Tech Tip 2 - GroundWork in Linux Container

Tech Tip 2 (01/2016) - Running GroundWork in a Linux Container

Linux containers are simple, portable instances of Linux that run under the LXC container system. Whether you have Groundwork Core or Enterprise, it’s always good to have portable versions of your GroundWork servers. With containers, you can move them, copy them, snapshot them, and upgrade them (or test doing so) easily.

Requirements

A Linux system with enough horsepower to run GroundWork. That usually means at least a dual-core CPU and 8 GB RAM, and 160 GB free on your hard drive. Yes, you could run this on a VM, but we can safely ignore that consideration since it’s abstract. If you want to run GroundWork on Amazon EC2, you can do it in a container as well, but you will want to follow a particular configuration option. See below.

How do you do it?
  1. Really, it’s almost that simple. On our lab system here, running Ubuntu 14.4, step 1 is all of:
    # apt-get install lxc lxctl lxc-templates

    Of course, there's more to it if you want to get the most up-to-date version, but this works fine.
    If you are using another distro, you can find the equivalent for your package manager.

  2. Just for fun, you might want the web panel too:
    # wget https://lxc-webpanel.github.io/tools/install.sh -O - | bash

    That gives you a nice little view into what the containers are doing.

    Figure: LXC Web Panel
    The web panel runs on port 5000 on your local system by default. The default username and password is admin/admin.

  3. Once you install, you will be able to run commands that start with lxc-, like this:
    # lxc-ls

    This will list all installed containers. Or you can run:

    # lxc-ls --fancy

    This says a bit more about the containers, like if they are running and their IP addresses.

  4. But first, you will need a container! If you downloaded the 7.1 beta, just un-tar it to /var/lib/lxc, like this:
    # tar -xzvf lxc-gwos-server-71-beta.tgz -C / 

    Then skip to step 15, below.

  5. Otherwise, here's how you make one: You need an “image” to make a container with. Let’s say you are running on Ubuntu, but you want the container to run Centos. Well, you would need to install yum for that to work:
    # apt-get install yum
  6. Then you can download an image and create a container with just one line:
    # lxc-create -t download -n mycentos --  --dist centos --release 6 --arch amd64
  7. Call it whatever you want. The “-n” is for name, and you can be as creative as you like.
    You can start the container like this:
    # lxc-start -n mycentos
  8. Then you can attach to it like this:
    # lxc-attach -n mycentos
  9. Now you have a root shell on the container! But networking is still not done. Let’s fix that.
    By default, LXC installs a DHCP server that hands out private addresses to containers, so you can probably just type:
    # yum install openssh-server
    # yum install wget
    # yum install patch
    # yum install tar
  10. That will get a few useful things installed. Then you can start the SSH server:
    # chkconfig sshd on
    # service sshd start
  11. Then set a root password:
    # passwd root
  12. Finally, exit the shell:
    # exit

    And you are back at the prompt of your Ubuntu Linux system. From here, you can see what the IP address is with:

    # lxc-ls --fancy
    NAME           STATE    IPV4                    IPV6  GROUPS  AUTOSTART
    ----------------------------------------------------------------------
    mycentos       RUNNING  10.0.3.110              -     -       NO
  13. You can SSH to this address (whatever it is on your system) from the Ubuntu command line:
    ssh root@10.0.3.110
  14. Now you are ready to install GroundWork. Just follow the usual instructions to transfer the file to the container and install it from a root shell. See: https://kb.groundworkopensource.com/display/FILES/GroundWork+Monitor+7.0.2

  15. Once GroundWork is installed, how do you access the portal pages? Isn’t the whole thing on a private address?

    Yes it is. Of course you can access it using a browser from your Ubuntu desktop, but what if you want to get to it from other systems? You can’t reach that private address directly, but you can reach the address of your Ubuntu system that has LXC running on it.

    You actually have two choices. You can either run Apache on the Ubuntu system and proxy HTTP requests to the GroundWork container, or you can make the container itself have an address on your normal network via a bridge. If you are running on the Amazon AWS cloud, you should use the proxy method. If you have control of your DHCP server, or can safely allocate static IP addresses, you might want to use the bridge method. The bridge method is covered nicely at this link: http://unix.stackexchange.com/questions/50201/how-to-configure-external-ip-addresses-for-lxc-guests

    We recommend setting a hostname with DHCP/DNS that matches the hostname on the container, and ensuring that it correctly resolves prior to installing GroundWork.

    To proxy HTTP requests to the GroundWork container, first install GroundWork on the container as mentioned above. Then install Apache and the proxy module on the Ubuntu host running the container. We will assume the Ubuntu host has address 192.168.42.103, and that the container has private address 10.0.3.110. You can adjust as necessary.
    # apt-get install httpd
    # a2enmod proxy proxy_http
  16. Modify the conf file:
    /etc/apache2/apache2.conf
  17. Add the lines:
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^192.168.42.103/*
    RewriteRule (.*) http://10.0.3.110/$1 [P,L]
    ProxyPreserveHost On
    ProxyPass / http://10.0.3.110/
    ProxyPassReverse / http://10.0.3.110/
  18. Edit the /etc/apache2/mods-enabled/proxy.conf file:
    Add the lines:
    <IfModule mod_proxy.c>
    ProxyRequests Off
    <Proxy *>
    AddDefaultCharset off
    Order deny,allow
    Allow from all
    </Proxy>
  19. Ok, now run Apache on the Ubuntu server:
    # service apache2 restart
  20. Now to modify things on the GroundWork server, SSH to the Centos container (or use lxc-attach). Find the gw-config utility, and run it:
    # ./gw-config --machine_hostname 192.168.42.103
  21. That will adjust all the portal configuration files to point to the proxied address. Note: depending on the version of GroundWork you are using, you might also need to do this:
    # sed -i 's/mycentos/192.168.42.103/g' /usr/local/groundwork/config/josso-agent-config.xml
  22. Replace ‘mycentos’ with the name of your container host. Then restart GroundWork portal services:
    service groundwork restart gwservices
  23. Now if you point a browser to http://192.168.42.103, you will see the GroundWork portal!
Notes

There are a few limitations with the proxy approach. GDMA won’t work without a lot of adjustments that we haven’t covered here. Also, for example, it’s not possible to directly upload background files for the views application. The portal applications do work, though, and it’s adequate for testing and light-duty production monitoring. The best part is, you can move the server to any host just by stopping it (lxc-stop command) and tarring it up, then untarring it in the new location. If you use the bridge method, it’s just like having a GroundWork server on the network, but be advised that the load on the Ubuntu system network interface will be heavy, so you should use a capable machine.