The platform validation error message appears as displayed in the following image.
This is one stop global knowledge base where you can learn about all the products, solutions and support features.
Product Release Date: 2022-08-03
Last updated: 2022-11-10
Calm allows you to seamlessly select, provision, and manage your business applications across your infrastructure for both the private and public clouds. Calm provides application automation, lifecycle management, monitoring, and remediation to manage your heterogeneous infrastructure, for example, VMs or bare-metal servers.
Calm supports multiple platforms so that you can use the single self-service and automation interface to manage all your infrastructure. Calm provides an interactive and user-friendly graphical user interface (GUI) to manage your infrastructure.
Calm is a multi-cloud application management framework that offers the following key benefits:
Calm simplifies the setup and management of custom enterprise applications by incorporating all important elements, such as the relevant VMs, configurations, and related binaries into an easy-to-use blueprint. These blueprints make the deployment and lifecycle management of common applications repeatable and help infrastructure teams eliminate extensive and complex routine application management.
Calm unifies the management of all your clouds into a single-pane-of-glass, removing the need to switch between portals. Calm automates the provisioning of multi-cloud architectures, scaling both multi-tiered and distributed applications across different cloud environments, including AWS, GCP, Azure, and VMware (on both Nutanix and non-Nutanix platforms).
Calm empowers different groups in the organization to provision and manage their own applications, giving application owners and developers an attractive alternative to public cloud services. Calm provides powerful, application-centric self-service capabilities with role-based access control. All activities and changes are logged for end-to-end traceability, aiding security teams with key compliance initiatives.
The marketplace offers preconfigured application blueprints that infrastructure teams can instantly consume to provision applications. The marketplace also provides the option to publish sharable runbooks. A runbook is a collection of tasks that are run sequentially at different endpoints. Infrastructure teams can define endpoints and use runbooks to automate routine tasks and procedures that pan across multiple applications without the involvement of a blueprint or an application.
With native integration into Beam, Calm also shows the overall utilization and true cost of public cloud consumption to help you make deployment decisions with confidence.
Combined with Nutanix Karbon or your choice of certified Kubernetes, Calm provides the tools required to modernize applications without losing control of policy. Additionally, Calm natively integrates with Jenkins to empower CI/CD pipelines with automatic infrastructure provisioning or upgrades for all applications.
Calm DSL describes a simpler Python3-based Domain Specific Language (DSL) for writing Calm blueprints. DSL offers all the richness of the Calm user interface along with additional benefits of being human readable and version controllable code that can handle even the most complex application scenario. DSL can be also used to operate Calm from a CLI.
As Calm uses Services, Packages, Substrates, Deployments and Application Profiles as building blocks for a blueprint, these entities can be defined as Python classes. You can specify their attributes as class attributes and define actions on those entities (procedural runbooks) as class methods.
Calm DSL also accepts appropriate native data formats such as YAML and JSON that allow reuse into the larger application lifecycle context of a Calm blueprint.
For technical articles, videos, labs and resources on Calm DSL, see Nutanix Calm DSL on Nutanix.dev.
You must configure the following components before you start using Calm.
Before you enable Calm from Prism Central, ensure that you have met the following prerequisites.
You can go to the Software Product Interoperability page to verify the compatible versions of Calm and Prism Central.
Nutanix certifies the following benchmarks for single-node deployment profiles (non-scale-out) and three-node deployment profiles (scale-out). Each benchmark contains scale numbers across different entities of Calm. Because the scaling properties of these entities often depend on each other, changes to one entity might affect the scale of other entities. For example, if your deployment has smaller number of VMs than the benchmarked number, you can have a higher number of blueprints, projects, runbooks, and so on.
Use these guidelines as a good starting point for your Calm installation. You might have to allocate more resources over time as your infrastructure grows.
The following table shows the Calm benchmarks for a single-node Prism Central profile.
Prism Central size | Prism Central configuration | Number of VMs | Number of single-VM blueprints | Number of single-VM applications | Number of projects | Number of runbooks |
---|---|---|---|---|---|---|
Small (1 node) |
6 vCPUs and 30 GB of memory for each node. |
2000 | 400 | 2000 | 50 | 250 |
Large (1 node) |
10 vCPUs and 52 GB of memory for each node. |
7000 | 1400 | 7000 | 250 | 500 |
The following table shows the Calm benchmarks for a three-node Prism Central profile. If high-availability is preferred, it is recommended to use the scale-out deployment.
Prism Central size | Prism Central configuration | Number of VMs | Number of single-VM blueprints | Number of single-VM applications | Number of projects | Number of runbooks |
---|---|---|---|---|---|---|
Small (3 nodes, scale out) |
6 vCPUs and 30 GB of memory for each node. |
3500 | 700 | 3500 | 100 | 500 |
Large (3 nodes, scale out) |
10 vCPUs and 52 GB of memory for each node. |
12500 | 2500 | 12500 | 500 | 1000 |
The following considerations are applicable for both Calm single-node and three-node (scale-out) profiles:
The maximum throughput on a large three-node (scale-out) deployment profile is 400 VMs per hour.
For a list of required Calm ports, see Port Reference. The Port Reference section provides detailed port information for Nutanix products and services, including port sources and destinations, service descriptions, directionality, and protocol requirements.
Calm is integrated into Prism Central and does not require you to deploy any additional VMs. To start using Calm, you only have to enable Calm from Prism Central.
If the Prism web console is not registered from a Prism Central and the application blueprints have subnet, image, or VMs on the Prism web console, the Calm functionality is impacted.
Prism Central Guide
.
You can check the version of your Calm instance from the Calm user interface.
Calm VM is a standalone VM that you can deploy on AHV and ESXi hypervisors and leverage calm functionality without the Nutanix infrastructure.
You can deploy Calm using the image at the Nutanix Support Portal - Downloads page and manage your applications across a variety of cloud platforms. Calm VM deployment eliminates the need of the complete Nutanix infrastructure to use Calm features.
For information on Calm VM deployment on AHV, see Deploying Calm VM on AHV.
This section describes the steps to deploy a Calm VM on AHV.
You must create a VM with a specific Open Virtualization Format (OVF) image to access the Calm UI.
For more information, see Deploying OVA Template on VMware vSphere section in the VMware documentation .
This section describes the steps to deploy a Calm VM by using the vSphere CLI (govc).
$ govc import.ova -name 5.17.1-prismcentral -3.0.0.1 http://endor.dyn.nutanix.com/GoldImages/calm-vm
If you have downloaded the OVF file on your system, replace http://endor.dyn.nutanix.com/GoldImages/calm-vm with the location of the OVF file.
Running the command starts the uploading process. Once the uploading is complete, power on the Calm VM from the vSphere web client.
Use the following procedure to set up Scale-out version of Calm VM.
cluster stop
cluster destroy
#cluster --cluster_function_list="multicluster" -s <ip1>,<ip2>,<ip3> create
For example:
cluster --cluster_function_list="multicluster" -s 10.46.141.71,10.46.138.20,10.46.138.26 create
cluster --cluster_function_list="multicluster" --cluster_name "<Cluster Name>" -s <ip1>,<ip2>,<ip3> --cluster_external_ip=<vip> create
For example:
cluster --cluster_function_list="multicluster" --cluster_name "Demo" -s 10.46.141.71,10.46.138.20,10.46.138.26 --cluster_external_ip=10.46.141.70 --dns_servers 10.40.64.15,10.40.64.16 create
cd /home/nutanix/bin
python enable_calm.py
cluster status
docker cp /home/nutanix/bin/set_policy_calmvm.pyc nucalm:/home
docker cp /home/nutanix/bin/set_policy.sh nucalm:/home
docker exec nucalm /bin/sh -c '/home/set_policy.sh <POLICY_VM_IP> <POLICy_VM_UUID>'
Use the following steps to enable policy engine for Calm VM.
docker cp /home/nutanix/bin/set_policy_calmvm.py nucalm:/home
docker cp /home/nutanix/bin/set_policy.sh nucalm:/home
docker exec nucalm /bin/sh -c '/home/set_policy.sh <POLICY_VM_IP> <POLICY_VM_UUID>'
policy-engine.tar.gz
file from the Downloads page on to the policy
engine VM.
policy-engine.tar.gz
file.
upgrade.sh
.
docker ps
command to check the status of
policy containers, and wait for the containers to get healthy.
set_policy_calmvm.py
script from the
Downloads page into the
/home/nutanix/bin/
directory of your Calm VM
and provide the execute permission.
set_policy.sh
script from the Downloads page into the
/home/nutanix/bin/
directory of your Calm VM
and provide the execute permission.
By Default, Calm VM uses DHCP IP address. You can use the following procedure to launch Calm VM using a static IP address.
