Deploy QPR ProcessAnalyzer from Container

From QPR ProcessAnalyzer Wiki
Jump to navigation Jump to search

For deploying in containerized platforms QPR ProcessAnalyzer is available as a container image containing QPR ProcessAnalyzer Server build for linux-x64 platform.


Container image content

Following additional components are included:

  • ODBC 18 drivers
  • Snowflake drivers

Note that the SAP libraries for extracting data from SAP are not included.

User permissions

Container does not require superuser permissions and runs under user account `pa`.

  • To automatically create database user must have `dbcreator` server role
  • To automatically update existing databse uer must have `db-owner` permissions to database

Database

To run container image connection string to PA Metadata database must be provided. The image supports only Sql Server authentication mode.

  • Database can be created manually using initializedb.sql script (#6893#)
  • By default image has option CreateDatabase enabled and will atempt to create database if it is not exists
  • Updating existing database will be done automatically during application startup

Logging in the container

  • Logging to stdout and stderr streams
  • Logging to file (#4183#)
  • Pushing logs to OpenTelemetry endpoint (#2504281133008#)

Application configuration in the container

Container supports the same configuration sources as on-premise windows deployments.

Changed configuration files must be provider to container using volumes

  • appsettings.json should be mapped to /pa/appsettings.json
  • log4net.config should be mapped to /pa/log4net.config

Overriding configuration using environment variables

  • Values in appsettings.json
    • Environment variables override values set in appsettings.json
    • Hierarchial keys use double underscore as separator
  • Values in PA_CONFIGURATION
    • Environment variables override values set in PA_CONFIGURATION
    • PA_CONFIGURATION keys converted to environment variable name using SNAKE_CASE in uppercase prefixed with `QPRPA_`

Key storage for session cookies encryption

To make it possible to reuse session cookies after container restart session cookies encryption key must be saved in external storage. External storage should be mapped to `/home/pa/.aspnet/DataProtection-Keys` directory in the container.

Custom root CA certificates

Certificate chains in *.crt files in PEM format can be mapped to directory volume `/usr/local/share/ca-certificates`. Volume path could be changed by assigning value for environment variable `SSL_CERT_DIR`

HTTPS support for deploying public-facing edge server without reverse proxy. Certificate and key files provided to the container via volume.

Following environment variables (or corresponding values in appsettings.json) must be set:

  • `HTTPS_PORT` - port for listening for HTTPS connections
  • `Kestrel_Certificates_Default_Path` - path to .pem/.crt or .pfx file
  • `Kestrel_Certificates_Default_Password` - passphrase for certificate key
  • `Kestrel_Certificates_Default_KeyPath` - path to .key file (if `Kestrel_Certificates_Default_Path` contains path to .pem/.crt file)

Running in docker

# Minimal configuration with default parameters
# Data Source in PA_CONFIGURATION must be configured
docker run -d -p 5000:5000 --restart unless-stopped \
  -e Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password" \
  azure-repo/pa/server

# Overriding PA_CONFIGURATION DefaultDataSource and SqlServerConnectionString
# and providing volume for storing logs
docker run -d -p 5000:5000 --restart unless-stopped \
  -e Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password" \
  -e QPRPA_DEFAULT_DATA_SOURCE=SqlServer \
  -e QPRPA_SQL_SERVER_CONNECTION_STRING="Server=dbserver.host;DataBase=QPR_PA_DATA;Uid=user;PWD=password" \
  -e Application__LogFilePath=/tmp/logs/pa-server.log \
  -v /pa-logs:/var/logs/pa \
  azure-repo/pa/server

# Configuration provided via external appsettings.json file
docker run -d -p 5000:5000 --restart unless-stopped \
  -v /pa/config/appsettings.json:/pa/appsettings.json \
  -v /pa/logs:/var/logs/pa \
  azure-repo/pa/server

Running in kubernetes

# UI endpoint
apiVersion: v1
kind: Service
metadata:
  name: qprpa-server
  labels:
    app: qprpa-server
spec:
  type: ClusterIP
  ports:
    - port: 5000
      targetPort: qprpa-server-port
  selector:
    app: qprpa-server
---
# PA server deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: qprpa-server
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: qprpa-server
  template:
    metadata:
      labels:
        app: qprpa-server
    spec:
      containers:
      - name: qprpa-server
        image: "azure-repo/pa/server"
        imagePullPolicy: "Always"
        ports:
        - containerPort: 5000
          name: qprpa-server-port
        # connection strings provided via secret containing following variables:
        # Application__SqlDatabaseConnectionString="Server=dbserver.host;DataBase=QPR_PA;Uid=user;PWD=password"
        # QPRPA_SQL_SERVER_CONNECTION_STRING="Server=dbserver.host;DataBase=QPR_PA_DATA;Uid=user;PWD=password"
        envFrom:
        - secretRef:
            name: pa-secrets
        env:
        - name: QPRPA_DEFAULT_DATA_SOURCE
          value: "SqlServer"
        resources:
          requests:
            memory: "2Gi"
            cpu: "500m"
          limits:
            memory: "8Gi"
            cpu: "8000m"
Retrieved from "https://wiki.onqpr.com/pa/index.php?title=Deploy_QPR_ProcessAnalyzer_from_Container&oldid=27334"