mDIS inside Docker - Part 1
Related Pages
mDIS inside Docker - Part 2 of this guide, focus on implementation
Native Installation on Linux
On Virtualbox: general, detailed
Shellscripts in the mdis-installer (opens new window) gitlab repository
Internal
WARNING
ICDP-only stuff, please ignore, or read with care.
Focus is on high-level concepts and not on details (see Part 2 for that.).
Some content is from 2019-2020, slightly outdated!
Docker-based mDIS installations
mDIS can be run as a Docker (opens new window) container.
See also: How to build an mDIS Docker container from scratch (Part 2 of this guide).
Advantages
Docker-based installations have some benefits for both mDIS editors and admins.
Benefits for mDIS editors and end users (project staff, scientists) are:
- faster bootup times than a Virtualbox-based instance.
- no learning of Virtualization Concepts needed
- "shared folder" model (via Docker volumes) is simple
Benefits for mDIS Administrators are:
- better IT-security by isolation of mDIS from the rest of the system
- better software configuration-management by isolation of the mDIS instances running side-by-side, via containerization
- much smaller machine images (~1GB instead of 10+ GB) than a Virtualbox-based instance.
- greater consolidation and reuse of resources that are common to all mDIS instances.
- creating a new Docker image (for "snapshotting" or backup) only takes seconds or less.
- "declarative configuration" and administration via
docker-compose
tool is relatively simple - storage of images in a custom Docker registry or distribution via hub.docker.com is possible (we don't do this yet though)
Disadvantages
- greater complexity : need to learn a lot about the Docker ecosystem
- greater complexity: all web servers behind a reverse proxy: deal with weird error messages, or none at all.
Apache as Reverse-Proxy
A single Apache webserver controls access to many mDIS instances, running in parallel as isolated Docker containers.
for mDIS-Docker
The figure above shows how a Reverse Proxy works. (The port numbers are not important, and can have changed.)
Each box in the middle row is an mDIS-instance such as mdis-dive (opens new window).
On the Docker host, an Apache webserver can be run as a Reverse Proxy in order to direct traffic from the internet to the Docker containers running mDIS.
Advantages of Reverse Proxy
- a single proxy web server instance can govern access to all mDIS instances.
- a single TLS certificate can be used for providing https-Endpoints for all instances
- a single database server instance can be used for all containers on the same network
- a single SQL-Admintool instance can be run on the Docker host to control many mDIS databases. No longer 1 host/per network and 1 admintool/1 host.
Disadvantages of Reverse Proxy
- cryptic error messages if either the proxy or the mDIS-container is not running
- potentially introducing a single point of failure for the mDIS instances
Installation scripts
Shellscripts
See gitlab repo (opens new window) "mdis-installer".
Update 2022: Scripts are incomplete or outdated.
Besides, they were only a rough guide. You must adapt commands and settings to your needs.
Using Docker containers
Deploying the Docker containers is done via Docker Compose (opens new window).
TODO: Add link or example
Add link to a short docker-compose.yml file; or insert the relevant sniipets here.
Bring everything up again, silently, with few messages:
docker-compose --project-name mdis up -d --no-recreate
Entering the Docker container
Enter as Unixuser root
to install software, or to configure things.
docker exec -it mdis_php_tadp_1 bash
Enter as Unixuser mdis
to have a customized Bash available.
docker exec -it -u mdis mdis_php_tadp_1 bash
Of course, this requires that the user exists and that you have actually installed some customizations.
Custom adaptations
See installer scripts
Several source-code files and mDIS configuration settings must be changed in key places.
This is documented in an (old) installation script
docker/mdis-fardeep/deploy-mdis-fardeep-2.sh
.
Run it inside the Docker container.
Recommended
Continue with Part 2 of this guide, mDIS inside Docker, which is about the implementation of the Docker-based mDIS installation.
It is much more detailed than this guide.
Advanced
Check general, system-wide Docker configuration
Check general configuration of Docker daemon and Docker registry:
Check settings in file
/etc/docker/daemon.json
TBC - check if Docker registry is running, if traffic is encrypted, etc.
Troubleshooting Docker-Containers
Advanced stuff TBC
After rebooting the host server, not all containers might come up correctly.
TBC: check if all processes/services inside the containers are running, and if not, start them.
Troubleshooting DB server / container
Check the new IP Address of the mysql-db container. Check the logfiles and visualizations of your monitoring tools ( Nagios or similar). Adapt the Nagios monitoring command if necessary.
Troubleshooting container with HTML frontend for Docker registry
A common problem is that webserver process 'Apache' inside the container is not running.
Enter the container, start Apache manually:
service apache start
or
service apache reload
or
or other commands to start Apache (or Nginx or some webserver).
Continued in
- sys-admin-docker-icdp-internal.md (ICDP internal)
- installation-docker (Part 2 of this guide)