LATEST VERSION: 1.3 - CHANGELOG
Pivotal Cloud Cache for PCF v1.3

Pivotal Cloud Cache Operator Guide

This document describes how a Pivotal Cloud Foundry (PCF) operator can install, configure, and maintain Pivotal Cloud Cache (PCC).

Requirements for Pivotal Cloud Cache

Service Network

You must have access to a Service Network in order to install PCC.

Installing and Configuring Pivotal Cloud Cache

Follow the steps below to install PCC on PCF:

  1. Download the tile from the Pivotal Network.
  2. Click Import a Product to import the tile into Ops Manager.
  3. Click the + symbol next to the uploaded product description.
  4. Click on the Cloud Cache tile.
  5. Complete all the configuration steps in the Configure Tile Properties section below.
  6. Return to the Ops Manager Installation Dashboard and click Apply Changes to complete the installation of the PCC tile.

Configure Tile Properties

Configure the sections listed on the left side of the page.

Tile Configuration Sections

After you complete a section, a green check mark appears next to the section name. Each section name must show this green check mark before you can complete your installation.

Assign Availability Zones and Networks

To select AZs and networks for VMs used by PCC, do the following:

  1. Click Assign AZs and Networks.

  2. Configure the fields on the Assign AZs and Networks pane as follows:

    FieldInstructions
    Place singleton jobs in Select the region that you want for singleton VMs.
    Balance other jobs in Select the AZ(s) you want to use for distributing other GemFire VMs. Pivotal recommends selecting all of them.
    Network Select your PAS (or Elastic Runtime) network.
    Service Network Select the network to be used for GemFire VMs.

  3. Click Save.

Settings: Smoke Tests

The smoke-tests errand that runs after tile installation. The errand verifies that your installation was successful. By default, the smoke-test errand runs on the system org and the p-cloudcache-smoke-test space.

Note: Smoke tests will fail unless you enable global default application security groups (ASGs). You can enable global default ASGs by binding the ASG to the system org without specifying a space. To enable global default ASGs, use cf bind-running-security-group.

To select which plan you want to use for smoke tests, do the following:

  1. Click Settings.

  2. Select a plan to use when the smoke-tests errand runs.

    Ensure the selected plan is enabled and configured. For information about configuring plans, see Configure Service Plans below. If the selected plan is not enabled, the smoke-tests errand fails.

    Pivotal recommends that you use the smallest four-server plan for smoke tests. Because smoke tests create and later destroy this plan, using a very small plan reduces installation time. Configuring Smoke Tests Plan

  3. Click Save.

Settings: Allow Outbound Internet Access

By default, outbound internet access is not allowed from service instances.

If BOSH is configured to use an external blob store, you need allow outbound internet access from service instances. Log forwarding and backups, which require external endpoints, might also require internet access.

To allow outbound internet access from service instance, do the following:

  1. Click Settings.

  2. Select Allow outbound internet access from service instances (IaaS-dependent).

    Outbound Internet Access

    Note: Outbound network traffic rules also depend on your IaaS settings. Consult your network or IaaS administrator to ensure that your IaaS allows outbound traffic to the external networks you need.

  3. Click Save.

Syslog

By default, syslog forwarding is not enabled in PCC. However, PCC supports forwarding syslog to an external log management service (for example, Papertrail, Splunk, or your custom enterprise log sink). The broker logs are useful for debugging problems creating, updating, and binding service instances.

To enable remote syslog for the service broker, do the following:

  1. Click Syslog. Configuring Log Management Service
  2. Configure the fields on the Syslog pane as follows:

    FieldInstructions
    Enable Remote Syslog Click to select this button.
    External Syslog Address Enter the address or host of the syslog server for sending logs, for example, logs.example.com.
    External Syslog Port Enter the port of the syslog server for sending logs, for example,29279.
    Enable TLS for Syslog Click to enable secure log transmission through TLS. Otherwise, remote syslog sends unencrypted logs.
    Permitted Peer for TLS Communication. This is required if TLS is enabled. If there are several peer servers that can respond to remote syslog connections, then provide a regex, such as *.example.com.
    CA Certificate for TLS Communication If the server certificate is not signed by a known authority, for example, an internal syslog server, provide the CA certificate of the log management service endpoint.
    Send service instance logs to external By default, only the broker logs are forwarded to your configured log management service. If you want to forward server and locator logs from all service instances, select this. This lets you monitor the health of the clusters, although it generates a large volume of logs.

