Setting Up the Blue Medora Nozzle for PCF (VMware Tanzu Application Service)

The Blue Medora Nozzle for PCF is a Cloud Foundry component that is required by the management pack in order to connect to the Cloud Foundry Loggregator Firehose. It exposes PCF metrics via a RESTful API.

Prerequisites

You will need Blue Medora Nozzle for PCF credentials prior to deploying and configuring the Nozzle. See: Obtaining Nozzle, Cloud Controller, and BOSH Director Credentials (VMware Tanzu Application Service).

Recommended Deployment Method: Blue Medora Nozzle for PCF Tile

Download the Blue Medora Nozzle for PCF Tile from the Pivotal Network, then follow the instructions for installing, configuring, and using the nozzle as documented on our Pivotal Partners documentation site.

Other Deployment Methods

Other deployment methods include:

Cloud Foundry CLI method
Clone from github method
BOSH CLI method

Cloud Foundry CLI method

Install the Cloud Foundry Command Line Interface (cf-cli) available from the Cloud Foundry CLI github repository.
To deploy the nozzle, you must configure the manifest.yml, which is set up in a default configuration to be deployed as a cf app, as follows:
- The BM_WEBSERVER_USE_SSL environment variable in the manifest.yml must be set to false during a cf app deployment as internal cloud foundry communication does not use SSL.
  
  Note: We also recommend keeping the BM_STDOUT_LOGGING environment variable as true ; otherwise, the log files may grow quickly and use up the allocated disk space.
Once the manifest.yml has been configured, run cf push from the cf-cli to install as a cf app.

Clone from github method

Install the Go programming language (version 1.6+) on a machine that can connect to the Traffic Controller.
To deploy the nozzle, run the following command, which clones the nozzle files and dependencies from the github repo and sets them up in your Go environment:

go get github.com/BlueMedoraPublic/bluemedora-firehose-nozzle

BOSH CLI method

Install the BOSH Command Line Interface (CLI) using the BOSH release available at: https://github.com/BlueMedoraPublic/bluemedora-firehose-nozzle-release
Deploy the nozzle as described in Cloud Foundry's Deploying a Nozzle to the Loggregator Firehose topic.

Note: For more information on setting up the BOSH manifest, see: BOSH's Deployment Manifest Schema documentation.

Configure the Nozzle

Complete the following tasks to configure the nozzle once it has been deployed:

Caution: The following configuration sub-topics are not applicable to the r ecommended deployment method: Blue Medora Nozzle for PCF Tile (see: above).

All "Other" deployment methods must following the configuration tasks outlined below.

Configure the bluemedora-firehose.nozzle.json file
Generate SSL Certificates

Configure the bluemedora-firehose.nozzle.json file

To configure the Blue Medora Nozzle for PCF after deployment, modify the bluemedora-firehose-nozzle.json file (located in the configfolder of the nozzle files) as follows:


Field	Description
UAAURL	The UAA login URL of the Cloud Foundry deployment
UAAUsername (UAA Client)	The UAA Client that has access to read from the Loggregator Firehose (See: Blue Medora Nozzle for PCF Credentials (UAA Client) on the page Obtaining Nozzle, Cloud Controller, and BOSH Director Credentials (VMware Tanzu Application Service))
UAAPassword (UAA Client password)	Password for the UAA Client (See: Blue Medora Nozzle for PCF Credentials (UAA Client) on the page Obtaining Nozzle, Cloud Controller, and BOSH Director Credentials (VMware Tanzu Application Service))
TrafficControllerURL	The URL for the Traffic Controller. To find the URL, follow the instructions outline at: https://docs.cloudfoundry.org/loggregator/architecture.html#firehose
SubscriptionID	The subscription ID of the nozzle. For more information about subscription IDs and nozzle scaling, see: https://docs.cloudfoundry.org/loggregator/log-ops-guide.html#scaling-nozzles
DisableAccessControl	If true, disables authentication with UAA. Used in lattice deployments
InsecureSSLSkipVerify	If true, allows insecure connections to the UAA and Traffic Controller endpoints
IdleTimeoutSeconds	The amount of time, in seconds, the connection to the firehose can be idle before disconnecting
MetricCacheDurationSeconds	The amount of time, in seconds, the RESTful API web server will cache metric data. The higher this duration, the less likely the data will be correct for a certain metric as it could hold stale data.
WebServerPort	Port to connect to the RESTful API (default: 443)

An example configuration would look similar to the following:

{
“UAAURL”: “https://uaa.pcf.environment.com”, “UAAUsername”: “uaa_user”, “UAAPassword”: “password”,
“TrafficControllerURL”: “wss://doppler.pcf.envrionment.com:443”, “SubscriptionID”: “bluemedora-nozzle-id”, “DisableAccessControl”: false,
“InsecureSSLSkipVerify”: true, “IdleTimeoutSeconds”: 30,
“MetricCacheDurationSeconds”: 60,
“WebServerPort”: 443
}

Generate SSL Certificates

The Blue Medora Nozzle for PCF uses SSL for its REST webserver. In order to generate these certificates, run the following command and answer the questions at the prompts:

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem

Run the Nozzle

Once you have deployed and configured the nozzle, you can run it using the following command:

go run main.go