TANGO Docker container
|
|
---|---|
Hello, I've been asked to start a thread here regarding my Docker image with a minimal TANGO installation. The image is hosted at DockerHub: https://hub.docker.com/r/mliszcz/tango-cs This is an automated build, based on a Dockerfile which can be found in this repo: https://github.com/mliszcz/tango-cs-docker. The image contains configured MySQL instance and a few tango-* packages, including tango-test. Docker runs natively on all modern Unix-like systems (3.10.x kernel or better is required). To run the image, simply pull it from the repository and start a new container. I'm not going to explain here how docker works - there are a lot of tutorials available.
Now you may test this image with e.g. Jive, connecting to the container (IP may be obtained with docker inspect) on port 10000. I'm using this container for testing my TANGO-related projects. It is not suitable for production use. Going into production would require creating separate container for the database (with persistent storage), and separate container for each device server. I hope somebody will make use of this. Any feedback welcome. Best regards, Michal
Michal Liszcz
|
|
|
---|---|
Dear Michal, thank you for this post. It definitely is very interesting to see Tango running under Docker. I am a complete novice to Docker but I managed to use your image without any problems. I installed the latest version of Docker, downloaded your image and ran it. Using the ip address given by docker I could set TANGO_HOST and run jive and connect to TangoTest. This is amazing! But there are a few things I have not understood like where is the database? Is there a mysql running under docker? I am interested if others are planning to use Docker for Tango and how. I can imagine it as a replacement or alternate way of distributing Tango especially for device servers. Thanks for sharing this with the community. Please keep us posted of your progress. Andy |
|
|
---|---|
Hi Andy, let me give a brief overview of Docker here. Please get familiar with this link before proceeding: https://docs.docker.com/introduction/understanding-docker/ There are two primary concepts in Docker world - images and containers. * Container is just a running instance of an image. * Image - kind of VM Docker is built on top of cgroups (thus, requires modern linux kernel). The image is just a filesystem - it shares the kernel and all devices with host OS. For instance, my tango-cs image is just a Ubuntu filesystem, with MySQL (and a few packages) installed. The images are immutable - can be instantiated many times, and every time you start with a clean environment. On the other hand, containers are mutable. You can create a container from an image (`docker run -it <image> /bin/bash` should drop you into bash). Then, you can install any software inside that container. When you exit the bash, the container is stopped. To start it again, use `docker start`. Tango image may be created like this:
The other, preferred way to build an image is to use a Dockerfile. Here is mine: https://github.com/mliszcz/tango-cs-docker/blob/master/Dockerfile To create an image from a Dockerfile, just run `docker build -t my-user-on-dockerhub/my-container .` from where this Dockerfile is located. This can be automated more, if you decide to use DockerHub and GitHub. Each commit to the repository with your Dockerfile will trigger rebuilding your container (the build is handled by DockerHub). This is called 'automated build'. Docker images are 'layered'. Each command inside that container creates a new layer (the same applies to each RUN statement in Dockerfile). Visualization: https://imagelayers.io/ If you want to use my image, but you need some special software installed, you may create your own image based on mine. Just run it in interactive mode, change it the way you like and then commit. Alternatively, use Dockerfile with `FROM mliszcz/tango-cs:latest` clause. Michal
Michal Liszcz
|
|
|
---|---|
Thank you Michal for this complete presentation. :) I will add a few remarks to some questions I saw on the mailing list and detail a point or two. It is based on my understanding but I insist on the point I am not an expert : But there are a few things I have not understood like where is the database? Is there a mysql running under docker?The MySQL server is installed on the docker container of Michal. You can check this into the Dockerfile (https://github.com/mliszcz/tango-cs-docker/blob/master/Dockerfile) on the line 27 : This Dockerfile is one of the pro of docker : it makes it very simple to understand what is installed in a container.In comparison to virtual machine, container are lighter but less secured since crashing one container can affect others, which is not the case with two VM (launched on the same computer). An illustration of the difference can make it easier to understand : The mutualisation of a container is "smarter" because you only need to share differences between your image and yout host (the OS where is launched docker). Then, if another image uses same libraries or other stuff than the first image, this stuff will be shared allowing this second image to be lighter. However, this smart memory management can lead to sharing crashes which is the major drawback of container (you can not have your cake and eat it too ;)). It seems to me it is not a big issue if your two images are closely linked, and if one can not be usefull without ths other one. For example, you can think that your TANGO server will not be very usefull if your MySQL DB stops working.
