Public Cloud VM Setup¶
There are a few details to keep in mind when configuring a VM in a public cloud for hosting a Bayware Agent or Engine. This next section comments on those points generally and subsequent sections reference public cloud providers more specifically.
This guide does not replace public cloud provider documentation. Users should follow steps provided by their cloud provider when spinning up a VM while ensuring VMs meet Bayware requirements.
Agent Installation Requirements¶
Public IP Address¶
The Controller must be reachable by both Agent and Engine via IP. If this is possible with a private IP address, a public IP address is not required.
Any required public IP address may be dynamic.
Private IP Address¶
The Controller must be reachable by both Agent and Engine via IP. If this is possible with a private IP address, this is usually a more affordable option.
A private IP address may be dynamic.
IP Forwarding¶
IP Forwarding is generally disabled by default on new images. Agents do not require IP Forwarding so it should be disabled.
Security¶
Ingress ports UDP:4500 and UDP:500 must be opened up on firewalls for all VMs.
Hostname¶
VMs are identified by hostname by both Agent and Engine. Modifying hostname causes certificates to be regenerated.
Public Cloud Provider Tips for Agent Installation¶
Amazon Web Services¶
Follow AWS instructions for using public and private IP addresses and opening firewall ports.
You can set the hostname on a RHEL/CentOS VM after instance creation by executing the following Linux command with root privileges
hostnamectl set-hostname --static <new_hostname>
Then modify /etc/cloud/cloud.cfg by adding the line preserve_hostname: true
to the end of the file. Restart the VM for changes to take effect.
Microsoft Azure¶
Follow Azure instructions for using public and private IP addresses and opening firewall ports.
Be sure to set desired hostname during instance creation. This cannot be changed later.
Google Cloud Platform¶
GCP requires all recommended settings to be configured during instance creation.
Engine Installation Requirements¶
Public IP Address¶
The Controller must be reachable by both Agent and Engine via IP. If this is possible with a private IP address, a public IP address is not required.
Any required public IP address must be static.
Private IP Address¶
The Controller must be reachable by both Agent and Engine via IP. If this is possible with a private IP address, this is usually a more affordable option.
A private IP address must be static.
IP Forwarding¶
IP Forwarding must be enabled on all Engines.
Security¶
Ingress ports UDP:4500 and UDP:500 must be opened up on firewalls for all VMs.
Hostname¶
VMs are identified by hostname by both Agent and Engine. Modifying hostname causes certificates to be regenerated.
Public Cloud Provider Tips for Engine Installation¶
Amazon Web Services¶
Follow AWS instructions for using public and private IP addresses and opening firewall ports.
You can set the hostname on a RHEL/CentOS VM after instance creation by executing the following Linux command with root privileges
hostnamectl set-hostname --static <new_hostname>
Then modify /etc/cloud/cloud.cfg by adding the line preserve_hostname: true
to the end of the file. Restart the VM for changes to take effect.
To enable IP Forwarding, select the VM instance then navigate to Actions->Networking->Change Source/Dst. Check. Disable source/destination check.
Microsoft Azure¶
Follow Azure instructions for using public and private IP addresses and opening firewall ports.
Be sure to set desired hostname during instance creation. This cannot be changed later.
Enable IP Forwarding after instance creation by selecting the interface and going to its IP Configuration menu. Turn IP Forwarding ON.
Google Cloud Platform¶
GCP requires all recommended settings to be configured during instance creation.