ctrl k
Add Docker support (#11)
Wojciech Kapcia (Tigase) opened 6 years ago
  • configuration to prepare docker image
  • configure deployment of images/configuration to public repository/repositories
  • documentation how to use Tigase docker image, including handling configuration and updating installation to newer version.
  • Artur Hefczyc commented 6 years ago

    I think this would be task for you Wojciech.

  • Wojciech Kapcia (Tigase) commented 6 years ago

    %kobit considering that I'm not using Docker and Andrzej is running all his software using it (and also playing a bit with creating docker image of Tigase) I would say he would be better choice…

  • Artur Hefczyc commented 6 years ago

    You are a better person for this task, I am certain of it. However, feel free to ask Andrzej for help or suggestions.

  • Andrzej Wójcik (Tigase) commented 6 years ago

    %wojtek I've committed an initial version of Docker files required to build 4 different versions of Tigase XMPP Server images:

    • Tigase 8.0.0 on JDK 8
    • Tigase 8.0.0 on JDK 11
    • Tigase 8.1.0-SNAPSHOT (latest) on JDK 8
    • Tigase 8.1.0-SNAPSHOT (latest) on JDK 11

    For all images, I've used existing OpenJDK Docker images to make them easier. All of them are based on "slim" versions of those images containing only necessary stuff. I've considered creating some of them for "Alpine Linux" as well, but our startup scripts are incompatible with Alpine (there is no BASH by default).

    JDK11 images are slightly larger than JDK8 images but I've not found any issues with them (most likely different packages are installed on the base image from OpenJDK).

    You can build and run those images on your machine having docker installed with the following commands:

    Tigase 8.0.0 on JDK 8

    docker build -t tigase:8.0.0-jdk8-slim -f 8.0.0/jdk-8/slim/Dockerfile --no-cache 8.0.0/
    
    docker run -d -t -v /Users/andrzej/Development/runtime/docker-test/etc/:/home/tigase/tigase-server/etc/ -e DB_ROOT_USER=root -e DB_ROOT_PASS=me-262 -p 5222:5222 -p 8080:8080 --name test1 tigase:8.0.0-jdk8-slim
    

    Tigase 8.0.0 on JDK 11

    docker build -t tigase:8.0.0-jdk11-slim -f 8.0.0/jdk-11/slim/Dockerfile --no-cache 8.0.0/
    
    docker run -d -t -v /Users/andrzej/Development/runtime/docker-test/etc/:/home/tigase/tigase-server/etc/ -e DB_ROOT_USER=root -e DB_ROOT_PASS=me-262 -p 5222:5222 -p 8080:8080 --name test1 tigase:8.0.0-jdk11-slim
    

    Tigase 8.1.0-SNAPSHOT (latest) on JDK 8

    docker build -t tigase:latest-jdk8-slim -f latest/jdk-8/slim/Dockerfile --no-cache latest/
    
    docker run -d -t -v /Users/andrzej/Development/runtime/docker-test/etc/:/home/tigase/tigase-server/etc/ -e DB_ROOT_USER=root -e DB_ROOT_PASS=me-262 -p 5222:5222 -p 8080:8080 --name test1 tigase:latest-jdk8-slim
    

    Tigase 8.1.0-SNAPSHOT (latest) on JDK 11

    docker build -t tigase:latest-jdk11-slim -f latest/jdk-11/slim/Dockerfile --no-cache latest/
    
    docker run -d -t -v /Users/andrzej/Development/runtime/docker-test/etc/:/home/tigase/tigase-server/etc/ -e DB_ROOT_USER=root -e DB_ROOT_PASS=me-262 -p 5222:5222 -p 8080:8080 --name test1 tigase:latest-jdk11-slim
    

    Dockerfiles are filled with comments to make them easier to understand and use.

    I've added README.md file as well with the description of parameters provided by those images. I've skipped parameter defined by docker as most of docker users known them already.

    In the README file and in the examples above I've used tigase as name of the image, but I'm not sure if tigase-xmpp-server would not be a better fit. %kobit What do you think? If change is needed then you only need to replace tigase: in the above commands with tigase-xmpp-server. To publish on the Docker Hub, name will be used from the name registered on the Docker Hub, so still some adjustments may be needed.

  • Andrzej Wójcik (Tigase) commented 6 years ago

    Below is an example usage of those images for creating a cluster on the macOS with cluster connections created on the separate inner network (required on macOS).

