Deploying Cloud Native Qumulo on AWS with CloudFormation

This section explains how to deploy Cloud Native Qumulo (CNQ) by creating the persistent storage and the cluster compute and cache resources with CloudFormation. It also provides information about post-deployment actions and optimization.

For an overview of CNQ on AWS, its prerequisites, and limits, see How Cloud Native Qumulo Works.

The aws-cloudformation-cnq.zip file contains comprehensive CloudFormation templates that let you deploy S3 buckets and then create a CNQ cluster with 4 to 24 instances that adhere to the AWS Well-Architected Framework and have fully elastic compute and capacity.

Prerequisites

This section explains the prerequisites to deploying CNQ on AWS.

To allow your Qumulo instance to report metrics to Qumulo, your AWS VPC must have outbound Internet connectivity through a NAT gateway or a firewall. Your instance shares no file data during this process.

Important
Connectivity to api.missionq.qumulo.com is required for a successful deployment of a Qumulo instance and the formation of a quorum.

The following features require specific versions of Qumulo Core:

Feature	Minimum Qumulo Core Version
Adding S3 buckets to increase persistent storage capacity Increasing the soft capacity limit for an existing CNQ cluster	7.2.1.1
S3 Intelligent-Tiering storage class Infrequent Access S3 access tier	7.2.0.2
Creating persistent storage Important You must create persistent storage by using a separate CloudFormation stack before you deploy the compute and cache resources for your cluster.	7.1.3 with version 4.0 of this repository

Before you configure your CloudFormation template, you must sign in to the AWS Management Console.

A custom IAM role or user must include the following AWS services:
- cloudformation:*
- ec2:*
- elasticloadbalancing:*
- iam:*
- kms:*
- lambda:*
- logs:*
- resource-groups:*
- route53:*
- s3:*
- secretsmanager:*
- sns:*
- ssm:*
- sts:*
Note
Although the AdministratorAccess managed IAM policy provides sufficient permissions, your organization might use a custom policy with more restrictions.

How the CNQ Provisioner Works

The CNQ Provisioner is an m5.large EC2 instance that uses custom user data to configure your Qumulo cluster and any additional AWS environment requirements.

Important
Don’t delete the CNQ Provisioner’s EC2 instance. It is necessary for EC2 updates.

The Provisioner stores all necessary state information in the AWS Parameter Store and shuts down automatically when it completes any of its following major tasks:

Click to expand

Qumulo Cluster Configuration

Forms the first quorum with specific Hot or Cold parameters
Adds nodes to the quorum (when expanding the cluster)
Assigns floating IP addresses to nodes in the cluster
Manages cluster replacement (new compute and cache resources) for changing instance sizes
Manages the addition of S3 buckets and soft capacity limit increases
Changes the administrative password

AWS Configuration

Checks for connectivity to Amazon S3
Checks for the presence of an S3 Gateway in the VPC (this is required for provisioning)
Checks that all S3 buckets are empty before forming quorum
Checks for connectivity to the public Internet running a curl command against api.missionq.qumulo.com/
Assigns a policy to the top-level CloudFormation stack to protect the cluster during subsequent stack updates
Configures the throughput and IOPS for the EBS gp3 volume
Tags EBS volumes with the stack name and volume type
Tracks software versions, cluster IP addresses, instance IDs, and UUID in the AWS Parameter Store
Tracks the last-run-status for the Provisioner in the Parameter Store
Configures Termination Protection for the stack and the EC2 Instances

Step 1: Deploying Cluster Persistent Storage

This section explains how to deploy the S3 buckets that act as persistent storage for your Qumulo cluster.

