Skip to main content

mDIS inside Docker - Part 1

mDIS inside Docker - Part 1

mDIS inside Docker - Part 2 of this guide, focused on implementation
Native Installation on Linux
On VirtualBox: general, detailed
Shell scripts in the mdis-installeropen in new window GitLab repository

Internal

Note

ICDP-only stuff, please ignore, or read with care.
Focus is on high-level concepts and not on details (see Part 2 for that.).
Some content is from 2019-2020, slightly outdated!

Docker-based mDIS installations

mDIS can be run as a Dockeropen in new window container.

See also: How to build an mDIS Docker container from scratch (Part 2 of this guide).

Advantages

Docker-based installations have some benefits for both mDIS editors and admins.

Benefits for mDIS editors and end users (project staff, scientists) are:

  • faster boot-up times than a VirtualBox-based instance.
  • no learning of virtualization concepts needed
  • "shared folder" model (via Docker volumes) is simple

Benefits for mDIS administrators are:

  • better IT security by isolation of mDIS from the rest of the system
  • better software configuration management by isolation of the mDIS instances running side-by-side, via containerization
  • much smaller machine images (~1GB instead of 10+ GB) than a VirtualBox-based instance.
  • greater consolidation and reuse of resources that are common to all mDIS instances.
  • creating a new Docker image (for "snapshotting" or backup) only takes seconds or less.
  • "declarative configuration" and administration via docker-compose tool is relatively simple
  • storage of images in a custom Docker Container Registry or distribution via hub.docker.com is possible. We don't do this yet though, we store images in our own Gitlab Container Registry, git.gfz-gfz-potsdam.de:5000open in new window.

Disadvantages

  • greater complexity: need to learn a lot about the Docker ecosystem
  • greater complexity: all web servers behind a reverse proxy: deal with weird error messages, or none at all.

Apache as Reverse Proxy

A single Apache web server controls access to many mDIS instances, running in parallel as isolated Docker containers.

for mDIS-Docker

mDIS Apache as Reverse Proxy
Apache Web server controls access to many "containerized" mDIS instances and a common database server.

The figure above shows how a reverse proxy works. (The port numbers are not important and can have changed.)
Each box in the middle row is an mDIS instance such as mdis-diveopen in new window.

On the Docker host, an Apache web server can be run as a reverse proxy in order to direct traffic from the internet to the Docker containers running mDIS.

Advantages of Reverse Proxy

  • a single proxy web server instance can govern access to all mDIS instances.
  • a single TLS certificate can be used for providing HTTPS endpoints for all instances
  • a single database server instance can be used for all containers on the same network
  • a single SQL admin tool instance can be run on the Docker host to control many mDIS databases. No longer 1 host/per network and 1 admin tool/1 host.

Disadvantages of Reverse Proxy

  • cryptic error messages if either the proxy or the mDIS container is not running
  • potentially introducing a single point of failure for the mDIS instances

Installation scripts

Shell scripts

See GitLab repoopen in new window "mdis-installer".

Update 2022: Scripts are incomplete or outdated.
Besides, they were only a rough guide. You must adapt commands and settings to your needs.

Using Docker containers

Deploying the Docker containers is done via Docker Composeopen in new window.

TODO: Add link or example

Add link to a short docker-compose.yml file; or insert the relevant snippets here.

Bring everything up again, silently, with few messages:

docker-compose --project-name mdis up -d --no-recreate

Entering the Docker container

Enter as Unix user root to install software or to configure things.

docker exec -it mdis_php_tadp_1 bash

Enter as Unix user mdis to have a customized Bash available.

docker exec -it -u mdis mdis_php_tadp_1 bash

Of course, this requires that the user exists and that you have actually installed some customizations.

Custom adaptations

See installer scripts

Several source code files and mDIS configuration settings must be changed in key places.

This is documented in an (old) installation script

docker/mdis-fardeep/deploy-mdis-fardeep-2.sh.

Run it inside the Docker container.

Recommended

Continue with Part 2 of this guide, mDIS inside Docker, which is about the implementation of the Docker-based mDIS installation.
It is much more detailed than this guide.

Advanced

Check general, system-wide Docker configuration

Check general configuration of Docker daemon and Docker Container Registry:

Check settings in file

/etc/docker/daemon.json

TBC - check if Docker Container Registry is running, if traffic is encrypted, etc.

Troubleshooting Docker Containers

Advanced stuff TBC

After rebooting the host server, not all containers might come up correctly.

TBC: check if all processes/services inside the containers are running, and if not, start them.

Troubleshooting DB server/container

Check the new IP address of the MySQL DB container. Check the log files and visualizations of your monitoring tools (Nagios or similar). Adapt the Nagios monitoring command if necessary.

Troubleshooting container with HTML frontend for Docker Container Registry

A common problem is that the web server process 'Apache' inside the container is not running.

Enter the container, start Apache manually:

service apache start or
service apache reload or

or other commands to start Apache (or Nginx or some web server).

Continued in