Running the PACC Using Docker

This section describes and provides examples for using the docker run command to run a pre-built container image.

To run a pre-built container image, you:

  1. Select a PACC or an application built from the PACC.
  2. Determine if your cluster is secure by viewing the contents of the file /opt/mapr/conf/mapr-clusters.conf. For example, the following shows a non-secure cluster:
    my.cluster.com secure=false ip-172-24-11-84
    If your cluster is secure, generate a service ticket by following the instructions in Generating a Service Ticket.
  3. Use the docker run command to run the container. You can run the command from a Linux prompt, Windows command line, or a Mac terminal.
  4. Verify that the container was created and is connected to the cluster.
NOTE
You run user-created images from the mapr-client.sh script file. See Creating a PACC Image Using mapr-setup.sh.

Using the docker run Command

Here is the general syntax for the docker run command:

docker run -it -e MAPR_CLUSTER=<cluster-name> -e MAPR_TZ=<time-zone> -e MAPR_CLDB_HOSTS=<cldb-list> -e MAPR_CONTAINER_USER=<user-name> -e MAPR_CONTAINER_PASSWORD=<password> -e MAPR_CONTAINER_UID=<uid> -e MAPR_CONTAINER_GID=<gid> -e MAPR_CONTAINER_GROUP=<group-name> -e MAPR_TICKETFILE_LOCATION=/tmp/mapr_ticket -v <ticket-file-host-location>:/tmp/mapr_ticket:ro -e MAPR_MOUNT_PATH=<path_to_fuse_mount_point> --cap-add SYS_ADMIN --cap-add SYS_RESOURCE --device /dev/fuse --security-opt apparmor:unconfined <image-name>
The following table describes the keys and variables used in the syntax:
NOTE
Pay special attention to the mandatory parameters. If you neglect to specify all mandatory parameters, the docker run command will fail.
Key Variable Mandatory/Optional Description
MAPR_CLUSTER <cluster-name> Mandatory The name of the Data Fabric cluster to which the container will connect.
MAPR_CLDB_HOSTS <cldb-list> Mandatory CLDB host IP addresses separated by a comma. For example:

(hostname[:port_no][,hostname[:port_no]...])

MAPR_CONTAINER_USER <user-name> Mandatory The user that the user application inside the Docker container will run as. This configuration is functionally equivalent to the Docker native -u or --user. Do not use Docker -u or --user, as the container needs to start as the root user to bring up FUSE before switching to the MAPR_CONTAINER_USER.

The user specified here is the user that all storage operations on the Data Fabric cluster will be performed as. Therefore, HPE recommends not using root or mapr.

For secure clusters, this user must match the user in the ticket passed via MAPR_TICKETFILE_LOCATION.

This user also owns the /opt/mapr directory tree.

MAPR_CONTAINER_PASSWORD <password> Optional The password of the user running inside the container. If not specified, it defaults to the <user-name>.
MAPR_TZ <time-zone> Optional The time zone inside the container. For a list of time-zone settings, see this website. The default is UTC.
MAPR_CONTAINER_UID <uid> Optional The UID that the application inside the Docker container will run as. This is a companion to the MAPR_CONTAINER_USER option. If a UID is not provided, the default is UID 1000. Providing a UID is strongly recommended.

For secure clusters, this UID must match the UID specified in the ticket file.

MAPR_CONTAINER_GID <gid> Optional The GID that the application inside the Docker container will run as. This is a companion to the MAPR_CONTAINER_USER option. If a GID is not provided, the default is GID 1000. Providing a GID is strongly recommended.

For secure clusters, this GID must match the GID specified in the ticket file.

MAPR_CONTAINER_GROUP <group-name> Optional The group that the application inside the Docker container will run as. This is a companion to the MAPR_CONTAINER_USER option. If a group name is not provided, the default is users. Providing a group name is strongly recommended.

For secure clusters, the group must match the group specified in the ticket file.

MAPR_TICKETFILE_LOCATION /tmp/mapr_ticket Optional (required only for a secure cluster) The location inside the container where the ticket file resides. For more information about tickets, see Managing Tickets.
MAPR_MOUNT_PATH <path-to-fuse-mount-point> Optional (required only for FUSE client use) The path to the FUSE mount point. If this parameter is not specified, the FUSE client is disabled.
-v <ticket-file-host-location>:/tmp/mapr_ticket:ro Optional (required only for a secure cluster) The location of the ticket on the host where you are running the container, and the desired location of the ticket file in the Docker container. The docker run command maps the location on the host with the location inside the container. ro means read-only. -v refers to a volume mount.

Make sure the owner and group on the host ticket file match the UID and GID specified in the ticket file.

