The Anbox Application Registry, or AAR, provides a central repository for applications created on Anbox Cloud.
It is very useful for larger deployments involving multiple regions in order to keep applications in sync.
Deploying
The Application Registry should be deployed on a single unit and connected with all ams
units you want to synchronize.
$ juju deploy cs:~anbox-charmers/aar
$ juju config aar ua_token=<your UA token>
Relating to AMS
The aar
charm offers two principle relations: client
and publisher
.
-
client
can hold many units. It only provides read only access -
publisher
can only be related to oneams
unit. It provides read/write access
$ juju relate ams aar:publisher
For ams
units deployed in another model, you can make use of Juju cross model relations.
$ juju switch <model containing aar>
$ juju offer aar:client
my-controller/my-model.aar
$ juju switch <model containing ams>
$ juju relate ams my-controller/my-model.aar
Using AWS S3 Storage Backend
The Application Registry has support to host images on AWS S3.
Next to that distribution of the images can be highly improved with additional support for the AWS CloudFront CDN.
When using the S3 storage backend image downloads will be redirect to S3 instead of being served by the registry.
The registry will be only asked for metadata by its clients.
Create and Configure a S3 bucket
You need to create a dedicated S3 bucket for the registry first. See the AWS documentation for more details on
this here.
If you don’t plan to use the CloudFront CDN you should use a region close to your Anbox Cloud deployment to keep download times low.
To allow the registry to access the S3 bucket you need to create an IAM
user with the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListBucketMultipartUploads",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::aar0"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:ListMultipartUploadParts"
],
"Resource": "arn:aws:s3:::aar0/*"
}
]
}
Replace aar0
in the policy with the name of your bucket.
Once you created the IAM user you need to create an access key for the user which the registry will use.
See the AWS documentation for more details on this.
Finally you can update the registry configuration with the charm configuration:
$ cat config.yaml
aar:
storage_config: |
storage:
s3:
region: eu-west-3
bucket: aar0
access-key: <your access key>
secret-access-key: <your secret access key>
juju config aar -f config.yaml
AWS CloudFront CDN support
To bring the images closer to your Anbox Cloud deployments in a more world wide context you can use the AWS CloudFront CDN.
The AWS documentation describes all necessary setup steps.
Once you have setup a CloudFront distribution for your S3 bucket you only need the base URL, public key and key pair
id in order to configure the registry to use CloudFront to serve image downloads.
The registry configuration can now be updated via the charm configuration:
$ cat config.yaml
aar:
storage_config: |
storage:
s3:
region: eu-west-3
bucket: aar0
access-key: <your access key>
secret-access-key: <your secret access key>
cloudfront:
base-url: d1dfsdfjmcefekdotjm.cloudfront.net
private-key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
keypair-id: ADF443JOEF3423JF
duration: 1m
$ juju config aar -f config.yaml