Is it possible to have a Puppet setup where you use JClouds to instantiate new virtual machines on your cloud, but then have their configuration (software stack) defined and implemented through Puppet?
Or is there something inherent to the nature of Puppet that prevents its use on a cloud provider like AWS, RackSpace or Heroku?
There are two separate issues involved here: bootstrapping puppet on cloud nodes and orchestrating between them (e.g. configure application servers with the ip address of the database).
For bootstrapping, there are many tools available; AWS CloudFormation can be integrated using user-data, CloudInit (default on Ubuntu, ec2-linux AMIs and on many EL images) supports bootstrapping puppet out of the box. Puppetlabs offer cloud provisioner, and lastly, there is Cloudify.
Other then CloudFormation and Cloudify, most tools don't manage your stack after bootstrapping and do not offer orchestration. CloudFormation itself offers only boot time orchestration and it is pretty lame. Puppet itself is lacking with respect to orchestration (compared with Chef's excellent search feature for example)
Cloudify provides ongoing stack management and fancy orchestration exposed via Puppet integration module. This gives you the ability to pass information between nodes (for service discovery, credential distribution, etc.) and bootstrap your entire system with one command. Plus it supports most clouds in existence.
Puppet is an excellent choice for configuring your cloud infrastructure, most cloud providers allow you to call a script on first boot (Ec2 has user-data), you can make this script insert some node type data then clone a puppet repo and apply it, if you don't want to run a puppet master service (which can be a hassle to setup and maintain), you can also use git to push updates to the configuration and even generate a new image on config changes to allow rapid node launches with you latest setup. Check out this blog
The only open source tool I'm aware of that directly announces puppet + jclouds integration is Apache Whirr, but this is mainly via puppet apply vs a server.
As puppet has a restful interface now, it should be possible to create native puppet support in jclouds as we do for chef. You'd be welcome to help define that :)
In the mean time, you can either use something like whirr, or craft instructions and supply them as a shell script via jclouds TemplateOptions.runScript during node creation, or later using the submitScriptOnNode command (both of which currently operate via ssh).
Related
I am trying to implement LetsEncrypt on Spring Boot app. I am using docker to deploy, I am creating a docker image locally, pushing it to docker hub and then running it in Ubuntu using this docker command docker run -d -p 80:80 myapp:latest and this is just http so now I am trying to use LetsEncrypt but I don’t know how to do it. Any help or any direction towards some links would be highly appreciated. Thanks
Architecture: need for a reverse proxy + a container orchestration tool
If your Spring-Boot container serves HTTP-only requests, you can link it with a TLS termination proxy, which will accept incoming TLS connections and forward requests to your container.
Many implementations of reverse proxys are available, which can play this role of TLS termination proxy (see this paragraph on Wikipedia), using e.g. Let's Encrypt as you suggest.
Most of these implementations are also available as Docker images, so you may want to rely on a container orchestration tool such as docker-compose along with a docker-compose.yml to create a private network for the two containers to communicate (or, use a more involved orchestration solution such as Kubernetes).
Overview of several Docker implementations
To give a few examples of Docker images that implement this, you could for instance use one of these popular reverse proxys (the first two being mentioned in Gitea's doc):
NGINX (also bundled in projects like https-portal to automate the certificate generation),
Apache2 httpd,
Træfik, which additionally provides a "monitoring dashboard" as a webapp (see also the official doc that gives many details on automatic certificate generation)
If you want to keep things simple (keeping 1 container only with the Spring-Boot app, without a sidecar), you can use the library LetsEncrypt Spring-Boot helper. It allows embedded Tomcat on Spring-Boot to obtain LetsEncrypt certificate and renew it automatically.
As the key advantage of it - it is native Java + Spring-Boot, so no sidecars are necessary, just embed the library, expose ports 80 and 443 and everything else will be done automatically.
