Deploy Metric Insights on OpenShift 3/4

OpenShift is Red Hat's version of Kubernetes. It is a viable option for container orchestration, especially if your organization already has a Red Hat subscription.

PREREQUISITES:

The following topics are covered in this article:

  1. Understanding the Metric Insights Application Architecture in OpenShift
  2. Create a Project for the Metric Insights Application in the OpenShift Container Platform
  3. Configure the Storage Class for Persistent Volumes
  4. Obtain Docker Registry Credentials
  5. Generate the Deployment Files for the Metric Insights
  6. Create & Upload Secrets for Each MI Service
  7. Deploy the Metric Insights Application
  8. Check if the Application Has Been Deployed
  9. Create Routes for the Web Service and the Monitoring Service
  10. Basic Console Commands

For non-orchestrated environments, see the help article on using Simple Installer.

1. Understanding the Metric Insights Application Architecture in OpenShift

7.0.1a

Below is an architectural diagram of Metric Insights deployed in OpenShift. A namespace is a virtual cluster that consists of several Nodes (servers). The nodes host Pods which is essentially a Container. Metric Insights consists of services that run inside their own container, rooted to a shared file system for persistence. 

MI OpenShift Diagram 7.0.1a.pdf

The deployment scheme consists of the following services deployed in individual pods (1 service per pod):

Required services:

  1. Web Master, Web Slave replicas: The application's user interface.
  2. Data Analyzer: Provides global search capabilities within the MI application.
  3. Data Processor: Manages the integration between MI and external BI services.
  4. Console: Monitors the application's services and their status.
  5. Redis: Handles internal caching for optimized performance.
  6. Image Generator: Renders images directly from web pages.

Optional services:

  • Remote Data Processor: A service for BI Tools that require integrating from a Windows environment instead of Linux.

 Additional items of note:

  • A minimum of 3 Nodes are required for automatic failover
  • MySQL is required to host the Metric Insights application database, and it should run on a remote server
  • Persistent storage is required for the shared file system

Ensure the following ports are open:

  • 80, 443 - HTTP/HTTPS ports for UI access
  • 32550 - TCP port for external access to the Data Processor cluster
  • 3306 - MySQL port
  • 8080, 8443 - HTTP/HTTPS ports for the REST API Data Processor service
  • 8081 - TCP port for the Console Tool
  • 6379 - port that needs to be opened within the namespace (network rules).
6.4.5

Below is an architectural diagram of Metric Insights deployed in OpenShift. A namespace is a virtual cluster that consists of several Nodes (servers). The nodes host Pods which is essentially a Container. Metric Insights consists of services that run inside their own container, rooted to a shared file system for persistence. 

MI OpenShift Diagram 6.4.5.pdf

The deployment scheme consists of the following services deployed in individual pods (1 service per pod):

Required services:

  1. Web Master, Web Slave replicas: The application's user interface.
  2. Data Analyzer: Provides global search capabilities within the MI application.
  3. Data Processor: Manages the integration between MI and external BI services.
  4. Seed: Works together with Data Processor to manage integration between Mi and external BI services.
  5. Monitoring: Monitors the application's services and their status.
  6. Redis: Handles internal caching for optimized performance.

Ensure the following ports are open:

  • 80, 443 - HTTP/HTTPS ports for UI access
  • 32550 - TCP port for external access to the Data Processor cluster
  • 32551 - TCP port for external access to the Seed service
  • 3306 - MySQL port
  • 8080, 8443 - HTTP/HTTPS ports for the REST API Data Processor service
  • 8081 - TCP port for the Console Tool
  • 6379 - port that needs to be opened within the namespace (network rules).

 Additional items of note:

  • A minimum of 3 Nodes are required for automatic failover
  • MySQL is required to host the Metric Insights application database, and it should run on a remote server
  • Persistent storage is required for the shared file system

2. Create a Project for the Metric Insights Application in the OpenShift Container Platform

  1. [+ Create Project]
  2. Fill in the fields
  3. [Create]

3. Configure the Storage Class for Persistent Volumes

The Openshift 3 deployment supports only NFS type for the application file system, which is shared across pods as persistent volumes.

