This paper explores various options and provides an architecture blueprint, laying down a solid foundation for production ready solution. All started with exploring containerization technology, its features and readiness for supporting various workload types. The research continued further exploring DevOps practices for implementing and supporting application lifecycle. Special attention has been paid to Drupal CMS deployment, configuration and publishing workflows.
The Covid-19 pandemic & the evolution of migration intentions among Tunisian ...Jamaity
This study was carried out as part of the participation of the Tunisian Forum for Economic and Social Rights (FTDES) in the research project "Social Protection in (post) Covid MENA" as member of the "Arab Hub for Social Protection" Consortium.
Bentley SewerCAD CONNECT is a fully-dynamic sanitary and combined sewer modeling solution that can analyze all system elements in one package using either the SWMM algorithm or its own implicit solution method. The CONNECT Services edition enables users to access Bentley cloud services through a personal portal and connection client to collaborate on projects across different environments. Users can associate hydraulic model files with specific infrastructure projects through the connection client and personal portal.
This document contains a strategic plan for General Motors (GM) consisting of 6 assignments:
1) Defines GM's vision, mission and strategic planning.
2) Outlines GM's strategy statements including mission, vision, values, objectives and stakeholder analysis.
3) Performs a PESTEL analysis of the macroenvironment and Porter's 5 forces industry analysis.
4) Analyzes GM's strategic groups, competitors and market segments.
5) Evaluates GM's resources, competencies and dynamic capabilities using the VRIO framework.
6) Discusses GM's value chain, value system and SWOT analysis. The plan provides an in-depth analysis of GM's strategic position and opportunities.
This document outlines competencies for federal librarians across several domains, including:
- Foundational competencies like cognitive analysis, communication, emotional intelligence, leadership, professional knowledge, and technology application.
- Functional competencies including collection management, content organization, knowledge management, library leadership and advocacy, library technology management, and reference and research.
- It provides descriptions and examples of the knowledge and skills needed in each competency area.
The document is intended to define the competencies expected of federal librarians and help them evaluate their own skills.
The document provides information to tenants of Hudson's Bay Centre including contact information for building management and operations, an overview of tenant and building services, security and life safety procedures, housekeeping services, and financial requirements. It also includes the building rules and regulations as well as floor plans and forms for tenants.
The survey received 1,433 responses, with most respondents being undergraduates (85%) who live in university housing (94%). Nearly 58% of students travel between the campuses at least 3 days per week, but very few (5%) use a bicycle for most trips. While only 5% currently bike between campuses, over 33% would prefer to bike more than half the time, showing many students are motivated to bike but barriers exist. The biggest barrier cited by 58% is the lack of a convenient, safe route. To increase ridership, students believe a faster route (75%) and separation from auto traffic (72%) would help them bike more. This suggests better infrastructure is needed to promote biking between the
This document summarizes a report on a proposed New South Wales Government social impact bond pilot program. The report reviews potential policy areas and nonprofit organizations for the pilot, assesses investor appetite, and recommends a structure. It finds potential in programs addressing juvenile justice and parenting skills, and identifies criteria for selecting participants, measuring outcomes, and establishing an independent audit body. The report provides an overview of social impact bonds and lessons from the UK experience to inform next steps for the NSW Government's pilot program.
This document provides a market assessment of the Wicker Park and Bucktown neighborhoods of Chicago. It analyzes retail, restaurant, office, and residential real estate market conditions and trends. It also examines consumer spending patterns and the results of surveys of local businesses and residents. The assessment identifies strengths of the areas, such as a vibrant mix of shops, restaurants, and nightlife. It also notes opportunities to help local businesses be more successful, such as providing more support to entrepreneurs. The overall goal is to understand market dynamics and outline strategic actions to maintain Wicker Park and Bucktown's economic viability and national reputation as unique and vibrant neighborhoods.
The Covid-19 pandemic & the evolution of migration intentions among Tunisian ...Jamaity
This study was carried out as part of the participation of the Tunisian Forum for Economic and Social Rights (FTDES) in the research project "Social Protection in (post) Covid MENA" as member of the "Arab Hub for Social Protection" Consortium.
Bentley SewerCAD CONNECT is a fully-dynamic sanitary and combined sewer modeling solution that can analyze all system elements in one package using either the SWMM algorithm or its own implicit solution method. The CONNECT Services edition enables users to access Bentley cloud services through a personal portal and connection client to collaborate on projects across different environments. Users can associate hydraulic model files with specific infrastructure projects through the connection client and personal portal.
This document contains a strategic plan for General Motors (GM) consisting of 6 assignments:
1) Defines GM's vision, mission and strategic planning.
2) Outlines GM's strategy statements including mission, vision, values, objectives and stakeholder analysis.
3) Performs a PESTEL analysis of the macroenvironment and Porter's 5 forces industry analysis.
4) Analyzes GM's strategic groups, competitors and market segments.
5) Evaluates GM's resources, competencies and dynamic capabilities using the VRIO framework.
6) Discusses GM's value chain, value system and SWOT analysis. The plan provides an in-depth analysis of GM's strategic position and opportunities.
This document outlines competencies for federal librarians across several domains, including:
- Foundational competencies like cognitive analysis, communication, emotional intelligence, leadership, professional knowledge, and technology application.
- Functional competencies including collection management, content organization, knowledge management, library leadership and advocacy, library technology management, and reference and research.
- It provides descriptions and examples of the knowledge and skills needed in each competency area.
The document is intended to define the competencies expected of federal librarians and help them evaluate their own skills.
The document provides information to tenants of Hudson's Bay Centre including contact information for building management and operations, an overview of tenant and building services, security and life safety procedures, housekeeping services, and financial requirements. It also includes the building rules and regulations as well as floor plans and forms for tenants.
The survey received 1,433 responses, with most respondents being undergraduates (85%) who live in university housing (94%). Nearly 58% of students travel between the campuses at least 3 days per week, but very few (5%) use a bicycle for most trips. While only 5% currently bike between campuses, over 33% would prefer to bike more than half the time, showing many students are motivated to bike but barriers exist. The biggest barrier cited by 58% is the lack of a convenient, safe route. To increase ridership, students believe a faster route (75%) and separation from auto traffic (72%) would help them bike more. This suggests better infrastructure is needed to promote biking between the
This document summarizes a report on a proposed New South Wales Government social impact bond pilot program. The report reviews potential policy areas and nonprofit organizations for the pilot, assesses investor appetite, and recommends a structure. It finds potential in programs addressing juvenile justice and parenting skills, and identifies criteria for selecting participants, measuring outcomes, and establishing an independent audit body. The report provides an overview of social impact bonds and lessons from the UK experience to inform next steps for the NSW Government's pilot program.
This document provides a market assessment of the Wicker Park and Bucktown neighborhoods of Chicago. It analyzes retail, restaurant, office, and residential real estate market conditions and trends. It also examines consumer spending patterns and the results of surveys of local businesses and residents. The assessment identifies strengths of the areas, such as a vibrant mix of shops, restaurants, and nightlife. It also notes opportunities to help local businesses be more successful, such as providing more support to entrepreneurs. The overall goal is to understand market dynamics and outline strategic actions to maintain Wicker Park and Bucktown's economic viability and national reputation as unique and vibrant neighborhoods.
The document describes various autumn activities carried out by schools in Slovakia, Croatia, Italy, Portugal, and Turkey as part of an Erasmus+ project, including creating artwork depicting views of autumn, presentations on autumn colors, outdoor activities with kites, and developing a word bank of autumn vocabulary in different languages.
This document provides information about the USB2817 integrated circuit, including its pin descriptions and functions. It describes the purpose of pins such as AD, DA, DI, DO, and CNT for analog to digital conversion and digital to analog functions. It also explains the chip's ID register for identification purposes and provides programming information for configuration registers to control aspects like conversion timing and power management.
This document is a book about phrasal verbs. It is divided into chapters that focus on different aspects of phrasal verbs, such as separable and nonseparable phrasal verbs, phrasal verbs used with do/does/did, three-word phrasal verbs, present and past continuous phrasal verbs, and pronunciation of two-word and three-word phrasal verbs. Each chapter provides examples of commonly used phrasal verbs to help readers understand and learn how to use these multi-word verbs.
This document provides an overview and guide to investing in Algeria. It discusses Algeria's history, demographics, economy, legal system, foreign investment policies and incentives, business structures, commercial activities, trade, banking, taxation and accounting practices. The key points are:
- Algeria aims to attract foreign investment through tax incentives and guarantees for investors. The National Investment Council and National Investment Development Agency promote investment.
- Common business structures include joint stock companies, limited liability companies, sole proprietorships and partnerships. Foreign companies can also establish as a branch or liaison office.
- Algeria has transitioned to a more market-based economy but still intervenes in certain sectors. It seeks to diversify its oil and
Highlighted section 6 player development policies (feb 2013)UYSA
The document outlines policies and procedures for player development in Utah, including:
1) Administration of various committees that oversee competition, recreation, and Olympic development programs.
2) Standards for all state-governed competition leagues regarding registration, coaching requirements, and rules for canceling/rescheduling matches.
3) Descriptions of the State Competition League, Interregional League, and Regional Academy League structures and their respective coaching requirements, player rostering, and scheduling policies.
This document provides guidelines for the Missions Committee of RBCPC church. It outlines the committee's foundation including its purpose, principles, and approaches. It describes the committee's planning process including long-range goals and short-term objectives. It defines the committee's relationship with missions and missionaries, including levels of support, criteria for recognition, and values. It also covers the committee's operations in areas such as organization, work responsibilities, funding sources and disbursements, and policies around mission trips.
The document discusses several key Islamic beliefs about the afterlife:
1) It provides proof from the Quran and hadiths for the Islamic belief in resurrection and judgement.
2) It describes the blowing of the horn and different opinions on how many times it will blow before the Day of Judgement.
3) It describes the gathering of all humans and jinn on the Plain of Resurrection and mentions some groups of people who will be resurrected or gathered together.
4) It discusses the standing before Allah for judgement, the concept of intercession, and places like al-Hawd (pool) and as-Sirat (bridge) that believers must cross.
Catalogo Promozionale Teatro Torlonia Avezzano.
Contiene una breve descrizione del locale così da poter creare reti di collaborazioni commerciali e promozionali.
This document provides an overview of geological and geophysical exploration activities conducted by Mari Petroleum Company Limited (MPCL) in Pakistan. It discusses MPCL's operated and non-operated exploration blocks located across different basins in Pakistan. It also outlines the typical exploration cycle, including block evaluation, carving, bidding, award, and development. Key activities of MPCL discussed include seismic data acquisition and processing, well logging, petrophysical analysis, and reservoir modeling. Maps of MPCL's blocks and prospectivity zones in different basins are provided. The document serves as an internship report submitted to MPCL detailing the exploration work conducted during the internship period.
This document is a catalogue for Seiko watch collections for 2015-2016. It provides an overview of Seiko's history and innovations in watchmaking since 1881. It then profiles over 30 different watch collections categorized by gender, features, and intended uses (e.g. sport, dress, diving). For each collection, it lists models and provides brief descriptions and specifications. It also includes reference charts with technical details for all products and instructions for use.