The following table lists the different tabs in Calm, their icons, and their usage:
Icons | Tab | Usage |
---|---|---|
Marketplace tab | To instantly consume application blueprints to provision applications. See Marketplace Overview. | |
Blueprint tab | To create, configure, publish, and launch single-VM or multi-VM blueprints. See Calm Blueprints Overview. | |
Application tab | To view and manage applications that are launched from blueprints. See Applications Overview. | |
Library tab | To create and use variable types and tasks. You use variables and tasks while configuring a blueprint. See Library Overview. | |
Runbooks tab | To automate routine tasks and procedures that pan across multiple applications without involving any blueprints or applications. See Runbooks Overview. | |
Endpoints tab | To create and manage target resources where the tasks defined in a runbook or in a blueprint can run. See Endpoints Overview. | |
Settings tab |
To enable or disable general settings. See General Settings in Calm. To configure and manage provider accounts. See Provider Account Settings in Calm. To configure and manage credential provider. See Configuring a Credential Provider. |
|
Policies tab | To schedule application actions and runbook executions. See Scheduler Overview. | |
Marketplace Manager tab | To manage approval and publishing of application blueprints. See Marketplace Manager Overview. | |
Projects tab | To create users or groups and assign permissions to use Calm. Projects tab also allows you to configure environment for your providers. See Projects Overview. |
You can use the following procedure to explore Calm user interface and get an overview of the Calm components.
You can use the following procedure to access the Calm REST API explorer console from the Calm user interface.
Calm manages the role-based access control using projects. Projects are logical groupings of user roles, accounts, VM templates, and credentials that are used to manage and launch blueprints and applications within your organization. For more information, see Projects Overview.
Users or groups are allowed to view, launch, or manage applications based on the roles that are assigned within the projects. Calm has the following roles for users or groups:
Project admins have full control of the project. They can perform reporting and user management, create blueprints, launch blueprints, and run actions on the applications.
Developers can create blueprints, launch blueprints, and run actions on the applications. They are, however, not allowed to perform reporting and user management.
Consumers can launch new blueprints from the marketplace and run actions on the applications. They are, however, not allowed to create their own blueprints.
Operators have minimum access and are allowed only to run actions against existing applications. They are not allowed to launch new blueprints or edit any existing blueprints.
The following table details the roles and responsibilities in Calm:
Prism Admin | Project Admin | Developer | Consumer | Operator | ||
---|---|---|---|---|---|---|
Marketplace | Enable and Disable | X | ||||
Manage | X | |||||
App publishing request | X | X | X | |||
Send App publishing request to the Administrator | X | X | ||||
Clone and edit App blueprint | X | X | X | |||
Blueprint | Create, update, delete, and duplicate | X | X | X | ||
Read-only | X | X | X | X | ||
Launch | X | X | X | X | ||
Applications | Complete App summary | X | X | X | X | X |
Run functions | X | X | X | X | X | |
App debug mode | X | X | X | X | X | |
Function edit | X | X | X | |||
Create App (brownfield import) | X | X | X | |||
Delete App | X | X | X | X | ||
Settings | CRUD | X | ||||
Task Library | View | X | X | X | X | X |
Create and Update | X | X | X | |||
Delete | X | |||||
Sharing with Projects | X | |||||
Projects | Add project | X | ||||
Update project | X | X | ||||
Add VMs to projects | X | |||||
Custom roles | ||||||
Users | Add users to the system and change roles | X | ||||
Add and remove users to or from a project | X | X | ||||
Change user roles in a project | X | X | ||||
Create Administrator | X | |||||
Create Project Administrator | X | X | ||||
Runbooks | Create and Update | X | X | X | ||
View | X | X | X | X | X | |
Delete | X | X | X | |||
Execute | X | X | X | X | X | |
Endpoints | Create and Update | X | X | X | ||
View | X | X | X | X | X | |
Delete | X | X | X | |||
Scheduler | Create, delete, and clone jobs | X | X | X | X | |
Read job and view execution status | X | X | X | X | X | |
Update job name, schedule, executable, and application action | X | X | X | X | ||
Edit operations on a blueprint launch | X | X | X | X | ||
Edit operations on runbook executions | X | X | X | X | ||
Edit operations on application actions | X | X | X | X | ||
Edit operations on Marketplace launch | X | X | X | X |
When you enable Calm, you get an out-of-the-box blueprint, a default project, and a preconfigured application profile with your Nutanix account. You can use the blueprint, project, and application profile to instantaneously launch your first application.
To quickly provision a Linux or Windows Infrastructure as a Service (IaaS) for your end users, you can configure and launch a single-VM blueprint in Calm.
Provisioning a Linux or Windows IaaS involves configuring the single-VM blueprint VM specifications and launching the blueprint.
The Settings tab allows you to control the overall administrative functionalities of the Calm instances. You must be a Prism Central administrator to access the Settings tab.
You can use the Settings > General tab to control the following functionalities:
Enable Nutanix Marketplace Applications to view and launch ready-to-use application blueprints. These application blueprints appear on the Marketplace Manager tab for publishing. You can publish the blueprints to the marketplace after associating them with a project.
Showback allows you to estimate the overall service cost of the applications running on your on-prem cloud. You can also view the graphical representation of the cost of the applications.
To enable and configure showback, see Enabling Showback.
Enable Showback to configure the resource cost of your applications and monitor them while you configure a blueprint or manage an application. Showback is applicable only for the Nutanix platform and the VMware through vCenter platform.
Disable showback to stop monitoring the resources cost of your application blueprints.
The policy engine is a single-VM setup for the single or scale-out Prism Central. When you enable the policy engine for your Calm instance, a new VM is created and deployed for the policy engine. All you need is an available IP address that belongs to the same network as that of your Prism Central VM for the policy engine VM.
As an administrator, you can enable the policy engine to:
The policy engine is a single-VM setup for the single or scale-out Prism Central.
When you enable the policy engine for your Calm instance, a new VM is created and deployed for the policy engine. All you need is an available IP address that belongs to the same network as that of your Prism Central VM for the policy engine VM.
You can enable the policy engine at a dark site.
<Calm version number>-CalmPolicyVM.qcow2
<Calm version number>-CalmPolicyVM.ova
After you enable the policy engine, you can set up the default quota values for vCPU, memory, and disk. This step is optional.
Setting up quota defaults saves you from repeatedly entering vCPU, memory, and disk quota values for each cluster. After you set the quota defaults, the default quota values populate automatically when you allocate quotas to your provider accounts.
After you enable policy engine, review the policy engine VM configuration, network configuration, and cluster information on the Policies tab of your Setttings page. For example, you can view the power status, protection status, or cluster name of the policy engine VM.
Disable the policy enforcement for your Calm instance if the policy engine VM encounters any connectivity issues or the policy engine VM is not responding.
You can enable approvals for your Calm instance from the settings page.
When you enable approvals, events such as runbook executions, application launch, and application day-2 operations that match the conditions defined in the approval policy go through the approval process.
You can disable approvals for your Calm instance from the Settings page.
When you enable approvals, events such as runbook executions, application launch, and application day-2 operations do not go through the approval process even when they match the conditions defined in the approval policy.
You can view the configuration details and email template on the Policies tab of the Settings page.
The content of the email templates for approver or requester can be modified only using the APIs. You can use the following supported email template variables.
You can use these variables with the {{}} syntax. For example, {{.PCIP}} .
You can view the protection and recovery status of a Calm application when:
You can view the protection and recovery status of the application on the Application Overview page. For more information, see Overview Tab.
To enable the option to show application protection status, see Enabling Application Protection Status View.
Enable the Show App Protection Status toggle button to view the protection and recovery status of a Calm application that is deployed on a Nutanix platform. You must be a Prism Central administrator to enable or disable the toggle button.
Calm automatically archives run logs of the deleted applications and custom actions that are older than three months. You can download the archives within 7 days from the time of archive creation.
For a running application, data is not archived for the system-generated Create actions.
You can get the following information for Start, Restart, Stop, Delete, and Soft Delete system-generated actions and user-created actions.
Calm archives all action details of a deleted application.
Only an administrator can view and download the application log archive. For more information, see Downloading Application Log Archive.
Calm periodically archives application logs to clear resources. You can download the archived application logs from the Settings tab.
Provider accounts are cloud services, baremetals, or existing machines that you can use to deploy, monitor, and govern your applications. You can configure multiple accounts of the same provider.
Use the Settings > Accounts tab to configure provider accounts. You configure provider accounts (by using the provider credentials) to enable Calm to manage applications by using your virtualization resources.
Calm supports the following provider accounts:
Provider Accounts | Description |
---|---|
Nutanix |
All the AHV clusters that are registered to the Prism Central instance are
automatically added as providers.
Note:
If you want to add a remote Prism Central (PC)
instance as a provider in a multi-PC setup, you must add the remote PC instance as
an account in Calm. For more information, see Configuring a Remote Prism Central Account.
|
VMware | To configure a VMware account, see Configuring a VMware Account. |
AWS | To configure an AWS account, see Configuring an AWS Account. |
Azure | To configure an Azure account, see Configuring an Azure Account. |
GCP | To configure a GCP account, see Configuring a GCP Account. |
Kubernetes | To configure a Kubernetes account, see Configuring a Kubernetes Account. |
Xi Cloud | To configure Xi Cloud as a provider, see Configuring a Xi Cloud Account. |
All AHV clusters that are registered to your Prism Central instance are automatically added as provider accounts to Calm.
You can also configure any remote Prism Central (PC) as an account in Calm to deploy applications on the remote PC. For more information, see Support for Multi-PC Setup.
In a multiple Prism Centrals (multi-PC) setup, a central Calm instance (called global Calm instance) runs only on one of the PCs (called host or parent PC) and all the other PCs are connected to the central Calm instance as the remote PCs.
The global Calm instance can now manage the applications deployed on the geographically distributed Prism Centrals (also called remote PCs) without the need of separate Calm instances for every PC. A remote PC is only used to provision the tasks for the deployed applications.