--cap-add SYS_ADMIN Optional (required only for FUSE use) A parameter that is needed for the FUSE process to start inside the container, as root access to the FUSE device is required.
--cap-add SYS_RESOURCE Optional (required only for FUSE use) A parameter that is required for the FUSE process to start.
--device /dev/fuse Optional (required only for FUSE use) A parameter that is required to mount the FUSE device.
<image-name> Mandatory The name of the container image to run. This is either the Persistent Application Client Container (PACC) or a custom application container built from the PACC.
--security-opt apparmor:unconfined Optional (required only on Ubuntu hosts) A parameter that is required for FUSE on Ubuntu hosts. For more information, see Docker-16429.

Example docker run Commands

Here are four examples for using the docker run command:
  • Secure Cluster with FUSE-Based POSIX Client
  • Secure Cluster without FUSE-Based POSIX Client
  • Non-Secure Cluster with FUSE-Based POSIX Client
  • Non-Secure Cluster without FUSE-Based POSIX Client

The following command generates a service ticket on the cluster or a client that is valid for 30 days. (For more maprlogin command examples, see maprlogin Command Examples).

maprlogin generateticket -type service -cluster cluster1 -duration 30:0:0 -out /tmp/bobs_ticket -user bob

The ticket can be copied from /tmp/bobs_ticket to /user/tickets/bobs_ticket on the container host and used in the following docker run commands for secure clusters:

Secure Cluster with FUSE-Based POSIX Client

docker run -it -e MAPR_CLUSTER=cluster1 -e MAPR_CLDB_HOSTS=CLDB_1,CLDB_2 -e MAPR_CONTAINER_USER=bob -e MAPR_TICKETFILE_LOCATION=/tmp/mapr_ticket -v  /user/tickets/bobs_ticket:/tmp/mapr_ticket:ro -e MAPR_MOUNT_PATH=/mapr --cap-add SYS_ADMIN --cap-add SYS_RESOURCE --device /dev/fuse maprtech/pacc:5.2.1_3.0_centos7

Secure Cluster without FUSE-Based POSIX Client

docker run -it -e MAPR_CLUSTER=cluster1 -e MAPR_CLDB_HOSTS=CLDB_1,CLDB_2 -e MAPR_CONTAINER_USER=bob -e MAPR_TICKETFILE_LOCATION=/tmp/mapr_ticket -v  /user/tickets/bobs_ticket:/tmp/mapr_ticket:ro maprtech/pacc:5.2.1_3.0_centos7

Non-Secure Cluster with FUSE-Based POSIX Client

In a non-secure cluster, specifying the MAPR_CONTAINER_USER, MAPR_CONTAINER_GROUP, MAPR_CONTAINER_UID, and MAPR_CONTAINER_GID is strongly recommended, and these values must match the user credentials on the server:
docker run -it --cap-add SYS_ADMIN --cap-add SYS_RESOURCE --device /dev/fuse -e MAPR_CLUSTER=cluster1 -e MAPR_CLDB_HOSTS=CLDB_1,CLDB_2 -e MAPR_CONTAINER_USER=bob -e MAPR_CONTAINER_GROUP=dev -e MAPR_CONTAINER_UID=10000 -e MAPR_CONTAINER_GID=10000 -e MAPR_MOUNT_PATH=/mapr maprtech/pacc:5.2.1_3.0_centos7

Non-Secure Cluster without FUSE-Based POSIX Client

In a non-secure cluster, specifying the MAPR_CONTAINER_USER, MAPR_CONTAINER_GROUP, MAPR_CONTAINER_UID, and MAPR_CONTAINER_GID is strongly recommended, and these values must match the user credentials on the server:
docker run -it -e MAPR_CLUSTER=cluster1 -e MAPR_CLDB_HOSTS=CLDB_1,CLDB_2 -e MAPR_CONTAINER_USER=bob -e MAPR_CONTAINER_GROUP=dev -e MAPR_CONTAINER_UID=10000 -e MAPR_CONTAINER_GID=10000 maprtech/pacc:5.2.1_3.0_centos7
TIP

To re-launch a container, you can use these Docker commands:

# docker ps -a
# docker start <container-run-ID>

Use docker start -i if you need to start with an interactive shell.

Verifying the Launch of the PACC

After running the docker run command, you should see the Starting services message. For example:
Starting services (mapr-posix-client-container)...
Started service mapr-posix-client-container
...Success
$
When the installation is successful, the client connects to the cluster, storage is mounted, and the FUSE POSIX client is started automatically. Use the ls $MAPR_MOUNT_PATH command to test the connection to the cluster. This command should return the cluster name. For example:
$ ls $MAPR_MOUNT_PATH
cluster1
To display some directories on the cluster, use this command:
$ ls $MAPR_MOUNT_PATH/cluster1
apps var user hbase opt tmp