CA Spectrum Dockerization

casp1030
About Spectrum Dockerization
Dockerized Spectrum is advantageous and beneficial for Spectrum users. Dockerized CA Spectrum components can be deployed separately, such as spectrum-one-click-server-image, spectrum-ss-image, and spectrum-sdc-image. It helps spin multiple containers to set up a distributed spectrum deployment within no time(minutes*). With dockerization, you can resolve behavioral, staging, and running issues of applications in different environments in various datacenters. Spectrum Dockerization ensures packaging of all the required configuration files and libraries and other dependencies that are required to run Spectrum in any environment. With Spectrum Dockerization, you can ensure continuous integration that is deployed automatically. The transition time from development to production can be greatly reduced as one container can be used across multiple environments. Docker images can be moved from one server to another with ease. Docker containers are highly scalable as with the demand of the users. Running Spectrum on a Container Application platform provides a seamless service abstraction layer. Any changes to Container properties (like HostName/IP change) would not majorly affect the current deployment.
Spectrum can be dockerized on Red Hat® (v.7.4) OpenShift for easy development, deployment and building of either on prem or cloud applications. 
Recommended Software Requirements
Following are the recommended software requirements for Docker engine and OpenShift installation.
For Docker Engine
  • RHEL - v7.4  (Docker-engine installation and container creation is tested on RHEL 7.4 VM)
  • Install the latest version of Docker using 'yum install docker' command.
For OpenShift
  • OpenShift - v3.6
  • RHEL - v7.4
  • Ansible - v2.5.4
  • Git 1.5
Spectrum Pre-built ISO Image Load Process
If you do not wish to build the docker images manually, follow these steps:
  1. Download the required tar.gz files from support.ca.com, onto a Linux Rhel 7.4 VM
    CA-Spectrum-SpectroSERVER-Docker-10.3.tar.gz
    CA-Spectrum-OneClickServer-Docker-10.3.tar.gz
    CA-Spectrum-SDC-Docker-10.3.tar.gz
    CA-Spectrum-OneClickServer-And-SRM-Docker-10.3.tar.gz
  2. Execute the following command to extract tar file: 
    gzip -d <filename>.tar.gz
  3. Once the above unzipped tar file is available, to extract the respective docker image, execute the command: 
    docker load -i CA-Spectrum-SpectroSERVER-Docker-10.3.tar
  4. To view the loaded docker images, execute the following command: 
    docker images
Create and Run a Native Docker Container
To create the following docker containers, run the following command:
  • To create an MLS container: 
    docker run -e LANDSCAPE_HANDLE=128 -e IS_MLS=yes -e ROOT_PASSWORD=<pwd> -it spectrum-ss-image
  • To create Non-MLS/LS containers:
    docker run -e LANDSCAPE_HANDLE=64 -e IS_MLS=no -e ROOT_PASSWORD=<pwd> -e MAIN_LOCATION_SERVER=<mlsconname> -e MAIN_LOCATION_SERVER_IP=<mlsipaddress> -it spectrum-ss-image
  • To create a OneClick Server container:
    docker run -e LANDSCAPE_HANDLE=128 -e ROOT_PASSWORD=<pwd> -e MAIN_LOCATION_SERVER=<mlsconname> -e MAIN_LOCATION_SERVER_IP=<mlsipaddress> -e TOMCAT_PORT=8080 -p 9090:8080 -it spectrum-one-click-server-image
    : LANDSCAPE_HANDLE is the environment variable and 128 is the value. Mention all the environment variables with their desired values for Spectrum installation to work.
  • To get the container id, run the following command: 
    docker ps -a
  • To log in to the container and to either start or stop the SpectroSERVER or to run any such operation, run the following the command: 
    docker exec -it <container_id> /bin/bash
  • Access the OneClick page using the url:  http://hostvmname:9090/spectrum (here 9090 is the port mapping).
    On the OneClick page, if the Non-MLS Locations Servers, do not appear, add a Non-MLS hostname, IP as part of /etc/hosts of MLS.