    If you don’t enable this, you get only the broker logs which include information about service instance creation, but not about on-going cluster health.

  3. Click Save.

Configure Service Plans

You can configure five individual plans for your developers. Select the Plan 1 through Plan 5 tabs to configure each of them.

Configuring a Plan

The Plan Enabled option is selected by default. If you do not want to add this plan to the CF service catalog, select Plan Disabled. You must enable at least one plan.

The Plan Name text field allows you to customize the name of the plan. This plan name is displayed to developers when they view the service in the Marketplace.

The Plan Description text field allows you to supply a plan description. The description is displayed to developers when they view the service in the Marketplace.

The Enable metrics for service instances checkbox enables metrics for service instances created using the plan. Once enabled, the metrics are sent to the Loggregator Firehose.

The CF Service Access drop-down menu gives you the option to display or not display the service plan in the Marketplace. Enable Service Access displays the service plan the Marketplace. Disable Service Access makes the plan unavailable in the Marketplace. If you choose this option, you cannot make the plan available at a later time. Leave Service Access Unchanged makes the plan unavailable in the Marketplace by default, but allows you to make it available at a later time.

The Service Instance Quota sets the maximum number of PCC clusters that can exist simultaneously.

When developers create or update a service instance, they can specify the number of servers in the cluster. The Maximum servers per cluster field allows operators to set an upper bound on the number of servers developers can request. If developers do not explicitly specify the number of servers in a service instance, a new cluster has the number of servers specified in the Default Number of Servers field.

The Availability zones for service instances setting determines which AZs are used for a particular cluster. The members of a cluster are distributed evenly across AZs.

WARNING! After you’ve selected AZs for your service network, you cannot add additional AZs; doing so causes existing service instances to lose data on update.

The remaining fields control the VM type and persistent disk type for servers and locators. The total size of the cache is directly related to the number of servers and the amount of memory of the selected server VM type. We recommend the following configuration:

  • For the VM type for the Locator VMs field, select a VM that has at least 2 CPUs, 1 GB of RAM and 4 GB of disk space.
  • For the Persistent disk type for the Locator VMs field, select 10 GB or higher.
  • For the VM type for the Server VMs field, select a VM that has at least 2 CPUs, 4 GB of RAM and 8 GB of disk space.
  • For the Persistent disk type for the server VMs field, select 10 GB or higher.

When you finish configuring the plan, click Save to save your configuration options.

Configure a Dev Plan

A Dev Plan is a type of service plan. Use a Dev Plan for development and testing. The plan provides a single locator and server, which are colocated within a single VM.

The page for configuring a Dev Plan is similar to the page for configuring other service plans. To configure the Dev Plan, input information in the fields and make selections from the options on the Plan for test development page.

Dev Plan Configuration Sections

If you have enabled post-deploy scripts in your Ops Manager Director, a region is automatically created. To confirm that post-deploy scripts are enabled, navigate to the Director Config pane of Ops Manger Director and verify that Enable Post Deploy Scripts is selected.

Enable post deploy scripts

Errands

By default, post-deploy and pre-delete errands always run. Pivotal recommends keeping these defaults. However, if necessary, you can change these defaults as follows.

For general information about errands in PCF, see Managing Errands in Ops Manager

  1. Click Errands.

  2. Change the setting for the errands.

  3. Click Save.

Stemcell

Ensure you import the correct type of stemcell indicated on this tab.

You can download the latest available stemcells from the Pivotal Network.

Monitoring Pivotal Cloud Cache Service Instances

PCC clusters and brokers emit service metrics. You can use any tool that has a corresponding Cloud Foundry nozzle to read and monitor these metrics in real time.

The table below shows the metrics emitted through the CF Nozzle and their corresponding Key Performance Indicator (KPI) guidelines.