Log in to Nexus, click Downloads > Deployment on AWS, and then download the CloudFormation template, Debian package, and host configuration file.
In your S3 bucket, create the qumulo-core-install directory. Within this directory, create another directory with the Qumulo Core version as its name. The following is an example path:
```
my-s3-bucket-name/my-s3-bucket-prefix/qumulo-core-install/7.2.3
```
Tip
Make a new subdirectory for every new release of Qumulo Core.
Copy qumulo-core.deb and host_configuration.tar.gz into the directory named after the Qumulo Core version (in this example, it is 7.2.3).
Copy aws-cloudformation-cnq.zip to the my-s3-bucket-name/my-s3-bucket-prefix/aws-cloudformation-cnq directory. and decompress it.
Clone the aws-cloudformation-cnq.zip file to an S3 bucket and find the URL to templates/persistent-storage.template.yaml. For example:
```
https://my-bucket.s3.us-west-2.amazonaws.com/aws-cloudformation-cnq/templates/persistent-storage.template.yaml
```
Tip
Make a new subdirectory for every new release of Qumulo Core.
Log in to the AWS CloudFormation console.
On the Stacks page, in the upper right, click Create stack > With new resources (standard).
On the Create stack page, in the Specify template section, click Amazon S3 URL, enter the URL to persistent-storage.template.yaml, and then click Next.
On the Specify stack details page, enter the Stack name and review the information in the Parameters section:
1. Enter the S3 bucket Region.
2. Select the Soft Capacity Limit for the subsequent CNQ deployment.
3. Click Next.
On the Configure stack options page, click Next.
On the Review and create page, click Submit.

CloudFormation creates S3 buckets and their stack.

Step 2: Deploying Cluster Compute and Cache Resources

This section explains how to deploy compute and cache resources for a Qumulo cluster by using a Ubuntu AMI and the Qumulo Core .deb installer.

Important

Only when the CloudFormation stack finishes running should you begin to monitor the AWS Parameter Store for the last-ran-status value for the provisioning instance. Until the provisioning instance shuts down automatically, the provisoning process isn't complete and the Qumulo cluster isn't yet functional.
If you plan to deploy multiple Qumulo clusters, give the q_cluster_name variable a unique name for each cluster.
(Optional) If you use Amazon Route 53 private hosted zones, give the q_fqdn_name variable a unique name for each cluster
Familiarize yourself with how the CNQ on AWS Provisioner works and don't interfere with its operation.

Configure your VPC to use the gateway VPC endpoint for S3.

Important
It isn’t possible to deploy your cluster without a gateway.
Log in to the AWS CloudFormation console.
On the Stacks page, in the upper right, click Create stack > With new resources (standard).
On the Create stack page, in the Specify template section, click Amazon S3 URL, enter the URL to cnq-standard-template.yaml, and then click Next.
On the Specify stack details page, enter the Stack name and review the information in the Parameters section, and then click Next.
On the Configure stack options page, click Next.
On the Review and create page, click Submit.

CloudFormation creates S3 buckets and their stack.
To log in to your cluster’s Web UI, use the IP address from the top-level stack output as the endpoint and the username and password that you have configured during deployment as the credentials.

Important
If you change the administrative password for your cluster by using the Qumulo Web UI, qq CLI, or REST API after deployment, you must add your new password to AWS Secrets Manager.

You can use the Web UI to create and manage NFS exports, SMB shares, snapshots, and continuous replication relationships You can also join your cluster to Active Directory, configure LDAP, and perform many other operations.
Mount your Qumulo file system by using NFS or SMB and your cluster’s DNS name or IP address.

Tip
You can configure DNS names with a Route 53 private hosted zone by using a template.

Step 3: Performing Post-Deployment Actions

This section describes the common actions you can perform on a CNQ cluster after deploying it.

Adding a Node to an Existing Cluster

Important
To add a node to an existing cluster, the total node count must be greater than that of the current deployment.

Log in to the AWS CloudFormation console.
On the Stacks page, select your compute and cache deployment stack and then, in the upper right, click Update.
On the Update stack page, click Use existing template and then click Next.
On the Specify stack details page, enter a new value for Node Count and then click Next.
On the Configure stack options page, click Next.
On the Review <my-stack-name> page, click Rollback on failure and then click Submit.
To ensure that the Provisioner shut downs automatically, review the /qumulo/my-stack-name/last-run-status parameter in the AWS Parameter Store.
To check that the cluster is healthy, log in to the Web UI.

Removing a Node from an Existing Cluster

Removing a node from an existing cluster is a two-step process. First, you remove the node from the cluster’s quorum. Next, you tidy up your AWS resources.

Step 1: Remove the Node from the Cluster’s Quorum

You must perform this step while the cluster is running.

Copy the remove-nodes.sh script from the utilities directory to an AWS Linux 2 AMI running in your VPC.
Tip
- To make the script executable, run the chmod +x remove-nodes.sh command.
- To see a list of required parameters, run remove-nodes.sh
Run the remove-nodes.sh script and specify the AWS region, the unique deployment name, the current node count, and the final node count.

