Containers
The Apstra Server application is made up of the following containers:
-
NGINX: Provides user interface and REST API. Both methods of interacting with NGINX are request-based and are therefore stateless.
-
Metadb/Centraldb: This container runs processes that manage agent lifecycle and metadata for the Apstra distributed pub-sub fabric.
-
Sysdb: This container runs processes that manage the system running state. There are 3 processes: (1) MainSysDB hosts data for blueprints; (2) TelemetrySysDB hosts data for collected device telemetry; (3) CachacaSysDB hosts data for IBA. MainSysDB and CachacaSysDB data is persisted. When MainSysDB fails, its data is recovered from checkpoint and re-do logs from the filesystem. Device telemetry data and IBA data is periodically re-collected and re-computed.
-
Auth: This container authenticates incoming requests, including all API requests. The server process may contact an external authentication source such as LDAP. The server process is the entry point of the container. If the server process dies, the container is restarted.
-
Controller Agent: This container runs processes that run the business logic of Apstra - building blueprints, managing resource allocations, rendering device configurations, etc. These agents obtain input/output state from SysDB processes. They are written to be idempotent and restart-safe. In case of agent failure, the agent is restarted, gets the latest state from SysDB and continues processing from that point.
-
Offbox Agent: Apstra spawns a container on the controller VM for each device managed in off-box mode. The container runs the device agents collecting telemetry from that device. They publish data to TelemetrySysDB.
-
Credential: This container stores username/password (original, not hashed) needed by Apstra to authenticate with remote servers. e.g. login username/password for network switches we manage. It is currently used by offbox and onbox agent manager. An admin is not allowed to browse "Credential" sysdb using tools like "acons". This resource can only be accessed by internal Apstra processes.
admin@Apstra-server:~$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b2209f10d499 Apstra:3.3.0-730 "/usr/bin/Apstra_launch..." 3 weeks ago Up 3 weeks ibaf2c112cf 64d822b8903a Apstra:3.3.0-730 "/usr/bin/Apstra_launch..." 3 weeks ago Up 3 weeks Apstra_sysdb_1 ae7ef4f91841 Apstra:3.3.0-730 "/usr/bin/Apstra_launch..." 3 weeks ago Up 3 weeks Apstra_auth_1 916b80178197 Apstra:3.3.0-730 "/usr/bin/Apstra_launch..." 3 weeks ago Up 3 weeks Apstra_metadb_1 44807f97d463 nginx:1.14.2-upload-echo "nginx -g 'daemon of..." 3 weeks ago Up 3 weeks Apstra_nginx_1 09a7205d3cd7 Apstra:3.3.0-730 "/usr/bin/Apstra_launch..." 3 weeks ago Up 3 weeks Apstra_controller_1 admin@Apstra-server:~$