Cronusdocs Readthedocs Io en Latest
Cronusdocs Readthedocs Io en Latest
Cronusdocs Readthedocs Io en Latest
Release 0.1.45
binyu
1 Getting Started 1
1.1 Quick Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Advance Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Deploy Application Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Cronus Master 5
2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Command Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.3 Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4 OneClick Launch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.5 Nodegroup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.6 Recurring Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.7 Command Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.8 Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.9 CronusMaster APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3 Cronus Agent 23
3.1 Install in IaaS Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.2 Application Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.3 Application Lifecycle Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4 Deploy Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.5 Application Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.6 Basic Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.7 Agent Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.8 Security Best Practice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.9 Agent API List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.10 Agent Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
i
ii
CHAPTER 1
Getting Started
1.1.1 Prerequisites
Expected outcome:
• CronusAgent is running at https://host:12020/agent
• CronusMaster is running at http://host:9000
• CronusMaster code is saved in ~/cronusmaster-master
Deploy First App
Now you can try to deploy the first app to local machine through cronusmaster. In CronusMaster
(http://host:9000), run “Deploy Helloworld App”, wait for it complete, check sample application running
at http://host:8999
1
cronus Documentation, Release 0.1.45
expected outcome:
• CronusAgent is running at https://localhost:12020/agent
The following IaaS compute profiles have been tested working with Cronus.
AWS
• Ubuntu12.04
• Ubuntu14.04
• RHEL7
GCP
• Ubuntu12.04
• Ubuntu14.04
• RHEL7
• CentOS7
Azure
• Ubuntu12.04
• Ubuntu14.04
• Openlogic7
Default cronusmaster installation uses application.conf, edit configurations of application.conf.{env} for additional
features
# cronusmaster public and private IP, needed for smart parameters in command
agentmaster.externalIp=cronusmaster_external_ip
agentmaster.internalIp=cronusmaster_internal_ip
# user data location (applicable only if use local FS for user data)
agentmaster.userDataDao.file.dir=.appdata
Default cronusagent installation uses default SSL cert, and no authentication, install agent with the following parame-
ters for additional features
# provide path_to_ssl_cert for custom ssl cert
# set user:password for basic authentication
wget -qO- ’http://cronuspaas.github.io/downloads/install_agent’ \
| sudo server_pem=path_to_ssl_cert agent_pwd=user:password bash
Agent is reployed with new ssl cert, and basic authentication enabled, once authentication enabled, CronusMaster
configuration of “agentmaster.cronusagent.password” needs to be updated to be able to work with updated agent.
This document describe steps to deploy an application to cloud by using Cronus framework.
1.3.1 Prerequisites
• Deploy
1. In CronusMaster, navigate to command -> oneclick launch
2. Run “deploy_nodeapp_local”, wait for it to complete
3. Check for nodeapp at http://localhost:1337/
• Rollback
1. You will need to deploy another version before rollback, make some change to the nodeapp code, repeat
above step for packaging, upload, deploy, and verify that your change is deployed
2. Run oneclick launch “rollback_nodeapp_local”, wait for it to complete
3. Check the change is rolled back
• Create a new nodegroup with list of nodes that are not localhost, install agent on them and deploy the same node
application to the new nodegroup
• Create a recurring job that deploy latest nodeapp to localhost every 5 minutes
• Deploy a tomcat application to localhost, or create a new application stack ready for cronus deployment from
scratch
Cronus Master
2.1 Introduction
Cronusmaster can execute any http(s) request against one or many target nodes. Think of it as a RESTful client that
can run with predefined template on target node grammatically at scale. Cronusmaster is used to execute different
tasks on cronus agent through its RESTful interface.
