New Relic Service Broker for PCF

This is documentation for the New Relic Service Broker for Pivotal Cloud Foundry (PCF) tile.

New Relic APM supports real-time instrumentation and monitoring of application performance via its embedded agent that runs with apps.

New Relic agent code publishes performance monitoring metrics and other details back to New Relic APM Dashboard.

The language agents also send all of the application and browser events to New Relic Analytics tool, Insights, for visualization and dashboarding.

New Relic Service Broker

A service broker allows Cloud Foundry apps to bind to services and consume the services easily from Pivotal Apps Manager or from the command line.

New Relic Service Broker for PCF enables you to use one or more New Relic accounts and is deployed as a Java app on PCF.

The broker exposes the New Relic service on the Marketplace and allows users to directly create a service instance and bind it to their apps either from Apps Manager or from the command line.

The New Relic Service Broker for PCF tile installs the New Relic Service Broker as an app, registers it as a service broker on PCF, and exposes its service plans on the Marketplace. Each service plan is associated with an existing New Relic account, which is configured during the tile setup.

Selecting a plan binds your app with the New Relic agent, and the agent starts reporting to the New Relic account which is associated with the selected plan. This makes the installation and subsequent use of New Relic on your PCF apps easier and more straightforward.

WARNING: The current tile removes the all_open security group from the tile default security settings. If you are using a previous versions of the tile, make your PCF environment more secure by removing the all_open security group from the Application Security Group (ASG) settings. The new version of the tile does not open the security, nor does it close the security if it was already open.

Trial License

If you do not already have a New Relic account, you can obtain an account with a free trial license.

Product Snapshot

The following table provides version and version-support information about New Relic Service Broker for PCF.

Element Details
Version 1.12.24
Release date June 21, 2019
Software component version New Relic Service Broker 1.12.24
Compatible Ops Manager version(s) 2.3, 2.4, 2.5, and 2.6
Compatible Pivotal Application Service version(s) 2.3, 2.4, 2.5, and 2.6
BOSH stemcell version Ubuntu Xenial (315)
IaaS support AWS, GCP, Azure, and vSphere

WARNING: New Relic Service Broker for PCF v1.12.18 and earlier require a Ubuntu Trusty stemcell. The end-of-life date for Ubuntu Trusty is April 2019. If a security vulnerability is found on this stemcell after April, it will not be fixed.

Upgrading to the Latest Version

  • New Relic Service Broker v1.12.18 and later allows users to change the New Relic license key in existing service plans.

  • In New Relic Service Broker v1.12.12 and earlier, the unique GUIDs for plans were calculated differently. For these plans to not break compatibility, the GUIDs must be the same as before. The migration script preserves the plan GUIDs for existing plans in the plan collection for v1.12.12 and earlier.

    There are two new properties labeled pre-1.12.12 plan? and Plan Guid Override (broker 1.12.12 or older) in the plan collection for each plan in the tile configuration. Do not change either of these properties because they are set internally where required.

    Note: The only case where you must override the Plan Guid Override is when you have changed the original license key that was associated with the plan created by New Relic Service Broker v1.12.12 or earlier. You can obtain the original plan GUID from Cloud Controller by running the following command and entering the original GUID in the Plan Guid Override property:
      cf curl $(cf curl /v2/services?q=label:newrelic | grep "service_plans_url" | \
      awk '{print $2}' | sed 's/[",]//g') | egrep "\"name\":|\"unique_id\":" | \
      sed 's/[\",]//g' | tr -s " " | awk ' {name=$0; getline; printf("\t%-40s %-40s\n",name,$0)}'
    

  • In New Relic Service Broker v1.12.13 and later, leave pre-1.12.12 plan unchecked, and Plan Guid Override blank.

  • The tile is supported on Ops Manager v2.3.x, v2.4.x, v2.5.x, and v2.6.x.

  • You can install the tile on any of these versions, and upgrade from v1.9.x to any Ops Manager version up to and including v2.6.x.

  • No upgrade paths are required for older versions of the tile, since versions older than v1.9.0 are not supported.

