Jump to: navigation, search

Orion/Terminal Administration Guide/Docker Server Setup

Docker Server Setup

There are several administrative steps the system administrator needs to perform to setup Orion with Docker.

Server assumptions

The Docker daemon need to run as root, since `lxc-start` needs root privileges. As a result, it is currently common practice to have a separate dedicated server that only runs Docker. We need to follow the filesystem guidelines in this case. Otherwise the default Docker installation procedures can be used to install the Docker server.

Starting the Docker server

The Orion server makes REST calls to the Docker server. So it is required that docker run in daemon mode binding to a TCP port.

On Ubuntu, update the /etc/default/docker file to include:

 DOCKER_OPTS="-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock"

On RedHat, update the /etc/sysconfig/docker file to include:

 other_args="-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock"

Create a default Docker image named orion.base

Orion has provided a default Dockerfile that can be used to create an orion.base Docker image. Each user gets terminal access via a Docker container created using this image. To create the image, run the command

 sudo docker build -t="orion.base" .

The command needs to be run in the folder containing the Dockerfile

The default Dockerfile provided by Orion adds support to the terminal for: git, vi, grunt, and node.js capabilities. If you want to provide your users additional capabilities via the terminal, then you need to add these to your Dockerfile.

Handle Orion user file access

As we mention in filesystem guidelines, it is expected that the Orion server process is not running as root. Docker needs to use a similar account, otherwise files Docker creates from the terminal would be owned by root.

The orion.base Dockerfile provided by Orion creates an account:

 # Configure a local user to interact with the volumes
 RUN addgroup oriongroup
 RUN adduser --home /OrionContent --shell /bin/bash --uid 1000 --gecos "Orion User,,," --ingroup oriongroup --disabled-password orionuser

The uid 1000 should match the uid on the Orion server.

For example, if the Orion server is running using the admin account and admin is uid 1000, then the Dockerfile also needs uid 1000. It follows that the NFS `anonuid` and `anongid` should also be using these same ids.

Specify Docker Server in orion.conf

The Orion server will make REST calls to the Docker server. To specify the Docker server URL, add an entry to the orion.conf:

 orion.core.docker.uri=http://docker.example.com:4243

More information is provided at Reverse Proxy Server Setup, but if the client browser accesses the docker server through a different URL than that used by the Orion server based on the network topology, you can specify a second entry in the orion.conf:

 orion.core.docker.uri=http://docker.example.com:4243
 orion.core.docker.proxy.uri=http://prod.example.com

Docker Setup Checklist

1) From a user (not root) you can run the docker version command ==> docker is running and setup properly

 $ docker --version
 Docker version 0.9.0, build 2b3fdf2

2) From a browser you can get the docker version JSON ==> docker is running and we can talk to the docker daemon web interface

 http://localhost:4243/version
 {
 Arch: "amd64",
 GitCommit: "2b3fdf2",
 GoVersion: "go1.2.1",
 KernelVersion: "3.11.0-17-generic",
 Os: "linux",
 Version: "0.9.0"
 }

3) From a browser you can get the Orion docker version JSON ==> the Orion server can talk to the docker daemon web interface

 http://localhost:8080/docker/version
 {
 Version: "0.9.0"
 }