4.4. Cloud Containers
Abstract
Fabric has the capability to create and manage containers running in the cloud. With just a few commands, you can create a complete Fabric, consisting of multiple containers, running in a public or private cloud.
4.4.1. Preparing to use Fabric in the Cloud
Overview
Fabric leverages JClouds to enable Fabric to create new containers in public or private clouds. The Fabric cloud container provider enables you to create new compute instances in the cloud provider of your choice, perform firewall configuration, install prerequisites, install the JBoss Fuse container, and automatically register the new container.
Prerequisites
The prerequisites for creating a cloud container are as follows:
- A valid account with one of the cloud providers implemented by JClouds. The list of cloud providers can be found at JClouds supported providers.NoteIn the context of JClouds, the term supported provider does not imply commercial support for the listed cloud providers. It just indicates that there is an available implementation.
Hybrid clusters
A hybrid cluster is a cluster composed of containers running both on the premises and on a public cloud provider. This special type of cluster has the additional requirement that all containers must be able to connect to the Fabric registry.
In order to satisfy this requirement, you need to make sure that one of the following conditions are met:
- Fabric registry is running inside the public cloud.In this case, local containers will have no problem accessing the registry, as long as they are able to connect to the Internet.
- Cloud and local containers are part of a Virtual Private Network (VPN).If the Fabric registry is running on the premises, the cloud containers will not be able to access the registry, unless you set up a VPN (or make the registry accessible from the Internet, which is not recommended).
- Fabric registry is accessible from the Internet (not recommended).
The easiest approach is to host the registry in the cloud and then configure the cloud's firewall, so that it only allows access from the containers on your premises. By default, Fabric will configure the firewall for you.
Preparation
Before you can start working with cloud containers, you must convert your local container into a Fabric container, by invoking the
fabric:create
command. You cannot access the requisite cloud console commands until you create a Fabric locally.
To create the Fabric container, enter the following console command:
JBossFuse:karaf@root> fabric:create --new-user AdminUser --new-user-password AdminPass --zookeeper-password ZooPass --wait-for-provisioning
The
--new-user
and --new-user-password
options specify the credentials for a new administrator user. The ZooPass
password specifies the password that is used to protect the Zookeeper registry.
Note
If you use a VPN (virtual private network) on your local machine, it is advisable to log off VPN before you create the fabric and to stay logged off while you are using the local container. A local Fabric Server is permanently associated with a fixed IP address or hostname. If VPN is enabled when you create the fabric, the underlying Java runtime is liable to detect and use the VPN hostname instead of your permanent local hostname. This can also be an issue with multi-homed machines. To be absolutely sure about the hostname, you could specify the IP address explicitly—see Chapter 3, Creating a New Fabric.
The next step is to install the console commands that will enable you to administer the cloud. You can do this by adding one of the cloud profiles to your local container. The following cloud profiles are available:
JBossFuse:karaf@root> profile-list [id] [# containers] [parents] ... cloud-aws.ec2 0 cloud-base ... cloud-openstack 0 cloud-base cloud-servers.uk 0 cloud-base cloud-servers.us 0 cloud-base ...
For example, to install the requisite JClouds commands for interacting with the Amazon EC2 cloud, deploy the
cloud-aws.ec2
profile, as follows:
fabric:container-add-profile root cloud-aws.ec2
Where we have assumed that
root
is the name of your local container.
Feature naming convention
The most important ingredient of the
cloud-aws.ec2
profile is the jclouds-aws-ec2
feature, which provides the necessary bundles for interacting with Amazon EC2:
JBossFuse:karaf@root> profile-display cloud-aws.ec2 Profile id: cloud-aws.ec2 Version : 1.0 ... Container settings ---------------------------- Features : jclouds-aws-ec2 ...
Some commonly used cloud providers can be accessed using the following Karaf features:
jclouds-aws-ec2
- Feature for the Amazon EC2 cloud provider.
jclouds-cloudservers-us
- Feature for the Rackspace cloud provider.
In general, the naming convention for cloud provider features is:
jclouds-ProviderID
, where ProviderID
is one of the provider IDs listed in the JClouds supported providers page. Or you can list the available JClouds features using the features:list
command:
features:list | grep jclouds
If you want to add another JClouds feature to your container, add it to a Fabric profile and then deploy the profile to your container (or add the feature to a profile that is already deployed). For example:
fabric:profile-edit --features jclouds-ProviderID MyProfile fabric:container-add-profile root MyProfile
Registering a cloud provider
After installing the required cloud features, you need to register the cloud provider with Fabric, using the
fabric:cloud-service-add
console command (the registration process will store the provider credentials in the Fabric registry, so that they are available from any Fabric container).
You need to obtain a valid identity and credential from your cloud provider, which are not necessarily the same thing as the username and password you obtained upon registration with the provider. Usually, they refer to the credentials you get for using the cloud service from an external API. For example, on Amazon EC2 the requisite credentials can be found on the security credentials page.