In a multi-PC environment, every remote PC is added as an account to the host PC and you can add the account to your project before creating and launching a blueprint.
For more information about adding a remote PC as an account, see Configuring a Remote Prism Central Account.
For more information about adding the account to a project, see Adding Accounts to a Project.
To deploy an application on a remote PC, you must configure the remote PC as an account in Calm.
You require the role of a Prism Admin to configure a remote PC account.
For more information about multiple Prism Central setup support, see Support for Multi-PC Setup.
Calm lets you use Virtual Private Clouds within the Flow Virtual Networking framework to network the VMs using overlay networks. A VPC is an independent and isolated IP address space that functions as a logically isolated virtual network. VMs that you create with VPC Subnets cannot communicate with a VM that is outside the VPC. Even the VMs outside the VPC cannot reach the VMs within the VPC.
In the absence of this direct communication, you can set up tunnels to communicate with the VMs within the VPC for orchestration activities and to run script-based tasks. You can set up the tunnel VM in any one of the subnets within the VPC.
To set up tunnels for your VPCs, you must:
For more information on creating VPC tunnels, see Creating VPC Tunnels.
In your Nutanix account, you set up tunnels to get access to the VMs that are created within the VPCs.
The tunnels that you create enables you to perform check log-in and run script-based execution tasks on the VMs that use the overlay subnets of the VPC.
If tunnel is not configured for the selected VPC, you can only perform basic operations (such as VM provisioning) on the VPC.
Configure your VMware account in Calm to manage applications on the VMware platform.
To refer to the video about setting up VMware as provider, click here.
The following table provides the complete list of permissions that you need to enable in vCenter before you configure your VMware account in Calm.
Entity | Permission |
---|---|
Datastore |
|
Network |
|
Resource |
|
vSphere Tagging |
|
Virtual Machine > Change Configuration |
|
Virtual Machine > Interaction |
|
Virtual Machine > Edit Inventory |
|
Virtual Machine > Provisioning |
|
You must define the custom role at the vCenter level instead of the Datacenter level. For information on how to enable permissions in vCenter, see the vSphere Users and Permissions section in the VMware documents.
Calm supports the following versions of vSphere.
Configure your AWS account in Calm to manage applications on the AWS platform.
nutanix@cvm$ ncli cluster get-name-servers
GovCloud (US) is an isolated AWS region to help the United States government agencies and federal IT contractors host sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements.
The AWS GovCloud (US) region supports the management of regulated data by restricting physical and logical administrative access to U.S. citizens only.
To manage applications on the AWS platform using Calm, you must have a privileged AWS user account with an appropriate policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:ListRoles",
"iam:ListSSHPublicKeys",
"iam:GetSSHPublicKey",
"iam:GetAccountPasswordPolicy",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateSnapshot",
"ec2:CreateImage",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DetachVolume",
"ec2:ModifyVolume",
"ec2:AssociateIamInstanceProfile",
"ec2:ReplaceIamInstanceProfileAssociation",
"ec2:DisassociateIamInstanceProfile",
"ec2:RegisterImage",
"ec2:DeregisterImage",
"ec2:DeleteSnapshot",
"ec2:GetConsoleOutput",
"ec2:Describe*",
"ec2:DeleteTags",
"ec2:TerminateInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": ["iam:ListUserPolicies"],
"Resource": ["arn:aws:iam::*:user/${aws:username}"]
},
{
"Effect": "Allow",
"Action": ["iam:PassRole"],
"Resource": ["arn:aws:iam::*:role/*"]
}
]
}
The following table displays the list of user policy privileges and the corresponding JSON attributes that you can add in the JSON syntax to assign different privileges to a user.
To create | JSON attributes |
---|---|
EC2 Instances |
ec2:RunInstances
|
Volumes |
ec2:CreateVolume
|
Snapshot |
ec2:CreateSnapshot
|
Image(AMI) |
ec2:CreateImage
|
To list or get | JSON attributes |
SSH Public Keys for all users |
iam:ListSSHPublicKeys
|
List IAM Roles |
iam:ListRoles
|
EC2 attributes |
ec2:Describe*
|
EC2 instance console output |
ec2:GetConsoleOutput
|
IAM user policies for the user |
iam:ListUserPolicies
|
To update | JSON attributes |
Image(AMI) attributes |
ec2:ModifyImageAttribute
|
To delete | JSON attributes |
EC2 Instances |
ec2:TerminateInstances
|
Instance Tags |
ec2:DeleteTags
|
Snapshot |
ec2:DeleteSnapshot
|
Images(deregister images) |
ec2:DeregisterImage
|
Others | JSON attributes |
Start/Stop/Restart Instances |
ec2:RunInstances, ec2:StartInstances, ec2:StopInstances,
ec2:RebootInstances
|
Pass and IAM role to service |
iam:PassRole
|
Configure your GCP account in Calm to manage applications on the GCP platform.
Configure your Azure account in Calm to manage applications on the Azure platform.
You must have a privileged Azure user account to manage applications on an Azure platform using Calm.
To refer to a video about assigning minimum privilege to configure Azure account to work with Calm, click here.
{
"Name": "Calm Admin",
"IsCustom": true,
"Description": "For calm to manage VMs on azure provisioned from calm applications",
"Actions": [
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/checknameavailability/read",
"Microsoft.Storage/skus/read",
"Microsoft.Network/virtualNetworks/subnets/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/networkSecurityGroups/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/publicIPAddresses/*",
"Microsoft.Network/publicIPPrefixes/*",
"Microsoft.Compute/availabilitySets/vmSizes/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/availabilitySets/write",
"Microsoft.Compute/disks/*",
"Microsoft.Compute/images/read",
"Microsoft.Compute/images/write",
"Microsoft.Compute/locations/publishers/read",
"Microsoft.Compute/locations/publishers/artifacttypes/offers/read",
"Microsoft.Compute/locations/publishers/artifacttypes/offers/skus/read",
"Microsoft.Compute/locations/publishers/artifacttypes/offers/skus/versions/read",
"Microsoft.Compute/skus/read",
"Microsoft.Compute/snapshots/*",
"Microsoft.Compute/locations/vmSizes/read",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/delete",
"Microsoft.GuestConfiguration/*/read",
"Microsoft.GuestConfiguration/*/write",
"Microsoft.GuestConfiguration/*/action",
"Microsoft.Compute/galleries/read",
"Microsoft.Compute/galleries/images/read",
"Microsoft.Compute/galleries/images/versions/read",
"Microsoft.KeyVault/vaults/read",
"Microsoft.KeyVault/vaults/deploy/action"
],
"NotActions": [],
"AssignableScopes": [
"/subscriptions/<subscription id>"
]
}
az role definition create --role-definition <file>.json
az ad sp create-for-rbac -n "CalmAccount" --role "Calm Admin"
Configure your Kubernetes account in Calm to manage applications on the Kubernetes platform.
For Calm to manage workloads on Amazon EKS, Azure Kubernetes Service (AKS), or Anthos, enable the generic authentication mechanism and create a service account on the Kubernetes cluster. You can then use the service account to communicate with the cluster.
kubectl create serviceaccount ntnx-calm
kubectl create clusterrolebinding ntnx-calm-admin --clusterrole
cluster-admin --serviceaccount default:ntnx-calm
SECRET_NAME=$(kubectl get serviceaccount ntnx-calm -o
jsonpath='{$.secrets[0].name}')
kubectl get secret ${SECRET_NAME} -o jsonpath='{$.data.token}' |
base64 –decode
kubectl config view --minify --raw -o
jsonpath='{.clusters[*].cluster.certificate-authority-data}' | base64
–decode
To manage workloads on Nutanix Xi Cloud, add your Xi Cloud as an account in Calm if your Prism Central is paired with a Xi cloud. Calm automatically discovers the availability zones of the Xi Cloud and allows you to add the Xi Cloud account as a provider account.
Calm automates the provisioning and management of infrastructure resources for both private and public clouds. When any configuration changes are made directly to the Calm-managed resources, Calm needs to sync up the changes to accurately calculate and display quotas and Showback information.
Platform sync enables Calm to synchronize any changes in the clusters that are managed by Calm on connected providers. These changes can be any IP Address changes, disk resizing, unavailability of VMs, and so on.
For example, when a VM is powered off externally or deleted, platform sync updates the VM status in Calm. Calm then adds the infrastructure resources consumed by the VM (memory and vCPU) to the total available quota.
You can specify an interval after which the platform sync must run for a cluster. For more information, see Configuring a Remote Prism Central Account and Configuring a VMware Account.
Platform sync enables Calm to synchronize any changes in the clusters that are managed by Calm on connected providers. These changes can be any IP Address changes, disk resizing, unavailability of VMs, and so on. You can sync up the configuration changes instantly for your accounts.
Allocate resource quotas to your accounts to have a better control over the infrastructure resources (computer, memory, and storage) that are provisioned through Calm. Based on the resource quota you allocate, the policy engine enforces quota checks when applications are launched, scaled-out, or updated.
Use the utilization report to analyze how the projects to which the cluster is assigned consumed the allocated resources of the cluster. For example, if a Nutanix cluster is assigned to three different projects, you can analyze how the assigned projects consumed the allocated resources of that cluster.
Credentials help in abstracting identity settings while connecting to an external system. Credentials are used to authenticate a user to access various services in Calm. Calm supports key-based and password-based authentication method.
