Get Appointment

contact@wellinor.com
+(123)-456-7890

Blog & Insights

Application Architecture (dependency libraries, database, web tier, front end, queues, etc.)
Coding Language
Any dependencies on the platform hosting the application
Decoupling of components or functions
Resiliency / Error Handling
Storage for Stateful Apps
Scalability
Metrics or Logging endpoints

Let's look an example. Your legacy application may be monitored for metrics using application specific context using one of the commercial APM tools. As part of the modernization process, and applying best practices approach, the metrics and logs can be exposed as a service (microservice) via a /metrics endpoint by the process of application instrumentation. This would make it much easier to monitor the metrics microservice, and filter out the needed readings. It also makes it easier to upgrade the metrics service if you were to add or remove the exposure of specific parameters. Associates at Keyva have helped multiple organizations assess their application readiness and helped with application modernization. These include things like refactoring existing applications, adding a wrapper over current applications so they can be consumed easily by DevOps processes, and more. If you'd like to have us review your environment and provide suggestions on what might work for you, please contact us at info@keyvatech.com.

RHEL 7 VM with minimum/base packages
A valid Subscription with RedHat with appropriate entitlements
Static IP configuration set up
/etc/hosts configured for name resolution on both servers
SSH Keys copied on both servers (optional)
Nameservers set up
firewalld service disabled
Yum enabled
Non-root user set up for sudo access (optional)
VMware tools package installed
Both VMs set up with 40 GB of additional attached storage (i.e. separate volumes). It is an important step, as this volume will be used when setting up Docker storage.

Prepare and Install Packages (on Master and Nodes)

Since we set up RHEL with minimal packages, we would need to enable all the needed rpms. First register with subscription manager using your Red Hat profile credentials.

subscription-manager register
subscription-manager refresh
subscription-manager attach –-auto
subscription-manager repos –-list
subscription-manager repos --enable rhel-7-server-rh-common-beta-rpms
subscription-manager repos --enable rhel-7-server-rpms
subscription-manager repos --enable rhel-7-server-source-rpms
subscription-manager repos --enable rhel-7-server-rh-common-source-rpms
subscription-manager repos --enable rhel-7-server-rh-common-debug-rpms
subscription-manager repos --enable rhel-7-server-optional-source-rpms
subscription-manager repos --enable rhel-7-server-extras-rpms

To enable OpenShift rpms, you will need to find the associated Pool ID and attach it separately.

subscription-manager list --available --all

Find the pool ID associated with the Red Hat OpenShift Container Platform, and run:

subscription-manager attach --pool <Pool ID>

You will now be able to enable the associated repos.

subscription-manager repos --enable rhel-7-server-ose-3.5-rpms
subscription-manager repos --enable rhel-7-server-openstack-10-rpms

Optionally, if you want to set up OC Cluster in HA configuration:

subscription-manager repos --enable="rhel-ha-for-rhel-7-server-rpms"

Finish setting up other utils:

yum repolist
yum -y update
yum install wget git net-tools bind-utils iptables-services bridge-utils bash-completion
yum install gcc python-virtualenv
yum install atomic-openshift-utils

Set up dnsmasq (on Master and Nodes)

When using OpenShift SaaS offerings, the service provider takes care of setting up DNS and routing. But since we are setting up the cluster from the ground up, we need to set up these components manually. We will be using dnsmasq for our lab.

yum -y install dnsmasq bind-utils

We will now modify the /etc/dnsmasq.conf configuration file. It is recommended that you back up the existing conf file before modification, in case you need to revert to it later. Modify the /etc/dnsmasq.conf file: On the Master, add or modify the #address and the #resolv-file sections as follows:

address=/<subdomain.domain.com>/<master IP>
resolv-file=/<path>/<custom-filename>