In /etc/exports, set the mounted share to /opt/mi with the following options:

/opt/mi <worker_ip>(rw,fsid=1,crossmnt,no_subtree_check,no_root_squash,async)

4. Obtain Docker Registry Credentials

Contact Metric Insights Support for access to the official Metric Insights Docker Registry. Credentials are required for pulling Docker images for each Metric Insights service.

The Metric Insights Docker Registry address (docker.metricinsights.com) is specified in the deployment configuration file.

5. Generate the Deployment Files for the Metric Insights

It is possible to:

Generate the Deployment File by the Installer

Depending on the deployment type, replace <deployment_type>  in the commands described below with the following values:

  • OpenShift 3:  <deployment_type>  -> openshift3
  • OpenShift 4:  <deployment_type> -> k8s
  • If the remote database server has the same timezone as the Metric Insights application, run ./installer.py kubernetes --type <deployment_type> --storage-class nfs --nfs-server-address <nfs.example.com> --ingress-controller-type nginx --hostname <MI_hostname> --dp-hostname <dataprocessor_hostname> --registry <registry_url> --timezone <MI_app_timezone> -o <deployment_file>.yml
  • If the remote database server has a different timezone than the Metric Insights application,  use ./installer.py kubernetes --type <deployment_type> --storage-class nfs --nfs-server-address <nfs.example.com> --ingress-controller-type nginx --hostname <MI_hostname> --dp-hostname <dataprocessor_hostname> --registry <registry_url> --timezone <MI_app_timezone> --mysql-timezone <remote_database_server_timezone> -o <deployment_file>.yml

Use ./installer.py kubernetes -h for more options. See Basic Console Commands section for details.

Generate the Deployment Files by the Installation Wizard

To generate the set of files required for the Metric Insights deployment, refer to Generate the Deployment Files by the Installation Wizard article.

6. Create & Upload Secrets for Each MI Service

This step is required only in case you have generated the deployment file by the Installer.

There are default secret files for each service in MetricInsights-Installer-vX.X.X-Full/utils/orchestration/kubernetes/secrets/:

v7.0.1:

Secret File Service
data-analyzer.env
 Data Analyzer
dataprocessor.env
 Data Processor
console.env
 Console
mysql.secret
 MySQL
image-generator.env
 Image Generator
web.env
 Web Service
redis.env
 Redis

v6.4.5:

Secret File Service
data-analyzer.env
 Data Analyzer
dataprocessor.env
 Data Processor
monitoring.env
 Monitoring
mysql.secret
 MySQL
seed.env
 Seed
web.env
 Web Service
redis.env
 Redis

It is possible to:

Create Secrets Using the Command Line

Create the secrets for each service by uploading each file to the namespace using oc create:

v7.0.1:

$ oc create secret generic --namespace <MI-namespace> metricinsights-mysql-root-password --from-file mysql.secret         
$ oc create secret generic --namespace <MI-namespace> metricinsights-data-analyzer --from-file data-analyzer.env         
$ oc create secret generic --namespace <MI-namespace> metricinsights-web --from-file web.env         
$ oc create secret generic --namespace <MI-namespace> metricinsights-dataprocessor --from-file dataprocessor.env         
$ oc create secret generic --namespace <MI-namespace> metricinsights-console --from-file console.env         
$ oc create secret generic --namespace <MI-namespace> metricinsights-redis --from-file redis.env         
$ oc create secret generic --namespace <MI-namespace> metricinsights-image-generator --from-file image-generator.env

v6.4.5:

$ oc --namespace <MI-namespace> create secret generic metricinsights-web --from-file web.env
$ oc --namespace <MI-namespace> create secret generic metricinsights-dataprocessor --from-file dataprocessor.env
$ oc --namespace <MI-namespace> create secret generic metricinsights-seed --from-file seed.env
$ oc --namespace <MI-namespace> create secret generic metricinsights-mysql-root-password --from-file mysql.secret
$ oc --namespace <MI-namespace> create secret generic metricinsights-data-analyzer --from-file data-analyzer.env 
$ oc --namespace <MI-namespace> create secret generic metricinsights-monitoring --from-file monitoring.env
$ oc --namespace <MI-namespace> create secret generic metricinsights-redis --from-file redis.env
Create Secrets Using the OpenShift Container Platform

Secret is an object for storing and managing sensitive information like passwords and OAuth tokens. Before deploying to OpenShift 3/4, Docker Registry credentials must be registered as the Secret for K8s to reference. Metric Insights uses a secret labeled docker-registry to authenticate in Docker Registry to pull the images.