The document announces the annual meeting of stockholders to be held on April 19, 2007 at 10:00 am at the cafeteria on the company's property. At the meeting, stockholders will vote to elect directors for the next year, ratify the appointment of Ernst & Young LLP as the independent registered public accounting firm for 2007, and consider any other matters properly brought before the meeting. Stockholders of record as of February 20, 2007 are entitled to vote. The company urges stockholders to vote promptly.
The document is a notice for the annual meeting of stockholders to be held on April 20, 2006. At the meeting, stockholders will vote to elect directors for the next year, ratify the appointment of Ernst & Young LLP as the company's independent registered public accounting firm for 2006, and consider any other matters properly brought before the meeting. Stockholders of record as of February 21, 2006 are entitled to vote. The company urges stockholders to vote their shares promptly.
The document announces Sprint Nextel Corporation's annual meeting of shareholders to be held on May 13, 2008 at 10:00am at a Hyatt hotel in Reston, Virginia. The purpose of the meeting is to elect nine directors, ratify the appointment of the independent auditing firm KPMG LLP, and vote on any shareholder proposals presented. Shareholders of record as of March 14, 2008 are entitled to vote. The meeting will cover routine annual matters like electing directors, appointing auditors, and considering shareholder proposals.
The document outlines the scope of work for developing and implementing an online recruitment system for the Federal Public Service Commission of Pakistan. It includes re-engineering existing software applications from Phase I to address bugs and inconsistencies. The scope also covers new software modules for Phase II, including a transport management system, travel management system, computer-based psychological assessment system, and others. It describes the existing issues with Phase I modules and functional requirements for the new systems. The proposal requests companies to submit technical proposals to complete this work.
This document announces the 2006 Regular Meeting of Shareholders of Best Buy Co., Inc. to be held on June 21, 2006 at their corporate campus. The meeting will address three items of business: 1) Electing four Class 1 directors to serve two-year terms on the board, 2) Ratifying the appointment of Deloitte & Touche LLP as the company's independent registered public accounting firm for the current fiscal year, and 3) Any other business that may properly come before the meeting. Shareholders as of April 24, 2006 are eligible to vote, and may do so by proxy via mail, phone or internet in advance of the meeting or in person at the meeting.
The Campus and Community Relations team was responsible for creating and distributing promotional materials for The Bully Pulpit Series and its events on campus and through social media. This included signs, fliers, and graphics to promote both the series and individual events. The team also helped coordinate volunteers and plan voter registration efforts. Through their work over the year, the team gained experience in brand management, graphic design, and event promotion while helping to encourage civic participation at the college.
The Campus and Community Relations team was responsible for creating and distributing promotional materials for The Bully Pulpit Series and its events on campus and in the community. The team created signs, posters, fliers and social media graphics to promote both the series and guest speakers. They also coordinated volunteers and helped with voter registration efforts in the spring. The team recommends that next year's group maintain a consistent brand, promote the overall series more, create detailed marketing plans for each event, and schedule events around the November election.
Social Safety Nets and Gender- Learning from Impact Evaluations and World Ban...Segen Moges
This document discusses social safety net programs and how they impact men and women. It analyzes impact evaluations and World Bank projects to understand outcomes. The document presents a framework for analyzing social safety nets and their gender impacts. It reviews results from impact evaluations on outcomes for women/men and girls/boys. It also discusses efficiency. Finally, it examines trends in how the World Bank has integrated gender considerations into its social safety net projects.
WSIS+10 Country Reporting - Rwanda (Republic of)Dr Lendy Spires
The document provides an overview of Rwanda's implementation of the WSIS action lines over the past decade to promote ICT for development. It discusses Rwanda's national ICT strategies (NICI plans) from 2000-2005, 2005-2010, and 2010-2015 to transform the country into a knowledge-based society by 2020. The strategies focused on creating an enabling environment, deploying infrastructure, and now developing ICT services and skills. It also outlines the various policies, initiatives and developments across each of the WSIS action lines to expand access to information, build capacity, strengthen security and the enabling environment, and leverage ICTs across multiple sectors in Rwanda.
The document describes various autumn activities carried out by schools in Slovakia, Croatia, Italy, Portugal, and Turkey as part of an Erasmus+ project, including creating artwork depicting views of autumn, presentations on autumn colors, outdoor activities with kites, and developing a word bank of autumn vocabulary in different languages.
This document provides information about the USB2817 integrated circuit, including its pin descriptions and functions. It describes the purpose of pins such as AD, DA, DI, DO, and CNT for analog to digital conversion and digital to analog functions. It also explains the chip's ID register for identification purposes and provides programming information for configuration registers to control aspects like conversion timing and power management.
This document is a book about phrasal verbs. It is divided into chapters that focus on different aspects of phrasal verbs, such as separable and nonseparable phrasal verbs, phrasal verbs used with do/does/did, three-word phrasal verbs, present and past continuous phrasal verbs, and pronunciation of two-word and three-word phrasal verbs. Each chapter provides examples of commonly used phrasal verbs to help readers understand and learn how to use these multi-word verbs.
This document provides an overview and guide to investing in Algeria. It discusses Algeria's history, demographics, economy, legal system, foreign investment policies and incentives, business structures, commercial activities, trade, banking, taxation and accounting practices. The key points are:
- Algeria aims to attract foreign investment through tax incentives and guarantees for investors. The National Investment Council and National Investment Development Agency promote investment.
- Common business structures include joint stock companies, limited liability companies, sole proprietorships and partnerships. Foreign companies can also establish as a branch or liaison office.
- Algeria has transitioned to a more market-based economy but still intervenes in certain sectors. It seeks to diversify its oil and
Highlighted section 6 player development policies (feb 2013)UYSA
The document outlines policies and procedures for player development in Utah, including:
1) Administration of various committees that oversee competition, recreation, and Olympic development programs.
2) Standards for all state-governed competition leagues regarding registration, coaching requirements, and rules for canceling/rescheduling matches.
3) Descriptions of the State Competition League, Interregional League, and Regional Academy League structures and their respective coaching requirements, player rostering, and scheduling policies.
This document provides guidelines for the Missions Committee of RBCPC church. It outlines the committee's foundation including its purpose, principles, and approaches. It describes the committee's planning process including long-range goals and short-term objectives. It defines the committee's relationship with missions and missionaries, including levels of support, criteria for recognition, and values. It also covers the committee's operations in areas such as organization, work responsibilities, funding sources and disbursements, and policies around mission trips.
The document discusses several key Islamic beliefs about the afterlife:
1) It provides proof from the Quran and hadiths for the Islamic belief in resurrection and judgement.
2) It describes the blowing of the horn and different opinions on how many times it will blow before the Day of Judgement.
3) It describes the gathering of all humans and jinn on the Plain of Resurrection and mentions some groups of people who will be resurrected or gathered together.
4) It discusses the standing before Allah for judgement, the concept of intercession, and places like al-Hawd (pool) and as-Sirat (bridge) that believers must cross.
Catalogo Promozionale Teatro Torlonia Avezzano.
Contiene una breve descrizione del locale così da poter creare reti di collaborazioni commerciali e promozionali.
This document provides an overview of geological and geophysical exploration activities conducted by Mari Petroleum Company Limited (MPCL) in Pakistan. It discusses MPCL's operated and non-operated exploration blocks located across different basins in Pakistan. It also outlines the typical exploration cycle, including block evaluation, carving, bidding, award, and development. Key activities of MPCL discussed include seismic data acquisition and processing, well logging, petrophysical analysis, and reservoir modeling. Maps of MPCL's blocks and prospectivity zones in different basins are provided. The document serves as an internship report submitted to MPCL detailing the exploration work conducted during the internship period.
This document is a catalogue for Seiko watch collections for 2015-2016. It provides an overview of Seiko's history and innovations in watchmaking since 1881. It then profiles over 30 different watch collections categorized by gender, features, and intended uses (e.g. sport, dress, diving). For each collection, it lists models and provides brief descriptions and specifications. It also includes reference charts with technical details for all products and instructions for use.
The document announces the annual meeting of stockholders to be held on April 19, 2007 at 10:00 am at the cafeteria on the company's property. At the meeting, stockholders will vote to elect directors for the next year, ratify the appointment of Ernst & Young LLP as the independent registered public accounting firm for 2007, and consider any other matters properly brought before the meeting. Stockholders of record as of February 20, 2007 are entitled to vote. The company urges stockholders to vote promptly.
The document is a notice for the annual meeting of stockholders to be held on April 20, 2006. At the meeting, stockholders will vote to elect directors for the next year, ratify the appointment of Ernst & Young LLP as the company's independent registered public accounting firm for 2006, and consider any other matters properly brought before the meeting. Stockholders of record as of February 21, 2006 are entitled to vote. The company urges stockholders to vote their shares promptly.
The document announces Sprint Nextel Corporation's annual meeting of shareholders to be held on May 13, 2008 at 10:00am at a Hyatt hotel in Reston, Virginia. The purpose of the meeting is to elect nine directors, ratify the appointment of the independent auditing firm KPMG LLP, and vote on any shareholder proposals presented. Shareholders of record as of March 14, 2008 are entitled to vote. The meeting will cover routine annual matters like electing directors, appointing auditors, and considering shareholder proposals.
The document outlines the scope of work for developing and implementing an online recruitment system for the Federal Public Service Commission of Pakistan. It includes re-engineering existing software applications from Phase I to address bugs and inconsistencies. The scope also covers new software modules for Phase II, including a transport management system, travel management system, computer-based psychological assessment system, and others. It describes the existing issues with Phase I modules and functional requirements for the new systems. The proposal requests companies to submit technical proposals to complete this work.
This document announces the 2006 Regular Meeting of Shareholders of Best Buy Co., Inc. to be held on June 21, 2006 at their corporate campus. The meeting will address three items of business: 1) Electing four Class 1 directors to serve two-year terms on the board, 2) Ratifying the appointment of Deloitte & Touche LLP as the company's independent registered public accounting firm for the current fiscal year, and 3) Any other business that may properly come before the meeting. Shareholders as of April 24, 2006 are eligible to vote, and may do so by proxy via mail, phone or internet in advance of the meeting or in person at the meeting.
The Campus and Community Relations team was responsible for creating and distributing promotional materials for The Bully Pulpit Series and its events on campus and through social media. This included signs, fliers, and graphics to promote both the series and individual events. The team also helped coordinate volunteers and plan voter registration efforts. Through their work over the year, the team gained experience in brand management, graphic design, and event promotion while helping to encourage civic participation at the college.
The Campus and Community Relations team was responsible for creating and distributing promotional materials for The Bully Pulpit Series and its events on campus and in the community. The team created signs, posters, fliers and social media graphics to promote both the series and guest speakers. They also coordinated volunteers and helped with voter registration efforts in the spring. The team recommends that next year's group maintain a consistent brand, promote the overall series more, create detailed marketing plans for each event, and schedule events around the November election.
Social Safety Nets and Gender- Learning from Impact Evaluations and World Ban...Segen Moges
This document discusses social safety net programs and how they impact men and women. It analyzes impact evaluations and World Bank projects to understand outcomes. The document presents a framework for analyzing social safety nets and their gender impacts. It reviews results from impact evaluations on outcomes for women/men and girls/boys. It also discusses efficiency. Finally, it examines trends in how the World Bank has integrated gender considerations into its social safety net projects.
