Installing and Configuring New Relic Nozzle for VMware Tanzu

You can install the New Relic Nozzle for VMware Tanzu as a tile in Ops Manager, or push it as a regular application.

Install as a tile in Ops Manager

  1. Download New Relic Nozzle for VMware Tanzu from Pivotal Network.
  2. Go to the Ops Manager Installation Dashboard and click Import a Product.
  3. Under the Import a Product button, click the + sign next to the version number of New Relic Nozzle for VMware Tanzu. This adds the tile to your staging area.
  4. Click the newly added New Relic Nozzle for VMware Tanzu tile.

Configure the nozzle tile

Change the following settings to configure the nozzle tile:

  • Under New Relic Firehose Nozzle > Settings > Assign AZs and Networks:
    • Select your desired networks.
    • Click Save.
  • Under New Relic Firehose Nozzle > Settings > New Relic Firehose Nozzle:
    • New Relic RPM Account ID: YOUR-NEW-RELIC-RPM-ACCOUNT
    • New Relic RPM Account Region: US or EU. Choose EU if your RPM URL contains .eu
    • New Relic Insights Insert Key: YOUR-NEW-RELIC-INSIGHTS-INSERT-KEY
    • Firehose Subscription ID: unique Subscription Identifier (i.e. newrelic.firehose)
    • Nozzle instances: specify between 1 to 30 instance(s) depending on the load of Firehose events. Default is 2.
  • Under New Relic Firehose Nozzle > Settings > Advanced Settings:
    • Skip SSL Verification (True/False): whether to verify SSL connection
    • Enable New Relic Logs - HttpStartStop: Send HttpStartStop (Timer) envelopes to New Relic Logs (boolean true/false)
    • Enable New Relic Logs - LogMessage: Send LogMessage envelopes to New Relic Logs (boolean true/false)
    • Selected Events: comma-separated list of event types
    • Drain Interval: how often aggregated metric events are sent (Default: 60s)
    • Firehose -> Reverse Log Proxy Gateway Timeout (minutes): connection timeout to the RLP Gateway (Default: 16m)
    • Firehose No Traffic Restart Threshold (seconds): the nozzle will automatically restart if no messages are received in this time period (Default: 15s)
    • Firehose Queue Buffer Size (messages): number of messages the nozzle buffer can hold while processing. Also the number of messages that will be dropped if the buffer fills (Default: 8192)
    • Log Level: INFO or DEBUG
    • Tracer (True/False): activate trace level logging (extremely verbose)
    • If your environment uses a proxy server, add the following environment variables:
    • Proxy Server Address and Port: proxy server address:port
    • Proxy Bypass: comma-separated list of servers to bypass proxy
  • Under New Relic Firehose Nozzle tile > Settings > LogMessage Filters tab:

    • LogMessage Source Include Filter: comma or pipe-separated list of log sources to include (optional)
    • LogMessage Source Exclude Filter: comma or pipe-separated list of log sources to exclude (optional)
    • LogMessage Message Content Include Filter: comma or pipe-separated list of log message content to include (optional) (for example, Including Error,CRASHED would only send LogMessage events that contain Error or CRASHED)
    • LogMessage Message Content Exclude Filter: comma or pipe-separated list of log message content to exclude (optional)

    Note: include logic is processed before exclude logic. If specified, include filters will only generate New Relic events if the include filter is matched. Exclude filters will exclude matches

Where to Obtain Configuration Values

The following properties can be obtained either from the VMware Tanzu Application Service or from New Relic:

  • Firehose Subscription ID: a unique ID (i.e. newrelic.firehose)
  • Skip SSL: if SSL is disabled, this value should be set to true.
  • Selected Events: a comma-separated list of any of the following Firehose event types:
    • ValueMetric
    • CounterEvent
    • ContainerMetric
    • HttpStartStop
    • LogMessage
  • New Relic RPM Account ID: the first number that you find in your RPM Url (i.e. https://insights.newrelic.com/accounts/RPM-ID/...)
  • New Relic Insights Insert Key: an insert key from https://insights.newrelic.com/accounts/RPM-ID/manage/api_keys.
  • Client Id: Ops Manager -> VMware Tanzu Application Service -> Credentials -> Job -> UAA -> Opentsdb Nozzle Credentials -> Link to Credential -> identity
    (Only for Application push)
  • Client Secret: Ops Manager -> VMware Tanzu Application Service -> Credentials -> Job -> UAA -> Opentsdb Nozzle Credentials -> Link to Credential -> password
    (Only for Application push)
  • API URL: https://api.YOUR-PCF-DOMAINcf curl /v2/info
    (Only for Application push)
  • UAA URL: https://uaa.YOUR-PCF-DOMAINcf curl /v2/info
    (Only for Application push)
  • API User Name: if using admin account - Ops Manager -> VMware Tanzu Application Service -> Credentials -> Job -> UAA -> Admin Credentials -> Link to Credential -> identity
    (Only for Application push)
  • API Password: if using admin account - Ops Manager -> VMware Tanzu Application Service -> Credentials -> Job -> UAA -> Admin Credentials -> Link to Credential -> password
    (Only for Application push)

To obtain the properties:

  1. Go to New Relic Insights > Manage Data > API Keys as an admin user.
  2. Copy an existing insert key or create a new one, save it, and copy it.
  3. Return to the Ops Manager Installation Dashboard and paste the insert key.
  4. Click Apply Changes.