  • v1.12.6 and later of the tile support migration from older versions of the tile, and preserve existing services and service plans.

  • If you are using tiles older than v1.11.4, you must first upgrade to v1.11.4, then to v1.12.9, then to the latest version of the tile.

Installing Through Ops Manager

To download New Relic Service Broker for PCF tile and install it on PCF Ops Manager, do the following:

1. Download the product file from Pivotal Network.

  1. Import the product file to your Ops Manager installation.

  2. Click the + sign or Add next to the uploaded product description in the Ops Manager left navigation view to add this product to your staging area.

  3. Click the newly added tile and review any configurable options.

  4. Click Apply Changes.

Configuring the Tile

  1. Log in to Ops Manager.

  2. Click Import a Product and import the New Relic Service Broker for PCF tile.

    01 import product

  3. Click the “+” button to the right of “New Relic Service Broker” that you uploaded

    02 imported product

  4. Select the New Relic tile.

    03 configure 1

  5. Configure Availability Zone and Network.

    05 configure 3 network

  6. Configure Service Broker Global Access.

    • You can either keep the global access enabled for all service plans (default), or you can disable global access, and later in the configuration enable access for one or more “orgs” for each “service plan” that you add.

    06 configure 4 global access

  7. Configure the New Relic Service Broker.

    • Click Add on the far right of the Service Plan screen to create a new service plan.

    08 configure plans 1

  8. Create a service plan with your New Relic license key.

    • Enter a name for the service plan (no spaces)
    • Enter description of the plan
    • Log in to your New Relic account and navigate to the Account Settings page from the drop-down menu in the upper right corner of the page. Copy the license key from your New Relic account and paste it here

      09 nr license key

    • If you are upgrading from New Relic Service Broker 1.12.12 or older, make sure you follow the instructions in the upgrade section (“Upgrading to the Latest Version”) of this document to check “pre 1.12.12 plan” flag and enter the pre 1.12.12 plan GUID

    • If you are running New Relic Firehose Nozzle and would like to route the data for each application to a separate New Relic account (as opposed to New Relic’s central Firehose Nozzle account) enter the target New Relic account and Insights Insert Key here

    • If in previous steps you unchecked “Global Access”, you need to enter a comma-separated list of orgs so that the system enables service access for them to allow users to create service instances of this plan

      10 configure plans 3

  9. Select the button on top the page to go to “INSTALLATION DASHBOARD

    11 installation dashboard

  10. Apply your changes.

    • Select the blue button on the top right
    • To speed up the process you could uncheck Select All Products checkbox, and just select to apply change to “New Relic Service Broker” tile

      12 apply changes 1

  11. On completion of the installation, check the Services Marketplace in Apps Manager. Select “New Relic” tile

    15 marketplace

  12. View New Relic Service Plans, and select the desired plan

    16 marketplace broker select plan

  13. Enter the service instance name and click on “CREATE” button to create the service instance

    17 marketplace broker service instance name

  14. Service Plan created

    18 marketplace serevice created

  15. Bind the New Relic Service to an app.

    • In Apps Manager go to an application

      19 application

    • Select “Service” tab

    • Click the “BIND SERVICE” button and select the service instance you just created,

      20 application services

    • Click the “BBIND” button on the bottom right

      21 application services bind service instance

  16. Restage the application

    • you can either select the link on top the “bind” page, or in a terminal window, run cf restage to make the changes

      22 application restage

      $ cf restage APPNAME
    
  17. Log in to New Relic to view monitoring data.

    Figure 17.1: New Relic App Monitoring Dashboard
    24 nr overview

    Figure 17.2: New Relic Transactions View
    25 nr transactions view

    Figure 17.3: Transaction Traces View
    26 nr transaction trace

    Figure 17.4: New Relic Database View
    27 nr database view

    Figure 17.5: New Relic Web Transactions View
    28 view11

    Figure 17.6: New Relic Top Web Transactions View
    29 view12

    Figure 17.7: New Relic JVMs View
    30 view13

Configuration with HTTP Proxy

If the PCF environment needs to use an HTTP or HTTPS proxy for external outbound communication, the service broker itself does not need to know anything about the HTTP proxy, as it relays the license keys to the consumer apps. The consumer app should specify the http\_proxy or https\_proxy as an environment variable for the agent to communicate externally with non-Java apps, and use JAVA_OPTS for Java apps. In addition, the New Relic Agent should also be configured with its own set of parameters (-Dnewrelic.config.\*) to communicate with its controller through the proxy for Java language apps.

