The latest articles on Forem by Livio Ribeiro (@livioribeiro). https://forem.com/livioribeiro https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F45935%2F6252251e-5041-4e9f-aa4b-ce785e71f85a.jpeg https://forem.com/livioribeiro en Livio Ribeiro Mon, 04 Aug 2025 22:36:55 +0000 https://forem.com/livioribeiro/return-a-response-or-write-to-the-response-4n7p https://forem.com/livioribeiro/return-a-response-or-write-to-the-response-4n7p <p>In most web frameworks (Spring, Django, FastAPI, Axum) the handlers return an object to the framework that will be used to build the response that is sent to the client.</p> <p>However, the Go lang <code>net/http</code> package uses a different approach: the handlers write data directly into the response and have no return value.</p> <p>I believe that this behavior comes from a time that the most frameworks worked with blocking IO and employed optimizations using queues and threads dedicated to process the responses, so your code would return an object describing the response and the framework would put it in the queue to be processed by a thread.</p> <p>With non-blocking IO, there is no need for these optimizations, since the async runtime already takes care of everything related to IO, allowing handlers to write data directly to the response.</p> <p>So, which is better? Return a response or write to the response?</p> discuss webdev programming backend Livio Ribeiro Sat, 28 Oct 2023 10:12:59 +0000 https://forem.com/livioribeiro/announcing-selva-web-framework-57nj https://forem.com/livioribeiro/announcing-selva-web-framework-57nj <p>I'd like to announce <a href="https://github.com/livioribeiro/selva" rel="noopener noreferrer">Selva web framework</a>!</p> <p>I've been working on it for quite a while, did a lot of back and forth, changed how some things work, then changed back... until I finally felt it was good enough to do a public announcement.</p> <p>The framework uses under the hood another project of mine, <a href="https://pypi.org/project/asgikit/" rel="noopener noreferrer">asgikit</a>, which is a toolkit that provides just the bare minimum to create an asgi application.</p> <h2> Table of Contents </h2> <ul> <li> Quickstart <ul> <li>What's going on?</li> <li>Why is that?</li> </ul> </li> <li> Controllers and handlers <ul> <li>Path and query parameters</li> <li>Request body and Pydantic</li> </ul> </li> <li> Dependency injection <ul> <li>Factory functions</li> </ul> </li> <li> Configuration <ul> <li>Accessing the configuration</li> <li>Typed configuration</li> <li>Configuration profiles</li> </ul> </li> <li>Logging</li> <li>Final words</li> </ul> <h2> Quickstart </h2> <p>First install the required dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>selva uvicorn[standard] </code></pre> </div> <p>Create the <code>application.py</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">asgikit.requests</span> <span class="kn">import</span> <span class="n">Request</span> <span class="kn">from</span> <span class="n">selva.web</span> <span class="kn">import</span> <span class="n">controller</span><span class="p">,</span> <span class="n">get</span> <span class="nd">@controller</span> <span class="k">class</span> <span class="nc">Controller</span><span class="p">:</span> <span class="nd">@get</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">):</span> <span class="n">response</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">response</span> <span class="k">await</span> <span class="n">response</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> <span class="k">await</span> <span class="n">response</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="sh">"</span><span class="s">Hello, World!</span><span class="sh">"</span><span class="p">,</span> <span class="n">end_response</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p>And then run uvicorn:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>uvicorn selva.run:app <span class="nt">--reload</span> </code></pre> </div> <h3> What's going on? </h3> <p>First, you do not need to create an application, you just use <code>selva.run:app</code>. Selva will look for a module or package named <code>application</code> and scan it. Controllers will be registered in the routing system and services will be registered with the dependency injection system. Controllers are also services and take part in the dependency injection system as well.</p> <p>But the most notable difference from other tools is that, in the request handler, instead of returning a response, you write to the response. This behavior comes from <code>asgikit</code> and is similar to how Go's <code>net/http</code> works.</p> <p>Asgikit provides several helper functions to handle common use cases. The example above could be written as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">asgikit.requests</span> <span class="kn">import</span> <span class="n">Request</span> <span class="kn">from</span> <span class="n">asgikit.responses</span> <span class="kn">import</span> <span class="n">respond_text</span> <span class="kn">from</span> <span class="n">selva.web</span> <span class="kn">import</span> <span class="n">controller</span><span class="p">,</span> <span class="n">get</span> <span class="nd">@controller</span> <span class="k">class</span> <span class="nc">Controller</span><span class="p">:</span> <span class="nd">@get</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">):</span> <span class="k">await</span> <span class="nf">respond_text</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">response</span><span class="p">,</span> <span class="sh">"</span><span class="s">Hello, World!</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Why is that? </h3> <p>In the common way of returning a response, extensibility is achieved by extending the usual <code>Response</code> class. Now you have to deal with inheritance and need to know, to some extent, the inner workings of the response class.</p> <p>With the approach used by Asgikit/Selva (which was inspired by Go's <code>net/http</code>), extensibility is achieved through helper functions that only need to know how to write to the response.</p> <p>Reading the request body uses a similar approach, you use helper function, such as <code>asgikit.requests.read_json</code>, to read the request body as json.</p> <h2> Controllers and handlers </h2> <p>Controllers are classes that have methods to handle request. They can be decorated with the path they respond to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">asgikit.requests</span> <span class="kn">import</span> <span class="n">Request</span> <span class="kn">from</span> <span class="n">asgikit.responses</span> <span class="kn">import</span> <span class="n">respond_json</span> <span class="kn">from</span> <span class="n">selva.web</span> <span class="kn">import</span> <span class="n">controller</span><span class="p">,</span> <span class="n">get</span> <span class="nd">@controller</span><span class="p">(</span><span class="sh">"</span><span class="s">api</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Controller</span><span class="p">:</span> <span class="nd">@get</span><span class="p">(</span><span class="sh">"</span><span class="s">hello</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">):</span> <span class="k">await</span> <span class="nf">respond_json</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">response</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Hello, World!</span><span class="sh">"</span><span class="p">})</span> </code></pre> </div> <p>The method hello will respond in the path <code>localhost:8000/api/hello</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ curl http://localhost:8000/api/hello {"message": "Hello, World!"} </code></pre> </div> <h3> Path and query parameters </h3> <p>Path parameters are defined in the handler decorator with the format <code>:parameter</code> to match path segments (between <code>/</code>), or <code>*parameter</code> to match paths with the <code>/</code> character.</p> <p>Parameters can be extracted from the request by annotating the handler function arguments, such as <code>selva.web.FromPath</code> or <code>selva.web.FromQuery</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Annotated</span> <span class="kn">from</span> <span class="n">asgikit.requests</span> <span class="kn">import</span> <span class="n">Request</span> <span class="kn">from</span> <span class="n">asgikit.responses</span> <span class="kn">import</span> <span class="n">respond_json</span> <span class="kn">from</span> <span class="n">selva.web</span> <span class="kn">import</span> <span class="n">controller</span><span class="p">,</span> <span class="n">get</span><span class="p">,</span> <span class="n">FromPath</span><span class="p">,</span> <span class="n">FromQuery</span> <span class="nd">@controller</span><span class="p">(</span><span class="sh">"</span><span class="s">api</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Controller</span><span class="p">:</span> <span class="nd">@get</span><span class="p">(</span><span class="sh">"</span><span class="s">hello/:name</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">hello_path</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">FromPath</span><span class="p">]):</span> <span class="k">await</span> <span class="nf">respond_json</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">response</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Hello, </span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s">!</span><span class="sh">"</span><span class="p">})</span> <span class="nd">@get</span><span class="p">(</span><span class="sh">"</span><span class="s">hello</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">hello_query</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">FromQuery</span><span class="p">]):</span> <span class="k">await</span> <span class="nf">respond_json</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">response</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Hello, </span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s">!</span><span class="sh">"</span><span class="p">})</span> </code></pre> </div> <p>Type conversion is done based on the parameter type and can be extended.</p> <h3> Request body and Pydantic </h3> <p>If you annotate a handler parameter with a type that inherits from <code>pydantic.BaseModel</code>, or a <code>list[pydantic.BaseModel]</code>, Selva will read the request body and parse using the <code>pydantic.BaseModel</code> class from the annotation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span> <span class="kn">from</span> <span class="n">asgikit.requests</span> <span class="kn">import</span> <span class="n">Request</span> <span class="kn">from</span> <span class="n">asgikit.responses</span> <span class="kn">import</span> <span class="n">respond_json</span> <span class="kn">from</span> <span class="n">selva.web</span> <span class="kn">import</span> <span class="n">controller</span><span class="p">,</span> <span class="n">post</span> <span class="k">class</span> <span class="nc">MyModel</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="nb">property</span><span class="p">:</span> <span class="nb">int</span> <span class="nd">@controller</span><span class="p">(</span><span class="sh">"</span><span class="s">api</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Controller</span><span class="p">:</span> <span class="nd">@post</span><span class="p">(</span><span class="sh">"</span><span class="s">post</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="n">model</span><span class="p">:</span> <span class="n">MyModel</span><span class="p">):</span> <span class="k">await</span> <span class="nf">respond_json</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">response</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">model</span><span class="sh">"</span><span class="p">:</span> <span class="n">model</span><span class="p">.</span><span class="nf">model_dump_json</span><span class="p">()})</span> </code></pre> </div> <h2> Dependency injection </h2> <p>Selva comes with a dependency injection system. You just need to decorate your services with <code>@service</code> and annotate the classes where the service will be injected:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Annotated</span> <span class="kn">from</span> <span class="n">asgikit.requests</span> <span class="kn">import</span> <span class="n">Request</span> <span class="kn">from</span> <span class="n">asgikit.responses</span> <span class="kn">import</span> <span class="n">respond_json</span> <span class="kn">from</span> <span class="n">selva.di</span> <span class="kn">import</span> <span class="n">service</span><span class="p">,</span> <span class="n">Inject</span> <span class="kn">from</span> <span class="n">selva.web</span> <span class="kn">import</span> <span class="n">controller</span><span class="p">,</span> <span class="n">get</span><span class="p">,</span> <span class="n">FromPath</span> <span class="nd">@service</span> <span class="k">class</span> <span class="nc">GreeterService</span><span class="p">:</span> <span class="k">def</span> <span class="nf">greet</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Hello, </span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s">!</span><span class="sh">"</span> <span class="nd">@controller</span><span class="p">(</span><span class="sh">"</span><span class="s">api</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Controller</span><span class="p">:</span> <span class="n">greeter</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="n">GreeterService</span><span class="p">,</span> <span class="n">Inject</span><span class="p">]</span> <span class="nd">@get</span><span class="p">(</span><span class="sh">"</span><span class="s">hello/:name</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">FromPath</span><span class="p">]):</span> <span class="n">message</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">greeter</span><span class="p">.</span><span class="nf">greet</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">await</span> <span class="nf">respond_json</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">response</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="n">message</span><span class="p">})</span> </code></pre> </div> <p>Remember that classes decorated with <code>@controller</code> are services too and therefore can inject other services.</p> <h3> Factory functions </h3> <p>Services can also be defined by decorating a function with <code>@service</code>, making them <em>factory functions</em>. The same <code>GreeterService</code> example could be written could be written like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Annotated</span> <span class="kn">from</span> <span class="n">asgikit.requests</span> <span class="kn">import</span> <span class="n">Request</span> <span class="kn">from</span> <span class="n">asgikit.responses</span> <span class="kn">import</span> <span class="n">respond_json</span> <span class="kn">from</span> <span class="n">selva.di</span> <span class="kn">import</span> <span class="n">service</span><span class="p">,</span> <span class="n">Inject</span> <span class="kn">from</span> <span class="n">selva.web</span> <span class="kn">import</span> <span class="n">controller</span><span class="p">,</span> <span class="n">get</span><span class="p">,</span> <span class="n">FromPath</span> <span class="k">class</span> <span class="nc">GreeterService</span><span class="p">:</span> <span class="k">def</span> <span class="nf">greet</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Hello, </span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s">!</span><span class="sh">"</span> <span class="nd">@service</span> <span class="k">def</span> <span class="nf">greeter_service_factory</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="n">GreeterService</span><span class="p">:</span> <span class="k">return</span> <span class="nc">GreeterService</span><span class="p">()</span> <span class="nd">@controller</span><span class="p">(</span><span class="sh">"</span><span class="s">api</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Controller</span><span class="p">:</span> <span class="n">greeter</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="n">GreeterService</span><span class="p">,</span> <span class="n">Inject</span><span class="p">]</span> <span class="nd">@get</span><span class="p">(</span><span class="sh">"</span><span class="s">hello/:name</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">FromPath</span><span class="p">]):</span> <span class="n">message</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">greeter</span><span class="p">.