6.1. Access the Created Project for Metric Insights Application

  1. Click the project

6.2. Access Resources > Secrets

6.3. Create the Secret to Pull the Docker Image

  1. [Create Secret]
  2. Fill in the fields
  3. [Create]

6.4. Create the Secrets for the Metric Insights Services

The screenshot displays an example on how the fields must be filled to create the secret for Data Analyzer Service (data-analyzer.env). Proceed the steps below to create the secrets for remaining services: Web, Data Processor, Seed, Monitoring, MySQL.

  1. Select Generic Secret from Secret Type drop-down menu
  2. Enter a unique secret name
  3. Enter a unique key for the secret
  4. To upload a file template, click [Browse]
  5. If you have uploaded the file template, you do not need to copy and paste its content to the field

7. Deploy the Metric Insights Application

It is possible to:

Deploy the Application Using the OpenShift Container Platform

7.1. Access Add to Project > Import YAML / JSON

7.2. Upload the Deployment File  

  1. To upload the deployment file, click [Browse].
  2. Optionally, copy and paste the YAML file content in the field. This step is appropriate if you have not uploaded it using [Browse]
  3. [Create]

7.3. Deploy the Metric Insights Application

  1. [Continue]
  2. [Create]

7.4. Confirm the Deployment of the Metric Insights Application

  1. [Create Anyway]

7.5. Finish the Deployment of the Metric Insights Application

  1. The confirmation message must be visible
  2. [Close]
Deploy the Application Using the Command Line

To deploy the application, apply the deployment file: 

oc --namespace <namespace> apply -f <deployment_file>.yml

If <deployment_file>.yml is updated, run the following command to apply the changes: 

$ oc process -f <deployment_file>.yml | oc apply -f - 
service/metricinsights-web unchanged 
deployment.apps/metricinsights-web-master unchanged 
deployment.apps/metricinsights-web-slave unchanged 
service/metricinsights-seed unchanged 
deployment.apps/metricinsights-seed unchanged 
service/metricinsights-dataprocessor unchanged 
deployment.apps/metricinsights-dataprocessor unchanged 
service/metricinsights-data-analyzer unchanged 
deployment.apps/metricinsights-data-analyzer unchanged 
service/metricinsights-monitoring unchanged 
deployment.apps/metricinsights-monitoring unchanged 
persistentvolume/metricinsights-default-data configured 
persistentvolumeclaim/metricinsights-default-data unchanged

8. Check if the Application Has Been Deployed

To check if the application has been deployed, run oc get pods -n <namespace>.

9. Create Routes for the Web Service and the Monitoring Service

9.1. Access the Routes Creation Form  

  1. Click Networking
  2. Click Routes
  3. [Create Route]

9.2. Fill in the Routes Creation Form

  1. Enter a name for the Web Service/the Monitoring Service within the project
  2. Enter a hostname for the Web Service/the Monitoring Service within the project
  3. Select the pod of the Web Service/the Monitoring Service from the drop-down menu
  4. After you select the pod, the drop-down menu becomes active. For the Web Service, select "443 -> 443 (TCP)". For the Monitoring Service, select "8081 -> 8081 (TCP)"
  5. Tick the checkbox

9.3. Apply the Valid Certificate and Private Key for the Web Service and the Monitoring Service

  1. Select "Re-encrypt" from TLS Termination drop-down menu
  2. Select "Redirect" from Insecure Traffic drop-down menu
  3. Click [Browse] to select the certificate in PEM format
  4. Click [Browse] to select the Private Key
  5. Click [Browse] to select the CA certificate
  6. [Browse] to select ca.crt certificate. You can retrieve the certificate from the web pod: /opt/mi/ssl/ca.crt.