In the following example, we reduce a cluster from 6 to 4 nodes.
```
./remove-nodes.sh \
  --region us-west-2 \
  --qstackname my-unique-deployment-name \
  --currentnodecount 6 \
  --finalnodecount 4
```
When prompted, confirm the nodes’ removal.
To check that the cluster is healthy, log in to the Web UI.

Step 2: Tidy Up Your AWS Resources

On the Stacks page, select your compute and cache deployment stack and then, in the upper right, click Update.
On the Update stack page, click Use existing template and then click Next.
On the Specify stack details page, enter a lower value for Node Count (for example, 4) and then click Next.
On the Configure stack options page, click Next.
On the Review <my-stack-name> page, click Rollback on failure and then click Submit.

The node and the infrastructure associated with the node are removed.
To check that the cluster is healthy, log in to the Web UI.

Changing the EC2 Instance Type for an Existing Cluster

Changing the EC2 instance type is a three-step process. First, you create a new deployment in a new CloudFormation stack (this process ensures that the required instances are available) and join the new instances to a quorum. Next, you clean up your S3 bucket policies. Finally, you remove the existing instances.

Important
To avoid a number of potential issues, you must perform this cluster replacement procedure as a two-quorum event. For example, if you stop the existing instances by using the AWS Management Console and change the instance types, two quorum events occur for each node and the read and write cache isn’t optimized for the instance type. Moreover, your system might experience resource constraints before you can change the type of every instance.

Step 1: Create a New Deployment in a New Terraform Workspace

Log in to the AWS CloudFormation console.
On the Stacks page, in the upper right, click Create stack > With new resources (standard).
On the Create stack page, in the Specify template section, click Amazon S3 URL, enter the URL to your CloudFormation template, and then click Next.
On the Specify stack details page, to use the same S3 buckets as before, enter the same Stack name as the one you used for the persistent storage stack name and then review the information in the Parameters section:
1. For QReplacementCluster, click Yes.
2. For QExistingDeploymentUniqueName, enter the current stack name.
3. For QInstanceType, enter the EC2 instance type.
4. (Optional) To change the number of nodes, enter the QNodeCount
5. Click Next.
On the Configure stack options page, click Next.
On the Review and create page, click Submit.
To ensure that the Provisioner shut downs automatically, review the /qumulo/my-stack-name/last-run-status parameter in the AWS Parameter Store.
To check that the cluster is healthy, log in to the Web UI.

Step 2: Remove the Existing Instances

To delete the previous CloudFormation stack, on the Stacks page, select the stack name for your previous deployment and then, in the upper right, click Delete.
To ensure that the stack is deleted correctly, watch the deletion process.

The previous instances are deleted.

Note
The persistent storage deployment remains in its original CloudFormation stack. You can perform the next cluster replacement procedure in the original CloudFormation stack, and so on.

Step 3: Clean Up S3 Bucket Policies

On the Stacks page, select the newly created stack and then, in the upper right, click Update.
On the Update stack page, click Use existing template and then click Next.
On the Specify stack details page, for QReplacementCluster, click No.
On the Configure stack options page, click Next.
On the Review <my-stack-name> page, click Rollback on failure and then click Submit.

Increasing the Soft Capacity Limit for an Existing Cluster

Increasing the soft capacity limit for an existing cluster is a two-step process. First, you set new persistent storage parameters. Next, you set new compute and cache deployment parameters.

Step 1: Set New Persistent Storage Parameters

On the Stacks page, select your persistent storage stack and then, in the upper right, click Update.
On the Update stack page, click Use existing template and then click Next.
On the Specify stack details page, enter a higher value for QSoftCapacityLimit and then click Next.
On the Configure stack options page, click Next.
On the Review <my-stack-name> page, click Rollback on failure and then click Submit.

Terraform creates new S3 buckets as necessary.

Step 2: Update Existing Compute and Cache Resource Deployment

On the Stacks page, select your compute and cache deployment stack and then, in the upper right, click Update.
On the Update stack page, click Use existing template and then click Next.
On the Specify stack details page click Next.
On the Configure stack options page, click Next.
On the Review <my-stack-name> page, click Rollback on failure and then click Submit.

Terraform updates the necessary IAM roles and S3 bucket policies, adds S3 buckets to the persistent storage list for the cluster, and increases the soft capacity limit. When the Provisioner shuts down automatically, this process is complete.

Deleting an Existing Cluster

Deleting a cluster is a two-step process. First, you delete your Cloud Native Qumulo resources. Next you delete your persistent storage.