Cobalt Environment and work flow

Consule

—————-

1) Traditional method do not resolve the apps name . in this method load balancer can do the resolving but it is in round robin fission. if we did any modification it wont update the dynamical

but console having extra feature where there is a Registry who manage all the app info and availability details.

2)Discovery and service configuration tools

3)Container Pilot should use consul for service management

Nomad

==========

1)for control deployment and scheduler .hcl format.

Service management tool

Nomad should be used for managing the containers on one or more servers / cluster.

Vault

=========

Tool for securely accessing and storing secrets

The new component of AN could make use of the latest technology offer from Cobalt to manage the secret

AN is only planned to development hence it should not adopt to this technology as it will not be accessible in production.

cypherstore–is the authorization used by mon servers.

What is OAuth?

Oauth-token base authentication TTL

OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the initial, related, single logon credential. In authentication parlance, this is known as secure, third-party, user-agent, delegated authorization.

oauth-token base authentication TTL

from apps side  app ID is the key and added root token and kept in vault, boot strap method

How MS works

           F5

      —————–

     |Gateway nginx |    —->openapi.ariba.com/developer.ariba.com/amu.ariba.com

   |-   ——————–

   | —  container Pilot

   |

  ——-

|Console|

  ——–

    |

    |  Container Pilot

    |

   |POD-1| Apps/Web–> DB

   |POD-2| Apps/Web–> DB

      |

      |

      |

      |

     POD

============

        |Web container —-pod level nginx

        |

         –    java container

         –    App container

High Level Description

===================================================================

Requeset ====> | InterNet |=====>mu.ariba.com/forms , openapi.ariba.com/developer.ariba.com/

                                       ||

                                       ||

                                   ———-

                                  | FireWall |

                                   ———-

                                       ||

    ——————————————————————————————————————-

  ||Rules lookup /NAT translation –>157.133.209.20.10.xx –>Connection stateupdate —->untranslate and Dispatch to F5||

———————————————————————————————————————–

                                       ||

                     —————————————-

                    ||F5 is a loadbalancer/ Traffice manager ||—–>VIP lookup /connection Lookup/connection state update—> Dispatched to poll mamber

                     —————————————–

                                       ||

                                       ||

                     ——————————

                    ||      NGINX                ||—> TLS certicate exchange/ IP entered at httpd header

                     —————————–

                                       ||

                                       ||

                        ———————————

                        || Container   || container    ||  –> POD NGINX

                         ——————————-

                        || container   || container    ||

                         ——————————–              ====>> Cobalt Infrastructure

                        ||                             ||

                        ||                             ||

                        ———————————

container pilot

1)Application orchestration platform for containers

2)Container Pilot agent is required for every container in the new component service. Rest of the AN has to look up the component service and communicate using the REST API.

Datadog is use for collect all the  alerts from Terraform

J-frog

——–

1)Artifact repository for Cobalt.

2)A new component would publish all the dependent artifacts in the new artifact repository and should not have any shared code with rest of AN. Any common utility or platform components have to be uniformly shared by Component and rest of the AN.

troubleshoot

================

ping app.query –>console service

check

end point group

Netmaster and Netplugin- to managing dyamic environment/ Manage the sercurity avoid collisoin

netmaster provide dyanmic ACI fabric internaly and having all end point iformaton, like policy rules instances.

Need to creat a software defince network under netpluging (IP polling)–> OVS (open view switch)

EPIC -who does  centralized configuration management for cobolt environment.

vagrant@app301:~$ docker network ls |grep -i net

NETWORK ID          NAME                             DRIVER              SCOPE

78815e7d277c        acig-app-epg/MS1-EU1             netplugin           global

9973c44adb96        acig-db-epg/MS1-EU1              netplugin           global

dd97bff84436        acig-web-epg/MS1-EU1             netplugin           global

5efc8409a48e        ade-app-epg/MS1-EU1              netplugin           global

89127975b29d        ade-db-epg/MS1-EU1               netplugin           global

034a908fb2d0        ade-web-epg/MS1-EU1              netplugin           global

b1a8210635e8        approval-app-epg/MS1-EU1         netplugin           global

ebf0fd7c61af        approval-db-epg/MS1-EU1          netplugin           global

51214a554e5e        approval-web-epg/MS1-EU1         netplugin           global

c9904a6c73c8        asc-nda-app-epg/MS1-EU1          netplugin           global

d817d8a53430        asc-nda-db-epg/MS1-EU1           netplugin           global

1e0e04f95c4d        asc-nda-web-epg/MS1-EU1          netplugin           global

a11a9d726c18        bpm-app-epg/MS1-EU1              netplugin           global