Clean up - AWS App2Container

Prerequisites

Verify that you have completed the following prerequisites:

Step 1: Install App2Container

• Your application environment meets all of the requirements that are listed in the Supported applications (p. 3) section.

• You installed the AWS CLI and conﬁgured the AWS proﬁle on your server. See Conﬁgure your AWS proﬁle (p. 17) in the Setting up section of this user guide for more information.

• You installed the Docker engine on the server where you are running containerization and deployment steps. See Install the Docker engine (p. 18) in the Setting up section of this user guide for more information.

• There are one or more Java applications running on the application server.

• You have root access on the application server (and worker machine, if using).

• The application server (and worker machine, if using) has tar and 20 GB of free space.

Step 1: Install App2Container

App2Container for Linux is packaged as a tar.gz archive. The archive contains an interactive shell script that installs App2Container on your server. If you are using an application server and a worker machine, you must install App2Container on both.

To download and install App2Container for Linux 1. Download the installation ﬁle in one of the following ways:

• Use the curl command to download the App2Container installation package from Amazon S3.

$ curl -o AWSApp2Container-installer-linux.tar.gz https://app2container-release- us-east-1.s3.us-east-1.amazonaws.com/latest/linux/AWSApp2Container-installer-linux.tar.gz

• Use your browser to download the installer from the following URL: https://app2container- release-us-east-1.s3.us-east-1.amazonaws.com/latest/linux/AWSApp2Container-installer-linux.tar.gz.

2. Extract the package to a local folder on the server.

$ sudo tar xvf AWSApp2Container-installer-linux.tar.gz

3. Run the install script that you extracted from the package and follow the prompts.

$ sudo ./install.sh

You can check the downloaded tar.gz installer archive for integrity by validating the MD5 and SHA256 hashes of the local ﬁle against the published hash ﬁles.

To verify the authenticity of the download 1. Generate hashes to verify

From the directory where you downloaded your tar.gz installer, run the following commands to generate the hash of the downloaded tar.gz ﬁle.

$ md5sum AWSApp2Container-installer-linux.tar.gz

db91552c07b582efe23d87ef4c4d7f44 AWSApp2Container-installer-linux.tar.gz

$ sha256sum AWSApp2Container-installer-linux.tar.gz

9482952019adb6df96c7be773aa20ecb8de559083b99c270c67c34da56dd8dee AWSApp2Container-installer-linux.tar.gz

2. Verify hashes against public ﬁles

Download the App2Container hash ﬁles from Amazon S3 using the following links, and compare the contents to the hashes that you generated in step 1:

• AWSApp2Container-installer-linux.tar.gz.md5.

• AWSApp2Container-installer-linux.tar.gz.sha256.

Step 2: Initialize App2Container

On each server where you installed App2Container, run the init (p. 113) command as follows.

$ sudo app2container init

You are prompted to provide the following information. Choose <enter> to accept the default value.

• Workspace directory path – A local directory where App2Container can store artifacts during the containerization process. The default is /root/app2container.

• AWS proﬁle – Contains information needed to run App2Container, such as your AWS access keys. For more information about AWS proﬁles, see Conﬁgure your AWS proﬁle (p. 17).

Note

If App2Container detects an instance proﬁle for your server, the init command prompts if you want to use it. If you don't specify any value, App2Container uses your AWS default proﬁle.

• Amazon S3 bucket – You can optionally provide the name of an Amazon S3 bucket where you can extract artifacts using the extract command. The containerize command uses the extracted components to create the application container if the Amazon S3 bucket is conﬁgured. The default is no bucket.

• You can optionally upload logs and command-generated artifacts automatically to App2Container support when an app2container command crashes or encounters internal errors.

• Permission to collect usage metrics – You can optionally allow App2Container to collect information about the host operating system, application type, and the app2container commands that you run.

The default is to allow the collection of metrics.

• Whether to enforce signed images – You can optionally require that images are signed using Docker Content Trust (DCT). The default is no.

Step 3: Analyze your application

On the application server, use the following procedure to prepare to containerize the application.

