SymbIoTeCore from docker

Core Deployment

This document explains how to run the symbIoTe Core components using docker. There are two ways to run docker:

1. directly (on linux)
2. docker-machine (previously boot2docker) - in virtual machine

This influences how to expose port in virtual machine to local machine. So, there are 2 ways to run ngrok and 2 ways to expose port in production environment.

1. Preparation steps

1.1. Install prerequisites:

• docker (18.03.x),
• docker-compose (1.21.x),
• docker-machine (0.14.x),
• bash,
• curl

1.2. Create the Core AAM certificate required for your deployment

You need to create a PKCS12 keystore containing a certificate and put it inside the configuration folder:

• self-signed
• with CA property enabled
• with the following encryption params
  • SIGNATURE_ALGORITHM=SHA256withECDSA
  • CURVE_NAME=secp256r1
  • KEY_PAIR_GEN_ALGORITHM=ECDSA
• with the CN value set according to AAMConstants.java field CORE_AAM_INSTANCE_ID value (e.g. currently SymbIoTe_Core_AAM)
• with the certificate entry name "symbiote_core_aam"

This keystore will be used to self-initiliaze the AAM codes as Core AAM. For creating it you can e.g. use the openssl tool https://linux.die.net/man/1/openssl.

1.3. Create folder for your deployment

---

IMPORTANT NOTE

Starting from release 3.1.0, there are 2 extra steps needed as noted below.

---

• mkdir symbiote-core
• create a folder named configuration inside your deployment folder

`cd symbiote-core` 
`mkdir configuration` 

• copy the necessary configuration files from here to the configuration folder. Keep the structure unchanged
• clone the CoreConfigProperties inside the configuration folder (Starting from release 3.1.0):

git clone https://github.com/symbiote-h2020/SymbioteCore.git configuration/CloudConfigProperties

• fill in all the fields marked with FILL ME in the TODO section of the following files:
  • CoreConfigProperties/application.properties
  • AuthenticationAuthorizationManager/bootstrap.properties
  • bootstrap.properties
• enter the CoreConfigProperties folder, make any changes (if) you want in the properties (e.g. rabbitMQ credentials) and commit the changes (Starting from release 3.1.0):

cd CoreConfigProperties
git commit -am "SymbIoTe Core configuration"
cd ..

• create a docker volume to hold the CoreConfigProperties. Replace the {docker stack name} (e.g. symbiote-app) in the command below with your selected docker stack name (Starting from release 3.1.0):

docker container run --rm -v $PWD/CoreConfigProperties:/source -v {docker stack name}_symbiote-vol-config:/home/CoreConfigProperties -w /source alpine cp -r . /home/CoreConfigProperties/

• copy the docker-compose files:
  • docker-compose-swarm-core.yml and docker-compose-prod-swarm-core.yml.
  • Also, docker-compose-ngrok-swarm-core.yml to run ngrok.
• uncomment and configure the proxy settings in the docker compose file (docker-compose-swarm-core.yml) if you are behind a proxy.

2. Configuring and starting components depending on your preferred deployment

2.1. Production, without docker-machine (boot2docker)

1. Obtain certificate as described in https://github.com/symbiote-h2020/SymbioteCloud/wiki/2.1-Configuration-of-NGINX#2111-obtaining-the-ssl-certificate

   • Create directory nginx-certificates in the configuration directory
     $ cd configuration
$ mkdir nginx-certificates

   • Copy certificates to nginx-certificates (
     $ sudo cp /etc/letsencrypt/live/{your domain}/fullchain.pem nginx-certificates
$ sudo cp /etc/letsencrypt/live/{your domain}/privkey.pem nginx-certificates
$ cd ../../

2. Run docker swarm init if the node is not a swarm manager. We use the swarm mode so that secrets are encrypted during transit and at rest. Docker secrets are only available to swarm services and not to standalone containers.

3. Run docker stack deploy -c docker-compose-swarm-core.yml -c docker-compose-prod-swarm.yml symbiote-core to deploy the application. You can change the name of the service stack (symbiote-core) to be used.

4. You can run:

   • docker stack ls to list the stack and check the number of services used.
   • docker image ls to check that all images have been created. It may take a while to pull all the images from DockerHub for the first time.
   • docker service ls to list the services and check their status. Wait until the actual number of tasks (replicas) for each service is not 0.
   • docker logs <container_name> -f to get access to and follow the logs of a service. A component is ready when a message similar to 'Started <component_name> in 105.045 seconds (JVM running for 112.933)' appears in the logs of the container.
   • sudo service docker restart to restart the docker service if needed and repeat the steps.

5. Run docker stack rm symbiote-core to stop the application and remove the service stack. Services, networks, and secrets associated with the stack will be removed.

6. You can run docker swarm leave --force to leave the swarm.

2.2. Production, with docker-machine (boot2docker)

1. Obtain certificate as described previously
2. The following command maps
   • port 443 in default docker-machine (localhost:443) to
   • local computer at port 443 on all interfaces (0.0.0.0:443)
     docker-machine ssh default -L 0.0.0.0:443:localhost:443
3. Run steps 2-6 as described previously in Section 2.1.

2.3. Hackathon, without docker-machine (boot2docker)

Before starting with hackathon environment you need to install ngrok (https://github.com/symbiote-h2020/SymbioteCloud/wiki/2.1-Configuration-of-NGINX#2121-ngrok).

1. Run docker stack deploy -c docker-compose-swarm-core.yml -c docker-compose-prod-swarm.yml symbiote-core to deploy the application. You can change the name of the service stack (symbiote-core) to be used.
2. You can run:
   • docker stack ls to list the stack and check the number of services used.
   • docker image ls to check that all images have been created. It may take a while to pull all the images from DockerHub for the first time.
   • docker service ls to list the services and check their status. Wait until the actual number of tasks (replicas) for each service is not 0.
   • docker logs <container_name> -f to get access to and follow the logs of a service. A component is ready when a message similar to 'Started <component_name> in 105.045 seconds (JVM running for 112.933)' appears in the logs of the container.
   • sudo service docker restart to restart the docker service if needed and repeat the steps.
3. Run docker stack rm symbiote-core to stop the application and remove the service stack. Services, networks, and secrets associated with the stack will be removed.

2.4. Hackathon, with docker-machine (boot2docker)

Before starting with hackathon environment you need to install ngrok (https://github.com/symbiote-h2020/SymbioteCloud/wiki/2.1-Configuration-of-NGINX#2121-ngrok).

1. Run docker swarm init if the node is not a swarm manager.
2. Run docker-machine ssh default -L 0.0.0.0:8102:localhost:8102.
3. Run docker stack deploy -c docker-compose-swarm-core.yml -c docker-compose-ngrok-swarm-core.yml symbiote-core to deploy the application.
4. You can run:
   • docker stack ls to list the stack and check the number of services used.
   • docker image ls to check that all images have been created. It may take a while to pull all the images from DockerHub for the first time.
   • docker service ls to list the services and check their status. Wait until the actual number of tasks (replicas) for each service is not 0.
   • docker logs <container_name> -f to get access to and follow the logs of a service. A component is ready when a message similar to 'Started <component_name> in 105.045 seconds (JVM running for 112.933)' appears in the logs of the container.
   • sudo service docker restart to restart the docker service if needed and repeat the steps.
5. Run docker stack rm symbiote-core to stop the application and remove the service stack. Services, networks, and secrets associated with the stack will be removed.
6. You can run docker swarm leave --force to leave the swarm.