forked from pivotal-cf/docs-new-relic-nozzle
-
Notifications
You must be signed in to change notification settings - Fork 0
/
installing.html.md.erb
187 lines (143 loc) · 11.9 KB
/
installing.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
---
title: Installing and Configuring New Relic Nozzle for VMware Tanzu
owner: Partners
---
This topic describes how to install and configure New Relic Nozzle for VMware Tanzu.
You can either install the New Relic Nozzle for VMware Tanzu as a tile in Ops Manager, or push it as a regular application.
## <a id='install-opsmgr'></a> Install and Configure New Relic Nozzle for VMware Tanzu as a Tile in Ops Manager
1. Download the product file from [Pivotal Network](https://network.pivotal.io/products/nr-firehose-nozzle/).
1. Navigate to the Ops Manager Installation Dashboard and click **Import a Product** to upload the product file.
1. Under the **Import a Product** button, click the **+** sign next to the version number of New Relic Nozzle for VMware Tanzu. This adds the tile to your staging area.
1. Click the newly added **New Relic Nozzle for VMware Tanzu** tile.
1. Follow the steps below to configure the nozzle tile:
* Under **New Relic Firehose Nozzle > Settings > Assign AZs and Networks:**
- Select your desired networks.
- Click **Save**.
* Under **New Relic Firehose Nozzle > Settings > New Relic Firehose Nozzle**, set the following fields:
- New Relic RPM Account ID: `YOUR-NEW-RELIC-RPM-ACCOUNT`
- New Relic RPM Account Region: `US` or `EU`. Choose EU if your RPM URL contains .eu
- New Relic Insights Insert Key: `YOUR-NEW-RELIC-INSIGHTS-INSERT-KEY`
- Firehose Subscription ID: Unique Subscription Identifier (i.e. `newrelic.firehose`)
- Nozzle instances: defaults to 2. Specify between 1 to 30 instance(s) depending on the load of Firehose events.
* Under **New Relic Firehose Nozzle > Settings > Advanced Settings**, set the following fields:
* If your environment uses a proxy server, add the following environment variables:
- Proxy Server Address and Port: `proxy server address:port`
- Proxy Bypass: comma-separated list of servers to bypass proxy
- Skip SSL Verification (True/False): Whether to verify SSL connection
- Selected Events: Comma-separated list of event types
- Drain Interval: How often aggregated metric events are sent (Default: 60s)
- Firehose -> Reverse Log Proxy Gateway Timeout (minutes): Connection timeout to the RLP Gateway (Default: 16m)
- Firehose No Traffic Restart Threshold (seconds): The nozzle will automatically restart if no messages are received in this time period (Default: 15s)
- Firehose Queue Buffer Size (messages): Number of messages the nozzle buffer can hold while processing. Also the number of messages that will be dropped if the buffer fills. (Default: 8192)
- Log Level: INFO or DEBUG
- Tracer (True/False): Activate trace level logging (**extremely** verbose)
* Under **New Relic Firehose Nozzle tile > Settings > LogMessage Filters** tab, set the following fields:
- Note: Include logic is processed before exclude logic. If specified, include filters will only generate New Relic events if the include filter is matched. Exclude filters will exclude matches.
- LogMessage Source Include Filter: Comma- or pipe-separated list of log sources to include (optional)
- LogMessage Source Exclude Filter: Comma- or pipe-separated list of log sources to exclude (optional)
- LogMessage Message Content Include Filter: Comma- or pipe-separated list of log message content to include (optional) (i.e. Including Error,CRASHED would only send LogMessage events that contain Error or CRASHED)
- LogMessage Message Content Exclude Filter: Comma- or pipe-separated list of log message content to exclude (optional)
### <a id='obtain-config-values'></a> Where to Obtain Configuration Values
The following properties can be obtained either from VMware Tanzu Application Service for VMs or from New Relic Insights:
* Firehose Subscription ID: A unique ID (i.e. `newrelic.firehose`)
* Skip SSL: If SSL is disabled, this value should be set to `true`.