Metric Name Description Metric Type Suggested Measurement Measurement Type Warning Threshold Critical Threshold Suggested Actions Why a KPI?
member.UsedMemoryPercentage RAM being consumed percent Average over last 10 minutes avg 75% 85%
serviceinstance.MemberCount Returns the number of members in the distributed system. number Every second count < manifest member count This depends on the expected member count, which is available in the BOSH manifest. If the number expected is different from the number emitted, this is a critical situation that may lead to data loss, and the reasons for node failure should be investigated by examining the service logs. Member loss due to any reason can cause potential data loss.
serviceinstance.TotalHeapSize Returns the total available heap (in megabytes) across all distributed members. number Every second pulse If the total heap size and used heap size are too close, the system might see thrashing due to GC activity. This increases latency.
serviceinstance.UsedHeapSize Returns the total heap used on all members. number Every second pulse If the total heap size and used heap size are too close, the system might see thrashing due to GC activity. This increases latency.
member.GarbageCollectionCount Returns the number of times garbage collection has occurred. number Sum over 10 minutes sum Dependent on IaaS and app use case. Dependent on IaaS and app use case. Check the number of queries run against the system, which increases the deserialization of objects and increases garbage. If the frequency of GC is high, the system might see high CPU usage, which causes delays in the cluster.
member.HostCpuUsage (process cpu usage) Amount of CPU utilization percent Average over 10 minutes avg 85% 95% If this is not happening with high GC activity, the system is reaching its limits. Horizontal scaling might help. High CPU usage causes delayed responses and can also make the member non-responsive. This eventually causes it to be kicked out of the cluster, potentially leading to data loss.
member.GetsAvgLatency Returns the cache get average latency. number Average over 10 minutes avg Dependent on IaaS and app use case. Dependent on IaaS and app use case. If this is not happening with high GC activity, the system is reaching its limit. Horizontal scaling might help. A good indicator of the overall responsiveness of the system. If this number is high, the service administrator should diagnose the root cause.
member.PutsAvgLatency Returns the cache put average latency. number Average over 10 minutes avg Dependent on IaaS and app use case. Dependent on IaaS and app use case. If this is not happening with high GC activity, the system is reaching its limit. Horizontal scaling might help. A good indicator of the overall responsiveness of the system. If this number is high, the service administrator should diagnose the root cause.
member.JVMPauses Returns the number JVM pauses number Sum over 2 seconds sum Dependent on IaaS and app use case. Dependent on IaaS and app use case. Check the cached object size; if it is greater than >1 MB, you may be hitting the limitation on JVM to garbage collect this object. Otherwise, you may be hitting the utilization limit on the cluster, and will need to scale up to add more memory to the cluster. Due to a JVM pause, the member stops responding to “are-you-alive” messages, which may cause this member to be kicked out of the cluster.
member.FileDescriptorLimit Returns the maximum number of open file descriptors allowed for the member’s host operating system. number Every second pulse If total FD open is higher than total FD available, it causes the member to stop responding and crash.
member.TotalFileDescriptorOpen Returns the current number of open file descriptors. number Every second pulse If total FD open is higher than total FD available, it causes the member to stop responding and crash.
serviceinstance.UnusedHeapSizePercentage Returns the proportion of available heap size as a percentage percent Every second compound metric 40% 10% If this is a spike due to eviction catching up with insert frequency, then customers need to keep a close watch that it should not hit the RED marker. If there is no eviction, then horizontal scaling is suggested If the total heap size and used heap size are too close, system might see thrashing due to GC activity. This increases the latency
member.FileDescriptorRemaining Returns the number of available File Descriptors number Every second compound metric 1000 100 You need to scale horizontally to increase capacity If total FD open is higher than total FD available, it causes the member to stop responding and crash.

This table shows the metrics emitted through the CF Nozzle for gateway senders and gateway receivers.

Metric Name Description Metric Type Measurement Type
gatewaySender.<sender-id>.EventQueueSize The current size of the gateway sender queue. number count
gatewaySender.<sender-id>.EventsReceivedRate A count of the events coming from the region to which the gateway sender is attached. It is the count since the last time the metric was checked. The first time it is checked, the count is of the number of events since the gateway sender was created. number count
gatewaySender.<sender-id>.EventsQueuedRate A count of the events queued on the gateway sender from the region. This quantity of events might be lower than the quantity of events received, as not all received events are queued. It is a count since the last time the metric was checked. The first time it is checked, the count is of the number of events since the gateway sender was created. number count
gatewayReceiver.EventsReceivedRate A count of the events received from the gateway sender which will be applied to the region on the gateway receiver’s site. It is the count since the last time the metric was checked. The first time it is checked, the count is of the number of events since the gateway receiver was created. number count

This table shows the metrics emitted through the CF Nozzle for disks.

