table of contents - red hat...unified information. red hat jboss data virtualization enables agile...
TRANSCRIPT
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.10 1.9
TableofContentsIntroduction
Acknowledgements
Introduction
Setup
Lab1-DockerRefresh(optional)
Lab2-OpenShiftCommandLineInterface(CLI)
Lab3-Analyzingamicroservicesapplication
Lab4-Changingthemicroservicesapplicationusingdataservices
Lab4partII-Changingthemicroservicesapplicationusingdataserviceswithsecurity
Resources
1
L104372-ExposingdataasservicesinamicroservicesarchitectureonOpenShiftdocumentationInthishands-onlab,you’lllearnhowtoexposedataasservicesinaMicroservicesArchitecturerunningonRedHatOpenShiftContainerPlatform(OCP).Seehowtotransformamicroservicesapplicationtousedataservicesinsteadofconnectingdirectlytotheunderlyingdatasource.Inthislab,you’lllearnhowtouseto:
Quicklydevelopabasiccontainer-basedapplication
ReusecontainerimagesfromtheRedHatcontainerregistry
Migrateasimplemicroservicesapplicationtoacontainerizedversionusingdataservicestoconnecttotheunderlyingdatasources
GetafeelforRedHatOpenShiftContainerPlatform(OCP)
You’llalsolearnwhattoolstoconsiderwhenimplementingacontainerized,microservicesarchitecture.
Audience/Intro/Prerequisites:Thislabisgearedtowardsdeveloperswhoareinterestedinlearninghowtocontainerizetheirdataapplications.Attendees,duringthissession,willexploreMicroservicearchitecture,RedHatOpenShiftContainerPlatform,RedHatJBossDataVirtualizationandRedHatJBossDataGrid.Toaccomplishthis,oneneedalittlebackgroundorexperienceinLinux.
HereyoucanfindtheL104372-ExposingdataasservicesinamicroservicesarchitectureonOpenShiftbook.
Labs
Introduction
2
Lab1 Dockerrefresh(optional)
Lab2 OpenShiftCommandLineInterface(CLI)
Lab3 AnalyzingaMicroservicesApplication
Lab4 Changingthemicroservicesapplicationusingdataservices
Lab4partII Changingthemicroservicesapplicationusingdataserviceswithsecurity
Generatehtml/pdf/epub/mobiYoumaylocallycreaterenderedformsofthedocumentation.Todothisinstallgitbookandebook-convert,thenexecutethefollowingcommandsfromthecheckoutlocation:
$gitbookbuild./L104372
$gitbookpdf./L104372L104372.pdf
$gitbookepub./L104372L104372.epub
$gitbookmobi./L104372L104372.mobi
Onceabovecommandsexecutessuccessfully,theL104372folder,L104372.pdf,L104372.epub,andL104372.mobiwillbegenerated.
Introduction
3
Acknowlegdement
RedHatSummit 2017
VersionNumber 1.0
Finalasof May5th,2017
Author(s)
BillKemp
CojanvanBallegooijen
MadouCoulibaly
TariqIslam
Acknowledgements
4
IntroductionBeforewejumpintothedemoandseehowOpenShiftcansupportapolyglotmicroservicesystembasedonmanydifferentservices,let’sspendsometimetalkingaboutthearchitectureofthedemoapplicationandthecomponentsthedemoisusing.
RedHatOpenShiftContainerPlatform
RedHatOpenShiftContainerPlatform(OCP)v3isalayeredsystemdesignedtoexposeunderlyingDocker-formattedcontainerimageandKubernetesconceptsasaccuratelyaspossible,withafocusoneasycompositionofapplicationsbyadeveloper.Forexample,installRuby,pushcode,andaddMySQL.
Theconceptofanapplicationasaseparateobjectisremovedinfavorofmoreflexiblecompositionof"services",allowingtwowebcontainerstoreuseadatabaseorexposeadatabasedirectlytotheedgeofthenetwork.
TheDockerserviceprovidestheabstractionforpackagingandcreatingLinux-based,lightweightcontainerimages.Kubernetesprovidestheclustermanagementandorchestratescontainersonmultiplehosts.OCPadds:
Sourcecodemanagement,builds,anddeploymentsfordevelopers
Managingandpromotingimagesatscaleastheyflowthroughyoursystem
Applicationmanagementatscale
Teamandusertrackingfororganizingalargedeveloperorganization
Thefollowingtopicsprovidehigh-level,architecturalinformationoncoreconceptsandobjectsyouwillencounterwhenusingOCP.ManyoftheseobjectscomefromKubernetes,whichisextendedbyOCPtoprovideamorefeature-richdevelopmentlifecycleplatform.
Containersandimagesarethebuildingblocksfordeployingyourapplications.
Podsandservicesallowforcontainerstocommunicatewitheachotherandproxyconnections.
Introduction
5
Projectsandusersprovidethespaceandmeansforcommunitiestoorganizeandmanagetheircontenttogether.
Buildsandimagestreamsallowyoutobuildworkingimagesandreacttonewimages.
Deploymentsaddexpandedsupportforthesoftwaredevelopmentanddeploymentlifecycle.
Routesannounceyourservicetotheworld.
Templatesallowformanyobjectstobecreatedatoncebasedoncustomizedparameters.
WhatIstheRedHatOpenShiftContainerPlatform(OCP)Architecture?
OCPhasamicroservices-basedarchitectureofsmaller,decoupledunitsthatworktogether.Itcanrunontopof(oralongside)aKubernetescluster,withdataabouttheobjectsstoredinetcd,areliableclusteredkey-valuestore.
ThefigurebelowdepictsthearchitecturaloverviewofRedHatOpenShiftContainerPlatform:
Thoseservicesarebrokendownbyfunction:
RESTAPIs,whichexposeeachofthecoreobjects.
Controllers,whichreadthoseAPIs,applychangestootherobjects,andreportstatusorwritebacktotheobject.
Introduction
6
UsersmakecallstotheRESTAPItochangethestateofthesystem.ControllersusetheRESTAPItoreadtheuser’sdesiredstate,andthentrytobringtheotherpartsofthesystemintosync.Forexample,whenauserrequestsabuildtheycreatea"build"object.Thebuildcontrollerseesthatanewbuildhasbeencreated,andrunsaprocessontheclustertoperformthatbuild.Whenthebuildcompletes,thecontrollerupdatesthebuildobjectviatheRESTAPIandtheuserseesthattheirbuildiscomplete.
ThecontrollerpatternmeansthatmuchofthefunctionalityinOCPisextensible.Thewaythatbuildsarerunandlaunchedcanbecustomizedindependentlyofhowimagesaremanaged,orhowdeploymentshappen.Thecontrollersareperformingthe"businesslogic"ofthesystem,takinguseractionsandtransformingthemintoreality.Bycustomizingthosecontrollersorreplacingthemwithyourownlogic,differentbehaviorscanbeimplemented.Fromasystemadministrationperspective,thisalsomeanstheAPIcanbeusedtoscriptcommonadministrativeactionsonarepeatingschedule.Thosescriptsarealsocontrollersthatwatchforchangesandtakeaction.OCPmakestheabilitytocustomizetheclusterinthiswayafirst-classbehavior.
Tomakethispossible,controllersleverageareliablestreamofchangestothesystemtosynctheirviewofthesystemwithwhatusersaredoing.ThiseventstreampusheschangesfrometcdtotheRESTAPIandthentothecontrollersassoonaschangesoccur,sochangescanrippleoutthroughthesystemveryquicklyandefficiently.However,sincefailurescanoccuratanytime,thecontrollersmustalsobeabletogetthelateststateofthesystematstartup,andconfirmthateverythingisintherightstate.Thisresynchronizationisimportant,becauseitmeansthatevenifsomethinggoeswrong,thentheoperatorcanrestarttheaffectedcomponents,andthesystemdoublecheckseverythingbeforecontinuing.Thesystemshouldeventuallyconvergetotheuser’sintent,sincethecontrollerscanalwaysbringthesystemintosync.
RedHatJBossDataVirtualization
RedHatJBossDataVirtualization(JDV)isacompletedataprovisioning,federation,integrationandmanagementsolutionthatenablesorganizationstogainactionableandunifiedinformation.RedHatJBossDataVirtualizationenablesagiledatautilizationinthreesteps:
1. Connect:Accessdatafrommultiple,heterogeneousdatasources.
2. Compose:Createreusable,business-friendlylogicaldatamodelsandviewsbycombiningandtransformingdata.
Introduction
7
3. Consume:Makeunifieddataeasilyconsumablethroughopenstandardinterfaces.
JDVincludes:
Toolsforcreatingdataviewsthatareaccessiblethroughstandardprotocols.ForthosewhoarealreadyfamiliarwithJDVoneofthetoolsistheTeiidDesignerplug-inforRedHatJBossDeveloperStudio(JBDS).
Arobustruntimeenvironmentthatprovidesenterprise-classperformance,dataintegrity,andsecurity(theJDVServer,whichexecutesasaprocesswithintheRedHatJBossEnterpriseApplicationPlatform(EAP)).