* Selected Events: A comma-separated list of any of the following Firehose event types:
- ValueMetric
- CounterEvent
- ContainerMetric
- HttpStartStop
- LogMessage
* New Relic RPM Account ID: The first number that you find in your RPM Url (i.e. `https://insights.newrelic.com/accounts/RPM-ID/...`)
* New Relic Insights Insert Key: An insert key from `https://insights.newrelic.com/accounts/RPM-ID/manage/api_keys`.
* Client Id: `Ops Manager -> VMware Tanzu Application Service for VMs -> Credentials -> Job -> UAA -> Opentsdb Nozzle Credentials -> Link to Credential -> identity` </br>(Only for Application push)
* Client Secret: `Ops Manager -> VMware Tanzu Application Service for VMs -> Credentials -> Job -> UAA -> Opentsdb Nozzle Credentials -> Link to Credential -> password` </br>(Only for Application push)
* API URL: `https://api.YOUR-PCF-DOMAIN` -- `cf curl /v2/info` </br>(Only for Application push)
* UAA URL: `https://uaa.YOUR-PCF-DOMAIN` -- `cf curl /v2/info` </br>(Only for Application push)
* API User Name: If using admin account - `Ops Manager -> VMware Tanzu Application Service for VMs -> Credentials -> Job -> UAA -> Admin Credentials -> Link to Credential -> identity` </br>(Only for Application push)
* API Password: If using admin account - `Ops Manager -> VMware Tanzu Application Service for VMs -> Credentials -> Job -> UAA -> Admin Credentials -> Link to Credential -> password` </br>(Only for Application push)
1. As an admin user in the New Relic UI, you can go to **New Relic Insights > Manage Data > API Keys** to obtain an insert key. If you have an existing key, you can use it. If you do not already have one, you can create a fresh insert key specifically for this purpose.
1. Click **Save**.
1. Return to the Ops Manager Installation Dashboard and click **Apply Changes**.
## <a id='install-app'></a> Install and Configure New Relic Nozzle for VMware Tanzu as an Application
When pushing New Relic Nozzle for VMware Tanzu as an application, you need to have a manifest with the following properties:
```
applications:
- name: newrelic-firehose-nozzle
memory: 512M
disk_quota: 256M
instances: 2
health-check-type: http
health-check-http-endpoint: /health
host: cf-firehose-nozzle-${random-word}
buildpacks:
- binary_buildpack
path: dist
command: ./nr-fh-nozzle
env:
NRF_CF_CLIENT_ID: "Ops Mgr -> Elastic Runtime -> Credentials -> Job -> UAA -> Opentsdb Nozzle Credentials -> Link to Credential -> identity"
NRF_CF_CLIENT_SECRET: "Ops Mgr -> Elastic Runtime -> Credentials -> Job -> UAA -> Opentsdb Nozzle Credentials -> Link to Credential -> password"
NRF_CF_API_UAA_URL: "run cf curl /v2/info to get the url"
NRF_CF_API_URL: "run cf curl /v2/info to get the url"
NRF_FIREHOSE_ID: newrelic.firehose
NRF_CF_SKIP_SSL: true
NRF_ENABLED_ENVELOPE_TYPES: ValueMetric,CounterEvent,LogMessage,ContainerMetric,HttpStartStop
NRF_CF_API_USERNAME: "Ops Mgr -> Elastic Runtime -> Credentials -> Job -> UAA -> Admin Credentials -> Link to Credential -> identity"
NRF_CF_API_TAS for VMsSWORD: "Ops Mgr -> Elastic Runtime -> Credentials -> Job -> UAA -> Admin Credentials -> Link to Credential -> password"
NRF_NEWRELIC_ACCOUNT_ID: New Relic Account ID
NRF_NEWRELIC_INSERT_KEY: New Relic Insights Insert Key
# # Optional Settings (with their default values listed). Uncomment the setting to change.
# # New Relic account region. Choose EU if RPM URL includes .eu.
# NRF_NEWRELIC_ACCOUNT_REGION: US or EU
# # How often accumulated metric events are sent. Recommended: 29s, 59s, 89s, or 129s
# NRF_NEWRELIC_DRAIN_INTERVAL: 59s
# # Number of minutes before the HTTP connection to the RLP Gateway is considered hung and restarted. The RLP Gateway should force a new connection every 14 minutes. This is only applicable if the connection hangs.