Install as an Application

When pushing New Relic Nozzle for VMware Tanzu as an application, you must have a manifest with the following properties:

applications:
- name: newrelic-firehose-nozzle
  memory: 512M
  disk_quota: 256M
  instances: 2
  health-check-type: http
  health-check-http-endpoint: /health
  host: cf-firehose-nozzle-${random-word}
        buildpacks:
        - binary_buildpack
        path: dist
        command: ./nr-fh-nozzle
  env:
      NRF_CF_CLIENT_ID: "Ops Mgr -> Elastic Runtime -> Credentials -> Job -> UAA -> Opentsdb Nozzle Credentials -> Link to Credential -> identity"
      NRF_CF_CLIENT_SECRET: "Ops Mgr -> Elastic Runtime -> Credentials -> Job -> UAA -> Opentsdb Nozzle Credentials -> Link to Credential -> password"
      NRF_CF_API_UAA_URL: "run cf curl /v2/info to get the url"
      NRF_CF_API_URL: "run cf curl /v2/info to get the url"
      NRF_FIREHOSE_ID: newrelic.firehose
      NRF_CF_SKIP_SSL: true
      NRF_ENABLED_ENVELOPE_TYPES: ValueMetric,CounterEvent,LogMessage,ContainerMetric,HttpStartStop

      NRF_CF_API_USERNAME: "Ops Mgr -> Elastic Runtime -> Credentials -> Job -> UAA -> Admin Credentials -> Link to Credential -> identity"
      NRF_CF_API_PASSWORD: "Ops Mgr -> Elastic Runtime -> Credentials -> Job -> UAA -> Admin Credentials -> Link to Credential -> password"
      NRF_NEWRELIC_ACCOUNT_ID: New Relic Account ID
      NRF_NEWRELIC_INSERT_KEY: New Relic Insights Insert Key

      # # Optional Settings (with their default values listed).  Uncomment the setting to change.
      # # New Relic account region.  Choose EU if RPM URL includes .eu.
      # NRF_NEWRELIC_ACCOUNT_REGION: US or EU
      # # How often accumulated metric events are sent.  Recommended: 29s, 59s, 89s, or 129s
      # NRF_NEWRELIC_DRAIN_INTERVAL: 59s
      # # Number of minutes before the HTTP connection to the RLP Gateway is considered hung and restarted. The RLP Gateway should force a new connection every 14 minutes. This is only applicable if the connection hangs.
      # NRF_FIREHOSE_HTTP_TIMEOUT_MINS: 16
      # # Number of consecutive seconds with no messages before the nozzle is automatically restarted. Set per environment based on normal message load.
      # NRF_FIREHOSE_RESTART_THRESH_SECS: 15
      # # Number of messages the nozzle buffer can hold while processing. Also the number of messages that will be dropped if the buffer fills. Recommended minimum is 6000.
      # NRF_FIREHOSE_DIODE_BUFFER: 8192
      # # Log level (INFO or DEBUG)
      # NRF_LOG_LEVEL: INFO
      # # Trace level logging (extremely verbose)
      # NRF_TRACER: false

      # # Send HttpStartStop envelopes to New Relic Logs
      # NRF_LOGS_HTTP: false
      # # Send LogMessage envelopes to New Relic Logs
      # NRF_LOGS_LOGMESSAGE: false

      # # LogMessage filters (| separated values)
      # NRF_LOGMESSAGE_SOURCE_INCLUDE: ""
      # NRF_LOGMESSAGE_SOURCE_EXCLUDE: ""
      # NRF_LOGMESSAGE_MESSAGE_INCLUDE: ""
      # NRF_LOGMESSAGE_MESSAGE_EXCLUDE: ""

      # # if proxy used in your environment
      # http_proxy: <proxy server address:port>
      # no_proxy:  <comma separated list of servers to bypass proxy>

Note: In order to automate the cf push deployment process as much as possible, create an application manifest.yml file. Update the manifest as required for your environment. Make sure to assign proper values to all required environment variables. Any property values within angle brackets must be changed to the correct values for your environment.

Note: Make sure to build the nozzle binary in dist subdirectory (using the build command below), so that when you push the app, the source and rest of the unnecessary files/folders do not get pushed into the container.

Adding a Client, Granting Permissions, and Setting a Secret

This example creates a new client and grants the necessary UAA permissions. A default client is used when the nozzle is deployed as a tile and these steps are not necessary. The OpenTSDB Nozzle Credentials can also be retrieved and used instead of creating a custom client.

uaac target https://uaa.[your cf system domain]
uaac token client get admin -s [your admin-secret]
uaac client add firehose-to-newrelic \
  --name firehose-to-newrelic \
  --secret [your_client_secret] \
  --authorized_grant_types client_credentials,refresh_token \
  --authorities doppler.firehose,cloud_controller.admin_read_only
  --scope doppler.firehose
  • UAA Client ID would be firehose-to-newrelic
  • UAA Client Secret would be the value set with --secret

Application Build and Deploy

If you make any changes to the code, or would like to run on other operating systems, you can clone the code from GitHub and follow the building and deploy steps from the README file.

Using Proxy Servers

If you need to use a proxy server in your environment, use the following environment variables:

  • http_proxy
  • no_proxy

You can specify the values for these properties during the setup of the tile in Ops Manager. If you use the app version of the nozzle, you can set these environment variables at the end of the manifest.yml in the env section, or set them directly by running cf set-env.

Notes

  • Environment variables must be written in lower case.
  • You must set http_proxy to your proxy server address and port (for example, http://my_proxyserver:my_proxy_port).
  • You must set no_proxy to any address that you need to bypass. For the nozzle to work properly with proxies, you must bypass the doppler server (doppler.YOUR-VMware Tanzu-DOMAIN.com). Make sure not to include the protocol and the port for no_proxy; just add the server name.