Deploying in Amazon Web Services

Prerequisites and Guidelines

Cloud deployments are supported starting with Nexus Dashboard, Release 2.0.2b. Earlier releases support only the physical form factor described in Deploying as Physical Appliance.

Before you proceed with deploying the Nexus Dashboard cluster in Amazon Web Services (AWS), you must:

  • Review and complete the general prerequisites described in the Deployment Overview.

  • Ensure that the AWS form factor supports your scale and application requirements.

    Scale and application co-hosting vary based on the cluster form factor. You can use the Nexus Dashboard Capacity Planning tool to verify that the cloud form factor satisfies your deployment requirements.

  • Have appropriate access privileges for your AWS account.

    You must be able to launch multiple instances of Elastic Compute Cloud (m5.2xlarge) to host the Nexus Dashboard cluster.

  • Have at least 6 AWS Elastic IP addresses.

    A typical Nexus Dashboard deployment consists of 3 nodes with each node requiring 2 AWS Elastic IP addresses for the management and data networks.

    By default, your AWS account has lower elastic IP limit, so you may need to request an increase. To request IP limit increase:

    1. In your AWS console, navigate to Computer > EC2.

    2. In the EC2 Dashboard, click Network & Security > Elastic IPs and note how many Elastic IPs are already being used.

    3. In the EC2 Dashboard, click Limits and note the maximum number of EC2-VPC Elastic IPs allowed.

      Subtract the number of IPs already being used from the limit to get. Then if necessary, click Request limit increase to request additional Elastic IPs.

  • Create a Virtual Private Cloud (VPC).

    A VPC is an isolated portion of the AWS cloud for AWS objects, such as Amazon EC2 instances. To create a VPC:

    1. In your AWS console, navigate to Networking & Content Delivery Tools > VPC.

    2. In the VPC Dashboard, click Your VPCs and choose Create VPC. Then provide the Name Tag and IPv4 CIDR block.

      The CIDR block is a range of IPv4 addresses for your VPC and must be in the /16 to /24 range. For example, 10.9.0.0/16.

  • Create an Internet Gateway and attach it to the VPC.

    Internet Gateway is a virtual router that allows a VPC to connect to the Internet. To create an Internet Gateway:

    • In the VPC Dashboard, click Internet Gateways and choose Create internet gateway. Then provide the Name Tag.

    • In the Internet Gateways screen, select the Internet Gateway you created, then choose Actions > Attach to VPC. Finally, from the Available VPCs dropdown, select the VPC you created and click Attach internet gateway.

  • Create a routes table.

    Routes table is used for connecting the subnets within your VPC and Internet Gateway to your Nexus Dashboard cluster. To create a routes table:

    • In the VPC Dashboard, click Route Tables, choose the Routes tab, and click Edit routes.

    • In the Edit routes screen, click Add route and create a 0.0.0.0/0 destination. From the Target dropdown, select Internet Gateway and choose the gateway you created. Finally, click Save routes.

  • Create a key pair.

    A key pair consists of a private key and a public key, which are used as security credentials to verify your identity when connecting to an EC2 instance. To create a key pair:

    • Navigate to All services > Compute > EC2.

    • In the EC2 Dashboard, click Network & Security > Key Pairs. Then click Create Key Pairs.

    • Provide a name for your key pair, select the pem file format, and click Create key pair.

      This will download the .pem private key file to your system. Move the file to a safe location, you will need to use it the first time you log in to an EC2 instance's console.

    By default only PEM-based login is enabled for each node. If you'd like to be able to SSH into the nodes using a password, you will need to explicitly enable password-based logins. You can do that by logging into each node separately using the PEM file the first time, then executing the following command: 

    # acs login prompt-enable

Deploying the Cisco Nexus Dashboard in AWS

This section describes how to deploy Cisco Nexus Dashboard cluster in Amazon Web Services (AWS).

Before you begin

Procedure

Step 1

Subscribe to Cisco Nexus Dashboard product in AWS Marketplace.

  1. Log into your AWS account and navigate to the AWS Management Console

    The Management Console is available at https://console.aws.amazon.com/.

  2. Navigate to Services > AWS Marketplace Subscriptions.

  3. Click Manage Subscriptions.

  4. Click Discover products.

  5. Search for Cisco Nexus Dashboard and click the result.

  6. In the product page, click Continue to Subscribe.

  7. Click Accept Terms.

    It may take a couple of minutes for the subscription to be processed.

  8. Finally click Continue to Configuration.

Step 2

Select software options and region.

  1. From the Delivery Method dropdown, select Cisco Nexus Dashboard for Cloud.

  2. From the Software Version dropdown, select the version you want to deploy.

  3. From the Region dropdown, select the regions where the template will be deployed.

    This must be the same region where you created your VPC.

