Running the PACC Using Docker
This section describes and provides examples for using the docker run
command to run a pre-built container image.
To run a pre-built container image, you:
- Select a PACC or an application built from the PACC.
- Determine if your cluster is secure by viewing the contents
of the file
/opt/mapr/conf/mapr-clusters.conf
. For example, the following shows a non-secure cluster:
If your cluster is secure, generate a service ticket by following the instructions in Generating a Service Ticket.my.cluster.com secure=false ip-172-24-11-84
- Use the
docker run
command to run the container. You can run the command from a Linux prompt, Windows command line, or a Mac terminal. - Verify that the container was created and is connected to the cluster.
mapr-client.sh
script file. See Creating a PACC Image Using mapr-setup.sh.Using the docker run
Command
Here is the general syntax for the docker run
command:
docker run -it -e MAPR_CLUSTER=<cluster-name> -e MAPR_TZ=<time-zone> -e MAPR_CLDB_HOSTS=<cldb-list> -e MAPR_CONTAINER_USER=<user-name> -e MAPR_CONTAINER_PASSWORD=<password> -e MAPR_CONTAINER_UID=<uid> -e MAPR_CONTAINER_GID=<gid> -e MAPR_CONTAINER_GROUP=<group-name> -e MAPR_TICKETFILE_LOCATION=/tmp/mapr_ticket -v <ticket-file-host-location>:/tmp/mapr_ticket:ro -e MAPR_MOUNT_PATH=<path_to_fuse_mount_point> --cap-add SYS_ADMIN --cap-add SYS_RESOURCE --device /dev/fuse --security-opt apparmor:unconfined <image-name>
docker run
command will fail.Key | Variable | Mandatory/Optional | Description |
---|---|---|---|
MAPR_CLUSTER |
<cluster-name> |
Mandatory | The name of the Data Fabric cluster to which the container will connect. |
MAPR_CLDB_HOSTS |
<cldb-list> |
Mandatory | CLDB host IP addresses separated by a comma. For
example:
|
MAPR_CONTAINER_USER |
<user-name> |
Mandatory | The user that the user application inside the Docker container will run as.
This configuration is functionally equivalent to the Docker native
-u or --user . Do not use Docker
-u or --user , as the container needs to start
as the root user to bring up FUSE before switching to the
MAPR_CONTAINER_USER.The user specified here is the user that all storage
operations on the Data Fabric cluster will be
performed as. Therefore, HPE recommends not using For secure clusters, this user must match the user in the ticket passed via MAPR_TICKETFILE_LOCATION. This user also
owns the |
MAPR_CONTAINER_PASSWORD |
<password> | Optional | The password of the user running inside the container. If not specified, it defaults to the <user-name>. |
MAPR_TZ |
<time-zone> |
Optional | The time zone inside the container. For a list of time-zone settings, see this website. The default is UTC. |
MAPR_CONTAINER_UID |
<uid> |
Optional | The UID that the application inside the Docker container will run as. This is
a companion to the MAPR_CONTAINER_USER option. If a UID is not provided, the
default is UID 1000. Providing a UID is strongly recommended. For secure clusters, this UID must match the UID specified in the ticket file. |
MAPR_CONTAINER_GID |
<gid> |
Optional | The GID that the application inside the Docker container will run as. This is
a companion to the MAPR_CONTAINER_USER option. If a GID is not provided, the
default is GID 1000. Providing a GID is strongly recommended. For secure clusters, this GID must match the GID specified in the ticket file. |
MAPR_CONTAINER_GROUP |
<group-name> |
Optional | The group that the application inside the Docker container will run as. This
is a companion to the MAPR_CONTAINER_USER option. If a group name is not provided,
the default is users . Providing a group name is strongly
recommended.For secure clusters, the group must match the group specified in the ticket file. |
MAPR_TICKETFILE_LOCATION |
/tmp/mapr_ticket |
Optional (required only for a secure cluster) | The location inside the container where the ticket file resides. For more information about tickets, see Managing Tickets. |
MAPR_MOUNT_PATH |
<path-to-fuse-mount-point> |
Optional (required only for FUSE client use) | The path to the FUSE mount point. If this parameter is not specified, the FUSE client is disabled. |
-v |
<ticket-file-host-location>:/tmp/mapr_ticket:ro |
Optional (required only for a secure cluster) | The location of the ticket on the host where you are running the container,
and the desired location of the ticket file in the Docker container. The
docker run command maps the location on the host with the
location inside the container. ro means read-only.
