Hardening your Nucleator Installation and Launching Nucleator's User Interface

Provision and Configure Build Cage

Use Nucleator to create a build Cage for your specified initial Customer:

nucleator cage provision --cage build --customer <customer_name>
nucleator cage configure --cage build --customer <customer_name>

At this point you can look in the AWS Management Console and verify that EC2 instances exist in your account with host names bastion.build.<customer_domain> and nat.build.<customer_domain>.

Provision and Configure Builder Stackset

Now you need Nucleator to provision a builder StackSet within your build Cage.  As part of the builder Stackset, Nucleator provisions and configures:

1. an EC2 instance named nucleator that will be used to provision additional Cages and StackSets, launched with the IAM Instance Profile for the NucleatorAgent Role.  This allows the Nucleator instance to operate on AWS Accounts under Nucleator's management without needing to embed IAM user credentials on the instance.
2. a Nucleator User Interface instance with out-of-the-box Nucleator jobs defined that can be used to initiate the creation of additional Cages and Stacksets.  This instance is named nucleator-ui.build.<customer_domain>.
3. an Artifactory instance which provides a repository for deployable artifacts which comprise your applications, named artifactory.build.<customer_domain>.

To initiate creation of the builder Stackset in the build Cage:

cd ~/.nucleator/siteconfig/
sh make-self-signed-crt <customer_name> <cage_name> <customer_domain> Note: The password asked for by the script must match the jenkins_keystore_password in the <customer>-credentials.yml file in your .nucleator directory
nucleator builder provision --cage build --customer <customer_name>
nucleator builder configure --cage build --customer <customer_name>

Verify that EC2 instances exist in your account with host prefixes artifactory, nucleator-ui and nucleator.

Important Note:

Due to an AWS API call issue  on account that pre-date VPCs it is possible that the setup wizard may have recorded incorrect availability zones (AZ) in the {customer}.yml siteconfig file.  If this has occured Nucleator cage provision will fail in creating one or more VPC.  Example output for such a failure:

TASK: [cage_provision | provision cage via cloudformation] ********************
Thursday 12 March 2015 13:40:08 -0600 (0:00:00.001) 0:03:17.341 ********
*******************************************************************************
failed: [localhost] => {"changed": true, "events": ["StackEvent AWS::CloudFormation::Stack cage-build-test5-acme CREATE_FAILED", "StackEvent AWS::CloudFormation::Stack Vpc CREATE_FAILED", "StackEvent AWS::CloudFormation::Stack Vpc CREATE_IN_PROGRESS", "StackEvent AWS::CloudFormation::Stack Vpc CREATE_IN_PROGRESS", "StackEvent AWS::CloudFormation::Stack cage-build-test5-acme CREATE_IN_PROGRESS"], "failed": true, "output": "Stack CREATE failed", "stack_outputs": {}}

FATAL: all hosts have already failed -- aborting

PLAY RECAP ********************************************************************
Thursday 12 March 2015 13:41:22 -0600 (0:01:14.905) 0:04:32.246 ********
*******************************************************************************
to retry, use: --limit @/home/silver/cage_provision.retry 

localhost : ok=49 changed=10 unreachable=0 failed=1

Script Execution Time: 272.57 Seconds
ERROR: Non-zero return code from playbook. 

captured stderr:

exiting with return code 1...

If this occurs please reference troubleshooting tips for methods for detection and resolution.

Access the Nucleator User Interface

Once the builder Stackset has been provisioned and configured, you can access Nucleator's jenkins-based User Interface at https://nucleator-ui.build.<customer_domain>, for example: https://nucleator-ui.build.47lining.com

Next: Now you are ready to create other Cages and Stacksets via Nucleator's jenkins-based UI.  See Using the Nucleator User Interface.  You can also continue Using the Nucleator Command Line Interface from its secure home within AWS.