Red Hat Training

A Red Hat training course is available for Red Hat Fuse

3.4. Cloud Containers

Abstract

Fabric has the capability to create and manage containers running in the cloud. With just a few commands, you can create a complete Fabric, consisting of multiple containers, running in a public or private cloud.

3.4.1. Preparing to use Fabric in the Cloud

Overview

Fabric leverages JClouds to enable Fabric to create new containers in public or private clouds. The Fabric cloud container provider enables you to create new compute instances in the cloud provider of your choice, perform firewall configuration, install prerequisites, install the JBoss Fuse container, and automatically register the new container.

Prerequisites

The prerequisites for creating a cloud container are as follows:
  • A valid account with one of the cloud providers implemented by JClouds. The list of cloud providers can be found at JClouds supported providers.
    Note
    In the context of JClouds, the term supported provider does not imply commercial support for the listed cloud providers. It just indicates that there is an available implementation.

Hybrid clusters

A hybrid cluster is a cluster composed of containers running both on the premises and on a public cloud provider. This special type of cluster has the additional requirement that all containers must be able to connect to the Fabric registry.
In order to satisfy this requirement, you need to make sure that one of the following conditions are met:
  • Fabric registry is running inside the public cloud.
    In this case, local containers will have no problem accessing the registry, as long as they are able to connect to the Internet.
  • Cloud and local containers are part of a Virtual Private Network (VPN).
    If the Fabric registry is running on the premises, the cloud containers will not be able to access the registry, unless you set up a VPN (or make the registry accessible from the Internet, which is not recommended).
  • Fabric registry is accessible from the Internet (not recommended).
The easiest approach is to host the registry in the cloud and then configure the cloud's firewall, so that it only allows access from the containers on your premises. By default, Fabric will configure the firewall for you.

Preparation

Before you can start working with cloud containers, you must convert your local container into a Fabric container, by invoking the fabric:create command. You cannot access the requisite cloud console commands until you create a Fabric locally.
To create the Fabric container, enter the following console command: 
JBossFuse:karaf@root> fabric:create --new-user AdminUser --new-user-password AdminPass
  --zookeeper-password ZooPass --wait-for-provisioning
The --new-user and --new-user-password options specify the credentials for a new administrator user. The ZooPass password specifies the password that is used to protect the Zookeeper registry.
Note
If you use a VPN (virtual private network) on your local machine, it is advisable to log off VPN before you create the fabric and to stay logged off while you are using the local container. A local Fabric Server is permanently associated with a fixed IP address or hostname. If VPN is enabled when you create the fabric, the underlying Java runtime is liable to detect and use the VPN hostname instead of your permanent local hostname. This can also be an issue with multi-homed machines. To be absolutely sure about the hostname, you could specify the IP address explicitly—see Chapter 2, Creating a New Fabric.
The next step is to install the console commands that will enable you to administer the cloud. You can do this by adding one of the cloud profiles to your local container. The following cloud profiles are available: 
JBossFuse:karaf@root> profile-list
[id]                                     [# containers] [parents]
...
cloud-aws.ec2                            0              cloud-base
...
cloud-openstack                          0              cloud-base
cloud-servers.uk                         0              cloud-base
cloud-servers.us                         0              cloud-base
...
For example, to install the requisite JClouds commands for interacting with the Amazon EC2 cloud, deploy the cloud-aws.ec2 profile, as follows: 
fabric:container-add-profile root cloud-aws.ec2
Where we have assumed that root is the name of your local container.

Feature naming convention

The most important ingredient of the cloud-aws.ec2 profile is the jclouds-aws-ec2 feature, which provides the necessary bundles for interacting with Amazon EC2: 
JBossFuse:karaf@root> profile-display cloud-aws.ec2 
Profile id: cloud-aws.ec2
Version   : 1.0
...
Container settings
----------------------------
Features : 
	jclouds-aws-ec2
...
Some commonly used cloud providers can be accessed using the following Karaf features:
jclouds-aws-ec2
Feature for the Amazon EC2 cloud provider.
jclouds-cloudservers-us
Feature for the Rackspace cloud provider.
In general, the naming convention for cloud provider features is: jclouds-ProviderID, where ProviderID is one of the provider IDs listed in the JClouds supported providers page. Or you can list the available JClouds features using the features:list command: 
features:list | grep jclouds
If you want to add another JClouds feature to your container, add it to a Fabric profile and then deploy the profile to your container (or add the feature to a profile that is already deployed). For example: 
fabric:profile-edit --features jclouds-ProviderID MyProfile
fabric:container-add-profile root MyProfile

Registering a cloud provider

After installing the required cloud features, you need to register the cloud provider with Fabric, using the fabric:cloud-service-add console command (the registration process will store the provider credentials in the Fabric registry, so that they are available from any Fabric container).
You need to obtain a valid identity and credential from your cloud provider, which are not necessarily the same thing as the username and password you obtained upon registration with the provider. Usually, they refer to the credentials you get for using the cloud service from an external API. For example, on Amazon EC2 the requisite credentials can be found on the security credentials page.
For example, to register the Amazon EC2 provider: 
fabric:cloud-service-add --name aws-ec2 --provider aws-ec2
--identity AccessKeyID --credential SecretAccessKey
Note
The identifier supplied to the --name option is an alias that you use to refer to this registered cloud provider instance. It is possible to register the same cloud provider more than once, with different user accounts. The cloud provider alias thus enables you distinguish between multiple accounts with the same cloud provider.

