search

controlm / automation-api-community-solutions

Control-M Automation API community solutions
Other
49 stars 89 forks source link

Review of this pattern #107

Closed anshul07 closed 1 year ago

anshul07 commented 3 years ago

Hi,

I'm working on the installation of control-m agent on a docker container and using the pattern where control-m agent has kubernetes service object attached to it which provides a static IP to the agent for incoming connections from the server.

Please note, for the installation of control-m agent on the docker image, I am executing the steps that we will perform on any Linux VM i.e. downloading the DRKAI package, unzipping and running setup.sh command. I didn't use ctm cli as it requires the EM endpoint and credentials at the build time which means that if you have got multiple environments each having its own EM then you need to build different image for each of them and that I believe is an anti-pattern in container world.

Also, I am running the setup.sh at the build time with a placeholder for server name in silent config file. Later during start up time, I replace that placeholder in ctm/data/CONFIG.dat with the actual server name. (I still need to handle authorised servers in case of HA).

Following is the snippet of my docker file 

FROM centos:7
ARG CTM_HOME=/home/controlm
ARG AGENT_BINARY_URL=
ENV CTM_DIR=$CTM_HOME
RUN yum -y update \
    && yum -y install wget \
    && yum -y install sudo \
    && yum -y install net-tools \
    && yum -y install bc

# Add controlm user and root to soduers list
RUN useradd -d $CTM_DIR -m controlm \  
    && echo 'root ALL=(ALL) ALL' >> /etc/sudoers \
    && echo 'controlm ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers

USER controlm
WORKDIR $CTM_DIR

RUN  wget -q $AGENT_BINARY_URL

RUN tar -xvf $ARTIFACT_NAME
RUN rm -rf $ARTIFACT_NAME \
    && chmod 755 setup.sh \
    && chmod -R 755 Setup_files

COPY install-controlm-silent-config.xml install-controlm-silent-config.xml
RUN ./setup.sh -silent install-controlm-silent-config.xml
RUN rm -rf Setup_files

ADD run_ctm.sh run_ctm.sh
RUN sudo chmod 755 run_ctm.sh
RUN echo "source $CTM_DIR/.bash_profile" >> $CTM_DIR/.bashrc

EXPOSE 7000-8000

CMD $CTM_DIR/run_ctm.sh

run.sh (start up script)


function run_ctrlm {
  if [ ! $CTM_SERVER_HOST ] ; then
    echo "Environment variable CTM_SERVER_HOST is missing."
    exit 1
  fi
  source ~/.bash_profile
  sed -i -e "s/CTM_SERVER_HOST/$CTM_SERVER_HOST/g" $CTM_DIR/ctm/data/CONFIG.dat
  sed -i -e 's|/bin/su - $agent_owner -c "||g' -e 's|ALL"|ALL|g' $CTM_DIR/ctm/scripts/rc.agent_user
  $CTM_DIR/ctm/scripts/rc.agent_user start
}

run_ctrlm

while /bin/true; do
  sleep 60
done

install-controlm-silent-config.xml

<AutomatedInstallation langpack="eng">
    <target.product>Control-M/Agent 9.0.20.000</target.product>
    <agent.parameters>
        <entry key="field.Authorized.Controlm.Server.Host" value="CTM_SERVER_HOST"/>
        <entry key="ctm_agent.Tracker.Event.Port" value="7035"/>
        <entry key="field.Agent.To.Server.Port.Number" value="7005"/>
        <entry key="ctm_agent.Tcp_ip.Timeout" value="60"/>
        <entry key="field.Server.To.Agent.Port.Number" value="7006"/>
        <entry key="Ignore.Disabling.Agent.Failure" value="false"/>
        <entry key="ctm_agent.Force.Upgrade" value="false"/>
        <entry key="field.Primary.Controlm.Server.Host" value="CTM_SERVER_HOST"/>
    </agent.parameters>
</AutomatedInstallation>

Can you please provide the feedback on this approach?

Also, I want to use persistent volume claim to persist the logs and output for troubleshooting if the pod goes down. So far I understand that I should definitely persist proclog and output directory, but are there some other folders we should persist?

anshul07 commented 3 years ago

@codytrey

JoeGoldberg commented 3 years ago

Hi Anshul,

I work for Control-M Solutions Marketing and have seen your posts here. I'm wondering if you would be willing to work more directly with me and possibly other BMC resources, to help you make quicker progress?

Some issues I may be able to help directly while for others, I'll have to rely on others, but may be able to get you responses more quickly.

I found your comments very interesting and about the approach you are taking to install an agent to avoid requiring credentials at build time. I think there are several approaches that can optimize that process both for images as well as for Linux VMs. As an example, look at the "run_register.sh" script I published in the same repo (https://github.com/controlm/automation-api-community-solutions/blob/master/3-infrastructure-as-code-examples/kubernetes-agent-application-pods/Misc/ctmContainer/run_register_controlm.sh). The example there reads credentials from conventional external files mounted in the container. That is meant to be a proxy for using tags/labels and a vaulting/secrets facility to store the credentials and have the container bind to the appropriate environment at run time to address the exact concern you have about baking credentials in at build time..

My contact info is joe_goldberg@bmc.com and I would be happy to connect with you directly to help in any way I can.

nathanw9722 commented 1 year ago

Will be resolved with the release of a supported containerized agent.