Deployment

Central Brilview is hosted at CERN PaaS: https://paas.cern.ch

All instructions bellow assume that you are inside openshift directory of the Brilview project.

Prerequisites

Install oc command ( see https://paas.docs.cern.ch/1._Getting_Started/5-installing-cli/ ).

Log in to CERN Openshift

There are two ways to log in to CERN PaaS server.

sso-login

From host e.g. lxplus, where oc plugin sso-login is installed:

oc sso-login --server https://api.paas.okd.cern.ch

The oc sso-login plugin (python) can be installed with:

pip install -r  https://gitlab.cern.ch/paas-tools/oc-sso-login/-/raw/master/requirements.txt?ref_type=heads

token

An alternative to oc sso-login is to login with token: Go to https://paas.cern.ch, go to your username in top right corner then “Copy login command”. The press “Display Token” and copy and paste the full command.

users with 2FA disabled

Openshift 4:

oc login https://api.paas.okd.cern.ch/ -u <username>

Openshift 4 - Playground:

oc login https://api.paas-stg.okd.cern.ch/ -u <username>

Web GUI login

Use your CERN credentials to log in at https://paas.cern.ch (or https://paas-stg.cern.ch - playground)

First time setup for Openshift 4

Project Creation

Go to https://webservices.web.cern.ch/webservices/ and “Web Application & Site Hosting” as “PaaS - Platform-as-a-Service, Application Hosting” and click “Try out” button.

Select “Official”, add “Project name” and “Project description”.

Note: More information in the below link https://paas.docs.cern.ch/1._Getting_Started/1-create-paas-project/

Create CVMFS volume claim

Go to project web console https://paas.cern.ch/k8s/cluster/projects/brilview/

  1. Click on 3 lines in top left corner and change profile “Developer” to “Administrator”.

  2. “Storage” -> “PersistentVolumeClaims” -> “Create PersistentVolumeClaims”.

  3. Fill the form:

    • “Storage Class”: cvmfs

    • “Name”: cvmfs-bril

    • “Access Mode”: Read Only (ROX) or Read Write Many (RWX)

    • “Size”: 1 MiB

    Note: For more details see https://paas.docs.cern.ch/3._Storage/cvmfs/

  4. Click “Create”

Deploy Brilview containers

oc apply -f brilview/template.yaml
oc start-build brilview-server-bc --from-dir=brilview
oc apply -f grafana-influxdb/template.yaml
oc start-build grafana-influxdb-bc --from-dir=grafana-influxdb
oc apply -f nginx/template.yaml
oc start-build nginx-bc --from-dir=nginx

Do not worry if nginx container is “crashing frequently” until client files are compiled. Health check fails until nginx can serve index file.

Add CERN SSO

Go to project web console https://paas.cern.ch/k8s/cluster/projects/brilview/ as a “Developer”:

  1. Click in “+Add”

  2. Click on “Add to Project” (book with +) and search for “sso” and click on “Create”

  3. In “Upstream Application” -> “Service definition” point to

  • SERVICE_NAME: nginx-service

  • Port: 8000

  1. In “Routing Configuration”:

  • “Public Application Hostname”: brilview.web.cern.ch (this will be the public facing domain)

  • “Application Subpath”: /

  • “Internet Visibility”: ✓

  1. In “Authentication Options”:

  • “Allowed Role”: default-role (optionally you can choose e-groups in AUTHORIZED_GROUPS e.g. ‘cern-users’, ‘cern-staff’, ‘CMS-BRIL-Project’)

  • “Oauth Proxy Prefix”: /oauth2

  1. Click “Create”

  2. Wait a while (~3 min) until your domain will be reachable.

https://paas.docs.cern.ch/4._CERN_Authentication/2-deploy-sso-proxy/

Note: cern-sso-proxy works with a site globally unique in cern domain. If the requested website is already registered with other hosting service, e.g. AFS, EOS, the sso registration will fail.

Updating server (Python) & web client (Angular)

For production deployment, the brilview source code must have a version tag in the git repository, and the file /openshfit/brilview/Dockerfile should contain this Git tag. The tagging step is required in order to always trigger building docker image from right source code so do not forget to change tag in Dockerfile!

oc start-build brilview-server-bc --from-dir=brilview

Monitoring

Find pod containing Grafana:

oc get pods

Forward port 3000 to your machine:

oc port-forward grafana-influxdb-dc-<some_identifiers_you_found_with_above_command> 3000

Visit localhost:3000.

If it is the first time after a Grafana deployment, then login with user: admin and pass: admin and:

  1. Add data source:
    • name: my-influx

    • type: InfluxDB

    • url: http://localhost:8086

    • access: proxy

    • database: telegraf

  2. Create whatever dashboard needed or import (copy/paste the text) from the file grafana-influxdb/dashboard.json

  3. Change host names for all graphs to match the ones returned by oc get pods by clicking Edit -> Metrics (Grafana queries influxdb and gives suggestions in dropdowns)

Tips

If you occur any issue after building new image try to scale down a pod (or all pods) to 0 and then back to original value 1 or 2.

e.g. After successful build and deploy of new brilview into a it’s pods scale down nginx pods to 0 and than back to 1 (or 2) in order to clean NGINX cache.