Deploy QPR ProcessAnalyzer from Container: Difference between revisions
No edit summary |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
For deploying in containerized platforms QPR ProcessAnalyzer is available as a container image containing QPR ProcessAnalyzer Server build for linux-x64 platform. | For deploying in containerized platforms QPR ProcessAnalyzer is available as a container image containing QPR ProcessAnalyzer Server build for linux-x64 platform. | ||
== Container image | == Container image == | ||
=== Installed components === | |||
* ODBC | In addition to the QPR ProcessAnalyzer Server, the following additional components are included in the container image: | ||
* Snowflake | * ODBC driver for SQL Server | ||
* ODBC driver for Snowflake | |||
Note that the SAP libraries for extracting data from SAP are not included. | Note that the SAP libraries for extracting data from SAP are not included. | ||
=== | ===Application configuration=== | ||
The configuration files are provider to container using volumes: | |||
* [[Server_settings_in_appsettings.json|appsettings.json]] needs be mapped to '''/pa/appsettings.json''' | |||
* [[Server_settings_in_log4net.config|log4net.config]] should be mapped to '''/pa/log4net.config''' | |||
Overriding configuration using environment variables | |||
* Values in appsettings.json | |||
** Environment variables override values set in appsettings.json | |||
** Hierarchial keys use double underscore as separator | |||
* Values in PA_CONFIGURATION | |||
** Environment variables override values set in PA_CONFIGURATION | |||
** PA_CONFIGURATION keys converted to environment variable name using SNAKE_CASE in uppercase prefixed with `QPRPA_` | |||
===Database=== | ===Configuration Database=== | ||
The connection string to the configuration database is mandatory to start up QPR ProcessAnalyzer. The container image supports only the SQL Server authentication mode. | |||
* Database can be initialized using the '''initializedb.sql''' script provided in the [[QPR_ProcessAnalyzer_Downloads#QPR_ProcessAnalyzer_Server_.28on_Windows.29|installation package]]. | |||
* Updating the existing configuration database will be done automatically during the container startup. | |||
* Database can be | * By default, the container image has the option '''CreateDatabase''' enabled and will attempt to create database if it is not exists. | ||
* By default image has option CreateDatabase enabled and will | |||
===Logging=== | ===Logging=== | ||
| Line 27: | Line 35: | ||
* Push logs to an OpenTelemetry endpoint. | * Push logs to an OpenTelemetry endpoint. | ||
=== | ===User permissions=== | ||
The container does not require any superuser permissions and it runs under the user account '''pa'''. | |||
To automatically update an existing database user must have the '''db-owner''' permissions to the database. | |||
To automatically create the configuration database, the user must have the '''dbcreator''' server role. | |||
===Key storage for session cookies encryption=== | ===Key storage for session cookies encryption=== | ||
To make it possible to reuse session cookies after container restart, the session cookies encryption key must be saved in an external storage. The external storage should be mapped to '''/home/pa/.aspnet/DataProtection-Keys''' directory in the container. | To make it possible to reuse session cookies after container restart, the session cookies encryption key must be saved in an external storage. The external storage should be mapped to '''/home/pa/.aspnet/DataProtection-Keys''' directory in the container. | ||
=== | ===CA certificates and HTTPS === | ||
The certificate chains in the *.crt files (in PEM format) can be mapped to the directory '''/usr/local/share/ca-certificates'''. This default path can be changed by assigning value for the environment variable '''SSL_CERT_DIR'''. | |||
HTTPS is supported by deploying a public-facing edge server without a reverse proxy. Certificate and key files are provided to the container via volume. Following environment variables (or corresponding values in appsettings.json) must be set: | HTTPS is supported by deploying a public-facing edge server without a reverse proxy. Certificate and key files are provided to the container via volume. Following environment variables (or corresponding values in appsettings.json) must be set: | ||
Latest revision as of 16:02, 22 November 2025
For deploying in containerized platforms QPR ProcessAnalyzer is available as a container image containing QPR ProcessAnalyzer Server build for linux-x64 platform.
Container image
Installed components
In addition to the QPR ProcessAnalyzer Server, the following additional components are included in the container image:
- ODBC driver for SQL Server
- ODBC driver for Snowflake
Note that the SAP libraries for extracting data from SAP are not included.