</span><span class="nf">greet</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="k">await</span> <span class="nf">respond_json</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">response</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="n">message</span><span class="p">})</span> </code></pre> </div> <h2> Configuration </h2> <p>Selva uses YAML files the provide configuration settings to the application. These files are located in the <code>configuration</code> directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>project/ ├── application/ │ ├── __init__.py │ ├── controller.py │ └── service.py └── configuration/ ├── settings.yaml ├── settings_dev.yaml └── settings_prod.yaml </code></pre> </div> <p>The settings files are parsed using <a href="https://pypi.org/project/strictyaml/" rel="noopener noreferrer">strictyaml</a>, so only a subset of the yaml spec is used. This decisions is to make the settings files safer to parse and more consistent.</p> <p>Selva provides a way to reference environment variables in the settings files:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">property</span><span class="pi">:</span> <span class="s">${PROPERTY}</span> <span class="na">with_default</span><span class="pi">:</span> <span class="s">${PROPERTY:default}</span> </code></pre> </div> <h3> Accessing the configuration </h3> <p>You can access the configuration by injection the class <code>selva.configuration.Settings</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="c1">## settings.yaml # message: Hello, World! </span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Annotated</span> <span class="kn">from</span> <span class="n">asgikit.requests</span> <span class="kn">import</span> <span class="n">Request</span> <span class="kn">from</span> <span class="n">asgikit.responses</span> <span class="kn">import</span> <span class="n">respond_json</span> <span class="kn">from</span> <span class="n">selva.configuration</span> <span class="kn">import</span> <span class="n">Settings</span> <span class="kn">from</span> <span class="n">selva.di</span> <span class="kn">import</span> <span class="n">Inject</span> <span class="kn">from</span> <span class="n">selva.web</span> <span class="kn">import</span> <span class="n">controller</span><span class="p">,</span> <span class="n">get</span> <span class="nd">@controller</span><span class="p">(</span><span class="sh">"</span><span class="s">api</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Controller</span><span class="p">:</span> <span class="n">settings</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="n">Settings</span><span class="p">,</span> <span class="n">Inject</span><span class="p">]</span> <span class="nd">@get</span><span class="p">(</span><span class="sh">"</span><span class="s">hello</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">):</span> <span class="k">await</span> <span class="nf">respond_json</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">response</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">settings</span><span class="p">.</span><span class="n">message</span><span class="p">})</span> </code></pre> </div> <h3> Typed configuration </h3> <p>You can use Pydantic and the di system to provided typed settings to your services:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="c1">## settings.yaml # application: # value: 42 </span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Annotated</span> <span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span> <span class="kn">from</span> <span class="n">asgikit.requests</span> <span class="kn">import</span> <span class="n">Request</span> <span class="kn">from</span> <span class="n">asgikit.responses</span> <span class="kn">import</span> <span class="n">respond_json</span> <span class="kn">from</span> <span class="n">selva.configuration</span> <span class="kn">import</span> <span class="n">Settings</span> <span class="kn">from</span> <span class="n">selva.di</span> <span class="kn">import</span> <span class="n">service</span><span class="p">,</span> <span class="n">Inject</span> <span class="kn">from</span> <span class="n">selva.web</span> <span class="kn">import</span> <span class="n">controller</span><span class="p">,</span> <span class="n">get</span> <span class="k">class</span> <span class="nc">MySettings</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="nd">@service</span> <span class="k">def</span> <span class="nf">my_settings_factory</span><span class="p">(</span><span class="n">settings</span><span class="p">:</span> <span class="n">Settings</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">MySettings</span><span class="p">:</span> <span class="k">return</span> <span class="n">MySettings</span><span class="p">.</span><span class="nf">model_validate</span><span class="p">(</span><span class="n">settings</span><span class="p">.</span><span class="n">application</span><span class="p">)</span> <span class="nd">@controller</span><span class="p">(</span><span class="sh">"</span><span class="s">api</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Controller</span><span class="p">:</span> <span class="n">settings</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="n">MySettings</span><span class="p">,</span> <span class="n">Inject</span><span class="p">]</span> <span class="nd">@get</span><span class="p">(</span><span class="sh">"</span><span class="s">hello</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">hello</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">):</span> <span class="k">await</span> <span class="nf">respond_json</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">response</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">value</span><span class="sh">"</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">settings</span><span class="p">.</span><span class="n">value</span><span class="p">})</span> </code></pre> </div> <h3> Configuration profiles </h3> <p>We can create different configuration profiles that can be activated by settings the environment variable <code>SELVA_PROFILE</code>. When a profile is set, the framework will look for a file named <code>configuration/settings_${PROFILE}.yaml</code> and merge its settings into the main settings. For example, if we define <code>SELVA_PROFILE=dev</code>, the file <code>configuration/settings_dev.yaml</code> will be loaded.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># settings.yaml</span> <span class="na">property</span><span class="pi">:</span> <span class="s">value</span> <span class="na">mapping</span><span class="pi">:</span> <span class="na">property</span><span class="pi">:</span> <span class="s">nested value</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># settings_dev.yaml</span> <span class="na">dev_property</span><span class="pi">:</span> <span class="s">dev value</span> <span class="na">mapping</span><span class="pi">:</span> <span class="na">property</span><span class="pi">:</span> <span class="s">dev nested value</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># final settings</span> <span class="na">property</span><span class="pi">:</span> <span class="s">value</span> <span class="na">mapping</span><span class="pi">:</span> <span class="na">property</span><span class="pi">:</span> <span class="s">dev nested value</span> <span class="na">dev_property</span><span class="pi">:</span> <span class="s">dev value</span> </code></pre> </div> <h2> Logging </h2> <p>Selva uses <a href="https://pypi.org/project/loguru/" rel="noopener noreferrer">loguru</a> for logging and provides some facilities on top of it: it configures by default an interceptor for the stardand <code>logging</code> module, so all logs go through loguru, and a custom filter that allows settings the log level for individual python packages in the yaml configuration.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># settings.yaml</span> <span class="na">logging</span><span class="pi">:</span> <span class="c1"># log level to be used when not specified by package</span> <span class="na">root</span><span class="pi">:</span> <span class="s">WARNING</span> <span class="c1"># specification of log level by package</span> <span class="na">level</span><span class="pi">:</span> <span class="na">application</span><span class="pi">:</span> <span class="s">ERROR</span> <span class="na">application.service</span><span class="pi">:</span> <span class="s">WARNING</span> <span class="na">sqlalchemy</span><span class="pi">:</span> <span class="s">INFO</span> <span class="na">sqlalchemy.orm</span><span class="pi">:</span> <span class="s">DEBUG</span> </code></pre> </div> <p>If a package has disabled loguru (<code>logger.disable("package")</code>) you can enable it again in the configuration file, and you can disable logging for a package as well:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">logging</span><span class="pi">:</span> <span class="na">enable</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">package</span> <span class="na">disable</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">other_package</span> </code></pre> </div> <h2> Final words </h2> <p>Selva is still in its infancy, and there is work to do, more tests need to be written, documentation can be improved, but I believe it is a great tool and I hope it can have its place in the Python ecosystem.</p> <p>Let me know in the comments what you think about Selva.</p> <p>And by the way, "Selva" is portuguese for "Jungle" :)</p> python development announcement backend Livio Ribeiro Sun, 06 Aug 2023 20:31:08 +0000 https://forem.com/livioribeiro/why-i-prefer-rust-over-go-327i https://forem.com/livioribeiro/why-i-prefer-rust-over-go-327i <p>Recently I decided to learn Go and my first impressions were quite good. Go is a very nice language and easy to get started with. The go routines is probably the best feature of the language and I really wish other languages followed this model. The <code>defer</code> feature is also very nice.</p> <p>However, as I continued learning, some things started feeling odd, some design decisions that looked strange. For example, the only loop construct is <code>for</code>, and there is no way to create a loop that iterates over a sequence of numbers, like <code>for i in range(10)</code> in Python or <code>for i in 0..10</code> in Rust, you have to use a for loop as in C: <code>for i := 0; i &lt;= 10; i++</code>.</p> <p>After a while I realized: Go tries so hard to be like C that it does not even try make improvements that make it look too different than C.</p> <p>Now let's compare the <code>RWMutex</code> from Go with <code>RWLock</code> from Rust:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">lock</span> <span class="o">:=</span> <span class="n">sync</span><span class="o">.</span><span class="n">RWMutex</span><span class="p">{}</span> <span class="n">lock</span><span class="o">.</span><span class="n">RLock</span><span class="p">()</span> <span class="c">// do someting</span> <span class="n">lock</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> </code></pre> </div> <p>This code will compile just fine, but will fail at runtime, because I called <code>lock.Unlock()</code> instead of <code>lock.RUnlock()</code>. You might say that is the developer's fault for no paying attention and calling the wrong method, and you are right, but let's take a look at the equivalent in Rust:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rust"><code><span class="k">let</span> <span class="n">lock</span> <span class="o">=</span> <span class="nn">RwLock</span><span class="p">::</span><span class="nf">new</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="p">{</span> <span class="k">let</span> <span class="n">read</span> <span class="o">=</span> <span class="n">lock</span><span class="nf">.read</span><span class="p">()</span><span class="nf">.unwrap</span><span class="p">();</span> <span class="c1">// do something</span> <span class="p">}</span> </code></pre> </div> <p>First thing we notice is that the <code>RWLock</code> operates with a value, since is very common the use a lock to synchronize access to something. Then we open curly braces to start a scope because <code>lock.read()</code> returns a guard that releases the lock when it goes out of scope, so there is no wrong method to be called. The error handling may look annoying but <a href="https://doc.rust-lang.org/stable/std/sync/struct.RwLock.html#errors" rel="noopener noreferrer">it is there for a reason</a>.</p> <p>For me this design decision for the Go <code>RWMutex</code> seems very strange, it could be much better if <code>RLock</code> returned a handle in which you would call <code>Unlock</code> and I cannot think of any reason for this other than to look more like C.</p> <p>But Rust is not perfect, though, function signatures can become messy, specially with async, and dealing with lifetimes is not fun. And compilation time...</p> <p>I will continue learning Go, it is really a nice language, but I still prefer Rust, I feel much safer with it (pun intended).</p> rust go Livio Ribeiro Fri, 27 Aug 2021 11:47:08 +0000 https://forem.com/livioribeiro/angular-dynamic-settings-4hae https://forem.com/livioribeiro/angular-dynamic-settings-4hae <p>(You can find the code shown here in <a href="https://github.com/livioribeiro/angular-dynamic-settings-example" rel="noopener noreferrer">https://github.com/livioribeiro/angular-dynamic-settings-example</a>)</p> <p>When developing an Angular application, usually your application settings lives in <code>src/environments/environment.ts</code> for development and <code>src/environments/environment.prod.ts</code> for production, and Angular takes care of swapping those during a production build.</p> <p>But if we have another environment, a <em>staging</em> environment, then we have a problem, since we expect to approve the application running in staging and promote the same code to production, but with Angular's approach to configuration we need to run another build to configure our app to production.</p> <p>To overcome this problem, I came up a very simple, yet very effective, strategy:</p> <ul> <li>Load a javascript file before the application starts that will define a settings object in <code>window.$environment</code>. This is essentially the same as <code>environment.ts</code>.</li> <li>In <code>environment.ts</code>, export the object defined in <code>window.$environment</code>.</li> <li>Tell Angular to add the configuration directory to the build output directory.</li> </ul> <p>First we need to create a directory called <code>src/config</code> and put the javascript file <code>environment.js</code> there:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// src/config/environment.js</span> <span class="nb">window</span><span class="p">.</span><span class="nx">$environment</span> <span class="o">=</span> <span class="p">{</span> <span class="na">production</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">api</span><span class="p">:</span> <span class="dl">"</span><span class="s2">dev.my-backend.io</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// and any other configuration that would go in "environment.ts"</span> <span class="p">};</span> </code></pre> </div> <p>And then load the script on <code>index.html</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="cp">&lt;!doctype html&gt;</span> <span class="nt">&lt;html</span> <span class="na">lang=</span><span class="s">"en"</span><span class="nt">&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"utf-8"</span><span class="nt">&gt;</span> <span class="nt">&lt;title&gt;</span>MyApp<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;base</span> <span class="na">href=</span><span class="s">"/"</span><span class="nt">&gt;</span> <span class="nt">&lt;meta</span> <span class="na">name=</span><span class="s">"viewport"</span> <span class="na">content=</span><span class="s">"width=device-width, initial-scale=1"</span><span class="nt">&gt;</span> <span class="nt">&lt;link</span> <span class="na">rel=</span><span class="s">"icon"</span> <span class="na">type=</span><span class="s">"image/x-icon"</span> <span class="na">href=</span><span class="s">"favicon.ico"</span><span class="nt">&gt;</span> <span class="c">&lt;!-- add the following line --&gt;</span> <span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"/config/environment.js"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;app-root&gt;&lt;/app-root&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p>Now, in <code>environment.ts</code>, export the configuration object:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/environments/environment.ts</span> <span class="c1">// this interface is just to making things more typed</span> <span class="kr">interface</span> <span class="nx">Environment</span> <span class="p">{</span> <span class="nl">production</span><span class="p">:</span> <span class="nx">boolean</span><span class="p">;</span> <span class="nl">api</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">environment</span> <span class="o">=</span> <span class="p">(</span><span class="nb">window</span> <span class="k">as</span> <span class="kr">any</span><span class="p">).