Qumulo in AWS: Qumulo Sidecar

REQUIREMENTS

Cloud Cluster with Qumulo Core 3.1.1 or above
Privileges to create users and roles in your Qumulo cluster
AWS Console access to use the following services:
- Secrets Manager—Securely stores information and credentials about the cluster/input params
- CloudWatch Metrics—Stores and allows viewing of cluster metrics
- CloudWatch Events—Invokes the scripts at a regular interval
- IAM—Gives the scripts permissions to access AWS resources
- Lambda—Runs the scripts
- EC2/EBS—Replaces EBS volumes
IAM permissions for full access to EC2, CloudFormation, Lambda, and Secrets Manager

DETAILS

The Qumulo Sidecar is a Qumulo tool that can deploy AWS services that are useful in monitoring and maintaining a Qumulo cloud cluster in AWS. The tool operates as an always-active service alongside the cluster and can be activated once your AWS cluster is up and running in order to perform the following:

Send Cluster Metrics to AWS CloudWatch

The Sidecar deploys an AWS Lambda Function that collects cluster metrics once every minute and then sends them to AWS CloudWatch. For more information on these metrics and how to find them in the CloudWatch console, check out the Qumulo in AWS: Monitoring with a CloudWatch Dashboard article.

Detect and Repair EBS Volume Failures

The Sidecar deploys an AWS Lambda Function that polls the Qumulo cluster for disk failures every 10 minutes. Once a disk failure is detected, the lambda automatically replaces the corresponding EBS volume. Check out the Qumulo in AWS: Automatic EBS Volume Replacement article for more details.

Create a Sidecar Local User Account

Several configurations must be made in the Qumulo Core Web UI prior to activating Qumulo Sidecar, including creating a user account and role for it to access Qumulo data.

Login to the Qumulo Core Web UI.
Hover over the Cluster menu and select Local Users & Groups.
Click Create to create a new user.
Specify a name and password for the user. Leave the NFS UID field blank.
NOTE: The user name can be anything; the examples below use 'SidecarUser'.
Click the Groups tab and select the check box in the Primary column in the Guests group row. Leave all other fields unchecked.
Click Create to save the user account.

Now that the Sidecar has a local account, you can configure the appropriate permissions for it to access Qumulo data.

Configure a Sidecar Custom Role

Login to the Qumulo Core Web UI.
Hover over the Cluster menu and click Role Management.
Click Create Role.
Enter a name for the role and a description if desired.
Select the following Privileges:
- ANALYTICS_READ
- CLUSTER_READ
- FS_ATTRIBUTES_READ
- NETWORK_READ
Leave all other boxes unchecked and click Save.
Click Add Member under the new role you created on the Role Management page.
Enter the name of the local user you created in the previous section.
Click Yes, Add Member to assign the custom role.

Deploy Qumulo Sidecar

Click the Qumulo Sidecar link provided in the product release notes for the version of Qumulo Core your cluster is running. A browser window will open to configure your Sidecar.
NOTE: You can find Product Release Notes for all versions of Qumulo Core in the Product Releases section of Qumulo Care.
Fill out the Stack details form with the information for your AWS cluster, including the details for the local user account you created for the Sidecar service under the Login Information section.
Enter the details for the user account you created for the Sidecar service in Create a Sidecar Local User Account earlier in this document under the Login Information section.
NOTE: See Setting Up Amazon SNS Notifications for details on creating SNS notifications.
Click Create Stack to deploy the Qumulo Sidecar.