Setting up the Application Registry

The application registry is a repository for the application you’ve created. AMS clients register with the registry either as consumers or publishers.

Consumers automatically receive new applications and updates pushed by publishers.

Deploy the Registry

The registry can be deployed via Juju, similar to the other components of the Anbox Cloud
stack. Simply run:

$ juju deploy cs:~anbox-charmers/aar

This will automatically allocate a machine if Juju supports this for the underlying cloud provider. Otherwise if you have manually allocated a machine you can deploy the aar charm to it via

$ juju deploy cs:~anbox-charmers --to <machine id>

Once the aar charm is fully deployed you can use the cross model relation feature in Juju to establish a connection between a ams unit in another Juju model and the aar one. See the official Juju documentation for more in depth details.

Within the model you deployed the aar charm we have to create an offer first:

$ juju offer aar:client

This creates an offer for a read-only clients. If you instead want a read-write connection use aar:publisher instead of aar:client.

As result juju offer will create an offer in the format

[<controller>:]<user>/<model.offer_name>

The offer can now be accepted within the model the ams unit lives in:

$ juju switch <model ams lives in>
$ juju relate ams:registry-client <offer>

If you’re establishing a read-write connection use ams:registry-publisher instead.

Once the command finished the relation should be established shortly and AMS will be ready to interact with the registry.

Configure AWS S3 Storage Backend

The registry has support to host images on AWS S3.
Next to that distribution of the images can be highly improved with additional support for the AWS CloudFront CDN.

When using the S3 storage backend image downloads will be redirect to S3 instead of being served by the registry. The registry will be only asked for metadata by its clients.

The following will guide you through the necessary steps to set both up.

Create and Configure a S3 bucket

You need to create a dedicated S3 bucket for the registry first. See the AWS documentation for more details on this here.

If you don’t plan to use the CloudFront CDN you should use a region close to your Anbox Cloud deployment to keep download times low.

To allow the registry to access the S3 bucket you need to create an IAM user with the following policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucketMultipartUploads",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::aar0"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": "arn:aws:s3:::aar0/*"
        }
    ]
}

Replace aar0 in the policy with the name of your bucket.

Once you created the IAM user you need to create an access key for the user which the registry will use. See the AWS documentation for more details on this.

Finally you can update the registry configuration with the charm configuration:

$ cat config.yaml
aar:
  storage_config: |
    storage:
      s3:
        region: eu-west-3
        bucket: aar0
        access-key: <your access key>
        secret-access-key: <your secret access key>
juju config aar -f config.yaml

From now on all images are placed in the configured S3 bucket and downloads are redirect to S3 instead of servered from the registry itself.

Add CloudFront Support

To bring the images closer to your Anbox Cloud deployments in a more world wide context you can use the AWS CloudFront CDN. The AWS documentation describes all necessary setup steps.

Once you have setup a CloudFront distribution for your S3 bucket you only need the base URL, public key and key pair id in order to configure the registry to use CloudFront to serve image downloads.

The registry configuration can now be updated via the charm configuration:

$ cat config.yaml
aar:
  storage_config: |
    storage:
      s3:
        region: eu-west-3
        bucket: aar0
        access-key: <your access key>
        secret-access-key: <your secret access key>
        cloudfront:
          base-url: d1dfsdfjmcefekdotjm.cloudfront.net
          private-key: |
            -----BEGIN RSA PRIVATE KEY-----
            ...
            -----END RSA PRIVATE KEY-----
          keypair-id: ADF443JOEF3423JF
          duration: 1m
$ juju config aar -f config.yaml

From now on all image downloads are severed from CloudFront instead of the S3 bucket.

Next Steps