Skip to content

Windows Management Server

The Windows Management server is part of the Remote deployment model Deployment and platforms.

Windows Management server is the server used for installing and maintaining the IFS Cloud middle tier and its infrastructure.

This server is a prerequisite for continuing the installation with the IFS Cloud installer.

*** Throughout this guide IFS recommends using Powershell over CMD when possible***

How To Setup An Environment

Download the artifacts as described in IFS Lifecycle Experience Guide

Once downloaded, right click the downloaded zip files and click properties. In properties, tick the unblock checkbox at the bottom and click ok.

Unzip both zip's to the same windows folder path (eg: "Extract Here"). It will create a folder structure as shown below,

Folder Structure

FolderStructure NOTE: the filename of config\ifscloud-values.yaml is important.

Main Configuration Parameters File

The main_config.json file located at ./ifsroot/config.

Parameter Description Required
Ifs.Base Base Script Location. Mandatory, Must keep Default value.
Ifs.Logs All Log Location. Mandatory, Must keep Default value.
Ifs.LinuxUserName Management Server UserName. Mandatory. Must keep Default value.
Ifs.Linuxhost Management Server Host Name. Mandatory.
Ifs.ScriptsFName Management Server Script Execution Folder Name. Mandatory, Must keep Default value.
Ifs.ScriptsLocal Local Utility Script Location. Mandatory, Must keep Default value.
Ifs.ScriptsLinux Management Server Script Copy Folder Name. Mandatory, Must keep Default value.
Ifs.KubeConfigPath Folder That Holds or Will Store the Kubeconfig. Mandatory, Must keep Default value.
Ifs.PowershellPath External Powershell Module Location. Mandatory, Must keep Default value.
Ifs.NugetVersion Nuget Version used by Powershells. Mandatory, Must keep Default value.
Ifs.localPowershellAssembliesPath Default Windows Location for Storing Provider Assemblies. Mandatory. Set new value only if needed.
Ifs.localPSRepositoryName Local Powershell Repository Name. Mandatory. Set new value only if needed.
Ifs.PoshVersion Compatible Posh Module Version. Mandatory, Must keep Default value.
Ifs.PrvKeyFile Management Server Private Key Location. Optional, Set new value only if needed.
Ifs.JFrogArtifactoryUri IFS JFrog Artifactory Url. Mandatory. Set new value only if needed.
Ifs.JFrogArtifactoryDockerRepo IFS JFrog Artifactory Docker Repo Name. Mandatory. Set new value only if needed.
Ifs.JFrogArtifactoryDockerRepoPath IFS JFrog Artifactory Docker Repo Path. Mandatory. Set new value only if needed.
Ifs.JFrogArtifactoryRemoteRepo IFS JFrog Artifactory Remote Repo Name. Optional.
Ifs.JFrogArtifactoryRemoteRepoVersion IFS JFrog Artifactory Remote Repo Artifacts Version. Optional.
Ifs.JFrogArtifactoryHelmRepoName IFS JFrog Artifactory Helm Hosting Artifactory Name. Mandatory. Set new value only if needed.
Ifs.JFrogArtifactoryThirdPartyRepo IFS JFrog Artifactory Third Party Repo Name. Optional.
Ifs.JFrogArtifactoryHelmRepo IFS JFrog Artifactory Helm Repo Name. Mandatory. Set new value only if needed.
Ifs.JFrogArtifactoryHelmMonitoringVersion IFS JFrog Artifactory Helm Monitoring Artifacts Version. Mandatory, Set new value only if needed.
Ifs.JFrogArtifactoryHelmIngressVersion IFS JFrog Artifactory Helm Ingress Artifacts Version. Mandatory, Set new value only if needed.
Ifs.KubectlVersion Compatible Kubectl Client Version. Mandatory, Must keep Default value.
Ifs.HelmVersion Compatible Helm Version. Mandatory, Must keep Default value.
Ifs.StepVersion Compatible Step Version. Mandatory, Must keep Default value.
Ifs.HtpasswdVersion Compatible Htpasswd Version. Mandatory, Must keep Default value.
Ifs.OpenJDKVersion Compatible JDK Version. Mandatory, Must keep Default value.
Ifs.Dns DNS used by Kubernetes. Mandatory. Set new value only if needed.
Ifs.MaxVMRebootWaitSecs Maximum Wait Time for Management Server Restart. Mandatory, Set new value only if needed.
Ifs.IFSCloudNamespace IFS Cloud Namespace Name. Mandatory.
Ifs.FirewallPorts Additional Firewall Ports to open in Firewall. Optional.
Ifs.ManagementServerIP Windows Management Server IP. Mandatory.
Ifs.PodCidrRange Pod IP Range to use for the Kubernetes Cluster. Mandatory. Set new value only if needed.
Ifs.LocalNetworkIpRange Local Network IP Range. Mandatory.
IfsMonitoring.ReleaseName IFS Monitoring Release Name. Mandatory. Set new value only if needed.
IfsMonitoring.ElasticsearchHost IFS Monitoring ElasticSearch Host Name. Mandatory. Set new value only if needed.
IfsMonitoring.ElasticsearchPort IFS Monitoring ElasticSearch Port. Mandatory. Set new value only if needed.
IfsMonitoring.ElasticsearchPath IFS Monitoring ElasticSearch Path. Mandatory. Set new value only if needed.
IfsRemoteLogClient.ElasticsearchLogPath IFS Remote Log Client ElasticSearch Path. Mandatory. Set new value only if needed.
IfsRemoteLogClient.InitialLogFetchInterval IFS Remote Log Client Initial Log Fetch Interval. Optional. Default value is two days.
IfsRemoteLogClient.LogRetentionSize IFS Remote Log Client Log Retention Size. Optional. Default value is 50 files.
IfsRemoteLogClient.SingleResponseSize IFS Remote Log Client Single Response Size. Optional. Default value is 5000 hits per response.
IfsRemoteLogClient.LogFileSize IFS Remote Log Client Log File Size. Optional. Default value is 10MB.