Credentials are used in multiple Calm entities and workflows.
Environment allows a Project Admin to add multiple credentials and configure VM default specifications for each of the selected providers as a part of project and environment configurations.
Project admins must configure an environment before launching an application from the marketplace. The recommendation is to have at least one credential of each secret type (SSH or password) to be defined under each environment in the project. These values get patched wherever the credential values are empty when you launch your marketplace items.
Developers can add credentials to a blueprint. These credentials are referenced after the VM is provisioned. Credentials defined within an environment of a project have no significance or impact on the credentials you define within the blueprint.
Calm supports export and import of blueprints across different Prism Central or Calm instances along with the secrets. The developer uses a passphrase to encrypt credentials and then decrypts credentials in a different instance using the same passphrase to create a blueprint copy.
All global marketplace items have empty credentials values. However, locally published blueprints can have the credential values if the developer published the blueprint with the Publish with Secret s option enabled.
When you launch a marketplace item, credentials are patched wherever the value is empty. In case there are multiple credentials of a particular type configured within the environment of a project, you get the option to select a credential for the launch.
Owners can change the credential value of an application multiple times until the application is deleted. The latest value of a credential that is available at that point in the application instance is used when an action is triggered.
Any change in the credential value at the application level does not impact the credential value at the corresponding blueprint level.
Calm allows managing the following types of credentials:
Static credentials in Calm are modelled to store secrets (password or SSH private key) in the credential objects that are contained in the blueprints that the applications copy.
Calm supports external credential store integration for dynamic credentials. A credential store holds username and password or key certificate combinations and enables applications to retrieve and use credentials for authentication to external services whenever required. As a developer, you can:
For more information about configuring a credential provider, see Configuring a Credential Provider.
When a blueprint uses a dynamic credential, the secret (password or SSH private key) is not stored in the credential objects within the blueprint. The secret values are fetched on demand by executing the runbook within the credential provider that you configure in Calm and associate with the blueprint.
Calm supports external credential store integration for dynamic credentials.
As a developer, you can define variable, runbook, and attributes in a dynamic credential provider definition.
A project defines Active Directory users or groups to manage common set of requirements or functions. For example, a project can define a team collaborating on an engineering project. A project specifies roles to associate its members, select existing networks that the deployed VMs can use, and (optionally) set usage limits on infrastructure resources.
The refactored project provides a consistent experience when you access it from Prism Central or from Calm. However when Calm is enabled, you can also configure application management specific features in your projects.
For more information on the Project Summary view and Project Details view, see Project Summary View and Project Details View.
For more information on how to create a project, add users, add infrastructure, configure environments, and managing quota and snapshot policies, see Projects Overview in the Prism Central Guide.
A blueprint is the framework for every application that you model by using Calm. Blueprints are templates that describe all the steps that are required to provision, configure, and execute tasks on the services and applications that you create.
You create a blueprint to represent the architecture of your application and then run the blueprint repeatedly to create an instance, provision, and launch applications.
A blueprint also defines the lifecycle of an application and its underlying infrastructure; starting from the creation of the application to the actions that are carried out on a blueprint until the termination of the application.
You can use blueprints to model the applications of various complexities; from simply provisioning a single virtual machine to provisioning and managing a multi-node, multi-tier application.
Calm uses services, application profiles, packages, substrates, and actions as building blocks for a blueprint to define applications.
An application is made up of multiple components (or services) working together. The architecture of an application is composed of compute, storage, network, and their connections and dependencies. Services are logical entities that are exposed by an IP address. End users and services communicate with each other over a network through their exposed IP addresses and ports. For more information, see Services Overview.
Any useful blueprint requires infrastructure for instantiation. A blueprint can specify the exact infrastructure or can be completely left to the blueprint user to specify at the time of instantiation.
An application profile provides different combinations of the service, package, and VM (infrastructure choices) while configuring a blueprint. The application profile allows you to use the same set of services and packages on the different platforms. You select an application profile while launching your blueprint.
Application profiles determine where an application should run, for example, on a Nutanix provider account or on an Azure account. Application profiles also control the T-shirt sizing of an application. T-shirt sizing means that the value of a variable might change based on the selection of a small or a large instance of an application.
If Showback feature is enabled, the application profile also displays service cost of the resources used for an application.
Package Install and Uninstall are operations that are run when you first launch a blueprint or when you finally delete the entire application. In other words, these operations are run during the Create or Delete profile actions. Package Install and Uninstall are unique to each application profile, which means that the tasks or the task contents can vary depending upon the underlying cloud or the size.
Package install is commonly used for installing software
packages. For example, installing PostgreSQL with
sudo yum -y install
postgresql-server postgresql-contrib
.
Substrates are a combination of the underlying cloud and the virtual machine instance. When you select the desired cloud, Calm displays all of the fields required for creating a virtual machine instance on that particular cloud. The combination of all these fields constitutes a substrate. Substrates are the infrastructure abstraction layer for Calm. Calm can quickly change where or how applications are deployed by simply changing the substrate.
Actions are runbooks to accomplish a particular task on your application. You can use actions to automate any process such as backup, upgrade, new user creation, or clean-up, and enforce an order of operations across services. For more information, see Actions Overview.
Calm also has a few other components that you can use while configuring your blueprints.
Calm macros are part of a templating language for Calm scripts. These are evaluated by Calm's execution engine before the script is run. Macros help in making scripts generic and creating reusable workflows. For more information, see Macros Overview.
Variables are either user defined or added to the entities by Calm. Variables are always present within the context of a Calm entity and are accessible directly in scripts running on that entity or any of its child entities. For more information, see Variables Overview.
Categories (or tags) are metadata labels that you assign to your cloud resources to categorize them for cost allocation, reporting, compliance, security, and so on. Each category is a combination of key and values. For more information, see Categories Overview.
Dependencies are used to define the dependence of one service in your application on another service or multiple other services for properties such as IP addresses and DNS names. For example, if service 2 is dependent on service 1, then service 1 starts first and stops after service 2.
For information about how to define dependencies between services, see Setting up the Service Dependencies.
You can configure the following blueprint types in Calm.
A single-VM blueprint is a framework that you can use to create and provision an instance and launch applications that require only one virtual machine. Single-VM blueprints enable you to quickly provide Infrastructure-as-a-Service (IaaS) to your end users. For more information, see Creating a Single-VM Blueprint.
A multi-VM blueprint is a framework that you can use to create an instance, provision, and launch applications requiring multiple VMs. You can define the underlying infrastructure of the VMs, application details, and actions that are carried out on a blueprint until the termination of the application. For more information, see Creating a Multi-VM Blueprint.
The blueprint editor provides a graphical representation of various components that allow you to visualize and configure the components and their dependencies in your environment.
Use the Blueprints tab to perform actions, such as:
Services are the virtual machine instances, existing machines or bare-metal machines, that you can provision and configure by using Calm. You can either provision a single service instance or multiple services based on the topology of your application. A service can only expose an IP address and ports on which the request is received. After a service is configured, you can clone or edit the service as required.
A service includes the following entities:
A VM defines the configuration of the virtual machine instance, the platform on which the VM will be installed, and the connection information of the machine. For example, as shown in the following figure, you need to define the name, cloud, operating system, IP address, and the connection information for an existing machine.
A package enables you to install and uninstall software on an existing machine or bare metal machine by using a script. You need to provide the credentials of the VM on which you need to run the script. A sample script is shown in the following figure. Package also defines the port number and the protocol that is used to access the service.
A service enables you to create the variables that are used to define the service-level tasks and service-level actions. As part of the service, you can also define the number of replicas that you want to create of a service. The maximum number of replicas allowed is 300.
For information about how to configure a service, see Configuring Nutanix and Existing Machine VM, Package, and Service.
Calm macros are part of a templating language for Calm scripts. These are evaluated by Calm's execution engine before the script is run.
Macros enable you to access the value of variables and properties that are set on entities. The variables can be user defined or system generated. For more information, see Variables Overview.
Macros help in making scripts generic and creating reusable workflows. You can use macros in tasks within the blueprints or in the configuration of Calm entities, such as the VM name.
Macros require a set of delimiters for evaluation. These are @@{ and }@@ . Everything within these delimiters is parsed and evaluated. For example,
Macros support the following entities.
Macros support the following data types.
Data Type | Usage |
---|---|
String |
@@{"some string"}@@ or @@{'some string'}@@
Note:
Newline or other such special
characters are not supported. You can use \ to escape quotes.
|
Numbers |
Supports integer and float. For example, @@{ 10 + 20.63 }@@
Note:
All variables
are treated as strings.
|
Macros support the following operations.
Calm allows you to access macros of an array service using a special macro which starts with calm_array . You can configure a VM with replicas and access the common macros of all the replicas. For example, you can:
@@{calm_array_name}@@
@@{calm_array_address}@@
@@{calm_array_id}@@
The following table lists the built-in macros that you can use to retrieve and display the entities.