• Command: Defines a HTTP(S) request template
• Nodegroup: Defines a list of nodes that will be targets of a command
• Job: A command that runs on a nodegroup
• Scheduled Job: A command run on a nodegroup with a recurring schedule
• Log: Execution result and log of a job
To put cronusmaster to work
1. Define HTTP(S) command template
2. Define nodegroup with target node IPs or hostnames
3. Execute materialized commmand on a nodegroup as a job
4. Check result of the job in the log
5. Optinoally create an oneclick launch from an already executed job
6. Optionally create a recurring job from an already executed job or oneclick launch
cronusmaster main page
5
cronus Documentation, Release 0.1.45
Command template is a complete HTTP(S) request in json format with replaceable variables
Sample synchronous HTTP request
{
"name" : "SAMPLE_SYNC_COMMAND", // unique name of the command
"category" : "sample", // optional category name for grouping
"httpTaskRequest" : {
"taskType" : "async", // this is a http request with response
"httpClientType" : "httpClient", // type of http client to use
"executionOption" : { // below are options for sending reques
"timeOutSec" : 0, // time out in second
"initDelaySec" : 0, // initial delay in second
"maxRetry" : 3, // total # of retry on failure
"retryDelaySec" : 0 // delay before retry
},
"urlTemplate" : { // http request template
"url" : "https://<host>:12020/services/<serviceName>", // url
"method" : "POST", // http method
"body" : {}, // http body
"headers" : {
"content-type" : "application/json" // http headers
},
"parameters" : {} // query string parameters
},
"resProcessorName" : "agentProcessor" // bean for processing http response
},
"userData" : { // user provided data to launch command
"serviceName" : "myservice"
}
2.3 Command
Create command
1. Command can be created in two ways
• Create from scratch
• Clone from an existing command
2. Define command type
• async: request with reponse as the result
• asyncpoll: request followed by polling to get result
3. Fill in the command template with http request values, similar to defining http request in RESTful client like
POSTMAN
4. Define template parameter; template parameter can be used in all http reuqest values, template parameter is
identified by “<>”, minimally if the command can be executed against different hosts, “<host>” needs to be part
of the url value. Template parameters will be replace with real values at execution time, or if values are not
provided, the parameters will be skipped.
5. Define user data, it will be used to drive command launch wizard
edit command
Modify command
Except the name, which is immutable, data of the command can be modified
Delete command
Delete command from persistent store
command summary page
2.3. Command 9
cronus Documentation, Release 0.1.45
Run command
Run command will launch command wizard
• wizard screen 1: customize command with execution options, user data
• wizard screen 2: select nodegroup against which command will be run
• wizard screen 3: confirm and launch command job, job progress and result can be found in command job log.
wizard screen 1
wizard screen 2
wizard screen 3
2.3. Command 11
cronus Documentation, Release 0.1.45
Oneclick launch captures all the input necessary to launch a command job, this allows a job to be launched with “one
click” (or one API call).
Why it is useful
• Deploy or rollback applications with one click or one API call
• Save a job for repeated execution later
• Enhance automation with adaptive smart template parameters, for example can deploy latest application package
to target nodes as the application package gets uploaded
Sample oneclick launch
{
"name": "deploy_pyserver_local", // unique name of the oneclick command
"userData": { // custom user data
"exe_retry": "3", // execution options
"mon_retry": "3",
"thrStrategy": "UNLIMITED",
"mon_int": "10"
// user data
"var_values": "{\"serviceName\":\"pyserver\",\"package\":[\"http://<cmInternalIp>:9000/agent/downl
},
"commandKey": "Agent_Deploy_Service", // command name
"nodeGroupKey": "LOCALHOST" // nodegroup name
}
2.5 Nodegroup
Nodegroup defines a group of nodes with similar characteristics, and similar purpose. For example, a group of nodes
that install the same operating system and cronus agent, in the same network, and are running the same application.
Create nodegroup
Nodegroup is uniquely identified by its name, values are line separated hostnames or IPs.
2.5. Nodegroup 13
cronus Documentation, Release 0.1.45
Use nodegroup
• Can be referenced in command wizard when run command job
• Can be referenced in oneclick launch
• Can be referenced in recurring job
nodegroup summary
edit nodegroup
An existing one time command job or oneclick launch can be made to run repeatly as a recurring job.
recurring jobs
Log provide important information about result of command job, and provide chance to create new oneclick launch
and recurring job.