</span><span class="nx">$environment</span> <span class="k">as</span> <span class="nx">Environment</span><span class="p">;</span> </code></pre> </div> <p>And finally, change <code>angular.json</code> build options, adding <code>"src/config"</code> the the assets, and remove the <code>"fileReplacements"</code> completely. I also changed <code>"outputPath"</code> to just <code>"dist"</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">...</span><span class="w"> </span><span class="nl">"build"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"builder"</span><span class="p">:</span><span class="w"> </span><span class="s2">"@angular-devkit/build-angular:browser"</span><span class="p">,</span><span class="w"> </span><span class="nl">"options"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="s2">"outputPath"</span><span class="w"> </span><span class="err">is</span><span class="w"> </span><span class="err">just</span><span class="w"> </span><span class="s2">"dist"</span><span class="w"> </span><span class="nl">"outputPath"</span><span class="p">:</span><span class="w"> </span><span class="s2">"dist"</span><span class="p">,</span><span class="w"> </span><span class="nl">"index"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/index.html"</span><span class="p">,</span><span class="w"> </span><span class="nl">"main"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/main.ts"</span><span class="p">,</span><span class="w"> </span><span class="nl">"polyfills"</span><span class="p">:</span><span class="w"> </span><span class="s2">"src/polyfills.ts"</span><span class="p">,</span><span class="w"> </span><span class="nl">"tsConfig"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tsconfig.app.json"</span><span class="p">,</span><span class="w"> </span><span class="nl">"assets"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"src/favicon.ico"</span><span class="p">,</span><span class="w"> </span><span class="s2">"src/assets"</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">add</span><span class="w"> </span><span class="err">the</span><span class="w"> </span><span class="err">following</span><span class="w"> </span><span class="s2">"src/config"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"styles"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"src/styles.css"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">[]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"configurations"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"production"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"budgets"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"initial"</span><span class="p">,</span><span class="w"> </span><span class="nl">"maximumWarning"</span><span class="p">:</span><span class="w"> </span><span class="s2">"500kb"</span><span class="p">,</span><span class="w"> </span><span class="nl">"maximumError"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1mb"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"anyComponentStyle"</span><span class="p">,</span><span class="w"> </span><span class="nl">"maximumWarning"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2kb"</span><span class="p">,</span><span class="w"> </span><span class="nl">"maximumError"</span><span class="p">:</span><span class="w"> </span><span class="s2">"4kb"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="s2">"fileReplacements"</span><span class="w"> </span><span class="err">is</span><span class="w"> </span><span class="err">removed</span><span class="w"> </span><span class="nl">"outputHashing"</span><span class="p">:</span><span class="w"> </span><span class="s2">"all"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="err">...</span><span class="w"> </span></code></pre> </div> <p>We can safely remove <code>src/environments/environment.prod.ts</code>, we don't need it anymore.</p> <p>Now we can inject a configuration script instead of doing another build.</p> <p>This approach works great with docker and kubernetes, and we can test it right now!</p> <p>First, we need a Dockerfile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">node:latest</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package.json package-lock.json ./</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>npm run build <span class="k">FROM</span><span class="s"> nginx:latest</span> <span class="k">COPY</span><span class="s"> --from=builder /app/dist/ /usr/share/nginx/html/</span> </code></pre> </div> <p>And a configuration to inject (I called it "environment.js"):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// environment.js</span> <span class="nb">window</span><span class="p">.</span><span class="nx">$environment</span> <span class="o">=</span> <span class="p">{</span> <span class="na">production</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">api</span><span class="p">:</span> <span class="dl">"</span><span class="s2">prod.my-backend.io</span><span class="dl">"</span><span class="p">,</span> <span class="p">};</span> </code></pre> </div> <p>We now build the image and run the container with our new configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker build <span class="nt">-t</span> my-app <span class="nb">.</span> docker run <span class="nt">--name</span> my-app <span class="se">\</span> <span class="nt">-it</span> <span class="nt">--rm</span> <span class="se">\</span> <span class="nt">-p</span> 8080:8080 <span class="se">\</span> <span class="nt">-v</span> <span class="nv">$PWD</span>/environment.js:/usr/share/nginx/html/config/environment.js <span class="se">\</span> my-app </code></pre> </div> <p>With Kubernetes you can use a configmap to store the "environment.js" and mount it as a volume under "/usr/share/nginx/html/config".</p> <p>And that's it! No more rebuilding angular for staging and production!</p> angular webdev devops docker Livio Ribeiro Wed, 23 Jun 2021 11:34:53 +0000 https://forem.com/livioribeiro/fastapi-with-oidc-discovery-4507 https://forem.com/livioribeiro/fastapi-with-oidc-discovery-4507 <p><a href="https://fastapi.tiangolo.com/" rel="noopener noreferrer">FastAPI</a> is a very nice tool for writing web applications in Python, it is very fast and is a joy to use. But saddly it still lacks support for openid-connect discovery, so I cannot simply point to my Keycloak instance and it configures itself.</p> <p>Because of this I wrote <a href="https://github.com/livioribeiro/fastapi-resource-server/" rel="noopener noreferrer">FastAPI Resource Server</a>, a helper that adds support to this scenario: setup issuer address, receive a JWT, validate and decode claims and return claims.</p> <p>Usage is pretty straightforward, install with <code>pip install fastapi-resource-server</code> and configure your application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">Depends</span><span class="p">,</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">Security</span> <span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span> <span class="k">from</span> <span class="n">fastapi_resource_server</span> <span class="n">OidcResourceServer</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="n">auth_scheme</span> <span class="o">=</span> <span class="nc">OidcResourceServer</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://issuer.url</span><span class="sh">"</span><span class="p">,</span> <span class="n">scheme_name</span><span class="o">=</span><span class="sh">"</span><span class="s">My Issuer</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">User</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">sub</span><span class="p">:</span> <span class="nb">str</span> <span class="n">username</span><span class="p">:</span> <span class="nb">str</span> <span class="n">given_name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">family_name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">email</span><span class="p">:</span> <span class="nb">str</span> <span class="k">def</span> <span class="nf">get_current_user</span><span class="p">(</span><span class="n">claims</span><span class="p">:</span> <span class="nb">dict</span> <span class="o">=</span> <span class="nc">Security</span><span class="p">(</span><span class="n">auth_scheme</span><span class="p">)):</span> <span class="n">claims</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">username</span><span class="o">=</span><span class="n">claims</span><span class="p">[</span><span class="sh">"</span><span class="s">preferred_username</span><span class="sh">"</span><span class="p">])</span> <span class="n">user</span> <span class="o">=</span> <span class="n">User</span><span class="p">.</span><span class="nf">parse_obj</span><span class="p">(</span><span class="n">claims</span><span class="p">)</span> <span class="k">return</span> <span class="n">user</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/users/me</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">read_current_user</span><span class="p">(</span><span class="n">current_user</span><span class="p">:</span> <span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)):</span> <span class="k">return</span> <span class="n">current_user</span> </code></pre> </div> <p>Under the hood it will fetch the openid configuration from <code>{issuer_url}/.well-known/openid-configuration</code>, then fetch the jwks from the <code>jwks_uri</code> property and use <a href="https://pypi.org/project/python-jose/" rel="noopener noreferrer">python-jose</a> to decode the JWT.</p> <p>And it works with the swagger ui with no problems.</p> python fastapi authentication openidconnect Livio Ribeiro Mon, 08 Feb 2021 12:09:27 +0000 https://forem.com/livioribeiro/manage-frontend-dependencies-in-python-web-projects-with-frontman-1bo7 https://forem.com/livioribeiro/manage-frontend-dependencies-in-python-web-projects-with-frontman-1bo7 <p>Web applications always need some Javascript and CSS to look good and make user experience better (JQuery and Bootstrap, for instance), but managing all the libraries we need can be a source of trouble, specially when executing CI/CD pipelines.</p> <p>Using npm to declare and retrieve frontend dependencies is a solution, but it is a bit too much if we are not building single page application with Angular or Vuejs, and besides that, it adds one significant dependency that in some cases could be avoided.</p> <p>Because of that, and inspired by <a href="https://docs.microsoft.com/en-us/aspnet/core/client-side/libman" rel="noopener noreferrer">AspNet LibMan</a>, I built <a href="https://github.com/livioribeiro/frontman" rel="noopener noreferrer">FrontMan</a>, a dependency manager written in Python for frontend dependencies that fetches files from CDNs (cdnjs, jsdelivr and unpkg).</p> <p>You can install FrontMan by running <code>pip install frontman</code> (<code>pipenv install --dev frontman</code> for <a href="https://docs.pipenv.org/" rel="noopener noreferrer">Pipenv</a> and <code>poetry add --dev frontman</code> for <a href="https://python-poetry.org/" rel="noopener noreferrer">Poetry</a>)</p> <p>Usage is simple, create a manifest (frontman.json) and execute <code>frontman install</code>.</p> <p>The manifest is a json file like the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"provider"</span><span class="p">:</span><span class="w"> </span><span class="s2">"jsdelivr"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destination"</span><span class="p">:</span><span class="w"> </span><span class="s2">"assets"</span><span class="p">,</span><span class="w"> </span><span class="nl">"packages"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"jquery"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"3.5.1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"provider"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cdnjs"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destination"</span><span class="p">:</span><span class="w"> </span><span class="s2">"jquery"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"jquery.min.js"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"@popperjs/core"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.6.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"dist/umd"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"popper.min.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"rename"</span><span class="p">:</span><span class="w"> </span><span class="s2">"popper.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destination"</span><span class="p">:</span><span class="s2">"popper"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"bootstrap"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"4.6.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"path"</span><span class="p">:</span><span class="w"> </span><span class="s2">"dist"</span><span class="p">,</span><span class="w"> </span><span class="nl">"destination"</span><span class="p">:</span><span class="w"> </span><span class="s2">"bootstrap"</span><span class="p">,</span><span class="w"> </span><span class="nl">"files"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"js/bootstrap.min.js"</span><span class="p">,</span><span class="w"> </span><span class="s2">"css/bootstrap.min.css"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The output will be like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>OK https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js -&gt; assets/jquery/jquery.min.js OK https://cdn.jsdelivr.net/npm/@popperjs/core@2.6.0/dist/umd/popper.min.js -&gt; assets/popper/popper.js OK https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js -&gt; assets/bootstrap/js/bootstrap.min.js OK https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css -&gt; assets/bootstrap/css/bootstrap.min.css </code></pre> </div> <p>After runnig <code>frontman install</code> there will be a file structure like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>assets ├── bootstrap │   ├── css │   │   └── bootstrap.min.css │   └── js │   └── bootstrap.min.js ├── jquery │   └── jquery.min.js └── popper └── popper.js </code></pre> </div> <p>Running the install command again will give the following output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SKIP https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js -&gt; assets/jquery/jquery.min.js SKIP https://cdn.jsdelivr.net/npm/@popperjs/core@2.6.0/dist/umd/popper.min.js -&gt; assets/popper/popper.js SKIP https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js -&gt; assets/bootstrap/js/bootstrap.min.js SKIP https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css -&gt; assets/bootstrap/css/bootstrap.min.css </code></pre> </div> <p>If a file is already downloaded, FrontMan will not download it again, unless you pass the <code>--force</code> flag.</p> <p>I hope you like FrontMan and find it useful.</p> python web javascript css Livio Ribeiro Wed, 06 Jan 2021 19:05:50 +0000 https://forem.com/livioribeiro/trying-hashicorp-nomad-1-0-with-lxd-and-terraform-2489 https://forem.com/livioribeiro/trying-hashicorp-nomad-1-0-with-lxd-and-terraform-2489 <p>A while ago I wrote an article about <a href="https://dev.to/livioribeiro/using-lxd-and-ansible-to-simulate-infrastructure-2g8l">deploying Hashicorp Nomad using LXD and Ansible</a> and since Nomad hit 1.0 I decided to revisit it. It is an interesting and I wanted to try <a href="https://terraform.io" rel="noopener noreferrer">Terraform</a> and learn a bit about it.</p> <p>You can find everything <a href="https://github.com/livioribeiro/nomad-lxd-terraform" rel="noopener noreferrer">in this repository</a>.</p> <p>To deploy the cluster, install Terraform and Packer and then <code>terraform apply</code>.</p> <p>I used <a href="https://packer.io" rel="noopener noreferrer">Packer</a>, another tool from Hashicorp, to create the container images and I also added a Prometheus instance to monitor the Nomad cluster and services. I will probably add Grafana in the future and if you know a good dashboard for Nomad, please share :)</p> <p>Terraform is a great tool, but Ansible is still more flexible, although it can be a bit harder to deal with and sometimes I feel lost in its documentation.</p> <p>Nomad is a good alternative to Kubernetes, specially if you are deploying your own cluster, with focus in simplicity and it is so easy to test it on your own machine.</p> nomad terraform lxd containers Livio Ribeiro Tue, 06 Aug 2019 17:50:11 +0000 https://forem.com/livioribeiro/openshift-behind-a-proxy-with-ssl-termination-4gd8 https://forem.com/livioribeiro/openshift-behind-a-proxy-with-ssl-termination-4gd8 <p>The Openshift Container Platform is a great tool to deploy your applications and services in a container environment: It hides the complexity of Kubernetes and offers many facilities to manage builds, configurations, volumes and environment variables.