Scribd Logo
Upload

Welcome to Scribd!

  • 24 views

    2017-01-18 - RedHat at CERN - Web Application Hosting With Openshift and Docker

    Uploaded by

    PK
    This document summarizes using Docker images and Openshift for web application hosting at CERN. It discusses automating Docker image builds with GitLab CI, using a Docker registry, and hosting web applications on Openshift. Openshift provides a platform as a service (PaaS) for hosting central services and applications. It offers templates for self-service applications and more flexibility than maintaining individual VMs. The architecture uses Openshift Origin with HA masters and routers managing containers on worker nodes. Openshift integrates with CERN authentication, storage, and networking. The goal is to centralize more web hosting on Openshift containers to reduce servers.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    2017-01-18 - RedHat at CERN - Web Application Hosting With Openshift and Docker

    Uploaded by

    PK
    24 views13 pages
    This document summarizes using Docker images and Openshift for web application hosting at CERN. It discusses automating Docker image builds with GitLab CI, using a Docker registry, and hosting web applications on Openshift. Openshift provides a platform as a service (PaaS) for hosting central services and applications. It offers templates for self-service applications and more flexibility than maintaining individual VMs. The architecture uses Openshift Origin with HA masters and routers managing containers on worker nodes. Openshift integrates with CERN authentication, storage, and networking. The goal is to centralize more web hosting on Openshift containers to reduce servers.

    Original Description:

    VV

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes using Docker images and Openshift for web application hosting at CERN. It discusses automating Docker image builds with GitLab CI, using a Docker registry, and hosting web applications on Openshift. Openshift provides a platform as a service (PaaS) for hosting central services and applications. It offers templates for self-service applications and more flexibility than maintaining individual VMs. The architecture uses Openshift Origin with HA masters and routers managing containers on worker nodes. Openshift integrates with CERN authentication, storage, and networking. The goal is to centralize more web hosting on Openshift containers to reduce servers.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    24 views13 pages

    2017-01-18 - RedHat at CERN - Web Application Hosting With Openshift and Docker

    Uploaded by

    PK
    This document summarizes using Docker images and Openshift for web application hosting at CERN. It discusses automating Docker image builds with GitLab CI, using a Docker registry, and hosting web applications on Openshift. Openshift provides a platform as a service (PaaS) for hosting central services and applications. It offers templates for self-service applications and more flexibility than maintaining individual VMs. The architecture uses Openshift Origin with HA masters and routers managing containers on worker nodes. Openshift integrates with CERN authentication, storage, and networking. The goal is to centralize more web hosting on Openshift containers to reduce servers.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 13

    Web application hosting with

    Openshift, and Docker images


    Alex Lossent – IT-CDA-WF

    Red Hat at CERN 18/1/2017


    Outline
    • Docker images
    • Image build
    • Registry
    • Web Application Hosting with Openshift
    • Web hosting overview
    • Use cases
    • Central service hosting
    • Application templates
    • Custom user applications
    • Architecture

    Red Hat at CERN 18/1/2017


    Docker images
    • Image build automation with GitLab-CI
    • Dedicated runner tag
    • Custom Docker image with access to Docker daemon to
    run ‘docker build’
    • User-provided script ignored
    • Docker registry: GitLab Container Registry
    • Common hierarchy and permissions with GitLab projects

    Red Hat at CERN 18/1/2017


    Web Hosting: overview
    • CERN Web
    Services
    • Hosting 13000
    “central” sites

    5198
    CMS

    4209
    PaaS
    2592

    Static/CGI
    1058

    211

    158
    120

    DRUPAL SHAREPOINT J2EEAPP OPENSHIFT AFSGATEWAY EOS IIS


    CMS PAAS STATIC/CGI

    Red Hat at CERN 18/1/2017


    Web Hosting
    • Common features for all “central” sites
    • Ownership/lifecycle management (FIM)
    • SSO, visibility (Intranet/Internet)
    • Review & (un)block by security team
    • Hundreds of independent web servers
    • Need for a library/framework version not
    provided in “central” sites
    • Large web applications
    • How to reduce the need for such servers?

    Red Hat at CERN 18/1/2017


    Openshift: use cases
    • Initial motivation: PaaS for Jenkins instances
    • Evaluated Openshift v2, then v3 end 2014
    • Expanded scope
    • Platform to host “central” services (from CDA)

    • Provide CERN users with self-service application


    templates

    • Increase flexibility of central web hosting and


    support custom web apps without dedicated VMs

    Red Hat at CERN 18/1/2017


    Openshift as a tool for developers
    • Facilitate deployment and operation of web
    applications:
    • Getting started with a web application/prototype
    • Automate application deployment, rollback changes
    • No need to maintain a VM and its OS
    • Switch hosting platform (container portability)
    • Good integration with code hosting (GitLab)
    • CI/CD pipelines (GitLab/Jenkins)
    • GitLab Review apps

    Red Hat at CERN 18/1/2017


    Openshift CI example

    Red Hat at CERN 18/1/2017


    Openshift: architecture
    • Openshift Origin 1.3
    • Puppet-managed VMs + BYO Ansible playbook
    • HA setup (masters and routers)
    • Prod cluster: 5 large worker node VMs
    • sufficient for 33 Jenkins instances + CDA apps
    • Integrated with CERN environment
    • Web Services/FIM: project lifecycle, DNS
    management
    • Authentication: SSO (SAML), LDAP, Kerberos
    • Storage: NFS, EOS, CVMFS

    Red Hat at CERN 18/1/2017


    Openshift: integration
    • Internal Python app to:
    • Implement Web Services API for project lifecycle
    and security (visibility, blocking…)
    • Customize autogeneration of DNS names on
    routes
    • Automate SSO (SAML) registration
    • Provision NFS volumes from the NFS Filer
    service
    • Less customization needed as Openshift
    evolves
    • E.g. Volume classes in 1.4

    Red Hat at CERN 18/1/2017


    Openshift: integration
    • SDN: use IPSec to protect internal network
    traffic
    • Kubernetes Flexvolume drivers for EOS,
    CVMFS (from cloud team)
    • HAProxy routers:
    • IP affinity, IP filtering
    • Integration with DNS Load Balancing

    Red Hat at CERN 18/1/2017


    Outlook
    • Strategy: centralize web hosting on
    Openshift
    • Route all traffic for “central” web hosting via
    Openshift HAProxy routers
    • Move static/CGI web servers to containers
    • Including IIS when Windows containers possible
    • Containerize applications currently on VMs
    • Within CDA, and enable it for all CERN users

    Red Hat at CERN 18/1/2017


    Questions?

    You might also like