterra Terraform

This chapter provides instructions on how to create Volterra single-node or multi-node site on Amazon Elastic Compute Cloud (EC2) using custom Amazon Machine Image (AMI).

You can deploy the site using quick deployment or detailed deployment. In both cases, the deployment is carried out using Volterra terraform. Detailed deployment requires you to first create site token.

Create Site Token

Step 1: Navigate to the system namespace.

Select the system namespace to obtain a token. You can use an existing token or create a new one. A site can be configured as single-node or multi-node site. In case of multi-node site, use the same token for all installations.

NameSpaceNavig
Figure: Navigate to Namespace

Step 2: Generate token.

Select Manage -> Site Management from the configuration menu and select Site Token from the options pane. Click Add site token to create a new token. This loads the Add site token form. Enter the site name and description in the Name and Description fields respectively. Click Add site token button at the bottom of the form.

CreateSiteToken
Figure: Create a site token

Step 3: Notedown the token.

Find the token you created or choose an existing token from the list of tokens displayed. Click the > to expand the token details in JSON format and note the value of the uid field.

SiteTokenUID
Figure: Find Site Token UID


Quick Deployment Option

The quickest way to install Volterra Node(s) is by using the Quickstart tool that comes packaged with a setup script and a container with Volterra Terraform deployment scripts.

Installing the node using the quickstart also performs site token creation and automatic approval of registration.

Note: Automatic registration for worker nodes is not supported.

Quickstart tool requires input variables supplied through a file. The following snippet shows sample contents of the variables file.

{
    "access_key": "<aws access key>",
    "secret_key": "<aws secret key>",

    "machine_public_key": "<ssh-public-key>",
    "machine_image": "<AMI-ID>",

    "deployment": "<ce_cluster_name>",
    "cluster_latitude": "<latitude>",
    "cluster_longitude": "<longitude>",
    "region": "<aws region>",
    "api_p12_file": "<path/to/api/p12/file>",
    "api_url": "<volterra_tenant_url ex: https://customer1.console.ves.volterra.io/api"

}

To obtain AWS keys and secret, follow instructions from AWS Documentation.

See the AMI Images for AWS Machine Images (AMI) per region.

Note: The api_p12_file represents the path to API credentials file. In case you do not have API credentials, generate them in VoltConsole using the IAM->Credentials->My Credentials option as per the instructions in the Generate API Certificate document.

Step 1: Download the Quickstart tool.
docker run --rm -v $(pwd):/opt/bin:rw docker.io/volterraio/volt-terraform:latest cp /deploy-terraform.sh /opt/bin
Step 2: Set the environment variable for API credentials password.
export VES_P12_PASSWORD=<api_cred_password>

Note: The API credentials password is the one you set during the generation of API credentials file.

Step 3: Deploy the node(s).

Deploy using the apply option of the Quickstart tool. Enter the ce-multi-aws template for multi-node deployments and ce-single-aws templates for single-node deployments.

./deploy-terraform.sh apply -p aws -i <absolute_path_to_vars_file> -tn ce-single-aws --tf-version 0.12 --force

Example command to deploy a single node:

./deploy-terraform.sh apply -p aws -i /var/tmp/aws.tfvars -tn ce-single-aws --tf-version 0.12 --force

Note: In case of two-interface node installation, use the ce-single-2nic-aws or ce-multi-2nic-aws template for single-node or multi-node site respectively.


Detailed Deployment Steps

You can customize the default terraform deployment steps used by the Volterra Quickstart tool. Perform the following steps for customizing your deployment.

Step 1: Run the terraform CLI container.
docker run --entrypoint tail --name terraform-cli -d -it \
-w /terraform/templates \
-v ${HOME}/.ssh:/root/.ssh \
volterraio/volt-terraform:latest \
-f /dev/null
Step 2: Enter the terraform container.
docker exec -it terraform-cli sh
Step 3: Configure AWS API access and secret key.

Use the command below:

Note: For more information, please refer to AWS documentation.

aws configure
Step 4: Create terraform variables.

Create a variables file or copy one from the samples provided. For single-node deployment, change to the ce-single-aws directory. For multi-node deployment, change to the ce-multi-awsdirectory.

cd <ce-single-aws | ce-multi-aws>
cp sample-production.tfvars.json aws.tfvars.json

Note: In case of two-interface node installation, change to the ce-single-2nic-aws or ce-multi-2nic-aws directory for single-node or multi-node site respectively.