    Creating network tigase-cluster

    docker network create -d bridge tigase-cluster
    

    Creating container tigase-c1 and connecting to network tigase-cluster

    docker run -d -t \
    -v /Users/andrzej/Development/runtime/tigase-cluster/etc/:/home/tigase/tigase-server/etc/ \
    -v /Users/andrzej/Development/runtime/tigase-cluster/c1/certs/:/home/tigase/tigase-server/certs/ \
    -v /Users/andrzej/Development/runtime/tigase-cluster/c1/logs:/home/tigase/tigase-server/logs/ \
    -e DB_ROOT_USER=root \
    -e DB_ROOT_PASS=root-pass \
    --net bridge  \
    -p 5222:5222 \
    -p 5269:5269 \
    -p 8080:8080 \
    -p 9070:9070 \
    --name tigase-c1 \
    tigase:latest-jdk11-slim
    
    docker network connect tigase-cluster tigase-c1
    

    Creating container tigase-c2 and connecting to network tigase-cluster

    docker run -d -t \
    -v /Users/andrzej/Development/runtime/tigase-cluster/etc/:/home/tigase/tigase-server/etc/ \
    -v /Users/andrzej/Development/runtime/tigase-cluster/c2/certs/:/home/tigase/tigase-server/certs/ \
    -v /Users/andrzej/Development/runtime/tigase-cluster/c2/logs:/home/tigase/tigase-server/logs/ \
    -e DB_ROOT_USER=root \
    -e DB_ROOT_PASS=root-pass \
    --net bridge  \
    -p 5322:5222 \
    -p 5369:5269 \
    -p 8380:8080 \
    -p 9370:9070 \
    --name tigase-c2 \
    tigase:latest-jdk11-slim
    
    docker network connect tigase-cluster tigase-c2
    

    Restarting instances

    After first creation it is nice to restart instances to make them see new network

    docker stop tigase-c1 && docker stop tigase-c2 && docker start tigase-c1 && docker start tigase-c2
    

    Now you should have working Tigase XMPP Cluster in Docker with 2 instances.

    I've used here same config (etc) directory for both instances to make sure that both of them have the same config. Cluster config is usually provided by me and edited directly on the host machine. tigase-c2 uses different ports as we are mapping those on the host, so they cannot use the same port. On Linux, it is possible to attach containers as a new machine to the same network to which host is connected, which make setups like that (without changing/mapping ports) a lot more useful.

    I'm posting those here as an introduction to setting up those images on Docker and a base for ie. tutorial on "How to set Tigase Cluster on Docker?".

    I'm personally using those for testing of clustering issues. Port 9070 is a port on which I'm running debugger for easy analysis of the issues.

  • Wojciech Kapcia (Tigase) commented 5 years ago

    A couple of comments and changes I made:

    • I don't think we should link latest to nightly - most of the time latest is used to denote the most up-to-date stable (and it's used by default if no tag is provided)
    • changed the structure and simplified tags: Dockerfile is not directly in version main subdirectory and possible flavour can go deeper. I also removed (suggested) tags indicating base image. I opted to change tigase to tigase-xmpp-server (and renamed repository accordingly: tigase-xmpp-server-docker - from what I checked there wasn't any links pointing to it)
    • changed base image from jdk11-slim to jre11-slim - in theory they don't build proper JRE nowadays, but still jre-flavoured distribution is available (mostly lacking JDK sources and compiler, see 11-jdk-slim and 11-jre-slim) but it's way smaller than JDK and effective Tigase image is roughly half the size (247MB vs 444MB)
    • changed and extended Readme with some example configuration, removed disclaimer about production status
    • created DockerHub repository and filled it out with information as well as published current versions (https://hub.docker.com/r/tigase/tigase-xmpp-server)
  • Andrzej Wójcik (Tigase) commented 5 years ago
    • I don't think we should link latest to nightly - most of the time latest is used to denote the most up-to-date stable (and it's used by default if no tag is provided)

    Well, latest is usually newest version and never should be considered stable as it may be changed (replaced with newer, even incompatible, version) without any warning. (https://vsupalov.com/docker-latest-tag/)

    • changed the structure and simplified tags: Dockerfile is not directly in version main subdirectory and possible flavour can go deeper. I also removed (suggested) tags indicating base image. I opted to change tigase to tigase-xmpp-server (and renamed repository accordingly: tigase-xmpp-server-docker - from what I checked there wasn't any links pointing to it)

    As for "flattening" I'm not sure if we should do that. What if we would like to introduce new flavors? (ie. new JDK?)