</p> <p>Everything was fine until I had this weird problem where I could not get Keycloak to work properly. I was unable to authenticate because the service kept telling me that it required HTTPS... and I had HTTPS!</p> <p>In order to track down the problem, I wrote a small service (in <a href="https://www.rust-lang.org/" rel="noopener noreferrer">Rust</a> :) that just returned the HTTP headers it received and the result was like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[other headers] X-Forwarded-Port: 80 X-Forwarded-Proto: http [some more headers] </code></pre> </div> <p>That was strange! The proxy was sending the right <code>X-Forwarded-*</code> headers, but somewhere they were being overwriden!</p> <p>I searched this behavior and found <a href="https://access.redhat.com/solutions/3986281" rel="noopener noreferrer">this anwswer</a> (needs a redhat account to visualize) about changing the openshift router configuration. My solution was a bit different but worked the same.</p> <p>We need to create a custom router configuration according to <a href="https://docs.okd.io/3.11/install_config/router/customized_haproxy_router.html" rel="noopener noreferrer">the documentation</a>. First let's get a copy of the default configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc <span class="nt">-n</span> default rsh dc/router <span class="nb">cat </span>haproxy-config.template <span class="o">&gt;</span> haproxy-config.template </code></pre> </div> <p>Now open the <code>haproxy-config.template</code> file and search for the following text:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="n">http</span>-<span class="n">request</span> <span class="n">set</span>-<span class="n">header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Port</span> %[<span class="n">dst_port</span>] <span class="n">http</span>-<span class="n">request</span> <span class="n">set</span>-<span class="n">header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span> <span class="n">http</span> <span class="n">if</span> !{ <span class="n">ssl_fc</span> } <span class="n">http</span>-<span class="n">request</span> <span class="n">set</span>-<span class="n">header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span> <span class="n">https</span> <span class="n">if</span> { <span class="n">ssl_fc</span> } <span class="n">http</span>-<span class="n">request</span> <span class="n">set</span>-<span class="n">header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span>-<span class="n">Version</span> <span class="n">h2</span> <span class="n">if</span> { <span class="n">ssl_fc_alpn</span> -<span class="n">i</span> <span class="n">h2</span> } </code></pre> </div> <p>These lines above override the <code>X-Forwarded-*</code> headers sent by the proxy. My solution was to add a conditional to only set the headers if they are not present:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="n">http</span>-<span class="n">request</span> <span class="n">set</span>-<span class="n">header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Port</span> %[<span class="n">dst_port</span>] <span class="n">if</span> { <span class="n">req</span>.<span class="n">hdr_cnt</span>(<span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Port</span>) <span class="n">eq</span> <span class="m">0</span> } <span class="n">http</span>-<span class="n">request</span> <span class="n">set</span>-<span class="n">header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span> <span class="n">http</span> <span class="n">if</span> { <span class="n">req</span>.<span class="n">hdr_cnt</span>(<span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span>) <span class="n">eq</span> <span class="m">0</span> } !{ <span class="n">ssl_fc</span> } <span class="n">http</span>-<span class="n">request</span> <span class="n">set</span>-<span class="n">header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span> <span class="n">https</span> <span class="n">if</span> { <span class="n">req</span>.<span class="n">hdr_cnt</span>(<span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span>) <span class="n">eq</span> <span class="m">0</span> } { <span class="n">ssl_fc</span> } <span class="n">http</span>-<span class="n">request</span> <span class="n">set</span>-<span class="n">header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span>-<span class="n">Version</span> <span class="n">h2</span> <span class="n">if</span> { <span class="n">req</span>.<span class="n">hdr_cnt</span>(<span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span>-<span class="n">Version</span>) <span class="n">eq</span> <span class="m">0</span> } { <span class="n">ssl_fc_alpn</span> -<span class="n">i</span> <span class="n">h2</span> } </code></pre> </div> <p>With the file changed, now we can add it to the router:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># create a configmap to hold the file</span> oc <span class="nt">-n</span> default create configmap customrouter <span class="nt">--from-file</span><span class="o">=</span>haproxy-config.template <span class="c"># add the configmap as a volume</span> oc <span class="nt">-n</span> default <span class="nb">set </span>volume dc/router <span class="nt">--add</span> <span class="nt">--overwrite</span> <span class="se">\</span> <span class="nt">--name</span><span class="o">=</span>config-volume <span class="se">\</span> <span class="nt">--mount-path</span><span class="o">=</span>/var/lib/haproxy/conf/custom <span class="se">\</span> <span class="nt">--source</span><span class="o">=</span><span class="s1">'{"configMap": { "name": "customrouter"}}'</span> <span class="c"># set an environment variable to tell the router were to find the configuration</span> oc <span class="nt">-n</span> default <span class="nb">set env </span>dc/router <span class="se">\</span> <span class="nv">TEMPLATE_FILE</span><span class="o">=</span>/var/lib/haproxy/conf/custom/haproxy-config.template </code></pre> </div> <p>After that, Openshift will redeploy the router and the configuration will take effect.</p> openshift router proxy ssl Livio Ribeiro Sun, 04 Aug 2019 21:21:14 +0000 https://forem.com/livioribeiro/solving-minishift-fresh-instance-problems-5a5j https://forem.com/livioribeiro/solving-minishift-fresh-instance-problems-5a5j <p>When I started working with minishift, I did not have much experience with Openshift. I was struggling with some problems and I had no idea what was going on. These were the problems:</p> <ul> <li>Builds failed to push to registry</li> <li>Deployments got stuck when pulling image</li> <li>Could not access an application via a Route</li> <li>Could not log in to the web console as administrator</li> </ul> <p>The first three problems were caused by the "docker-registry" and "router" deployments on the "default" namespace that failed to start.</p> <p>The solution to these problems is quite simple and involve just a few commands on the terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># login first as admin user</span> oc login <span class="nt">-u</span> system:admin <span class="c"># restart "docker-registry"</span> oc <span class="nt">-n</span> default rollout latest dc/docker-registry <span class="c"># restart "router"</span> oc <span class="nt">-n</span> default rollout latest dc/router <span class="c"># allow "admin" user to log in to the web console</span> oc adm policy add-cluster-role-to-user cluster-admin admin </code></pre> </div> <p>Now you can work with minishift with no more problems!</p> kubernetes minishift openshift fix Livio Ribeiro Wed, 05 Dec 2018 01:25:33 +0000 https://forem.com/livioribeiro/using-lxd-and-ansible-to-simulate-infrastructure-2g8l https://forem.com/livioribeiro/using-lxd-and-ansible-to-simulate-infrastructure-2g8l <p>When dealing with software like <a href="https://kubernetes.io/" rel="noopener noreferrer">Kubernetes</a>, <a href="https://www.okd.io/" rel="noopener noreferrer">Openshift</a> and <a href="https://rancher.com/" rel="noopener noreferrer">Rancher</a>, it may be challenging to test an application locally. It is true that we have tools like <a href="https://github.com/kubernetes/minikube" rel="noopener noreferrer">minikube</a> and <a href="https://www.okd.io/minishift/" rel="noopener noreferrer">minishift</a>, but if we are working with the infrastructure, simulating a cluster with virtual machines can quickly consume all our available RAM.</p> <p><a href="https://linuxcontainers.org/lxd/" rel="noopener noreferrer">LXD</a> can help solve the memory problem by using containers as if they were full blown virtual machines! Unlike Docker, which uses containers to run a single process until it finishes, LXD uses containers to spawn an operating system image and use it as a complete server.</p> <p>To install LXD you can follow the <a href="https://linuxcontainers.org/lxd/getting-started-cli/" rel="noopener noreferrer">instructions on the official website</a>, but after installing we have to initialize it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># The default values are good enough</span> <span class="nv">$ </span><span class="nb">sudo </span>lxd init </code></pre> </div> <p>If you followed the <a href="https://linuxcontainers.org/lxd/getting-started-cli/" rel="noopener noreferrer">getting started</a>, you may have created some containers using the cli, but now comes the interesting part: We can use <a href="https://www.ansible.com/" rel="noopener noreferrer">Ansible</a> to automate the creation and provisioning of our servers!</p> <p>To our LXD/Ansible project we are going to create a <a href="https://www.nomadproject.io/" rel="noopener noreferrer">Nomad</a> cluster with <a href="https://www.consul.io/" rel="noopener noreferrer">Consul</a> and <a href="https://traefik.io/" rel="noopener noreferrer">Traefik</a>.</p> <p>I chose Nomad because of its simplicity and versatility: it can run services as docker containers, like Kubernetes, but also java applications and any executable available in the host, isolated using the operating system resources (e.g. cgroups, namespaces and chroot on linux). You can <a href="https://www.nomadproject.io/docs/drivers/index.html" rel="noopener noreferrer">see in the documentation</a> what Nomad is able to run.</p> <p>Consul is used by Nomad for service discovery, key-value storage and to bootstrap the cluster. Nomad can also run without Consul.</p> <p>Traefik will proxy requests to the services deployed in the cluster. It will use Consul service catalog as the configuration backend, so the routes to services will be automatically configured.</p> <p>The completed tutorial can be found <a href="https://github.com/livioribeiro/nomad-lxd-ansible" rel="noopener noreferrer">in this repository</a>.</p> <h2> Index </h2> <ul> <li>step 0: Planning</li> <li>step 1: Consul</li> <li>step 2: Nomad</li> <li>step 3: Traefik</li> <li>step 4: Deploying Services</li> <li>Conclusion</li> </ul> <h2> step 0: Planning </h2> <p>Our cluster will need the following:</p> <ul> <li>3 Consul nodes operating in server mode <ul> <li>consul1: <code>10.99.0.101</code> </li> <li>consul2: <code>10.99.0.102</code> </li> <li>consul3: <code>10.99.0.103</code> </li> </ul> </li> <li>3 Nomad nodes operating in server mode <ul> <li>nomad-server1: <code>10.99.0.111</code> </li> <li>nomad-server2: <code>10.99.0.112</code> </li> <li>nomad-server3: <code>10.99.0.113</code> </li> </ul> </li> <li>3 Nomad nodes operating in client mode <ul> <li>nomad-client1: <code>10.99.0.121</code> </li> <li>nomad-client2: <code>10.99.0.122</code> </li> <li>nomad-client3: <code>10.99.0.123</code> </li> <li>The nomad clients will docker and openjdk installed</li> </ul> </li> <li>1 Traefik node <ul> <li>proxy: <code>10.99.0.100</code> </li> </ul> </li> </ul> <p>All non Consul nodes will have Consul operating in client node.</p> <p>And for ansible, we will create a project with the following structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>~/projects/nomad-lxd-ansible ├── cache/ ├── inventory/ │ └── hosts ├── roles/ ├── ansible.cfg └── playbook.yml </code></pre> </div> <p>This structure can be created with the following commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> ~/projects/nomad-lxd-ansible <span class="nb">cd</span> ~/projects/nomad-lxd-ansible <span class="nb">mkdir </span>cache inventory roles <span class="nb">touch </span>ansible.cfg playboook.yml inventory/hosts </code></pre> </div> <p>With the <code>cache</code> directory, we will download the Consul, Nomad and Traefik binaries only once in the host. This way, we avoid downloading again in every host.</p> <p>In <code>ansible.cfg</code> we will tell ansible to use our inventory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="c"># ansible.cfg </span><span class="nn">[defaults]</span> <span class="py">inventory</span> <span class="p">=</span> <span class="s">inventory</span> </code></pre> </div> <p>Add our cluster nodes to the inventory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="c"># inventory/hosts </span><span class="err">proxy</span> <span class="py">ip_address</span><span class="p">=</span><span class="s">10.99.0.100</span> <span class="nn">[consul_servers]</span> <span class="err">consul1</span> <span class="py">ip_address</span><span class="p">=</span><span class="s">10.99.0.101</span> <span class="err">consul2</span> <span class="py">ip_address</span><span class="p">=</span><span class="s">10.99.0.102</span> <span class="err">consul3</span> <span class="py">ip_address</span><span class="p">=</span><span class="s">10.99.0.103</span> <span class="nn">[nomad_servers]</span> <span class="err">nomad-server1</span> <span class="py">ip_address</span><span class="p">=</span><span class="s">10.99.0.111</span> <span class="err">nomad-server2</span> <span class="py">ip_address</span><span class="p">=</span><span class="s">10.99.0.112</span> <span class="err">nomad-server3</span> <span class="py">ip_address</span><span class="p">=</span><span class="s">10.99.0.113</span> <span class="nn">[nomad_clients]</span> <span class="err">nomad-client1</span> <span class="py">ip_address</span><span class="p">=</span><span class="s">10.99.0.121</span> <span class="err">nomad-client2</span> <span class="py">ip_address</span><span class="p">=</span><span class="s">10.99.0.122</span> <span class="err">nomad-client3</span> <span class="py">ip_address</span><span class="p">=</span><span class="s">10.99.0.123</span> <span class="nn">[all:vars]</span> <span class="py">ansible_connection</span><span class="p">=</span><span class="s">lxd</span> <span class="py">ansible_python_interpreter</span><span class="p">=</span><span class="s">/usr/bin/python3</span> </code></pre> </div> <p>The <code>ip_address</code> variable will be referenced in the playbook.</p> <p>And to create the containers, add the following to <code>playbook.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># playbook.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">localhost</span> <span class="c1"># run this task in the host</span> <span class="na">connection</span><span class="pi">:</span> <span class="s">local</span> <span class="na">tasks</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create containers</span> <span class="c1"># get all host names from inventory</span> <span class="na">loop</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">groups['all']</span><span class="nv"> </span><span class="s">}}"</span> <span class="c1"># use lxd_container module from ansible to create containers</span> <span class="na">lxd_container</span><span class="pi">:</span> <span class="c1"># container name is the hostname</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">started</span> <span class="na">source</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">image</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">pull</span> <span class="na">server</span><span class="pi">:</span> <span class="s">https://images.linuxcontainers.org</span> <span class="na">alias</span><span class="pi">:</span> <span class="s">ubuntu/bionic/amd64</span> <span class="na">config</span><span class="pi">:</span> <span class="c1"># nomad clients need some privileges to be able to run docker containers</span> <span class="na">security.nesting</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">'true'</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">['nomad-client1',</span><span class="nv"> </span><span class="s">'nomad-client2',</span><span class="nv"> </span><span class="s">'nomad-client3']</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">'false'</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">security.privileged</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">'true'</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">['nomad-client1',</span><span class="nv"> </span><span class="s">'nomad-client2',</span><span class="nv"> </span><span class="s">'nomad-client3']</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">'false'</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">devices</span><span class="pi">:</span> <span class="c1"># configure network interface</span> <span class="na">eth0</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">nic</span> <span class="na">nictype</span><span class="pi">:</span> <span class="s">bridged</span> <span class="na">parent</span><span class="pi">:</span> <span class="s">lxdbr0</span> <span class="c1"># get ip address from inventory</span> <span class="na">ipv4.address</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">hostvars[item].ip_address</span><span class="nv"> </span><span class="s">}}"</span> <span class="c1"># # uncomment if you installed lxd using snap</span> <span class="c1"># url: unix:/var/snap/lxd/common/lxd/unix.socket</span> </code></pre> </div> <p>Now run <code>ansible-playbook playbook.yml</code> to create our nodes with lxd.