Information available from the log
• status: status of the job (running|success|failure)
• S:F:Other: number of nodes for each status value
• input: customize user data
• result: summary of the result in json format, the raw response form the target node are truncated to 200 characters
• logs: full text search of the job result, as well as raw logs from the target node
• rerun: run the same command job again
• oneclick: create a new oneclick launch from the command job
• schedule: create a recurring job from the command job
• remove: delete the particular log, as well as related full text search entry
command logs
2.8 Configurations
2.8. Configurations 19
cronus Documentation, Release 0.1.45
# user data location (applicable only if use local fs for user data)
#agentmaster.userDataDao.file.dir=.appdata
# swift related configs (applicable only if use swift for user data)
agentmaster.userDataDao.swift.tenantId=your_tenant_id
agentmaster.userDataDao.swift.tenantName=your_tenant_name
agentmaster.userDataDao.swift.username=your_username
agentmaster.userDataDao.swift.password=your_password
agentmaster.userDataDao.swift.authenticationUrl=authn_url
# elastic search
# use embedded or remote elastic search backend
agentmaster.localEsEnabled=true
# location of search index (applicable only if use embedded elastic search)
agentmaster.esData=user_data/elasticsearch_data/data
# search end point (applicable only if use remote elastic search)
agentmaster.esEp=some_search_host
Cronus Agent
Follow the steps to install agent in AWS EC2, or Goggle GCE Cloud
Prerequisites
• linux (Ubuntu, Cent, Redhat, Fedora etc.)
• sudo permission
• python > 2.6.7 && < 3
• openssl > 0.9.8
• wget
• system management daemon systemd or upstart
Install in dev (default ssl cert, no auth)
# install agent
wget -qO- ’http://cronuspaas.github.io/downloads/install_agent’ | sudo dev=true bash
# check agent availability
curl -k https://localhost:12020/agent
Install in prod
# install agent
wget -qO- ’http://cronuspaas.github.io/downloads/install_agent’ | \
sudo server_pem=path_to_ssl_cert agent_pwd=user:password bash
# check agent availability
curl -k https://localhost:12020/agent
3.2.1 Terminology
• Service: an application, one or more instances serving the same function and code.
23
cronus Documentation, Release 0.1.45
• Manifest: a version of an application, composed of one or more packages. Multiple manifests may be deployed
to a ServiceInstance, but only one can be active at a time.
• Active Manifest: a manifest actively in use.
• Package: the smallest unit of deployment that Cronus understands. It can be a tarball containing application
runtime, code, config, and cronus structure required for deployment.
• Cronus Package: a cronus structure that is zip-tarred as a {service}-{version}.{platform}.cronus package.
• ServiceInstance - is a single instance of a service, typically mapped to a single compute.
• A service have one or many manifests, among which, 0 or 1 active manifest, one manifest can have one or many cronus pac
service (1) –> (1..n) manifests (1) –> (1..n) packages service (1) –> (0..1) active_manifest_x
• A service deployed in cloud have one or many compute, each deployed with the active manifest of the same version
service_deployed_in_cloud –> (1..n) service_instances (1) –> active_manifest_x
• Service lifecycle: Service can be created on a compute, and later can be deleted if no active manifest presents.
• Manifest lifecycle: Manifest can be created on a compute for a particular service, activate a manifest will
deactivating any existing active manifest and make the manifest active manifest, active manifest can be startup,
shutdown, and restart, active manifest can be deactivated and then deleted.
• Cronus Package All packages within an application manifest need to be packaged with certain structure and
provide a set of life cycle scripts
package_root/ # package root directory
cronus/ # cronus directory
cronus.prop # prop file describe the package
cronus.ini # configuration file in json format to customize agent behavior
scripts/ # optional scripts directory containing package scripts
install # execute when package is untarred the first time, executed once
activate # execute when parent manifest has been set active.
startup # execute to ’start’ a package
running # execute to check package runtime state
shutdown # execute to ’shut down’ a package
deactivate # execute when parent manifest gets deactivated
... # any application files or directories to be packaged
• Naming Convention Tarred cronus package has to follow the naming convention of “{packageName}-
{majorVersion}.{minorVersion}.{incrementalVersion}.[optionalVersionSuffix].{platform}.cronus”, e.g.
agent-1.0.0.x86_ubuntu.cronus An optional corresponding property file that specify metadata of the
cronus package, most importantly md5 checksum of the cronus package, property file has to fol-
low the naming convention of “{sameCronusPackageName}.prop”, e.g. PortalWebAppConfiguration-
1.0.0.unix.cronus.prop, for example
[AGENT_MESSAGE]
{
"progress": 50,
}
[AGENT_MESSAGE_END]
• Passing Result to Agent at Exit: Scripts can pass result to agent via its return code and stdout.
