Deploying Metric Insights in an Orchestrated Environment

Beginning in version 6.0, Metric Insights can be deployed using a container orchestration platform. Container orchestration allows for horizontal scaling (versus vertical) as well as a highly-available architecture. Orchestration platforms include:

  • Kubernetes
  • Amazon ECS (CloudFormation, Terraform)
  • Docker Swarm
  • OpenShift

Starting v6.4.1. services inside containers are run by one unprivileged user. The ownership for the network shared volume must be manually set to www-data, uid: 33 before updating to v6.4.1.

Metric Insights Application Architecture in AWS ECS

v7.0.1a

Prerequisites for v7.0.1a

To deploy Metric Insights across the different orchestration platforms, the following architectural pieces are required:

  • kubectl command-line tool to manage a Kubernetes deployment (not required for ECS and Docker Swarm)
  • oc command-line tool to manage an OpenShift deployment
  • Remote Database Server to host the application database:
    • MySQL v8+ 
    • (MySQL/MariaDB v5.5+ is supported only in MI versions prior to v6.2.0)
  • Persistent shared storage to store the application file system
    • e.g., NFS, Portworx, AWS EFS, CIFS
  • Specific ports open on the network:
    • 80, 443: HTTP and HTTPS ports for the UI Application Service (by default redirection to 443)
    • 32550: TCP port for external access to the Data Processor cluster
    • 3306: MySQL port to get access from Metric Insights environment
    • 8081: TCP port for MI Console Tool

For non-orchestrated deployments, see the help article on using Simple Installer.

v6.4.5

Prerequisites for v6.4.5

To deploy Metric Insights across the different orchestration platforms, the following architectural pieces are required:

  • kubectl command-line tool to manage a Kubernetes deployment (not required for ECS and Docker Swarm)
  • oc command-line tool to manage an OpenShift deployment
  • Remote Database Server to host the application database:
    • MySQL v8+ 
    • (MySQL/MariaDB v5.5+ is supported only in MI versions prior to v6.2.0)
  • Persistent shared storage to store the application file system
    • e.g., NFS, Portworx, AWS EFS, etc.
  • Specific ports open on the network:
    • 80, 443: HTTP and HTTPS ports for the UI Application Service (by default redirection to 443)
    • 32550: TCP port for external access to the Data Processor cluster
    • 32551: TCP port for external access to the Seed service
    • 3306: MySQL port to get access from outside
    • 8080, 8443: HTTP and HTTPS ports for the REST API Data Processor Service (only one port is enabled at one time)
    • 8081: TCP port for Monitoring Tool

For non-orchestrated deployments, see the help article on using Simple Installer.

1. Obtain Docker Registry Credentials

Contact MI Support for access to the official Metric Insights Docker Registry. Credentials are needed to pull docker images for each Metric Insights' service.

  • Note: the default MI Docker Registry address (docker.metricinsights.com) is specified in the deployment configuration file for each orchestration type.

If you must use a Private Docker Registry instead, see Uploading Metric Insights Docker Images to a Private Registry about how to download our docker images and upload them to your private registry.

2. Choose Deployment Method (Kubernetes, Amazon ECS, Docker Swarm)

If deploying to Kubernetes, please see Deploying Metric Insights on Kubernetes.

If deploying to Docker Swarm, please see Deploying Container Orchestration with Docker Swarm.

If deploying to OpenShift, please see Deploying Metric Insights on OpenShift v3.

If deploying to Amazon ECS, continue below.

Amazon ECS Prerequisites:

  1. Database (RDS or EC2 instance with custom database deployment)
  2. AWS EFS or custom NFS shared storage
  3. Optional: If utilizing a private registry; i.e., non-Metric Insights, ensure that you have those credentials available.

3. Generate Configuration File to Deploy to Amazon ECS

The configuration file can be generated using the Metric Insights installer package:

  1. Download the installer package to a Linux system and unpack
  2. Change into the installer directory, then run the installer with the ecs command and specify a target filename to generate the configuration file:
    • If the remote DB server has the same timezone as MI app:  ./installer.py ecs --timezone <MI app timezone> -o <manifest filename>.json
    • If the remote DB server has a different timezone than MI app: ./installer.py ecs --type cloudformation --timezone <MI app timezone> --mysql-timezone <Remote Database server timezone> -o <filename>.json
  3. The configuration file can now be used as a template with AWS CloudFormation to create and deploy the Metric Insights environment

Note: Run ./installer.py ecs --help to see the list of available installer options. See Basic Console Commands section.

