Deploy QPR ProcessAnalyzer from Container: Difference between revisions

For deploying in containerized platforms QPR ProcessAnalyzer is available as a container image containing QPR ProcessAnalyzer Server build for linux-x64 platform.

Container image

Installed components

In addition to the QPR ProcessAnalyzer Server, the following additional components are included in the container image:

• ODBC driver for SQL Server
• ODBC driver for Snowflake

Note that the SAP libraries for extracting data from SAP are not included.

Application configuration

The configuration files are provider to container using volumes:

• appsettings.json needs be mapped to /pa/appsettings.json
• log4net.config should be mapped to /pa/log4net.config

Overriding configuration using environment variables

• Values in appsettings.json
  • Environment variables override values set in appsettings.json
  • Hierarchial keys use double underscore as separator
• Values in PA_CONFIGURATION
  • Environment variables override values set in PA_CONFIGURATION
  • PA_CONFIGURATION keys converted to environment variable name using SNAKE_CASE in uppercase prefixed with `QPRPA_`

Configuration Database

The connection string to the configuration database is mandatory to start up QPR ProcessAnalyzer. The container image supports only the SQL Server authentication mode.

• Database can be initialized using the initializedb.sql script provided in the installation package.
• Updating the existing configuration database will be done automatically during the container startup.
• By default, the container image has the option CreateDatabase enabled and will attempt to create database if it is not exists.

Logging

QPR ProcessAnalyzer Server writes log which can be stored to following targets:

• Store to a file in the container disk. The file can be mapped to any external storage system.
• Write to stdout and stderr streams that can be listened to store the logs.
• Push logs to an OpenTelemetry endpoint.

User permissions

The container does not require any superuser permissions and it runs under the user account pa.

To automatically update an existing database user must have the db-owner permissions to the database.

To automatically create the configuration database, the user must have the dbcreator server role.

Key storage for session cookies encryption

To make it possible to reuse session cookies after container restart, the session cookies encryption key must be saved in an external storage. The external storage should be mapped to /home/pa/.aspnet/DataProtection-Keys directory in the container.

CA certificates and HTTPS

The certificate chains in the *.crt files (in PEM format) can be mapped to the directory /usr/local/share/ca-certificates. This default path can be changed by assigning value for the environment variable SSL_CERT_DIR.

HTTPS is supported by deploying a public-facing edge server without a reverse proxy. Certificate and key files are provided to the container via volume. Following environment variables (or corresponding values in appsettings.json) must be set:

• HTTPS_PORT: port for listening for HTTPS connections.
• Kestrel_Certificates_Default_Path: path to .pem/.crt or .pfx file.
• Kestrel_Certificates_Default_Password: passphrase for certificate key.
• Kestrel_Certificates_Default_KeyPath: path to .key file (if `Kestrel_Certificates_Default_Path` contains path to .pem/.crt file).

Running in docker

This section provides example commands to run the QPR ProcessAnalyzer container in Docker.

Minimal configuration where only the SQL Server database in the PA_CONFIGURATION table must be configured:

docker run -d -p 5000:5000 --restart unless-stopped \
  -e Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password" \
  azure-repo/pa/server

This example additionally overrides the DefaultDataSource and SqlServerConnectionString settings in the PA_CONFIGURATION table, and provides a volume for storing logs:

docker run -d -p 5000:5000 --restart unless-stopped \
  -e Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password" \
  -e QPRPA_DEFAULT_DATA_SOURCE=SqlServer \
  -e QPRPA_SQL_SERVER_CONNECTION_STRING="Server=dbserver.host;DataBase=QPR_PA_DATA;Uid=user;PWD=password" \
  -e Application__LogFilePath=/tmp/logs/pa-server.log \
  -v /pa-logs:/var/logs/pa \
  azure-repo/pa/server

Provide the entire configuration in the appsettings.json by mapping is from an external file:

docker run -d -p 5000:5000 --restart unless-stopped \
  -v /pa/config/appsettings.json:/pa/appsettings.json \
  -v /pa/logs:/var/logs/pa \
  azure-repo/pa/server

Running in kubernetes

This section provides an example command to run QPR ProcessAnalyzer container in the Kubernetes.

UI endpoint:

apiVersion: v1
kind: Service
metadata:
  name: qprpa-server
  labels:
    app: qprpa-server
spec:
  type: ClusterIP
  ports:
    - port: 5000
      targetPort: qprpa-server-port
  selector:
    app: qprpa-server

The following example is the server deployment. The connection strings are provided via a secret containing following variables:

• Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password"
• QPRPA_SQL_SERVER_CONNECTION_STRING="Server=dbserver.host;DataBase=QPR_PA_DATA;Uid=user;PWD=password"

apiVersion: apps/v1
kind: Deployment
metadata:
  name: qprpa-server
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: qprpa-server
  template:
    metadata:
      labels:
        app: qprpa-server
    spec:
      containers:
      - name: qprpa-server
        image: "azure-repo/pa/server"
        imagePullPolicy: "Always"
        ports:
        - containerPort: 5000
          name: qprpa-server-port
        envFrom:
        - secretRef:
            name: pa-secrets
        env:
        - name: QPRPA_DEFAULT_DATA_SOURCE
          value: "SqlServer"
        resources:
          requests:
            memory: "2Gi"
            cpu: "500m"
          limits:
            memory: "8Gi"
            cpu: "8000m"