Orion/Terminal Administration Guide/Docker Server Setup
Docker Server Setup
There are several administrative steps the system administrator needs to perform to setup Orion with Docker.
The Docker daemon need to run as root, since `lxc-start` needs root privileges. As a result, it is currently common practice to have a separate dedicated server that only runs Docker. We need to follow the filesystem guidelines in this case. Otherwise the default Docker installation procedures can be used to install the Docker server.
Starting the Docker server
The Orion server makes REST calls to the Docker server. So it is required that docker run in daemon mode binding to a TCP port. To do so, add to the /etc/init/docker.conf file:
DOCKER_OPTS="-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock"
Create a default Docker image named orion.base
Orion has provided a default Dockerfile that can be used to create an orion.base Docker image. Each user gets terminal access via a Docker container created using this image. To create the image, run the command
sudo docker build -t="orion.base" .
The command needs to be run in the folder containing the Dockerfile
The default Dockerfile provided by Orion adds support to the terminal for: git, vi, grunt, and node.js capabilities. If you want to provide your users additional capabilities via the terminal, then you need to add these to your Dockerfile.
Handle Orion user file access
As we mention in filesystem guidelines, it is expected that the Orion server process is not running as root. Docker needs to use a similar account, otherwise files Docker creates from the terminal would be owned by root.
The orion.base Dockerfile provided by Orion creates an account:
# Configure a local user to interact with the volumes RUN addgroup oriongroup RUN adduser --home /OrionContent --shell /bin/bash --uid 1000 --gecos "Orion User,,," --ingroup oriongroup --disabled-password orionuser
The uid 1000 should match the uid on the Orion server.
For example, if the Orion server is running using the admin account and admin is uid 1000, then the Dockerfile also needs uid 1000. It follows that the NFS `anonuid` and `anongid` should also be using these same ids.
Specify Docker Server in orion.conf
The Orion server will make REST calls to the Docker server. To specify the Docker server URL, add an entry to the orion.conf:
More information is provided at Reverse Proxy Server Setup, but if the client browser accesses the docker server through a different URL than that used by the Orion server based on the network topology, you can specify a second entry in the orion.conf: