Configuring the TrilioVault Controller Cluster
The TrilioVault Appliance requires configuration to work with the chosen RHV environment. A Web-UI provides access to the TrilioVault Appliance dashboard and configurator.
Recommended and tested browsers are Google Chrome, Microsoft Edge, and Mozilla Firefox.
To access the TrilioVault Dashboard after a fresh deployment it is required to setup a local DNS entry. This is required as Kubernetes is working using FQDNs instead of IPs.
The following entry needs to be done in the hostfile of the local system:
Enter the TrilioVault IP or FQDN into the browser to reach the TrilioVault Appliance landing page.
User: admin Password: password
You will be prompted to change the Web-UI password on first login.
After the password has been changed you will be logged out and have to login using the new password.
Upon login into the TrilioVault Appliance, the shown page is the configurator. The configurator requires some information about the TrilioVault Appliance, RHV and Backup Storage.
The TrilioVault Appliance needs to be integrated into an existing environment to be able to operate correctly. This block asks for information about the TrilioVault Appliance operating details.
- Name Servers
- The DNS server the TrilioVault appliance will use.
- Format: Comma separated list of IPs
- Example: 126.96.36.199,10.10.10.10
- Domain Search Order
- The domain the TrilioVault Appliance will use.
- Format: Comma separated list of domain names
- Example: trilio.demo,trilio.io
- NTP Servers
- NTP Servers the TrilioVault Appliance will use.
- Format: Comma separated list of NTP Servers (FQDN and IP supported)
- Example: 0.pool.ntp.org,10.10.10.10
- Timezone the TrilioVault will use.
- Format: predefined list
- Example: UTC
The TrilioVault appliance integrates with one RHV environment. This block asks for the information required to access and connect with the RHV Cluster.
- RHV Engine URL
- URL of the RHV-Manager used to authenticate
- Format: URL (FQDN and IP supported)
- Example: https://rhv-manager.trilio.demo
A preconfigured DNS Server is required, when using FQDN. The TrilioVault Appliance local host file gets overwritten during configuration. The configuration will fail when the FQDN is not resolvable by a DNS Server.
- RHV Username
- admin-user to authenticate against the RHV-Manager
- The password to validate the RHV Username against the RHV-Manager
- Format: String
- Example: password
Invalid Credentialserror message will be displayed when the TrilioVault Appliance cannot reach the RHV Manager or credentials given are incorrect.
This block asks for the necessary details to configure the Backup Storage.
- Backup Storage
- NFS or S3
- NFS Export
- Full path to the NFS Volume used as Backup Storage
- Format: Comma separated list of NFS paths
- Example: 10.10.100.20:/rhv_backup
- NFS Options
Note:- Make sure the NFS server supports the NFSv3 as Trilio Mounts the NFS share explicitly with NFSv3
- Options used by the TrilioVault NFS client to connect to the NFS Volume
- Format: NFS Options
- Example: nolock,soft,timeo=180,intr
- Amazon or Ceph or Local Ceph
- Amazon expects to connect to AWS services
- Ceph allows connecting to any S3 bucket that is either not using SSL or a trusted SSL certificate
- Local Ceph allows connecting to any S3 that is either not using SSL or a self-signed certificate
- [Ceph and Local Ceph only] Use SSL
- Activate when the S3 endpoint is secured
- Access Key
- Access Key necessary to login into the S3 storage
- format: access key
- example: SFHSAFHPFFSVVBSVBSZRF
- Secret Key
- Secret Key necessary to login into the S3 storage
- format: secret key
- example: bfAEURFGHsnvd3435BdfeF
- Configured Region for the S3 Bucket
- use us-east-1 for Ceph and Local Ceph
- format: String
- example: us-east-1
- [Ceph and Local Ceph only] Endpoint URL
- URL to be used to reach and access the provided S3 compatible storage
- format: URL
- example: https://objects.trilio.io
- Bucket Name
- Name of the bucket to be used as Backup target
- format: string
- example: Trilio-backup
- [Local Ceph with active SSL only] Cert
- Upload area for the certificate to be used when connecting with the S3 storage
- format: certificate
TrilioVault is integrating into the RHV Cluster as an additional service, following the RHV communication paradigms. These require that the TrilioVault Appliance is using SSL and that the RHV-Manager does trust the TrilioVault Appliance.
TrilioVault offers to possibilities how these required certificates can be provided. Either TrilioVault generates a complete fresh self-signed certificate or a certificate is provided.
In both cases is the FQDN required, to which the certificate is pointing to.
Please see below example in case of a provided certificate.
- FQDN to reach the TrilioVault Appliance
- Format: FQDN
- Example: rhv-tvm.trilio.demo
- Certificate provided by the TrilioVault appliance upon request
- Format: Certificate file
- Example: rhv-tvm.crt
- Private Key
- Private Key used to verify the provided certificate
- Format: private key file
- Example: rhv-tvm.key
It is possible to directly provide the TrilioVault Appliance with the license file that is going to be used by it.
TrilioVault will not create any workloads or backups without a valid license file.
It is not necessary to provide the License file directly through the configurator. It is also possible to provide the license afterwards through the TrilioVault License tab in the TrilioVault dashboard.
The TrilioVault License tab can also be used to verify and update the currently installed license.
After filling out every block of the configurator, hit the submit button to start the configuration.
The configurator asks one more time for confirmation before starting.
While the configurator is running the live output from the ansible playbooks is shown. Some of the tasks can take multiple minutes until they are finished without an update to the output.
Wait until the configurator has either finished or failed.
Once the TrilioVault Controller Cluster is successfully configured the FQDN will have been changed to the one used for production.
It is recommended to delete the setup localhost entry and use a full-fledged DNS entry in a DNS server now.