</p> <h2> step 1: Consul </h2> <p>Let's tell ansible to download and setup Consul.</p> <p>Edit the playbook to be as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># playbook.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">localhost</span> <span class="c1"># run this task in the host</span> <span class="na">connection</span><span class="pi">:</span> <span class="s">local</span> <span class="c1"># set urls as variables</span> <span class="na">vars</span><span class="pi">:</span> <span class="na">consul_version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.4.0"</span> <span class="na">consul_url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://releases.hashicorp.com/consul/{{</span><span class="nv"> </span><span class="s">consul_version</span><span class="nv"> </span><span class="s">}}/consul_{{</span><span class="nv"> </span><span class="s">consul_version</span><span class="nv"> </span><span class="s">}}_linux_amd64.zip"</span> <span class="na">tasks</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create containers</span> <span class="c1"># get all host names from inventory</span> <span class="na">loop</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">groups['all']</span><span class="nv"> </span><span class="s">}}"</span> <span class="c1"># use lxd_container module from ansible to create containers</span> <span class="na">lxd_container</span><span class="pi">:</span> <span class="c1"># container name is the hostname</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">started</span> <span class="na">source</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">image</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">pull</span> <span class="na">server</span><span class="pi">:</span> <span class="s">https://images.linuxcontainers.org</span> <span class="na">alias</span><span class="pi">:</span> <span class="s">ubuntu/bionic/amd64</span> <span class="na">config</span><span class="pi">:</span> <span class="c1"># nomad clients need some privileges to be able to run docker containers</span> <span class="na">security.nesting</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">'true'</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">['nomad-client1',</span><span class="nv"> </span><span class="s">'nomad-client2',</span><span class="nv"> </span><span class="s">'nomad-client3']</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">'false'</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">security.privileged</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">'true'</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">['nomad-client1',</span><span class="nv"> </span><span class="s">'nomad-client2',</span><span class="nv"> </span><span class="s">'nomad-client3']</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">'false'</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">devices</span><span class="pi">:</span> <span class="c1"># configure network interface</span> <span class="na">eth0</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">nic</span> <span class="na">nictype</span><span class="pi">:</span> <span class="s">bridged</span> <span class="na">parent</span><span class="pi">:</span> <span class="s">lxdbr0</span> <span class="c1"># get ip address from inventory</span> <span class="na">ipv4.address</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">hostvars[item].ip_address</span><span class="nv"> </span><span class="s">}}"</span> <span class="c1"># # uncomment if you installed lxd using snap</span> <span class="c1"># url: unix:/var/snap/lxd/common/lxd/unix.socket</span> <span class="c1"># ensure cache directory exists</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create cache directory</span> <span class="na">file</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">cache</span> <span class="na">state</span><span class="pi">:</span> <span class="s">directory</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fetch applications</span> <span class="na">unarchive</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">item.url</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">cache</span> <span class="na">creates</span><span class="pi">:</span> <span class="s2">"</span><span class="s">cache/{{</span><span class="nv"> </span><span class="s">item.file</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">remote_src</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">loop</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">consul_url</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">file</span><span class="pi">:</span> <span class="s">consul</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">consul_servers</span> <span class="na">roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul_server</span> </code></pre> </div> <p>The hosts belonging to the <code>consul_servers</code> group will have the role <code>consul_server</code>. We will also create another role called <code>consul_service</code> that will copy the consul binary to the host and setup the service. We split the role this way in order to have a role <code>consul_client</code> that also needs consul binary and service, but with different configuration.</p> <p>Roles are located under the <code>roles</code> directory, and for the three roles for Consul we will have the following structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>roles/ ├── consul_client │   ├── tasks │   │   └── main.yml │   └── templates │   └── consul.hcl.j2 ├── consul_server │   ├── tasks │   │   └── main.yml │   └── templates │   └── consul.hcl.j2 └── consul_service    ├── files    │   └── consul.service    └── tasks    └── main.yml </code></pre> </div> <p>You can create the structure with the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> <span class="se">\</span> roles/consul_service/tasks <span class="se">\</span> roles/consul_service/files <span class="se">\</span> roles/consul_server/tasks <span class="se">\</span> roles/consul_server/templates <span class="se">\</span> roles/consul_client/tasks <span class="se">\</span> roles/consul_client/templates <span class="se">\</span> <span class="o">&amp;&amp;</span> <span class="nb">touch</span> <span class="se">\</span> roles/consul_service/tasks/main.yml <span class="se">\</span> roles/consul_service/files/consul.service <span class="se">\</span> roles/consul_server/tasks/main.yml <span class="se">\</span> roles/consul_server/templates/consul.hcl.j2 <span class="se">\</span> roles/consul_client/tasks/main.yml <span class="se">\</span> roles/consul_client/templates/consul.hcl.j2 </code></pre> </div> <h3> Role: consul_service </h3> <p>Edit <code>roles/consul_service/tasks/main.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># roles/consul_service/tasks/main.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">install consul</span> <span class="na">copy</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">cache/consul</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/usr/local/bin/</span> <span class="na">mode</span><span class="pi">:</span> <span class="m">0755</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create consul service</span> <span class="na">copy</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">consul.service</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/etc/systemd/system/</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create consul directories</span> <span class="na">file</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">directory</span> <span class="na">loop</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/etc/consul.d</span> <span class="pi">-</span> <span class="s">/var/consul</span> </code></pre> </div> <p>Edit <code>roles/consul_service/files/consul.service</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="c"># roles/consul_service/files/consul.service </span><span class="nn">[Unit]</span> <span class="py">Description</span><span class="p">=</span><span class="s">"HashiCorp Consul - A service mesh solution"</span> <span class="py">Documentation</span><span class="p">=</span><span class="s">https://www.consul.io/</span> <span class="py">Requires</span><span class="p">=</span><span class="s">network-online.target</span> <span class="py">After</span><span class="p">=</span><span class="s">network-online.target</span> <span class="py">ConditionFileNotEmpty</span><span class="p">=</span><span class="s">/etc/consul.d/consul.hcl</span> <span class="nn">[Service]</span> <span class="py">Restart</span><span class="p">=</span><span class="s">on-failure</span> <span class="py">ExecStart</span><span class="p">=</span><span class="s">/usr/local/bin/consul agent -config-dir=/etc/consul.d</span> <span class="py">ExecReload</span><span class="p">=</span><span class="s">/usr/local/bin/consul reload</span> <span class="py">KillMode</span><span class="p">=</span><span class="s">process</span> <span class="py">Restart</span><span class="p">=</span><span class="s">on-failure</span> <span class="py">LimitNOFILE</span><span class="p">=</span><span class="s">65536</span> <span class="nn">[Install]</span> <span class="py">WantedBy</span><span class="p">=</span><span class="s">multi-user.target</span> </code></pre> </div> <h3> Role: consul_server </h3> <p>Edit <code>roles/consul_server/tasks/main.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># roles/consul_server/tasks/main.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">import_role</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">consul_service</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">copy consul config</span> <span class="na">template</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">consul.hcl.j2</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/etc/consul.d/consul.hcl</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">start consul</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">consul</span> <span class="na">state</span><span class="pi">:</span> <span class="s">restarted</span> <span class="na">enabled</span><span class="pi">:</span> <span class="s">yes</span> </code></pre> </div> <p>Edit <code>roles/consul_server/templates/consul.hcl.j2</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jinja"><code># roles/consul_server/templates/consul.hcl.j2 data_dir = "/var/consul" server = true advertise_addr = "<span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>" client_addr = "127.0.0.1 <span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>" enable_script_checks = true <span class="cp">{%</span> <span class="k">if</span> <span class="nv">ansible_hostname</span> <span class="o">==</span> <span class="s1">'consul1'</span> <span class="o">-</span><span class="cp">%}</span> ui = true bootstrap_expect = 3 <span class="cp">{%</span> <span class="k">else</span> <span class="o">-</span><span class="cp">%}</span> retry_join = [ "<span class="cp">{{</span> <span class="nv">hostvars.consul1.ansible_hostname</span> <span class="cp">}}</span>" ] <span class="cp">{%</span> <span class="k">endif</span> <span class="cp">%}</span> </code></pre> </div> <h3> Role: consul_client </h3> <p>Edit <code>roles/consul_client/tasks/main.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># roles/consul_client/tasks/main.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">import_role</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">consul_service</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">copy consul config</span> <span class="na">template</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">consul.hcl.j2</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/etc/consul.d/consul.hcl</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">start consul</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">consul</span> <span class="na">state</span><span class="pi">:</span> <span class="s">restarted</span> <span class="na">enabled</span><span class="pi">:</span> <span class="s">yes</span> </code></pre> </div> <p>Edit <code>roles/consul_client/templates/consul.hcl.j2</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jinja"><code># roles/consul_client/templates/consul.hcl.j2 data_dir = "/var/consul" server = false advertise_addr = "<span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>" client_addr = "127.0.0.1 <span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>" enable_script_checks = true retry_join = [ "<span class="cp">{{</span> <span class="nv">hostvars.consul1.ansible_hostname</span> <span class="cp">}}</span>" ] </code></pre> </div> <h2> step 2: Nomad </h2> <p>Nomad setup will be very similar to Consul.</p> <p>Edit the playbook to include Nomad:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># playbook.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">localhost</span> <span class="c1"># run this task in the host</span> <span class="na">connection</span><span class="pi">:</span> <span class="s">local</span> <span class="c1"># set urls as variables</span> <span class="na">vars</span><span class="pi">:</span> <span class="na">consul_version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.4.0"</span> <span class="na">nomad_version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.8.6"</span> <span class="na">consul_url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://releases.hashicorp.com/consul/{{</span><span class="nv"> </span><span class="s">consul_version</span><span class="nv"> </span><span class="s">}}/consul_{{</span><span class="nv"> </span><span class="s">consul_version</span><span class="nv"> </span><span class="s">}}_linux_amd64.zip"</span> <span class="na">nomad_url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://releases.hashicorp.com/nomad/{{</span><span class="nv"> </span><span class="s">nomad_version</span><span class="nv"> </span><span class="s">}}/nomad_{{</span><span class="nv"> </span><span class="s">nomad_version</span><span class="nv"> </span><span class="s">}}_linux_amd64.zip"</span> <span class="na">tasks</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create containers</span> <span class="c1"># get all host names from inventory</span> <span class="na">loop</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">groups['all']</span><span class="nv"> </span><span class="s">}}"</span> <span class="c1"># use lxd_container module from ansible to create containers</span> <span class="na">lxd_container</span><span class="pi">:</span> <span class="c1"># container name is the hostname</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">started</span> <span class="na">source</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">image</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">pull</span> <span class="na">server</span><span class="pi">:</span> <span class="s">https://images.linuxcontainers.org</span> <span class="na">alias</span><span class="pi">:</span> <span class="s">ubuntu/bionic/amd64</span> <span class="na">config</span><span class="pi">:</span> <span class="c1"># nomad clients need some privileges to be able to run docker containers</span> <span class="na">security.nesting</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">'true'</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">['nomad-client1',</span><span class="nv"> </span><span class="s">'nomad-client2',</span><span class="nv"> </span><span class="s">'nomad-client3']</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">'false'</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">security.privileged</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">'true'</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">['nomad-client1',</span><span class="nv"> </span><span class="s">'nomad-client2',</span><span class="nv"> </span><span class="s">'nomad-client3']</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">'false'</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">devices</span><span class="pi">:</span> <span class="c1"># configure network interface</span> <span class="na">eth0</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">nic</span> <span class="na">nictype</span><span class="pi">:</span> <span class="s">bridged</span> <span