To specify using http_proxy for the New Relic non-Java app agent to talk to its controller using the proxy, run the following commands:

  $ cf set-env APPNAME http_proxy ‘http://user:password@proxy-server.customer.example.com:8080'

  $ cf set-env APPNAME https_proxy ‘http://user:password@proxy-server.customer.example.com:8080'

To specify using JAVA_OPTS for the New Relic Java agent to talk to its controller using the proxy, run the following command:

  $ cf set-env APPNAME JAVA_OPTS " -Dtest.value=barbar
  -Dnewrelic.config.proxy_host=proxy.customer.example.com
  -Dnewrelic.config.proxy_port=8080 “

If a Java app also needs to talk through a proxy, add the Java proxy settings in addition to the New Relic agent proxy settings with the following command:

  $ cf set-env APPNAME JAVA_OPTS " -Dtest.value=barbar
  -Dnewrelic.config.proxy_host=proxy.customer.example.com
  -Dnewrelic.config.proxy_port=8080
  -Dhttp.proxyHost=proxy.customer.example.com-Dhttp.proxyPort=8080
  -Dhttps.proxyHost=proxy.customer.example.com -Dhttps.proxyPort=8080  “

For a non-Java app that needs to talk outbound using a proxy, run the following commands:

  $ cf set-env APPNAME http_proxy http://user@password:myproxy....:8080/
  $ cf set-env APPNAME https_proxy https://user@password:myproxy....:8080/

Whenever making changes to Cloud Foundry environment variables, you must restage your app(s) to make the changes effective.

  $ cf restage APPNAME

These environment variables can either be set individually per app, or with environment variable groups to be set for all apps as part of staging, running environments, etcetera using the Cloud Foundry Command Line Interface (cf CLI) tool.

Environment Variable Groups

  • running-environment-variable-group/revg: Retrieve the contents of the running environment variable group
  • staging-environment-variable-group/sevg: Retrieve the contents of the staging environment variable group
  • set-staging-environment-variable-group/ssevg: Pass parameters as JSON to create a staging environment variable group
  • set-running-environment-variable-group/srevg: Pass parameters as JSON to create a running environment variable group

Use the JAVA\_OPTS environment variable to specify New Relic Agent-specific environment variables in the staging environment group so the Java buildpack can use that and push it in the correct place. Specifying JAVA\_OPTS in the Runtime environment variable group will not yield anything, as the buildpack will not know about it.

For example:

  $ cf ssevg '{ "JAVA_OPTS" : " -Dtest.value=barbar
  -Dnewrelic.config.proxy_host=proxy.customer.example.com
  -Dnewrelic.config.proxy_port=8080 -Dhttp.proxyHost=proxy.customer.example.com
  -Dhttp.proxyPort=8080 -Dhttps.proxyHost=proxy.customer.example.com
  -Dhttps.proxyPort=8080 -Dspring.profiles.active=dev
  -Dnewrelic.config.log_level=finer
  -Djavax.net.debug=all ", "test_env_profile" : "Staging" }'

For more information, see Configuration settings precedence.

Packaging Dependencies for Offline Buildpacks

If you are running PCF in an offline (disconnected) environment, you should recreate and package the dependencies, including the New Relic agent binaries, using offline buildpacks in your PCF environment.

For more information, see Packaging Dependencies for Offline Buildpacks.

Limitations

  • Currently supported buildpacks bundling New Relic Agent are the Java, node.js, PHP, and .NET Core buildpacks.

Feedback

Please provide any bugs, feature requests, or questions to the PCF feedback list.