ATS running inside docker

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

ATS running inside docker

ezko
hi,
i'm trying to run ATS 7.1 inside a docker
my entry point is:

ENTRYPOINT ["/bin/bash"]
CMD ["-c","traffic_cop"]

which seems OK because traffic_cop seems to run in the foreground , so the
container can be monitored for orchestration. Is there a better entry point
for running ATS ?

my remap file:
map http://localhost:8080/cache/ http://{cache}
map http://172.17.0.4:8080/cache/ http://{cache}

172.17.0.4 is an inner IP which the container instance got (it's not
constant)  

My problem is with the port mapping.

When running in the default bridge mode with published ports for example:

docker run -d --name ats7.1 -e TS_ROOT='/' -p 7070:8080 -t centos_ats_7.1

docker port ats7.1
8080/tcp -> 0.0.0.0:7070

using the IP works (because i explicitly added a remap rule):
curl http://172.17.0.4:8080/cache/

but using the port mapping doesn't work
curl http://localhost:7070/cache/

I'm getting:
status 404 (Not Found on Accelerator) for 'http://localhost/cache/'

thanks in advance for any help.




--
Sent from: http://apache-traffic-server.24303.n7.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: ATS running inside docker

James Peach


> On Jan 2, 2018, at 9:11 AM, ezko <[hidden email]> wrote:
>
> hi,
> i'm trying to run ATS 7.1 inside a docker
> my entry point is:
>
> ENTRYPOINT ["/bin/bash"]
> CMD ["-c","traffic_cop"]
>
> which seems OK because traffic_cop seems to run in the foreground , so the
> container can be monitored for orchestration. Is there a better entry point
> for running ATS ?

Nope, traffic_cop is correct.

> my remap file:
> map http://localhost:8080/cache/ http://{cache}
> map http://172.17.0.4:8080/cache/ http://{cache}
>
> 172.17.0.4 is an inner IP which the container instance got (it's not
> constant)  
>
> My problem is with the port mapping.
>
> When running in the default bridge mode with published ports for example:
>
> docker run -d --name ats7.1 -e TS_ROOT='/' -p 7070:8080 -t centos_ats_7.1
>
> docker port ats7.1
> 8080/tcp -> 0.0.0.0:7070
>
> using the IP works (because i explicitly added a remap rule):
> curl http://172.17.0.4:8080/cache/
>
> but using the port mapping doesn't work
> curl http://localhost:7070/cache/
>
> I'm getting:
> status 404 (Not Found on Accelerator) for 'http://localhost/cache/'

Traffic Server needs a remap rule that matches whatever is in the Host header of the HTTP request. In this case, I'd expect the Host header contains "localhost:7070". Remember that remap is matching on the HTTP request contents, *not* on IP addresses.

When running in a container, you might want to use host network and map block devices directly with the devices cgroup or privileged mode.

J
Reply | Threaded
Open this post in threaded view
|

Re: ATS running inside docker

ezko
thanks J.
you are right the correct remap rule in this case is indeed:
map http://localhost:7070/cache/ http://{cache}
for now we are just evaluating. for production we will most likely use the
host network.




James Peach wrote
>> On Jan 2, 2018, at 9:11 AM, ezko &lt;

> erez.koler@

> &gt; wrote:
>>
>> hi,
>> i'm trying to run ATS 7.1 inside a docker
>> my entry point is:
>>
>> ENTRYPOINT ["/bin/bash"]
>> CMD ["-c","traffic_cop"]
>>
>> which seems OK because traffic_cop seems to run in the foreground , so
>> the
>> container can be monitored for orchestration. Is there a better entry
>> point
>> for running ATS ?
>
> Nope, traffic_cop is correct.
>
>> my remap file:
>> map http://localhost:8080/cache/ http://{cache}
>> map http://172.17.0.4:8080/cache/ http://{cache}
>>
>> 172.17.0.4 is an inner IP which the container instance got (it's not
>> constant)  
>>
>> My problem is with the port mapping.
>>
>> When running in the default bridge mode with published ports for example:
>>
>> docker run -d --name ats7.1 -e TS_ROOT='/' -p 7070:8080 -t centos_ats_7.1
>>
>> docker port ats7.1
>> 8080/tcp -> 0.0.0.0:7070
>>
>> using the IP works (because i explicitly added a remap rule):
>> curl http://172.17.0.4:8080/cache/
>>
>> but using the port mapping doesn't work
>> curl http://localhost:7070/cache/
>>
>> I'm getting:
>> status 404 (Not Found on Accelerator) for 'http://localhost/cache/'
>
> Traffic Server needs a remap rule that matches whatever is in the Host
> header of the HTTP request. In this case, I'd expect the Host header
> contains "localhost:7070". Remember that remap is matching on the HTTP
> request contents, *not* on IP addresses.
>
> When running in a container, you might want to use host network and map
> block devices directly with the devices cgroup or privileged mode.
>
> J





