[
https://issues.apache.org/jira/browse/OFBIZ-12757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17687122#comment-17687122
]
Daniel Watford commented on OFBIZ-12757:
----------------------------------------
h2. Progress so far
h3. Access to the VM
I now have SSH and sudo access to ofbiz-vm1.apache.org, the VM used to host the
OFBiz project's demo sites.
(INFRA-24176 and INFRA-24177)
h3. DNS changes
New CNAME entries have been created for the ofbiz.apache.org subdomain,
pointing at the project's VM.
(INFRA-24178)
h3. Puppet changes
h4. Installed packages
The Puppet configuration for ofbiz-vm1.apache.org has been updated to install
_docker-ce._
h4. Apache vhost for exp1.ofbiz.apache.org
Added a vhost entry to the Puppet configuration to reverse-proxy requests via
AJP to localhost:38009.
Also added exp1.ofbiz.apache.org to the list of Subject Alternative Names (SAN)
included in the TLS certificate used by Apache httpd. It is expected that the
domain will be included next time the certificate renews, although we should be
able to trigger an early renewal.
The above Puppet changes where submitted to INFRA in a PR to their private
Puppet repository. Once merged the changes were soon ready on our VM.
h2. Reverse proxy to an AJP connection in a docker container
Today I have tested connectivity from Apache httpd to both a plain Tomcat
container and OFBiz deployed in a container (along with a Postgres container)
with demo data.
It took me a while to realise that inside the Tomcat and OFBiz containers, when
the AJP connection was enabled, tomcat was only listening on the localhost
interface (127.0.0.1). But that meant only processes internal to the container
to access the port.
I needed to amend the configuration of the tomcat container, and the OFBiz
container is subsequent testing, to listed on all network interfaces that
belonged to the container. I could then publish the AJP port (8009) to a
suitable port on the localhost interface of the VM which is accessible by
Apache httpd.
These changes do NOT expose the AJP port outside of the VM.
For info, below is the /opt/exp1/Dockerfile used to build the test Tomcat image:
{code:java}
FROM tomcat
EXPOSE 8009
RUN sed -i '/Define an AJP/ a <Connector protocol="AJP/1.3" port="8009"
secretRequired="false" \
redirectPort="8443" /> ' /usr/local/tomcat/conf/server.xml{code}
And the following command were used to build and run the container:
docker build -t exp1-tomcat .
docker run --rm --detach --publish 38009:8009 --name exp1 exp1-tomcat
At the moment OFBiz is running in a docker container on the host, but some
settings still need to be configured.
You can see that Tomcat is running by visiting [https://exp1.ofbiz.apache.org/]
Those with access to the host can see the docker-compose configuration in
directory /opt/exp1/docker-postgres-ofbiz-main. This deployment is based on
[danwatford/docker-postgres-ofbiz
(github.com)|https://github.com/danwatford/docker-postgres-ofbiz], but should
be considered temporary until we decide how to proceed with building and
deploying containers.
h2. Changes to the proposed approach
Traefik is now out of scope since Apache httpd is already used as the reverse
proxy for ports 80 and 443 on the demo sites VM. Instead a new vhost entry was
added to the Apache httpd configuration.
h2. Potential Issues
Although the VM has low CPU usage, we are now low on RAM.
The VM has 8GB of RAM. Each OFBiz demo deployment (trunk, stable, next) is
using around 2GB each.
Care is being taken to constrain the memory usage of the docker containers as,
since their is no swap space on the VM, exhausting memory will cause processes
to be killed.
Perhaps the project could request a RAM uplift on the box while this experiment
is running.
> Experiment with deploying OFBiz containers to the demo sites server
> -------------------------------------------------------------------
>
> Key: OFBIZ-12757
> URL: https://issues.apache.org/jira/browse/OFBIZ-12757
> Project: OFBiz
> Issue Type: New Feature
> Components: Demo
> Affects Versions: Upcoming Branch
> Reporter: Daniel Watford
> Assignee: Daniel Watford
> Priority: Trivial
>
> This ticket has been created to track and report on progress with deploying
> OFBiz to the demo server (ofbiz-vm1.apache.org) using docker containers.
> The rest of this ticket's description is an excerpt from a message sent to
> the PMC requesting server access and describing the intention behind the
> request. It is included here are it gives an overview of the experiment:
>
> ... I would like to explore the configuration of the VM and experiment with
> hosting an instance of OFBiz in a docker container.
>
> If experimentation with container based deployments of OFBiz demo sites is
> successful, I believe the project could leverage such deployments in future
> to avoid issues around the installed JDK version not being compatible with
> all current demo sites.
> h1. Proposed approach:
> * Create a branch in the ofbiz-framework repository from trunk where
> Dockerfiles and other changes to the build process needed to produce Docker
> containers for demo sites can be implemented.
> * Create one or more CNAME DNS entries, pointing to
> [ofbiz-vm1.apache.org|http://ofbiz-vm1.apache.org/], which can be used to
> access any experimental container-based demo site instances.
> * Deploy Traefik as a reverse proxy to access the experimental demo sites,
> assuming this approach does not conflict with any reverse proxy solution
> already in place on the VM - hence the need to gain access and explore the
> current server configuration.
> * Create build configuration(s) for the new branch to build the
> ofbiz-framework as a container image with pre-loaded demo data, and push the
> container image to an appropriate container repository.
> * Implement scripts at the VM to pull and deploy the latest version of the
> demo container image daily.
> h1. Items to explore/resolve:
> h2. How should we build container images?
> We should be able to use either BuildBot or GitHub Actions for this. I assume
> BuildBot is preferred since we already have builds running in that service
> and it is managed directly by the ASF.
> h2. Where should we store built container images?
> Infra have advised (via Slack) that the ASF has a space within Docker Hub and
> also has an Artifactory instance ([apache.jfrog.io|http://apache.jfrog.io/]).
> It looks like we are free to use either to host container images. I imagine
> we would want to use whichever service helps us manage the lifecycle of
> container images (e.g. expire older images).
> h2. How to create DNS entries?
> I imagine Infra will advise.
> h1. Expected benefits if experiment is successful:
> * All dependencies used by OFBiz, including the JDK, are packaged in the
> container image. We should be able to deploy different instances of OFBiz on
> the same VM without fear of JDK version clash.
> * Act as a catalyst to help the project settle on an approach to
> containerisation and further alter OFBiz to better support container
> deployments.
> * Provide an alternative deployment option for users to deploy and evaluate
> OFBiz.
> * Help committers test PRs:
> ** I often test PRs by creating a trunk container image with demo data
> loaded. From this I then create a second image, specific to the PR under
> test, which is fast to build and load since the bulk of computation and data
> processing has already been handled in the base image. Once testing is
> complete I throw away the second image and can quickly resume work from the
> base image.
> h1. Future work if experiment is successful:
> * Incorporate container build scripts into trunk.
> * Build versions of the OFBiz demo container that include plugins.
> * Start using containers for demo site deployments.
> * Promote containers as a supported deployment mechanism:
> ** Develop guidance for connecting OFBiz containers with external databases.
> ** See this GitHub repository for a setup of OFBiz with PostgreSQL:
> [danwatford/docker-postgres-ofbiz
> (github.com)|https://github.com/danwatford/docker-postgres-ofbiz]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