To prepare for containerization

1. Run the inventory (p. 116) command as follows to list the Java applications that are running on your server.

$ sudo app2container inventory

The output includes a JSON object collection with one entry for each application. Each application object will include key/value pairs as shown in the following example.

"java-app-id": { "processId": pid,

"cmdline": "/user/bin/java ...",

Step 4: Transform your application

"applicationType": "java-apptype"

}

2. Locate the application ID for the application to convert in the JSON output of the inventory command, and then run the analyze (p. 96) command as follows, replacing java-app-id with the application ID that you located.

$ sudo app2container analyze --application-id java-app-id

The output is a JSON ﬁle, analysis.json, stored in the workspace directory that you speciﬁed when you ran the init command.

3. (Optional) You can edit the information in the containerParameters section of analysis.json as needed before continuing to the next step.

Step 4: Transform your application

The transform phase depends on whether you are running all steps on the application server, or are using the application server for the analysis and a worker machine for containerization and deployment.

To containerize the application on the application server

If you are using an application server for all steps, run the containerize (p. 97) command as follows.

$ sudo app2container containerize --application-id java-app-id

The output is a set of deployment ﬁles that are stored in the workspace directory that you speciﬁed when you ran the init command.

To containerize the application on a worker machine

If you are using a worker machine for containerization and deployment, use the following procedure to transform the application.

1. On the application server, run the extract (p. 100) command as follows.

$ sudo app2container extract --application-id java-app-id

2. If you speciﬁed an Amazon S3 bucket when you ran the init command, the archive is extracted to that location. Otherwise, you can manually copy the resulting archive ﬁle to the worker machine.

3. On the worker machine, run the containerize (p. 97) command as follows.

$ sudo app2container containerize --input-archive /path/extraction-file.tar The output is a set of deployment artifacts that are stored in the workspace directory that you speciﬁed when you ran the init command.

Step 5: Deploy your application

Run the generate app-deployment (p. 102) command as follows to deploy the application on AWS.

$ sudo app2container generate app-deployment --application-id java-app-id

You have now created deployment artifacts for your application! You can ﬁnd the deployment artifacts that the generate app-deployment command created for you in the local directory for your application.

Step 6: Clean up

To remove App2Container from your application server or worker machine, delete the /usr/local/

app2container folder where it is installed, and then remove this folder from your path.

To clean up your AWS proﬁle, use the aws conﬁgure set command. For more information, see Set and view conﬁguration settings in the AWS Command Line Interface User Guide.

Containerizing a .NET application on Windows

This tutorial takes you through the steps to containerize a legacy .NET application running in IIS on Windows using App2Container, and to deploy it on Amazon ECS, Amazon EKS, or AWS App Runner. You can complete all steps on the application server, or you can perform the initial steps on the application server and perform the containerization and deployment steps on a worker machine.

Tasks

• Prerequisites (p. 20)

• Step 1: Install App2Container (p. 24)

• Step 2: Initialize App2Container (p. 25)

• Step 3: Analyze your application (p. 25)

• Step 4: Transform your application (p. 26)

• Step 5: Deploy your application (p. 27)

• Step 6: Clean up (p. 27)

Prerequisites

Verify that you have completed the following prerequisites:

• Your application environment meets all of the requirements that are listed for Windows in the Supported applications (p. 3) section.

• You installed the AWS Tools for Windows PowerShell to conﬁgure the AWS proﬁle on your server. See Conﬁgure your AWS proﬁle (p. 17) in the Setting up section of this user guide for more information.

• There are one or more applications running in IIS on the application server.

• You are a Windows administrator on the application server (and worker machine, if using).

• The application server or worker machine has PowerShell version 5.1 or later and at least 20-30 GB of free space.

NoteApp2Container does not support applications running on Windows client operating systems, such as Windows 7 or Windows 10.

Step 1: Install App2Container

App2Container for Windows is packaged as a zip archive. The package contains a PowerShell script that installs App2Container. If you are using an application server and a worker machine, you must install App2Container on both.

