...
Section | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Warning |
---|
Potential Points of Infection to avoid when deploying on Internet Do not have VM with ssh access via password. (Public key authentication only. UsePrivilegeSeparation yes. StrictModes yes. PermitRootLogin no OR without-password. HostbasedAuthentication no.) Do not have default or easily guessed credentials. (Plus avoid Tomcat manager. PostgreSQL and InfluxDB only to local Network) Do not have Docker containers build and run like in dev without any further security restrictions. He must pass https://github.com/docker/docker-bench-security |
...
Technical prerequisites for customer
For running the DockerDemo the host needs to have the following pre-requisites:
- recent installation of Vagrant (1.7+) (it is freely available from https://www.vagrantup.com)
- Windows 7+, OS X 10.10+
- administrative privileges are required for installing Vagrant and running it
- Vagrant runs on a separate network interface, one has to make sure, that this special interface (usually having IP: 192.168.33.10) is not firewalled; furthermore without further configuration it cannot be reached from the local network
- for Linux/Ubuntu the DockerDemo can be run directly, but you need to have a very recent version of the DockerEngine (1.11+) and DockerCompose (1.7+) and you have to make sure, that there are no conflicting applications running, because usually they get bridged to localhost.
Administrative prerequisites for customer
The customer needs to have a DockerHub (https://hub.docker.com) account, and this account has to be a member of the Azeti organization (https://hub.docker.com/u/azeti/) to access the private DockerImages from Azeti.
Administrative prerequisites for consultant
Basically you need to get hold of the latest demoBundle; it is automatically built and tagged with the corresponding version numbers of the whole stack. The demo bundle can be downloaded from the in-house private Nexus at: http://10.0.0.70:8081/nexus/content/repositories/demos/net/azeti/ssc/demo/demoStack/ This site is only available from inside the Azeti network (or via VPN) and you need Nexus credentials.
Installation the Vagrant-Way
- make sure all pre-requisites are met
- extract demoStack-Version.zip (e.g. demoStack-0.3.6.zip), it will expand into a demo folder
change to this folder, open a command prompt / terminal there and run
Code Block vagrant up
it might take some time and will prompt for your DockerHub credentials (username, passwort) and hit Enter
Code Block Username for DockerHub: customerusername Password for DockerHub: allyoursecretsarebelongtous
for the first time a lot of files need to be downloaded (2.5 GB) so be patient
after a while you should see something like
Code Block Demo has been successfully deployed!
then you can open your browser at http://192.168.33.10:8080/SSCAdminApp
Vagrant Usage
Starting and Stopping
Simply stop the Vargrant VM, either via VirtualBox or (being in the demo folder) for stopping:
Code Block |
---|
vagrant halt |
For starting:
Code Block |
---|
vagrant up |
Updating
The demo stack can be easily updated without losing data, because it just depends on the private azeti/tomcat-data image, that has the latest releases. For updating you need to login in to the Vagrant VM (password + username are both vagrant) and call the update script
Code Block |
---|
vagrant ssh
sudo -s
cd /bootstrapping
./update_stack.sh |
Uninstalling
The whole stack can seamlessly uninstalled by either removing the Vagrant VM from VirtualBux or (being in the demo folder):
Code Block |
---|
vagrant destroy |
Warning |
---|
This will destroy and purge all your data! |
|
Installation
Ensure that you got
docker-compose
installed.
...
Code Block root@ubuntu:~# which docker-compose /usr/local/bin/docker-compose root@ubuntu:~# docker-compose -v docker-compose version 1.7.1, build 0a9ab35 root@ubuntu:~#
Installation on Docker-enabled environments is the fastest way; just open a Bash shell in the demo folder and run.
...
Extract the installation files
Code Block ~/Downloads ❯❯❯ unzip demoStack-1.0.6.zip ... inflating: demo/init_stack.sh
Post-installation steps
Configure ActiveMQ broker access from the browser
Your browser connects to the ActiveMQ broker to retrieve values. In order to be able of connecting, you need to enter as superadmin and change the parameter net.azeti.cloud.mqtt.url in the cloud configuration. Set it to the URL of your machine. Remember to open the corresponding port in your server.
Upload Site Controller software.
In order to work with templates, you will need to upload a current version of Site Controller to the cloud.
Demo Stack Usage
...
Execute
init_stack.sh
and follow the instructions. It will automatically pull the required images and files from the azeti repository and set up the basic system.Code Block ~/Downloads/demo ❯❯❯ ./init_stack.sh For this script to work, you need credentials for the DockerHub and you must have read access to the Azeti Organization! Enter DockerHub username and press [ENTER]:
Docker Stack Administration
The azeti Engine stack comes with a collection of admin administrative scripts which basically wrap around docker-compose
. Change into the demo directory to access the scripts.
Code Block |
---|
azeti@ubuntu:~/demo$ ll total 48 ... -rwxr-xr-x 1 azeti azeti 101 May 31 17:40 start_stack.sh* -rwxr-xr-x 1 azeti azeti 99 May 31 17:40 stop_stack.sh* -rwxr-xr-x 1 azeti azeti 915 May 31 17:40 update_stack.sh* |
Starting and Stopping
Use the start and stop script.
...
Code Block |
---|
azeti@ubuntu:~/demo$ sudo ./start_stack.sh Starting the full stack... Starting influxdb_data ... done Starting db_data ... done Starting db ... done Starting influxdb ... done ... |
Update
You can eaisly easily update the full stack with the script, it does a docker-compose pull ...
and fetches the latest application builds. Make sure to create backups before hand.
Code Block |
---|
azeti@ubuntu:~/demo$ sudo ./update_stack.sh Enter DockerHub username and press [ENTER]: Enter DockerHub password and press [ENTER]: Login Succeeded Stopping the full stack... Stopping sscdemo_tomcat_1 ... done Stopping sscdemo_activemq_1 ... done Stopping sscdemo_influxdb_1 ... done Stopping sscdemo_db_1 ... done Pulling tomcat (azeti/tomcat-data:latest)... latest: Pulling from azeti/tomcat-data 8b87079b7a06: Already exists .. Starting sscdemo_db_data_1 ...Starting activemq ... done Starting tomcat ... done |
Log Rotation
Docker will not rotate container logfiles automatically. This can cause high disk usages and large amount of log file data. Check with your Docker Administrator if any log rotation is already configured. Below is an easy approach (based upon this article) for regular rotation using logrotate.
- Create a new Logrotate config file in
/etc/logrotate.d/docker-container
Enter the below configuration
Code Block var/lib/docker/containers/*/*.log { rotate 7 daily compress size=1M missingok delaycompress copytruncate }
Start
logrotate
with the new configurationCode Block logrotate -fv /etc/logrotate.d/docker-container
Next Steps
Info | ||
---|---|---|
| ||
|