Arepositoryforstoringmetadata(ModeShape)
JDVisbasedonthefollowingcommunityprojects:
Teiid(http://www.jboss.org/teiid)
TeiidDesigner(http://www.jboss.org/teiiddesigner)
ModeShape(http://www.jboss.org/modeshape)
Introduction
8
ThefigurebelowdepictsthearchitecturaloverviewofJDV:
Introduction
9
JDVComponents Description
QueryEngine
TheheartofJDVServerisahigh-performancequeryenginethatprocessesrelational,XML,XQueryandproceduralqueriesfromfederateddatasources.Featuresincludesupportforhomogeneousschemas,heterogeneousschemas,transactions,anduserdefined
EmbeddedAneasy-to-useJDBCDriverthatcanembedtheQueryEngineinanyJavaapplication.
Server
Anenterpriseready,scalable,manageable,runtimefortheQueryEnginethatrunsinsideJBossEAPthatprovidesadditionalsecurity,fault-tolerance,andadministrativefeatures.
Connectors
JDVServerincludesarichsetofTranslatorsandResourceAdaptersthatenableaccesstoavarietyofsources,includingmostrelationaldatabases,webservices,textfiles,andldap.Needdatafromadifferentsource?Customtranslatorsandresourceadaptorscaneasilybedeveloped.
Tools
JDVServerincludesdevelopmentandadministrationtoolsto*Create-UseTeiidDesignertodefinevirtualdatabasescontainingviews,proceduresorevendynamicXMLdocuments.*Monitor&Manage-UsetheManagementConsolewithJBossEAPorusetheJDVJBossOperationsNetwork(JON)plugintocontrolanynumberofservers.*Script-UsetheAdminShelltoautomateadministrativeandtestingtasks.
TheRedHatJBossDataVirtualizationforOpenShiftimageisbasedonRedHatJBossDataVirtualization6.3.Inaddition,theJDVforOpenShiftimageisbuiltontheEAPforOpenShiftimage.Asaresult,thesamedifferencesexistfortheJDVforOpenShiftimage.TogetstartedwiththeJDVforOpenShiftimagepleasecheckouthttps://access.redhat.com/documentation/en/red-hat-xpaas/0/paged/red-hat-xpaas-jdv-for-openshift-image/chapter-3-get-started
Introduction
10
Introduction
11
Setup
DemoContext
ThedemoapplicationwehavehereisamicroservicesapplicationbuiltusingvarioustechnologieslikeSpring,AngularJSandPostgreSQLprovidinginformationoffoodandwine.Thefoodandwinedataisservedthroughthefood-serviceandwine-servicerespectively.Thedataconnectionfromboththefood-andwine-servicearetightlycoupledtothePostgreSQLdatabase.Wewouldliketodecouplethefood-andwine-serviceusingdataservicesprovidedbyRedHatJBossDataVirtualization.
GetLabMaterials
Fortheconvenienceofusersofthelab,wecreatedascriptandinstalleditonthemachineinfrontofyou.Ifyouareinthelabenvironmentpleasecheckif/home/student/summit-2017-dataservicesexits:
[student@localhost~]$cd~/summit-2017-dataservices
ifnotpleaserunthefollowing:
[student@localhost~]$getlab
Cloninginto'summit-2017-dataservices'...
Forthoseofyoufollowingalongathomeorownpc,justgitclonethegithubrepofromhttps://github.com/cvanball/summit-2017-dataservices.git.
Labstructureexplained
Thelabstructurewearegoingtouseduringthislabisdepictedanddescribedbelow.
Setup
12
[student@localhostsummit-2017-dataservices]$tree-d-L3
└──labs
├──lab1
├──lab3
│└──projects
├──lab3_ocp
│└──templates
├──lab4
│└──projects
├──lab4_ocp
│├──extensions
│├──templates
│└──vdb
└──lab4_secure_ocp
│├──extensions
│├──templates
│└──vdb
Directory Description
lab1 SampleDockerfile
lab3 Food/winemicroserviceappprojectartifactslikesourcesandbinaries
lab3_ocp Artifactsforlab3,likeOCPtemplate
lab4Food/winemicroserviceappprojectartifactslikesources,binariesanduseofJDV
lab4_ocp Artifactsforlab4withJDV,likeOCPtemplate,JDVextensions,sqlscript
lab4_secure_ocpArtifactsforlab4withJDV,likeOCPtemplate,JDVextensions,sqlscripttoshowcasesecuritycapabilitiesofJDV
Setup
13
Lab1-DockerRefresh(optional)
InthislabwewillexplorethedockerenvironmentwithinRedHatOpenShiftContainerPlatform.IfyouarefamiliarwithdockerthismayfunctionasabriefrefresherorproceedwithLab2.Ifyouarenewtodockerthiswillserveasanintroductiontodockerbasics.Don’tworry,wewillprogressrapidly.Togetthroughthislab,wearegoingtofocusontheenvironmentitselfaswellaswalkthroughsomeexerciseswithacoupleofDockerimages/containerstotellacompletestoryandpointoutsomethingsthatyoumighthavetoconsiderwhencontainerizingyourapplication.
Thislabshouldbeperformedonthemachineinfrontofyouunlessotherwiseinstructed.
Themachineshouldhavebeenbroughtupinlab.Youcanaccessthatmachineusingusernamestudentandpasswordstudent
Expectedcompletion:15minutes
Topics:
ReviewDockerandsystemd
ReviewDockerhelp
ExploreaDockerfile
Buildanimage
Launchacontainer
Inspectacontainer
Dockerandsystemd
CheckoutthesystemdunitfilethatstartsDockeronRedHatOpenShiftContainerPlatformandnoticethatitincludes3EnvironmentFiles.ThesefilestellDockerhowtheDockerdaemon,storageandnetworkingshouldbesetupandconfigured.Takealookatthosefiles
Lab1-DockerRefresh(optional)
14
too.Specifically,inthe/etc/sysconfig/dockerfilecheckouttheregistrysettings.YoumayfinditinterestingthatyoucanADD_REGISTRYandBLOCK_REGISTRY.Thinkaboutthedifferentusecasesforthat.
Performthefollowingcommandsasrootunlessinstructedotherwise.
[student@localhost~]$cat/usr/lib/systemd/system/docker.service
[student@localhost~]$cat/usr/lib/systemd/system/docker-storage-setup.service
[student@localhost~]$cat/etc/sysconfig/docker
[student@localhost~]$cat/etc/sysconfig/docker-storage
[student@localhost~]$cat/etc/sysconfig/docker-network
Nowcheckthestatusofdockerandmakesureitisrunningbeforemovingforward.ItshouldhavebeenbroughtupautomaticallyforusbytheOCPenvironment.
[student@localhost~]$sudosystemctlstatusdocker
docker.service-DockerApplicationContainerEngine
Loaded:loaded(/usr/lib/systemd/system/docker.service;enabled;vendorpreset:dis
abled)
Active:active(running)sinceWed2017-04-1204:00:12EDT;49minago
Docs:http://docs.docker.com
MainPID:1155(dockerd-current)
Memory:53.1M
CGroup:/system.slice/docker.service
├─1155/usr/bin/dockerd-current--add-runtimedocker-runc=/usr/li...
├─1208/usr/bin/docker-containerd-current-lunix:///var/run/dock...
├─12583/usr/bin/docker-containerd-shim-current333a60f20aa4656a83...
├─12872/usr/bin/docker-containerd-shim-current7db3ba876d6b184019...
├─12932/usr/bin/docker-containerd-shim-current04672958b1e3c86d47...
├─13043/usr/bin/docker-containerd-shim-current5e1c65898c640522f6...
└─13109/usr/bin/docker-containerd-shim-currentee864ca54c2c2e7d9d...
Apr1204:46:12localhost.localdomaindockerd-current[1155]:time="2017-04-12...
Apr1204:46:12localhost.localdomaindockerd-current[1155]:time="2017-04-12...
Apr1204:46:12localhost.localdomaindockerd-current[1155]:time="2017-04-12...
Apr1204:46:15localhost.localdomaindockerd-current[1155]:time="2017-04-12...
Apr1204:46:16localhost.localdomaindockerd-current[1155]:time="2017-04-12...
Apr1204:46:16localhost.localdomaindockerd-current[1155]:time="2017-04-12...
Apr1204:46:18localhost.localdomaindockerd-current[1155]:time="2017-04-12...
Apr1204:46:18localhost.localdomaindockerd-current[1155]:time="2017-04-12...
Apr1204:46:19localhost.localdomaindockerd-current[1155]:time="2017-04-12...
Apr1204:46:20localhost.localdomaindockerd-current[1155]:time="2017-04-12...
Hint:Somelineswereellipsized,use-ltoshowinfull.
DockerHelp
Lab1-DockerRefresh(optional)
15
NowthatweseehowtheDockerstartupprocessworks,weshouldmakesureweknowhowtogethelpwhenweneedit.RunthefollowingcommandstogetfamiliarwithwhatisincludedintheDockerpackageaswellaswhatisprovidedinthemanpages.Spendsometimeexploringhere.Whenyourundockerinfocheckoutthestorageconfiguration.TheCDKautomaticallysetsupstorageforusbycreatinganLVMthinpoolforuseasadevicemapperdirectdockerstoragebackend.
