Deploy QPR ProcessAnalyzer from Container: Difference between revisions

For deploying in containerized platforms QPR ProcessAnalyzer is available as a container image containing QPR ProcessAnalyzer Server build for linux-x64 platform.

Container image content

Following additional components are included:

• ODBC 18 drivers
• Snowflake drivers

Note that the SAP libraries for extracting data from SAP are not included.

User permissions

Container does not require superuser permissions and runs under user account pa.

To automatically create database, the user must have the dbcreator server role. To automatically update existing database user must have the db-owner permissions to the database.

Database

To run container image connection string to PA Metadata database must be provided. The image supports only Sql Server authentication mode.

• Database can be created manually using initializedb.sql script (#6893#)
• By default image has option CreateDatabase enabled and will atempt to create database if it is not exists
• Updating existing database will be done automatically during application startup

Logging

QPR ProcessAnalyzer Server writes log which can be stored to following targets:

• Store to a file in the container disk. The file can be mapped to any external storage system.
• Write to stdout and stderr streams that can be listened to store the logs.
• Push logs to an OpenTelemetry endpoint.

Application configuration in the container

Container supports the same configuration sources as on-premise windows deployments.

Changed configuration files must be provider to container using volumes

• appsettings.json should be mapped to /pa/appsettings.json
• log4net.config should be mapped to /pa/log4net.config

Overriding configuration using environment variables

• Values in appsettings.json
  • Environment variables override values set in appsettings.json
  • Hierarchial keys use double underscore as separator
• Values in PA_CONFIGURATION
  • Environment variables override values set in PA_CONFIGURATION
  • PA_CONFIGURATION keys converted to environment variable name using SNAKE_CASE in uppercase prefixed with `QPRPA_`

Key storage for session cookies encryption

To make it possible to reuse session cookies after container restart, the session cookies encryption key must be saved in an external storage. The external storage should be mapped to /home/pa/.aspnet/DataProtection-Keys directory in the container.

Custom root CA certificates

Certificate chains in *.crt files in PEM format can be mapped by default to the directory /usr/local/share/ca-certificates. This path can also be changed by assigning value for the environment variable SSL_CERT_DIR.

HTTPS is supported by deploying a public-facing edge server without a reverse proxy. Certificate and key files are provided to the container via volume. Following environment variables (or corresponding values in appsettings.json) must be set:

• HTTPS_PORT: port for listening for HTTPS connections.
• Kestrel_Certificates_Default_Path: path to .pem/.crt or .pfx file.
• Kestrel_Certificates_Default_Password: passphrase for certificate key.
• Kestrel_Certificates_Default_KeyPath: path to .key file (if `Kestrel_Certificates_Default_Path` contains path to .pem/.crt file).

Running in docker

# Minimal configuration with default parameters
# Data Source in PA_CONFIGURATION must be configured
docker run -d -p 5000:5000 --restart unless-stopped \
  -e Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password" \
  azure-repo/pa/server

# Overriding PA_CONFIGURATION DefaultDataSource and SqlServerConnectionString
# and providing volume for storing logs
docker run -d -p 5000:5000 --restart unless-stopped \
  -e Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password" \
  -e QPRPA_DEFAULT_DATA_SOURCE=SqlServer \
  -e QPRPA_SQL_SERVER_CONNECTION_STRING="Server=dbserver.host;DataBase=QPR_PA_DATA;Uid=user;PWD=password" \
  -e Application__LogFilePath=/tmp/logs/pa-server.log \
  -v /pa-logs:/var/logs/pa \
  azure-repo/pa/server

# Configuration provided via external appsettings.json file
docker run -d -p 5000:5000 --restart unless-stopped \
  -v /pa/config/appsettings.json:/pa/appsettings.json \
  -v /pa/logs:/var/logs/pa \
  azure-repo/pa/server

Running in kubernetes

# UI endpoint
apiVersion: v1
kind: Service
metadata:
  name: qprpa-server
  labels:
    app: qprpa-server
spec:
  type: ClusterIP
  ports:
    - port: 5000
      targetPort: qprpa-server-port
  selector:
    app: qprpa-server
---
# PA server deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: qprpa-server
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: qprpa-server
  template:
    metadata:
      labels:
        app: qprpa-server
    spec:
      containers:
      - name: qprpa-server
        image: "azure-repo/pa/server"
        imagePullPolicy: "Always"
        ports:
        - containerPort: 5000
          name: qprpa-server-port
        # connection strings provided via secret containing following variables:
        # Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password"
        # QPRPA_SQL_SERVER_CONNECTION_STRING="Server=dbserver.host;DataBase=QPR_PA_DATA;Uid=user;PWD=password"
        envFrom:
        - secretRef:
            name: pa-secrets
        env:
        - name: QPRPA_DEFAULT_DATA_SOURCE
          value: "SqlServer"
        resources:
          requests:
            memory: "2Gi"
            cpu: "500m"
          limits:
            memory: "8Gi"
            cpu: "8000m"