The Blue Medora Nozzle for PCF is a Cloud Foundry component that is required by the management pack in order to connect to the Cloud Foundry Loggregator Firehose. It exposes PCF metrics via a RESTful API.
Prerequisites
- You will need Blue Medora Nozzle for PCF credentials prior to deploying and configuring the Nozzle. See: Obtaining Nozzle, Cloud Controller, and BOSH Director Credentials (VMware Tanzu Application Service).
Recommended Deployment Method: Blue Medora Nozzle for PCF Tile
- Download the Blue Medora Nozzle for PCF Tile from the Pivotal Network, then follow the instructions for installing, configuring, and using the nozzle as documented on our Pivotal Partners documentation site.
Other Deployment Methods
Other deployment methods include:
- Cloud Foundry CLI method
- Clone from github method
- BOSH CLI method
Cloud Foundry CLI method
- Install the Cloud Foundry Command Line Interface (cf-cli) available from the Cloud Foundry CLI github repository.
- To deploy the nozzle, you must configure the manifest.yml, which is set up in a default configuration to be deployed as a cf app, as follows:
-
The BM_WEBSERVER_USE_SSL environment variable in the manifest.yml must be set to false during a cf app deployment as internal cloud foundry communication does not use SSL.
Note: We also recommend keeping the BM_STDOUT_LOGGING environment variable as true ; otherwise, the log files may grow quickly and use up the allocated disk space.
-
- Once the manifest.yml has been configured, run cf push from the cf-cli to install as a cf app.
Clone from github method
- Install the Go programming language (version 1.6+) on a machine that can connect to the Traffic Controller.
-
To deploy the nozzle, run the following command, which clones the nozzle files and dependencies from the github repo and sets them up in your Go environment:
go get github.com/BlueMedoraPublic/bluemedora-firehose-nozzle
BOSH CLI method
- Install the BOSH Command Line Interface (CLI) using the BOSH release available at: https://github.com/BlueMedoraPublic/bluemedora-firehose-nozzle-release
-
Deploy the nozzle as described in Cloud Foundry's Deploying a Nozzle to the Loggregator Firehose topic.
Note: For more information on setting up the BOSH manifest, see: BOSH's Deployment Manifest Schema documentation.
Configure the Nozzle
Complete the following tasks to configure the nozzle once it has been deployed:
All "Other" deployment methods must following the configuration tasks outlined below.
- Configure the bluemedora-firehose.nozzle.json file
- Generate SSL Certificates
Configure the bluemedora-firehose.nozzle.json file
To configure the Blue Medora Nozzle for PCF after deployment, modify the bluemedora-firehose-nozzle.json file (located in the configfolder of the nozzle files) as follows:
Field | Description |
---|---|
UAAURL | The UAA login URL of the Cloud Foundry deployment |
UAAUsername (UAA Client) | The UAA Client that has access to read from the Loggregator Firehose (See: Blue Medora Nozzle for PCF Credentials (UAA Client) on the page Obtaining Nozzle, Cloud Controller, and BOSH Director Credentials (VMware Tanzu Application Service)) |
UAAPassword (UAA Client password) | Password for the UAA Client (See: Blue Medora Nozzle for PCF Credentials (UAA Client) on the page Obtaining Nozzle, Cloud Controller, and BOSH Director Credentials (VMware Tanzu Application Service)) |
TrafficControllerURL | The URL for the Traffic Controller. To find the URL, follow the instructions outline at: https://docs.cloudfoundry.org/loggregator/architecture.html#firehose |
SubscriptionID | The subscription ID of the nozzle. For more information about subscription IDs and nozzle scaling, see: https://docs.cloudfoundry.org/loggregator/log-ops-guide.html#scaling-nozzles |
DisableAccessControl | If true, disables authentication with UAA. Used in lattice deployments |
InsecureSSLSkipVerify | If true, allows insecure connections to the UAA and Traffic Controller endpoints |
IdleTimeoutSeconds | The amount of time, in seconds, the connection to the firehose can be idle before disconnecting |
MetricCacheDurationSeconds | The amount of time, in seconds, the RESTful API web server will cache metric data. The higher this duration, the less likely the data will be correct for a certain metric as it could hold stale data. |
WebServerPort | Port to connect to the RESTful API (default: 443) |
An example configuration would look similar to the following:
{ “UAAURL”: “https://uaa.pcf.environment.com”, “UAAUsername”: “uaa_user”, “UAAPassword”: “password”, “TrafficControllerURL”: “wss://doppler.pcf.envrionment.com:443”, “SubscriptionID”: “bluemedora-nozzle-id”, “DisableAccessControl”: false, “InsecureSSLSkipVerify”: true, “IdleTimeoutSeconds”: 30, “MetricCacheDurationSeconds”: 60, “WebServerPort”: 443 }
Generate SSL Certificates
The Blue Medora Nozzle for PCF uses SSL for its REST webserver. In order to generate these certificates, run the following command and answer the questions at the prompts:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem
Run the Nozzle
Once you have deployed and configured the nozzle, you can run it using the following command:
go run main.go