Checkouttheexecutablesprovided:
[student@localhost~]$rpm-qldocker|grepbin
/usr/bin/docker-containerd-current
/usr/bin/docker-containerd-shim-current
/usr/bin/docker-ctr-current
/usr/bin/docker-storage-setup
/usr/bin/dockerd-current
Checkouttheconfigurationfilesthatareprovided:
[student@localhost~]$rpm-qcdocker
/etc/sysconfig/docker-network
/etc/sysconfig/docker-storage
/etc/sysconfig/docker-storage-setup
Checkoutthedocumentationthatisprovided:
Lab1-DockerRefresh(optional)
16
[student@localhost~]$rpm-qddocker
/usr/share/doc/docker-1.12.6/AUTHORS
/usr/share/doc/docker-1.12.6/CHANGELOG.md
[student@localhost~]$docker--help
Usage:docker[OPTIONS]COMMAND[arg...]
docker[--help|-v|--version]
Aself-sufficientruntimeforcontainers……
[student@localhost~]$dockerinfo
Containers:6
Running:5
Paused:0
Stopped:1
Images:20
ServerVersion:1.12.6
OSType:linux
Architecture:x86_64
NumberofDockerHooks:2
CPUs:2
TotalMemory:11.3GiB
Name:localhost.localdomain
ID:LCWG:G2DM:GTYE:XQXP:TGFH:KEZA:BAXC:YASG:3PJ2:AJ4D:QSLD:OOUM
DockerRootDir:/var/lib/docker
DebugMode(client):false
DebugMode(server):false
Registry:https://registry.access.redhat.com/v1/
InsecureRegistries:
172.30.0.0/16
127.0.0.0/8
Registries:registry.access.redhat.com(secure),docker.io(secure)
TakealookattheDockerimagesonthesystem.YoushouldseesomeOpenshiftimagesthatarecachedintheOCPenvironmentsoyoucanbuildthecontainerswithouthavingtowaitforthecontainerimagestodownloadfromtheinternet.
Lab1-DockerRefresh(optional)
17
[student@localhost~]$dockerimages
REPOSITORY TAG
IMAGEID CREATED SIZE
registry.access.redhat.com/openshift3/ose-sti-builder v3.4.1
.12 06af71a951dd 13daysago 726.6MB
registry.access.redhat.com/openshift3/ose-haproxy-router v3.4.1
.12 0e5da1bc1bd6 13daysago 745.3MB
registry.access.redhat.com/openshift3/ose-deployer v3.4.1
.12 77323ab89f5c 13daysago 726.6MB
registry.access.redhat.com/openshift3/ose-docker-registry v3.4.1
.12 08aaa1c313ef 13daysago 806.5MB
registry.access.redhat.com/openshift3/ose v3.4.1
.12 14a5d3344278 13daysago 726.6MB
registry.access.redhat.com/openshift3/ose-pod v3.4.1
.12 310eda5cf7fd 13daysago 205MB
registry.access.redhat.com/jboss-eap-7/eap70-openshift latest
f6ca7f01844e 3weeksago 1.042GB
registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift latest
837aa4172c2c 4weeksago 972.6MB
LetsexploreaDockerfile
AsapartoftheRedHatSoftwareCollectionsoffering,RedHatprovidesanumberofcontainerimages,whicharebasedonthecorrespondingSoftwareCollections.Theseincludeapplication,daemon,anddatabaseimages.HereyoucanseeintheFROMcommandthatwearepullingaApacheWebServerbaseimagebasedonRHEL7.3thatwearegoingtouseinthisexample.Containersthatarebeingbuiltinheritthesubscriptionsofthehosttheyarerunningon,soyouonlyneedtoregisterthehostsystem.HerewearejustgoingtoexploreasimpleDockerfile.ThepurposeforthisistohavealookatsomeofthebasiccommandsthatareusedtoconstructaDockerimage.Forthislab,wewillexploreabasicApacheDockerfileandthenconfirmfunctionality.
Asthestudentuser,changedirectoryto~/summit-2017-dataservices/labs/lab1/andcatouttheDockerfile
[student@localhost~]$cd~/summit-2017-dataservices/labs/lab1
[student@localhostlab1]$catDockerfile
#Pulltherhelimagefromthelocalrepository
FROMregistry.access.redhat.com/rhscl/httpd-24-rhel7
MAINTAINERStudent<[email protected]>
USERroot
EXPOSE80
Lab1-DockerRefresh(optional)
18
Aftergainingaccesstoarepository,weEXPOSEport80,whichallowstrafficintothecontainer,andthensetthecontainertostart.
BuildanImage
NowthatwehavetakenalookattheDockerfile,letsbuildthisimage.Sinceitwasalreadybuiltpreviouslytheimageisretrievedfromthecache.
[student@localhostlab1]$dockerbuild-tredhat/apache.
SendingbuildcontexttoDockerdaemon2.048kB
Step1:FROMregistry.access.redhat.com/rhscl/httpd-24-rhel7
--->533e496998ca
Step2:MAINTAINERStudent<[email protected]>
--->Usingcache
--->2421ced729fb
Step3:USERroot
--->Usingcache
--->0fd493ddbb4a
Step4:EXPOSE80
--->Usingcache
--->3ce031e2bbc5
Successfullybuilt3ce031e2bbc5
RuntheContainer
Next,letsruntheimageandmakesureitstarted.
Lab1-DockerRefresh(optional)
19
[student@localhostlab1]$dockerrun-dt-p81:80--nameapacheredhat/apache
e9e06e014a73c7250f3c3c23d8be902fbf47db2e110d4d531c8fcadaa51a771c
[student@localhostlab1]$dockerps
CONTAINERID IMAGE
COMMAND CREATED STATUS PORTS
NAMES
e9e06e014a73 redhat/apache
"/usr/local/bin/run-h"21secondsago Up18seconds 443/tc
p,8080/tcp,8443/tcp,0.0.0.0:81->80/tcpapache
ee864ca54c2c registry.access.redhat.com/openshift3/ose-docker-registry:v3.4
.1.12"/bin/sh-cDOCKER_R"19minutesago Up19minutes
k8s_registry.8a800f10_docker-registry-1-j6jhx_default_
49d05df7-1ef3-11e7-90e8-5254006bc4cb_65305227
5e1c65898c64 registry.access.redhat.com/openshift3/ose-haproxy-router:v3.4.
1.12 "/usr/bin/openshift-r"19minutesago Up19minutes
k8s_router.6a91aafa_router-1-qcf69_default_49d
f9473-1ef3-11e7-90e8-5254006bc4cb_d29bf1f4
04672958b1e3 registry.access.redhat.com/openshift3/ose-pod:v3.4.1.12
"/pod" 19minutesago Up19minutes
k8s_POD.b6fc0873_docker-registry-1-j6jhx_defau
lt_49d05df7-1ef3-11e7-90e8-5254006bc4cb_f5a20da2
7db3ba876d6b registry.access.redhat.com/openshift3/ose-pod:v3.4.1.12
"/pod" 19minutesago Up19minutes
k8s_POD.8f3ae681_router-1-qcf69_default_49df94
73-1ef3-11e7-90e8-5254006bc4cb_7697cd22
333a60f20aa4 registry.access.redhat.com/openshift3/ose:v3.4.1.12
"/usr/bin/openshifts"20minutesago Up20minutes
Hereweareusingafewswitchestoconfiguretherunningcontainerthewaywewantit.Wearerunninga-dttorunindetachedmodewithapseudoTTY.Nextwearemappingaportfromthehosttothecontainer.Wearebeingexplicithere.WehavetoldDockertomapport81onthehosttoport80inthecontainer.Now,wecouldhaveletDockerhandlethehostsideportmappingdynamicallybypassinga-Por-p80,inwhichcaseDockerwouldhaverandomlyassignedaporttothecontainer.Finally,wepassedinthenameoftheimagethatwebuiltearlier.
Okay,letsmakesurewecanaccessthewebserver.
[student@localhostlab1]$curlhttp://localhost:81
<!DOCTYPEhtmlPUBLIC"-//W3C//DTDXHTML1.1//EN""http://www.w3.org/TR/xhtml11/DTD/xh
tml11.dtd">
<htmlxmlns="http://www.w3.org/1999/xhtml"xml:lang="en">
<head>
<title>TestPagefortheApacheHTTPServeronRedHatEnterpriseLinu
x</title>
.....
Lab1-DockerRefresh(optional)
20
StartFirefoxWebBrowserusingApplications→Favorites→FirefoxWebBrowserandpointtheURLtohttp://localhost:81andshouldseeasimilarscreenasdepictedbelow
Nowthatwehavebuiltanimage,launchedacontainerandconfirmedthatitisrunning,let'sdosomefurtherinspectionofthecontainer.WeshouldtakealookatthecontainerIPaddress.Let'susedockerinspecttodothat.
TimetoInspect
[student@localhostlab1]$dockerinspectapache
Wecanseethatthisgivesusquiteabitofinformationinjsonformat.WecanscrollaroundandfindtheIPaddress,itwillbetowardsthebottom.
Lab1-DockerRefresh(optional)
21
"Networks":{
"bridge":{
"IPAMConfig":null,
"Links":null,
"Aliases":null,
"NetworkID":"4c6c77ea7038a36ca39f11d4cfb80cb0e502d975f87d33ba
47bccccd0c6c168d",
"EndpointID":"251efeefa42411516842d8d4ca230759d8a63ef6c670a15
bc4f4e0ef3faa95ce",
"Gateway":"172.17.0.1",
"IPAddress":"172.17.0.3",
"IPPrefixLen":16,
"IPv6Gateway":"",
"GlobalIPv6Address":"",
"GlobalIPv6PrefixLen":0,
"MacAddress":"02:42:ac:11:00:03"
}
}
Let'sbemoreexplicitwithourdockerinspect
[student@localhostlab1]$dockerinspect--format'\{\{.NetworkSettings.IPAddress\}\
}'apache
172.17.0.3
YoushouldseetheIPaddressthatwasassignedtothecontainer.