The reason I've created it is that all those sidecars just add unnecessary configuration complexity to the application. For simple pet-projects such added complexity is not justified. Embedded Tomcat from Spring-Boot is more than enough for these kind of projects
After reading the following post I have a few questions:
https://spring.io/blog/2014/08/05/extending-spring-cloud
Imagine that I have implemented my own Spring Cloud (Cloud Platform Extensibility), and after testing in my local machine I want to deploy in different environments.
Assume that:
My environments have a Docker installation.
I do not want to install the Cloud Foundry architecture in them.
My questions are:
What are the requirements for the different environment to work with my own Spring Cloud? i.e. must I install Spring Cloud Foundry architecture in all the environment machines?
Is Spring Cloud Foundry archictecture compulsory though I have implemented my custom Spring Cloud?
Must I use commands like "cf" to upload and deploy the services?
Many thanks.
Regards,
Paco.
That is an old blog post and I feel it doesn't accurately describe Spring Cloud as it stands today. It refers to the since renamed Spring Cloud Connectors project.
Spring Cloud, built on top of Spring Boot, provides developers an easy way of building "cloud native" and "12 factor" applications. That essentially boils down to the common patterns found in modern applications such as centralized configuration, service discovery, circuit breakers, etc. This is cloud agnostic and works well in a variety of environments including AWS and GCP.
So no, Spring Cloud isn't really directly related to Cloud Foundry, however it works nicely there as it does many other places.
You probably solved your problem, but in case not and for the sake of others i'll post an answer. You can deploy a spring cloud application on docker swarm using docker compose v3 . As shown in this repository , the command docker stack deploy -f all-in-one.yml springcloud deploys the resource specified in all-in-one.yml on docker swarm. You can take a look at how docker stack works in this documentation.
Is there a way to secure Hadoop (version 2.7.2) web user interface - JobTracker, etc. - by using the available Linux accounts of the system? My goal is somewhat similar to what the old mod_auth_pam and the newer mod_authnz_external and pwauth is to Apache. I found a description on how to password protect these interfaces, however it would be much easier if an additional user-password list would not be required to be maintained just for this.
Configuring Hadoop into secure mode and using Kerberos authentication would be one option, but since I have a small cluster with few users, mainly for testing purposes, it would be nice if a not so robust solution would be available for the Jetty web server as well, since my goal is just to make the web UI not public towards the world.
I am having a java app which I am planning to migrate to Pivotal Cloud Foundry. The application uses JMX to change of the properties at runtime. Is it possible to retain the same architecture when I migrate the app to PCF or should I explore a different approach?
are you using Spring Boot in your Java app? If so, you can use JMX features with Actuator. Jolokia helps you to do this via JMX over HTTP.
Please refer: Spring Boot JMX Management
If this is a traditional Java App, you have pushed into PCF, you can use Java build pack features to enable JMX.
Please refer: Enable JMX port via Java Build Pack
Please try and let us know how it goes.
For a PCF app, the cloud environment should provide dependencies needed for your app. You can inject these dependencies for runtime in various ways, for instance, provide environment settings.
If you need say credentials at runtime, you can look at Spring Cloud Services, and the Config server. If you are looking for other services, you can use Service registry and discovery (based on Netflix Eureka component) within Spring Cloud Services.
It all depends on your use case.
Can you elaborate more on "change properties at runtime"?
I am pretty new to Amazon AWS technologies, and I have been going through all their documentation. My goal is to create a new web service for a use case (preferably REST) using Tomcat.
I want to use this service in multiple clients like Android, Iphone, Tablet, Web etc.
Some of the examples I want to support are like -
GET http://myservice.com/user/{userid}
PUT http://myservice.com/user/{user-data}
Does AWS or any other cloud service providers provide anything out of the box for deploying such services with minimal code changes?
With AWS, you create a virtual server, customize it, and then use it. When you create a server, you pick your operating system and the size of the server you need. Once it is running, you can login and customize it.
For example, you might start a linux server using the Amazon Linux AMI (amazon machine image). You can use yum to install tomcat. You can drop your war file into the tomcat webapps directory.
Set up access in the security group (firewall) to allow your clients to access the relevant port(s).
Bottom line is that the process is basically the same as if you are doing this on a new server of your own.