WSIS+10 Country Reporting - Rwanda (Republic of)Dr Lendy Spires
The document provides an overview of Rwanda's implementation of the WSIS action lines over the past decade to promote ICT for development. It discusses Rwanda's national ICT strategies (NICI plans) from 2000-2005, 2005-2010, and 2010-2015 to transform the country into a knowledge-based society by 2020. The strategies focused on creating an enabling environment, deploying infrastructure, and now developing ICT services and skills. It also outlines the various policies, initiatives and developments across each of the WSIS action lines to expand access to information, build capacity, strengthen security and the enabling environment, and leverage ICTs across multiple sectors in Rwanda.
Les atouts cachés de l’Enterprise Content Management - ICTJournalHervé Stalder
Employées en général afin de réaliser des gains d’efficience, les solutions d’ECM apportent d’autres atouts dans des branches spécifiques, de la conservation des oeuvres au contrôle qualité.
L’Enterprise Content Management (ou ECM) couvre un vaste éventail d’outils, de la numérisation de documents à leur recherche, en passant par leur stockage et leur utilisation par les collaborateurs. Souvent associé à l’idée déjà du bureau sans papier, l’ECM va beaucoup plus loin et trouve des applications dans quantité de secteurs avec d’autres objectifs que la seule rationalisation. Son utilisation dans les procédures légales (p. 34) et les deux cas concrets évoqués dans ce dossier illustrent à merveille ce potentiel et l’étendue de l’ECM.
Les apports de l’ECM coïncident ainsi de façon étonnante avec la mission qu’ont les musées, de conserver et de faciliter l’accès à leurs collections.
La plateforme mise en place par la Ville de Lausanne pour archiver ses oeuvres patrimoniales en est un vibrant exemple (p. 33). La cité a en effet créé un système d’information sur les collections renfermées dans ses musées. Des tableaux et des dessins, mais aussi des objets archéologiques ont ainsi été numérisés et un portail de recherche permet aux chercheurs et au public de rechercher et de visualiser les oeuvres sur la toile. Un projet original de mise en valeur du patrimoine reposant sur les fonctionnalités typiques de conservation, de partage et d’homogénéisation apportées par l’ECM. Un projet pourtant bien éloigné de la solution ECM déployée chez Dentsply Maillefer, tant par le domaine d’activité de l’entreprise que par ses objectifs. Loin des musées, Dentsply n’en travaille pas moins dans un secteur sensible, celui des instruments médicaux et dentaires (p. 35). Un domaine soumis aux règlementations sévères des différents pays dans lesquels le fabricant exporte ses instruments. Ces exigences ont poussé Dentsply à implémenter une solution permettant d’abord de documenter avec précision toutes les étapes de production de ses lots de fabrication et ensuite de retrouver facilement et rapidement les informations, notamment en cas d’audit. Ici donc aussi une solution ECM, mais avec des objectifs bien spécifiques de qualité et de traçage liés à la branche.
Publication dans ICTJournal de novembre 2012
The document provides an overview and analysis of clinical trials being conducted for ulcers on a global level in the first half of 2014. It summarizes the number of trials by region, with the most trials occurring in Asia-Pacific and Europe. The report also outlines the top countries contributing trials for each region and details clinical trials by phase, status, sponsor type, and recruited subjects over time. It concludes with profiles of prominent companies and institutions conducting ulcer trials.
Este documento presenta 9 actividades de repaso para el primer parcial de matemáticas para estudiantes de segundo año. Las actividades incluyen calcular valores numéricos de polinomios, desarrollar, reducir y ordenar polinomios, resolver ecuaciones y traducir enunciados verbales a ecuaciones matemáticas.
Este documento presenta una autoevaluación de un estudiante sobre su desempeño en varios criterios conceptuales, procedimentales y actitudinales relacionados con sus actividades de clase. El estudiante evalúa si siempre, generalmente, ocasionalmente o nunca cumplió con desarrollar todas las actividades indicadas, conseguir material adicional, repasar contenidos, alcanzar los objetivos, entregar trabajos entendibles y dentro de los parámetros, ser responsable y constante, y participar y respetar activamente en grupo.
Pío Gordillo es el propietario de una cadena de 10 supermercados ubicados en barrios de estrato socioeconómico medio de una ciudad de dos millones de habitantes. Comenzó su negocio comercial hace 40 años comprando y vendiendo productos en mercados semanales de pueblos cercanos, y transportándolos en su camión. A lo largo de los años expandió su negocio a la venta al por menor. Recientemente, su hija e hija mayor comenzaron a fabricar salsas, mayonesas y jugos para v
This CV summarizes an applicant's education and qualifications for an internship. They have a BSC and MSC in Computer Science, Oracle Database 10g certification, experience teaching and with MS Office, and computer courses in Linux, Oracle, MCSE, and CCNA. Their field of interest includes positions as an Oracle DBA and in Linux.
Solar energy market overview nov 25 2011_eng_finalJason_2011710
The document provides an overview of Ukraine's solar energy market, current status, and key legislation. It discusses Ukraine's high potential for solar development. Currently, the market is growing rapidly at an estimated 90% annually until 2015. Key legislation includes a green tariff that guarantees above-market rates for solar electricity through 2030, however investors remain concerned about legislative and regulatory instability. Major players in Ukraine's solar market are beginning to emerge, though development challenges around infrastructure, financing, and policy consistency remain.
This document is the user guide for PL/SQL Developer 8.0. It contains 11 chapters that describe how to install and use the various features of PL/SQL Developer 8.0. These features include writing and testing PL/SQL programs, performing ad hoc SQL queries, using the command window, creating and modifying database objects, using the DBMS scheduler, creating diagrams of database objects, and generating various reports. The document provides detailed instructions and reference information on each major feature area to help users be productive with PL/SQL Developer.
1) Many groups presented file replication systems they have developed and are using in production, including JLAB, SRB, Globus, GDMP, MAGDA, SAM, STAR, and BaBar.
2) The systems utilize various components like replica catalogs, file transfer services, storage interfaces, and scheduling/management layers to provide robust file replication capabilities.
3) Key topics of discussion included interfaces and standards for replication services, error handling, reliability, performance, and experience from different experiments. Groups expressed interest in further collaboration in these areas.
2008 Annual Report Wasso Hospital, Ngorongoro, TanzaniaChristian van Rij
2008 Annual Report of Wasso Hospital: Ngorongoro's District Designated Hospital.
In this report you will find some background information of our hospital and a summery of our achievements and challenges in 2008.
In this second installment of a three-part research paper series on the KOOBFACE botnet, Trend Micro threat researchers examine the botnet in more technical detail, chronicling its behavior and payloads.
Publication: Space Debris: Applied Technologies and Policy Prescriptionsstephaniclark
This document provides a comprehensive analysis of the problem of space debris and recommendations to facilitate debris elimination. It finds that tens of millions of pieces of debris exist in low Earth orbit, posing a threat to satellites and human spaceflight. While larger debris can be tracked, millions of smaller pieces cannot. The document examines debris detection and removal technologies and policies at international and domestic levels. It recommends that demonstration of technologies like ground-based lasers for small debris removal should be a priority, and that establishing agreed upon definitions through the UN would enhance international space policy. Overall, the analysis finds that cooperation is needed between countries and organizations to fully address the growing issue of space debris.
The operating manual provides instructions for the VITA Vacumat 4000 Premium T ceramic firing furnace. It describes the technical specifications and components of the furnace. It also outlines how to install and set up the furnace, select and modify firing programs, and use various service programs. Safety features and instructions are also reviewed.
This white paper discusses Seamless MPLS, an architecture that uses MPLS in access networks for benefits like scalability and flexibility. Key aspects include using MPLS Transport Pseudowires to connect network components across regions, with a control plane that scales through hierarchical BGP routing. The goal is a unified MPLS network from core to edge to simplify service delivery.
Colliers International Vietnam
Quarterly Knowledge Report for an economic overview and analysis on the Residence, Serviced Apartment, Office, Retail, Condominium, Villa/Townhouse and Industry Real Estate market in Vietnam.
Knowledge report on the real estate market and general economy of Vietnam. Including performance and rates of office, retail, residential and industrial property in both north and south Vietnam. The market is hot, now is the time to invest.
This document provides an introduction to creating graphical user interfaces (GUIs) with Perl/Tk. Perl/Tk allows developers to build GUI applications by combining the powerful scripting capabilities of Perl with Tk, a GUI toolkit. It discusses how Perl/Tk works, common widgets used to build interfaces, and geometry management techniques. The goal is to make easy tasks easy and more complex tasks possible for developers looking to create GUI applications with Perl.
This document provides an introduction to creating graphical user interfaces (GUIs) with Perl/Tk. Perl/Tk allows the powerful programming capabilities of Perl to be combined with the Tk widget toolkit to easily configure GUI applications. It summarizes the requirements for using Perl/Tk, which are Perl and the Tk module, and gives an overview of common widgets like buttons, labels, and menus that can be used to build basic interfaces. The document then discusses geometry management, common options for widgets, and Tk commands like bindings to create interactive applications.
C:\Documents And Settings\Junyang8\Desktop\Utap\Blogwang wangt
The document is a user guide for Campus Pack 2.8.17, which provides search, blogging, wikis, podcasts and personal websites features for course management systems.
The guide includes sections on how to use the Search LXTM tool to search course and institutional content, how to set up and use blogging, wikis and podcast tools for courses, and how to create and manage personal websites using Expo LXTM. It provides information on configuring and using the different features, and includes screenshots to illustrate the user interfaces.
This document provides an overview of BizTalk and discusses its key components and features. It covers topics like why BizTalk is useful, how its messaging engine works using publish/subscribe, developing the BizTalk environment, and includes examples of using various adapters like FTP and file. The document is organized into chapters that cover messaging basics and schemas, maps, and pipelines.
This document provides an introduction to ScalaCheck, a library for property-based testing in Scala. It discusses the key concepts of properties and generators in ScalaCheck and provides examples of defining simple properties, grouping properties, and using generators to generate random test data for properties. The document also demonstrates how to integrate ScalaCheck with other testing frameworks like ScalaTest and JUnit.
The document provides details on Link Resources' involvement in various biofuel and biomass energy projects, including:
1) Assisting a company in developing and planning a large cellulosic ethanol plant that would use municipal solid waste as a feedstock. Link was contracted for engineering, procurement, construction oversight, commissioning, and long-term operations.
2) Helping an Australian biodiesel company optimize their technology, start up their first large plant, and develop the infrastructure to expand into the North American market. Link's work included developing ISO-9000 compliant processes for quality control across the company's operations.
3) Providing evaluations and reviews to the Department of Energy and Department of Agriculture on various bio
This document provides summaries of multiple projects involving biofuels, biomass power plants, trigeneration facilities, and transition management. It describes Link's roles on projects including developing processes for an Australian biodiesel group, providing outage management for a biomass power plant, assisting with project development for a trigeneration CHP company, and aiding the transition of the Portsmouth Gaseous Diffusion Facility. The document serves as a reference of Link's past performance on various energy and facility transition projects.
The document provides details on Link Resources' involvement in various biofuel and biomass energy projects, including:
1) Assisting the development and planning of a large cellulosic ethanol plant that would convert municipal solid waste into ethanol using a strong acid process. Link was contracted for engineering oversight, commissioning, and long-term operations.