Wecanapplythesamefiltertoanyvalueinthejsonoutput.Tryafewdifferentones.
Nowletslookinsidethecontainerandseewhatthatenvironmentlookslike.WefirstneedtogetthePIDofthecontainersowecanattachtothePIDnamespacewithnsenter.AfterwehavethePID,goaheadandenterthenamespacesofthecontainersubstitutingthePIDonyourcontainerfortheonelistedbelow.Takealookatthemanpagetounderstandalltheflagswearepassingtonsenter.
[student@localhostlab1]$dockerinspect--format'\{\{.State.Pid\}\}'apache
15860
[student@localhostlab1]$mannsenter
NAME
nsenter-runprogramwithnamespacesofotherprocesses
…...
[student@localhostlab1]$sudonsenter-m-u-n-i-p-t15860
[sudo]passwordforstudent:
[root@e9e06e014a73/]#
Lab1-DockerRefresh(optional)
22
Nowrunsomecommandsandexploretheenvironment.Remember,weareinaslimmeddowncontaineratthispoint-thisisbydesign.Youmayfindyourselfrestricted.
[root@e9e06e014a73/]#psaux
USERPID%CPU%MEM VSZRSSTTYSTATSTARTTIMECOMMAND
root 10.00.02581447508? Ss+09:050:00httpd-DFOREGROUND
apache 200.00.02664724712?Sl+09:050:00httpd-DFOREGROUND
apache 210.00.02664724196?Sl+09:050:00httpd-DFOREGROUND
apache 220.00.02664724200?Sl+09:050:00httpd-DFOREGROUND
apache 230.00.02664724712?Sl+09:050:00httpd-DFOREGROUND
apache 260.00.02664724196?Sl+09:050:00httpd-DFOREGROUND
apache 300.00.02664724196?Sl+09:100:00httpd-DFOREGROUND
root 320.00.0133682020?S 09:180:00-bash
root 460.00.0490401836?R+09:180:00psaux
[root@e9e06e014a73/]#ls/bin
[ findmnt msgconv sim_client
a2p find-repos-of-installmsgen size
aclocal fipscheck msgexec skill
[root@e9e06e014a73/]#cat/etc/hosts
127.0.0.1localhost
::1localhostip6-localhostip6-loopback
fe00::0ip6-localnet
ff00::0ip6-mcastprefix
ff02::1ip6-allnodes
ff02::2ip6-allrouters
172.17.0.3e9e06e014a73
[root@e9e06e014a73/]#ipaddr
-bash:ip:commandnotfound
Well,whatcanwedo?Youcaninstallsoftwareintothiscontainer.
[root@e9e06e014a73/]#yum-yinstalliproute
[root@e9e06e014a73/]#ipaddr
1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1
link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
inet127.0.0.1/8scopehostlo
valid_lftforeverpreferred_lftforever
inet6::1/128scopehost
valid_lftforeverpreferred_lftforever
16:eth0@if17:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuestateUP
link/ether02:42:ac:11:00:03brdff:ff:ff:ff:ff:fflink-netnsid0
inet172.17.0.3/16scopeglobaleth0
valid_lftforeverpreferred_lftforever
inet6fe80::42:acff:fe11:3/64scopelink
valid_lftforeverpreferred_lftforever
Lab1-DockerRefresh(optional)
23
ExitthecontainernamespacewithCTRL+dorexit.
Inadditiontousingnsentertoenterthenamespaceofyourcontainer,youcanalsoexecutecommandsinthatnamespacewithdockerexec.
$dockerexec<container-nameORcontainer-id><cmd>
[student@localhostlab1]$dockerexecapachepwd
/opt/app-root/src
Whew,sowedohavesomeoptions.Now,rememberthatthislabisallaboutcontainerizingyourexistingapps.Youwillneedsomeofthetoolslistedabovetogothroughtheprocessofcontainerizingyourapps.Troubleshootingproblemswhenyouareinacontainerisgoingtobesomethingthatyougetveryfamiliarwith.
Beforewemoveontothenextsectionlet'scleanuptheapachecontainersowedon'thaveithangingaround.
[student@localhostlab1]$dockerrm-fapache
Apache
[student@localhostlab1]$cd$HOME
[student@localhost~]$
Congratulations!!!!!Youhavecompletedthislab.
Lab1-DockerRefresh(optional)
24
Lab2-OpenShiftCommandLineInterface(CLI)
OpenShiftContainerPlatformshipswithafeaturerichwebconsoleaswellasacommandlineinterfacetool(CLI)toprovideuserswithaniceinterfacetoworkwithapplicationsdeployedtotheplatform.TheOpenShiftCLIisasingleexecutablewrittenintheGoprogramminglanguageandisavailableforthefollowingoperatingsystems:
MicrosoftWindows
macOS
Linux
Thislabshouldbeperformedonthemachineinfrontofyouunlessotherwiseinstructed.
Expectedcompletion:15minutes
Topics:
DownloadingOpenShiftCLI
ExtractingtheOpenShiftCLI
VerifyOpenShiftCLIinstallation
UsefulOpenShiftCLIcommands
TipFirstthreetopicsarealreadyperformedonthemachineinfrontofyou.IfyouareusingthismachineyoucanproceedwithparagraphUsefulOpenShiftCLIcommands.
DownloadingOpenShiftCLI
Duringthislab,wearegoingdescribehowtosetuptheOpenShiftCLItoolandaddthemtoouroperatingsystemPATHenvironmentvariablessotheexecutableisaccessiblefromanydirectoryonthecommandline.ForyourconveniencethisisexplainedandforyourreferencebutOpenShiftCLItoolisalreadyinstalledintheOCPenvironmentinfrontofyou.
Lab2-OpenShiftCommandLineInterface(CLI)
25
Tip Thisisforyourreference.Theenvironmentinfrontofyouisalreadysetupwiththeoccommand.YoucanproceedwithparagraphUsefulCLIcommands
Thefirstthingwewanttodoisdownloadthecorrectexecutableforyouroperatingsystemaslinkedbelow:OpenShiftCLIcanbedownloadedherefromtheRedHat’sCustomerPortal:https://access.redhat.com/downloads/content/290
Oncethefilehasbeendownloaded,youwillneedtoextractthecontentsasitisacompressedarchive.Iwouldsuggestsavingthisfiletothefollowingdirectories:
Windows
C:\>cdC:\OpenShift
macOS
$cd~/bin
Linux
$cd~/bin
ExtractingtheOpenShiftCLI
Onceyouhavethetoolsdownloaded,youwillneedtoextractthecontents:
Windows
Inordertoextractaziparchiveonwindows,youwillneedaziputilityinstalledonyoursystem.Withnewerversionsofwindows(greaterthanXP),thisisprovidedbytheoperatingsystem.Justrightclickonthedownloadedfileusingfileexplorerandselecttoextractthecontents.
macOS
Openupaterminalwindowandchangetothedirectorywhereyoudownloadedthefile.Onceyouareinthedirectory,enterinthefollowingcommand:
$tarzxvfoc-3.4.1.12-macosx.tar.gz
Linux
Lab2-OpenShiftCommandLineInterface(CLI)
26
Openupaterminalwindowandchangetothedirectorywhereyoudownloadedthefile.Onceyouareinthedirectory,enterinthefollowingcommand:
$tarzxvfoc-3.4.1.12-linux.tar.gz
AddingoctoyourPATH
Windows
BecausechangingyourPATHonwindowsvariesbyversionoftheoperatingsystem,wewillnotlisteachoperatingsystemhere.However,thegeneralworkflowisrightclickonyourcomputernameinsideofthefileexplorer.SelectAdvancedsystemsettings.IguesschangingyourPATHisconsideredanadvancedtask?:)Clickontheadvancedtab,andthenfinallyclickonEnvironmentvariables.Oncethenewdialogopens,selectthePathvariableandadd";C:\OpenShift"attheend.Foraneasywayout,youcouldalwaysjustcopyittoC:\Windowsoradirectoryyouknowisalreadyonyourpath.
macOS
$exportPATH=$PATH:~/bin
Linux
$exportPATH=$PATH:~/bin
Verify
Atthispoint,weshouldhavetheoctoolavailableforuse.Let’stestthisoutbyprintingtheversionoftheoccommand:
[student@localhost~]$whereisoc
oc:/usr/bin/oc/usr/share/man/man1/oc.1.gz
[student@localhost~]$ocversion
ocv3.4.1.12
kubernetesv1.4.0+776c994
features:Basic-AuthGSSAPIKerberosSPNEGO
Serverhttps://192.168.122.45:8443
openshiftv3.4.1.12
kubernetesv1.4.0+776c994
Ifyougetanerrormessage,thePATHisnotupdatedcorrectly.Ifyouneedhelp,raiseyourhandandtheinstructorwillassist.
Lab2-OpenShiftCommandLineInterface(CLI)
27
TipTheOCPenvironmentisautomaticallystartedasasystemdaemonservicecalledoc-cluster.InotherwordsnoneedtostoporstarttheOCPenvironment.thisisforyourreference.