Macro | Usage |
---|---|
@@{calm_array_index}@@ | Index of the entity within an array |
@@{calm_blueprint_name}@@ | Name of the blueprint from which the application was created |
@@{calm_blueprint_uuid}@@ | Universally unique identifier (UUID) of the blueprint from which the application was created |
@@{calm_application_name}@@ | Name of the application |
@@{calm_application_uuid}@@ | UUID of the application |
@@{calm_uuid}@@ | UUID of the entity within the application on which the current task is running |
@@{calm_random}@@ | A random number is generated each time this is used. This will be evaluated each time and should not be used in fields such as VM name. |
@@{calm_unique}@@ | A random number that is unique to this replica. This will be evaluated to the same value across runs. |
@@{calm_jwt}@@ | JWT for the currently logged in user for API authentication. |
@@{calm_now}@@
@@{calm_today}@@ |
The current time stamp |
@@{calm_time(“<format>”)}@@ | The current time in the specified format |
@@{calm_year(“YYYY”)}@@
@@{calm_year(“YY”)}@@ |
The current year in YYYY or YY format |
@@{calm_month(“short”)}@@
@@{calm_month(“long”)}@@ |
Name of the current month in long or short format |
@@{calm_day(“month”)}@@
@@{calm_day(“year”)}@@ |
Numeric day of the month or year |
@@{calm_weeknumber}@@
@@{calm_weeknumber(“iso”)}@@ |
ISO Numeric week of the year |
@@{calm_weekday(“number”)}@@
@@{calm_weekday(“name_short”)}@@ @@{calm_weekday(“name_long”)}@@ |
Day of the week in numeric or short name or long name |
@@{calm_hour(“12”)}@@
@@{calm_hour(“24”)}@@ @@{calm_hour(“am_pm”)}@@ |
Numeric hour of the day in 12:00-hour or 24:00-hour format along with AM or PM |
@@{calm_minute}@@ | Numeric minute |
@@{calm_second}@@ | Numeric second |
@@{calm_is_weekday}@@ | Displays 1 if the current day is a weekday |
@@{calm_is_long_weekday}@@ | Displays 1 if the current day is a weekday from Monday to Saturday |
@@{calm_is_within("time1", "time2")}@@ | Displays 1 if the current time is within the time1 and time2 range |
@@{calm_project_name}@@ | Displays the project name |
@@{calm_username + @nutanix.com}@@ | Displays the username |
@@{calm_float("32.65") * 2}@@
@@{calm_int(calm_array_index) + 1}@@ |
Typecast to integer. This is useful for binary operations. |
@@{calm_string(256) + "-bit"}@@
@@{"xyz" + calm_string(42)}@@ |
Typecast to string. This is useful for string concatenation. |
@@{calm_b64encode(api_response)}@@
@@{calm_b64encode("a,b,c")}@@ |
Base64 encode the data passed to this macro. |
@@{calm_b64encode(b64_encoded_data)}@@
@@{calm_b64encode("YSxiLGM=")}@@ |
Base64 decode the data passed to this macro. |
You can access the properties of a VM by using the platform macros. The following section describes the macros to access the VM properties for different providers.
Macro | Usage |
---|---|
@@{platform}@@ | To access all the properties of a VM. |
@@{platform.status.cluster_reference.uuid}@@ | To access the uuid of the cluster or the Prism element. |
@@{platform.status.resources.nic_list[0].mac_address}@@ |
To access mac the address.
Note:
Use the
nic_list
index to
access the mac address of a specific nic.
|
@@{platform.status.resources.nic_list[0].subnet_reference.name}@@ | To access the NIC name. |
@@{platform.status.resources.power_state}@@ | To get the state of the VM. |
@@{platform.status.num_sockets}@@ | To access number of sockets of the VM. |
Macro | Usage |
---|---|
@@{platform}@@ | To access all the properties of a VM. |
@@{platform.datastore[0].Name}@@ | To access the datastore name. |
@@{platform.num_sockets}@@ | To access number of sockets of the VM. |
Macro | Usage |
---|---|
@@{platform}@@ | To access all the properties of a VM. |
@@{platform.creationTimestamp}@@ | To get the VM creation time stamp. |
@@{platform.selfLink}@@ | To access the self link of the VM. |
@@{platform.networkInterfaces[0].subnetwork}@@ | To access the network details of the VM. |
The following table lists the endpoint macros for HTTP, Linux, and Windows endpoint types.
Macro | Usage |
---|---|
@@{endpoint.name}@@ | Name of the endpoint |
@@{endpoint.type}@@ | Type of the endpoint |
@@{endpoint.length}@@ | Number of IP Addresses in the endpoint |
@@{endpoint.index}@@ | Index of the IP address or VM in a given endpoint |
@@{endpoint.base_url}@@ | Base URL of the HTTP endpoint |
@@{endpoint.connection_timeout}@@ | Time interval in seconds after which the connection attempt to the endpoint stops |
@@{endpoint.retry_count}@@ | Number of attempts the system performs to create a task after each failure |
@@{endpoint.retry_interval}@@ | Time interval in seconds for each retry if the task fails |
@@{endpoint.tls_verify}@@ | Verification for the URL of the HTTP endpoint with a TLS certificate |
@@{endpoint.proxy_type}@@ | HTTP(s) proxy/SOCKS5 proxy to use |
@@{endpoint.base_urls}@@ | Base URLs of HTTP endpoints |
@@{endpoint.authentication_type}@@ | Authentication method to connect to an HTTP endpoint: Basic or None |
@@{endpoint.credential.username}@@ | User name in the credential to access the endpoint |
@@{endpoint.credential.secret}@@ | Credential secret type to access the endpoint: Passphrase or SSH Private Key |
Macro | Usage |
---|---|
@@{endpoint.name}@@ | Name of the endpoint |
@@{endpoint.type}@@ | Type of the endpoint |
@@{endpoint.length}@@ | Number of IP Addresses in the endpoint |
@@{endpoint.index}@@ | Index of the IP address or VM in a given endpoint |
@@{endpoint.address}@@ | IP address to access the endpoint device |
@@{endpoint.port}@@ | Port number to access the endpoint |
@@{endpoint.value_type}@@ | Target type of the endpoint: IP address or VM |
@@{endpoint.addresses}@@ | IP addresses to access endpoint devices |
@@{endpoint.credential.secret}@@ | Credential secret type to access the endpoint: Passphrase or SSH Private Key |
@@{endpoint.credential.username}@@ | User name in the credential to access the endpoint |
Macro | Usage |
---|---|
@@{endpoint.name}@@ | Name of the endpoint |
@@{endpoint.type}@@ | Type of the endpoint |
@@{endpoint.length}@@ | Number of IP Addresses in the endpoint |
@@{endpoint.index}@@ | Index of the IP address or VM in a given endpoint |
@@{endpoint.address}@@ | IP address to access the endpoint device |
@@{endpoint.port}@@ | Port number to access the endpoint |
@@{endpoint.value_type}@@ | Target type of the endpoint: IP address or VM |
@@{endpoint.connection_protocol}@@ | Connection protocol to access the endpoint: HTTP or HTTPS |
@@{endpoint.addresses}@@ | IP addresses to access endpoint devices |
@@{endpoint.credential.secret}@@ | Credential secret type to access the endpoint: Passphrase or SSH Private Key |
@@{endpoint.credential.username}@@ | User name in the credential to access the endpoint |
The following table lists the runbook macros.
Macro | Usage |
---|---|
@@{calm_runbook_name}@@ | Name of the runbook |
@@{calm_runbook_uuid}@@ | Universally unique identifier (UUID) of the runbook |
The following table lists the common properties of the virtual machine that are available for usage.
Properties | Usage |
---|---|
@@{address}@@ | IP address of the instance that is used by Calm to access the VM |
@@{id}@@ | ID of the platform identifier |
@@{name}@@ | Name of the VM or container |
@@{mac_address}@@ | Mac address of the VM |
@@{platform}@@ | Platform response for a GET query. This is the response in JSON format from provider. |
Macros provide a way to access the values of variables that you set on entities. Variables are either user defined or added to the entities by Calm. Variables are always present within the context of a Calm entity and are accessible directly in scripts running on that entity or any of its child entities.
The variable value of a parent entity can be accessed by the child entity unless the properties or the variables are overridden by another entity.
For example, if Variable1 is a variable that you defined on the application profile, then all child entity of the application profile can directly access the value of Variable1 in any task or script running on it as @@{variable1}@@ unless overridden by another entity.
Variables are directly accessed as @@{variable_name}@@ within any task on an entity where the variable is defined and all child entity that inherit this variable. This syntax only delivers the value for the corresponding replica in which the task is running. To get comma-separated values across replicas, you can use @@{calm_array_variable_name}@@ .
For example, on a service with 2 replicas, if you set a backup_dir variable through a set variable Escript task such as:
print "backup_dir=/tmp/backup_@@{calm_array_index}@@"
You get /tmp/backup_0 and /tmp/backup_1 values for replica 0 and 1 respectively.
When a task runs on this service with the echo "@@{backup_dir}@@" script, the script evaluates the following values in each replica of the service:
/tmp/backup_0
/tmp/backup_1
When you change the script to echo "@@{calm_array_backup_dir}@@" , the script evaluates to the following values in each replica of the service:
/tmp/backup_0,/tmp/backup_1
/tmp/backup_0,/tmp/backup_1
The syntax to access the value of variables or properties of other entities or dependencies is @@{<entity name>.<variable/attribute name>}@@ where entity name , is the name of the other entity or dependency and variable/attribute name is the name of the variable or attribute. For example:
Action-level variables are variables that are associated to an action and passed as an argument to the runlog when you run the action. Service action variables are unique for each service while the profile action variables are unique for each profile across all services and replicas. If you deploy five replicas, the service action variables will be the same across all replicas.