class="na">parent</span><span class="pi">:</span> <span class="s">lxdbr0</span> <span class="c1"># get ip address from inventory</span> <span class="na">ipv4.address</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">hostvars[item].ip_address</span><span class="nv"> </span><span class="s">}}"</span> <span class="c1"># uncomment if you installed lxd using snap</span> <span class="na">url</span><span class="pi">:</span> <span class="s">unix:/var/snap/lxd/common/lxd/unix.socket</span> <span class="c1"># ensure cache directory exists</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create cache directory</span> <span class="na">file</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">path</span><span class="pi">:</span> <span class="nv">cache</span><span class="pi">,</span> <span class="nv">state</span><span class="pi">:</span> <span class="nv">directory</span> <span class="pi">}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fetch applications</span> <span class="na">unarchive</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">item.url</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">cache</span> <span class="na">creates</span><span class="pi">:</span> <span class="s2">"</span><span class="s">cache/{{</span><span class="nv"> </span><span class="s">item.file</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">remote_src</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">loop</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">consul_url</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">file</span><span class="pi">:</span> <span class="s">consul</span> <span class="pi">-</span> <span class="na">url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">nomad_url</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">file</span><span class="pi">:</span> <span class="s">nomad</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">consul_servers</span> <span class="na">roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul_server</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">nomad_servers</span> <span class="na">roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul_client</span> <span class="pi">-</span> <span class="s">nomad_server</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">nomad_clients</span> <span class="na">roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul_client</span> <span class="pi">-</span> <span class="s">nomad_client</span> </code></pre> </div> <p>Similarly to Consul, we will have the roles <code>nomad_service</code>, <code>nomad_server</code> and <code>nomad_client</code>. But now we have two groups, <code>nomad_servers</code> and <code>nomad_clients</code>, each having its respective role, but both having the <code>consul_client</code> role.</p> <p>We will also have a similar structure for the nomad roles:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>roles/ ├── nomad_client │ ├── tasks │ │ └── main.yml │ └── templates │ └── nomad.hcl.j2 ├── nomad_server │ ├── tasks │ │ └── main.yml │ └── templates │ └── nomad.hcl.j2 └── nomad_service ├── files │ └── nomad.service └── tasks └── main.yml </code></pre> </div> <p>We can create this structure with the following commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> <span class="se">\</span> roles/nomad_service/tasks <span class="se">\</span> roles/nomad_service/files <span class="se">\</span> roles/nomad_server/tasks <span class="se">\</span> roles/nomad_server/templates <span class="se">\</span> roles/nomad_client/tasks <span class="se">\</span> roles/nomad_client/templates <span class="se">\</span> <span class="o">&amp;&amp;</span> <span class="nb">touch</span> <span class="se">\</span> roles/nomad_service/tasks/main.yml <span class="se">\</span> roles/nomad_service/files/nomad.service <span class="se">\</span> roles/nomad_server/tasks/main.yml <span class="se">\</span> roles/nomad_server/templates/nomad.hcl.j2 <span class="se">\</span> roles/nomad_client/tasks/main.yml <span class="se">\</span> roles/nomad_client/templates/nomad.hcl.j2 </code></pre> </div> <h3> Role: nomad_service </h3> <p>Edit <code>roles/nomad_service/tasks/main.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># roles/nomad_service/tasks/main.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">install nomad</span> <span class="na">copy</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">cache/nomad</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/usr/local/bin/</span> <span class="na">mode</span><span class="pi">:</span> <span class="m">0755</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create nomad service</span> <span class="na">copy</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">nomad.service</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/etc/systemd/system/</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create nomad directories</span> <span class="na">file</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">directory</span> <span class="na">loop</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/etc/nomad.d</span> <span class="pi">-</span> <span class="s">/var/nomad</span> </code></pre> </div> <p>Edit <code>roles/nomad_service/files/nomad.service</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="c"># roles/nomad_service/files/nomad.service </span><span class="nn">[Unit]</span> <span class="py">Description</span><span class="p">=</span><span class="s">"HashiCorp Nomad - Application scheduler"</span> <span class="py">Documentation</span><span class="p">=</span><span class="s">https://www.nomadproject.io/</span> <span class="py">Requires</span><span class="p">=</span><span class="s">network-online.target</span> <span class="py">After</span><span class="p">=</span><span class="s">network.target</span> <span class="py">ConditionFileNotEmpty</span><span class="p">=</span><span class="s">/etc/nomad.d/nomad.hcl</span> <span class="nn">[Service]</span> <span class="py">Restart</span><span class="p">=</span><span class="s">on-failure</span> <span class="py">ExecStart</span><span class="p">=</span><span class="s">/usr/local/bin/nomad agent -config=/etc/nomad.d/nomad.hcl</span> <span class="py">ExecReload</span><span class="p">=</span><span class="s">/bin/kill -HUP $MAINPID</span> <span class="nn">[Install]</span> <span class="py">WantedBy</span><span class="p">=</span><span class="s">multi-user.target</span> </code></pre> </div> <h3> Role: nomad_server </h3> <p>Edit <code>roles/nomad_server/tasks/main.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># roles/nomad_server/tasks/main.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">import_role</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nomad_service</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">copy nomad config</span> <span class="na">template</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">nomad.hcl.j2</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/etc/nomad.d/nomad.hcl</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">start nomad</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nomad</span> <span class="na">state</span><span class="pi">:</span> <span class="s">restarted</span> <span class="na">enabled</span><span class="pi">:</span> <span class="s">yes</span> </code></pre> </div> <p>Edit <code>roles/nomad_server/templates/nomad.hcl.j2</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jinja"><code># roles/nomad_server/templates/nomad.hcl.j2 data_dir = "/var/nomad" advertise { http = "<span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>" rpc = "<span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>" serf = "<span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>" } server { enabled = true bootstrap_expect = 3 raft_protocol = 3 } </code></pre> </div> <h3> Role: nomad_client </h3> <p>Edit <code>roles/nomad_client/tasks/main.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># roles/nomad_client/tasks/main.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">import_role</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nomad_service</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">update apt cache</span> <span class="na">apt</span><span class="pi">:</span> <span class="na">update_cache</span><span class="pi">:</span> <span class="s">yes</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">install docker and openjdk</span> <span class="na">apt</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">packages</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">present</span> <span class="na">vars</span><span class="pi">:</span> <span class="na">packages</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">docker.io</span> <span class="pi">-</span> <span class="s">openjdk-11-jdk-headless</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">start docker service</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">docker</span> <span class="na">state</span><span class="pi">:</span> <span class="s">started</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">copy nomad config</span> <span class="na">template</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">nomad.hcl.j2</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/etc/nomad.d/nomad.hcl</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">start nomad</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nomad</span> <span class="na">state</span><span class="pi">:</span> <span class="s">restarted</span> <span class="na">enabled</span><span class="pi">:</span> <span class="s">yes</span> </code></pre> </div> <p>Edit <code>roles/nomad_client/templates/nomad.hcl.j2</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jinja"><code>data_dir = "/var/nomad" bind_addr = "<span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>" client { enabled = true network_interface = "eth0" } </code></pre> </div> <h2> step 3: Traefik </h2> <p>Setting up Traefik will be similar to Consul and Nomad, but a bit simpler: there will be only one role named <code>proxy</code>.</p> <p>Edit the playbook to include Traefik:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># playbook.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">localhost</span> <span class="c1"># run this task in the host</span> <span class="na">connection</span><span class="pi">:</span> <span class="s">local</span> <span class="c1"># set urls as variables</span> <span class="na">vars</span><span class="pi">:</span> <span class="na">consul_version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.4.0"</span> <span class="na">nomad_version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.8.6"</span> <span class="na">traefik_version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.7.5"</span> <span class="na">consul_url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://releases.hashicorp.com/consul/{{</span><span class="nv"> </span><span class="s">consul_version</span><span class="nv"> </span><span class="s">}}/consul_{{</span><span class="nv"> </span><span class="s">consul_version</span><span class="nv"> </span><span class="s">}}_linux_amd64.zip"</span> <span class="na">nomad_url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://releases.hashicorp.com/nomad/{{</span><span class="nv"> </span><span class="s">nomad_version</span><span class="nv"> </span><span class="s">}}/nomad_{{</span><span class="nv"> </span><span class="s">nomad_version</span><span class="nv"> </span><span class="s">}}_linux_amd64.zip"</span> <span class="na">traefik_url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">https://github.com/containous/traefik/releases/download/v{{</span><span class="nv"> </span><span class="s">traefik_version</span><span class="nv"> </span><span class="s">}}/traefik_linux-amd64"</span> <span class="na">tasks</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create containers</span> <span class="c1"># get all host names from inventory</span> <span class="na">loop</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">groups['all']</span><span class="nv"> </span><span class="s">}}"</span> <span class="c1"># use lxd_container module from ansible to create containers</span> <span class="na">lxd_container</span><span class="pi">:</span> <span class="c1"># container name is the hostname</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">started</span> <span class="na">source</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">image</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">pull</span> <span class="na">server</span><span class="pi">:</span> <span class="s">https://images.linuxcontainers.org</span> <span class="na">alias</span><span class="pi">:</span> <span class="s">ubuntu/bionic/amd64</span> <span class="na">config</span><span class="pi">:</span> <span class="c1"># nomad clients need some privileges to be able to run docker containers</span> <span class="na">security.nesting</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">'true'</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">['nomad-client1',</span><span class="nv"> </span><span class="s">'nomad-client2',</span><span class="nv"> </span><span class="s">'nomad-client3']</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">'false'</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">security.privileged</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">'true'</span><span class="nv"> </span><span class="s">if</span><span class="nv"> </span><span class="s">item</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">['nomad-client1',</span><span class="nv"> </span><span class="s">'nomad-client2',</span><span class="nv"> </span><span class="s">'nomad-client3']</span><span class="nv"> </span><span class="s">else</span><span class="nv"> </span><span class="s">'false'</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">devices</span><span class="pi">:</span> <span class="c1"># configure network interface</span> <span class="na">eth0</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">nic</span> <span class="na">nictype</span><span class="pi">:</span> <span class="s">bridged</span> <span class="na">parent</span><span class="pi">:</span> <span class="s">lxdbr0</span> <span class="c1"># get ip address from inventory</span> <span class="na">ipv4.address</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">hostvars[item].ip_address</span><span class="nv"> </span><span class="s">}}"</span> <span class="c1"># # uncomment if you installed lxd using snap</span> <span class="c1"># url: unix:/var/snap/lxd/common/lxd/unix.socket</span> <span class="c1"># ensure cache directory exists</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create cache directory</span> <span class="na">file</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">path</span><span class="pi">:</span> <span class="nv">cache</span><span class="pi">,</span> <span class="nv">state</span><span class="pi">:</span> <span class="nv">directory</span> <span class="pi">}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fetch applications</span> <span class="na">unarchive</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">item.url</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">cache</span> <span class="na">creates</span><span class="pi">:</span> <span class="s2">"</span><span class="s">cache/{{</span><span class="nv"> </span><span class="s">item.file</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">remote_src</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">loop</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">consul_url</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">file</span><span class="pi">:</span> <span class="s">consul</span> <span class="pi">-</span> <span class="na">url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">nomad_url</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">file</span><span class="pi">:</span> <span class="s">nomad</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fecth traefik</span> <span class="na">get_url</span><span class="pi">:</span> <span class="na">url</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">traefik_url</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">cache/traefik</span> <span class="na">mode</span><span class="pi">:</span> <span class="m">0755</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">consul_servers</span> <span class="na">roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul_server</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">nomad_servers</span> <span class="na">roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul_client</span> <span class="pi">-</span> <span class="s">nomad_server</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">nomad_clients</span> <span class="na">roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul_client</span> <span class="pi">-</span> <span class="s">nomad_client</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">proxy</span> <span class="na">roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">consul_client</span> <span class="pi">-</span> <span class="s">proxy</span> </code></pre> </div> <p>The structure needed for the <code>proxy</code> role will be like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>roles/ └── proxy ├── files │ └── traefik.service ├── tasks │ └── main.yml └── templates └── traefik.toml.j2 </code></pre> </div> <p>You can create the structure with the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> <span class="se">\</span> roles/proxy/tasks <span class="se">\</span> roles/proxy/files <span class="se">\</span> roles/proxy/templates <span class="se">\</span> <span class="o">&amp;&amp;</span> <span class="nb">touch</span> <span class="se">\</span> roles/proxy/tasks/main.yml <span class="se">\</span> roles/proxy/files/traefik.service <span class="se">\</span> roles/proxy/templates/traefik.toml.j2 </code></pre> </div> <p>Edit <code>roles/proxy/tasks/main.