YoucanstarttheOCPenvironmentusingthefollowingcommand:
[student@localhost~]$sudosystemctlstartoc-cluster
YoucanstoptheOCPenvironmentusingthefollowingcommand:
[student@localhost~]$sudosystemctlstopoc-cluster
CheckthestatusoftheOCPenvironmentusingthefollowingcommand:
[student@localhost~]$sudosystemctlstatusoc-cluster
oc-cluster.service-OpenShiftClusterService
Loaded:loaded(/etc/systemd/system/oc-cluster.service;enabled;vendorpreset:dis
abled)
Active:active(exited)sinceWed2017-04-1204:01:12EDT;39minago
Process:2558ExecStart=/usr/local/bin/oc-cluster-up.sh(code=exited,status=0/SUCCE
SS)
MainPID:2558(code=exited,status=0/SUCCESS)
Memory:0B
CGroup:/system.slice/oc-cluster.service
Apr1204:01:11localhost.localdomainoc-cluster-up.sh[2558]:WaitingforAPI...
Apr1204:01:11localhost.localdomainoc-cluster-up.sh[2558]:OpenShiftserve...
Apr1204:01:12localhost.localdomainoc-cluster-up.sh[2558]:--Removingtem...
Apr1204:01:12localhost.localdomainoc-cluster-up.sh[2558]:--ServerInfor...
Apr1204:01:12localhost.localdomainoc-cluster-up.sh[2558]:OpenShiftserve...
Apr1204:01:12localhost.localdomainoc-cluster-up.sh[2558]:Theserverisa...
Apr1204:01:12localhost.localdomainoc-cluster-up.sh[2558]:https://192.168...
Apr1204:01:12localhost.localdomainoc-cluster-up.sh[2558]:Tologinasadm...
Apr1204:01:12localhost.localdomainoc-cluster-up.sh[2558]:oclogin-usys...
Apr1204:01:12localhost.localdomainsystemd[1]:StartedOpenShiftClusterS...
Hint:Somelineswereellipsized,use-ltoshowinfull.
UsefulOpenShiftCLIcommands
TheOpenshiftCLIallowsinteractionwiththevariousobjectsthataremanagedbyOpenShiftContainerPlatform.Manycommonocoperationsareinvokedusingthefollowingsyntax:
[student@localhost~]$oc<action><object_type><object_name>
Where
Lab2-OpenShiftCommandLineInterface(CLI)
28
An<action>toperform,suchasgetordescribe.
The<object_type>toperformtheactionon,suchasserviceortheabbreviatedsvc.
The<object_name>ofthespecified<object_type>.
Thestudentuserissudoer.Theycanexecutecommandswith'--as=system:admin'.
Now,letsworkwiththeOCPenvironmenttoshowcasesomeusefulCLIcommands:
Openshiftclienthelp:
[student@localhost~]$ochelp
LogintotheOCPserverasadminuser:
[student@localhost~]$oclogin-usystem:admin
Loggedinto"https://192.168.122.45:8443"as"system:admin"usingexistingcredentials
.
Youhaveaccesstothefollowingprojectsandcanswitchbetweenthemwith'ocproject
<projectname>':
default
kube-system
*myproject
openshift
openshift-infra
Usingproject"myproject".
Checkwhoisloggedin:
[student@localhost~]$ocwhoami
system:admin
Displayoneormanyresourcesusing:
[student@localhost~]$ocget
[(-o|--output=)json|yaml|wide|custom-columns=...|custom-columns-file=...|go-template=.
..|go-template-file=...|jsonpath=...|jsonpath-file=...]
(TYPE[NAME|-llabel]|TYPE/NAME...)[flags][options]
Possibleresourcesincludebuilds,buildConfigs,services,pods,etc.Toseealistofcommonresources,use'ocget'.Someresourcesmayomitadvanceddetailsthatyoucanseewith'-owide'.Ifyouwantanevenmoredetailedview,use'ocdescribe'.
Lab2-OpenShiftCommandLineInterface(CLI)
29
Listallpodsinpsoutputformat
[student@localhost~]$ocgetpods
Listallpodsandshowmoredetailsaboutthem
[student@localhost~]$ocget-owidepods
ListasinglepodinJSONoutputformat.
[student@localhost~]$ocget-ojsonpodapache
ListasinglereplicationcontrollerwithspecifiedIDinpsoutputformat.
[student@localhost~]$ocgetrcapache
ListbuildconfigwithspecifiedIDinpsoutputformat.
[student@localhost~]$ocgetbcapache
ListdeploymentconfigwithspecifiedIDinpsoutputformat.
[student@localhost~]$ocgetdcapache
Endthecurrentsession.
[student@localhost~]$oclogout
LogininOCPasdeveloperuser.
[student@localhost~]$oclogin-udeveloper-pdeveloper
Loginsuccessful.
Youhaveoneprojectonthisserver:"myproject"
Usingproject"myproject".
[student@localhost~]$ocgetprojects
NAME DISPLAYNAMESTATUS
myprojectMyProjectActive
Checkwhoisloggedin.
Lab2-OpenShiftCommandLineInterface(CLI)
30
[student@localhost~]$ocwhoami
Developer
Createnewproject.
[student@localhost~]$ocnew-project<project-name>
Switchtoanotherproject.
[student@localhost~]$ocproject<project-name>
GetcurrentstatusofOCPenvironment.
[student@localhost~]$sudosystemctlstatusoc-cluster
StarttheOCPenvironment.
[student@localhost~]$sudosystemctlstartoc-cluster
StoptheOCPenvironment.
[student@localhost~]$sudosystemctlstopoc-cluster
Congratulations!!!!!Youhavecompletedthislab.
Lab2-OpenShiftCommandLineInterface(CLI)
31
Lab3-Analyzingamicroservicesapplication
Typically,itisbesttobreakdownservicesintothesimplestcomponentsandthencontainerizeeachofthemindependently.However,wheninitiallymigratinganapplicationitisnotalwayseasytobreakitupintolittlepiecesbutyoucanstartwithbigcontainersandworktowardsbreakingthemintosmallerpieces.
Inthislabwewillcreateaprojectwhichcontainsmultiplecontainerimagescomprisedofmultipleservicessinceourapplicationisalreadyamicroservicesapplication.Inlab3wewilldescribeandrunthemicroservicesapplicationwhichisalreadysplitupintomoremanageablepieces.
Thislabshouldbeperformedonthemachineinfrontofyouunlessotherwiseinstructed.
Expectedcompletion:20-30minutes
Topics:
Prerequisites
Overviewmicroservicesapplication
ExploringOpenShifttemplate
SetupOCPenvironmentbasedonpre-builtOpenShifttemplate
Exploringtherunningcontainers
Connectingtotheapplication
Prerequisites
TocheckifOpenShiftContainerPlatform(OCP)isrunningexecute:
source,bash]
[student@localhost~]$sudosystemctlstatusoc-cluster
Lab3-Analyzingamicroservicesapplication
32
IfyougetnoclusterrunningstartODPwith
[student@localhost~]$sudosystemctlstartoc-cluster
NowlogintoOpenShiftwithusernamedeveloperandpassworddeveloper:
[student@localhost~]$oclogin-udeveloper-pdeveloper
Loginsuccessful.
Youhaveoneprojectonthisserver:"myproject"
Usingproject"myproject".
YouarenowloggedintoOpenShiftandareusingthemyprojectproject.YoucanalsoviewtheOpenShiftwebconsolebyusingthesamecredentialstologinusingFirefoxWebBrowserasdepictedbelow.
Firstwearegoingtocreateanewprojectcalledlab3.
Lab3-Analyzingamicroservicesapplication
33
[student@localhost~]$ocnew-projectlab3
Nowusingproject"lab3"onserver"https://192.168.122.45:8443".
Youcanaddapplicationstothisprojectwiththe'new-app'command.Forexample,try:
ocnew-appcentos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git
tobuildanewexampleapplicationinRuby.
Overviewmicroservicesapplication
Themicroservicesapplicationwearegoingtouseinlab3isasimpleAngularJS(https://angularjs.org/)andSpring(http://spring.io/)applicationusingfoodandwinedatas.
OurinitialOpenShifttemplatewillbeusingthefollowingfourservices:
ui-service:AngularJSandSpringapplication
food-service:Backendserviceprovidingfooddata
wine-service:Backendserviceprovidingwinedata
PostgreSQLserviceservingthefoodandwinedata
Thefood-andwine-serviceareconnectingdirectlytothePostgreSQLenvironment.Theillustrationbelowdepictsthestartingpointofourmicroservicesapplication.
Lab3-Analyzingamicroservicesapplication
34
Inthenextsteps,wearegoingtosetupandruntheaboveenvironmentinOCP.ExploringMicroservicesApplicationFamiliarizeyourselfwiththeinitialMicroservicesApplicationbyopeningacodeeditorusingthefollowingsteps:
[student@localhost~]$cd~/summit-2017-dataservices/labs/lab3/projects
[student@localhost~]code.
Diveintothecode
Caution
Intheui-service,food-servicesandwine-servicesdirectoryyou’llfindallmavenbasedjavaprojects.TolimittheuseofwifiduringthisSummitlaballtheprojectsareprebuiltandtheWARfilescontainingtheuiandbusinesslogicarealreadyavailableforyourconvenience,seetargetdirectory.I.e./home/student/summit-2017-dataservices/labs/lab3/projects/ui-service/target/ROOT.war/home/student/summit-2017-dataservices/labs/lab3/projects/food-service/target/ROOT.war/home/student/summit-2017-dataservices/labs/lab3/projects/wine-service/target/ROOT.warSameappliesfortheprojectsusedinlab4.