2) Completing the startup of Australian Biodiesel Group's first large biodiesel plant in Australia and developing their organization and processes to transition into the North American market, producing biodiesel from beef tallow.
3) Engaging with the Department of Energy and Department of Agriculture to evaluate various biofuel and biomass technology proposals seeking federal grants or loans
This document provides an introduction to the new BMW X3, including its dimensions, body design and materials. It discusses the bodyshell, doors, panoramic sunroof, strength, vibration and acoustic properties. Crash testing details are also summarized, covering head-on, side, and rear-end collisions as well as pedestrian protection. Exterior trims and interior equipment dimensions are briefly outlined.
Similar to Website in a Box or the Next Generation Hosting Platform (20)
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Website in a Box or the Next Generation Hosting Platform
1. Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
Website
in
a
Box
The
Next
Generation
Hosting
Platform
Slava
Vladyshevsky
Alex
Kostsin
2. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
2
Table
of
Contents
PLATFORM
OVERVIEW
....................................................................................................................................................
4
INFRASTRUCTURE
OVERVIEW
.................................................................................................................................................................
4
NETWORK
SETUP
OVERVIEW
..................................................................................................................................................................
6
PLATFORM
USER
ROLES
..................................................................................................................................................
7
PLATFORM
COMPONENTS
..............................................................................................................................................
8
PLATFORM
SERVICES
................................................................................................................................................................................
9
Stats
Collector
.........................................................................................................................................................................................
9
Stats
Database
.....................................................................................................................................................................................
11
Image
Registry
.....................................................................................................................................................................................
13
Image
Builder
.......................................................................................................................................................................................
15
Deployment
Service
............................................................................................................................................................................
16
Container
Provisioning
Service
.....................................................................................................................................................
17
Reporting
Service
................................................................................................................................................................................
19
Persistent
Volumes
.............................................................................................................................................................................
19
Volume
Sync-‐Share
Service
.............................................................................................................................................................
20
Persistent
Database
Storage
..........................................................................................................................................................
22
Database
Driver
.....................................................................................................................................................................................................................
23
Percona
XtraDB
Cluster
Limitations
.............................................................................................................................................................................
24
Secure
Storage
.....................................................................................................................................................................................
24
Identity
Management
Service
........................................................................................................................................................
26
Load-‐Balancer
Service
......................................................................................................................................................................
29
SCM
Service
............................................................................................................................................................................................
30
Workflow
Engine
................................................................................................................................................................................
32
SonarQube
Service
..............................................................................................................................................................................
35
Sonar
Database
....................................................................................................................................................................................
36
Sonar
Scanner
......................................................................................................................................................................................
36
PLATFORM
INTERFACES
........................................................................................................................................................................
40
API
Endpoints
.......................................................................................................................................................................................
40
Command
Line
Interfaces
...............................................................................................................................................................
40
Platform
CLI
.............................................................................................................................................................................................................................
40
Docker
CLI
................................................................................................................................................................................................................................
48
Web
Portals
...........................................................................................................................................................................................
48
Stats
Visualization
Portal
...................................................................................................................................................................................................
48
GitLab
Portal
............................................................................................................................................................................................................................
49
Sonar
Portal
.............................................................................................................................................................................................................................
50
Platform
Orchestration
Portal
.........................................................................................................................................................................................
50
OTHER
COMPONENTS
............................................................................................................................................................................
51
Docker
Engine
.........................................................................................................................................................................................................................
51
Docker
Containers
.................................................................................................................................................................................................................
51
PLATFORM
CAPACITY
MODEL
.....................................................................................................................................
52
PLATFORM
SECURITY
.....................................................................................................................................................
54
USER
NAMESPACE
REMAP
....................................................................................................................................................................
54
DOCKER
BENCH
FOR
SECURITY
............................................................................................................................................................
57
WEB
APPLICATION
SECURITY
..............................................................................................................................................................
57
PLATFORM
CHANGE
MANAGEMENT
..........................................................................................................................
59
DRUPAL
HOSTING
............................................................................................................................................................
60
DRUPAL
SITE
COMPONENTS
.................................................................................................................................................................
61
DRUPAL
CONTAINER
COMPONENTS
....................................................................................................................................................
62
DRUPAL
CONTAINER
PERFORMANCE
.................................................................................................................................................
64
Sizing
Considerations
........................................................................................................................................................................
64
Apache
vs.
NGINX
................................................................................................................................................................................
66
Performance
Test
................................................................................................................................................................................
67
Process
Size
Conundrum
..................................................................................................................................................................
69
3. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
3
DRUPAL
PROJECT
CREATION
................................................................................................................................................................
73
DRUPAL
WEBSITE
DEPLOYMENT
........................................................................................................................................................
76
Web
Project
Deployment
.................................................................................................................................................................
76
Web
Container
Deployment
...........................................................................................................................................................
80
Website
Deployment
Workflow
....................................................................................................................................................
80
EDITORIAL
WORKFLOW
........................................................................................................................................................................
81
CONTENT
PUBLISHING
...........................................................................................................................................................................
83
ACTIVE
DIRECTORY
STRUCTURE
...............................................................................................................................
85
GITLAB
REPOSITORY
STRUCTURE
.............................................................................................................................
87
MANAGEMENT
TASKS
AND
WORKFLOWS
...............................................................................................................
88
PLATFORM
STARTUP
.....................................................................................................................................................
91
BASE
OS
IMAGE
.................................................................................................................................................................
98
THE
OS
IMAGE
INSIDE
CONTAINER
....................................................................................................................................................
98
ONE
VS.
MULTIPLE
APPLICATIONS
......................................................................................................................................................
99
PROCESS
SUPERVISOR
............................................................................................................................................................................
99
QUICK
SUMMARY
.................................................................................................................................................................................
100
STORAGE
SCALABILITY
IN
DOCKER
........................................................................................................................
101
LOOP
LVM
............................................................................................................................................................................................
102
DIRECT-‐LVM
........................................................................................................................................................................................
102
BTRFS
...................................................................................................................................................................................................
103
OVERLAYFS
..........................................................................................................................................................................................
103
ZFS
.........................................................................................................................................................................................................
103
CONCLUSION
...................................................................................................................................................................
104
Figure
Register
Figure
1
-‐
Infrastructure
Diagram
....................................................................................................................................
5
Figure
2
-‐
Foundation
Infrastructure
Diagram
...........................................................................................................
6
Figure
3
-‐
High-‐level
Network
Diagram
.........................................................................................................................
7
Figure
4
-‐
Platform
Components
.......................................................................................................................................
8
Figure
5
-‐
cAdvisor
Web
UI:
CPU
usage
......................................................................................................................
10
Figure
6
-‐
InfluxDB
Web
Console
...................................................................................................................................
12
Figure
7
-‐
Image
Builder
UI
..............................................................................................................................................
15
Figure
8
-‐
Sonar
Project
Dashboard
.............................................................................................................................
38
Figure
9
-‐
Sonar
Issue
Report
..........................................................................................................................................
39
Figure
10
-‐
Stats
Visualization
and
Analysis
Portal
...............................................................................................
48
Figure
11
-‐
GitLab
Portal
...................................................................................................................................................
49
Figure
12
-‐
Sonar
Portal
.....................................................................................................................................................
50
Figure
13
-‐
Platform
Orchestration
Portal
.................................................................................................................
51
Figure
14
–
Platform
Capacity
Model
...........................................................................................................................
52
Figure
15
-‐
Drupal
CMS:
Configuration
Portal
.........................................................................................................
60
Figure
16
-‐
Drupal
Site
Components
............................................................................................................................
61
Figure
17
-‐
Web
Container
Components
....................................................................................................................
62
Figure
18
-‐
Stress
Test
Results
........................................................................................................................................
67
Figure
19
-‐
Drupal
Project
Creation
Process
............................................................................................................
73
Figure
20
-‐
Drupal
Project
Deployment
Process
.....................................................................................................
77
Figure
21
-‐
Website
Deployment
Workflow
.............................................................................................................
81
Figure
22
-‐
Editorial
Workflow
.......................................................................................................................................
82
Figure
23
-‐
Content
Publishing
Process
......................................................................................................................
84
Figure
24
-‐
Example:
MS
Active
Directory
Structure
............................................................................................
85
4. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
4
Platform
Overview
This
document
provides
in
depth
overview
for
the
Proof
of
Concept
project,
hereinafter
POC,
for
container-‐based
LAMP
web
hosting.
This
POC
project
has
been
performed
to
verify
technical
feasibility
and
architectural
assumptions
as
well
as
to
demonstrate
the
prospect
customer
our
expertise
in
this
domain.
It’s
assumed
that
this
project
or
its
parts
will
be
adopted
and
productized.
No
clear
requirements
have
been
provided.
Therefore,
the
overall
design
and
architectural
decisions
have
been
mostly
governed
by
the
following
assumptions:
• The
platform
must
provide
fully
managed
website
placeholders
that
will
be
populated
with
customer-‐provided
code
and
assets;
• The
platform
must
provide
LAMP
(Linux,
Apache,
PHP,
MySQL)
run-‐time
environment;
• The
platform
architecture
must
be
similar
to
existing
Windows
hosting
platform;
• The
platform
must
guarantee
high-‐availability
for
production
workloads;
• The
platform
must
prevent
the
noisy-‐neighbors
effect,
i.e.
websites
sharing
the
same
infrastructure
must
not
impact
each
other
performance;
• The
platform
must
support
different
website
sizes
and
resource
allocation
profiles;
• The
platform
must
guarantee
resources
and
be
able
to
report
on
their
usage;
From
early
project
stages
it’s
been
assumed
that
hosting
platform
will
utilize
Linux
containers
technology
popularized
by
Docker
and
often
referred
to
as
Docker
Containers.
Obviously,
Docker
is
a
good
fit
for
such
hosting
platform
since
Docker
Containers:
• Allowing
for
much
higher
workload
density
than
VMs;
• Providing
enough
workload
isolation
and
containment;
• Enabling
granular
resource
management
and
reporting;
• Considered
the
future
of
PaaS.
Soon
it
became
apparent
that
there
is
much
more
required
than
Docker
alone
for
supporting
platform
requirements
and
some
additional
services
and
components
are
essential
for
providing
reliable
hosting
services.
Over
time,
the
set
of
Docker
containers
and
bunch
of
scripts
to
manage
them
evolved
into
the
real
platform
with
well-‐defined
services,
components
and
interfaces
between
them.
Operational
procedures
and
workflows
have
been
automated
and
exposed
via
different
interface
to
enable
future
integration
and
instrumentation.
The
platform
architecture,
design
approach
and
processes
heavily
relying
on
Twelve-‐Factor
App
principles.
For
more
details
see
https://12factor.net/.
Infrastructure
Overview
Originally
the
platform
has
been
built
on
top
of
Kubernetes
cluster
for
simplified
container
scheduling
and
orchestration.
Due
to
the
lack
of
expertise
in
Support
Organization
and
little
acceptance
within
the
account
team,
this
approach
has
been
discontinued
and
Platform
Infrastructure
setup
followed
and
adopted
as
much
as
possible
existing
Windows
hosting
platform
architecture.
5. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
5
Figure
1
-‐
Infrastructure
Diagram
The
POC
farm
infrastructure
is
mimicking
existing
web-‐farm
setup
for
Windows
hosting:
• All
inbound
network
traffic
is
passing
CDN/WAF;
• The
network
is
split
into
two
security
zones:
DMZ
and
TRUST;
• The
front-‐end
services
and
service
components
are
hosted
in
DMZ
subnet;
• The
back-‐end
and
secured
components
are
located
in
TRUST
subnet;
• When
coming
from
CDN/WAF,
the
network
traffic
is
passing
firewalls
and
load-‐balancers;
• Production
HTTP/S
VIPs
are
passing
traffic
to
HA
pair
of
web
instances;
• Other
HTTP/S
VIPs,
e.g.
Staging
are
passing
traffic
to
a
singe
end-‐point;
• The
TRUST
subnet
contains
DB
servers:
a
cluster
for
production
workloads
and
a
single
instance
for
staging
use;
• All
platform
services
and
components
are
running
in
corresponding
containers
with
exception
for
DB
instances,
which
are
running
directly
on
host
OS.
There
is
additional
shared
farm,
so
called
Utility
or
Foundation,
one
per
DC,
where
various
utility
services
shared
across
multiple
farms
and
websites
being
hosted.
For
production
deployment
it
may
be
beneficial
from
security
standpoint
to
place
some
foundation
services
into
TRUST
subnet.
6. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
6
Figure
2
-‐
Foundation
Infrastructure
Diagram
It
is
envisioned
that
existing
foundation
farm
will
need
to
be
extended
with
at
least
two
additional
systems
for
providing
required
foundation
services.
This
is
assuming
that
the
rest
of
existing
foundation
services
such
as
Active
Directory,
DNS,
SMTP,
NTP,
…
will
be
shared
with
the
new
platform.
Network
Setup
Overview
The
diagram
below
is
showing
a
logical
view
on
the
hosting
network
structure.
It’s
worth
mentioning
that
besides
TRUST
and
DMZ
VLANs,
the
Docker
is
adding
one
more
layer
of
indirection
by
creating
at
least
one
network
bridge
per
Docker
host
to
pass
traffic
between
containers
and
external
world.
There
are
number
of
solutions
emerged
over
past
couple
years,
bringing
SDN
and
network
virtualization
capabilities
to
container
eco-‐system.
During
this
POC
project
we
won’t
be
exploring
these
network
abstraction
solutions
and
will
use
standard
network
stack
provided
by
Docker.
7. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
7
Figure
3
-‐
High-‐level
Network
Diagram
Platform
User
Roles
The
user
role
definition
is
tightly
bound
to
the
definition
scope.
The
following
scopes
defined:
• Platform
Scope
–
platform-‐wide
scope,
including
all
hosted
organizations
and
applications;
• Organization
Scope
–
includes
organization
owned
objects
and
applications;
• Application
Scope
–
includes
objects
and
components
pertinent
to
a
given
application;
Specific
user
roles
and
their
mapping
will
be
dictated
by
the
particular
use-‐case
and
processes
accepted
within
hosting
organization.
For
the
sake
of
simplicity
we’ll
assume
the
following
major
roles
defined
in
the
scope
of
proposed
hosting
platform:
• Authorized
User
–
a
user
that
passed
authentication
and
has
been
assigned
corresponding
permissions:
o Administrator
–
a
management
user
performing
administrations
tasks;
o Developer
–
a
developer,
an
individual
writing
and
testing
the
code;
o Content
Manager
–
an
editor,
an
individual
authoring
and
managing
the
web
site
content;
• Anonymous
User
–
a
website
visitor
coming
from
the
public
Internet;
The
Identity
Management
(IdM)
Service
performs
mapping
between
user
identity
and
its
associated
roles.
This
is
implemented
using
LDAP
grouping
mechanisms.
8. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
8
Things
to
keep
in
mind:
• User
role
depending
on
the
scope,
e.g.
one
user
may
be
Developer
in
one
organization
and
act
as
Content
Manager
in
other
organization.
While
this
is
possible,
generally
such
cross-‐
organization
role
assignments
are
discouraged;
• One
may
differentiate
Platform
User
Roles
and
Application
User
Roles
for
the
Applications
deployed
on
the
platform.
However,
both
user
types
are
authenticated
and
authorized
using
the
same
IdM
Platform
Service
and
as
such
making
no
real
difference.
For
example
Drupal
user
roles
are
subset
of
platform
user
roles;
• Both
Applications
and
Platform
using
IdM
Service
currently,
however,
it’s
not
a
mandatory
requirement.
Additional
or
alternative
Authentication
Mechanisms
may
be
used
too.
For
example
many
Platform
services
have
local
user
database
and
local
administrative
accounts
in
order
to
be
able
to
act
autonomously
in
case
of
IdM
Service
failure
or
other
issues;
• The
website
visitor
is
not
required
to
pass
authentication
and
granted
the
Anonymous
User
role
by
default.
Platform
Components
Below
is
the
high-‐level
diagram
of
the
Platform
components.
Connectors
depicting
major1
communication
channels
and
interactions
between
services
and
generally
may
be
seen
as
the
“using”
statement.
The
dotted-‐line
connectors
are
showing
alternative
path.
Figure
4
-‐
Platform
Components
1
Major
is
referring
to
the
fact
that
some
dependencies
are
not
shown
to
avoid
diagram
clutter.
E.g.
pretty
much
all
platform
components
depending
on
Persistent
Volumes
and
this
is
not
depicted
here.
9. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
9
Different
components
marked
with
different
colors
to
differentiate
their
types:
• Red
components
are
administrative
or
management
portals;
• Yellow
components
are
Platform
Services,
generally
speaking
–
containers;
• Blue
components
are
development
portals;
• Grey
components
are
general-‐purpose
platform
building
blocks;
• Green
components
are
hosted
website
instances
the
user
interacting
with.
The
following
platform
Actors
defined:
• Admin
–
platform
administrator;
• Dev
–
website
developer;
• Website
User
–
both
content
manager
and
public
Internet
user.
Platform
Services
Below
is
a
short
overview
for
the
Platform
Services.
For
every
Service
it
is
providing
description
of
its
role,
dependencies
as
well
as
configuration
and
usage
examples.
The
service
startup
instructions
in
this
chapter
are
provided
for
demonstration
purposes
only.
Normally
services
are
expected
to
boot
in
automated
manner,
for
example
using
Docker
Composer
scripts.
By
using
Composer
we
can
ensure
repeatable
and
consistent
configuration
as
well
as
reliable
service
startup
and
recovery.
See
the
Platform
Startup
chapter
for
additional
details.
Stats
Collector
Platform
Stats
Collector
is
a
stateless
service
implemented
as
container
running
on
every
Docker
host
and
collecting
resource
usage
stats
exposed
by
Docker
Engine
using
Google
cAdvisor
application
https://github.com/google/cadvisor.
The
quote
from
the
project
page:
“The
cAdvisor
(Container
Advisor)
provides
container
users
an
understanding
of
the
resource
usage
and
performance
characteristics
of
their
running
containers.
It
is
a
running
daemon
that
collects,
aggregates,
processes,
and
exports
information
about
running
containers.
Specifically,
for
each
container
it
keeps
resource
isolation
parameters,
historical
resource
usage,
and
histograms
of
complete
historical
resource
usage
and
network
statistics.
This
data
may
be
exported
either
by
container
or
machine-‐wide.
The
cAdvisor
has
native
support
for
Docker
containers
and
should
support
just
about
any
other
container
type
out
of
the
box.”
Current
setup
assumes
that
Stats
Collector
is
using
Stats
DB
service
for
storing
metrics
collected
from
the
Docker
Engine.
Therefore
Stats
Collector
depends
on
Stats
DB
service
and
Docker
Engine
APIs
and
must
be
deployed
and
booted
accordingly.
Alternatively,
it’s
possible
to
use
https://github.com/kubernetes/heapster
for
stats
aggregation
and
resource
monitoring
for
more
complex
deployments
or
query
Docker
API
directly,
if
more
control
or
flexibility
is
required.
Although
cAdvisor
instances
may
be
accessed
directly
and
providing
Web
UI
for
metric
visualization,
the
more
practical
approach
is
to
export
collected
stats
to
external
database
that
may
be
used
for
arbitrary
data
aggregation,
reporting
and
analysis
tasks.
The
cAdvisor
does
provide
multiple
storage
drivers
out
of
the
box.
Current
implementation
is
using
InfluxDB
time-‐
series
database
for
storing
collected
measurements.
Below
is
an
example
of
the
chart
produced
by
cAdvisor
in
runtime.
It
has
quite
limited
practical
usage
if
at
all
and
provided
just
for
reference
purposes.
10. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
10
Figure
5
-‐
cAdvisor
Web
UI:
CPU
usage
Below
is
an
example
command
for
running
cAdvisor
container:
$
docker
run
-‐-‐name=cadvisor
-‐-‐hostname=`hostname`
-‐-‐detach=true
-‐-‐restart=always
-‐-‐cpu-‐shares
100
-‐-‐memory
500m
-‐-‐memory-‐swap
1G
-‐-‐userns=host
-‐-‐publish=8080:8080
-‐-‐volume=/:/rootfs:ro
-‐-‐volume=/var/run:/var/run:rw
-‐-‐volume=/sys:/sys:ro
-‐-‐volume=/var/lib/docker/:/var/lib/docker:ro
google/cadvisor:v0.24.0
-‐storage_driver=influxdb
-‐storage_driver_db=cadvisor
-‐storage_driver_host=${INFLUXDB_HOST}:8086
-‐storage_driver_user=${INFLUXDB_RW_USER}
-‐storage_driver_password="${INFLUXDB_RW_PASS}"
The
cAdvisor
is
still
an
evolving
project
and,
unfortunately,
having
own
shortcomings,
for
example
it’s
only
accepting
configuration
values
via
command
line
options.
Neither
configuration
files
nor
ENV
variables
currently
supported.
One
of
the
issues
directly
following
form
this
–
the
DB
credentials
passed
as
command
line
parameters
in
clear
text
and
can
be
seen
in
the
process
list.
There
are
several
things
to
keep
in
mind:
• Unless
default
database
scheme
and
credentials
used,
they
must
be
provided
too
as
storage
driver
parameters.
The
database
scheme
must
be
created
prior
to
storing
collected
metrics;
11. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
11
• The
cAdvisor
does
not
store
collected
metrics
for
more
than
120sec
by
default.
Therefore,
if
database
connection
is
interrupted,
the
resource
metrics
are
lost.
Depending
on
your
specific
environment
setup
and
requirements
it
may
be
a
good
idea
to
review
and
adjust
default
buffering
and
flushing
settings;
• More-‐less
obvious
observation:
the
more
containers
running
on
the
host,
the
more
resources
will
cAdvisor
consume
and
the
more
traffic
will
flow
between
cAdvisor
instance
and
storage
backend.
Consequently:
o It’s
a
good
idea
to
limit
cAdvisor
resource
usage
to
avoid
impacting
production
workloads.
On
the
other
hand,
pulling
the
belt
too
tight
may
have
adverse
affects
on
metrics
collection
itself.
