Docker Deployments

Using Docker to run EnterMedia has a number of advantages. Including:

  • Ability to run on all major OS’s such as Ubuntu with consistent behavior.
  • Separation of data vs application. Keeps your backups clean
  • Ability to run a cluster with multiple docker nodes

Install EnterMedia on Docker

  1. Make you sure you have a recent Docker version. Uninstall old versions if needed (see Advanced Setup section)
  2. Install the latest Docker on Ubuntu/Debian/All 64 bit platforms
    curl -s https://get.docker.com/ | sudo bash -s
    sudo service docker start
    ##Install the stable version
    sudo yum remove -y docker docker-common docker-selinux docker-engine-selinux docker-engine docker-ce
    sudo yum-config-manager --disable docker-ce-edge
    sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    sudo yum makecache fast
    sudo yum install -y docker-ce
    sudo service docker start
  3. Or install Docker on Windows
  4. Install EnterMediaDB Docker with a customer site name, and unique node number between 100-256 using a simple setup script. For example:
    curl -o entermedia-docker.sh -jL docker.entermediadb.org
    sudo bash ./entermedia-docker.sh xyzcorp 100
  5. Once complete you should then be able to connect locally from the host machine:
    curl http://172.18.0.100:8080
  6. All your important files will be stored in host computer: /media/emsites/xyzcorp
  7. start, stop, logs, update.sh, bash scripts can be found in /media/emsites/xyzcorp/100/
  8. You can upgrade to the dev builds of EnterMedia by running updatedev.sh
  9. NGINX should be used for ssl and load balancing on the host computer pointing to http://172.101.0.100:8080

Advanced Setup

Clean up older versions of Docker:

Debian:
sudo apt-get purge docker-engine docker.io
sudo apt-get autoremove --purge docker-engine
sudo apt-get autoclean
RedHat/CentOS:

sudo yum remove docker-engine docker-selinux
sudo rm -rf /var/lib/docker
sudo yum update iptables

Firewall

Disable the CSF Firewall that is not compatible with Docker. Edit and use our simple customization IPTables firewall script. You only have to edit LOCAL_NETWORK=192.168.100.0 to match your custom Network. Follow this instructions to make Iptables firewall rules persistent on reboot.

To setup a cluster of Docker instances

  • The firewall script allows certain IP addresses to have access to port 9200 and 9300 that ElasticSearch uses for clustering. It also allows the NFS ports to be open so that the site can be shared among the nodes.
  • There are several options for clustering:
    • Share the /media/emsites/xyzcorp drive among all the nodes as a network drive
    • Run all the nodes on one machine with a shared volume
    • Experimental: Use a bi-directional sync tool such as https://getsync.com/ to keep /media/emsites/xyzcorp in sync
  • Always use a unique port number for each Docker instance even if they are other servers. This allows unique node id’s to be defined.

Starting on Bootup

sudo sysctl docker on *** deprecated
sudo systemctl enable docker

Setup Docker service to start after the Firewall service and any NFS mount required by EnterMedia. Modify Docker service config file at:

sudo vi /usr/lib/systemd/system/docker.service

to looks something like:

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service "opt-entermedia-webapp-WEB\x2dINF-data.mount"
Wants=network-online.target
ConditionPathExists=/opt/entermedia/webapp/WEB-INF/data/media

Now restart systemctl daemon:

sudo systemctl daemon-reload

Cluster of Dockers

Across machines: Each node needs to have the host computers IP addresses set. See: /media/emsites/xyzcorp/100/tomcat/conf/node.xml  

<property id="discovery.zen.ping.unicast.hosts">172.101.0.100:9300,172.101.0.101:9300</property>
<property id="network.bind_host">0.0.0.0</property>
<property id="network.publish_host">172.101.0.100</property>

Note that the publish host has to match the external IP address of the host machine. Also check that the firewall script allows local network traffic to ElasticSearch ports as configured in entermedia-docker.sh i.e. 9100

Load Balancer

To access this Docker from remote location you will need to setup a Load Balancer