Metric Name Description Metric Type Measurement Type
diskstore.DiskWritesAvgLatency The average latency of disk writes in nanoseconds. number time in nanoseconds
diskstore.TotalSpace The total number of bytes on the attached disk. number count
diskstore.UseableSpace The total number of bytes of available space on the attached disk. number count

Monitoring PCC Service Instances with Prometheus

Prometheus is one of various tools you can use to monitor services instances. It is a monitoring and alerting toolkit that allows for metric scraping. You can use the Firehose exporter to export all the metrics from the Firehose, which you can then graph with Grafana to monitor your PCC cluster.

Follow the instructions here to deploy Prometheus alongside your PCF cluster.

Prometheus can be deployed on any IaaS. You need to verify that the Firehose exporter job can talk to your UAA VM. This might involve opening up firewall rules or enabling your VM to allow outgoing traffic.

Grafana Example

You can run queries on, and build a custom dashboard of, specific metrics that are important to you.

Upgrading Pivotal Cloud Cache

Follow the steps below to upgrade PCC:

  1. Download the new version of the tile from the Pivotal Network.
  2. Upload the product to Ops Manager.
  3. Click Add next to the uploaded product.
  4. Click on the Cloud Cache tile and review your configuration options.
  5. Click Apply Changes.

Updating Pivotal Cloud Cache Plans

Follow the steps below to update plans in Ops Manager.

  1. Click on the Cloud Cache tile.
  2. Click on the plan you want to update under the Information section.
  3. Edit the fields with the changes you want to make to the plan.
  4. Click Save button on the bottom of the page.
  5. Click on the PCF Ops Manager to navigate to the Installation Dashboard.
  6. Click Apply Changes.

Plan changes are not applied to existing services instances until you run the upgrade-all-service-instances BOSH errand. You must use the BOSH CLI to run this errand. Until you run this errand, developers cannot update service instances.

Changes to fields that can be overridden by optional parameters, for example num_servers or new_size_percentage, change the default value of these instance properties, but do not affect existing service instances.

If you change the allowed limits of an optional parameter, for example the maximum number of servers per cluster, existing service instances in violation of the new limits are not modified.

When existing instances are upgraded, all plan changes are applied to them.

Uninstalling Pivotal Cloud Cache

To uninstall PCC, follow the steps from below from the Installation Dashboard:

  1. Click the trash can icon in the bottom-right-hand corner of the tile.
  2. Click Apply Changes.

Troubleshooting

View Statistics Files

You can visualize the performance of your cluster by downloading the statistics files from your servers. These files are located in the persistent store on each VM. To copy these files to your workstation, run the following command:

`bosh2 -e BOSH-ENVIRONMENT -d DEPLOYMENT-NAME scp server/0:/var/vcap/store/gemfire-server/statistics.gfs /tmp`

See the Pivotal GemFire Installing and Running VSD topic for information about loading the statistics files into Pivotal GemFire VSD.

Smoke Test Failures

Error: “Creating p-cloudcache SERVICE-NAME failed”

The smoke tests could not create an instance of GemFire. To troubleshoot why the deployment failed, use the cf CLI to create a new service instance using the same plan and download the logs of the service deployment from BOSH.

Error: “Deleting SERVICE-NAME failed”

The smoke test attempted to clean up a service instance it created and failed to delete the service using the cf delete-service command. To troubleshoot this issue, run BOSH logs to view the logs on the broker or the service instance to see why the deletion may have failed.

Error: Cannot connect to the cluster SERVICE-NAME

The smoke test was unable to connect to the cluster.

To troubleshoot the issue, review the logs of your load balancer, and review the logs of your CF Router to ensure the route to your PCC cluster is properly registered.

You also can create a service instance and try to connect to it using the gfsh CLI. This requires creating a service key.

Error: “Could not perform create/put on Cloud Cache cluster”

The smoke test was unable to write data to the cluster. The user may not have permissions to create a region or write data.

Error: “Could not retrieve value from Cloud Cache cluster”

The smoke test was unable to read back the data it wrote. Data loss can happen if a cluster member improperly stops and starts again or if the member machine crashes and is resurrected by BOSH. Run BOSH logs to view the logs on the broker to see if there were any interruptions to the cluster by a service update.

General Connectivity

Client-to-Server Communication

PCC Clients communicate to PCC servers on port 40404 and with locators on port 55221. Both of these ports must be reachable from the PAS (or Elastic Runtime) network to service the network.

Membership Port Range

PCC servers and locators communicate with each other using UDP and TCP. The current port range for this communication is 49152-65535.

If you have a firewall between VMs, ensure this port range is open.

Create a pull request or raise an issue on the source for this page in GitHub