4. Create the ECS Stack with AWS CloudFormation

Prepare the following:

  1. RDS address with root credentials
  2. AWS EFS address to connect to Metric Insights application

4.1. Create Stack

Access CloudFormation UI > Stacks > Create stack

  1. Prepare template: Choose an existing template
  2. Specify template: Upload a template file
  3. [Choose file], upload the generated json file as a template
  4. [Next]

4.2. Specify Stack Details

Complete each field then click [Next] at the bottom of the page. Some key notes:

  • To generate passwords for each service, you can either run echo -n '<pwd>' | base64 to encode a password of your choice, or run something like openssl rand -base64 8 to auto generate a password for you.
  • Use the full RDS address for the field "DBHostName"
  • Enter the RDS root user in the field "DBRootUserName"
  • Enter the full EFS address in the field "NFSServerAddress"
  • Select all Subnet IDs available in the field "SubnetIDs"
  • The field "WebReplicationsCount" represents the number of web slave containers (secondary to web master).

4.3. Acknowledge AWS CloudFormation Capabilities

Click [Next] to skip through the subsequent pages until you reach the window shown below.

  1. Click the checkbox to acknowledge that IAM resources might be created on deployment
  2. Click [Next], then [Update Stack]

4.4. Allow Incoming Connections to RDS for ECS/EC2 Security Group

  1. As the new ECS Stack is being deployed, go to the EC2 Console and select one of the new EC2s created for ECS
  2. Go to the Security Group field and select on the new security group name
  3. Copy the Group ID; e.g., "sg-name"
  4. Switch to the RDS Console and select the RDS instance being used for ECS
  5. Go to the VPC Security Group field and select the security group name
  6. Switch to the "Inbound" tab and click [Edit]
  7. Add the new EC2 security group to the list and then [Save]
    • Add Rule > All Traffic > Paste Group ID

On adding the group, switch back to CloudFormation to monitor the ECS Stack deployment. The deploy should complete in 5-10 minutes.

If you need to customize some processes after the application deployment, see Configuring Custom Components article.

5. Accessing Metric Insights Deployment

Once the ECS Stack is deployed:

  1. Switch back to the EC2 Console and select "Load Balancers" in the left menu pane.
  2. Identify the Load Balancer DNS name to access the Metric Insights application in a browser.
  3. For the best user experience, map the Load Balancer DNS name to a user-friendly name in Amazon Route 53.

Metric Insights is now deployed in ECS and browser ready.

6. Resources Involved in Running Metric Insights in ECS

  • AWS ECS Task Definitions
  • AWS ECS Cluster
  • AWS ECS Services
  • AWS EC2 Auto Scaling group
  • AWS EC2 Launch Configuration
  • AWS EC2 Security Groups
  • AWS Target Groups
  • AWS Network Load Balancer
  • IAM Roles
  • AWS Secret Manager
  • AWS Cloud Formation (only for deployment and updates)

Non-ECS resources in AWS needed for deployment include:

  1. AWS RDS instance based on MySQL 8.0.37 
    • Requires a custom Parameter Group with log_bin_function_creators enabled
    • See this KB for a list of mysql parameters to adjust
  2. AWS EFS Shared Storage

7. Basic Console Commands

Basic console commands can be checked by running ./installer.py ecs --help .

The following list of utilities are available to use on the host.

Note, all of these tools become available only if the Web Component is installed.

Optional Parameters
-h, --help Show this help message and exit
-o OUTPUT, --output OUTPUT Save Metric Insights ECS deployment config to a file (cloudformation) or directory (terraform). You must create a directory first to generate the terraform manifest.
--type TYPE Set type of deployment scenario. (default: cloudformation) Possible values: cloudformation, terraform
--internal Set scheme of Network Load Balancer to `internal` instead of `internet-facing`. (default: False)
--registry REGISTRY Docker registry URL, that will be used for deployment MI components. Example: <hostname> or <hostname>:<port>. (default: None)
--enable-shared-drive Enable specification for shared drive in web container. (default: False)
--high-load Enable high-load configuration for the Web service. This will optimize the system for several thousand concurrent users.
--timezone TIME_ZONE Set time zone. (default: UTC)
--mysql-timezone MYSQL_TIME_ZONE Set MySQL time zone if MySQL engine has a different timezone than the application. If not specified, the value from --timezone option is used.
--enable-redis Enable AWS Elasticache (Redis) for saving php sessions. (default: False)
--shared-storage-type SHARED_STORAGE_TYPE Select shared storage type. (default: nfs). Possible values: nfs, glusterfs
--hostname HOSTNAME Web service additional hostname. (default: None)
--enable-logger Enable additional logger service for collecting logs
--efs-id EFS_ID Specify EFS volume ID to mount into Metric Insights as a network shared folder
--enable-remote-execution Allow remote commands execution
--require-2mfa Require 2MFA for MI Console users
--da-cpu-number DA_CPU_NUMBER Set number for Data-Analyzer search processes. (default: 2)
--disable-same-worker-for-web Prevent landing web master and web slave on the same ECS instance