Deployment Prerequisites (Linux)

Create a Deployment

Prerequisites: Requires 'actor' user role privileges in the RightScale account.

The first step is to create a new deployment for the project. It's not recommended that you use the "Default" deployment or an existing deployment for new development because you do not want to accidentally inherit any unknown configuration settings. Therefore, it's recommended to always create a new deployment when you start a new project. Be sure to use a unique and descriptive nickname for each deployment. (e.g. My Project Name)

1. Go to Manage > Deployments. Click New and provide the following information:
   • Nickname - User-defined name for the deployment. 
   • Description - A short, internal-only description of the deployment.

Tip: Most users find it useful to create a bookmark in the left-hand pane of the dashboard that links to the deployment's Servers tab.

Create DNS Records

In a typical 3-tier architecture setup, DNS A records are used to create fully qualified domain names (FQDNs) that map to a particular server or tier of servers. The digram below shows a typical example of a 3-tier website architecture.

In this type of architecure, the application servers locate the "master" database server by using Master-DB's FQDN (e.g. db-master.example.com), which points to the Master-DB's private IP address. Similarly, front-end web traffic can be routed to a FQDN (e.g. www.example.com) where each load balancer server has a DNS record for that FQDN so that incoming requests are routed to one of the load balancer servers. Since the IP address of an instance in the cloud is often dynamically assigned at launch time, you are required to use a DNS provider that supports dynamic DNS (i.e. the ability to dynamically update the IP address of an A record) for the Master-DB server (at a minimum). You can also use the same DNS provider for creating FQDNs for the load balancer servers. However, since they do not require the use of dynamic DNS, any DNS provider can be used.

TTLs

When you create the DNS records, it's important to set appropriate TTLs to ensure that servers will not stay connected to an old IP address that is no longer assigned to a functional server. For example, the DNS record that points to the "master" database server should have a low TTL to ensure that the application servers will connect to the correct server within a reasonable amount of time. It's strongly recommended that you use a TTL of 60 seconds for the DNS record that points to the "master" database server.

Note: If you are using Rackspace's Cloud DNS service, you must use a TTL of 300 seconds because that is the lowest allowable TTL. Be sure to change the 'Database DNS TTL Limit' input from 60 (default) to 300.

You will need to create DNS records for the following servers:

• Each Load Balancer Server
• Master Database Server
• Slave Database Server (optional)

RightScale's ServerTemplates contain scripts that support one of the following DNS providers. Create an account with one of the DNS providers below and set up the A records accordingly.

• Domain Setup with DNSMadeEasy
• Domain Setup with DynDNS
• Domain Setup with Amazon's Route 53 (Aws DNS)
• Domain Setup with Cloud DNS

Create Common Credentials

Prerequisites: Requires 'designer' user role privileges in the RightScale account to create a new credential.

Note: Only the user who created the credential and any 'admin' users will be able to view and modify an existing credential. 

Credentials are a way of passing sensitive information to a script (as an input) in a discrete manner without making the actual value visible in the Dashboard. As a best practice, many of the ServerTemplates published by RightScale are preconfigured to use certain credentials. It's recommended that you create these common credentials in your own account. If they already exist and apply to a different deployment, you might want to create a new set of credentials to avoid any conflicts. In such cases, it's helpful to use a common prefix to group the credentials together. (e.g. APP1_DBADMIN_USER)

If you try to launch a server where one of the inputs references a credential that does not exist in the RightScale account, you will receive an error message and will not be able to launch the server. Therefore, it's best to create any required credentials before you configure and launch a server. Depending on your cloud provider and backup storage selections, you may want to create additional credentials.

At a minimum, create the following credentials. See Create a New Credential for more information.

Note: If you are going through the 3-tier tutorial and are using the provided sample application and database files for testing purposes, use the sample "3 Tier Tutorial" values highlighted below.

• DBADMIN_USER - Username of a database user with administrator privileges. Use this credential for the "Database Admin Username" input.
  • 3 Tier Tutorial: admindb
• DBADMIN_PASSWORD - Password for DBADMIN_USER. Use this credential for the "Database Admin Password" input.
  • 3 Tier Tutorial: admindb
     
• DBAPPLICATION_USER - User name of a database user with user-level privileges. Use this credential for the "Database Application Username" input.
  • 3 Tier Tutorial: 1234
• DBAPPLICATION_PASSWORD - Password for DBAPPLICATION_USER. Use this credential for the "Database Application Password" input.
  • 3 Tier Tutorial: 1234
     
• DBREPLICATION_USER - Username of a database user with replication permissions on the server. Use this credential for the "Database Replication Username" input.
  • 3 Tier Tutorial: dbrpl
• DBREPLICATION_PASSWORD - Password for DBREPLICATION_USER. Use this credential for the "Database Replication Password" input.
  • 3 Tier Tutorial: dbrpl
     
• DNS_USER* - Username that's used to log into your DNS provider and update DNS records. It's commonly used to update the A record with the private IP address of the "master" database server. Use this credential for the "DNS User" input.
• DNS_PASSWORD* - Password for DNS_USER. Use this credential for the "DNS Password" input.