On each Node(s), add or modify the #address and the #resolv-file sections as follows:

address=/<subdomain.domain.com>/<nodeIP>
resolv-file=/<path>/<custom-filename>

This /<path>/<custom-filename> is where we will list our nameserver (in most cases, your subnet gateway) IP address. On the Master, create the file

vi <path>/<custom-filename>

And add the line

nameserver <IP>

On each Node(s), create the file

vi <path>/<custom-filename>

And add the line

nameserver <IP>

We will also need to update the /etc/resolv.conf file and modify the existing nameserver entry to be a loopback address. On the Master and Node(s), open the /etc/resolv.conf file and modify the nameserver entry

nameserver 127.0.0.1

Note that if you reboot your VMs, you may need to update the nameserver entry in this file again. On both the Master and the Node(s), we have disabled the firewall service already (as a pre-requisite). We will now enable the dnsmasq service:

systemctl enable dnsmasq && systemctl start dnsmasq

In order to make sure the dnsmasq service is working correctly, you can try to ping the <subdomain>.<domain> address you defined in the /etc/dnsmasq.conf file under the address section.

ping <subdomain>.<domain>

If you run this command on the Master, it should return the IP address of your Master server. You could also add another custom subdomain in front (any string), and it should return the same IP address. For example -

ping <my_sub>.<subdomain>.<domain>

should return the IP of the Master server as well.

Configuring Docker (on Master and Nodes)

Our next step is to set up Docker on these machines.

yum -y install docker-1.12.6

We will be modifying the /etc/sysconfig/docker-storage-setup file. It is recommended that you back up the existing file before modification. But first, we need to find out what our volume is named. If you recall, we had set up additional 40 GB volumes on our machines for use with Docker storage. The output of fdisk –l will give you the name of your additional disk volume. In my case, it was /dev/sdb. We will use the sdb name in our docker-storage-setup file. Open /etc/sysconfig/docker-storage-setup through your favorite editor, comment all existing lines, and add the following entries:

DEVS=sdb
VG=docker-vg

Save and close the file. We will disable cluster locking configuration for LVM

lvmconf --disable-cluster

And then run our Docker storage setup

docker-storage-setup

You can verify the setup using the command

lvs

It will show you the attributes and sizes associated with the various volumes We can now start the Docker service

systemctl enable docker && systemctl start docker

Openshift install (on Master)

We can now finally get started with the OpenShift install steps.

yum -y install atomic-openshift-docker-excluder atomic-openshift-excluder atomic-openshift-utils bridge-utils bind-utils git iptables-services net-tools wget

Once we have all the packages ready to go, we run

atomic-openshift-installer install

The setup asks a number of questions. After selecting a user that you'd like to enable for SSH access, you will be asked to select a variant for the install. We will select option [1] for OpenShift Container Platform, which is also the default. You will be asked to enter the hostname or IP of your Master node, and choose whether the host will be RPM based or container based. The installer will then provide a brief summary of the information entered, and will prompt for additional hosts. We will select y and this time we will enter the hostname or IP of our Node server. You can go through configuring additional Node servers in this section. For the 'New Default Subdomain', you can configure the . information as you have defined it under the /etc/dnsmasq.conf file. This portion can be used later for external routing. If you have any http or https proxies, you can configure them on the next screen. The installer then shows a summary of all the information captured, and what the configuration would look like. Once you confirm all the shown configurations, the installer kicks off the setup. It can take a while for the install to complete. Once the installation has completed successfully, you can verify the running services using the following command

systemctl status | grep openshift

The output of this command will list the services running on both master and node(s). If you run the same command on the node(s), it will only show the services running on that node. You can also run some sample OC commands on the Master to make sure all looks good

oc get pods
oc get projects
oc get nodes

That should do it! You have now set up a single node OpenShift cluster in your lab environment. The process of creating users depends upon which Identity Provider you would like to have set up with OpenShift. You can access the OpenShift console via https://<Master_IP_or_FQDN>:8443/console If you have any questions about the steps documented here, would like more information on the installation procedure, or have any feedback or requests, please let us know at info@keyvatech.com. About the Author [table id=3 /] [post_title] => Red Hat OpenShift : Day 1 Install Guide [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => red-hat-openshift-day-1-install-guide [to_ping] => [pinged] => [post_modified] => 2024-05-28 17:41:50 [post_modified_gmt] => 2024-05-28 17:41:50 [post_content_filtered] => [post_parent] => 0 [guid] => https://keyvatech.com/?p=1090 [menu_order] => 43 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [5] => WP_Post Object ( [ID] => 1071 [post_author] => 7 [post_date] => 2018-12-06 17:46:12 [post_date_gmt] => 2018-12-06 17:46:12 [post_content] => By Anuj Tuli, Chief Technology Officer As the industry moves towards self-healing containers, agile applications, and seamless infrastructures, there is an impending need for setting up auto-remediation of incidents and configuration drifts. Infrastructure and Operations teams have to depend heavily on automated tools, systems and processes, to manage the ever-expanding parlance of the IT framework. Closed-Loop Incident Process is one such subset of Closed Loop Automation, and is defined as follows:

