beta-vlo-clarin.esc.rzg.mpg.de
Basic information
Updates
Manually, by CLARIN-ERIC sysops.
Update history
| Date | Updater | Changes | Details |
| 2018-01-12 | andmor | Installed 1, Upgraded 49, Removed 1 | details |
| 2016-02-18 | wilelb | Installed 1, Upgraded 137, Removed 1 | details |
Backups
Firewall
Firewalld, managed by by CLARIN-ERIC sysops.
Virtual Hosts
- catalog production website
- clarin private docker registry?
- clarin maven repository
- clarin ce archive?
Detailed information
Services
- docker
Applications
- nginx proxy (dockerized)
- vlo beta (dockerized)
- vlo solr importer (dockerized)
Docker
Quickstart
These are the quickstart commands without explanation. We assume: (1) the data to be available in "/srv/vlo-data" on the host system, (2) port 80 to be available on the host system.
docker pull docker.clarin.eu/vlo-beta:1.0.1 docker pull docker.clarin.eu/nginx-proxy-vlo:1.0.0 docker create --name vlo-beta -p 8080:8080 -e "SOLR_DATA=/opt/solr-data" -v /srv/vlo-data/:/srv/vlo-data docker.clarin.eu/vlo-beta:1.0.1 #docker create --name nginx -p 80:80 docker.clarin.eu/nginx-proxy:1.0.0 docker create --name nginx -p 80:80 -v /srv/vlo-data/:/srv/vlo-data docker.clarin.eu/nginx-proxy-vlo:1.0.0 docker start vlo-beta docker start nginx docker run -ti --rm -v /srv/vlo-data/:/srv/vlo-data/ docker.clarin.eu/vlo-beta:1.0.1 /opt/importer.sh
Linking explained
There are several ways to allow containers to access each other.
The default approach is linking containers together. This creates a unidirectional link from container A --> B. If we run a service in container B and an nginx proxy in container A we can create such a link and allow communication from the nginx proxy to the service.
This approach has the following advantages:
- Containers don't need to map ports to the host.
- Containers can run services on the same port.
This approach has the following drawbacks:
- Communication is unidirectional. You cannot easily create a bidirectional link.
- This approach creates a dependency between the containers; container B must be running before container A. This is especially bad when proxying multiple containers, since this will introduce downtime for all services behind the proxy when updating a single service.
And alternative is using the ip address of the shared docker interface (docker0). The docker daemon will create a virtual network interface in the host and one for each container. Each container interface is linked to this host interface and therefore all containers have access to each other via the ip of this host interface.
To find the ip address for the shared docker interface, run "ip a | grep inet | grep docker0" on the host and look for the ip address.
Assuming docker0 has the default ip "172.17.42.1", you should run or create your docker containers by binding the specific container ports to the docker host interface as follows:
... -p 172.17.42.1:<port>:<port> ...
This allows containers to communicate over the docker0 interface while not being accessible from another, possible public, interface.
This approach has the following advantages:
- Bidirectional communication
- No dependencies between container. You can safely restart one of the containers behind the proxy without affecting the proxy or the other containers.
This approach has the following drawbacks:
- Containers must map ports to the host (you can limit this to the shared docker interface and not the public network interface)
- Each container must expose unique port(s).
If a firewall is running on the host, communication via the docker0 interface might be blocked.
CentOS: Check which zones are active:
firewall-cmd --get-active-zones
If the docker0 interface is not associated with any zone, run the following to add the docker0 interface to the trusted zone (all communication allowed):
firewall-cmd --permanent --zone=trusted --change-interface=docker0 sudo firewall-cmd --reload
For this setup we use the latter approach.
Creating and running the containers
VLO-beta webapp
Pull the image from the clarin docker repository:
docker pull docker.clarin.eu/vlo-beta:1.0.1
Create a new container based on the image:
docker create --name vlo-beta -p 8080:8080 -e "SOLR_DATA=/opt/solr-data" -v /srv/vlo-data/:/srv/vlo-data docker.clarin.eu/vlo-beta:1.0.1
Where:
- the "-e" argument sets an environment variable indicating the location of the solr data directory.
- the "-v" argument maps the "/srv/vlo-data" host directory into "/srv/vlo-data" inside the container.
- the "-p" argument maps the host port 8080 to the container port 8080.
The default? approach can be used to control and manage this service.
VLO importer
No need to pull a new image, the "docker.clarin.eu/vlo-beta:1.0.1" image is reused.
Running the importer in a disposable way:
docker run -ti --rm -v /srv/vlo-data/:/srv/vlo-data/ docker.clarin.eu/vlo-beta:1.0.1 /opt/importer.sh
Where:
- "docker run -ti" creates and runs the container in the foreground.
- the "--rm" argument will ensure that the container is removed finished; the import process is run in a disposable container.
- the "-v" argument maps the "/srv/vlo-data" host directory into "/srv/vlo-data" inside the container.
- the command "/opt/importer.sh" will override the default container command and run the importer instead of starting the tomcat.
Running the importer in a reusable way:
docker run -d --name vlo-importer -v /srv/vlo-data/:/srv/vlo-data/ docker.clarin.eu/vlo-beta:1.0.1 /opt/importer.sh
Where:
- "docker run -d" creates and runs the named container in the background, this container stops but is not removed when finished.
- the "-v" argument maps the "/srv/vlo-data" host directory into "/srv/vlo-data" inside the container.
- the command "/opt/importer.sh" will override the default container command and run the importer instead of starting the tomcat.
The default? approach can be used to control this service.
Nginx proxy
We use the generic nginx tomcat proxy, which proxies port 80 for all domains to 172.17.42.1:8080, to enable access to the vlo via http.
Pull the image from the clarin docker repository:
docker pull docker.clarin.eu/nginx-proxy:1.0.0
Create a new container based on the image:
docker create --name nginx -p 80:80 docker.clarin.eu/nginx-proxy:1.0.0
The default? approach can be used to control and manage this service.