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># roles/proxy/tasks/main.yml</span> <span class="nn">---</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">install traefik</span> <span class="na">copy</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">cache/traefik</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/usr/local/bin/</span> <span class="na">mode</span><span class="pi">:</span> <span class="m">0755</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create traefik service</span> <span class="na">copy</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">traefik.service</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/etc/systemd/system/</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">create traefik config directory</span> <span class="na">file</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/etc/traefik</span> <span class="na">state</span><span class="pi">:</span> <span class="s">directory</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">copy traefik config</span> <span class="na">template</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s">traefik.toml.j2</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/etc/traefik/traefik.toml</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">start traefik</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">traefik</span> <span class="na">state</span><span class="pi">:</span> <span class="s">restarted</span> <span class="na">enabled</span><span class="pi">:</span> <span class="s">yes</span> </code></pre> </div> <p>Edit <code>roles/proxy/files/traefik.service</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="c"># roles/proxy/files/traefik.service </span><span class="nn">[Unit]</span> <span class="py">Description</span><span class="p">=</span><span class="s">"Traefik Proxy"</span> <span class="py">Documentation</span><span class="p">=</span><span class="s">https://traefik.io</span> <span class="py">Requires</span><span class="p">=</span><span class="s">network-online.target</span> <span class="py">After</span><span class="p">=</span><span class="s">network-online.target</span> <span class="py">ConditionFileNotEmpty</span><span class="p">=</span><span class="s">/etc/traefik/traefik.toml</span> <span class="nn">[Service]</span> <span class="py">Restart</span><span class="p">=</span><span class="s">on-failure</span> <span class="py">ExecStart</span><span class="p">=</span><span class="s">/usr/local/bin/traefik --configfile=/etc/traefik/traefik.toml</span> <span class="py">ExecReload</span><span class="p">=</span><span class="s">/bin/kill -HUP $MAINPID</span> <span class="nn">[Install]</span> <span class="py">WantedBy</span><span class="p">=</span><span class="s">multi-user.target</span> </code></pre> </div> <p>Edit <code>roles/proxy/templates/traefik.toml.j2</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jinja"><code># roles/proxy/templates/traefik.toml.j2 [file] # Backends [backends] [backends.consul] [backends.consul.servers] <span class="cp">{%</span> <span class="k">for</span> <span class="nv">host</span> <span class="ow">in</span> <span class="nv">groups</span><span class="p">[</span><span class="s1">'consul_servers'</span><span class="p">]</span> <span class="cp">%}</span> [backends.consul.servers.<span class="cp">{{</span> <span class="nv">host</span> <span class="cp">}}</span>] url = "http://<span class="cp">{{</span> <span class="nv">hostvars</span><span class="p">[</span><span class="nv">host</span><span class="p">]</span><span class="err">.</span><span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>:8500" <span class="cp">{%</span> <span class="k">endfor</span> <span class="cp">%}</span> [backends.nomad] [backends.nomad.servers] <span class="cp">{%</span> <span class="k">for</span> <span class="nv">host</span> <span class="ow">in</span> <span class="nv">groups</span><span class="p">[</span><span class="s1">'nomad_servers'</span><span class="p">]</span> <span class="cp">%}</span> [backends.nomad.servers.<span class="cp">{{</span> <span class="nv">host</span> <span class="cp">}}</span>] url = "http://<span class="cp">{{</span> <span class="nv">hostvars</span><span class="p">[</span><span class="nv">host</span><span class="p">]</span><span class="err">.</span><span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>:4646" <span class="cp">{%</span> <span class="k">endfor</span> <span class="cp">%}</span> # Frontends [frontends] [frontends.consul] backend = "consul" [frontends.consul.routes.route1] rule = "Host:consul.<span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>.nip.io" [frontends.nomad] backend = "nomad" [frontends.nomad.routes.route1] rule = "Host:nomad.<span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>.nip.io" [consulCatalog] endpoint = "127.0.0.1:8500" exposedByDefault = false domain = "service.<span class="cp">{{</span> <span class="nv">ansible_eth0.ipv4.address</span> <span class="cp">}}</span>.nip.io" [api] dashboard = true debug = true </code></pre> </div> <p>Traefik configuration grants access to Consul and Nomad dashboards and configures Consul Catalog backend. This way, services can be automatically discovered and exposed.</p> <p>We set <code>exposedByDefault = false</code> so only the services marked with a specific tag will be exposed, therefore reducing the risk of accidentally making an internal service public.</p> <h2> step 4: Deploying Services </h2> <p>Now that we have everything in place, we can build our cluster and see it working:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ansible-playbook playbook.yml </code></pre> </div> <p>If everything went OK, we can now access the Trafik dashboard at <a href="http://10.99.0.100:8080" rel="noopener noreferrer">http://10.99.0.100:8080</a>:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn73zl17ejhuzsjspyptu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn73zl17ejhuzsjspyptu.png" alt="Traefik dashboard 1" width="800" height="534"></a></p> <p>Not very impressive, since we do not have any service deployed yet, but if we go to the <code>file</code> tab:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj7z4dbf7wc2m61aebs2k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj7z4dbf7wc2m61aebs2k.png" alt="Traefik dashboard 2" width="800" height="534"></a></p> <p>There it is! It shows Consul and Nomad!... Still not very impressive, we configured them statically in Traefik configuration. Let's do something more interesting:</p> <ol> <li>Enter any nomad server node: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>lxc <span class="nb">exec </span>nomad-server1 <span class="nt">--</span> bash </code></pre> </div> <ol> <li>Create the nomad service definition </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> <span class="o">&gt;</span> hello.nomad <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> job "hello-world" { datacenters = ["dc1"] group "example" { count = 3 task "server" { # we will run a docker container driver = "docker" # resouces required by the task resources { network { # require a random port named "http" port "http" {} } } config { # docker image to run image = "hashicorp/http-echo" args = [ "-listen", ":8080", "-text", "hello world", ] # map the random port to port 8080 on the task port_map = { http = 8080 } } # exposed service service { # service name, compose the url like 'hello-world.service.myorg.com' name = "hello-world" # service will bind to this port port = "http" # tell traefik to expose this service tags = ["traefik.enable=true"] } } } } </span><span class="no">EOF </span></code></pre> </div> <p>In the <code>service</code> section, <code>tags = ["traefik.enable=true"]</code> is what will tell Traefik to expose the service.</p> <ol> <li>Deploy! </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nomad job run hello.nomad </code></pre> </div> <p>It will output something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>root@nomad-server1:~# nomad job run hello.nomad ==&gt; Monitoring evaluation "be583c44" Evaluation triggered by job "hello-world" Allocation "a19978c9" created: node "d9d3daa0", group "example" Allocation "0e0e0015" created: node "7fdbbd1f", group "example" Allocation "690efcc2" created: node "ab36a46e", group "example" Evaluation status changed: "pending" -&gt; "complete" ==&gt; Evaluation "be583c44" finished with status "complete" </code></pre> </div> <p>Now, if we go to Traefik dashboard again:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8h3pzl5zked1udrup2yb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8h3pzl5zked1udrup2yb.png" alt="Traefik dashboard 3" width="800" height="464"></a></p> <p>It's there!</p> <p>We can access the service by opening <a href="http://hello-world.service.10.99.0.100.nip.io" rel="noopener noreferrer">http://hello-world.service.10.99.0.100.nip.io</a>.</p> <p>But wait a minute, what is that <code>10.99.0.100.nip.io</code> url? It is a service that to the ip address you put before it. Pretty handy for testing. Go to [nip.io] for more info.</p> <p>This service, however, is quite boring, let's deploy something more interesting:</p> <ol> <li>Create the nomad service definition </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> <span class="o">&gt;</span> gitea.nomad <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"> job "gitea" { datacenters = ["dc1"] group "gitea" { count = 1 ephemeral_disk { # try to deploy this service on the same node every time sticky = true # try to migrate the ephemeral disk if possible migrate = true # set the ephemeral disk size to 2GB size = "2048" } task "server" { driver = "docker" config { image = "gitea/gitea:1.6" port_map = { http = 3000 } # with docker driver, it is possible to mount volumes insinde the container from the ephemeral disk volumes = [ "local/gitea-data:/data" ] } resources { network { port "http" {} } } service { name = "gitea" port = "http" tags = ["traefik.enable=true"] } } } } </span><span class="no">EOF </span></code></pre> </div> <ol> <li>Plan the job deployment </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nomad job plan gitea.nomad </code></pre> </div> <p>It will output something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>+ Job: "gitea" + Task Group: "gitea" (1 create) + Task: "server" (forces create) Scheduler dry-run: - All tasks successfully allocated. Job Modify Index: 0 To submit the job with version verification run: nomad job run -check-index 0 gitea.nomad When running the job with the check-index flag, the job will only be run if the server side version matches the job modify index returned. If the index has changed, another user has modified the job and the plan's results are potentially invalid. </code></pre> </div> <p>We went a bit different here. We planned the deployment or, in other words, we validated the deployment config (gitea.nomad) and generated an index number (<code>0</code> in the case of a new deployment), so we do not risk updating a deployment after another operator did a deployment of his own.</p> <p>To deploy the service, just follow the instructions nomad gave us:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nomad job run <span class="nt">-check-index</span> 0 gitea.nomad </code></pre> </div> <p>In a few minutes it will appear in the Traefik dashboard and will be accessible at <a href="http://gitea.service.10.99.0.100.nip.io:" rel="noopener noreferrer">http://gitea.service.10.99.0.100.nip.io:</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcxdsw6vewarvp6upkv7n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcxdsw6vewarvp6upkv7n.png" alt="Gitea" width="800" height="602"></a></p> <h2> Conclusion </h2> <p>LXD is a very useful tool to test solutions that would be otherwise impossible or impractical with virtual machines. When combined with Ansible, you can quickly create test environments to evaluate these solutions in a way that is closer to a production environment than a scaled down tool like minikube or minishift (which are still completely valid tools if you are focusing only in the applications deployed in these solutions).</p> <p>Nomad is a great software. Along with Consul, you have a simple yet very powerful solution to orchestrate your services. It can run docker, rkt and lxc containers, java applications packaged in a <code>.jar</code> file (<a href="http://spring.io/" rel="noopener noreferrer">like a Spring Boot application</a>), and even binaries (<a href="https://rocket.rs/" rel="noopener noreferrer">like a Rocket application</a>), <a href="https://www.nomadproject.io/docs/job-specification/artifact.html" rel="noopener noreferrer">which can be retrieved by nomad in the job definition</a> and executed using the <a href="https://www.nomadproject.io/docs/drivers/exec.html" rel="noopener noreferrer">isolation primitives provided by the operating system</a>. It is not as feature complete as Kubernetes but is a lot easier to operate.</p> <p>Traefik integrates with a lot of services to provide auto configuration. Its Consul Catalog integration provides an incredible solution to a Nomad cluster.</p> lxd ansible nomad traefik Livio Ribeiro Sun, 19 Aug 2018 00:25:17 +0000 https://forem.com/livioribeiro/going-further-on-openshift-4m80 https://forem.com/livioribeiro/going-further-on-openshift-4m80 <p>In my previous post I gave a brief introduction about what is Openshift (<a href="https://okd.io" rel="noopener noreferrer">now OKD</a>) and how we could easily deploy <a href="https://gitea.io" rel="noopener noreferrer">Gitea</a>. Now we will focus on building and deploying java applications using the "source2image" (S2I) strategy.</p> <p>But what is this S2I?</p> <p>According to the <a href="https://github.com/openshift/source-to-image" rel="noopener noreferrer">S2I project site</a>:</p> <blockquote> <p>Source-to-Image (S2I) is a toolkit and workflow for building reproducible Docker images from source code. S2I produces ready-to-run images by injecting source code into a Docker container and letting the container prepare that source code for execution. By creating self-assembling builder images, you can version and control your build environments exactly like you use Docker images to version your runtime environments.</p> </blockquote> <p>What will happen in practice is that Openshift will take your project's source, combine it with a <em>builder</em> docker image and generate the final runtime image used to run the application.</p> <h2> Preparing the development environment </h2> <p>To run our development environment, we will use <a href="https://github.com/minishift/minishift" rel="noopener noreferrer">minishift</a> to create an openshift cluster. Use the commands below to download and install minishift (if you are using linux):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">MINISHIFT_VERSION</span><span class="o">=</span>1.22.0 <span class="nv">MINISHIFT_URL</span><span class="o">=</span>https://github.com/minishift/minishift/releases/download/v<span class="nv">$MINISHIFT_VERSION</span>/minishift-<span class="nv">$MINISHIFT_VERSION</span><span class="nt">-linux-amd64</span>.tgz curl <span class="nt">-L</span> <span class="nt">-s</span> <span class="nt">-o</span> /tmp/minishift.tgz <span class="nv">$MINISHIFT_URL</span> <span class="nb">tar</span> <span class="nt">-C</span> /tmp <span class="nt">--wildcards</span> <span class="nt">-x</span> <span class="k">*</span>/minishift <span class="nt">--strip</span> 1 <span class="nt">-zf</span> /tmp/minishift.tgz <span class="nb">sudo install</span> /tmp/minishift /usr/local/bin/minishift </code></pre> </div> <p>With minishift installed, we can configure and start it (which may take several minutes):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># change values according to your workstation</span> <span class="nv">MINISHIFT_VM_DRIVER</span><span class="o">=</span>virtualbox <span class="nv">MINISHIFT_MEMORY</span><span class="o">=</span>8G <span class="nv">MINISHIFT_CPUS</span><span class="o">=</span>4 <span class="nv">MINISHIFT_DISK_SIZE</span><span class="o">=</span>100G <span class="c"># configure minishift</span> minishift config <span class="nb">set </span>vm-driver <span class="nv">$MINISHIFT_VM_DRIVER</span> minishift config <span class="nb">set </span>memory <span class="nv">$MINISHIFT_MEMORY</span> minishift config <span class="nb">set </span>cpus <span class="nv">$MINISHIFT_CPUS</span> minishift config <span class="nb">set </span>disk-size <span class="nv">$MINISHIFT_DISK_SIZE</span> minishift start </code></pre> </div> <p>To interact with Openshift, we need to download the <code>oc</code> command line tool, but with minishift we can use the bundled one, just execute the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">eval</span> <span class="si">$(</span>minishift oc-env<span class="si">)</span> </code></pre> </div> <p>Then we login to openshift:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc login 192.168.99.100:8443 <span class="nt">-u</span> admin <span class="c"># use 'admin' as password</span> </code></pre> </div> <h2> Deploying the application </h2> <p>Now that we have minishift up and running, we can start deploying some application. Let's start with a <a href="https://github.com/sclorg/django-ex" rel="noopener noreferrer">django example application</a>.