Step 2: Initialize App2Container

To download and install App2Container for Windows

1. Download the App2Container installation package, AWSApp2Container-installer-windows.zip.

2. Extract the package to a local folder on the server and navigate to that folder.

3. Run the install script from the folder where you extracted it, and follow the prompts.

PS> .\install.ps1

4. (Optional) To verify the authenticity of the download, use the Get-AuthenticodeSignature PowerShell command as follows to get the Authenticode Signature of the App2Container executable.

PS> Get-AuthenticodeSignature C:\Users\Administrator\app2container\AWSApp2Container\bin

\app2container.exe

Step 2: Initialize App2Container

On each server where you installed App2Container, run the init (p. 113) command as follows.

PS> app2container init

You are prompted to provide the following information. Choose <enter> to accept the default value.

• Workspace directory path – A local directory where App2Container can store artifacts during the containerization process. The default is C:\Users\Administrator\AppData\Local

\app2container.

• AWS proﬁle – Contains information needed to run App2Container, such as your AWS access keys. For more information about AWS proﬁles, see Conﬁgure your AWS proﬁle (p. 17).

NoteIf App2Container detects an instance proﬁle for your server, the init command prompts if you want to use it. If you don't specify any value, App2Container uses your AWS default proﬁle.

• You can optionally upload logs and command-generated artifacts automatically to App2Container support when an app2container command crashes or encounters internal errors.

The default is to allow the collection of metrics.

• Whether to enforce signed images – You can optionally require that images are signed using Docker Content Trust (DCT). The default is no.

Step 3: Analyze your application

On the application server, use the following procedure to prepare to containerize the application.

To prepare for containerization

1. Run the inventory (p. 116) command as follows to list the ASP.NET applications that are running on your server.

PS> app2container inventory

The output includes a JSON object collection with one entry for each application. Each application object will include key/value pairs as shown in the following example.

"iis-app-id": {

"siteName": My site name, "bindings": "http/*:80:", "applicationType": "iis", "discoveredWebApps": [ "app1",

"app2"

] }

2. Locate the application ID for the application to convert in the JSON output of the inventory command, and then run the analyze (p. 96) command as follows, replacing iis-app-id with the application ID that you located.

PS> app2container analyze --application-id iis-app-id

The output is a JSON ﬁle, analysis.json, stored in the workspace directory that you speciﬁed when you ran the init command.

3. (Optional) You can edit the information in the containerParameters section of analysis.json as needed before continuing to the next step.

Step 4: Transform your application

The transform phase depends on whether you are running all steps on the application server or using the application server for the analysis and a worker machine for containerization and deployment.

To containerize the application on the application server

If you are using an application server for all steps, run the containerize (p. 97) command as follows.

PS> app2container containerize --application-id iis-app-id

The output is a set of deployment ﬁles stored in the workspace directory that you speciﬁed when you ran the init command.

To containerize the application on a worker machine

If you are using a worker machine for containerization and deployment, use the following procedure to transform the application.

1. On the application server, run the extract (p. 100) command as follows.

PS> app2container extract --application-id iis-app-id

2. If you speciﬁed an Amazon S3 bucket when you ran the init command, the archive is extracted to that location. Otherwise, you can manually copy the resulting archive ﬁle to the worker machine.

3. On the worker machine, run the containerize (p. 97) command as follows.

PS> app2container containerize --input-archive drive:\path\extraction-file.zip

Step 5: Deploy your application

The output is a set of deployment artifacts that are stored in the workspace directory that you speciﬁed when you ran the init command.

Step 5: Deploy your application

Run the generate app-deployment (p. 102) command as follows to deploy the application on AWS.

PS> app2container generate app-deployment --application-id iis-smarts-51d2dbf8

Applications using Windows authentication

For applications using Windows authentication, you can use the gMSAParameters inside of the deployment.json ﬁle to set the gMSA-related artifacts automatically during generation of your AWS CloudFormation template.

Perform the actions in the list below once per Active Directory domain before you update the gMSA parameters.