You receive an alert for a service down in your operations center console
An automation framework picks up the alert, and fetches information contained in the various fields (e.g. reason for alert, configuration item). If the configuration item that alerted does not exist in the CMDB, then it creates the corresponding CI in the CMDB (Configuration Management Database). If the CI already exists in the CMDB, it creates an Incident Ticket in your IT Service Management system.
The framework auto-remediates the issue based on the custom runbooks you have defined for your organization. For example, if the disk is full, delete the logs and removes any temporary files. The Incident ticket is also updated with the results of the remediation effort.
If the auto-remediation succeeds, the associated incident ticket is updated, and closed. If the auto-remediation fails for any reason, a notification is then sent out for human intervention.

Many organizations have already adopted this automated remediation process and expanded it to include the top 5 common alert types on which they spend the most time. In most cases, they are automating consistent repeatable processes that an engineer works on, again and again, day in and day out. Automating these processes have saved these organizations a ton of manual hours, reduced human errors, and added tangible efficiency to their infrastructure and operations teams. If you need assistance in building the auto-remediation framework, Keyva can help. If you'd like to talk about how other organizations have garnered benefits from such automation, please feel free to reach us at info@keyvatech.com About the Author [table id=3 /] [post_title] => Closed-Loop Automation: A Primer [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => closed-loop-automation-a-primer [to_ping] => [pinged] => [post_modified] => 2020-03-05 16:00:33 [post_modified_gmt] => 2020-03-05 16:00:33 [post_content_filtered] => [post_parent] => 0 [guid] => https://keyvatech.com/?p=1071 [menu_order] => 44 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [6] => WP_Post Object ( [ID] => 1058 [post_author] => 7 [post_date] => 2018-11-28 15:29:29 [post_date_gmt] => 2018-11-28 15:29:29 [post_content] => By Anuj Tuli, Chief Technology Officer Organizations are always looking to improve efficiencies within their infrastructure. One such area where organizations look to make improvements centers around what to use to run their applications: virtual machines or containers? Comparing the two is a lot like comparing apples and oranges. The fact is, these are two very distinct, very different technologies. The pros and cons of each vary widely depending on your needs.

High level component architecture for Containers and VMs

Here are some simple comparisons to consider as you explore which option is best for your environment:

VIRTUALIZATION
• VMs virtualize hardware.	• Containers virtualize applications and dependent libraries.
ENCAPSULATION
• Virtual Machines encapsulate the entire operating system library.	• Containers only encapsulate the application layer (or database layer) and application libraries.
HOSTING
• VMs are hosted on physical machines, managed through a hypervisor layer and consume the resources of the hardware on which they reside.	• Containers can be hosted by physical or virtual machines, managed through an orchestration service (like Kubernetes), and consume the resources of the host and the operating system on which they reside.
PORTABILITY
• VMs are (generally) not portable. Only if the same hypervisor layer hosts the VMs on-premises and in the Cloud, can they be dynamically ported to achieve a seamless hybrid architecture.	• Containers are natively portable, since the application runtimes are encapsulated within the container, and are a great fit for hybrid architectures.
SCALABILITY
• Scripting or automation needs to be set up to dynamically scale in or scale out VMs.	• Using container orchestration modules, the scale in or scale out features are natively made available to containers.
STORAGE
VM’s and Containers are both able to attach storage. The difference is in the scope and lifecycle of the storage volume.
• Multiple containers on the same VM can have attached storage that are separated in scope from each other.	• Container-attached storage goes away if the container shuts down.
NETWORK
VMs and Containers both can achieve network segmentation, either at a service level or at an individual unit level.

