Consule
—————-
1) Traditional method do not resolve the apps name . in this method load balancer can do the resolving but it is in round robin fission. if we did any modification it wont update the dynamical
but console having extra feature where there is a Registry who manage all the app info and availability details.
2)Discovery and service configuration tools
3)Container Pilot should use consul for service management
Nomad
==========
1)for control deployment and scheduler .hcl format.
Service management tool
Nomad should be used for managing the containers on one or more servers / cluster.
Vault
=========
Tool for securely accessing and storing secrets
The new component of AN could make use of the latest technology offer from Cobalt to manage the secret
AN is only planned to development hence it should not adopt to this technology as it will not be accessible in production.
cypherstore–is the authorization used by mon servers.
What is OAuth?
Oauth-token base authentication TTL
OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the initial, related, single logon credential. In authentication parlance, this is known as secure, third-party, user-agent, delegated authorization.
oauth-token base authentication TTL
from apps side app ID is the key and added root token and kept in vault, boot strap method
How MS works
F5
—————–
|Gateway nginx | —->openapi.ariba.com/developer.ariba.com/amu.ariba.com
|- ——————–
| — container Pilot
|
——-
|Console|
——–
|
| Container Pilot
|
|POD-1| Apps/Web–> DB
|POD-2| Apps/Web–> DB
|
|
|
|
POD
============
|Web container —-pod level nginx
|
– java container
– App container
High Level Description
===================================================================
Requeset ====> | InterNet |=====>mu.ariba.com/forms , openapi.ariba.com/developer.ariba.com/
||
||
———-
| FireWall |
———-
||
——————————————————————————————————————-
||Rules lookup /NAT translation –>157.133.209.20.10.xx –>Connection stateupdate —->untranslate and Dispatch to F5||
———————————————————————————————————————–
||
—————————————-
||F5 is a loadbalancer/ Traffice manager ||—–>VIP lookup /connection Lookup/connection state update—> Dispatched to poll mamber
—————————————–
||
||
——————————
|| NGINX ||—> TLS certicate exchange/ IP entered at httpd header
—————————–
||
||
———————————
|| Container || container || –> POD NGINX
——————————-
|| container || container ||
——————————– ====>> Cobalt Infrastructure
|| ||
|| ||
———————————
container pilot
1)Application orchestration platform for containers
2)Container Pilot agent is required for every container in the new component service. Rest of the AN has to look up the component service and communicate using the REST API.
Datadog is use for collect all the alerts from Terraform
J-frog
——–
1)Artifact repository for Cobalt.
2)A new component would publish all the dependent artifacts in the new artifact repository and should not have any shared code with rest of AN. Any common utility or platform components have to be uniformly shared by Component and rest of the AN.
troubleshoot
================
ping app.query –>console service
check
end point group
Netmaster and Netplugin- to managing dyamic environment/ Manage the sercurity avoid collisoin
netmaster provide dyanmic ACI fabric internaly and having all end point iformaton, like policy rules instances.
Need to creat a software defince network under netpluging (IP polling)–> OVS (open view switch)
EPIC -who does centralized configuration management for cobolt environment.
vagrant@app301:~$ docker network ls |grep -i net
NETWORK ID NAME DRIVER SCOPE
78815e7d277c acig-app-epg/MS1-EU1 netplugin global
9973c44adb96 acig-db-epg/MS1-EU1 netplugin global
dd97bff84436 acig-web-epg/MS1-EU1 netplugin global
5efc8409a48e ade-app-epg/MS1-EU1 netplugin global
89127975b29d ade-db-epg/MS1-EU1 netplugin global
034a908fb2d0 ade-web-epg/MS1-EU1 netplugin global
b1a8210635e8 approval-app-epg/MS1-EU1 netplugin global
ebf0fd7c61af approval-db-epg/MS1-EU1 netplugin global
51214a554e5e approval-web-epg/MS1-EU1 netplugin global
c9904a6c73c8 asc-nda-app-epg/MS1-EU1 netplugin global
d817d8a53430 asc-nda-db-epg/MS1-EU1 netplugin global
1e0e04f95c4d asc-nda-web-epg/MS1-EU1 netplugin global
a11a9d726c18 bpm-app-epg/MS1-EU1 netplugin global
Leave a comment