Application configuration
The configuration files are provider to container using volumes:
- appsettings.json needs be mapped to /pa/appsettings.json
- log4net.config should be mapped to /pa/log4net.config
Overriding configuration using environment variables
- Values in appsettings.json
- Environment variables override values set in appsettings.json
- Hierarchial keys use double underscore as separator
- Values in PA_CONFIGURATION
- Environment variables override values set in PA_CONFIGURATION
- PA_CONFIGURATION keys converted to environment variable name using SNAKE_CASE in uppercase prefixed with `QPRPA_`
Configuration Database
The connection string to the configuration database is mandatory to start up QPR ProcessAnalyzer. The container image supports only the SQL Server authentication mode.
- Database can be initialized using the initializedb.sql script provided in the installation package.
- Updating the existing configuration database will be done automatically during the container startup.
- By default, the container image has the option CreateDatabase enabled and will attempt to create database if it is not exists.
Logging
QPR ProcessAnalyzer Server writes log which can be stored to following targets:
- Store to a file in the container disk. The file can be mapped to any external storage system.
- Write to stdout and stderr streams that can be listened to store the logs.
- Push logs to an OpenTelemetry endpoint.
User permissions
The container does not require any superuser permissions and it runs under the user account pa.
To automatically update an existing database user must have the db-owner permissions to the database.
To automatically create the configuration database, the user must have the dbcreator server role.
Key storage for session cookies encryption
To make it possible to reuse session cookies after container restart, the session cookies encryption key must be saved in an external storage. The external storage should be mapped to /home/pa/.aspnet/DataProtection-Keys directory in the container.
CA certificates and HTTPS
The certificate chains in the *.crt files (in PEM format) can be mapped to the directory /usr/local/share/ca-certificates. This default path can be changed by assigning value for the environment variable SSL_CERT_DIR.
HTTPS is supported by deploying a public-facing edge server without a reverse proxy. Certificate and key files are provided to the container via volume. Following environment variables (or corresponding values in appsettings.json) must be set:
- HTTPS_PORT: port for listening for HTTPS connections.
- Kestrel_Certificates_Default_Path: path to .pem/.crt or .pfx file.
- Kestrel_Certificates_Default_Password: passphrase for certificate key.
- Kestrel_Certificates_Default_KeyPath: path to .key file (if `Kestrel_Certificates_Default_Path` contains path to .pem/.crt file).
Running in docker
This section provides example commands to run the QPR ProcessAnalyzer container in Docker.
Minimal configuration where only the SQL Server database in the PA_CONFIGURATION table must be configured:
docker run -d -p 5000:5000 --restart unless-stopped \ -e Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password" \ azure-repo/pa/server
This example additionally overrides the DefaultDataSource and SqlServerConnectionString settings in the PA_CONFIGURATION table, and provides a volume for storing logs:
docker run -d -p 5000:5000 --restart unless-stopped \ -e Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password" \ -e QPRPA_DEFAULT_DATA_SOURCE=SqlServer \ -e QPRPA_SQL_SERVER_CONNECTION_STRING="Server=dbserver.host;DataBase=QPR_PA_DATA;Uid=user;PWD=password" \ -e Application__LogFilePath=/tmp/logs/pa-server.log \ -v /pa-logs:/var/logs/pa \ azure-repo/pa/server
Provide the entire configuration in the appsettings.json by mapping is from an external file:
docker run -d -p 5000:5000 --restart unless-stopped \ -v /pa/config/appsettings.json:/pa/appsettings.json \ -v /pa/logs:/var/logs/pa \ azure-repo/pa/server
Running in kubernetes
This section provides an example command to run QPR ProcessAnalyzer container in the Kubernetes.
UI endpoint:
apiVersion: v1
kind: Service
metadata:
name: qprpa-server
labels:
app: qprpa-server
spec:
type: ClusterIP
ports:
- port: 5000
targetPort: qprpa-server-port
selector:
app: qprpa-server
The following example is the server deployment. The connection strings are provided via a secret containing following variables:
- Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password"
- QPRPA_SQL_SERVER_CONNECTION_STRING="Server=dbserver.host;DataBase=QPR_PA_DATA;Uid=user;PWD=password"
apiVersion: apps/v1
kind: Deployment
metadata:
name: qprpa-server
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: qprpa-server
template:
metadata:
labels:
app: qprpa-server
spec:
containers:
- name: qprpa-server
image: "azure-repo/pa/server"
imagePullPolicy: "Always"
ports:
- containerPort: 5000
name: qprpa-server-port
envFrom:
- secretRef:
name: pa-secrets
env:
- name: QPRPA_DEFAULT_DATA_SOURCE
value: "SqlServer"
resources:
requests:
memory: "2Gi"
cpu: "500m"
limits:
memory: "8Gi"
cpu: "8000m"