-v refers to a volume mount.Make sure the owner and group on the host ticket file match the UID and GID specified in the ticket file. |
--cap-add |
SYS_ADMIN |
Optional (required only for FUSE use) | A parameter that is needed for the FUSE process to start inside the
container, as root access to the FUSE device is required. |
--cap-add |
SYS_RESOURCE |
Optional (required only for FUSE use) | A parameter that is required for the FUSE process to start. |
--device |
/dev/fuse |
Optional (required only for FUSE use) | A parameter that is required to mount the FUSE device. |
<image-name> |
Mandatory | The name of the container image to run. This is either the Persistent Application Client Container (PACC) or a custom application container built from the PACC. | |
--security-opt |
apparmor:unconfined |
Optional (required only on Ubuntu hosts) | A parameter that is required for FUSE on Ubuntu hosts. For more information, see Docker-16429. |
Example docker run
Commands
docker run
command:- Secure Cluster with FUSE-Based POSIX Client
- Secure Cluster without FUSE-Based POSIX Client
- Non-Secure Cluster with FUSE-Based POSIX Client
- Non-Secure Cluster without FUSE-Based POSIX Client
The following command generates a service ticket on the cluster or a client that is valid
for 30 days. (For more maprlogin
command examples, see maprlogin Command
Examples).
maprlogin generateticket -type service -cluster cluster1 -duration 30:0:0 -out /tmp/bobs_ticket -user bob
The ticket can be copied from /tmp/bobs_ticket
to
/user/tickets/bobs_ticket
on the container host and used in the following
docker run
commands for secure clusters:
Secure Cluster with FUSE-Based POSIX Client
docker run -it -e MAPR_CLUSTER=cluster1 -e MAPR_CLDB_HOSTS=CLDB_1,CLDB_2 -e MAPR_CONTAINER_USER=bob -e MAPR_TICKETFILE_LOCATION=/tmp/mapr_ticket -v /user/tickets/bobs_ticket:/tmp/mapr_ticket:ro -e MAPR_MOUNT_PATH=/mapr --cap-add SYS_ADMIN --cap-add SYS_RESOURCE --device /dev/fuse maprtech/pacc:5.2.1_3.0_centos7
Secure Cluster without FUSE-Based POSIX Client
docker run -it -e MAPR_CLUSTER=cluster1 -e MAPR_CLDB_HOSTS=CLDB_1,CLDB_2 -e MAPR_CONTAINER_USER=bob -e MAPR_TICKETFILE_LOCATION=/tmp/mapr_ticket -v /user/tickets/bobs_ticket:/tmp/mapr_ticket:ro maprtech/pacc:5.2.1_3.0_centos7
Non-Secure Cluster with FUSE-Based POSIX Client
docker run -it --cap-add SYS_ADMIN --cap-add SYS_RESOURCE --device /dev/fuse -e MAPR_CLUSTER=cluster1 -e MAPR_CLDB_HOSTS=CLDB_1,CLDB_2 -e MAPR_CONTAINER_USER=bob -e MAPR_CONTAINER_GROUP=dev -e MAPR_CONTAINER_UID=10000 -e MAPR_CONTAINER_GID=10000 -e MAPR_MOUNT_PATH=/mapr maprtech/pacc:5.2.1_3.0_centos7
Non-Secure Cluster without FUSE-Based POSIX Client
docker run -it -e MAPR_CLUSTER=cluster1 -e MAPR_CLDB_HOSTS=CLDB_1,CLDB_2 -e MAPR_CONTAINER_USER=bob -e MAPR_CONTAINER_GROUP=dev -e MAPR_CONTAINER_UID=10000 -e MAPR_CONTAINER_GID=10000 maprtech/pacc:5.2.1_3.0_centos7
To re-launch a container, you can use these Docker commands:
# docker ps -a
# docker start <container-run-ID>
Use docker start -i
if you need to start with an interactive shell.
Verifying the Launch of the PACC
docker run
command, you should see the Starting
services
message. For
example:Starting services (mapr-posix-client-container)...
Started service mapr-posix-client-container
...Success
$
ls
$MAPR_MOUNT_PATH
command to test the connection to the cluster. This command
should return the cluster name. For
example:$ ls $MAPR_MOUNT_PATH
cluster1
$ ls $MAPR_MOUNT_PATH/cluster1
apps var user hbase opt tmp