Troubleshooting
Q. During installation, Docker throws an error, even after updating the docker with the ‘yum update’ command. 
A.Follow these steps:
  1. Remove all previous native docker installation remnant by running command:
    [[email protected] ~]# rpm -aq | grep docker
    docker-common-1.10.3-59.el7.centos.x86_64
    [[email protected] ~]# yum remove docker*
  2. Find container-selinux: 
    [[email protected] ~]# rpm -qa | grep container-selinux
    container-selinux-1.10.3-59.el7.centos.x86_64
  3. Ensure container-selinux is not used by anything else and remove it using the commands: 
    [[email protected] ~]# rpm -q --whatrequires container-selinux-1.10.3-59.el7.centos.x86_64
    no package requires container-selinux-1.10.3-59.el7.centos.x86_64
    [[email protected] ~]# yum remove container-selinux
OpenShift Docker Installation for a Distributed SpectroSERVER
: Ensure you have atleast two VMs, one as the master node VM and the other as worker node VM. Subsequently you can scale the VM count.
Prerequisites
  1. Ensure that all machines have a Red Hat Subscription Manager.
  2. Ensure that the following repositories are enabled. Run the following commands to enable the repositories: 
    • subscription-manager config --rhsm.manage_repos =1 
    • rhel-7-server-extras-rpms/x86_64
      subscription-manager repos --enable=rhel-7-server-rpms
    • rhel-7-server-rpms/7Server/x86_64
      subscription-manager repos --enable=rhel-7-server-extras-rpms
    • rhel-7-server-rt-rpms/7Server/x86_64
      subscription-manager repos --enable=rhel-7-server-optional-rpms
OpenShift Docker Installation:
  1. Add the Domain Name Server (DNS) '<LOCALIP>' in the /etc/resolv.conf folder. 
    The
    LocalIP
     here refers to the DNS server IP. Skip this step if already configured. 
  2. The following services on all master and worker nodes, should be enabled and running.
    • systemctl status 
      NetworkManager
    • systemctl status 
      dnsmasq
    If the services are not enabled and running, execute the following commands: 
    yum -y install NetworkManager
    yum -y install dnsmasq
    service NetworkManager start
    service dnsmasq start
  3. Run the following commands on all the master and node hosts:
    yum -y update
    subscription-manager repos --enable rhel-7-server-ansible-2.5-rpms
    yum -y install vim  wget git net-tools bind-utils iptables-services bridge-utils bash-completion pyOpenSSL docker
    yum -y install ansible
  4. Enable and start the docker on master and worker nodes.
  5. Set up the SSH keys for access on all nodes. Perform this step on the MASTER NODE. Perform this step manually or use the script that is mentioned: 
    sed "s/#PermitRootLogin yes/PermitRootLogin yes/g" -i /etc/ssh/sshd_config  ; systemctl restart sshd
    ssh-keygen
    for host in master.example.com \
        node1.example.com \
        node2.example.com; \
        do ssh-copy-id -i ~/.ssh/id_rsa.pub $host; \
    done
    When running the ansible playbook from master, ssh-copyid should be done from master to master also, otherwise the playbook will fail for localhost.
  6. Clone Git repository for OpenShift release, on the master node only. 
    cd openshift-ansible
    git checkout release-1.5
  7. Create hosts file in '/etc/ansible/hosts' for the master node only.
    :
    Replace the
    <master.com>
    with <
    master node host name>
    and replace the
    <worker.com>
    with the <
    worker node host name>
    Replace
    <address>
    with respective
    master node / worker node IP
    ansible_ssh_user=root
    deployment_type=origin
    openshift_disable_check=docker_storage
    containerized=true
    openshift_release=v1.5
    openshift_image_tag=v1.5.0
    osm_cluster_network_cidr=10.163.0.0/16
    enable_excluders=false
    openshift_master_identity_providers=[{'name': 'htpasswd_auth','login': 'true', 'challenge': 'true','kind': 'HTPasswdPasswordIdentityProvider','filename': '/etc/origin/master/htpasswd'}]
    [masters]
    <master.com> openshift_ip=<address> openshift_public_ip=<address> openshift_public_hostname=<master.com> openshift_schedulable=true
    [nodes]
    <master.com> openshift_ip=<address> openshift_public_ip=<address> openshift_public_hostname=<master.com> openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_schedulable=true
    <worker.com> openshift_ip=<address> openshift_public_ip=<address> openshift_public_hostname=<worker.com> openshift_node_labels="{'region': 'primary', 'zone': 'east'}" openshift_schedulable=true
    [etcd]
    <master.com>
  8. Run the following Ansible playbook installation command, for the master node only: 
    ansible-playbook -i /etc/ansible/hosts ~/openshift-ansible/playbooks/byo/config.yml
  9.  Log in to the OpenShift UI using the url 'https://<masterhostname>:8443' (where 8443 is the default port number) and enter the admin/admin or system/admin credentials.