</p> <p>But first, let's create the <em>project</em>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc new-project django-example <span class="nt">--display-name</span> <span class="s1">'Django Example'</span> </code></pre> </div> <p>It will print something like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Now using project "django-example" on server "https://192.168.99.100:8443". You can add applications to this project with the 'new-app' command. For example, try: oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git to build a new example application in Ruby. </code></pre> </div> <p>(Do not worry with the message about a ruby application, we are actually deploying a <strong>python</strong> application ;)</p> <p>A <em>project</em> is the openshift terminology to a namespace, a place to group related resources and define access rules to these resources. For example, we could allow user "snake" to view our "django-example" project, user "rattlesnake" to view and edit (trigger builds and deploys, etc.) and not give any access to user "badger".</p> <p>With the project created, we can create the application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc new-app python:3.6~https://github.com/sclorg/django-ex.git </code></pre> </div> <p>You might be asking "what is going on?". Well, we are telling openshift to take the <code>python:3.6</code> image and combine it with the source code available at <a href="https://github.com/sclorg/django-ex.git" rel="noopener noreferrer">https://github.com/sclorg/django-ex.git</a>. The syntax is "image"~"source".</p> <p><strong>But be careful!</strong> The <code>python:3.6</code> is <strong>not the official python image from docker hub</strong>! It is instead from <a href="https://hub.docker.com/r/centos/python-36-centos7/" rel="noopener noreferrer">centos/python-36-centos7</a> and was imported to the openshift integrated registry! It is an S2I image to build and run python projects! You can view other images using the command <code>oc get imagestream -n openshift</code></p> <p>The output of the <code>oc new-app</code> will have some information about the application, with the following at the end:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>--&gt; Success Build scheduled, use 'oc logs -f bc/django-ex' to track its progress. Application is not exposed. You can expose services to the outside world by executing one or more of the commands below: 'oc expose svc/django-ex' Run 'oc status' to view your app. </code></pre> </div> <p>The suggested command <code>oc expose svc/django-ex</code> will do something very important: it will expose a <em>Service</em> (a Kubernetes Service) to external traffic through a <em>Route</em>. The <em>Route</em> is very similar to a Service, but will handle external requests that matches a specific hostname and can also handle encryption (https).</p> <p>Let's expose our application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc expose svc/django-ex </code></pre> </div> <p>Unlike previous commands, exposing a service does not produce much output, so let's list the available routes to get the one we just created:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc get routes </code></pre> </div> <p>Which will output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD django-ex django-ex-django-example.192.168.99.100.nip.io django-ex 8080-tcp None </code></pre> </div> <p>As we can see, the route listens for the hostname <code>django-ex-django-example.192.168.99.100.nip.io</code>. This <code>nip.io</code> is a special service service that will redirect requests to the ip address contained in the hostname itself, is this case, 192.168.99.100, the ip address of the minishift vm.</p> <p>Accessing the route address will show the following screen:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftzg3cnvvw3wtpvi9el1p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftzg3cnvvw3wtpvi9el1p.png" alt="openshift django example welcome screen" width="800" height="610"></a></p> <h2> Openshift web console </h2> <p>Openshift also has a very nice web console accessible at [<a href="https://192.168.99.100:8443/console" rel="noopener noreferrer">https://192.168.99.100:8443/console</a>]. Just login with the same credentials we used before ("admin" for both username and password).</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3uxjilszu1phqrj3pfql.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3uxjilszu1phqrj3pfql.png" alt="openshift web console" width="800" height="507"></a></p> <p>Opening the link to our project on the right will take us to the following page:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcryv3hc0fvqox2ckh5bx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcryv3hc0fvqox2ckh5bx.png" alt="openshift project overview" width="800" height="524"></a></p> <p>It is the project dashboard where we have an overview of the project, the applications deployed, routes, container status, etc. We can even scale the container!</p> <p>The web console has lots of featues, even though some actions still require using the cli, like creating a service by exposing the <em>Deployment</em>.</p> <p>This is it for now. Next time we will get into the web console.</p> openshift devops docker kubernetes Livio Ribeiro Thu, 19 Jul 2018 02:20:41 +0000 https://forem.com/livioribeiro/my-journey-through-openshift-13f2 https://forem.com/livioribeiro/my-journey-through-openshift-13f2 <p>Recently I started working with <a href="https://www.openshift.org/" rel="noopener noreferrer">Openshift</a> since the company I work for adopted it. It will be quite an interesting journey because I will have to adapt our services that currently run on JBoss and Tomcat to run on containers.</p> <p>But first, what exactly is Openshift?</p> <p>From my understanding, it is a distribution of <a href="https://kubernetes.io/" rel="noopener noreferrer">Kubernetes</a> focused on providing an easier way to migrate, deploy and manage your applications on a containerized environment. It hides some of the complexities of Kubernetes while providing some nice features like its dashboard and the source-to-image (S2I) strategy.</p> <p>Openshift is maintained by RedHat.</p> <p>The S2I is very interesting: it combines a specially built docker image with your application's source code and build another docker image ready to be deployed. Each S2I image is specialized in building and deploying a different technology stack. For example, the JBoss S2I image will look for a <code>pom.xml</code> in the sources, run <code>mvn package</code>, copy the generated artifact to the deployments directory and, when run, will configure the datasource using environment variables. The Tomcat S2I image works similarly. RedHat provides images for Java, Python, Ruby, Nodejs and others.</p> <p>You can also deploy an image from docker hub.</p> <h2> Getting started </h2> <p>To get started with Openshift, you can download the <a href="https://github.com/minishift/minishift/releases" rel="noopener noreferrer">minishift</a> tool, which will start a virtual machine running an instance of Openshift.</p> <p>But before we begin, we should tweak the virtual machine a little bit:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>minishift config <span class="nb">set </span>vm-driver virtualbox minishift config <span class="nb">set </span>memory 8G minishift config <span class="nb">set </span>cpus 4 minishift config <span class="nb">set </span>disk-size 100G </code></pre> </div> <p>These commands will tell minishift to:</p> <ul> <li>use virtualbox instead of KVM/Hyper-V/xhyve (you can still use those)</li> <li>set the memory to 8GB (but 4GB will do too)</li> <li>set the number of cpus to 4, so we can run a few more containers</li> <li>use a disk size of 100GB, so we do not run out of storage</li> </ul> <p>You can use lower values for memory and cpus, but it will be very limited (and sometimes openshift may freeze).</p> <p>To start minishift we can run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>minishift start </code></pre> </div> <p>When the machine is ready, we can run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">eval</span> <span class="si">$(</span>minishift oc-env<span class="si">)</span> </code></pre> </div> <p>to have <code>oc</code> (the openshift command line tool) in our path.</p> <p>Before we can interact with Openshift, we need to login (use admin/admin as credencials):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc login </code></pre> </div> <p>With everything running, it is time to deploy an application. For this example we will deploy <a href="https://gitea.io" rel="noopener noreferrer">Gitea</a>, a git repository manager forked from <a href="https://gogs.io/" rel="noopener noreferrer">Gogs</a>.</p> <p>But first, we need to create a project (which is effectively a kubernetes namespace):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc new-project scm <span class="nt">--display-name</span> <span class="s2">"Source Control Management"</span> </code></pre> </div> <p>Now we tell openshift to create an "app" from Gitea docker image:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc new-app gitea/gitea:1.5 </code></pre> </div> <p>which will end up creating:</p> <ul> <li>an <a href="https://docs.openshift.org/latest/dev_guide/managing_images.html" rel="noopener noreferrer">Image Stream</a> </li> <li>a <a href="https://docs.openshift.org/latest/dev_guide/deployments/kubernetes_deployments.html" rel="noopener noreferrer">DeploymentConfig</a>, similar to (and will eventually be replaced by) a kubernetes Deployment</li> <li>a Service</li> </ul> <p>To expose the service to the external world, we can create a <a href="https://docs.openshift.org/latest/architecture/networking/routes.html" rel="noopener noreferrer">Route</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc expose svc/gitea <span class="se">\</span> <span class="nt">--name</span> gitea-http <span class="se">\</span> <span class="nt">--port</span> 3000-tcp </code></pre> </div> <p>The <code>3000-tcp</code> is the name of the port on the service.</p> <p>With the Route created, Gitea will now be available at <a href="http://gitea-scm.192.168.99.100.nip.io" rel="noopener noreferrer">http://gitea-scm.192.168.99.100.nip.io</a></p> <p>You can also expose Gitea's ssh endpoint<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc expose svc/gitea <span class="se">\</span> <span class="nt">--name</span> gitea-ssh <span class="se">\</span> <span class="nt">--port</span> 22-tcp <span class="se">\</span> <span class="nt">--hostname</span> gitea-scm-ssh.192.168.99.100.nip.io </code></pre> </div> <p>Gitea is working, but its data will be lost on container restart, so we need a persistent volume to hold that data:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># remove automatically create volume</span> oc volume dc/gitea <span class="nt">--remove</span> <span class="nt">--name</span> gitea-volume-1 oc volume dc/gitea <span class="nt">--add</span> <span class="se">\</span> <span class="nt">--name</span> <span class="s1">'gitea-volume-data'</span> <span class="se">\</span> <span class="nt">--type</span> <span class="s1">'pvc'</span> <span class="se">\</span> <span class="nt">--mount-path</span> <span class="s1">'/data/'</span> <span class="se">\</span> <span class="nt">--claim-name</span> <span class="s1">'gitea-data'</span> <span class="se">\</span> <span class="nt">--claim-size</span> <span class="s1">'1G'</span> </code></pre> </div> <p>One thing that is missing is configuration. Fortunately, Gitea can be configured <a href="https://docs.gitea.io/en-us/install-with-docker/" rel="noopener noreferrer">using environment variables</a>. So now we will create a ConfigMap to hold the environment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc create configmap gitea-config <span class="se">\</span> <span class="nt">--from-literal</span> <span class="nv">APP_NAME</span><span class="o">=</span><span class="s2">"My Gitea Instance"</span> <span class="se">\</span> <span class="nt">--from-literal</span> <span class="nv">RUN_MODE</span><span class="o">=</span>prod <span class="se">\</span> <span class="nt">--from-literal</span> <span class="nv">SSH_DOMAIN</span><span class="o">=</span>gitea-scm-ssh.192.168.99.100.nip.io <span class="se">\</span> <span class="nt">--from-literal</span> <span class="nv">ROOT_URL</span><span class="o">=</span>http://gitea-scm.192.168.99.100.nip.io <span class="se">\</span> <span class="nt">--from-literal</span> <span class="nv">DB_TYPE</span><span class="o">=</span>sqlite3 <span class="se">\</span> <span class="nt">--from-literal</span> <span class="nv">INSTALL_LOCK</span><span class="o">=</span><span class="nb">true</span> </code></pre> </div> <p>Now add the environment to the DeploymentConfig:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc <span class="nb">set env</span> <span class="nt">--from</span> configmap/gitea-config dc/gitea </code></pre> </div> <p>If you access our Gitea instance right now, you will notice that our configuration was not applied! This happened because Gitea already have a configuration file in the volume we created. To solve this, we need to add another volume, an EmptyDir volume, so Gitea can rebuild the configuration using the environment variables we set:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc volume dc/gitea <span class="nt">--add</span> <span class="se">\</span> <span class="nt">--name</span> <span class="s1">'gitea-volume-config'</span> <span class="se">\</span> <span class="nt">--type</span> <span class="s1">'emptyDir'</span> <span class="se">\</span> <span class="nt">--mount-path</span> <span class="s1">'/data/gitea/conf'</span> </code></pre> </div> <p>It may take a bit longer for the application to be ready since it is creating the database tables, but then you will see that our settings were applied.</p> <p>Now we just need to setup <a href="https://docs.openshift.org/latest/dev_guide/application_health.html" rel="noopener noreferrer">probes to monitor application health</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>oc <span class="nb">set </span>probe dc/gitea <span class="nt">--liveness</span> <span class="se">\</span> <span class="nt">--failure-threshold</span> 3 <span class="se">\</span> <span class="nt">--initial-delay-seconds</span> 5 <span class="se">\</span> <span class="nt">--</span> <span class="nb">echo </span>ok oc <span class="nb">set </span>probe dc/gitea <span class="nt">--readiness</span> <span class="se">\</span> <span class="nt">--failure-threshold</span> 3 <span class="se">\</span> <span class="nt">--initial-delay-seconds</span> 10 <span class="se">\</span> <span class="nt">--get-url</span><span class="o">=</span>http://:3000/user/login </code></pre> </div> <p>The readiness probe is particularly useful during rollouts so openshift can tell if it can safely remove the old container and redirect requests to the new one.</p> <p>Update:</p> <p>I made a <a href="https://docs.openshift.org/3.9/dev_guide/templates.html" rel="noopener noreferrer">Template</a> to make easier to deploy Gitea. <a href="https://github.com/livioribeiro/devops-stuff/blob/master/openshift/gitea-persistent-template.yaml" rel="noopener noreferrer">It is available here</a>.</p> <p>Gitea has more settings than the ones configurable through the environment variables, but right now setting the config file (app.ini) from a configmap does not work very well since Gitea tries to write to the file and fails because it is readonly. However, <a href="https://github.com/go-gitea/gitea/pull/4412" rel="noopener noreferrer">there is a pull request to fix that</a>.</p> container orchestration openshift kubernetes