|
| 1 | +DNAT Micro-service |
| 2 | +=== |
| 3 | + |
| 4 | +The DNAT micro-service provides a single service for multiple AMP servers to make |
| 5 | +concurrent changes to the DNAT rules on a vcloud-director gateway. This will |
| 6 | +prevent a race condition that can occur as the vCD REST API requires that the full |
| 7 | +list of DNAT rules be download, modified, then the complete list uploaded in order |
| 8 | +to make changes to the rules. |
| 9 | + |
| 10 | +The instructions below assume that the micro-service is running on the same server |
| 11 | +as AMP, which may not be the case in production. If the micro-service and AMP |
| 12 | +are running on different servers, the endpoint configured in brooklyn.properties |
| 13 | +should be changed to reflect the address of the micro-service instead of 'localhost' |
| 14 | + |
| 15 | +NOTE: There should be one and only one DNAT micro-service per vOrg. If multiple |
| 16 | +rAMP servers are targeting the same vOrg (such as in development / test) then all |
| 17 | +rAMP servers should be using the same micro-service. |
| 18 | + |
| 19 | +To deploy the micro-service: |
| 20 | + |
| 21 | +* Build the `vcloud-director-nat-microservice` project, which will create a |
| 22 | +distributable .tar.gz file at `target/brooklyn-networking-vcloud-director-nat-microservice-dist.tar.gz` |
| 23 | + |
| 24 | +* Unpack the tarball to a suitable location |
| 25 | + |
| 26 | +* Create a file at `~/.brooklyn/dnat-microservice.properties` and set the endpoint, |
| 27 | +trustStore and trustStorePassword for each vCD named location that you have defined |
| 28 | +in your brooklyn.properties. E.g. if you have two named locations defined by |
| 29 | +'brooklyn.location.named.my-vorg-1=XXXXX' and 'brooklyn.location.named.my-vorg-2=XXXX' |
| 30 | +you would use the following: |
| 31 | + |
| 32 | +``` |
| 33 | +my-vorg-1.endpoint=https://mycompany.vchs.vmware.com |
| 34 | +my-vorg-1.trustStore= |
| 35 | +my-vorg-1.trustStorePassword= |
| 36 | +
|
| 37 | +my-vorg-2.endpoint=https://vchs.mycompany.com |
| 38 | +my-vorg-2.trustStore= |
| 39 | +my-vorg-2.trustStorePassword= |
| 40 | +``` |
| 41 | + |
| 42 | + |
| 43 | + * The endpoint should be the URL used to define the location, but should *not* |
| 44 | +include `/api` at the end. Both trustStore and trustStorePassword should be blank. |
| 45 | +NOTE: No credentials are defined in the micro-service properties file; the |
| 46 | +credentials are passed to the micro-service REST API and are not stored by the |
| 47 | +micro-service. |
| 48 | + |
| 49 | + * To start the microservice, run the following from the folder that the tarball |
| 50 | +was extracted to: |
| 51 | + |
| 52 | +``` |
| 53 | +nohup ./start.sh launch --endpointsProperties ~/.brooklyn/dnat-microservice.properties & |
| 54 | +``` |
| 55 | + |
| 56 | + * To enable AMP to use the service, add the following to you `brooklyn.properties` |
| 57 | +file and restart rAMP: |
| 58 | + |
| 59 | +``` |
| 60 | +# Enable NAT micro-service |
| 61 | +advancednetworking.vcloud.network.microservice.endpoint=https://localhost:8443 |
| 62 | +``` |
0 commit comments