    If you want to create your own root credentials execute the following command on master and set a new password for root.
    htpasswd /etc/origin/master/htpasswd root
Post Installation
To create a local docker repository on OpenShift for master node:
Start the OpenShift: 
vi /etc/docker/daemon.json
{
"insecure-registries" : ["master.com:5000"]
}
Replace with the '
master node host name'
.
To Rollout/Create a local docker repository:
oc rollout latest docker-registry oc get pods
For getting the service ip of docker local registry created. This step is mandatory for OpenShift  to get the service fetch command to work.
oc login -u system:admin oc project <projectname>
ip = oc get svc -n default | grep docker-registry|awk '{print $2;}'
Login to admin login OR system login (if new access credentials are created for openshift login).
oc login -u admin:admin OR oc login -u <username>:<pwd>
Log into registry service
docker login -u openshift -p $(oc whoami -t) ip:5000
Post logging in, tag and push image onto local docker repository:
docker tag spectrumspectroserverimage <ip>:5000/spectrum/ssocsimage docker push <ip>:5000/spectrum/spectrumspectroserverimage
The project name in Openshift should be the same as the docker image which is pushed.
To get container details for OpenShift, run the following commands: 
NAME                     READY     STATUS    RESTARTS   AGE
blog-django-py-1-5bv76   1/1       Running   0          3d
command-demo             1/1       Running   0          2h
t3image-1-4991j          1/1       Running   0          4h
General OneClick command.
oc exec -it  command-demo – sh
Here 'command_demo' is the name of service.
Run an image as root user.
oc login -u system:admin   
oadm policy add-scc-to-group anyuid system:authenticated
Here 'admin' is the main admin privileges.
Spectrum Deployment Process
  1. Create a folder
    /ssyamls:
    Cd /ssyamls
  2. Navigate to the 'Docker_Openshift/' folder and pick the deploymentconfig.yaml and serviceconfig.yaml files in the deploymentconfig.yaml and change 'mls' to '<mlsname_which_you_want>' to start the deployment process. 
  3. To run a deployment, OpenShift -> Add to project ->deployment config and create a deployment.
  4. Before starting the deployment, add the Environment variables as shown:
    1. Navigate to Environment Variables > Add
    2. For MLS:
      LANDSCAPE_HANDLE=128, ROOT_PWD=<r_pwd>, IS_MLS=yes
    3. For NonMLS: 
      LANDSCAPE_HANDLE=60, ROOT_PWD=<r_pwd>, IS_MLS=no, MAIN_LOCATION_SERVER=<mls_hostname> MAIN_LOCATION_SERVER_IP=<mls_ip>
      Each Non Location Server, OneCLickServer and MainLocationServer should have a separate deployment. Add a new deployment , add environment variables and deploy. A Spectrum instance gets up and running in 5 minutes.
For Fault Tolerant Setup
:
Each Deployment is “ONE POD”. For a Fault Tolerant setup, in a pod use the scale up button to have an “SS with exact replica” meaning which has same deployment and environment variables. 
For OneClick Server
:
Expose the OneClick Server pod as a service to access OneClick Admin page from an external network.
  1. Create a service using the command:
    oc create -f service.yaml
  2. Change the name of the service file to the intended service and run the following commands:
    LANDSCAPE_HANDLE=128
    ROOT_PWD=<r_pwd>
    MAIN_LOCATION_SERVER=<mls_hostname>
    MAIN_LOCATION_SERVER_IP=<mls_ip>
  3. Once the service gets created, create route and give the hostname as master hostname or any routable hostname.
  4. Once the route is created, access the OneClickAdmin Page.
    : On OneClick page, if the Non-MLS Locations Servers, please add Non-MLS hostname, ip as part of /etc/hosts of MLS. This should conclude FT and DSS setup.