The
constraints
provided
in
example
above
are
for
demonstration
purposes
only
and
must
be
adjusted
for
specific
setup
and
environment;
o For
busy
hosts
with
high
container
density
it’s
recommended
to
adjust
cAdvisor
buffering,
caching
and
flushing
parameters
for
the
best
performance.
For
example:
cAdvisor
is
collecting
metrics
during
the
1min
time
frame
and
flushing
them
in
a
single
transaction.
In
certain
scenarios
increasing
this
time
frame
may
improve
performance
without
impacting
monitoring
granularity;
• The
cAdvisor
requires
elevated
permissions
(-‐-‐userns=host),
since
it
is
accessing
some
objects
in
the
Docker
host
namespace;
• The
cAdvisor
project
does
not
enforce
security
by
default,
which
leaves
us
with
three
possible
options
for
running
this
service.
All
these
options
have
been
explored
during
the
POC
project
and
providing
the
balance
between
security
and
complexity:
o Insecure:
using
default
credentials
for
storage
driver.
No
additional
options
required;
o Kind-‐of-‐secure:
providing
storage
driver
credentials
as
command-‐line
parameters,
so
they
will
show
up
in
the
process
list;
o Secure:
creating
a
custom
build
and
image
for
cAdvisor
that
will
handle
and
pass
credentials
securely.
• It’s
unlikely
that
cAdvisor
Web
UI
itself
is
going
to
be
used
for
production
deployment
monitoring,
therefore
it’s
recommended
to
avoid
publishing
cAdvisor
Web
UI
ports;
• The
cAdvisor,
being
a
part
of
Kubernetes
project
is
quickly
evolving
and
new
versions
appearing
quite
often.
Although
common
practice
is
to
use
the
“latest”
image
version,
it’s
recommended
to
standardize
on
and
run
specific
cAdvisor
version
across
all
deployments
for
consistent
and
predictable
behavior
and
results.
Stats
Database
All
metrics
gathered
by
Stats
Collector
service
are
passed
to
and
persisted
by
Stats
Database
service.
This
service
is
implemented
as
Docker
container
located
on
utility
host
in
foundation
farm
and
running
InfluxDB
time-‐series
database
https://github.com/influxdata/influxdb.
Depending
on
specific
requirements
different
storage
back-‐ends
may
be
used
in
place
of
InfluxDB.
The
choice
has
been
made
in
favor
of
InfluxDB
for
the
following
reasons:
• Simple
and
self-‐contained
database
without
external
dependencies;
• Purpose
made
database
for
time-‐series
metric
storage
and
querying;
• Supported
by
and
integrated
into
many
modern
deployment
stacks
and
platforms;
• Provides
several
storage
engines
geared
towards
real-‐time
data
processing;
• REST
API
driven
for
both
management,
data
ingestion
and
processing;
• Supporting
SQL-‐like
InfluxQL
language
for
querying
database;
• Provides
flexible
controls
and
data
retention
policies;
• Scalable
and
supports
clustering;
12. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
12
The
Stats
Database
service
is
indirectly
depending
on
Image
Registry
service,
since
its
image
being
pulled
from
registry
by
the
Docker
Engine
during
the
service
container
startup.
Other
than
that,
assuming
standalone
(non-‐clustered)
deployment,
the
Stats
Database
service
is
self-‐sufficient
and
being
used
by
other
services
and
components
such
as:
• The
Stats
Visualization
portal
–
is
querying
Stats
Database
for
visualized
resource
metrics;
• The
Reporting
service
–
is
querying
Stats
Database
for
compiling
various
usage
reports;
• The
Stats
Collector
–
is
periodically
storing
measurements
in
the
Stats
Database.
The
InfluxDB
is
also
providing
web
console
for
basic
management
and
querying
operations.
Figure
6
-‐
InfluxDB
Web
Console
Here
is
an
example
for
running
InfluxDB
container:
$
docker
run
-‐-‐name=influxdb
-‐-‐detach=true
-‐-‐restart=always
-‐-‐cpu-‐shares
512
-‐-‐memory
1G
-‐-‐memory-‐swap
1G
-‐-‐volume=${VOL_DATA}/influxdb:/influxdb
-‐-‐publish
8083:8083
-‐-‐publish
8086:8086
-‐-‐expose
8090
-‐-‐expose
8099
-‐-‐env
ADMIN_USER="root"
-‐-‐env
PRE_CREATE_DB=cadvisor
${REGISTRY}/influxdb
In
some
cases
there
may
be
a
need
to
have
separate
user
accounts
with
varying
access
levels.
The
user
with
write
permissions
may
be
used
for
storing
stats
in
the
DB
and
read-‐only
user
may
be
used
for
reporting
and
monitoring
activities.
Let’s
create
users
with
read
and
write
permissions:
$
cat
<<"EOT"
|
docker
exec
-‐i
influxdb
/usr/bin/influx
-‐username=root
-‐password=root
-‐path
-‐
CREATE
DATABASE
cadvisor
CREATE
USER
writer
WITH
PASSWORD
'<writer
password>'
CREATE
USER
reader
WITH
PASSWORD
'<reader
password>'
GRANT
WRITE
ON
cadvisor
TO
writer
GRANT
READ
ON
cadvisor
TO
reader
EOT
13. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
13
Now,
we
will
list
available
databases
using
InfluxDB
client:
$
echo
"show
databases"
|
docker
exec
-‐i
influxdb
/usr/bin/influx
-‐username=root
-‐password=root
-‐path
-‐
Visit
https://enterprise.influxdata.com
to
register
for
updates,
InfluxDB
server
management,
and
monitoring.
Connected
to
http://localhost:8086
version
0.10.3
InfluxDB
shell
0.10.3
>
name:
databases
-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
name
cadvisor
_internal
Things
to
keep
in
mind:
• For
the
sake
of
simplicity
InfluxDB
is
deployed
as
standalone
instance
and
therefore
it
is
not
resilient
to
service
failures
resulting
in
data
loss
until
service
is
recovered.
It’s
recommended
to
deploy
InfluxDB
cluster
for
production
deployments;
• The
database
size
on
disk
will
depend
on
retention
policies
and
amount
of
metrics
collected
over
time.
The
policies
and
retention
rules
will
need
to
be
adjusted
for
production
use
and
on
case-‐by-‐case
basis;
• The
service
(container)
memory
consumption
will
depend
on
configured
storage
engine,
amount
of
metrics
collected
and
configuration
settings.
Those
settings
will
need
to
be
adjusted
for
production
use,
keeping
in
mind
resource
constraints;
• InfluxDB
provides
multiple
interfaces
for
monitoring
and
data
querying,
including
database
client
application,
client
libraries
for
most
popular
languages
as
well
as
REST
API
endpoint;
• This
project
is
using
custom
built
image
for
InfluxDB
for
automating
and
simplifying
basic
setup
and
management
tasks.
It
may
behave
differently
comparing
to
default
image
provided
by
the
vendor.
Image
Registry
All
container
images
used
by
the
POC
project
are
stored
in
the
local
image
repository
provided
by
Image
Registry
service.
This
service
is
implemented
as
the
Docker
container
located
on
utility
host
in
the
foundation
farm
and
running
Docker
Distribution
https://github.com/docker/distribution
application.
Whenever
new
container
image
is
built
–
it
is
stored
in
the
Image
Registry.
Whenever
new
container
created,
its
image
being
pulled
from
this
repository.
More
details
and
examples
can
be
found
in
Docker
Distribution
project
documentation
on
the
following
link
https://github.com/docker/distribution/blob/master/docs/deploying.md.
Being
one
of
the
base
services,
the
Image
Registry
is
self-‐contained
and
does
not
depend
on
other
Platform
services.
At
the
same
time
the
Image
Registry
is
not
used
directly
by
Platform
services.
Usually,
it
is
used
indirectly,
when
Docker
Engine
cannot
find
required
image
in
the
local
image
storage
on
particular
host.
In
this
case
the
image
is
being
queried,
validated
and
pulled
from
the
Image
Registry.
Here
is
an
example
for
setting
up
image
registry
service.
First
of
all
we’ll
setup
certificates.
The
SSL
keys
will
need
to
be
generated
only
once,
but
have
to
be
deployed
on
every
Docker
host:
14. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
14
#
executed
only
once:
generating
self-‐signed
registry
certificate,
CN=registry.poc
$
mkdir
-‐p
~/certs
$
openssl
req
-‐newkey
rsa:4096
-‐nodes
-‐sha256
-‐x509
-‐days
365
-‐subj
"/C=DE/ST=HE/L=Frankfurt/O=VZ/OU=MH/CN=registry.poc/emailAddress=admin@vzpoc.com"
-‐keyout
~/certs/registry.key
-‐out
~/certs/registry.crt
#
executed
on
each
Docker
host:
#
-‐
deploying
certificates
to
the
Docker
certificate
store
$
mkdir
-‐p
/etc/docker/certs.d/registry.poc:5000
$
cp
certs/registry.crt
/etc/docker/certs.d/registry.poc:5000/ca.crt
#
-‐
restarting
docker
to
activate
certificates
$
systemctl
restart
docker.service
Next,
we’ll
set
up
host
volumes
and
configuration
for
the
Image
Registry
service
container:
$
mkdir
-‐p
/var/data/registry/{certs,config,data}
$
[
-‐d
~/certs
]
&&
cp
~/certs/*
/var/data/registry/certs
$
cat
<<EOT
>
/var/data/registry/config/config.xml
version:
0.1
log:
level:
info
formatter:
text
fields:
service:
registry
environment:
production
storage:
cache:
layerinfo:
inmemory
filesystem:
rootdirectory:
/var/lib/registry
http:
addr:
:5000
tls:
certificate:
/certs/registry.crt
key:
/certs/registry.key
debug:
addr:
:5001
EOT
Eventually,
we’ll
start
registry
service
and
validate
that
it
can
be
accessed
over
HTTPS:
#
starting
Docker
container
with
registry
service
$
docker
run
-‐-‐name
registry
-‐-‐hostname
registry.poc
-‐-‐detach=true
-‐-‐restart=always
-‐-‐env
REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt
-‐-‐env
REGISTRY_HTTP_TLS_KEY=/certs/registry.key
-‐-‐volume
/var/data/registry/certs:/certs:ro
-‐-‐volume
/var/data/registry/data:/var/lib/registry:rw
-‐-‐volume
/var/data/registry/config:/etc/docker/registry:ro
-‐-‐publish
5000:5000
registry:2.5
#
verifying
registry
is
working,
registry.poc
name
should
resolve
to
IP
owned
by
the
registry
service
$
docker
tag
busybox
registry.poc:5000/poc/busybox:v1
$
docker
push
registry.poc:5000/poc/busybox:v1
$
curl
-‐-‐cacert
~/certs/registry.crt
-‐X
GET
https://registry.poc:5000/v2/poc/busybox/tags/list
{"name":"poc/busybox","tags":["v1"]}
15. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
15
Things
to
keep
in
mind:
• Most
container
images
are
stored
in
the
locally
hosted
Image
Registry,
however,
some
images
are
pulled
from
outside
repositories
to
avoid
circular
dependencies
during
the
service
startup:
o The
Docker
Distribution
container
image
is
provided
by
Docker
and
pulled
from
external
registry
https://hub.docker.com/r/distribution/registry/
o The
Google
cAdvisor
container
image
is
provided
by
Google
and
pulled
from
the
external
registry
https://hub.docker.com/r/google/cadvisor/
o The
GitLab
container
image
is
provided
by
GitLab
community
and
pulled
from
the
external
registry
https://hub.docker.com/r/gitlab/gitlab-‐ce/
• For
the
sake
of
simplicity
the
Image
Registry
service
is
deployed
as
standalone
instance
and
therefore
is
not
resilient
to
service
failures.
