administering banner applications in docker containers · •new ecs task definition: terraform...
TRANSCRIPT
![Page 1: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/1.jpg)
Administering Banner Applications in Docker Containers
Gabriel Tocci
09-OCT-2019
11:15am - 12:15pm
![Page 2: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/2.jpg)
Session Format
• 60 minute time slot
• Touch on a lot of topics
• WHY Docker (brief)
• HOW Docker (demo)
• Q&A anytime
• Can you see REAL good?
• Showing Code
• Demo
• gabrieltocci.com/talks
CoHEsion Summit 2
![Page 3: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/3.jpg)
Configuration Management & IaCDeployment Automation (CD)
CoHEsion Summit 3
• Configuration management
• Ansible, Puppet, Chef, etc.
• Image-based management
• VM Cloning, Packer, Vagrant, etc.
• Containerization
• Docker, rkt, mesos
Whatever the approach, configurations should be:• Documented• Repeatable• Codified• Automated
Benefits
• Manages “drift” of configurations
• Declare intent and interactions of resources
• Auditable infrastructure
• Increases recovery speed
• Reduces go-live errors
ETSU Toolset
• Puppet – R10k
• Terraform
• Docker
• Gitlab-CI
![Page 4: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/4.jpg)
Containers: Applications contain their dependencies
CoHEsion Summit 4
Deployments are defined by the management of their dependencies:
• Operating System Flavor (CentOS, RHEL, OEL, etc.)
• OS Packages (libaio, openssl, curl, etc.)
• OS Configuration (limits, accounts, iptables, etc.)
• Application Server & Version (Tomcat 7/8)
• Application Service Configuration (data sources / connection strings, secrets, etc.)
![Page 5: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/5.jpg)
CoHEsion Summit 5
![Page 6: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/6.jpg)
Base Images v. Baked Images
CoHEsion Summit 6
• Existing images can be used a starting points for other images: base images
• Images share cached layers
• Configuring runtime parameters at container startup avoids “baking” configurations into the image
• Arguments can be passed to containers via the run command or (more commonly) through ENV variables
![Page 7: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/7.jpg)
Base Tomcat Image
CoHEsion Summit
![Page 8: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/8.jpg)
Gitlab-ci.yml
CoHEsion Summit 8
![Page 9: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/9.jpg)
Custom Entrypoint
• Python • Easy to use
• Libraries to do what we need: • OS Interaction, File Operations, YAML Config Parsing
• Pull in per-environment configurations• Secrets: S3
• Configuration files• Application
• kv replacement of secrets in config files at deployment
• Specify the startup process• Tomcat: os.system("/usr/local/tomcat/bin/catalina.sh run")
• CentOS: os.system("/usr/local/bin/start.sh")
CoHEsion Summit 9
![Page 10: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/10.jpg)
Tomcat entrypoint.py
CoHEsion Summit
![Page 11: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/11.jpg)
Config Repo
CoHEsion Summit
![Page 12: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/12.jpg)
Config: docker.ini
CoHEsion Summit
![Page 13: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/13.jpg)
Gitlab-ci.yml
CoHEsion Summit 13
![Page 14: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/14.jpg)
CoHEsion Summit 14
![Page 15: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/15.jpg)
Base Image
• OS
• OS Dependencies
• Middleware
• Libs
• Entrypoint Script
Tarball• Application
• Configuration Files
Secrets File
CoHEsion Summit 15
![Page 16: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/16.jpg)
Kubernetes
CoHEsion Summit 16
![Page 17: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/17.jpg)
Container Orchestration
CoHEsion Summit 17
• Determine what containers run:
• When? Where? How Many?
• What is the deployment strategy: spread v. binpack
• Enforce resource limits (CPU, RAM) on running containers and for deploying new containers
• Cloud based or on-premise
• Manage or a harness for metrics, logging, etc.
• May manage mesh network, shared volumes, etc.
