Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Containers

The Apstra Server application is made up of the following containers:

  • NGINX: Provides user interface and REST API. Both methods of interacting with NGINX are request-based and are therefore stateless.

  • Metadb/Centraldb: This container runs processes that manage agent lifecycle and metadata for the Apstra distributed pub-sub fabric.

  • Sysdb: This container runs processes that manage the system running state. There are 3 processes: (1) MainSysDB hosts data for blueprints; (2) TelemetrySysDB hosts data for collected device telemetry; (3) CachacaSysDB hosts data for IBA. MainSysDB and CachacaSysDB data is persisted. When MainSysDB fails, its data is recovered from checkpoint and re-do logs from the filesystem. Device telemetry data and IBA data is periodically re-collected and re-computed.

  • Auth: This container authenticates incoming requests, including all API requests. The server process may contact an external authentication source such as LDAP. The server process is the entry point of the container. If the server process dies, the container is restarted.

  • Controller Agent: This container runs processes that run the business logic of Apstra - building blueprints, managing resource allocations, rendering device configurations, etc. These agents obtain input/output state from SysDB processes. They are written to be idempotent and restart-safe. In case of agent failure, the agent is restarted, gets the latest state from SysDB and continues processing from that point.

  • Offbox Agent: Apstra spawns a container on the controller VM for each device managed in off-box mode. The container runs the device agents collecting telemetry from that device. They publish data to TelemetrySysDB.

  • Credential: This container stores username/password (original, not hashed) needed by Apstra to authenticate with remote servers. e.g. login username/password for network switches we manage. It is currently used by offbox and onbox agent manager. An admin is not allowed to browse "Credential" sysdb using tools like "acons". This resource can only be accessed by internal Apstra processes.