Docker Installation - CentOs

Using Docker to run EnterMedia has a number of advantages. Including:

  • Ability to run on all major OS's such as CentOs, RedHat or Ubuntu with consistent behavior.
  • Separation of data vs application. Keeps your backups clean
  • Ability to run a cluster with multiple docker nodes

Install EnterMedia on Docker

  1. Make you sure you have a recent Docker version.
    *Uninstall old versions if needed (see Advanced Setup section)
  2. Install the latest Docker on CentOs 7 (Review Documentation to run Docher CE on RedHat 7.x):
     curl -s https://get.docker.com/ | sudo bash -s sudo service docker start ##Install the stable version sudo yum remove -y docker docker-common docker-selinux docker-engine-selinux docker-engine docker-ce sudo yum-config-manager --disable docker-ce-edge sudo yum install -y docker-ce sudo service docker start
  3. Install EnterMediaDB Docker with a customer site name, and unique node number between 100-256 using our simple setup script. For example:
     curl -o entermedia-docker.sh -jL get-em10.entermediadb.org && sudo bash ./entermedia-docker.sh xyzcorp 100
  4. Once complete you should then be able to connect locally from the host machine:
     curl http://172.18.0.100:8080
  5. All your important files will be stored in host computer: /media/emsites/xyzcorp
  6. start, stop, logs, update.sh, bash scripts can be found in /media/emsites/xyzcorp/100/
  7. You can upgrade to the dev builds of EnterMedia by running updatedev.sh
  8. NGINX should be used for ssl and load balancing on the host computer pointing to http://172.101.0.100:8080

 

Advanced Setup

Clean up older versions of Docker:

 Debian: sudo apt-get purge docker-engine docker.io sudo apt-get autoremove --purge docker-engine sudo apt-get autoclean
 RedHat/CentOS: sudo yum remove docker-engine docker-selinux sudo rm -rf /var/lib/docker sudo yum update iptables 

 

Firewall

Disable the CSF Firewall that is not compatible with Docker. Edit and use our simple customization IPTables firewall script. You only have to edit LOCAL_NETWORK=192.168.100.0 to match your custom Network. Follow this instructions to make Iptables firewall rules persistent on reboot. To setup a cluster of Docker instances

  • The firewall script allows certain IP addresses to have access to port 9200 and 9300 that ElasticSearch uses for clustering. It also allows the NFS ports to be open so that the site can be shared among the nodes.
  • There are several options for clustering:
    • Share the /media/emsites/xyzcorp drive among all the nodes as a network drive
    • Run all the nodes on one machine with a shared volume
    • Experimental: Use a bi-directional sync tool such as https://getsync.com/ to keep /media/emsites/xyzcorp in sync
  • Always use a unique port number for each Docker instance even if they are other servers. This allows unique node id's to be defined.

 

DNS

By default, if Docker can’t find a DNS server locally defined in your /etc/resolv.conf file, containers will default to using Google’s public DNS server, 8.8.8.8, to resolve DNS.

In some office networks, the administrators intentionally block the use of public DNS servers to encourage people to use the network’s own DNS server.

You can get your internal DNS server IP running the following command:

 nmcli dev show | grep 'IP4.DNS'

Or by checking the /etc/resolv.conf file on your host machine.

Then update the Docker daemon by editing the following file:

 vi /etc/docker/daemon.json { "dns": ["INTERNAL_DNS_IP", "8.8.8.8"] } sudo service docker restart

 

Starting on Bootup

 sudo sysctl docker on *** deprecated sudo systemctl enable docker

Setup Docker service to start after the Firewall service and any NFS mount required by EnterMedia. Modify Docker service config file at:

 sudo vi /usr/lib/systemd/system/docker.service

to looks something like:

 [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service "opt-entermedia-webapp-WEB\x2dINF-data.mount" Wants=network-online.target ConditionPathExists=/opt/entermedia/webapp/WEB-INF/data/media 

Now restart systemctl daemon:

 sudo systemctl daemon-reload

 

Cluster of Dockers

Across machines: Each node needs to have the host computers IP addresses set. See: /media/emsites/xyzcorp/100/tomcat/conf/node.xml  

 <property id="discovery.zen.ping.unicast.hosts">172.101.0.100:9300,172.101.0.101:9300</property> <property id="network.bind_host">0.0.0.0</property> <property id="network.publish_host">172.101.0.100</property> 

Note that the publish host has to match the external IP address of the host machine. Also check that the firewall script allows local network traffic to ElasticSearch ports as configured in entermedia-docker.sh i.e. 9100

 

Load Balancer

To access this Docker from remote location you will need to setup a Load Balancer

 

Troubleshooting

If you receive a networking error stating conflicts or issues with the entermedia network then edit the entermedia-docker.sh script and look for the line with:

 docker network create --subnet 172.18.0.0/16 entermedia

Change this to another subnet IP address range and run the script again.

 

Note that if you have trouble creating multiple instances it might be beacause the unique identifier in entermedia is not the IP address but the name of the instance.

Instance xyzcorp at 172.18.0.100:8080 will be the same entermedia database as xyzcorp at 172.18.0.200:8080

The following instances created through our script must have different names, xyzcorpB, xyzcorpC, etc.