Did you know that it's extremely easy to run Infinispan in OpenShift? Infinispan 9.0.0.Alpha4 adds out of the box support for OpenShift (and Kubernetes) discovery!
Our goal
We'd like to build an Infinispan cluster on top of OpenShift and expose a Service for it (you may think about Services as Load Balancers). A Service can be exposed to the outside world using Routes. Finally, we will use REST interface to PUT and GET some data from the cluster.
Accessing the OpenShift cloud
Of course before playing with Infinispan, you will need an OpenShift cluster. There are number of options you can investigate. I will use the simplest path - OpenShift local cluster.
The first step is to download OpenShift Client Tools for your platform. You can find them on OpenShift releases Github page. Once you download and extract the 'oc' binary, make it accessible in your $PATH. I usually copy such things into my '/usr/bin' directory (I'm using Fedora F23).
Once everything is set and done - spin up the cluster:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ oc cluster up | |
| -- Checking Docker client ... OK | |
| -- Checking for existing OpenShift container ... OK | |
| -- Checking for openshift/origin:latest image ... OK | |
| -- Checking Docker daemon configuration ... OK | |
| -- Checking for available ports ... | |
| WARNING: Binding DNS on port 8053 instead of 53, which may be not be resolvable from all clients. | |
| -- Checking type of volume mount ... | |
| Using nsenter mounter for OpenShift volumes | |
| -- Checking Docker version ... OK | |
| -- Creating volume share ... OK | |
| -- Finding server IP ... | |
| Using 192.168.0.17 as the server IP | |
| -- Starting OpenShift container ... | |
| Creating initial OpenShift configuration | |
| Starting OpenShift using container 'origin' | |
| Waiting for API server to start listening | |
| OpenShift server started | |
| -- Installing registry ... OK | |
| -- Installing router ... OK | |
| -- Importing image streams ... OK | |
| -- Importing templates ... OK | |
| -- Login to server ... OK | |
| -- Creating initial project "myproject" ... OK | |
| -- Server Information ... | |
| OpenShift server started. | |
| The server is accessible via web console at: | |
| https://192.168.0.17:8443 | |
| You are logged in as: | |
| User: developer | |
| Password: developer | |
| To login as administrator: | |
| oc login -u system:admin |
Note that you have been automatically logged in as 'developer' and your project has been automatically set to 'myproject'.
Spinning an Infinispan cluster
The first step is to create an Infinispan app:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ oc new-app jboss/infinispan-server | |
| --> Found Docker image 9f3d9bf (13 minutes old) from Docker Hub for "jboss/infinispan-server" | |
| * An image stream will be created as "infinispan-server:latest" that will track this image | |
| * This image will be deployed in deployment config "infinispan-server" | |
| * Ports 11211/tcp, 11222/tcp, 57600/tcp, 7600/tcp, 8080/tcp, 8181/tcp, 8888/tcp, 9990/tcp will be load balanced by service "infinispan-server" | |
| * Other containers can access this service through the hostname "infinispan-server" | |
| --> Creating resources with label app=infinispan-server ... | |
| imagestream "infinispan-server" created | |
| deploymentconfig "infinispan-server" created | |
| service "infinispan-server" created | |
| --> Success | |
| Run 'oc status' to view your app. |
Now you need to modify the Deployment Configuration (use 'oc edit dc/infinispan-server' for this) and tell Infinispan to boot up with Kubernetes' discovery protocol stack by using the proper namespace to look up other nodes (unfortunately this step can not be automated, otherwise a newly created Infinispan node might try to join an existing cluster and this is something you might not want). Here's my modified Deployment Configuration:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: DeploymentConfig | |
| metadata: | |
| name: infinispan-server | |
| namespace: myproject | |
| selfLink: /oapi/v1/namespaces/myproject/deploymentconfigs/infinispan-server | |
| uid: eaf22ecc-5afa-11e6-bcb7-54ee751d46e3 | |
| resourceVersion: '865' | |
| generation: 6 | |
| creationTimestamp: '2016-08-05T10:54:01Z' | |
| labels: | |
| app: infinispan-server | |
| annotations: | |
| openshift.io/generated-by: OpenShiftNewApp | |
| spec: | |
| strategy: | |
| type: Rolling | |
| rollingParams: | |
| updatePeriodSeconds: 1 | |
| intervalSeconds: 1 | |
| timeoutSeconds: 600 | |
| maxUnavailable: 25% | |
| maxSurge: 25% | |
| resources: | |
| triggers: | |
| - | |
| type: ConfigChange | |
| - | |
| type: ImageChange | |
| imageChangeParams: | |
| automatic: true | |
| containerNames: | |
| - infinispan-server | |
| from: | |
| kind: ImageStreamTag | |
| namespace: myproject | |
| name: 'infinispan-server:latest' | |
| lastTriggeredImage: 'jboss/infinispan-server@sha256:52b4fcb1530159176ceb81ea8d9638fa69b8403c8ca5ac8aea1cdbcb645beb9a' | |
| replicas: 1 | |
| test: false | |
| selector: | |
| app: infinispan-server | |
| deploymentconfig: infinispan-server | |
| template: | |
| metadata: | |
| creationTimestamp: null | |
| labels: | |
| app: infinispan-server | |
| deploymentconfig: infinispan-server | |
| annotations: | |
| openshift.io/container.infinispan-server.image.entrypoint: '["docker-entrypoint.sh"]' | |
| openshift.io/generated-by: OpenShiftNewApp | |
| spec: | |
| containers: | |
| - | |
| name: infinispan-server | |
| image: 'jboss/infinispan-server@sha256:52b4fcb1530159176ceb81ea8d9638fa69b8403c8ca5ac8aea1cdbcb645beb9a' | |
| args: | |
| - cloud | |
| - '-Djboss.default.jgroups.stack=kubernetes' | |
| ports: | |
| - | |
| containerPort: 8181 | |
| protocol: TCP | |
| - | |
| containerPort: 8888 | |
| protocol: TCP | |
| - | |
| containerPort: 9990 | |
| protocol: TCP | |
| - | |
| containerPort: 11211 | |
| protocol: TCP | |
| - | |
| containerPort: 11222 | |
| protocol: TCP | |
| - | |
| containerPort: 57600 | |
| protocol: TCP | |
| - | |
| containerPort: 7600 | |
| protocol: TCP | |
| - | |
| containerPort: 8080 | |
| protocol: TCP | |
| env: | |
| - | |
| name: OPENSHIFT_KUBE_PING_NAMESPACE | |
| valueFrom: {fieldRef: {apiVersion: v1, fieldPath: metadata.namespace}} | |
| resources: | |
| terminationMessagePath: /dev/termination-log | |
| imagePullPolicy: Always | |
| restartPolicy: Always | |
| terminationGracePeriodSeconds: 30 | |
| dnsPolicy: ClusterFirst | |
| securityContext: | |
| status: | |
| latestVersion: 5 | |
| observedGeneration: 6 | |
| replicas: 1 | |
| updatedReplicas: 1 | |
| availableReplicas: 1 | |
| details: | |
| causes: | |
| - | |
| type: ConfigChange |
- (lines 58-60) - Modified Infinispan startup parameters by adding image startup arguments.