The question of whether to use VMs or containers, is less a matter of comparing features and benefits, and more a question of use case at hand. If you are an organization that runs fewer apps, you might look to VMs as your preferred framework, while an application-centric company may consider containers. When the goal is to make the most use out of your physical hardware infrastructure, VMs are tremendously useful. When the goal is to make sure your applications are scalable, resilient, secure, and offer zero downtime, despite them needing to be frequently updated, an implementation of containers might be worth considering. If you are still unsure which option is best, don’t be afraid to involve a trusted partner, like Keyva who knows that every company’s today and tomorrow looks different, and will meet you where you are at.

Anuj joined Keyva from Tech Data where he was the Director of Automation Solutions. In this role, he specializes in developing and delivering vendor-agnostic solutions that avoid the “rip-and-replace” of existing IT investments. Tuli has worked on Cloud Automation, DevOps, Cloud Readiness Assessments and Migrations projects for healthcare, banking, ISP, telecommunications, government and other sectors. During his previous years at Avnet, Seamless Technologies, and other organizations, he held multiple roles in the Cloud and Automation areas. Most recently, he led the development and management of Cloud Automation IP (intellectual property) and related professional services. He holds certifications for AWS, VMware, HPE, BMC and ITIL, and offers a hands-on perspective on these technologies. Like what you read? Follow Anuj on LinkedIn at https://www.linkedin.com/in/anujtuli/ [post_title] => Apples and oranges: comparing virtual machines (VMs) and containers [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => apples-and-oranges-comparing-virtual-machines-vms-and-containers [to_ping] => [pinged] => [post_modified] => 2020-03-10 14:29:53 [post_modified_gmt] => 2020-03-10 14:29:53 [post_content_filtered] => [post_parent] => 0 [guid] => https://keyvatech.com/?p=1058 [menu_order] => 45 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [7] => WP_Post Object ( [ID] => 1026 [post_author] => 7 [post_date] => 2018-11-07 16:22:11 [post_date_gmt] => 2018-11-07 16:22:11 [post_content] => As application architectures evolve to accommodate current trends and technologies, the security model needs to evolve with them. The developer and operations teams need to think about securing various aspects of the application lifecycle. Organizations should consider the following security paradigms: Physical security – this includes security of the datacenter that houses the application infrastructure, and controlled access to the racks and switches. Network security – this includes access to the organization’s networking via secure VPN tunnels, presence of firewalls for access to specific ports, network micro-segmentation, traffic isolation, partitioned LANs, DDoS attacks, intrusion detection and elimination, security of private gateway connecting on-premises and public cloud components. Logical Access security – things includes role-based access control, hierarchical Active Directory structure, control privileged access. Data security – this includes encryption capability, data integrity and backup, data classification, persistent protection, controlled sharing. Application security – this includes authentication rules, authorization rules, session management, role-based access, limiting exposure of functions (via API), latest version of binaries, latest patches applied to the underlying platform, limit direct access to the database, exception handling, logging and auditing, SSL certificates. There is no panacea for protecting your application or the data within it – it is an ongoing process. All aspects of security require constant reviews and updates. But by following a combination industry best practices and strategies to secure the access to the application and the content within, IT teams can rest easy that their business critical applications will be available when their users want them. Keyva can provide a holistic assessment of your current security state, and recommendations towards a future steady state. Are you interested in learning more about how various organizations are achieving security for their applications and data? If so, please reach out to one of our associates and we’d be glad to talk with you about our experiences. [post_title] => Security Considerations for Modern Applications [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => security-considerations-for-modern-applications [to_ping] => [pinged] => [post_modified] => 2020-03-10 14:27:03 [post_modified_gmt] => 2020-03-10 14:27:03 [post_content_filtered] => [post_parent] => 0 [guid] => https://keyvatech.com/?p=1026 [menu_order] => 46 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) ) [post_count] => 8 [current_post] => -1 [before_loop] => 1 [in_the_loop] => [post] => WP_Post Object ( [ID] => 1135 [post_author] => 7 [post_date] => 2019-01-17 20:45:17 [post_date_gmt] => 2019-01-17 20:45:17 [post_content] => We've all heard that containers and cloud technologies help us avoid lock-ins. While most of that is true, you could be unintentionally locking yourself to a particular technology or framework, if you are not careful. Let's talk about some important aspects to consider, when you are evaluating a cloud or a container platform. 