Parameters required for the Main Powershell Script action

Command Description
-action action to execute resource
-resource resource to execute
-verbosePref verbose required or not ('enable' or 'disable'), disabled by default

Open a Powershell window where ifs remote folder structure was extracted.

Name the top folder a unique name e.g. same as the namespace of the middle tier.

Continue to execute the following commands in the Powershell window.


1. Initialize & Install

Go through the steps for each of the following capabilities in the Advanced section and fill the necessary values in main_config.json.

This step completes installation of below capabilities.

  • Initialize Powershell modules
  • Create SSH key for remote access to Middle Tier Server.
  • Install or Reinstall Kubernetes cluster.
  • Get the kubeconfig file from the Kubernetes cluster in Middle Tier Server.
  • Disable AppArmor Profile.
  • Set CoreDNS DNS server.
  • Enable Middle-Tier Server Firewall
  • Check Middle-Tier Server Firewall Status
  • Install ifs-ingress helm chart - When Installing ifs-ingress, At the first time you will be prompted for JFrog Artifactory credentials.

Pre-Requisites :

  • Open the main_config.json file located at ifsroot/config
  • Check whether localPowershellAssembliesPath value exists or not, if not then create the empty folders manually.
  • Change the "Linuxhost" variable to your linux box host name.
  • By default, the DNS used by Kubernetes points to 8.8.8.8 8.8.4.4. Edit the #Dns# tag in config\main_config.json and set it to the corporate DNS. If using a list of DNS:es, use space as separator.
  • To enable firewall, Fill the "ManagementServerIP" variable to your workstation windows ip.

To start the installation from 'Initialize Powershell modules' to 'Install ifs-ingress helm chart' in one-go use the below command, you also have the choice to follow commands one-by-one only for the above mentioned capabilities referring the Advanced section.

Command :

ps> .\main.ps1

2. Configure Java, Helm and Kubectl

Java, Helm and Kubectl are required to run the ifscloud installer and need to be accessible from a powershell prompt. Add the full path to ifsroot\bin\jdk-14\bin and to ifsroot\bin to your windows path. (open app "edit system environment variables") or add them to the PATH environment variable.

Open a new powershell and try to start java, helm and kubectl from there.

ps> java -version  

ps> helm version  

ps> kubectl version  

All commands above should successfully show the version of the respective tool.

3. Install ifs-monitoring helm chart command.

IMPORTANT: Before installing ifs-monitoring you need to have IFS Cloud installed. Furthermore open the main_config.json file located at ifsroot/config and fill the "IFSCloudNamespace" variable to the namespace given at the time of IFS Cloud installation.

This command will install ifs-monitoring helm chart to the middle tier server.

At the first time you will be prompted for JFrog Artifactory credentials if you have not used them before.

Contact LE if you don't have these credentials yet.

ps> .\main.ps1 -resource 'MONITORING'  

4. Install ifs remote log client command.

This command will create the remote log client and a windows schedule task named IfsRemoteLogClientSchedule.

If there is a windows schedule task named IfsRemoteLogClientSchedule already in Windows Task Scheduler, that needs to be deleted from Windows Task Scheduler before running this command.

ps> .\main.ps1 -resource 'LOGGING'  

Advanced

Initialize Powershell modules.

This command will install the necessary Powershell modules that is needed to communicate with the middle tier server.

IMPORTANT: Before running the below command check whether localPowershellAssembliesPath value mentioned in main_config.json file (located at ifsroot/config) exists or not, if not then create the empty folders manually.

ps> .\main.ps1 -resource 'INIT'  

Create SSH key for remote access to Middle Tier Server.

This command will create authentication keys needed to communicate between the middle tier server.