- Philippe
|
|
|
---|---|
How much hardware access does Docker allow? If we package TANGO device servers with docker what hardware can they access. I presume the network but what about the PCI bus, serial port, drivers ? Andy |
|
|
---|---|
Andy I've never done that before, but check this out: https://docs.docker.com/reference/run/#runtime-privilege-linux-capabilities-and-lxc-configuration By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all devices (see lxc-template.go and documentation on cgroups devices). Philippe If these containers are intended to run on a single physical machine, why dont give Vagrant a try? It comes with multi-vm orchestration support: https://docs.vagrantup.com/v2/multi-machine/. Docker can be used in such setup as a Vagrant provider and provisioner. If you want to distribute containers on multiple machines, then Ansible may be a good choice (for provisioning). The problem might be with supervising such system - e.g. restarting failed containers.
Michal Liszcz
|
|
|
---|---|
Highly interesting indeed. I am to use lxc-based containers (possibly docker, not sure yet) in another context, and for the supervision side, I would then think of a cwmp device server, as this would help on both safe deployment/upgrade, including signature if needed, usual supervision (does it still work ?), and this could open Tango to a new world, behind cwmp |
|
|
---|---|
Hello everyone, I would like to join this interesting discussion and first of all congratulate to Michal his very good image configuration and his and Philippe’s introduction to Docker. I see two possible scenarios for Tango with Docker. First, the all-in-one image (mysql, tango-db, tango-test), exactly what Michal has already prepared. This kind of image could be very useful for automated tests as well as demonstrating purposes. We are trying to implement continuous integration for Sardana and Taurus and we plan to employ this kind of images in automated tests (see a proof-of-concept announced in this email). On the other hand we could have one-image-per-service (one for mysql, one for tango-db, one for tango-test and others for any other device server) that more resemble a microservice application deployed with Docker. This type of setup could be simply administered with the docker commands and options but the docker-compose seems to be a better tool to orchestrate. This scenario has one difficulty due to the service dependencies. Docker-compose does not provide a health-check mechanism (at least yet, see this) and starts the containers one-by-one not waiting for them to initialize. This may cause problems if for example the mysql is not fully operational yet but the tango-db already requires it, similar case is between the tango-db and the device servers. As a workaround a starting health-check script could be added to the image, repeatedly checking the required services and only when they are ready, starting the image’s service (see example). I have checked that already in a setup with few device servers and it works well. Another doubt that raised to me is if we need starter anymore in this scenario? So, for the one-image-per-service scenario we could provide the following images:
I would also like to know your opinion about the client applications both CLI and GUI. Do you also see them running within docker containers? And regarding the present all-in-one image. I’m not sure if starting processes (like the mysql service) when building the docker images is 100% correct? Cheers! Zibi |
|
|
---|---|
zreszela You mean this line?: https://github.com/mliszcz/tango-cs-docker/blob/master/Dockerfile#L29
I believe the mysql-server has to be running during the installation of tango-db. This is because the database configuration (with debconf) is triggered after tango-db installation. There are many solutions (like non-interactive installation and manual configuration), but this is the easiest one. However, remember that the mysql service is running only during the execution of this particular RUN clause. It does not affect further RUN clauses in the Dockerfile/image. Only filesystem changes are persisted. Michal
Michal Liszcz
|
|
|
---|---|
Hi Michal, I see your point. I just remember to see some publications in the internet regarding that. Since it was few months ago when I was exploring Docker I don't have it at hand right now. If I encounter it again I will drop it here. Cheers, Zibi |