# NRF_FIREHOSE_HTTP_TIMEOUT_MINS: 16
# # Number of consecutive seconds with no messages before the nozzle is automatically restarted. Set per environment based on normal message load.
# NRF_FIREHOSE_RESTART_THRESH_SECS: 15
# # Number of messages the nozzle buffer can hold while processing. Also the number of messages that will be dropped if the buffer fills. Recommended minimum is 6000.
# NRF_FIREHOSE_DIODE_BUFFER: 8192
# # Log level (INFO or DEBUG)
# NRF_LOG_LEVEL: INFO
# # Trace level logging (extremely verbose)
# NRF_TRACER: false
# # LogMessage filters (| separated values)
# NRF_LOGMESSAGE_SOURCE_INCLUDE: ""
# NRF_LOGMESSAGE_SOURCE_EXCLUDE: ""
# NRF_LOGMESSAGE_MESSAGE_INCLUDE: ""
# NRF_LOGMESSAGE_MESSAGE_EXCLUDE: ""
# # if proxy used in your environment
# http_proxy: <proxy server address:port>
# no_proxy: <comma separated list of servers to bypass proxy>
```
<p class="note"><strong>Note:</strong> In order to automate the <code>cf push</code> deployment process as much as possible, create an application <code>manifest.yml</code> file. Update the manifest as required for your environment. Make sure to assign proper values to all required environment variables. Any property values within angle brackets must be changed to the correct values for your environment.</p>
<p class="note"><strong>Note:</strong> Make sure to build the nozzle binary in <strong>"dist"</strong> subdirectory (using the build command below), so that when you push the app, the source and rest of the unnecessary files/folders do not get pushed into the container.</p>
### <a id='create-client-secret'></a> Adding a Client, Granting Permissions, and Setting a Secret
This example creates a new client and grants the necessary UAA permissions. A default client is used when the nozzle is deployed as a tile and these steps are not necessary. The Opentsdb Nozzle Credentials can also be retrieved and used instead of creating a custom client.
```
uaac target https://uaa.[your cf system domain]
uaac token client get admin -s [your admin-secret]
uaac client add firehose-to-newrelic \
--name firehose-to-newrelic \
--secret [your_client_secret] \
--authorized_grant_types client_credentials,refresh_token \
--authorities doppler.firehose,cloud_controller.admin_read_only
--scope doppler.firehose
```
* UAA Client ID would be firehose-to-newrelic
* UAA Client Secret would be the value set with --secret
### <a id='app-build'></a> Application Build and Deploy
The application is already built and ready to run on VMware Tanzu. If you make any changes to the code, or would like to run on other operating systems, you can rebuild the binary.
1. Edit the `GOOS` AND `GOARCH` variables in `release.sh`.
1. Execute `release.sh`
1. Retrieve the updated binary from the dist directory.
You can obtain a complete list of valid `GOOS` and `GOARCH` types from [Go Lang docs](https://golang.org/doc/install/source).
Once you build the binary and update the `manifest.yml` file with proper values, you can `cf push` the tile as an application.
## <a id='using-proxy'></a> Using Proxy Servers
If you need to use a proxy server in your environment, use the following environment variables:
* `http_proxy`
* `no_proxy`
You can specify the values for these properties during the setup of the tile in Ops Manager. If you use the app version of the Nozzle (running by `cf push`), you can set these environment variables at the end of the manifest.yml in the **env** section, or you can set them directly by running `cf set-env` as a CLI command.
### <a id='notes'></a> Notes
* These environment variables must be in lower case.
* You must set `http_proxy` to your proxy server address and port (i.e. `http://my_proxyserver:my_proxy_port`).
* You must set `no_proxy` to any address that you need to bypass. In order for the nozzle to work properly with proxies, you must bypass the `doppler` server (`doppler.YOUR-VMware Tanzu-DOMAIN.com`). Make sure you do not include the protocol and the port for `no_proxy`. Just add the server name.