Action variables are used in the context of running an action and are defined at the action level. For example, if you have an action to install or uninstall a package on a particular VM, you can have the following action variables.
With multiple runs of this action, you can then install or uninstall multiple packages on the VM.
The following table lists the Nutanix variables that are available for usage.
Variables | Usage |
---|---|
@@{address}@@ | IP address of the instance that is used by Calm to access the VM |
@@{id}@@ | ID of the platform identifier |
@@{name}@@ | Name of the VM or container |
@@{mac_address}@@ | Mac address of the VM |
@@{platform}@@ | Platform response for a GET query. This is the response in JSON format from provider. |
The following table lists the built-in VMware macros that you can use to retrieve and display the entities.
Properties | Usage |
---|---|
@@{address}@@ | IP address of the instance that is used by Calm to access the VM |
@@{id}@@ | ID of the platform identifier |
@@{name}@@ | Name of the VM or container |
@@{mac_address}@@ | Mac address of the VM |
@@{platform}@@ | Platform response for a GET query. This is the response in JSON format from provider. |
The following table lists the built-in AWS macros that you can use to retrieve and display the entities.
Macros | Usage |
---|---|
@@{address}@@ |
IP address of the instance that is used by Calm to access the VM.
Note:
The
VM Name
field does not support this macro.
|
@@{id}@@ |
Internal ID of the instance that is used within the Prism.
Note:
The
VM Name
field does not support this macro.
|
@@{name}@@ |
Name of the VM.
Note:
The
VM Name
field does not support
this macro.
|
@@{aws_instance_id}@@ | Instance ID of AWS |
@@{private_ip_address}@@ | Private IP address |
@@{private_dns_name}@@ | Private DNS name |
@@{public_ip_address}@@ | Public IP address |
@@{public_dns_name}@@ | Public DNS name |
@@{vm_zone}@@ | AWS zone of instance |
@@{platform}@@ | Platform response for a GET query. This is the response in JSON format from provider. |
The following table lists the built-in GCP macros that you can use to retrieve and display the entities.
Macros | Usage |
---|---|
@@{address}@@
@@{ip_address}@@ @@{public_ip_address}@@ |
IP address of the instance that is used by Calm to access the VM.
Note:
The
VM Name
field does not support this macro.
|
@@{id}@@ |
Internal ID of the instance that is used within the Prism.
Note:
The
VM Name
field does not support this macro.
|
@@{name}@@ |
Name of the VM.
Note:
The
VM Name
field does not support
this macro.
|
@@{zone}@@ | Zone in which the VM instance is created. |
@@{platform_data}@@ | Platform response for a GET query. This is the response in JSON format from provider. |
@@{internal_ips}@@ | List of all the private IP addresses. |
@@{external_ips}@@ | List of all the public IP addresses. |
The following table lists the built-in Azure macros that you can use to retrieve and display the entities.
Macros | Usage |
---|---|
@@{address}@@ |
IP address of the instance that is used by Calm to access the VM.
Note:
The
VM Name
field does not support this macro.
|
@@{id}@@ |
Internal ID of the instance that is used within the Prism.
Note:
The
VM Name
field does not support this macro.
|
@@{name}@@ |
Name of the VM.
Note:
The
VM Name
field does not support
this macro.
|
@@{private_ip_address}@@ | Private IP address |
@@{public_ip_address}@@ | Public IP address |
@@{resource_group}@@ | Resource group name in which the VM instance is created. |
@@{platform_data}@@ | Platform response for a GET query. This is the response in JSON format from provider. |
The following table lists the Kubernetes variables that are available for usage.
Properties | Usage |
---|---|
@@{K8sPublishedService.address}@@ | IP address of the service. |
@@{K8sPublishedService.name}@@ | Name of the service. |
@@{K8sPublishedService.ingress}@@ | Load balancer IP for public service. |
@@{K8sPublishedService.platform}@@ | Platform data for the service. |
@@{K8sDeployement.name}@@ | Name of the deployment. |
@@{K8sDeployement.platform}@@ | Platform data for the deployment. |
Categories (or tags) are metadata labels that you assign to your cloud resources to categorize them for cost allocation, reporting, compliance, security, and so on. Each category is a combination of key and values.
Your providers impose a limit to the number of tags that you can use for cloud governance. The following table lists the category or tag limit imposed by each provider:
Providers | Category or Tag Limit |
---|---|
Nutanix | 30 |
AWS | 50 |
VMware | No limit |
GCP | 15 |
Azure | 15 |
Calm reserves 6 tags out of the total tags allowed by your provider and populates them automatically when you provision your VMs using Calm. For example, AWS allows a limit of 50 tags. When you provision your VM on AWS using Calm, 6 out of 50 tags are automatically populated with keys and values specific to Calm VM provisioning. You can use the remaining 46 tags to define other key-value pairs.
The following table lists the Calm-specific categories or tags and their availability for different providers:
Categories or Tags | Nutanix | AWS | VMware | GCP | Azure |
---|---|---|---|---|---|
account_uuid | X | X | X | X | |
CalmApplication | X | X | X | X | X |
CalmService | X | X | X | X | X |
CalmUsername | X | X | X | X | X |
Calm Project | X | X | X | X | |
OSType | X | X | X | X | X |
A single-VM blueprint is a framework that you can use to create and provision an instance and launch applications that require only one virtual machine.
Single-VM blueprints enable you to quickly provide Infrastructure-as-a-Service (IaaS) to your end users.
You can create single-VM blueprints with your Nutanix, VMware, AWS, GCP, or Azure accounts. Use these steps to create a single-VM blueprint with any of your provider accounts.
Perform the following steps to do the preliminary setup of your single-VM blueprint.
Perform the following steps to add VM details to your blueprint.
Configuring the VM in your blueprint is specific to the provider account and the operating system you select for your blueprint. You can configure the VM in a blueprint with Nutanix, VMware, AWS, GCP, or Azure accounts.
Perform the following steps to configure the VM in a single-VM blueprint for your Nutanix account.
vm-@@{calm_time}@@
. For more information on Calm macros,
see Macros Overview.
Perform the following steps to configure the VM in a single-VM blueprint for your VMware account.
Templates allow you to create multiple virtual machines with the same characteristics, such as resources allocated to CPU and memory or the type of virtual hardware. Templates save time and avoid errors when configuring settings and other parameters to create VMs. The VM template retrieves the list options from the configured vCenter.
For more information, refer to VMware KB articles.
A content library stores and manages content (VMs, vApp templates, and other types of files) in the form of library items. A single library item can consist of one file or multiple files. For more information about the vCenter content library, see the VMware Documentation .
Perform the following steps to configure the VM in a single-VM blueprint for your GCP account.
Perform the following steps to configure the VM in a single-VM blueprint for your AWS account.
Perform the following steps to configure the VM in a single-VM blueprint for your Azure account.
The Resource Group list displays the resource groups that are associated with the subscriptions you selected in your Azure account. In case you have not selected any subscriptions, Calm considers all the subscriptions that are available in the Azure service principal to display the resource groups. Each resource group in the list also displays the associated subscription.
Perform the following steps to configure the VM in a single-VM blueprint for your Xi Cloud account.
vm-@@{calm_time}@@
. For more information on Calm macros,
see Macros Overview.
Xi Infrastructure Service Admininistration
Guide
.
Perform the following steps to configure advanced options such as credentials, packages, pre-create and post-delete tasks. Configuring advanced options is optional for a blueprint.
Perform the following steps to configure pre-create task, post-delete task, install package, or uninstall package in a single-VM blueprint.
Perform the following steps to configure application variables in your blueprint.
[
{
"display": "HTML Tutorial",
"url": "https://www.w3schools.com/html/default.asp"
},
{
"display": "CSS Tutorial",
"url": "https://www.w3schools.com/css/default.asp"
},
{
"display": "JavaScript Tutorial",
"url": "https://www.w3schools.com/js/default.asp"
},
{
"display": "jQuery Tutorial",
"url": "https://www.w3schools.com/jquery/default.asp"
},
{
"display": "SQL Tutorial",
"url": "https://www.w3schools.com/sql/default.asp"
},
{
"display": "PHP Tutorial",
"url": "https://www.w3schools.com/php/default.asp"
},
{
"display": "XML Tutorial",
"url": "https://www.w3schools.com/xml/default.asp"
}
]
Then,
during the launch time the list options are ["HTML Tutorial","CSS
Tutorial","JavaScript Tutorial","jQuery Tutorial","SQL Tutorial","PHP
Tutorial","XML Tutorial"].
A multi-VM blueprint is a framework that you can use to create an instance, provision, and launch applications that require multiple VMs.
In a Multi-VM blueprint, you can define the underlying infrastructure of the VMs, application details, and actions that are carried out on a blueprint until the termination of the application.
Services are the virtual machine instances, existing machines or bare-metal machines, that you can provision and configure by using Calm. A service exposes the IP address and ports on which the request is received. You can either provision a single-service instance or multiple services based on the topology of your application.
For more information about services in Calm, see Services Overview.
You can define and configure the underlying infrastructure of the VM, application details, and actions that are carried out on a blueprint until the termination of the application for a service provider.
You can define the underlying infrastructure of the VM, application details, and actions that are carried out on a blueprint until the termination of the application on a Nutanix platform.
vm-@@{calm_array_index}@@-@@{calm_time}@@
. For more
information on Calm macros, see Macros Overview.
