Deploy QPR ProcessAnalyzer from Container

From QPR ProcessAnalyzer Wiki
Jump to navigation Jump to search

For deploying in containerized platforms QPR ProcessAnalyzer is available as a container image containing QPR ProcessAnalyzer Server build for linux-x64 platform.

Container image

Included components

In addition to the QPR ProcessAnalyzer Server, the following additional components are included in the container image:

  • ODBC driver for SQL Server
  • ODBC driver for Snowflake

Note that the SAP libraries for extracting data from SAP are not included.

Application configuration

The following configuration files are provider to the container using mapped volumes:

  • appsettings.json should be mapped in the container volume to a file /pa/appsettings.json
  • log4net.config should be mapped in the container volume to a file /pa/log4net.config

Instead of mapping the entire file, environment variables can be used to define the settings in the appsettings.json file. If both methods are applied, the environment variables override values set in appsettings.json file.

When using environment variables, the variable names for the hierarchical keys in the appsettings.json file are defined using the double underscore as separator, e.g., the LogFilePath setting in the Application section is defined as Application__LogFilePath (see a full example below in the examples section).

It's also possible to override settings in the PA_CONFIGURATION table using the environment variables. Setting names in the PA_CONFIGURATION table are converted into environment variable name using the snake case (underscores between words) in uppercase prefixed with QPRPA_, e.g., the SqlServerConnectionString setting is defined as QPRPA_SQL_SERVER_CONNECTION_STRING.

Database for configuration data

The connection string to the configuration database is a mandatory setting to start up QPR ProcessAnalyzer. See information about databases used by QPR ProcessAnalyzer.

  • Database can be initialized using the initializedb.sql script provided in the installation package (instructions).
  • Migrating the configuration database will be done automatically during the container startup. The migration is done if the QPR ProcessAnalyzer version uses a newer database schema than the current database.
  • By default, the container image has the option CreateDatabase enabled, so it will attempt to initialize the database if it's not done.

Note that the container image supports only the SQL Server authentication mode.

Logging

QPR ProcessAnalyzer Server writes log which can be stored to following targets:

  • Store to a file in the container disk. The file can be mapped to any external storage system.
  • Write to stdout and stderr streams that can be listened to store the logs.
  • Push logs to an OpenTelemetry endpoint.

User permissions

The container does not require any superuser permissions and it runs under the user account pa.

To automatically update an existing database user must have the db-owner permissions to the database.

To automatically create the configuration database, the user must have the dbcreator server role.

Key storage for session cookies encryption

To make it possible to reuse session cookies after container restart, the session cookies encryption key must be saved in an external storage. The external storage should be mapped to /home/pa/.aspnet/DataProtection-Keys directory in the container.

CA certificates

CA certificates can be mapped to the directory /usr/local/share/ca-certificates (containing *.crt files in the PEM format). This default path can be changed by assigning value for the environment variable SSL_CERT_DIR.

HTTPS connection to UI

HTTPS is supported by the container image if desired to deploy a public-facing edge server without a reverse proxy. Certificate and key files are provided to the container via volume. Following environment variables must be set:

  • HTTPS_PORT: Port for listening for HTTPS connections.
  • Kestrel_Certificates_Default_Path: Path to the .pem, .crt or .pfx file.
  • Kestrel_Certificates_Default_Password: Passphrase for the certificate key.
  • Kestrel_Certificates_Default_KeyPath: Path to .key file if Kestrel_Certificates_Default_Path contains path to .pem or .crt file.

Running in docker

This section provides example commands to run the QPR ProcessAnalyzer container in Docker.

Minimal configuration where only the SQL Server database in the PA_CONFIGURATION table must be configured: 

docker run -d -p 5000:5000 --restart unless-stopped \
  -e Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password" \
  azure-repo/pa/server

This example additionally overrides the DefaultDataSource and SqlServerConnectionString settings in the PA_CONFIGURATION table, and provides a volume for storing logs: 

docker run -d -p 5000:5000 --restart unless-stopped \
  -e Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password" \
  -e QPRPA_DEFAULT_DATA_SOURCE=SqlServer \
  -e QPRPA_SQL_SERVER_CONNECTION_STRING="Server=dbserver.host;DataBase=QPR_PA_DATA;Uid=user;PWD=password" \
  -e Application__LogFilePath=/tmp/logs/pa-server.log \
  -v /pa-logs:/var/logs/pa \
  azure-repo/pa/server

Provide the entire configuration in the appsettings.json by mapping is from an external file: 

docker run -d -p 5000:5000 --restart unless-stopped \
  -v /pa/config/appsettings.json:/pa/appsettings.json \
  -v /pa/logs:/var/logs/pa \
  azure-repo/pa/server

Running in kubernetes

This section provides an example command to run QPR ProcessAnalyzer container in the Kubernetes.

UI endpoint: 

apiVersion: v1
kind: Service
metadata:
  name: qprpa-server
  labels:
    app: qprpa-server
spec:
  type: ClusterIP
  ports:
    - port: 5000
      targetPort: qprpa-server-port
  selector:
    app: qprpa-server

The following example is the server deployment. The connection strings are provided via a secret containing following variables:

  • Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password"
  • QPRPA_SQL_SERVER_CONNECTION_STRING="Server=dbserver.host;DataBase=QPR_PA_DATA;Uid=user;PWD=password"
apiVersion: apps/v1
kind: Deployment
metadata:
  name: qprpa-server
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: qprpa-server
  template:
    metadata:
      labels:
        app: qprpa-server
    spec:
      containers:
      - name: qprpa-server
        image: "azure-repo/pa/server"
        imagePullPolicy: "Always"
        ports:
        - containerPort: 5000
          name: qprpa-server-port
        envFrom:
        - secretRef:
            name: pa-secrets
        env:
        - name: QPRPA_DEFAULT_DATA_SOURCE
          value: "SqlServer"
        resources:
          requests:
            memory: "2Gi"
            cpu: "500m"
          limits:
            memory: "8Gi"
            cpu: "8000m"
Retrieved from "https://wiki.onqpr.com/pa/index.php?title=Deploy_QPR_ProcessAnalyzer_from_Container&oldid=27413"