Lab3-Analyzingamicroservicesapplication
35
ExploringOpenShifttemplate
AnOpenShifttemplatedescribesasetofobjectsthatcanbeparameterizedandprocessedtoproducealistofobjectsforcreationbyOpenShiftContainerPlatform.Theobjectstocreatecanincludeanythingthatusershavepermissiontocreatewithinaproject,forexampleservices,buildconfigurations,anddeploymentconfigurations.Atemplatemayalsodefineasetoflabelstoapplytoeveryobjectdefinedinthetemplate.Seethetemplateguidefordetailsaboutcreatingandusingtemplates.Checkoutdirectory~/summit-2017-dataservices/labs/lab3_ocp/templates.
[student@localhost~]$cd~/summit-2017-dataservices/labs/lab3_ocp
InthisdirectoryyouwillfindtheOpenShifttemplatecontainingtheconfigurationneededtosetupacompleteOCPenvironmentforlab3.Takealookatlab3-template.jsonusingapre-installedcodeeditor.
[student@localhostlab3_ocp]$codetemplates/lab3-template.json
SetupOCPenvironmentbasedonpre-builtOpenShifttemplate
IfyouhaveaJSONorYAMLfilethatdefinesatemplate,forexampleinourcaseweareusinglab3-template.json,youcanuploadthetemplatetoprojectsusingtheCLI.Thissavesthetemplatetotheprojectforrepeatedusebyanyuserwithappropriateaccesstothatproject.Seeformoreinstructionsonwritingyourowntemplates.FurthermoreyoucanusetheCLItoprocesstemplatesandusetheconfigurationthatisgeneratedtocreateobjectsasshownbelow.
Lab3-Analyzingamicroservicesapplication
36
[student@localhostlab3_ocp]$ocprocess-ftemplates/lab3-template.json|occreate-f
-
service"wineapp-wine-service"created
service"wineapp-food-service"created
service"wineapp-postgresql"created
service"wineapp-ui"created
route"wineapp-route"created
imagestream"wineapp-ui"created
imagestream"wineapp-food-service"created
imagestream"wineapp-wine-service"created
buildconfig"wineapp-food-service"created
buildconfig"wineapp-ui"created
buildconfig"wineapp-wine-service"created
deploymentconfig"wineapp-food-service"created
deploymentconfig"wineapp-postgresql"created
deploymentconfig"wineapp-ui"created
deploymentconfig"wineapp-wine-service"created
AsmentionedearlierwewouldliketominimizetheuseofwifiduringthisSummitlab.Typicallythetemplatewillbuildthepoddownloadingthesourcecodefromagithubrepository.Sincewehavealreadybuiltourprojectsusingmaven(mvncleanpackage-DskipTests),wecanusebinarydeploymentwithfollowingcommand:
[student@localhostlab3_ocp]$cd~/summit-2017-dataservices/labs/lab3
[student@localhostlab3]$ocstart-build<buildconfig><options>
FormoreinformationHowBuildsworks,seetheOpenShiftCotainerPlatformdocumentation:https://docs.openshift.com/container-platform/3.4/dev_guide/builds/index.html
Getallavailablebuildconfigs
[student@localhostlab3_ocp]$ocgetbc
NAMETYPEFROMLATEST
wineapp-food-serviceSource Binary 0
wineapp-uiSource Binary 0
wineapp-wine-serviceSource Binary 0
Nowstartthebinarybuildsusingthefollowingcommands:
Lab3-Analyzingamicroservicesapplication
37
[student@localhostlab3]$cd~/summit-2017-dataservices/labs/lab3/projects
[student@localhostprojects]$ocstart-buildwineapp-food-service--from-dir=food-serv
ice/deployments
Uploadingdirectory"food-service/deployments"asbinaryinputforthebuild...
build"wineapp-food-service-1"started
[student@localhostprojects]$ocstart-buildwineapp-wine-service--from-dir=wine-serv
ice/deployments
Uploadingdirectory"wine-service/deployments"asbinaryinputforthebuild...
build"wineapp-wine-service-1"started
[student@localhostprojects]$ocstart-buildwineapp-ui--from-dir=ui-service/deployme
nts
Uploadingdirectory"ui-service/deployments"asbinaryinputforthebuild...
build"wineapp-ui-1"started
Nowthecontainerswillbebuiltanddeployed.Let’sseehowitlookslikeintheOpenShiftWebConsole.
Exploringtherunningthecontainers
LoginintotheOpenShiftWebConsoleandloginwithusernamedeveloper
Clickonprojectlab3andthelab3overviewpageshouldappearasdepictedbelow.
Lab3-Analyzingamicroservicesapplication
38
ScrolldownandusethemenuoptionstofamiliarizewiththeOpenShiftlab3containers.
Connectingtotheapplication
AnOpenShiftContainerPlatformrouteexposesaserviceatahostname,likewww.example.com,sothatexternalclientscanreachitbyname.
Intheexampledepictedinscreenshotsbeforewecanseearoutedefinedinlab3projectwhichexposethewebuiofourfoodandwinemicroservicesapplicationaturl:http://wineapp-route-lab3.192.168.122.45.xip.io
AnotherwaytogettheroutesistonavigatetotheBrowse→Routespage.ClickontheURLoftherouteandyoushouldberedirectedtothefoodandwinemicroservicesapplicationasdepictedbelow.
Lab3-Analyzingamicroservicesapplication
39
Thewineappmicroservicesapplicationshowcasesawebapplicationprovidingcreateandreadfunctionality.ClickonWineand/orFoodandseeifexistingdataisretrievedfromthePostgreSQLdatabase.Furthermoretrytoaddyourfavoritewineandfoodusingtheapplication.
Cleanuplab3
DeleteprojectusingOpenShiftCLI
[student@localhostprojects]$ocdeleteprojectlab3
RemovethedockerimagesToremovethecreateddockerimagesduringthislabyoucando
[student@localhostprojects]$dockerimages|grepwineapp
REPOSITORYTAGIMAGEIDCREATEDSIZE
172.30.1.1:5000/lab3/wineapp-food-servicelatest1af952bac3a7Aboutanhourago877.8
MB
172.30.1.1:5000/lab3/wineapp-wine-servicelatestd934bcff78c4Aboutanhourago873MB
172.30.1.1:5000/lab3/wineapp-uilatest3db40e59a493Aboutanhourago775.9MB
Youcanremovetheimageonebyoneusing:
Lab3-Analyzingamicroservicesapplication
40
[student@localhostprojects]$dockerrmi<imageid>
Foryouconveniencewehaveascriptcalledrmlab3availablewhichremovesallimageswithwineappinthename:
[student@localhostprojects]$rmlab3
Congratulations!!!!!Youhavecompletedthislab.
Lab3-Analyzingamicroservicesapplication
41
Lab4-Changingthemicroservicesapplicationusingdataservices
InthislabyouwillchangethemicroservicesapplicationtousedataservicesprovidedbyRedHatJBossDataVirtualization.InthisprocessweexplorethechangesweneedtomakeinordertoutilizethecapabilitiesofRedHatJBossDataVirtualization.
Thislabshouldbeperformedonthemachineinfrontofyouunlessotherwiseinstructed.
Expectedcompletion:20-30minutes
Topics:
Prerequisites
OverviewMicroservicesApplicationusingdataservices
ExploringOpenShifttemplate
Setupenvironmentbasedonpre-builtOpenShifttemplate
Exploringtherunningcontainers
Connectingtotheapplication
Prerequisites
LogintoOpenShiftwithusernamedeveloperandpassworddeveloper:
[student@localhost~]$oclogin-udeveloper-pdeveloper
Loginsuccessful.
Youhaveoneprojectonthisserver:"myproject"
YouarenowloggedintoOpenShiftandareusingthemyprojectproject.Firstwearegoingtocreateanewprojectcalledlab4.
Lab4-Changingthemicroservicesapplicationusingdataservices
42
[student@localhost~]$ocnew-projectlab4
Nowusingproject"lab4"onserver"https://192.168.122.45:8443".
Youcanaddapplicationstothisprojectwiththe'new-app'command.Forexample,try:
ocnew-appcentos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git
tobuildanewexampleapplicationinRuby.
OverviewMicroservicesApplicationusingdataservices
ThemicroservicesapplicationwearegoingtouseinthislabisasimpleAngularJS(https://angularjs.org/)andSpring(http://spring.io/)application.
TheOpenShifttemplatewillbeusingthefollowingfiveservices:
ui-service:AngularJSandSpringapplication
food-service:Backendserviceprovidingfooddata
wine-service:Backendserviceprovidingwinedata
jdv-service:RedHatJBossDataVirtualization(JDV)providinganabstractionlayerbetweenthefood-service,wine-serviceandtheunderlyingPostgreSQLdatabase
PostgreSQLserviceservingthefoodandwinedata
Thefood-andwine-serviceareconnectingtotheJDVenvironmentandtheJDVenvironmentwillconnecttothePostgreSQLservice.TheillustrationbelowdepictstheendresultofourmicroservicesapplicationusingJDVrunningonOCP.
Lab4-Changingthemicroservicesapplicationusingdataservices
43
ExploringOpenShifttemplate
Checkoutdirectory~/summit-2017-dataservices/labs/lab4_ocp/templates.
[student@localhostlab4_ocp]$cd~/summit-2017-dataservices/labs/lab4_ocp
InthisdirectoryyouwillfindtheOpenShifttemplatecontainingtheconfigurationneededtosetupthecompletelab4environment.Takealookatlab4-template.jsonusingapre-installedcodeeditor.