The
HA
deployment
is
recommended
for
production
use;
• Current
implementation
is
not
using
any
authentication
or
authorization
mechanisms,
thus
allowing
any
user
to
access
container
images.
Although
this
service
is
only
used
inside
internal
secure
perimeter,
it’s
recommended
to
implement
RBAC
policies
or
at
least
strong
authentication
mechanism
for
production
deployments;
• Due
to
security
considerations
all
traffic
is
encrypted
and
service
access
is
only
possible
using
HTTPS
protocol
as
a
transport.
Depending
on
security
requirements
there
may
be
a
need
to
create
and
sign
service
SSL
keys
using
trusted
CA.
Current
implementation
is
using
self-‐signed
CA
and
keys.
For
this
to
work,
those
self-‐signed
keys
must
be
added
to
Docker
certificate
store
on
every
Docker
host
that
is
communicating
with
“Image
Registry”
service;
• Obviously,
there
is
a
trade-‐off
with
known
pro’s
and
contras,
when
implementing
local
registry
comparing
to
externally
hosted
container
registry.
For
this
project
it’s
been
decided
to
use
local
registry,
however,
nothing
prevents
using
external
Image
Registry
service.
This
is
assuming
that
service
integration
has
been
performed,
service
availability,
security
and
access
issues
have
been
addressed.
Image
Builder
This
service
is
implemented
as
Platform
management.
Currently,
new
image
builds
have
to
be
triggered
manually
after
Docker
files
have
been
modified,
however,
nothing
is
speaking
against
automating
this
step
and
triggering
image
build
upon
certain
event,
for
example
container
image
code
or
configuration
changes.
Figure
7
-‐
Image
Builder
UI
16. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
16
There
are
no
services
depending
on
Image
Builder.
The
Image
Builder
itself
is
directly
depending
on
SCM
service
and
indirectly
on
Image
Registry
where
fresh
built
images
being
pushed
to.
Obviously,
some
secrets
such
as
keys
and
credentials
must
be
used
during
the
container
image
build
stage.
There
is
a
nice
write
up
providing
good
summary
for
available
solutions
and
options.
See
http://elasticcompute.io/2016/01/22/build-‐time-‐secrets-‐with-‐docker-‐containers/.
Currently,
container
images
can
be
built
in
two
modes:
• Build:
container
image
is
built
from
scratch
and
properly
tagged;
• Release:
after
performing
image
build
the
image
is
undergoing
tests
and,
if
successful,
pushed
to
the
image
repository,
thus
becoming
available
for
deployment.
Things
to
keep
in
mind:
• Although
container
build
workflow
does
include
the
step
for
executing
tests,
currently,
there
are
no
actual
tests
provided.
Special
care
should
be
taken
and
container
images
must
be
tested
manually
prior
to
deploying
and
using
them;
• Sometimes,
when
memory
becomes
scarce
(multiple
SonarQube
analysis
running)
–
the
image
rebuild
process
may
fail
with
error
messages
indicating
lack
of
memory.
It’s
indicating
some
memory
leaks
in
Docker
and
hopefully
will
be
fixed
in
the
upcoming
releases.
This
should
not
occur
though
in
environments
with
sufficient
memory
allocation;
• The
Docker
files
for
images
have
been
built
considering
image
caching,
therefore
often
image
rebuilds
must
not
create
significant
load.
At
the
same
time
image
caching
may
become
a
source
of
hard-‐to-‐track
issues,
therefore
administrators
may
need
to
pay
a
special
care
to
the
local
image
store
and
cached
images
on
the
systems
where
builds
are
performed.
Deployment
Service
By
using
Deployment
service
we
can
ensure
that
all
projects
are
following
naming,
security,
configuration
and
deployment
standards
and
conventions.
They
can
be
easily
identified,
managed
and
recreated
in
a
standard
and
repeatable
way.
See
the
Drupal
Website
Deployment
chapter
for
additional
details
and
examples.
All
project
deployment
tasks
are
handled
by
this
service,
namely:
• Checking
requested
parameters
against
naming
standards;
• Choosing
the
target
location
based
on
user
inputs
or
defaults;
• Validating
that
target
location
is
ready
for
deployment;
• Cloning
requested
project
version
from
the
code
repository;
• Cloning
required
add-‐on
projects
from
the
code
repository;
• Deploying
code
to
the
target
location;
• Running
configuration
instructions
and
setup
procedures;
The
Deployment
service
is
completely
decoupled
from
containers
or
other
infrastructure
semantics.
From
a
high-‐level
perspective
the
relationship
between
related
components
can
be
described
as:
• Container
Provisioning
Service
is
deploying
well
defined
pre-‐configured
containers;
• Containers
are
encapsulating
applications
and
are
immutable
or
read-‐only.
All
volatile
and
mutable
objects
such
as
content,
log
files,
temporary
files,
etc.
are
persisted
on
volumes
or
using
other
persistence
mechanisms
such
as
Database
Storage;
• Deployment
Service
is
populating
host
volumes
with
application
objects
such
as
code,
configuration,
content,
etc.
Those
host
volumes
are
mapped
to
container
volumes
and
thus
becoming
available
to
execution
runtime
inside
corresponding
containers.
17. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
17
The
Deployment
service
is
used
by
Deployment
workflows
via
corresponding
Platform
CLI
calls.
The
service
itself
is
having
several
dependencies:
• Secure
Storage
–
used
to
query
various
credentials
and
sensitive
information;
• SCM
Service
–
used
to
clone
requested
projects
and
their
dependencies;
• Persistent
Volumes
–
used
for
deployment
targets
to
store
project-‐related
objects;
• Persistent
Database
Storage
–
may
be
indirectly
used
by
project
setup
scripts,
for
example
for
creating
database
scheme
for
the
project
or
populating
required
database
objects.
Things
to
keep
in
mind:
• The
Deployment
service
is
not
making
orchestration
decisions
and
therefore
must
be
provided
the
target
location
specification
by
upstream
caller.
This
is
done
on
purpose
to
keep
orchestration
logic
and
mechanisms
separate
from
deployment
semantics;
• The
Deployment
service
is
a
part
of
Platform
CLI
component
and
as
such
uses
platform
configuration,
settings
and
naming
standards;
• Since
provisioning
tasks
may
involve
multiple
hosts
or
be
invoked
remotely,
it
is
required
that
password-‐less
(key-‐based)
SSH
access
is
configured
between
the
master
and
slave
nodes;
• Deployment
service
does
just
that
–
deploying
projects
to
target
locations
according
to
well-‐defined
rules
and
naming
standards.
It
does
not
care,
nor
making
assumptions
about
the
applications,
custom
code
or
content
used
by
applications
deployed
inside
containers
as
long
as
projects
following
defined
project
structure.
Container
Provisioning
Service
All
container
provisioning
and
de-‐provisioning
operations
are
handled
by
this
service,
which
is
translating
requested
actions
into
corresponding
Docker
commands
and
API
calls.
It
is
still
possible
to
create
arbitrary
containers
using
Docker
client
or
APIs,
however,
for
the
sake
of
consistency
this
approach
is
discouraged.
This
can
be
best
explained
by
the
following
example.
Let’s
provision
new
web
container
using
Docker
CLI:
$
docker
run
-‐-‐name
d7-‐demo
-‐-‐hostname
wbs1
-‐-‐detach=true
-‐-‐restart=on-‐failure:5
-‐-‐security-‐opt
no-‐new-‐privileges
-‐-‐cpu-‐shares
16
-‐-‐memory
64m
-‐-‐memory-‐swap
1G
-‐-‐publish
10.169.64.232:8080:80
-‐-‐publish
10.169.64.232:8443:443
-‐-‐volume
/var/web/stg/root/d7-‐demo:/var/www
-‐-‐volume
/var/web/stg/data/d7-‐demo:/var/data
-‐-‐volume
/var/web/stg/logs/d7-‐demo:/var/log
-‐-‐volume
/var/web/stg/temp/d7-‐demo:/var/tmp
-‐-‐volume
/var/web/stg/cert/d7-‐demo:/etc/ssl/web
-‐-‐tmpfs
/run:rw,nosuid,exec,nodev,mode=755
-‐-‐tmpfs
/tmp:rw,nosuid,noexec,nodev,mode=755
-‐-‐env-‐file
/opt/deploy/container.env
-‐-‐label
container.env=stg
-‐-‐label
container.size=small
-‐-‐label
container.site=d7-‐demo
-‐-‐label
container.type=web
registry.poc:5000/poc/nginx-‐php-‐fpm
You
may
have
noticed,
there
are
number
of
additional
options
and
parameters
required
by
the
platform
itself,
its
services
and
naming
standards.
Although,
Container
Provisioning
Service
has
made
exactly
this
same
call
to
a
Docker
engine,
there
is
lot
more
happening,
hidden
under
the
hood.
18. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
18
Now,
let’s
provision
the
same
web
container
using
Container
Provisioning
Service.
In
addition
to
creating
Docker
Container
it
is
performing
the
following
essential
steps:
• Checking
is
container
name
against
naming
standards;
• Checking
there
is
no
container
with
such
name
already
present;
• Validating
IP
address:
o Checking
whether
provided
IP
belongs
to
address
pool
and
whether
this
IP
is
not
already
taken
by
other
container;
o If
no
IP-‐address
provided,
then
automatically
selecting
next
free
IP
from
the
pool;
• Checking
whether
container
host
volumes
present
and
creating
them
otherwise;
• Adding
container
labels,
specifying
web
site,
its
environment,
size
and
container
type;
• Adding
resource
constraints
and
security
related
options;
• Using
given
image
or
default
one
if
no
container
image
specified
for
creating
new
container.