You can define the underlying infrastructure of the VM, application details, and actions that are carried out on a blueprint until the termination of the application on an AWS platform.
You can define the underlying infrastructure of the VM, application details, and actions that are carried out on a blueprint until the termination of the application on a VMware platform.
Templates allow you to create multiple virtual machines with the same characteristics, such as resources allocated to CPU and memory or the type of virtual hardware. Templates save time and avoid errors when configuring settings and other parameters to create VMs. The VM template retrieves the list options from the configured vCenter.
For more information, refer to VMware KB articles.
A content library stores and manages content (VMs, vApp templates, and other types of files) in the form of library items. A single library item can consist of one file or multiple files. For more information about the vCenter content library, see the VMware Documentation .
To know the supported VMware guest tools versions, see the
VMware Product Interoperability Matrices .
You can define the underlying infrastructure of the VM, application details, and actions that are carried out on a blueprint until the termination of the application on a GCP platform.
You can define the underlying infrastructure of the VM, application details, and actions that are carried out on a blueprint until the termination of the application on an Azure platform.
The Resource Group list displays the resource groups that are associated with the subscriptions you selected in your Azure account. In case you have not selected any subscriptions, Calm considers all the subscriptions that are available in the Azure service principal to display the resource groups. Each resource group in the list also displays the associated subscription.
For Windows VMs, the Store field specifies the certificate store on the virtual machine to which the certificate is added. The specified certificate store is implicitly created in the LocalMachine account.
For Linux VMs, the certificate file is placed under the /var/lib/waagent directory. The format of the file name is <UppercaseThumbprint>.crt for the X509 certificate and <UppercaseThumbpring>.prv for private key. Both of these files are .pem formatted.
The following section describes Azure troubleshooting.
/home/calm/log/styx.log
You can define the underlying infrastructure of the VM, application details, and actions that are carried out on a blueprint until the termination of the application on Xi cloud provider.
Xi Infrastructure Service Admininistration
Guide.
Perform the following procedure to configure Kubernetes Deployment, Containers, and Service.
A Pod is the basic execution unit of a Kubernetes application and the smallest and simplest unit in the Kubernetes object model that you create or deploy. A Pod represents processes running on your cluster.
Labels are key/value pairs that are attached to objects, such as pods. You can use Labels to specify identifying attributes of objects that are meaningful and relevant to users, but do not directly imply semantics to the core system. You can also use Labels to organize and to select subsets of objects. You can attach Labels to objects either at the creation time or later. Each object can have a set of key/value labels defined. Each key must be unique for a given object.
NodePort
). A
ClusterIP
Service, to which the
NodePort
Service routes, is automatically created.
You'll be able to contact the
NodePort
Service, from
outside the cluster, by requesting
<NodeIP>:<NodePort>
.
NodePort
and
ClusterIP
Services, to which the external load
balancer routes, are automatically created.
Labels are key/value pairs that are attached to objects, such as pods. You can use Labels to specify identifying attributes of objects that are meaningful and relevant, but do not directly imply semantics to the core system. You can also use Labels to organize and select subsets of objects. You can attach Labels to objects at creation time and add or modify at any time. Each object can have a set of key/value labels defined. Each key must be unique for a given object.
Dependencies are used to define the order in which tasks must get executed. Perform the following procedure to set up the service dependency.
An application profile provides different combinations of the service, package, and VM while configuring a blueprint. You configure application profiles and use them while launching a blueprint.
[
{
"display": "HTML Tutorial",
"url": "https://www.w3schools.com/html/default.asp"
},
{
"display": "CSS Tutorial",
"url": "https://www.w3schools.com/css/default.asp"
},
{
"display": "JavaScript Tutorial",
"url": "https://www.w3schools.com/js/default.asp"
},
{
"display": "jQuery Tutorial",
"url": "https://www.w3schools.com/jquery/default.asp"
},
{
"display": "SQL Tutorial",
"url": "https://www.w3schools.com/sql/default.asp"
},
{
"display": "PHP Tutorial",
"url": "https://www.w3schools.com/php/default.asp"
},
{
"display": "XML Tutorial",
"url": "https://www.w3schools.com/xml/default.asp"
}
]
Then,
during the launch time the list options are ["HTML Tutorial","CSS
Tutorial","JavaScript Tutorial","jQuery Tutorial","SQL Tutorial","PHP
Tutorial","XML Tutorial"].
Blueprint configuration involves adding tasks, actions, snapshot and restore configurations, and VM update configurations.
Perform the following procedure to configure a blueprint.
Credentials are used to authenticate a user to access various services in Calm. Calm supports static and dynamic credentials with key-based and password-based authentication methods.
You configure a check log-in task to check whether you are able to SSH into the VM you create. Perform the following steps to configure check log-in.
You can either select the public IP address or private IP address of a NIC.
Delay timer defines the time period when the check login script is run after the VM starts. It allows you to configure the delay time to allow guest customization script, IP, and all other services to come up before running the check login script.
Tasks are part of your deployment creation process and are run one after the other. The tasks are used to perform a variety of operations such as setting up your environment, installing a set of software on your service, and so on.
You have the following basic types of tasks.
Pre-create tasks are actions that are performed before a service is provisioned in a blueprint. For example, if you want to assign static IP addresses to your VMs by using IPAM service, you can create and run a pre-create task to receive the IP addresses before the service is provisioned. The pre-create task helps to restrict the broadcast traffic to receive the IP addresses for those VMs during the service provision.
Post-delete tasks are actions that are performed after you delete a service in a blueprint. For example, if you want to delete the assigned IP addresses from your VMs, you can add a post-delete task to delete the IP addresses after the service is deleted. The post-delete task helps to restrict the broadcast traffic to delete the IP addresses for those VMs during the service provision.
You can create the Execute task type to run scripts on the VM.
eScripts
, see Supported eScript Modules and Functions.
For sample
Powershell
scripts, see Sample Powershell Script.
You can create a Set Variable task type to change variables in a blueprint.
Escripts
, see Supported eScript Modules and Functions.
For sample
Powershell
scripts, see Sample Powershell Script.
You can create an HTTP task type to query REST calls from a URL. An HTTP task supports GET, PUT, POST, and DELETE methods.
You can create a Delay task type to set a time interval between two tasks or actions.
Pre-create tasks are actions that are performed before a service is provisioned in a blueprint. Post-delete tasks are actions that are performed after you delete a service in a blueprint.
Actions are flows to accomplish a particular task on your application. You can use actions to automate any process such as backup, upgrade, new user creation, or clean-up and enforce an order of operations across services.
You can categorize actions into the following types.
Type | Description |
---|---|
Profile Actions |
Application Profile Actions are a set of operations that you can run on your
application. For example, when you launch a blueprint, the Create action is run. When
you do not need the application for a period of time, you can run the Stop action to
gracefully stop your application. When you are ready to resume your work, you can run
Start action to bring the application back to the running state.
You have the following types of profile actions.
|
Service Actions |
Service Actions are a set of operations that are run on an individual service.
These actions cannot be run directly by the application user but can be run indirectly
using either a profile actions or a package install or uninstall operation.
Services span application profiles. For example, if you create a service action in the AHV profile, the same service action is available in the AWS profile as well. You have the following types of service actions.
|
The following are the most common custom actions that developers add to their blueprints:
Custom Action | Description |
---|---|
Scale In |
The scale-in functionality enables you to decrease the number of replicas of a
service deployment. The number of instances to be removed from a service for each
scale-in action is defined in the blueprint while configuring the task in the
profile level action.
The scale count number must be less than or equals to the minimum number of replicas defined for the service. The VM that is created last is deleted first. For information on how to configure scale in, see Adding and Configuring Scale Out and Scale In. |
Scale Out |
The scale out functionality enables you to increase the number of replicas of a
service deployment. The number of instances to be added to a service for each
scale-out action is defined in the blueprint while configuring the task in the
profile level action.
The scale count number must be less than or equals to the maximum number of replicas defined for the service. For information on how to configure scale out, see Adding and Configuring Scale Out and Scale In. |
For information about how to create an action, see Adding an Action to a Multi-VM Blueprint and Adding an Action to a Single-VM Blueprint.
An action is a set of operations that you can run on your application that are created as a result of running a blueprint.
An action is a set of operations that you can run on your application that are created as a result of running a blueprint.
Perform the following procedure to add and configure the Scale Out and Scale In task.
The snapshot and restore feature allows you to create a snapshot of a virtual machine at a particular point in time and restore from the snapshot to recreate the application VM from that time. You can configure snapshot and restore for both single-VM and multi-VM applications on a Nutanix platform. All you need to do is to add the snapshot/restore configuration to the blueprint. Adding the configuration generates separate profile actions for snapshot and restore to which you can add further tasks and actions.
For VMware, AWS, and Azure platforms, the snapshot and restore feature is available by default only to the single-VM applications.
For more information on blueprint configuration for snapshots, see Configuring Single-VM Blueprints with Nutanix for Snapshots and Configuring Multi-VM Blueprints on Nutanix for Snapshots.
The snapshot/restore action for single-VM applications with Nutanix is no longer available by default. To enable snapshot, you must add a snapshot/restore configuration to the single-VM blueprint. You can configure to create snapshots locally or on a remote cluster. Snapshot and restore is a paired action in a blueprint and are always managed together.