[student@localhostlab4_ocp]$codetemplates/lab4-template.json
Lab4-Changingthemicroservicesapplicationusingdataservices
44
Comparelab4-template.jsonagainstlab3-template.jsonandseethedifferences.
[student@localhostlab4_ocp]$code-dtemplates/lab4-template.json~/summit-2017-datas
ervices/labs/lab3_ocp/templates/lab3-template.json
Theremightbemorechangesthanyourinitialthoughts,takealookattheRoute,Services,BuildConfigandDeploymentConfigsectionsespeciallythesectionswithjdvandjdv-extinthere.
Setupenvironmentbasedonpre-builtOpenShifttemplate
FilesforruntimeartifactsarepassedtotheJDVforOpenShiftimageusingtheOpenShiftsecretmechanism.Thisincludestheenvironmentfilesforthedatasourcesandresourceadapters,aswellasanyadditionaldatafiles.Thesefilesneedtobepresentlocallysowehavetocreatesecretsforthem.
[student@localhostlab4_ocp]$occreate-fextensions/datavirt-app-secret.yaml
[student@localhostlab4_ocp]$ocsecretsnewdatavirt-app-configextensions/datasource
s.properties
[student@localhostlab4_ocp]$ocadmpolicyadd-role-to-userviewsystem:serviceaccoun
t:lab4:datavirt-service-account
IfyouhaveaJSONorYAMLfilethatdefinesatemplate,forexampleinourcaseweareusinglab4-template.json,youcanuploadthetemplatetoprojectsusingtheCLI.Thissavesthetemplatetotheprojectforrepeatedusebyanyuserwithappropriateaccesstothatproject.Seeformoreinstructionsonwritingyourowntemplates.FurthermoreyoucanusetheCLItoprocesstemplatesandusetheconfigurationthatisgeneratedtocreateobjectsasshownbelow.
Lab4-Changingthemicroservicesapplicationusingdataservices
45
[student@localhostlab4_ocp]$ocprocess-ftemplates/lab4-template.json|occreate-f
-
buildconfig"rhapp-food-service"created
buildconfig"rhapp-jdv"created
buildconfig"rhapp-jdv-ext"created
buildconfig"rhapp-ui"created
buildconfig"rhapp-wine-service"created
imagestream"rhapp-food-service"created
imagestream"rhapp-jdv"created
imagestream"rhapp-jdv-ext"created
imagestream"rhapp-ui"created
imagestream"rhapp-wine-service"created
deploymentconfig"rhapp-food-service"created
deploymentconfig"rhapp-jdv"created
deploymentconfig"rhapp-postgresql"created
deploymentconfig"rhapp-ui"created
deploymentconfig"rhapp-wine-service"created
route"jdbc-rhapp-jdv"created
route"secure-rhapp-jdv"created
route"rhapp-jdv"created
route"rhapp-ui"created
service"rhapp-food-service"created
service"rhapp-jdv"created
service"rhapp-postgresql"created
service"rhapp-ui"created
service"rhapp-wine-service"created
AsmentionedearlierwewouldliketominimizetheuseofwifiduringthisSummitlab.Typicallythetemplatewillbebuiltthepoddownloadingthesourcecodefromagithubrepository.Sincewealreadyhavebuiltourprojectsusingmaven(mvncleanpackage-DskipTests)wecandobinarydeploymentwithfollowingcommand:
[student@localhostprojects]$ocstart-build<buildconfig>
FormoreinformationonHowOpenShiftBuildsworks,seetheOpenShiftCotainerPlatformdocumentation:https://docs.openshift.com/container-platform/3.4/dev_guide/builds/index.html
Getallavailablebuildconfigs.
Lab4-Changingthemicroservicesapplicationusingdataservices
46
[student@localhostlab4_ocp]$ocgetbc
NAMETYPEFROMLATEST
rhapp-food-serviceSourceBinary0
rhapp-jdvSourceBinary0
rhapp-jdv-extDockerBinary1
rhapp-uiSourceBinary0
rhapp-wine-serviceSourceBinary0
Nowstartthebinarybuildsusingthefollowingcommands:
[student@localhostlab4_ocp]$ocstart-buildrhapp-jdv-ext--from-dir=extensions
Uploadingdirectory"extensions"asbinaryinputforthebuild...
build"rhapp-jdv-ext-2"started
Beforegoingtothenextstepmakesuretherhapp-jdv-extbuildiscompleted.
[student@localhostlab4_ocp]$ocstart-buildrhapp-jdv--from-dir=vdb
Uploadingdirectory"vdb"asbinaryinputforthebuild...
build"rhapp-jdv-1"started
[student@localhostlab4_ocp]$cd~/summit-2017-dataservices/labs/lab4/projects
[student@localhostprojects]$ocstart-buildrhapp-food-service--from-dir=food-servic
e/deployments
Uploadingdirectory"food-service/deployments"asbinaryinputforthebuild...
build"rhapp-food-service-1"started
[student@localhostprojects]$ocstart-buildrhapp-wine-service--from-dir=wine-servic
e/deployments
Uploadingdirectory"wine-service/deployments"asbinaryinputforthebuild...
build"rhapp-wine-service-1"started
[student@localhostprojects]$ocstart-buildrhapp-ui--from-dir=ui-service/deployment
s
Uploadingdirectory"ui-service/deployments"asbinaryinputforthebuild...
build"rhapp-ui-1"started
Nowthecontainerswillbebuiltanddeployed.Let’sseehowitlookslikeintheOpenShiftWebConsole.LoginintotheOpenShiftWebConsoleandloginwithusernamedeveloper
ExploringtheRunningContainers
Lab4-Changingthemicroservicesapplicationusingdataservices
47
Clickprojectlab4andthelab4overviewpageshouldappearasdepictedbelow.
ScrolldownandusethemenuoptionstofamiliarizewiththeOpenShiftlab4project.
Lab4-Changingthemicroservicesapplicationusingdataservices
48
Connectingtotheapplication
AnOpenShiftContainerPlatformrouteexposesaserviceatahostname,likewww.example.com,sothatexternalclientscanreachitbyname.
Intheexampledepictedinscreenshotsbeforewecanseeroutesdefinedinlab4projectwhichexposethewebuiofourfoodandwinemicroservicesapplicationaturl:http://rhapp-ui-lab4.192.168.122.45.xip.io
AnotherwaytogettheroutesistonavigatetotheApplications→Routespage.ClickontheURLoftheuirouteandyoushouldberedirectedtothefoodandwinemicroservicesapplicationasdepictedbelow.
Lab4-Changingthemicroservicesapplicationusingdataservices
49
Clickonmenuoptionwineandyoushouldseesimilardataasdepictedbelow
Clickonmenuoptionfoodandyoushouldseesimilardataasdepictedbelow
Lab4-Changingthemicroservicesapplicationusingdataservices
50
Cleanuplab4
DeleteprojectusingOpenShiftCLI
[student@localhostprojects]$ocdeleteprojectlab4
RemovethedockerimagesToremovethecreateddockerimagesduringthislabyoucando
[student@localhostprojects]$dockerimages|greprhapp
REPOSITORYTAGIMAGEIDCREATEDSIZE
172.30.1.1:5000/lab3/rhapp-uilateste4b265ec1c0a42minutesago727.1MB
172.30.1.1:5000/lab3/rhapp-wine-servicelatesteaba6f6ce6d942minutesago796.3MB
172.30.1.1:5000/lab3/rhapp-food-servicelatest0e9a01a2f13243minutesago799.2MB
172.30.1.1:5000/lab4/rhapp-jdvlatest5b3603a285c646minutesago972.6MB
Youcanremovetheimageonebyoneusing:
[student@localhostprojects]$dockerrmi<imageid>
Foryouconveniencewehaveascriptcalledrmlab4availablewhichremovesallimageswithrhappinthename:
Lab4-Changingthemicroservicesapplicationusingdataservices
51
[student@localhostprojects]$rmlab4
Congratulations!!!!!Youhavecompletedthislab.
Lab4-Changingthemicroservicesapplicationusingdataservices
52
Lab4partII-ChangingthemicroservicesapplicationusingdataserviceswithsecurityDataroles,alsocalledentitlements,aresetsofpermissionsdefinedperVDBthatdictatedataaccess(create,read,update,delete).Datarolesuseafine-grainedpermissionsystemthatJDVwillenforceatruntimeandprovideauditlogentriesforaccessviolations.
BeforeapplyingRoleBasedAccessControl(RBAC),note/considerthefollowing:AVDBdeployedwithoutanydefineddatarolesisopenforaccesstoanyauthenticateduserRestrictsourcesystemaccessbymodelingtheVDBsuchthatImportedmetadataisnarrowedtowhatwillbeused(directlyorindirectly)bytheviewmodelsAtamoregranularlevel,sourcetablecolumnsthatwillnotbeusedorrequiredareremovedorthesourcetablemarkedasnon-updatable.
Let’sseethisinaction.
Firstwearegoingtocreateanewprojectcalledlab4-secure.
[student@localhost~]$ocnew-projectlab4-secure
Nowusingproject"lab4-secure"onserver"https://192.168.122.45:8443".
Youcanaddapplicationstothisprojectwiththe'new-app'command.Forexample,try:
ocnew-appcentos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git
tobuildanewexampleapplicationinRuby.
Checkoutdirectory~/summit-2017-dataservices/labs/lab4_secure_ocp/templates.