$
/opt/deploy/web
container
create
-‐-‐farm
poc
-‐-‐env
stg
-‐-‐site
d7-‐demo
-‐-‐image
nginx-‐php-‐fpm
web
container
create:
using
next
free
IP:
10.169.64.232
web
container
create:
checking
10.169.64.232
is
setup
inet
10.169.64.232/26
brd
10.169.64.255
scope
global
secondary
enp0s17:
web
container
create:
folder
/var/web/stg/root/d7-‐demo
not
found,
creating
web
container
create:
folder
/var/web/stg/data/d7-‐demo
not
found,
creating
web
container
create:
folder
/var/web/stg/logs/d7-‐demo
not
found,
creating
web
container
create:
folder
/var/web/stg/cert/d7-‐demo
not
found,
creating
web
container
create:
folder
/var/web/stg/temp/d7-‐demo
not
found,
creating
web
container
create:
exporting
container
ENV
variables
from
/opt/deploy/container.env
web
container
create:
creating
container
d7-‐demo
web
container
create:
|-‐-‐
image-‐tag:
registry.poc:5000/poc/nginx-‐php-‐fpm
web
container
create:
|-‐-‐
resources:
small
(-‐-‐cpu-‐shares
16
-‐-‐memory
64m
-‐-‐memory-‐swap
1G)
web
container
create:
|-‐-‐
published:
10.169.64.232:8080:80
web
container
create:
|-‐-‐
published:
10.169.64.232:8443:443
web
container
create:
|-‐-‐
volume:
/var/web/stg/cert/d7-‐demo:/etc/apache2/ssl
web
container
create:
|-‐-‐
volume:
/var/web/stg/logs/d7-‐demo:/var/log
web
container
create:
|-‐-‐
volume:
/var/web/stg/root/d7-‐demo:/var/www
web
container
create:
|-‐-‐
volume:
/var/web/stg/data/d7-‐demo:/var/data
web
container
create:
|-‐-‐
volume:
/var/web/stg/temp/d7-‐demo:/var/tmp
web
container
create:
|-‐-‐
volume:
tmpfs:/run
web
container
create:
|-‐-‐
volume:
tmpfs:/tmp
web
container
create:
|-‐-‐
label:
container.env=stg
web
container
create:
|-‐-‐
label:
container.size=small
web
container
create:
|-‐-‐
label:
container.site=d7-‐demo
web
container
create:
__
label:
container.type=web
web
container
create:
started
site
container
cb68618b84b4d3276a77ebd4a0635c5387a8319f1ffaac3759c74820fa32b258
By
using
Container
Provisioning
service
we
can
ensure
that
all
containers
following
naming,
security,
configuration
and
resource
allocation
standards.
They
can
be
easily
identified,
managed
and
recreated
in
a
standard
and
repeatable
way.
$
/opt/deploy/web
container
list
-‐-‐farm
poc
-‐-‐env
stg
-‐-‐format
table
web
container
list:
CONTAINER
ID
NAMES
STATUS
ENV
SIZE
PORTS
cb68618b84b4
d7-‐demo
Up
16
minutes
stg
small
10.1.1.2:8080-‐>80/tcp,
10.1.1.2:8443-‐
>443/tcp
c953adf92e09
d7
Up
3
weeks
stg
small
10.1.1.2:8080-‐>80/tcp,
10.1.1.2:8443-‐
>443/tcp
19. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
19
The
Container
Provisioning
service
is
used
by
Deployment
workflows
via
corresponding
Platform
CLI
calls.
The
service
itself
having
no
specific
dependencies
and
is
using
Docker
CLI
for
performing
container
management
operations.
Things
to
keep
in
mind:
• The
Container
Provisioning
service
is
not
making
orchestration
decisions
and
therefore
must
be
provided
the
target
location
specification
by
upstream
caller.
This
is
done
on
purpose
to
keep
orchestration
logic
and
mechanisms
separate
from
deployment
semantics;
• The
Container
Provisioning
service
is
a
part
of
Platform
CLI
component
and
as
such
uses
platform
configuration,
settings
and
naming
standards;
• Since
provisioning
tasks
may
involve
multiple
hosts
or
be
invoked
remotely,
it
is
required
that
password-‐less
(key-‐based)
SSH
access
is
configured
between
the
master
and
slave
nodes;
• The
Container
Provisioning
service
does
just
that
–
provisions
properly
configured
containers.
It
does
not
consider,
nor
making
assumptions
about
the
applications,
custom
code
or
content
used
by
applications
deployed
inside
containers;
• The
Container
Provisioning
service
is
the
only
component
that
has
to
be
adjusted,
if
different
mechanism
or
API
has
to
be
used
for
provisioning
containers,
for
example
CoreOS
rkt
or
LXD;
• In
case
of
using
orchestration
engines
such
as
Kubernetes,
the
Container
Provisioning
service
can
implement
a
wrapper
for
provided
provisioning
functionality.
Reporting
Service
Reporting
service
is
implemented
as
Docker
container
that
runs
queries
against
Stats
Database
and
compiles
reports
for
aggregated
resource
usage
according
to
specified
conditions
and
parameters.
There
are
no
services
depending
on
Reporting
service.
The
Reporting
service
itself
is
depending
on
Stats
Database
for
fetching
report
data.
Persistent
Volumes
One
of
the
platform
design
paradigms
is
to
keep
containers
immutable
or
read-‐only
and
all
volatile
and
modified
data
should
be
stored
outside
of
container
on
so
called
container
volumes.
Since
we
want
this
data
to
be
available
between
container
runs
these
volumes
must
be
persistent.
There
is
another
benefit
related
to
keeping
application
data
and
content
outside
of
container
–
it
allows
achieving
the
best
application
performance.
Since
there
is
not
COW
(copy-‐on-‐write)
indirection
layer
in
between,
all
I/O
operations
are
handled
effectively
by
Linux
kernel.
Things
to
keep
in
mind:
• Current
platform
design
is
not
making
assumptions
about
underlying
technology
and
orchestration
layer.
For
the
sake
of
simplicity
the
container
host
volumes
are
used
as
persistent
volumes
implementation;
• There
are
other
options
to
be
explored
for
mapping
container
volumes
to
corresponding
SAN
volumes,
NAS
volumes
or
iSCSI
targets.
This
would
allow
containers
to
take
their
volumes
along
with
them
if
restarted
on
a
different
Docker
thus
making
containers
“mobile”
and
allowing
container
migrations
across
available
hosts.
These
options
were
not
explored
during
this
project,
however,
using
them
may
be
essential
when
running
containers
on
platforms
like
Kubernetes.
20. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
20
Volume
Sync-‐Share
Service
Horizontal
scaling
and
high
availability
requirements
demand
that
application
span
multiple
application
instances,
or
containers
for
this
matter.
Although
session
state
is
kept
outside
of
containers,
the
static
content
still
has
to
be
shared
between
multiple
application
instances.
Generally
speaking,
there
are
two
possible
ways
for
resolving
this
issue:
share
file-‐system
or
synchronize
file-‐systems.
Every
solution
is
having
own
strong
and
weak
sides.
Both
options
have
been
explored
and
considered
viable.
The
choice
is
really
dictated
by
specific
infrastructure,
performance
and
support
requirements.
The
following
comparison
shall
help
selecting
the
most
appropriate
option
for
specific
deployment
scenario:
Shared
Content
Synchronized
Content
Implementation
approach
Centralized
storage
holding
single
file-‐system
with
many
nodes
performing
access.
Share
nothing
architecture.
Many
nodes
with
multi-‐master
replication
between
file-‐
systems.
Storage
space
requirements
Volume-‐Size
Volume-‐Size
x
N
(#
of
nodes)
Storage
throughput
All
nodes
sharing
server
network
link
and
capped
by
its
throughput.
One
node
may
saturate
the
link
and
degrade
performance
for
others.
Limited
by
single
volume
IOPs,
quickly
degrades
with
number
of
nodes.
Throughput
and
IOPs
scale
linearly
with
number
of
nodes.
File-‐system
locking
File-‐system
locks
maintained
to
allow
concurrent
access
for
multiple
nodes
to
a
single
object.
Can
lead
to
stalled
I/O
operations
and,
as
result,
to
unresponsive
applications.
No
file-‐system
locks
required.
Change
propagation
Instant
Little
latency
Implementation
complexity
Low
Moderate
Support
complexity
Moderate
Low
Known
limitations
SendFile
kernel
support
and
mmap
must
be
disabled
on
shared
volumes.
Orphaned
file-‐system
locks
may
need
to
be
identified
and
cleaned
manually.
Storage
volume
restart
may
have
unpredicted
effects
on
clients,
they
may
need
to
re-‐mount
storage.
File-‐system
caching
may
produce
inconsistent
results
across
clients.
Large
file-‐system
changes
may
take
some
time
to
propagate
on
all
clients.
In
rare
cases
file
may
be
modified
in
several
locations
producing
a
conflict
that
has
to
be
resolved
either
automatically
or
manually.
Specific
application
NFS
4.x
server
and
clients
SyncThing
+
inotify
21. Website
in
a
Box
or
the
Next
Generation
Hosting
Platform
Copyright
2016
All
Rights
Reserved.
Not
for
disclosure
without
written
permission.
21
Given
overview
above,
one
may
still
wonder,
which
route
to
choose
and
whether
there
is
a
simple
rule
of
thumb
to
select
the
most
appropriate
option.
Here
we
go:
• Implement
NFS:
o If
you
have
storage
array
capable
of
serving
files
using
NFS
4.x
protocol;
o If
your
applications
don’t
require
high
storage
throughput
and
concurrency;
o If
you
can
tolerate
noisy
neighbors
effect
at
times;
o If
storage
volume
size
(and/or
its
cost)
is
significant;
o If
you
already
have
expertise
in
house;
o If
other
parts
of
your
solution
using
NFS;
• Implement
SyncThing:
o If
you
don’t
have
fault-‐tolerant
NFS
server
and
can’t
afford
it
for
whatever
reason;
o If
your
applications
require
highest
storage
throughput
and
need
to
scale
as
they
grow;
o If
you
absolutely
can’t
tolerate
noisy
neighbors
effect
or
NFS
server
downtime;
o If
you
can
tolerate
little
latency
required
to
propagate
changes;
o If
storage
volume
size
is
small
enough
to
have
redundant
copy
on
every
client.
Below
is
an
example
of
how
to
start
volume
sync
service:
$
docker
run
-‐-‐name
datasync
-‐-‐hostname
`hostname`
-‐-‐detach=true
-‐-‐restart=always
-‐-‐cpu-‐shares
100
-‐-‐memory
100m
-‐-‐publish
22000:22000
-‐-‐publish
21027:21027/udp
-‐-‐publish
8384:8384
-‐-‐volume
/var/deploy/prd/data/:/var/sync
-‐-‐volume
/var/data/datasync:/etc/syncthing
-‐-‐tmpfs
/run:rw,nosuid,nodev,mode=755
-‐-‐tmpfs
/tmp:rw,nosuid,nodev,mode=755
registry.poc:5000/poc/syncthing
This
service
has
to
be
started
on
all
Docker
host
nodes
having
data
volumes
that
must
be
kept
in
sync.
After
starting,
these
services
have
to
be
introduced
to
each
other
or
preform
handshake
and
mutual
changes
have
to
be
allowed
between
them.
It’s
one-‐time
configuration.
All
file-‐system
changes
will
be
tracked
via
inotify
subscription
and
updated
files
will
be
exchanged
between
nodes
using
efficient
block
exchange
protocol
similar
to
BitTorrent.
Thus,
the
change
propagation
speed
grows
with
the
number
of
nodes
participating
in
exchange.
Things
to
keep
in
mind:
• SyncThing
is
relatively
young,
actively
developing
application.
There
may
be
side
effects
that
have
not
been
studied
yet;
• SyncThing
configuration
can
be
generated
from
template
and
saved
to
the
configuration
file.
It
can
be
also
adjusted
using
APIs
and
Web
UI.
The
access
to
API
and
Web
UI
must
be
appropriately
secured;
• SyncThing
protocol
is
ensuring
quick
delta
updates
and
high
performance.
During
the
tests
~100+MB/s
sync
speed
has
been
measured;
• Although
SyncThing
can
perform
dynamic
service
and
network
discovery,
the
static
configuration
has
been
used
for
this
project.