9.4. Create and Check the Routes

Click [Create] at the bottom. To check the routes, open the Web Service and the Monitoring Service hostnames in a browser. You will see the login pages.

10. Basic Console Commands

Basic console commands can be checked by running ./installer.py kubernetes --help .

The following list of utilities are available to use on the host.

Note, all of these tools become available only if the Web Component is installed.

Optional Parameters
-h, --help Show this help message and exit.
--images-pull-secret-name IMAGES_PULL_SECRET_NAME The name of a secret that will be used for pulling basic Docker images.
--nfs-server-address NFS_SERVER_ADDRESS Set NFS server address to connect the network shared data folder.
--nfs-shared-folder NFS_SHARED_FOLDER Set NFS network shared data folder path. (default: /opt/mi/data)
-o OUTPUT, --output OUTPUT Save Metric Insights deployment config to a file.
--version VERSION Compatibility of manifest with the Kubernetes version. (default: 1.19)
--load-balancer-type LOAD_BALANCER_TYPE Set load balancer type to use in config. Possible values: azure-internal, external. (default: external)
--service-type SERVICE_TYPE Set service type to get access to Metric Insights components. Possible values: ClusterIP, LoadBalancer, NodePort. (default: LoadBalancer)
--namespace NAMESPACE Specify Kubernetes namespace for adopting the config. (default: default)
--web-instances-count WEB_INSTANCES_COUNT Set the number of web instances. Possible values: >=1. (default: 2)
--ingress-controller-type INGRESS_CONTROLLER_TYPE Set ingress controller type. Possible values: nginx, traefik. (default: None)
--hostname HOSTNAME Set hostname to Kubernetes Ingress Controller and Web service additional hostname. (default: None)
--console-hostname CONSOLE_HOSTNAME Set hostname of console to Kubernetes Ingress Controller. (default: None)
--storage-class STORAGE_CLASS Set storage class for shared data folder. Possible values: nfs, portworx. (default: nfs)
--portworx-storage-size PORTWORX_STORAGE_SIZE Set Portworx data storage size. Possible values: >=1 in GB.
--portworx-storage-class-name PORTWORX_STORAGE_CLASS_NAME Set Portworx storage class name. (default: metricinsights-portworx)
--dp-hostname DP_HOSTNAME Set hostname of Dataprocessor. (default: metricinsights-dataprocessor)
--registry REGISTRY Docker registry URL for deployment MI components. Example: <hostname> or <hostname>:<port>. (default: None)
--shared-drive-folder SHARED_DRIVE_FOLDER Enable specifying a shared drive folder from the host to the web container.
--shared-drive-address SHARED_DRIVE_ADDRESS Set NFS server address for shared drive folder. (default: None)
--timezone TIME_ZONE Set time zone. (default: UTC)
--mysql-timezone MYSQL_TIME_ZONE Set MySQL time zone if MySQL engine has a different timezone than the application. If not specified, then value from --timezone option is used.
--wizard Launch Setup Wizard for preparing Metric Insights config files for deploying into Kubernetes.
--type TYPE Set scenario type for Kubernetes. Possible values: openshift3, k8s, helm. (default: k8s)
--high-load Enable high-load configuration for the Web service. Optimizes the system for several thousand concurrent users.
--persistent-volume-claim PERSISTENT_VOLUME_CLAIM Name of the existing Persistent Volume Claim to be used with MI components. (default: None)
--secrets-folder SECRETS_FOLDER Set folder for storing credential files for Kubernetes.
--skip-secrets Skip generation of secrets.
-y, --yes Assume yes on interactive requests. (default: False)
--db-hostname DB_HOSTNAME MySQL hostname of the Database Server.
--db-port DB_PORT MySQL port for db-hostname. (default: 3306)
--db-user DB_USER MySQL admin username to initialize the Metric Insights database.
--db-password DB_PASSWORD MySQL admin user password.
--enable-remote-execution Allow remote commands execution.
--require-2mfa Require 2MFA for MI Console users.
--da-cpu-number DA_CPU_NUMBER Set number of Data-Analyzer search processes. (default: 2)
--disable-same-worker-for-web Prevent landing web master and web slave on the same Kubernetes node.