– 0: success
– Any non-zero return code: failure
– Additional information including status, progress, and message can be passed to agent via stdout, in syntax
// sample message to agent for progress or for success
[AGENT_MESSAGE]
{
"progress": 100,
"result":[
{"key": {result_key}, "value": {result_value}}
]
}
[AGENT_MESSAGE_END]
[AGENT_MESSAGE]
{
"error": {error_code},
"errorMsg": {error_message},
"result":[
{"key": {result_key}, "value": {result_value}}
]
}
[AGENT_MESSAGE_END]
– Stdout or Stderr: while executing application script, agent reads from stdout and process any message
matches the above format and use it to update status. If script fails with non-zero return code, agent reads
from stderr, or if it is missing, from last readout from stdout, for anything matches the above format and
update error status. Both status can be retrieved from agent status API “/status/:uuid”
– Mutli-line support: with single-line output, [AGENT_MESSAGE_END] can be omitted. With mutli-line
output, agent looks for [AGENT_MESSAGE_END] as end of message indicator, there is a limit of 8k for
agent message
– Encoding: only ascii is supported, other encoding will be skipped
This guide describes how to deploy an application directly through agent REST API without cronusmaster
Requires:
• Cronus packaged application HTTP accessible by agent on target machine
How:
curl -k -X POST -d ’{"package": ["{cronus_package_url}"], "manifest": "{manifest_name}", \
"env": "{env}", "daemon": "upstart|systemd"}’ \
https://host:12020/services/{service_name}/action/deploy
Expected Outcome:
• Service is created if not already exist
• Manifest is created if not already exist
• Any existing active manifest is shutdown, deactivate
Environment variables
Any data passed in from deploy API will be available to the application life cycle script as environment variables
# deploy API call
curl -k -X POST -d ’{"package": ["http://$_cronus_package_url_"], "env": "production"’ \
https://host:12020/services/$_service_name_/action/deploy
Expect outcome
• Agent up and running with custom SSL cert
• Agent CUD APIs requires http Basic authentication (HTTP header “Authorization: Basic
{base64_encoded_user:password}”)
or
Update through cronusmaster UI
Expect Outcome:
Agent upgraded to new version, version number can be found in agent VI page
https://host:12020/agent/ValidateInternals.html
Why:
• Agent has elevated access to resource required by its workload
• Agent is mission critical service, interference is not desirable
• Agents are deployed everywhere in target infrastructure
Existing Agent Security Mechanisms:
• All traffic through agent API on HTTPS
• Basic HTTP authentication or PKI based authentication
• Separation of agent user and app user, application managed by agent does not have same privilege as agent has
• Agent and app users are setup as system accounts with login disabled
Security Best Practice:
• Do not enable access to agent API from internet without any restriction. It’s best to only allow access from
intranet via cronusmaster, or if that’s not feasible, only allow access from internet from trusted IPs
• Do NOT use default SSL certs when install agent, always provide your own certs
• Do NOT leave agent API open without authentication, at least set basic auth with your own user:password
• Do NOT keep your credentials in your source code, or encrypt it with your private key
Agent configurations and default values, configurations can be override through API call
Agent Configurations
agent_health_report_interval=120 # interval when agent health is checked
agent_thread_timeout=600 # agent thread timeout
app_restart_init_delay=15 # artificial delay before agent starts services after
download_skip_prop=true # not require cronus prop file
download_thread_attempt=1 # download retry
download_thread_max_time=7200 # download timeout ceiling
download_thread_min_progress_time=10 # download progress timeout
download_thread_min_time=60 # download timeout floor
download_thread_rate_per_sec=102400 # download rate throttle
exec_thread_progress_timeout=60 # task execution thread progress timeout
exec_thread_sleep_time=1 # interval when check task execution progress
exec_thread_timeout=600 # task execution thread timeout
health_agent_file_descriptor_usage_threshold=500 # max number of file descriptor
health_agent_mem_usage_threshold=200000 # max memory
health_disk_usage_gc_buffer=20 # agent disk percentage for gc
health_disk_usage_gc_threshold=70 # agent disk percentage threshold for gc
health_disk_usage_percent_threshold=90 # max disk usage percentage
keep_past_manifests=3 # how many past manifest to keep
monitor_check_timeinterval=120 # application monitoring interval
monitor_probation_enabled=true # probation for application monitoring script
Override Configuration
curl -k -X POST -d ’{"configs": {"<configName>": "<configValue>"}}’ https://host:12020/agent/config