  4. Click Continue to Launch.

    The product page appears, which shows a summary of your configuration and enables you to launch the cloud formation template.

Step 3

From the Choose Action, select Launch CloudFormation and click Launch.

The Create stack page appears.

Step 4

Create stack.

  1. In the Prerequisite - Prepare template area, select Template is ready.

  2. In the Specify Template area, select Amazon S3 URL for the template source.

    The template will be populated automatically.

  3. Click Next to continue.

    The Specify stack details page appears.

Step 5

Specify stack details.

  1. Provide the Stack name.

  2. From the VPC identifier dropdown, select the VPC you created.

    For example, vpc-038f83026b6a48e98(10.176.176.0/24).

  3. In the ND cluster Subnet block, provide the VPC subnet CIDR block.

    Choose a subnet from the VPC CIDR that you defined. You can provide a smaller subnet or use the whole CIDR.

    For example, 10.176.176.0/24.

  4. From the Availability Zones dropdown, select one or more available zones.

    We recommend you choose 3 availability zones. For regions that support only 2 availability zones, 2nd and 3rd nodes of the cluster will launch in the second availability zone.

  5. From the Number of Availability Zones dropdown, select the number of zones you added in the previous substep.

    Ensure that the number matches the number of availability zones you selected in the previous substep.

Provide the rest of the node information.

  1. Enable Data Interface EIP support.

    This field enables external connectivity for the node. External connectivity is required for communication with Cisco ACI fabrics outside AWS.

  2. From the Instance type, select m5.2xlarge

  3. Provide the Cluster name.

    The cluster name must be the same across all nodes you deploy.

  4. Provide the Host name prefix.

    The template will deploy a 3-node cluster with each node using the Host name prefix and appending -1, -2, and -3 to create unique host names for each node.

  5. Provide the NTP servers information.

  6. Provide the Name servers information.

  7. (Optional) Provide the DNS search domains list.

  8. Provide the Application IP subnet.

    For example, 10.101.0.0/16.

  9. Provide the Service IP subnet.

    The services network is an internal network used by the Nexus Dashboard and its processes.

    For example, 10.102.0.0/16.

Finally, provide the login and access information.

  1. In the Password fields, provide the password.

    This password will be used for the Nexus Dashboard's rescue-user login, as well as the initial password for the GUI's admin user.

  2. From the SSH key pair dropdown, select the key pair you created.

  3. In the Access control field, provide the external network allowed to access the cluster.

    For example, 0.0.0.0/0 to be able to access the cluster from anywhere.

  4. Click Next to continue.

Step 6

In the Advanced options screen, simply click Next.

Step 7

In the Review screen, verify template configuration and click Create stack.

Step 8

Wait for the instance deployment to complete, then start the instance.

You can view the status of the instance deployment in the CloudFormation page, for example CREATE_IN_PROGRESS. You can click the refresh button in the top right corner of the page to update the status.

When the status changes to CREATE_COMPLETE, you can proceed to the next step.

Step 9

Verify that the cluster is healthy.

It may take up to 30 minutes for the cluster to form and all the services to start.

After all three nodes' status is CREATE_COMPLETE, proceed with the following substeps to verify cluster health.

  1. Verify that the AWS EC2 instances are up and running.

    Navigate to Services > EC2. Then confirm that the Status Checks tab displays 2/2 checks.

  2. Login in to one of the nodes.

    You will need to use the private key .pem file you downloaded when creating a key pair in the following command: 

    $ ssh -i <pem-file-name>.pem rescue-user@<node-ip-address>

  3. Verify that the cluster is up and running.

    You can check the current status of cluster deployment by logging in to any of the nodes and running the acs health command.

    While the cluster is converging, you may see the following outputs:

    $ acs health
k8s install is in-progress
    $ acs health
k8s services not in desired state - [...]
    $ acs health
k8s: Etcd cluster is not ready
    When the cluster is up and running, the following output will be displayed:
    $ acs health
All components are healthy

  4. Log in to the Nexus Dashboard GUI.

    After the cluster becomes available, you can access it by browsing to any one of your nodes' management IP addresses. The default password for the admin user is the same as the rescue-user password you chose for the first node of the Nexus Dashboard cluster.

    When you first log in, you will be prompted to change the password.

Step 10

(Optional) Enable password-based login.

By default only PEM-based login is enabled for each node. If you'd like to be able to SSH into the nodes using a password, you will need to explicitly enable password-based logins. You can do that by logging into each node separately using the PEM file the first time, then executing the following command:
# acs login-prompt enable