Docker containers holding the EPICS archiver appliances. This repository defines three images: a base image and two others that extend it. Folders images-single and docker-appliance-images provide images in which all servlets are deployed in either a single or 4 different containers, respectively.
- Execute
build-docker-generic-appliance.shto build the base image for all the containers which will hold the appliances. - Change the working directory to
docker-appliance-images(orimages-single) and executebuild-docker-appliance-images.sh(orbuild-images-single.sh). It will build 4 different images, one for each appliance (or a single one containing all appliances). Before doing that, you may changesetup-appliance.shup with your LDAP connection settings. The following command changes the servlet authentication preferences and should be modified with your server settings in case you use it.
# Appends new realm
xmlstarlet ed -L -s '/Server/Service/Engine/Host' -t elem -n "Realm" \
-i '/Server/Service/Engine/Host/Realm' -t attr -n "connectionURL" -v "ldap://ad1.abtlus.org.br:389" \
-i '/Server/Service/Engine/Host/Realm' -t attr -n "alternativeURL" -v "ldap://ad2.abtlus.org.br:389" \
-i '/Server/Service/Engine/Host/Realm' -t attr -n "userSearch" -v "(sAMAccountName={0})" \
-i '/Server/Service/Engine/Host/Realm' -t attr -n "userSubtree" -v "true" \
-i '/Server/Service/Engine/Host/Realm' -t attr -n "userBase" -v "OU=LNLS,DC=abtlus,DC=org,DC=br" \
-i '/Server/Service/Engine/Host/Realm' -t attr -n "connectionName" -v "${CONNECTION_NAME}" \
-i '/Server/Service/Engine/Host/Realm' -t attr -n "connectionPassword" -v "${CONNECTION_PASSWORD}" \
-i '/Server/Service/Engine/Host/Realm' -t attr -n "className" -v "org.apache.catalina.realm.JNDIRealm" \
${CATALINA_HOME}/conf/server.xml
Besides the LDAP settings, you may edit the following command with your certificate's right password (PASSWORD).
# Imports certificate into trusted keystore
keytool -import -alias tomcat -trustcacerts -storepass ${CERTIFICATE_PASSWORD} -noprompt -keystore $JAVA_HOME/lib/security/cacerts -file ${APPLIANCE_FOLDER}/build/cert/archiver-mgmt.crt
However, the suggested approach is to pass those parameters as environment variables when the containers are deployed. For further details, refer to this project.
- Another image containing all 4 appliances is available in
images-single. To build it, executebuild-images-single.sh. The same considerations about the variables are kept for this case.
This image requires the following parameters when it is executed:
USE_AUTHENTICATION(trueorfalse): variable that determines if a LDAP server should be used.CERTIFICATE_PASSWORDis the self-signed certificate's password.CONNECTION_URLandALTERNATIVE_URLare LDAP server addresses. Used whenUSE_AUTHENTICATION=trueonly.CONNECTION_USER_FILTERis the user filter. Used whenUSE_AUTHENTICATION=trueonly.CONNECTION_USER_BASEis the LDAP user base distinguished name. Used whenUSE_AUTHENTICATION=trueonly.CONNECTION_NAMEis the binding distinguished name used for LDAP authentication. Used whenUSE_AUTHENTICATION=trueonly.CONNECTION_PASSWORDis the binding password. Used whenUSE_AUTHENTICATION=trueonly.MYSQL_USER,MYSQL_PASSWORD,MYSQL_DATABASEandMYSQL_PORTset the MySQL database connection.JAVA_OPTSshould be used when eventual JVM parameters need to be used.APPLIANCE_BASE_MX_PORTbase JMX port used when launching each appliance. For each appliance the port will increase by one.BASE_TOMCAT_SERVER_PORTtomcart starting port used on each appliance. Defaults to 1600, increase +1 per appliance.
Use these images with Docker Compose, Swarm or Kubernetes, according to this project. For development, we suggest to use the docker-compose tool, since no swarm is required. Enjoy!
All images described by this project were pushed into this Dockerhub repo.