1. Compile a list the features you want a platform to have, based on your requirements Your needs to consume a hybrid cloud architecture may be different from other organizations. The vision of having more flexibility and agility may be the same, but your workloads are different. It is important to know the in-depth architecture of the applications and workloads you want to live in the cloud or container environment. 2. Support You may have thousands of commercial-off-the-shelf applications, and hundreds of custom built ones. Some application vendors may not support containerizing their applications. There could be regulatory or other limitations that prevent certain legacy applications from being supported on containers. Depending upon how critical and integral such applications are to your business, you may want to consider newer offerings that make the full use of cloud and containerization benefits like microservices architecture. 3. Licensing and Exit costs Platform cost is always a factor, no matter the size of the organization. One of the native benefits that containerization provides, is the ability to control costs – assuming your applications are architected accordingly. For example, a cloud-native application can be scaled in to public cloud for just the webtier when necessary (assuming microservices architecture) rather than spinning up large capacity VMs on demand in the cloud for monolithic applications. Another important consideration is around how the platforms are priced. A platform that prices based on worker nodes may be more feasible for an organization that plans on developing hundreds or thousands of microservices, and making them run efficiently on worker nodes. A platform priced based on the number of applications containerized may be more feasible for monolithic applications. You will need to take in to account how your organization plans to scale the containerizing of applications, and what the application architectures will be like. Although you will be making a decision based on long term usage of the platform, it is always a good idea to see what the exit costs will be once you decide to move away from the chosen platform. As an exercise, see if you can figure out what changes would need to be made to the application architecture, the deployment architecture, resource skill sets, and more, if you were to move away from the chosen platform. That can then serve as a yardstick for how locked-in you might be, upon choosing a particular solution. There will always be some level of customization effort an lock-in, no matter which solution you choose – but the idea would be to minimize the monetary and non-monetary exit costs. 4. Detailed architecture knowledge about your applications Nobody wants to make major technology adoption decisions based on hearsay. It is critical to know the detailed application architectures, as that will guide you towards choosing the right solution. If the bulk of your application workloads are legacy monolithic applications, the primary tangible benefit obtained by containerizing them will be horizontal scaling. This is assuming the application vendors will support the containerized versions, the applications will allow multiple instances running within the same sub-net, the application can be used with a load balancer, and so on. To leverage the self-healing and other native capabilities offered by containers, the cloud-native applications developed in a microservices architecture would be an ideal workload. But in the real-world, there is always going to be a mix of legacy and newer workloads. For highly regulated industries like healthcare, insurance, banking, and others – legacy applications may form the biggest chunk of their workloads. If you have the time, it would be ideal to do a cost-benefit analysis for legacy workloads to compare the benefits offered by horizontal scalability and the like, before choosing to move forward with containerization. 5. Implementing vendor agnostic tools, and processes, refactoring if necessary Choosing a platform is just one piece of this complex puzzle involving the rollout of new technologies. There are critical tasks pre- and post- containerization, that also need to be accounted for. For example, how easy or difficult will it be to refactor the existing application for a chosen platform? How easy or difficult will it be to monitor the performance of the chosen platform? How easy or difficult will it be to integrate the chosen platform with other toolsets? Will there be changes needed to your existing processes or toolsets, so they can work effectively with the chosen platform? The end goal for most organizations is to have an easy transition path into Cloud and Container platforms – and to use these platforms as effective tools for their IT teams and business in general. This vision can be best achieved by having a vendor agnostic strategy, and avoiding vendor lock-ins wherever possible. Associates at Keyva have helped multiple organizations assess their application readiness and move them in to containerized and cloud environments. Keyva also helps with the pre- and post- containerization steps. These include things like refactoring existing applications, adding a wrapper over current applications so they can be consumed easily by DevOps processes, and more. If you'd like to have us review your environment and provide suggestions on what might work for you, please contact us at info@keyvatech.com