Skip to content
Joe Hohertz edited this page May 28, 2014 · 5 revisions

HOME > BURI ROLE GUIDE > PRIAM

Priam is a Netflix OSS co-process providing for the management of an Apache Cassandra ring, including token management, and centralized configuration.

  1. Create Priam S3 bucket
  2. Configure local/site.yml and build AMI
  3. Create IAM role
  4. Create security group
  5. Setup launch configuration
  6. Launch per-zone autoscale groups
## Step 1: Create Priam S3 bucket
  1. Open the AWS S3 console
  2. Click "Create Bucket", provide a name, and ensure you select the correct region where you will deploy Priam.

The same S3 bucket can be used for multiple cassandra clusters, each using a folder within for their backups.

## Step 2: Configure local/site.yml and build AMI
  1. Edit local/site.yml in your Buri build tree and ensure the following is set as needed:

    # The bucket name setup in step 1.
    priam_s3_bucket: "vfs-priam"
    # The unique name for this cluster
    priam_clustername: "devapicounters"
    # If you are using VPC or not
    priam_vpc: true
    # If you are going to run the ring in multiple regions
    priam_multiregion_enable: false
    # Should ALWAYS be set to Ec2MultiRegionSnitch regardless of your deployment plans
    # UNLESS you are in a VPC, in which case this MUST be set to Ec2Snitch
    priam_endpoint_snitch: "org.apache.cassandra.locator.Ec2MultiRegionSnitch"
    # List the zones you will run the cluster in here.
    priam_zones_available: "us-east-1a,us-east-1d,us-east-1e"
    
  2. General SSL keys for the cassandra secure storage port

    ./create-priam-keys.sh
    
  3. Build the AMI for the Priam cluster

    ./resnap.sh <base-pvm-ami-ID> priam
    
## Step 3: Create IAM role
  1. In the AWS IAM console left-side menu, click "Roles"

  2. Click "Create New Role"

  3. Give it a name. ("Priam" is suggested)

  4. On the "Select Role Type" screen, click "Select" next to "Amazon EC2"

  5. Click "Custom Policy", then "Select"

  6. Under "Policy Name", give it the same name as in 3rd point of this section.

  7. Under "Policy Document", paste in the file policies/priam.sample from the Buri distribution

  8. Edit the following text in what was pasted, to reflect the S3 bucket you have created for Priam backups:

      "Resource": [
         "arn:aws:s3:::cassandra-archive/*",
         "arn:aws:s3:::cassandra-archive"
       ]
    
  9. Click "Continue" and then "Create Role" to complete creating the IAM role needed by Exihibitor.

## Step 4: Create security group

Note: there must be seperate security groups for each cluster, and they need specific names

  1. In the AWS EC2 console left-side menu, under "Network & Security", click "Security Groups"
  2. Click "Create Security Group"
  3. Give it a name, which must be the priam_cluster_name, prefixed with "priam-", IE: "priam-mycluster".
  4. Add a description and pick VPC if applicable.
  5. Add a rule to allow SSH from the source IPs you wish to administrate from
  6. Add a rule to allow port 8080 from the source IPs you wish to administrate from
  7. Click "Create"
  8. Make note of the security group ID, and edit the inbound rules for the security group again
  9. Add a rule to allow all TCP ports from 1024-65535 from other members of the security group. (IE: place the ID in the source column)
## Step 5: Setup launch configuration

Priam must be launched in an autoscaling group. This and the following step detail this as seen from the EC2 management console.

  1. In the AWS EC2 console left-side menu, under "Auto Scaling", click "Launch Configurations"

  2. Click "Create launch configuration"

  3. Select the AMI built in step 2

  4. Select a machine type. You want one with considerable storage and memory available, and ideally, solid state disks. This i2.* machine types are well suited. (Requires using HVM AMI type.)

  5. Name the launch configuration in the form: "clustername-useast1". Note the lack of dashes in the region name.

  6. Ensure the IAM role created in step 3 is selected.

  7. Under "Advanced Details", ensure "Assign a public IP to every instance" is selected if you are using a VPC.

  8. Ensure all the available instance stores are mapped if there is more than one ephemeral disk on your machine type.

  9. Select the security group created in step 4

  10. Review the settings and complete the setup.

## Step 6: Launch per-zone autoscale groups

It is important to understand that the parameters of the autoscale groups determine how priam will configure the underlying Cassandra ring, and influence token selection.

The following steps must be performed for each of the availability zones specified in priam_zones_available setting. (3 zones = 3 scale groups)

  1. In the AWS EC2 console left-side menu, under "Auto Scaling", click "Auto Scaling Groups"

  2. Click "Create Auto Scaling group"

  3. Select the launch configuration created in [step 5](step 5)

  4. In naming the group, it MUST be named in the form: "clustername-useast1a". Failing to do so will cause Priam to not be able find the node configuration.

  5. Select your VPC if you are using one, and pick the availability zone (not on VPC) or subnet (if on VPC), that correlates to the availability zone you are setting up this autoscale group for.

  6. Set the scaling parameters instance range to the same number. IE: if you are looking for 3 nodes per zone, set to "Scale between 3 and 3 instances"

  7. Setup notifications in whatever manner you see fit.

  8. Review and finalize

  9. Repeat for all remaining availability zones

Clone this wiki locally