[student@localhost~]$cd~/summit-2017-dataservices/labs/lab4_secure_ocp
InthisdirectoryyouwillfindtheOpenShifttemplatecontainingtheconfigurationneededtosetupthecompletelab4-secureenvironment.Thetemplateisexactlythesameasinthelab4environment.Takealookatfood-vdb.xmlandwin-vdb.xmlusingapre-installedcodeeditor.
[student@localhostlab4_secure_ocp]$codevdb/secure-food-vdb.xml
[student@localhostlab4_secure_ocp]$codevdb/secure-wine-vdb.xml
Comparesecure-food-vdb.xmlandsecure-wine-vdb.xmlagainsttheoneswewereusingduringlab4andseethedifferences.Inexample:
Lab4partII-Changingthemicroservicesapplicationusingdataserviceswithsecurity
53
[student@localhostlab4_secure_ocp]$code-dvdb/secure-wine-vdb.xml~/summit-2017-dat
aservices/labs/lab4_ocp/vdb/wine-vdb.xml
[student@localhostlab4_secure_ocp]$code-dvdb/secure-food-vdb.xml~/summit-2017-dat
aservices/labs/lab4_ocp/vdb/food-vdb.xml
Notethedifferences,especiallyinthedata-rolesection.;)Setupenvironmentbasedonpre-builtOpenShifttemplateFilesforruntimeartifactsarepassedtotheJDVforOpenShiftimageusingtheOpenShiftsecretmechanism.Thisincludestheenvironmentfilesforthedatasourcesandresourceadapters,aswellasanyadditionaldatafiles.Thesefilesneedtobepresentlocallysowehavetocreatesecretsforthem.
[student@localhostlab4_secure_ocp]$occreate-fextensions/datavirt-app-secret.yaml
[student@localhostlab4_secure_ocp]$ocsecretsnewdatavirt-app-configextensions/dat
asources.properties
[student@localhostlab4_ocp]$ocadmpolicyadd-role-to-userviewsystem:serviceaccoun
t:lab4-secure:datavirt-service-account
IfyouhaveaJSONorYAMLfilethatdefinesatemplate,forexampleinourcaseweareusinglab4-secure-template.json,youcanuploadthetemplatetoprojectsusingtheCLI.Thissavesthetemplatetotheprojectforrepeatedusebyanyuserwithappropriateaccesstothatproject.Seeformoreinstructionsonwritingyourowntemplates.FurthermoreyoucanusetheCLItoprocesstemplatesandusetheconfigurationthatisgeneratedtocreateobjectsasshownbelow.
Lab4partII-Changingthemicroservicesapplicationusingdataserviceswithsecurity
54
[student@localhostlab4_ocp]$ocprocess-ftemplates/lab4-secure-template.json|occ
reate-f-
buildconfig"rhapp-sec-food-service"created
buildconfig"rhapp-sec-jdv"created
buildconfig"rhapp-sec-jdv-ext"created
buildconfig"rhapp-sec-ui"created
buildconfig"rhapp-sec-wine-service"created
imagestream"rhapp-sec-food-service"created
imagestream"rhapp-sec-jdv"created
imagestream"rhapp-sec-jdv-ext"created
imagestream"rhapp-sec-ui"created
imagestream"rhapp-sec-wine-service"created
deploymentconfig"rhapp-sec-food-service"created
deploymentconfig"rhapp-sec-jdv"created
deploymentconfig"rhapp-sec-postgresql"created
deploymentconfig"rhapp-sec-ui"created
deploymentconfig"rhapp-sec-wine-service"created
route"jdbc-rhapp-sec-jdv"created
route"secure-rhapp-sec-jdv"created
route"rhapp-sec-jdv"created
route"rhapp-sec-ui"created
service"rhapp-sec-food-service"created
service"rhapp-sec-jdv"created
service"rhapp-sec-postgresql"created
service"rhapp-sec-ui"created
service"rhapp-sec-wine-service"created
Getallavailablebuildconfigs
[student@localhostlab4_ocp]$ocgetbc
NAMETYPEFROMLATEST
rhapp-sec-food-serviceSourceBinary0
rhapp-sec-jdvSourceBinary0
rhapp-sec-jdv-extDockerBinary1
rhapp-sec-uiSourceBinary0
rhapp-sec-wine-serviceSourceBinary0
Nowstartthebinarybuildsusingthefollowingcommands:
[student@localhostlab4_secure_ocp]$ocstart-buildrhapp-sec-jdv-ext--from-dir=exten
sions
Uploadingdirectory"extensions"asbinaryinputforthebuild...
build"rhapp-sec-jdv-ext-2"started
GototheOpenShiftWebconsoleandnavigatetotheBuilds→Buildspage.Makesurethebuildrhapp-secure-jdv-extiscompletedandproceedwiththenextstep.
Lab4partII-Changingthemicroservicesapplicationusingdataserviceswithsecurity
55
[student@localhostlab4_secure_ocp]$ocstart-buildrhapp-sec-jdv--from-dir=vdb
Uploadingdirectory"vdb"asbinaryinputforthebuild...
build"rhapp-sec-jdv-2"started
[student@localhostlab4_secure_ocp]$cd~/summit-2017-dataservices/labs/lab4/projects
[student@localhostprojects]$ocstart-buildrhapp-sec-food-service--from-dir=food-se
rvice/deployments
Uploadingdirectory"food-service/deployments"asbinaryinputforthebuild...
build"rhapp-sec-food-service-1"started
[student@localhostprojects]$ocstart-buildrhapp-sec-wine-service--from-dir=wine-se
rvice/deployments
Uploadingdirectory"wine-service/deployments"asbinaryinputforthebuild...
build"rhapp-sec-wine-service-1"started
[student@localhostprojects]$ocstart-buildrhapp-sec-ui--from-dir=ui-service/deploy
ments
Uploadingdirectory"ui-service/deployments"asbinaryinputforthebuild...
build"rhapp-sec-ui-1"started
Nowthecontainerswillbebuiltanddeployed.Let’sseehowourwebapplicationandinparticularthewineandfooddatalookslikewhenclickingonWineandFoodmenuoptions.
Lab4partII-Changingthemicroservicesapplicationusingdataserviceswithsecurity
56
Doyouseeanydifferenceinthewine/fooddatacomparedtothepreviouslab4withoutsecurity?Explainwhy….
Tip checksecure-wine-vdb.xmlandsecure-food-vdb.xmlagain.
Cleanuplab4_secure
DeleteprojectusingOpenShiftCLI
[student@localhostprojects]$ocdeleteprojectlab4-secure
RemovethedockerimagesToremovethecreateddockerimagesduringthislabyoucando
Lab4partII-Changingthemicroservicesapplicationusingdataserviceswithsecurity
57
[student@localhostprojects]$dockerimages|greprhapp-sec
REPOSITORY TAG
IMAGEID CREATED SIZE
172.30.1.1:5000/lab4-secure/rhapp-sec-wine-servicelatest
6b3908837766Aboutanhourago884.7MB
172.30.1.1:5000/lab4-secure/rhapp-sec-food-servicelatest
0a774c1c21edAboutanhourago889.6MB
172.30.1.1:5000/lab4-secure/rhapp-sec-uilatest
09ec00b02d1cAboutanhourago775.6MB
172.30.1.1:5000/lab4-secure/rhapp-sec-jdvlatest
d0c414c5c4cfAboutanhourago972.7MB
172.30.1.1:5000/lab4-secure/rhapp-sec-jdv<none>
1f9933bb9eb8Aboutanhourago972.7MB
172.30.1.1:5000/lab4-secure/rhapp-sec-jdv-extlatest
ff5776835b2bAboutanhourago972.7MB
Youcanremovetheimageonebyoneusing:
[student@localhostprojects]$dockerrmi<imageid>
Foryouconveniencewehaveascriptcalledrmlab4secureavailablewhichremovesallimageswithrhappinthename:
[student@localhostprojects]$rmlab4secure
Congratulations,you’vefinishedalllabs!!!!!
Inthisyear’sSummitlabyouhavelearnthowtoexposedataasservicesinamicroservicearchitectureusingRedHatJBossDataVirtualizationrunningonRedHatOpenShiftContainerPlatform.Gotexited,seebelowforalistofusefulresourcetogetevenmoreexcited.EnjoyyourfurtherstayatRedHatSummit2017.
Lab4partII-Changingthemicroservicesapplicationusingdataserviceswithsecurity
58
Resources
Description Website
OpenShift http://www.openshift.comandhttps://developers.redhat.com/products/openshift/
OpenShiftCLItooldownload https://access.redhat.com/downloads/content/290
RedHatContainerCatalog https://access.redhat.com/containers
OpenShiftContainerTestedIntegrations https://access.redhat.com/articles/2176281
RedHatJBossDataVirtualization(JDV) http://developers.redhat.com/products/datavirt
RedHatJDV6.xSupportedConfigurations https://access.redhat.com/articles/703663
RedHatJBossDataGrid(JDG) http://developers.redhat.com/products/datagrid
RedHatJDG6.xSupportedConfigurations https://access.redhat.com/articles/115883
RedHatJDG7.xSupportedConfigurations https://access.redhat.com/articles/2435931
RedHatMiddlewareimagesforOpenShiftDocumentation
https://access.redhat.com/documentation/en/red-hat-xpaas/0/paged/red-hat-xpaas-jdv-for-openshift-image/
Resources
59