The snapshot/restore configuration generates separate application profile actions for snapshot and restore. These actions also allow you to add more tasks and actions as part of the snapshot and restore configuration. For example, shutting down the application and the VM before creating the snapshot or restarting the VM before a restore. You can access these actions from the Manage tab of the Applications page.
snapshot-@@{calm_array_index}@@-@@{calm_time}@@
.
You can configure the snapshot/restore action in a blueprint on Nutanix account to create snapshots locally or on a remote cluster. Snapshot/restore is a paired action for a particular service in a blueprint and are always managed together.
The snapshot/restore definition of a service generates snapshot configuration and its corresponding restore configuration. You can use these configurations to modify your snapshot and restore setup.
The snapshot/restore configuration generates separate application profile actions for snapshot and restore. These actions allow you to add more tasks and actions as part of the snapshot and restore configuration. For example, shutting down the application and the VM before creating the snapshot or restarting the VM or services before a restore. You can access these actions from the Manage tab of the Applications page to create or restore snapshots.
snapshot-@@{calm_array_index}@@-@@{calm_time}@@
.
The update configuration feature allows you to update virtual machines of running applications on Nutanix to a higher or lower configuration. Using this feature, you can modify VM specifications such as the vCPU, memory, disks, networking, or categories (tags) of a running application with minimal downtime. You no longer have to create new blueprints or approach your IT administrator to modify VM resources.
To update configurations of a running application VM, you need to perform the following actions:
As a blueprint developer, you can add update configurations for a service in the blueprint. These update configurations are at the parallel level of application profile actions and can be executed individually for a particular service. As part of the configuration, you can do the following:
For example, consider a case where the original vCPU value in the blueprint is 4. You then add a change factor to the update configuration to increase the vCPU by 1 with a maximum limit of 5. When this update is launched, you can run the action only once to increase the vCPU to 5. Once the VM is upgraded to 5 vCPU, you cannot add any more vCPUs to the VM.
The update configuration generates the corresponding action where you can add tasks to define how you want to execute the update.
For more information about adding update configuration to a blueprint, see Adding an Update Configuration to Single-VM Blueprints and Adding an Update Configuration to Multi-VM Blueprints.
You can update VM specifications from the Manage tab of applications on Nutanix. For more information, see Update VM Configurations of Running Applications.
As a blueprint developer, you can add an update configuration to a single-VM application blueprint.
The update configuration feature allows you to update the virtual machine of a running single-VM application to a higher or lower configuration. For more information, see Update Configuration for VM.
As a blueprint developer, you can add an update configuration for a service to a multi-VM application blueprint.
The update configuration feature allows you to update virtual machines of running multi-VM applications to a higher or lower configuration. For more information, see Update Configuration for VM.
After you configure a blueprint, you can publish, unpublish, launch, or delete a blueprint.
Publishing a blueprint allows you to make the blueprint available at Marketplace, so that other users can use the published blueprint. Unpublishing a blueprint allows you to remove the blueprint from the Marketplace. For more information, see Submitting a Blueprint for Approval.
Launching a blueprint allows you to deploy your application on the blueprint and start using it.
The blueprint launch page provides the following views:
Blueprints that are launched from the marketplace display only the fields that require inputs from consumers. Displaying only editable fields offers a simpler and easy launching experience for your consumers.
You can switch to View as Developer after you develop your blueprints to verify how you configured different fields and the launching experience the configuration will provide to your consumers.
For more information, see Launching a Blueprint.
After you configure a blueprint, you can submit the blueprint to get an approval from the administrator. The administrator approves the blueprint and then publishes the blueprint at the marketplace for consumption.
You launch a blueprint to deploy an application on the blueprint and start using the application.
If the validation is successful, the application is available under the Application tab.
When you enter the platform data that is invalid for a provider while creating a blueprint, you get a validation error. The following table details the invalid platform data for each provider.
Providers | Invalid Platform Data |
Nutanix | Image, NIC List, and Categories. |
GCP | Machine Type, Disk Type, Network, SubNetwork, Source, Image, Zone, and Blank Disk. |
AWS | Vpc, Security Groups, and Subnets. |
VMware | Network name, NIC Type, NIC settings mismatch, Host, Template, Datastore, Datacenter, Storage Pod, and cluster. |
Azure | Image details (publisher, offer, sku, version), Custom image, Resource group, Availability Set Id, NIC List, Network Security group, Virtual Network Name, and Subnet Name. |
The platform validation error message appears as displayed in the following image.
You can also upload configured blueprints to the Blueprints tab. Perform the following procedure to upload a blueprint.
You can also download a configured blueprint to your local machine and use it later. Perform the following procedure to download a blueprint.
Perform the following procedure to view a blueprint.
You can edit a configured blueprint from the blueprints tab. Perform the following procedure to edit a blueprint.
Perform the following procedure to delete a blueprint.
If you have configured wrong details in your blueprint, you can view the error message while saving or publishing a blueprint. Perform the following procedure to view blueprint error message.
You can recover the deleted application blueprints within a time period of 90 days after you delete an application blueprint. This chapter describes the procedure to recover a deleted blueprint.
The marketplace provides preconfigured application blueprints and runbooks for instant consumption. The marketplace is a common platform for both publishers and consumers.
The marketplace has banners to display featured applications. All listed applications display the icon of the platform that supports the application.
You can filter applications or runbooks based on their category and source. You can also search an application or runbook in the marketplace.
Before provisioning an application, you can view details such as application overview, changes made in different versions, and application-level actions.
You can view application details such as licensing, installed resources, hardware requirements, operating systems, platforms, and limitations before you provision the application. You can also view the changes made in different versions and application-level actions.
Perform the following procedure to filter application blueprints or runbooks in the marketplace.
Perform the following procedure to search an application blueprint or runbook.
You can use the Marketplace tab to launch an application blueprint that is approved and published to the marketplace. The application launch page displays the fields that are editable by the consumer.
Following are the rules for naming convention.
VM configurations in blueprints and environments are associated with accounts. The environment patching depends on the account that you associate with the marketplace blueprint and the environment you configured.
To patch a cloud provider VM that has a specific OS type, Calm finds the corresponding match in the environment. In case there are no matches available, Calm displays a notification.
The following table lists the environment patching behavior for platform-dependent and platform-independent fields:
Fields | Condition | Patching Behavior |
---|---|---|
Platform-Dependent Fields | When different accounts are associated with the blueprint and environment | Values from the environment get preference for patching, irrespective of the values in the blueprint. |
Platform-Dependent Fields | When the blueprint and the environment have the same account | Values from the environment are patched only when the fields do not have any value in the blueprint. |
Platform-Independent Fields | When different accounts are associated with the blueprint and environment | Values from the environment are patched only when the fields do not have any value in the blueprint. |
Platform-Independent Fields | When the blueprint and the environment have the same account | Values from the environment are patched only when the fields do not have any value in the blueprint. |
The following table lists the platform-dependent fields for different platforms.
Platform | Platform-Dependent Fields |
---|---|
Nutanix | Image, Categories, Cluster, and NIC |
AWS | Machine Image, Key, Instance Profile Name, VPC ID, Subnet ID, and Security Group List |
GCP | Machine Type, Zone, Network, Disk Type, Source Image, and Email |
VMware | Host, Template, Datastore, Cluster, Storage Pod, Network Name, NIC Type, Disk Location, Disk ISO Path, Folder, and Tag List |
Azure | Resource Group, Location, Availability Set ID, Resource Group Details, Resource Group Operation, Network Security Group Name, Network Name, Subnet Name, Network Security Group ID, Virtual Network ID, Subnet ID, Publisher, Offer, SKU, Version, Source Image Type, and Source Image ID |
Assume that you have two Nutanix Prism Central accounts PC1 and PC2, and you added these accounts to your project (Project1). You then create two environments in the project with the following VM configuration:
ENV1 | ENV2 |
---|---|
|
|
You then create a blueprint with a Nutanix service under Project1 having the following configuration:
When you publish this blueprint in the marketplace and launch the blueprint with a different environment, the environment patching happens as follows:
Because different accounts are associated with the blueprint and environment, all platform-dependent field values are patched from the environment to the blueprint, irrespective of the values already available in the blueprint. The blueprint is launched with the following configuration.
Because the account is same for both blueprint and environment and all the platform-dependent fields already have values, the patching does not happen. The blueprint is launched with the following configuration.
Assume that you have a Prism Central account PC1 that is associated with two Prism Elements PE1 and PE2, and you add PC1 to your project (Project1).
Assume that the associated Prism Elements have the following networks.
You then create two environments with the following VM configuration:
ENV1 | ENV2 |
---|---|
|
|
You then create a blueprint with a Nutanix service under Project1 having the following configuration:
When you publish this blueprint in the marketplace and launch the blueprint with a different environment, the environment patching happens as follows:
Prism Element accounts are derived from the NIC or subnet. The PE1_Net2 network used in the blueprint associates the blueprint to Prism Element PE1, and the PE2_Net1 network used in ENV2 associates the environment to Prism Element PE2.
Because these two networks are connected to two
different Prism Element
account_uuid
, Calm considers this case as two
different accounts associated with the blueprint and environment. All platform-dependent
field values are, therefore, patched from the environment to the blueprint, irrespective
of the values already available in the blueprint. The blueprint is launched with the
following configuration.