![Page 18: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/18.jpg)
AWS Elastic Container Service
• Managed Cloud Service (Paas)
• Docker Clusters• High Availability – Multi AZ
• Scalable
• VMs (EC2) v. Fargate
• Scheduled Tasks
• AWS Integrations• Elastic Container Registry (ECR)
• Access Management (IAM)
• Logging & Alerting (Cloudwatch)• Load Balancer (ALB)
18CoHEsion Summit
![Page 19: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/19.jpg)
2 ECS ClustersPROD (pcompute) & DEV (dcompute)
CoHEsion Summit 19
![Page 20: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/20.jpg)
CoHEsion Summit 20
![Page 21: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/21.jpg)
Container Networking
Docker
Operating System
App Server
Deployment
App Server
Deployment
App Server
Deployment
:8080 :8080 :8080
:8080 :8081 :8082
CoHEsion Summit
![Page 22: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/22.jpg)
CoHEsion Summit 22
![Page 23: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/23.jpg)
CoHEsion Summit 23
![Page 24: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/24.jpg)
Deployment ProcessNew Application (install)
• New ECS Task definition: Terraform
• Base image, memory, networking, ENV (confg tar & secrets file), log group
• Add service to ECS: Terraform
• Cluster, task, count, security role, ALB target, placement strategy
• Add new route to haproxy for path to ALB
• Create ecs repository: Git
• war, config files, docker.ini
CoHEsion Summit 24
Existing Application (upgrade)• Commit new war and config files to ecs repository: git• Restart ecs task: AWS Console
![Page 25: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/25.jpg)
ECS Task
![Page 26: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/26.jpg)
ECS Service
resource "aws_ecs_service" "prod-BannerAdmin" { name = "prod-BannerAdmin" cluster = "${aws_ecs_cluster.pcompute.id}" task_definition = "${aws_ecs_task_definition.prod-BannerAdmin.arn}" desired_count = 2iam_role = "${aws_iam_role.pecs_service_role.arn}" depends_on = ["aws_iam_role_policy.pecs_service_role_policy"] load_balancer {
target_group_arn = "${aws_alb_target_group.prod-BannerAdmin.arn}" container_name = "prod-BannerAdmin", container_port = 8080
} …..
}
CoHEsion Summit
![Page 27: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/27.jpg)
ELB/HAProxy
CoHEsion Summit 27
![Page 28: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/28.jpg)
Deployment Demo
CoHEsion Summit 28
![Page 29: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/29.jpg)
Containerized Banner Apps
• Banner 8 SSB
• Banner Event Publisher
• RoboRegistrar
• PCI
• SSO Manager
• LYNX (R25)
CoHEsion Summit 29
• Application Navigator
• Admin Pages
• eTranscript API
• Goldlink (drupal portal)
• College Scheduler
• Banner Online Help
• D2L – LDI
• Banner 9 Self Service Apps
• Employee Self Service
• Student Self Service
• General Self Service
• Finance Self Service
• Banner Extensibility
• Ellucian Messaging Adapter
• Integration API
• Student API
• DegreeWorks Apps
• Dashboard
• Scribe
• Composer
• 3 API Apps
![Page 30: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/30.jpg)
Container Examples
• AdminPages• tomcat:8-jre7
• 3 instances
• 8-12 GB
• Banner 9 Self Service Apps• tomcat:8-jre7
• 2 instances
• ~2GB
• Banner 8 SSB• httpd:2.4 (apache + mod_owa)
• 3 instances
• 100-150MB
• DegreeWorks Apps• tomcat:8-jre7 / centos7-java8-sh (composer and tess)
• 2 instances / 1 instance (composer and admin apps)
• 1-3 GB
CoHEsion Summit 30
![Page 31: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/31.jpg)
Monitoring
• Prometheus
• Alerts Manager -> Slack
• Graphana
CoHEsion Summit 31
![Page 32: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/32.jpg)
CoHEsion Summit 32
![Page 33: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/33.jpg)
CoHEsion Summit 33
![Page 34: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/34.jpg)
Docker Logging
CoHEsion Summit 34
• Docker assumes logs are written to STDOUT.
• It’s your responsibility to do something with log output or log files inside your container.
• Logs are gone when the container is done running / destroyed.
![Page 35: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/35.jpg)
CoHEsion Summit 35
![Page 36: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/36.jpg)
Start with Tomcat
CoHEsion Summit 36
• Doesn’t rely on file-system persistence• Horizontal scaling• Common communication protocol: HTTP
• Better ROI on technical investment• More individual Middleware deployments• High overlap of implementation details among tomcat
deployments
• Solved problem• Plenty of examples and support
![Page 37: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/37.jpg)
Summary
• Get comfortable with Docker
• Cattle not pets
• Kubernetes or ECS
• Shift & Lift or Lift & Shift
• Baked images then Base images
CoHEsion Summit 37
![Page 38: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/38.jpg)
Whats Next?
• Containerize more apps
• EIS
• Rabbitmq
• IFEP
• Jobsub• UC4
• Increase usage of CI/CD
• Increase monitoring via Prometheus and alerting
• Greenfield
• AWS Fargate
CoHEsion Summit 38
![Page 39: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/39.jpg)
Questions?
CoHEsion Summit 39
![Page 40: Administering Banner Applications in Docker Containers · •New ECS Task definition: Terraform •Base image, memory, networking, ENV (confg tar & secrets file), log group •Add](https://reader033.vdocuments.us/reader033/viewer/2022042320/5f0a92047e708231d42c4865/html5/thumbnails/40.jpg)
Resources
• http://www.gabrieltocci.com/talks
• BanDock: Docker Group
• https://bitbucket.org/edurepo/
CoHEsion Summit 40