• Set up a secret in SecretsManager that stores the Domain credentials with the following key value pairs:

Key Value

Username <DomainNetBIOSName>\<DomainUser>

Password <DomainUserPassword>

• For the VPC with the Domain Controller, verify that the DHCP options are set to reach the Domain Controller. The options for DomainName and DomainNameServers must be set correctly. See DHCP options sets for more information about how to set DHCP options.

Step 6: Clean up

To remove App2Container from your application server or worker machine, delete the C:\Users

\Administrator\app2container folder where it is installed, and then remove this folder from your path.

To clean up your AWS proﬁle, see Removing Credential Proﬁles in the AWS Tools for Windows PowerShell User Guide.

Conﬁguring your application

Containerizing your application and creating pipelines with App2Container requires conﬁguration throughout the process. This section of the guide describes the conﬁguration ﬁles that are created by app2container commands, the ﬁelds that they contain, and which ﬁelds are conﬁgurable.

App2Container commands primarily generate JSON conﬁguration ﬁles, using standard JSON notation.

Field details for the ﬁles included here indicate where there are speciﬁc requirements for the values.

App2Container also generates YAML format CloudFormation templates when you run the generate app-deployment command. However, those are not covered in this section, as their content is dictated by the target container management environment, such as Amazon ECS, Amazon EKS, or AWS App Runner.

For more information about how App2Container works with these services, see Product and service integrations for AWS App2Container (p. 61).

Creating IAM resources is also covered separately, under the Security section. For more information and instructions about how to set up IAM resources for App2Container, see Identity and access management in App2Container (p. 81).

You can consolidate your containerization workload by conﬁguring connections to your application servers to run containerization workﬂows remotely, using App2Container remote commands from your worker machine. Prior to running remote commands, you must conﬁgure the connections that the worker machine uses for its target application servers. For more information on conﬁguring connections, see the remote conﬁgure (p. 120) command reference page.

Contents

• Manage secrets for AWS App2Container (p. 28)

• Conﬁguring application containers (p. 32)

• Conﬁguring container deployment (p. 45)

• Conﬁguring container pipelines (p. 57)

Manage secrets for AWS App2Container

App2Container uses AWS Secrets Manager to manage the credentials for connecting your worker machine to application servers in order to run remote commands. Secrets Manager encrypts your secrets for storage, and provides an Amazon Resource Name (ARN) for you to access the secret. When you run the remote conﬁgure command, you provide the secret ARN for App2Container to use to connect to your target server when running the remote command. For more information about Secrets Manager, see What Is AWS Secrets Manager?

Create remote access secrets (console)

The secret that App2Container uses to connect to an application server varies, based on the application server's operating system platform. To see more information about storing secrets for your application server, choose the platform section that matches.

Application server platform

• Create a remote access secret for Linux (p. 29)

• Create a remote access secret for Windows (p. 29)

Manage secrets

Create a remote access secret for Linux

For Linux, you can store either the SSH private key or the Certiﬁcate and SSH private key in Secrets Manager. To create a secret in Secrets Manager for remote access to your application server, follow these steps:

1. Open the Secrets Manager console at https://console.aws.amazon.com/secretsmanager/.

2. Choose Store a new secret. This takes you to the Secrets Manager console wizard.

3. In the Select secret type panel, choose the Other type of secrets option. This enables you to store a key that is used programmatically, via API calls.

4. Specify key/value pairs to be stored in the secret

a. On the Secret key/value tab, enter your ﬁrst key/value pair as follows:

• Enter username in the ﬁrst box.

• Enter the plaintext username value to use with SSH in the second box.

b. Choose + Add row to add the next key/value pair.

c. Enter the key/value pair for your SSH private key:

• Enter key in the ﬁrst box.

• Copy the base64-encoded string representing your private key ﬁle into the second box.

NoteTo base64-encode your key ﬁle, you can use the following command, where .ssh/

id_rsa is the private key being used:

在文檔中 AWS App2Container (頁 25-147)