3.4.2. Administering Cloud Containers

Creating a new fabric in the cloud

To create a fabric in the cloud, invoke the fabric:container-create-cloud with the --ensemble-server option, which creates a new Fabric server. For example, to create a Fabric server on Amazon EC2: 
fabric:container-create-cloud --ensemble-server --name aws-ec2
--new-user AdminUser --new-user-password AdminPass --zookeeper-password ZooPass mycontainer

Basic security

When creating a new fabric in the cloud, it is necessary to supply some basic security information to the fabric:container-create-cloud command, to ensure that the new fabric is adequately protected. You need to specify the following security data:
  • JAAS credentials—the --new-user and --new-user-password options define JAAS credentials for a new user with administrative privileges on the fabric. These credentials can subsequently be used to log on to the JMX port or the SSH port of the newly created Fabric server.
  • ZooKeeper password—is used to protect the data stored in the ZooKeeper registry in the Fabric server. The only time you will be prompted to enter the ZooKeeper password is when you try to join a container to the fabric using the fabric:join command.

Joining a standalone container to the fabric

If you have been using a standalone container (not part of a fabric) to create the fabric in the cloud, it is a good idea to join this container to the newly created fabric, so that you can easily administer the fabric from your local container. To join your local container to the fabric, enter a command like the following: 
fabric:join -n --zookeeper-password ZooPass PublicIPAddress
Where PublicIPAddress is the public host name or the public IP address of the compute instance that hosts the Fabric server (you can get this address either from the JBoss Fuse console output or from the Amazon EC2 console).
Alternatively, instead of joining your local container to the fabric, you could use the JBoss Fuse client utility to log into the remote Fabric server directly (using the JAAS credentials).

Creating a cloud container

After creating the initial Fabric server (which constitutes the Fabric ensemble), you can use the fabric:container-create-cloud command to create new Fabric containers in the cloud. For example to create a container on Amazon EC2: 
fabric:container-create-cloud --name aws-ec2 mycontainer
Specifying an image is optional. By default, Fabric tries to find an Ubuntu image for you. You can provide options for the operating system and the O/S version. For example, to choose Centos instead of Ubuntu, you could invoke the fabric:container-create-cloud command with the --os-family option as follows: 
fabric:container-create-cloud --name aws-ec2 --os-family centos mycontainer
Or to be even more specific, you can specify the O/S version as well, using the --os-version option: 
fabric:container-create-cloud --name aws-ec2 --os-family centos --os-version 5 mycontainer
If you need to specify the exact image, use the --image option. 
fabric:container-create-cloud --name aws-ec2 --image myimageid mycontainer
After creating the new cloud container, the command displays the creation status and some useful information: 
Looking up for compute service.
Creating 1 nodes in the cloud. Using operating system: ubuntu. It may take a while ...
Node fabric-f674a68f has been created.
Configuring firewall.
Installing fabric agent on container cloud. It may take a while...
Overriding resolver to publichostname.
                  [id] [container]                    [public addresses]             [status]
  us-east-1/i-f674a68f cloud                          [23.20.114.82]                 success

Images

Regardless of the way that you specify the image (directly or indirectly), the image needs to have some of the following characteristics:
  • Linux O/S
  • RedHat or Debian packaging style
  • Either no Java installed or Java 1.6+ installed. If there is no Java installed on the image, Fabric will install Java for you. If the wrong Java version is installed, however, the container installation will fail.
If you prefer, you can create your own custom image and use that instead. But this typically requires some additional configuration when you register the cloud provider. For example, on Amazon EC2 you would need to specify the owner ID of the private image when registering the provider: 
fabric:cloud-service-add --name aws-ec2 --provider aws-ec2
--identity AccessKeyID --credential SecretAccessKey --owner myownerid

Locations and hardware

Most cloud providers will give you the option to create containers on different locations or using different hardware profiles. You may wonder which are the proper values to use for your provider. Even though Fabric provides completion for all configuration options, you still may want to get a list of them.
To list all of the available locations: 
jclouds:location-list
To list all the available hardware profiles: 
jclouds:hardware-list
To exploit this information for creating a cloud container, you can specify them as options to the fabric:container-create-cloud command. For example: 
fabric:container-create-cloud --name aws-ec2 --location eu-west-1 --hardware m2.4xlarge mycontainer