--
Sent from: http://apache-traffic-server.24303.n7.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: ATS running inside docker

Jeremy Payne
In reply to this post by James Peach
On a side note. I put together an internal POC that instantiates a
high performance ATS docker container within a multi-tenant
environment.
I used cgroups  to allocate cpu/memory resources from within the same
NUMA node.
I also used a docker plugin to pass through SRIOV VFs, also within the
same NUMA node as the above.
I'll clean up some of the lab details and then post in the next couple days.




On Tue, Jan 2, 2018 at 12:17 PM, James Peach <[hidden email]> wrote:

>
>
>> On Jan 2, 2018, at 9:11 AM, ezko <[hidden email]> wrote:
>>
>> hi,
>> i'm trying to run ATS 7.1 inside a docker
>> my entry point is:
>>
>> ENTRYPOINT ["/bin/bash"]
>> CMD ["-c","traffic_cop"]
>>
>> which seems OK because traffic_cop seems to run in the foreground , so the
>> container can be monitored for orchestration. Is there a better entry point
>> for running ATS ?
>
> Nope, traffic_cop is correct.
>
>> my remap file:
>> map http://localhost:8080/cache/ http://{cache}
>> map http://172.17.0.4:8080/cache/ http://{cache}
>>
>> 172.17.0.4 is an inner IP which the container instance got (it's not
>> constant)
>>
>> My problem is with the port mapping.
>>
>> When running in the default bridge mode with published ports for example:
>>
>> docker run -d --name ats7.1 -e TS_ROOT='/' -p 7070:8080 -t centos_ats_7.1
>>
>> docker port ats7.1
>> 8080/tcp -> 0.0.0.0:7070
>>
>> using the IP works (because i explicitly added a remap rule):
>> curl http://172.17.0.4:8080/cache/
>>
>> but using the port mapping doesn't work
>> curl http://localhost:7070/cache/
>>
>> I'm getting:
>> status 404 (Not Found on Accelerator) for 'http://localhost/cache/'
>
> Traffic Server needs a remap rule that matches whatever is in the Host header of the HTTP request. In this case, I'd expect the Host header contains "localhost:7070". Remember that remap is matching on the HTTP request contents, *not* on IP addresses.
>
> When running in a container, you might want to use host network and map block devices directly with the devices cgroup or privileged mode.
>
> J
Reply | Threaded
Open this post in threaded view
|

Re: ATS running inside docker

ezko
thanks. that would be really helpful.


On a side note. I put together an internal POC that instantiates a
high performance ATS docker container within a multi-tenant
environment.
I used cgroups  to allocate cpu/memory resources from within the same
NUMA node.
I also used a docker plugin to pass through SRIOV VFs, also within the
same NUMA node as the above.
I'll clean up some of the lab details and then post in the next couple days.






--
Sent from: http://apache-traffic-server.24303.n7.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: ATS running inside docker

Jeremy Payne
I don't cover entry points and building the container image. That's
the easy part anyway.
What you'll find here are steps on passing resources directly to an
instantiated container.

http://mentalsandbox2020.blogspot.com/2018/01/high-performance-ats-container-in-multi.html



On Mon, Jan 8, 2018 at 4:45 AM, ezko <[hidden email]> wrote:

> thanks. that would be really helpful.
>
>
> On a side note. I put together an internal POC that instantiates a
> high performance ATS docker container within a multi-tenant
> environment.
> I used cgroups  to allocate cpu/memory resources from within the same
> NUMA node.
> I also used a docker plugin to pass through SRIOV VFs, also within the
> same NUMA node as the above.
> I'll clean up some of the lab details and then post in the next couple days.
>
>
>
>
>
>
> --
> Sent from: http://apache-traffic-server.24303.n7.nabble.com/