For example, to register the Amazon EC2 provider:
fabric:cloud-service-add --name aws-ec2 --provider aws-ec2 --identity AccessKeyID --credential SecretAccessKey
Note
The identifier supplied to the
--name
option is an alias that you use to refer to this registered cloud provider instance. It is possible to register the same cloud provider more than once, with different user accounts. The cloud provider alias thus enables you distinguish between multiple accounts with the same cloud provider.
4.4.2. Administering Cloud Containers
Creating a new fabric in the cloud
To create a fabric in the cloud, invoke the
fabric:container-create-cloud
with the --ensemble-server
option, which creates a new Fabric server. For example, to create a Fabric server on Amazon EC2:
fabric:container-create-cloud --ensemble-server --name aws-ec2 --new-user AdminUser --new-user-password AdminPass --zookeeper-password ZooPass mycontainer
Basic security
When creating a new fabric in the cloud, it is necessary to supply some basic security information to the
fabric:container-create-cloud
command, to ensure that the new fabric is adequately protected. You need to specify the following security data:
- JAAS credentials—the
--new-user
and--new-user-password
options define JAAS credentials for a new user with administrative privileges on the fabric. These credentials can subsequently be used to log on to the JMX port or the SSH port of the newly created Fabric server. - ZooKeeper password—is used to protect the data stored in the ZooKeeper registry in the Fabric server. The only time you will be prompted to enter the ZooKeeper password is when you try to join a container to the fabric using the
fabric:join
command.
Joining a standalone container to the fabric
If you have been using a standalone container (not part of a fabric) to create the fabric in the cloud, it is a good idea to join this container to the newly created fabric, so that you can easily administer the fabric from your local container. To join your local container to the fabric, enter a command like the following:
fabric:join -n --zookeeper-password ZooPass PublicIPAddress
Where
PublicIPAddress
is the public host name or the public IP address of the compute instance that hosts the Fabric server (you can get this address either from the JBoss Fuse console output or from the Amazon EC2 console).
Alternatively, instead of joining your local container to the fabric, you could use the JBoss Fuse client utility to log into the remote Fabric server directly (using the JAAS credentials).
Creating a cloud container
After creating the initial Fabric server (which constitutes the Fabric ensemble), you can use the
fabric:container-create-cloud
command to create new Fabric containers in the cloud. For example to create a container on Amazon EC2:
fabric:container-create-cloud --name aws-ec2 mycontainer
Specifying an image is optional. By default, Fabric tries to find an Ubuntu image for you. You can provide options for the operating system and the O/S version. For example, to choose Centos instead of Ubuntu, you could invoke the
fabric:container-create-cloud
command with the --os-family
option as follows:
fabric:container-create-cloud --name aws-ec2 --os-family centos mycontainer
Or to be even more specific, you can specify the O/S version as well, using the
--os-version
option:
fabric:container-create-cloud --name aws-ec2 --os-family centos --os-version 5 mycontainer
If you need to specify the exact image, use the
--image
option.
fabric:container-create-cloud --name aws-ec2 --image myimageid mycontainer
After creating the new cloud container, the command displays the creation status and some useful information:
Looking up for compute service. Creating 1 nodes in the cloud. Using operating system: ubuntu. It may take a while ... Node fabric-f674a68f has been created. Configuring firewall. Installing fabric agent on container cloud. It may take a while... Overriding resolver to publichostname. [id] [container] [public addresses] [status] us-east-1/i-f674a68f cloud [23.20.114.82] success
Images
Regardless of the way that you specify the image (directly or indirectly), the image needs to have some of the following characteristics:
- Linux O/S
- RedHat or Debian packaging style
- Either no Java installed or Java 1.6+ installed. If there is no Java installed on the image, Fabric will install Java for you. If the wrong Java version is installed, however, the container installation will fail.
If you prefer, you can create your own custom image and use that instead. But this typically requires some additional configuration when you register the cloud provider. For example, on Amazon EC2 you would need to specify the owner ID of the private image when registering the provider:
fabric:cloud-service-add --name aws-ec2 --provider aws-ec2 --identity AccessKeyID --credential SecretAccessKey --owner myownerid
Locations and hardware
Most cloud providers will give you the option to create containers on different locations or using different hardware profiles. You may wonder which are the proper values to use for your provider. Even though Fabric provides completion for all configuration options, you still may want to get a list of them.
To list all of the available locations:
jclouds:location-list
To list all the available hardware profiles:
jclouds:hardware-list
To exploit this information for creating a cloud container, you can specify them as options to the
fabric:container-create-cloud
command. For example:
fabric:container-create-cloud --name aws-ec2 --location eu-west-1 --hardware m2.4xlarge mycontainer