Discussion:
ATS running inside docker
ezko
2018-01-02 17:11:59 UTC
Permalink
hi,
i'm trying to run ATS 7.1 inside a docker
my entry point is:

ENTRYPOINT ["/bin/bash"]
CMD ["-c","traffic_cop"]

which seems OK because traffic_cop seems to run in the foreground , so the
container can be monitored for orchestration. Is there a better entry point
for running ATS ?

my remap file:
map http://localhost:8080/cache/ http://{cache}
map http://172.17.0.4:8080/cache/ http://{cache}

172.17.0.4 is an inner IP which the container instance got (it's not
constant)

My problem is with the port mapping.

When running in the default bridge mode with published ports for example:

docker run -d --name ats7.1 -e TS_ROOT='/' -p 7070:8080 -t centos_ats_7.1

docker port ats7.1
8080/tcp -> 0.0.0.0:7070

using the IP works (because i explicitly added a remap rule):
curl http://172.17.0.4:8080/cache/

but using the port mapping doesn't work
curl http://localhost:7070/cache/

I'm getting:
status 404 (Not Found on Accelerator) for 'http://localhost/cache/'

thanks in advance for any help.




--
Sent from: http://apache-traffic-server.24303.n7.nabble.com/
James Peach
2018-01-02 18:17:31 UTC
Permalink
Post by ezko
hi,
i'm trying to run ATS 7.1 inside a docker
ENTRYPOINT ["/bin/bash"]
CMD ["-c","traffic_cop"]
which seems OK because traffic_cop seems to run in the foreground , so the
container can be monitored for orchestration. Is there a better entry point
for running ATS ?
Nope, traffic_cop is correct.
Post by ezko
map http://localhost:8080/cache/ http://{cache}
map http://172.17.0.4:8080/cache/ http://{cache}
172.17.0.4 is an inner IP which the container instance got (it's not
constant)
My problem is with the port mapping.
docker run -d --name ats7.1 -e TS_ROOT='/' -p 7070:8080 -t centos_ats_7.1
docker port ats7.1
8080/tcp -> 0.0.0.0:7070
curl http://172.17.0.4:8080/cache/
but using the port mapping doesn't work
curl http://localhost:7070/cache/
status 404 (Not Found on Accelerator) for 'http://localhost/cache/'
Traffic Server needs a remap rule that matches whatever is in the Host header of the HTTP request. In this case, I'd expect the Host header contains "localhost:7070". Remember that remap is matching on the HTTP request contents, *not* on IP addresses.

When running in a container, you might want to use host network and map block devices directly with the devices cgroup or privileged mode.

J
ezko
2018-01-03 07:53:17 UTC
Permalink
thanks J.
you are right the correct remap rule in this case is indeed:
map http://localhost:7070/cache/ http://{cache}
for now we are just evaluating. for production we will most likely use the
host network.
Post by James Peach
On Jan 2, 2018, at 9:11 AM, ezko <
hi,
i'm trying to run ATS 7.1 inside a docker
ENTRYPOINT ["/bin/bash"]
CMD ["-c","traffic_cop"]
which seems OK because traffic_cop seems to run in the foreground , so the
container can be monitored for orchestration. Is there a better entry point
for running ATS ?
Nope, traffic_cop is correct.
map http://localhost:8080/cache/ http://{cache}
map http://172.17.0.4:8080/cache/ http://{cache}
172.17.0.4 is an inner IP which the container instance got (it's not
constant)
My problem is with the port mapping.
docker run -d --name ats7.1 -e TS_ROOT='/' -p 7070:8080 -t centos_ats_7.1
docker port ats7.1
8080/tcp -> 0.0.0.0:7070
curl http://172.17.0.4:8080/cache/
but using the port mapping doesn't work
curl http://localhost:7070/cache/
status 404 (Not Found on Accelerator) for 'http://localhost/cache/'
Traffic Server needs a remap rule that matches whatever is in the Host
header of the HTTP request. In this case, I'd expect the Host header
contains "localhost:7070". Remember that remap is matching on the HTTP
request contents, *not* on IP addresses.
When running in a container, you might want to use host network and map
block devices directly with the devices cgroup or privileged mode.
J
--
Sent from: http://apache-traffic-server.24303.n7.nabble.com/
Jeremy Payne
2018-01-08 04:05:48 UTC
Permalink
On a side note. I put together an internal POC that instantiates a
high performance ATS docker container within a multi-tenant
environment.
I used cgroups to allocate cpu/memory resources from within the same
NUMA node.
I also used a docker plugin to pass through SRIOV VFs, also within the
same NUMA node as the above.
I'll clean up some of the lab details and then post in the next couple days.
Post by James Peach
Post by ezko
hi,
i'm trying to run ATS 7.1 inside a docker
ENTRYPOINT ["/bin/bash"]
CMD ["-c","traffic_cop"]
which seems OK because traffic_cop seems to run in the foreground , so the
container can be monitored for orchestration. Is there a better entry point
for running ATS ?
Nope, traffic_cop is correct.
Post by ezko
map http://localhost:8080/cache/ http://{cache}
map http://172.17.0.4:8080/cache/ http://{cache}
172.17.0.4 is an inner IP which the container instance got (it's not
constant)
My problem is with the port mapping.
docker run -d --name ats7.1 -e TS_ROOT='/' -p 7070:8080 -t centos_ats_7.1
docker port ats7.1
8080/tcp -> 0.0.0.0:7070
curl http://172.17.0.4:8080/cache/
but using the port mapping doesn't work
curl http://localhost:7070/cache/
status 404 (Not Found on Accelerator) for 'http://localhost/cache/'
Traffic Server needs a remap rule that matches whatever is in the Host header of the HTTP request. In this case, I'd expect the Host header contains "localhost:7070". Remember that remap is matching on the HTTP request contents, *not* on IP addresses.
When running in a container, you might want to use host network and map block devices directly with the devices cgroup or privileged mode.
J
ezko
2018-01-08 10:45:26 UTC
Permalink
thanks. that would be really helpful.


On a side note. I put together an internal POC that instantiates a
high performance ATS docker container within a multi-tenant
environment.
I used cgroups to allocate cpu/memory resources from within the same
NUMA node.
I also used a docker plugin to pass through SRIOV VFs, also within the
same NUMA node as the above.
I'll clean up some of the lab details and then post in the next couple days.






--
Sent from: http://apache-traffic-server.24303.n7.nabble.com/
Jeremy Payne
2018-01-09 17:10:08 UTC
Permalink
I don't cover entry points and building the container image. That's
the easy part anyway.
What you'll find here are steps on passing resources directly to an
instantiated container.

http://mentalsandbox2020.blogspot.com/2018/01/high-performance-ats-container-in-multi.html
Post by ezko
thanks. that would be really helpful.
On a side note. I put together an internal POC that instantiates a
high performance ATS docker container within a multi-tenant
environment.
I used cgroups to allocate cpu/memory resources from within the same
NUMA node.
I also used a docker plugin to pass through SRIOV VFs, also within the
same NUMA node as the above.
I'll clean up some of the lab details and then post in the next couple days.
--
Sent from: http://apache-traffic-server.24303.n7.nabble.com/
Loading...