* If you use Amazon Route 53 as your DNS provider, you do not need to set up separate DNS user name and password credentials because your AWS credentials are used for authentication purposes. 

Amazon S3

If you are using Amazon S3 to store binary database backups or retrieve a "private" file from an S3 bucket, you will need to use the following AWS credentials. Fortunately, these credentials are automatically created when AWS credentials are added to a RightScale account. Although, they are available for use when you define your inputs, they will not be listed under Design > Credentials.
Note: AWS credentials are located under Settings > Account Settings > Clouds.

• AWS_ACCESS_KEY_ID - Amazon access key ID for authentication.
• AWS_SECRET_ACCESS_KEY - Amazon secret key corresponding to AWS_ACCESS_KEY_ID.

Rackspace Cloud Files

If you want to use Rackspace Cloud Files for storing binary database backups, you will need to create the following credentials.

• RACKSPACE_USERNAME - The username used to log into Rackspace's Cloud Control Panel. Use this credential for the "Backup Primary User" and/or the "Secondary Backup User" input if you are using Rackspace Cloud Files for primary and/or secondary backups. 
• RACKSPACE_AUTH_KEY - The Rackspace account API key. Use this credential for the "Backup Primary Secret" and/or the "Secondary Backup Secret" input if you are using Rackspace Cloud Files for primary and/or secondary backups.

SoftLayer Object Storage

If you want to use SoftLayer's Object Storage for storing binary database backups, you will need to create the following credentials. See Set up SoftLayer Object Storage.

• SOFTLAYER_USER_ID - The username of a SoftLayer User with API privileges. Use this credential for the "Backup Primary User" and/or the "Secondary Backup User" input if you are using SoftLayer Object Storage for primary and/or secondary backups. (e.g. SLOS123456-1:SL123456)
• SOFTLAYER_API_KEY - The matching SoftLayer API Access Key for the specified SoftLayer user. Use this credential for the "Backup Primary Secret" and/or the "Secondary Backup Secret" input if you are using SoftLayer Object Storage for primary and/or secondary backups. (e.g. 68734787202aecdef123767678asdf72364872asdf468273478237as287df67)

Source Control Management (SVN, GitHub)

If you are using a source control management (SCM) system to host your application code, you will need to create the following credentials to retrieve your source code from the specified repository.

• GIT_SSH_KEY - A valid SSH Key for accessing a private repository hosted on GitHub.com. Use this credential for the "SSH Key" input. 
   
• SVN_USERNAME - The SVN username that has access to the specified repository. Use this credential for the "SVN username" input.
• SVN_PASSWORD - Password for SVN_USERNAME. Use this credential for the "SVN password" input.

Secure Sockets Layer (SSL)

If you are using SSL to support HTTPS access, you should create credentials for any of the following values that apply. See How do I create an SSL certificate for my web server?

• LB_STATUS_USERNAME - Optional user name to require in order to log in to the HAProxy status report page.
• LB_STATUS_PASSWORD - Optional password corresponding to LB_STATUS_USERNAME.
• SSL_CERTIFICATE - Contents of the X.509/PEM-format SSL server certificate used for enabling HTTPS communications.
• SSL_CERTIFICATE_CHAIN - The certificate authority (CA) certificate chain associated with the server certificate used to set up HTTPS communications.
• SSL_CERTIFICATE_KEY - The SSL server certificate's private key, in PEM format.
• SSL_PASSPHRASE - If required by an SSL certificate, you must provide the passphrase so Apache can start.

Create Cloud-specific Resources

Prerequisites: Requires 'actor' user role privileges in the RightScale account to create SSH Keys and Elastic IPs, and 'security_manager' privileges to create security groups.

Each cloud infrastructure is unique and requires different resources in order to launch a server in their cloud. Depending on the type of cloud infrastructure that you're going to use to launch servers, you will find it useful to create some of the required cloud-specific resources beforehand so that you can select them in the "Add Server Wizard" when you add servers into a deployment. Cloud resources are also cloud-specific. For example, you cannot launch an EC2 instance in the 'us-east' region with an 'us-west' security group. 

Warning!
If you are following a standard 3-tier tutorial for testing and demonstration purposes only, you can create a single security group with the following permissions. If you are building a 3-tier deployment for a production environment, you should consider using more robust security group settings. See Configure Multiple Security Groups for a Multi-Tiered Deployment.