IMPORTANT: Before continuing open the main_config.json file located at ./config. You will then need to change the "Linuxhost" variable to your linux Middle-Tier Server host name.

ps> .\main.ps1 -resource 'KEY'  

Accept all the prompts (eg: yes/y) and give the middle-tier server user (eg: ifs) password when required.

Install or Reinstall Kubernetes cluster.

This command Install Kubernetes into the Middle-Tier Server.

If a Kubernetes Cluster already exists in the Middle-Tier Server, the entire existing Kubernetes Cluster will be removed and a fresh Kubernetes Cluster re-installed again.

ps> .\main.ps1 -resource 'KUBERNETES'

Accept all the prompts (eg: yes/y) and give the middle-tier server user (eg: ifs) password when required.

Get the kubeconfig file from the Kubernetes cluster in Middle Tier Server.

This command grabs the kube config file from the Kubernetes cluster and copies it over to the Windows VM. This file is used to access Kubernetes when used with command line tools such as kubectl and helm.

ps> .\main.ps1 -resource 'GETKUBECONFIG'  

Copy the file ifsroot\config\kube\config to c:\users\.kube

ps> mkdir $HOME\.kube
ps> copy .\config\kube\config $HOME\.kube\  

Disable AppArmor Profile

Disable AppArmor Profile for the Kubernetes Cluster. If an error "container process caused apparmor failed to apply profile: write /proc/self/attr/exec: operation not permitted" (or similar) is displayed in pods, this command needs to be re-applied as apparmor profiles might have been reloaded.

ps> .\main.ps1 -resource "DISABLEAPPARMORPROFILE"  

Set CoreDNS DNS server (Optional)

By default, the DNS used by Kubernetes points to 8.8.8.8 8.8.4.4. This scripts is only needed if an internal DNS is needed (e.g. if public DNS:es are blocked or if internal hosts needs to be resolved by the pods)

Edit the #Dns# tag in config\main_config.json and set it to the corporate DNS. If using a list of DNS:es, use space as separator.

ps> .\main.ps1 -resource "SETK8SDNS"  

Install ifs-ingress helm chart.

This command will install ifs-ingress helm chart to the middle tier server.

At the first time you will be prompted for JFrog Artifactory credentials if you have not used them before.

Contact LE if you don't have these credentials yet.

IMPORTANT: After installing ifs-ingress helm chart using the below command, you need to wait few minutes till all pods in ifs-ingress namespace start-up before installing IFS Cloud

ps> .\main.ps1 -resource 'INGRESS'  

Check Middle-Tier Server Firewall Status (Optional).

Check the status of the firewall

ps> .\main.ps1 -resource 'FIREWALL' -status 'STATUS'

Enable Middle-Tier Server Firewall

Enable the firewall

IMPORTANT: Before enabling the firewall add the ip range that the application would be accessed from. For that, open the main_config.json file located at ifsroot/config and fill the "ManagementServerIP" variable to the ip range. e.g. 10.0.0.0/8

ps> .\main.ps1 -resource 'FIREWALL' -status 'ENABLE'

Disable Middle-Tier Server Firewall (Optional).

Disable the firewall

ps> .\main.ps1 -resource 'FIREWALL' -status 'DISABLE'

Allow access to Additional Ports of the Middle-Tier Server in Firewall (Optional).

Allows access to additional Ports of the Middle-Tier Server in Firewall

IMPORTANT: Before allowing accessto additional Ports of the Middle-Tier Server in Firewall. Open the main_config.json file located at ifsroot/config and fill the "FirewallPorts" variable with the port(s). e.g. You can allow multiple (TCP or UDP) ports in this way: "8080,9000/tcp" Or you can add a range of ports in this way "11200:11299/tcp"

ps> .\main.ps1 -resource 'FIREWALL' -status 'ENABLE-PORTS'

Get Middle-Tier Server Process Information. (Optional)

This command will display the Middle-Tier Linux Server Process Information.

ps> .\main.ps1 -resource 'REMOTE-TOP'

Download and Install latest Security Updates for the Middle-Tier Linux VM. (Optional)

Download and Install latest Security updates / patches for the Middle-Tier Linux VM.

ps> .\main.ps1 -resource 'SECURITYUPDATES'

Reboot Middle-Tier Server. (Optional)

This command will reboot the Linux Middle-Tier VM.

ps> .\main.ps1 -resource 'REBOOT-LINUXBOX'

Change Pod IP Range. (Optional)

Change the Kubernetes pod IP address range if it conflicts with the local network

IMPORTANT: Before run the script change the LocalNetworkIpRange value in main_config.json file (located at ifsroot/config) to your local network ip range. It will check your local network ip range conflict with the Kubernetes default pod ip range. If it conflicts change the PodCidrRange to new ip range that run the script again. Kubernetes default pod ip range is "10.1.0.0/16".

ps> .\main.ps1 -resource 'CHANGE-POD-IP-RANGE'

Get Powershell Help

ps> Get-Help .\main.ps1

Accept all the prompts

Next step is to install ifscloud

Read about it here Deploy Fresh install