Step 5: Edit aws.tfvars.json and update the required changes to the variables.

Edit the terraform variables.

{
    "access_key": "<AWS_ACCESS_KEY>",
    "secret_key": "<AWS_SECRET_ACCESS_KEY>",
    "region": "<REGION>",

    "machine_public_key": "<SSH_PUBLIC_KEY>",
    "machine_image": "<AWS_AMI_IMAGE_ID>",

    "deployment": "<VOLTERRA_SITE_NAME>",
    "cluster_token": "<VOLTERRA_SITE_TOKEN>"
}

Set the environment variable for API credentials password.

export VES_P12_PASSWORD=<api_cred_password>

Note: See the AMI Images for AWS Machine Images (AMI) per region.

Step 6: Deploy the nodes by executing the terraform commands.
terraform init
terraform apply -var-file=aws.tfvars.json

Note: The terraform init command brings up the AWS cloud resources. When the terraform apply command is executed, it prompts for user input to proceed. Enter yes to begin deploying the node(s).

Step 7: Accept the registration in VoltConsole.

Single-node Site Registration

Step 1: Navigate to registrations and start registration approval.

Log in to the VoltConsole with your tenant and select Manage from the configuration menu. Select Registrations from the options pane and choose your site in the displayed list of sites. Click ✅ to load the Registration Acceptance form.

AcceptReg
Figure: Accept Pending Registration

Step 2: Enter the required fields and complete registration.

Enter the site configuration parameters and click Accept.

SiteParam
Figure: Configure Site Parameters

Note: Enter all mandatory fields marked with the * character.

Step 3: Check the site status and health.

Select Sites -> Site List and click on your site from the displayed site list to see the dashboard for your site.

HealthCheck
Figure: Site Health Check

Note: After you accept the registration, it takes few minutes for the health and connectivity status to get updated in the portal. Click the Site Status tab to verify the following (established in that order during the site bring up):

  1. The Last Upgrade field has Successful value for the Volterra OS Status section.
  2. The Last Upgrade field has Successful value for the Volterra Software Status section.
  3. The IPSEC status field under RE Connectivity section has up value.

Multi-node Site Registration

Step 1: Navigate to registrations and perform registration.

Accept registration requests from the master-0, master-1, and master-2 nodes. Enter the same values for the following parameters for all the registration requests.

  1. ‘Cluster name’ = ‘volterra-demo-site-mce’
  2. ‘Cluster size’ = ‘3’

RegReqM-0
Figure: Registration request from ‘master-0’ node
RegReqM-1
Figure: Registration request from ‘master-1’ node
RegReqM-1
Figure: Registration request from ‘master-2’ node

Note: Enter all mandatory fields marked with the * character.

Step 2:Check the site status and health

Select Sites -> Site List and click on your site from the displayed site list to see the dashboard for your site.

SiteDashBrd
Figure: Volterra Site Dashboard

Note: After you accept the registration, it takes few minutes for the health and connectivity status to get updated in the portal. Click the Site Status tab to verify the following (established in that order during the site bring up):

  1. The Last Upgrade field has Successful value for the Volterra OS Status section.
  2. The Last Upgrade field has Successful value for the Volterra Software Status section.
  3. The IPSEC status field under RE Connectivity section has up value.

Note: You can log on to the Volterra CLI on your node through SSH with username centos and your private key.


Destroy

Destroying the node requires you to first decommission and delete the node from the VoltConsole using the Remove Site instructions.

Step 1: Login to terraform-cli container.
docker exec -it terraform-cli sh
Step 2: Destroy the deployments.

Destroy by executing the destroy option from within the directories of your deployment.

cd templates/<ce-single-aws | ce-multi-aws>
terraform destroy -force -var-file=aws.tfvars.json

Example command to destroy the node using the quickstart tool:

./deploy-terraform.sh destroy -p aws -i /var/tmp/aws.tfvars -tn ce-single-aws --tf-version 0.12 --force
Step 3: Optionally, remove Votlerra terraform container.
exit
docker rm -f terraform-cli

Concepts


API References