6. Deployment
App Mesh can deploy with multiple ways, generally, App Mesh run on a host as a daemon service managed by native systemd or docker container.
6.1. Quick install by docker container
Start App Mesh daemon docker container with 4g memory limited:
docker run -d --memory=8g --restart=always --name=appmesh --net=host -v /var/run/docker.sock:/var/run/docker.sock laoshanxi/appmesh
The startup support use environment variable override default configuration with format APPMESH_${BASE-JSON-KEY}_${SUB-JSON-KEY}=NEW_VALUE
, E.g. export APPMESH_REST_HttpThreadPoolSize=10
, export APPMESH_REST_SSL_VerifyPeer=true
.
6.2. Native installation
Install App Mesh as standalone mode on local node without GUI service by release packages.
# import gpg public key in case of signature verification
sudo rpm --import gpg_public.key
sudo dpkg --import gpg_public.key
# centos
sudo yum install appmesh_2.1.1_gcc_9_glibc_2.31_x86_64.rpm
# ubuntu
sudo apt install appmesh_2.1.1_gcc_7_glibc_2.27_x86_64.deb
# SUSE
sudo zypper install appmesh_2.1.1_gcc_9_glibc_2.31_x86_64.rpm
Start service:
$ systemctl enable appmesh
$ systemctl start appmesh
$ systemctl status appmesh
● appmesh.service - App Mesh daemon service
Loaded: loaded (/etc/systemd/system/appmesh.service; enabled; vendor preset: disabled)
Deploy Web UI (access https://host-name)
appc logon -u admin -x admin123
appc add -n appweb --perm 11 -e APP_DOCKER_OPTS="--net=host -v /opt/appmesh/ssl/server.pem:/etc/nginx/conf.d/server.crt:ro -v /opt/appmesh/ssl/server-key.pem:/etc/nginx/conf.d/server.key:ro" -d laoshanxi/appmesh-ui:2.1.2 -f
Note:
On windows WSL ubuntu, use
service appmesh start
to force service start, WSL VM does not have full init.d and systemdUse env
export APPMESH_FRESH_INSTALL=Y
to enable fresh installation (otherwise, SSL and configuration file will reuse previous files on this host) and usesudo -E
to pass environment variable to sudoUse env
export APPMESH_SECURE_INSTALLATION=Y
to generate initial secure password for useradmin
and force enable password encryptUse env
export APPMESH_DisableExecUser=true
to disable customized process userSet env
APPMESH_DAEMON_EXEC_USER
andAPPMESH_DAEMON_EXEC_USER_GROUP
to specify daemon process userSet env
APPMESH_PosixTimezone
with posix timezone (E.g. export APPMESH_PosixTimezone=”+08”) for CLI and ServerThe installation will create
appmesh
Linux user for default app runningFor centos 8, install dependency:
sudo yum install libnsl
The installation media structure is like this:
$ tree -L 1 /opt/appmesh/
├── apps ====> application json files dir
├── config.json ====> configuration fileGUI)
├── security.json ====> local JSON security configuration file
├── bin ====> execution binaries dir
├── lib64
├── log ====> app mesh engine log dir
├── script
├── ssl ====> SSL certification files
└── work ====> child app work dir (app log files will write in this dir)
6.3. Docker compose installation with GUI and Consul Service
A simple way deploy appmesh, appmesh-ui and consul by docker-compose.
Install docker-compose:
sudo curl -L "https://github.com/docker/compose/releases/download/v2.14.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
Get integrated docker compose file docker-compose.yaml and configure correct Consul bind IP address and network device name.
$ mkdir appmesh
$ cd appmesh
$ wget -O docker-compose.yaml https://github.com/laoshanxi/app-mesh/raw/main/script/docker-compose.yaml
$ docker-compose -f docker-compose.yaml up -d
Creating apppmesh_appmesh_1 ... done
Creating apppmesh_consul_1 ... done
Creating apppmesh_appmesh-ui_1 ... done
$ docker-compose -f docker-compose.yaml ps
Name Command State Ports
----------------------------------------------------------------------
apppmesh_appmesh-ui_1 nginx -g daemon off; Up
apppmesh_appmesh_1 /opt/appmesh/script/appmes ... Up
apppmesh_consul_1 docker-entrypoint.sh consu ... Up
By default, App Mesh will connect to local Consul URL with “https://127.0.0.1:443”, this address is configured with Nginx
reverse proxy route to “http://127.0.0.1:8500”.
App Mesh UI is listen at 443
port with SSL protocol, open https://appmesh_node
to access with admin
user and admin123 for initial password.
For production environment, Consul is better to be a cluster with 3+ server agent, one Consul agent is used for test scenario.
6.4. Join a App Mesh node to a Consul cluster
6.4.1. Option 1: Update configuration
When installed a new App Mesh node and want to connect to existing cluster, just need configure Consul URL parameter in /opt/appmesh/config.json
:
"Consul": {
"Url": "https://192.168.3.1",
}
If App Mesh is running in Docker container, need mount /opt/appmesh/config.json
out of container to persist the configuration. After configuration change, just restart App Mesh container.
6.4.2. Option 2: Update from UI
All configuration update from UI support hot-update, no need restart App Mesh process to take effect. Click Configuration
-> Consul
and set Consul URL
, Click Submit
to take effect.
6.4.3. Option 3: Update from CLI
Command line support join current node to a Consul cluster with specify the Consul URL.
appc join -c http://127.0.0.1:8500 -l 30 -m -w
6.5. Usage scenarios
Integrate with rpm installation script and register rpm startup behavior to appmesh
Remote sync/async shell execute (web ssh)
Host/app resource monitor
Run as a standalone JWT server
File server
Micro service management
Cluster application deployment