- (lines 88-90) - JGroups Kubernetes Discovery protocol is instrumented by the Downward API to use current project's namespace.
There is one final step - Kubernetes' PING protocol uses the API to look up other nodes in the Infinispan cluster. By default API access is disabled in OpenShift and needs to be enabled. This can be done by this simple command:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default -n $(oc project -q) |
Now we can redeploy the application (to ensure that all changes were applied) and scale it out (to 3 nodes):
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ oc deploy infinispan-server --latest -n myproject | |
| $ oc scale --replicas=3 dc/infinispan-server | |
| deploymentconfig "infinispan-server" scaled |
Now let's check if everything looks good - you can do it either through the OpenShift web console or by using 'oc get pods' and 'oc logs' commands:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ oc logs infinispan-server-6-lfiy9 | grep -i "Received new cluster view" | |
| 11:45:58,151 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (Incoming-2,infinispan-server-6-lfiy9) ISPN000094: Received new cluster view for channel clustered: [infinispan-server-6-lfiy9|8] (3) [infinispan-server-6-lfiy9, infinispan-server-6-07vtk, infinispan-server-6-6ts14] |
Accessing the cluster
In order to access the Infinispan cluster from the outside world we need a Route:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ oc expose svc/infinispan-server | |
| route "infinispan-server" exposed |
The newly created Route needs small changes - we need to change the target port to 8080 (this is the REST service). The 'oc edit route/infinispan-server' command is perfect for it. Below is my updated configuration:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Route | |
| metadata: | |
| annotations: | |
| openshift.io/host.generated: "true" | |
| creationTimestamp: 2016-08-05T11:57:14Z | |
| labels: | |
| app: infinispan-server | |
| name: infinispan-server | |
| namespace: myproject | |
| resourceVersion: "1373" | |
| selfLink: /oapi/v1/namespaces/myproject/routes/infinispan-server | |
| uid: c00bf8b5-5b03-11e6-bcb7-54ee751d46e3 | |
| spec: | |
| host: infinispan-server-myproject.192.168.0.17.xip.io | |
| port: | |
| targetPort: 8080-tcp | |
| to: | |
| kind: Service | |
| name: infinispan-server | |
| status: | |
| ingress: | |
| - conditions: | |
| - lastTransitionTime: 2016-08-05T11:57:14Z | |
| status: "True" | |
| type: Admitted | |
| host: infinispan-server-myproject.192.168.0.17.xip.io | |
| routerName: router |
- (line 17) - Modified to 8080 TCP port
Testing the setup
You can easily see how to access the cluster by describing the Route:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ oc get route/infinispan-server 1 ↵ | |
| NAME HOST/PORT PATH SERVICE TERMINATION LABELS | |
| infinispan-server infinispan-server-myproject.192.168.0.17.xip.io infinispan-server:7600-tcp app=infinispan-server% |
Now let's try to play with the data:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -X POST -H 'Content-type: text/plain' -d 'test' infinispan-server-myproject.192.168.0.17.xip.io/rest/default/test | |
| $ curl -X GET -H 'Content-type: text/plain' infinispan-server-myproject.192.168.0.17.xip.io/rest/default/test | |
| test% |
Cleaning up
Finally, when you are done with experimenting, you can remove everything using 'oc delete' command:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ oc delete all -l "app=infinispan-server" | |
| imagestream "infinispan-server" deleted | |
| deploymentconfig "infinispan-server" deleted | |
| route "infinispan-server" deleted | |
| service "infinispan-server" deleted | |
| pod "infinispan-server-6-4fdvm" deleted | |
| pod "infinispan-server-6-z686g" deleted |
Conclusion
Running Infinispan cluster inside an OpenShift cloud is really simple. Just 3 steps to remember:
- Create an Infinispan app ('oc new-app')
- Tell it to use Kubernetes JGroups Stack and in which project look for other cluster members ('oc edit dc/infinispan-server')
- Allow access to the OpenShift API ('oc policy add-role-to-user')
Happy scaling!
Seems that the rest service needs authentication now. These additional steps worked for me:
ReplyDelete1) add user and password to the dc env
oc set env dc/infinispan-server APP_USER=open APP_PASS=shift
2) add authentication option to the curl commands:
-u open:shift