    • changed base image from jdk11-slim to jre11-slim - in theory they don't build proper JRE nowadays, but still jre-flavoured distribution is available (mostly lacking JDK sources and compiler, see 11-jdk-slim and 11-jre-slim) but it's way smaller than JDK and effective Tigase image is roughly half the size (247MB vs 444MB)

    Is groovy working? I'm asking as it requires compiler...

  • Wojciech Kapcia (Tigase) commented 5 years ago

    Well, latest is usually newest version and never should be considered stable as it may be changed (replaced with newer, even incompatible, version) without any warning. (https://vsupalov.com/docker-latest-tag/)

    "stable" as in "stable release" (i.e. general-availably as opposed to nightly). latest is just a tag that denotes the "latest release" and in case of the most popular images (mysql, postgres, mongo, redis and node) latest does seem to point to the latest stable release. Most of the time images don't even publish betas, not to mention nightlies. Hence, I'd say that renaming latest directory to nightlies (which points to our nightlies) does make sense (and seems in line with the article you shared…).

    As for "flattening" I'm not sure if we should do that. What if we would like to introduce new flavors? (ie. new JDK?)

    Then we can add it as sub-directory if (and when) needed? For example postgres follows this pattern and IMHO it makes sense.

    Is groovy working? I'm asking as it requires compiler...

    Yes, it does :-)

    There is one thing I'm slightly concerned about, namely running upgrade-schema on each startup. In principle the idea is good but, due to #server-1184, on the first startup there is na "nasty" exception, which can make for a bad impression:

    wojtek@atlantiscity.local ~/dev/tigase/tigase-xmpp-server-docker $ docker run --name tigase-server -p 8080:8080 -p 5222:5222 tigase/tigase-xmpp-server
    Upgrading database schema...
    Aug 11, 2020 1:40:19 PM tigase.db.util.SchemaManager loadSchemas
    INFO: beginning loading schema files...
    Aug 11, 2020 1:40:19 PM tigase.util.dns.DNSResolverDefault <init>
    WARNING: Resolving default host name: 493f161491be took: 16
    Aug 11, 2020 1:40:20 PM tigase.db.util.SchemaManager main
    SEVERE: Error while loading schema
    java.lang.NullPointerException
    	at tigase.db.util.SchemaManager.getDataSources(SchemaManager.java:701)
    	at tigase.db.util.SchemaManager.getRepositories(SchemaManager.java:723)
    	at tigase.db.util.SchemaManager.getDataSourcesAndSchemas(SchemaManager.java:422)
    	at tigase.db.util.SchemaManager.loadSchemas(SchemaManager.java:450)
    	at tigase.db.util.SchemaManager.loadSchemas(SchemaManager.java:630)
    	at tigase.db.util.SchemaManager.upgradeSchema(SchemaManager.java:362)
    	at tigase.util.ui.console.Task.execute(Task.java:59)
    	at tigase.db.util.SchemaManager.execute(SchemaManager.java:228)
    	at tigase.db.util.SchemaManager.main(SchemaManager.java:182)
    
    Starting Tigase XMPP Server...
    Running Tigase:
    componentInfo{Title=Tigase XML Tools, Version=4.1.0-b287/028d0a0a, Class=tigase.xml.XMLUtils}
    componentInfo{Title=Tigase Utils, Version=4.1.0-b437/a3e8f636, Class=tigase.util.ClassUtil}
    componentInfo{Title=Tigase XMPP Server, Version=8.1.0-b5641/99fb6fd4, Class=tigase.server.XMPPServer}
    componentInfo{Title=Tigase XMPP Server Distribution, Version=8.1.0-b10857/dbf58aae, Class=tigase.dist.XmppServerDist}
    [2020-08-11 13:40:20:821] [FINEST  ] [                  main ] OldConfigHolder.detectPathAndFormat(): No property file not specified! Using default one etc/init.properties
    [2020-08-11 13:40:20:905] [FINEST  ] [                  main ] OldConfigHolder.detectPathAndFormat(): Provided property file /home/tigase/tigase-server-8.1.0-b10857/etc/init.properties does NOT EXISTS! Trying to use default one etc/init.properties
    [2020-08-11 13:40:20:914] [CONFIG  ] [                  main ] ConfigHolder.loadFromDSLFiles()  : Loading configuration from file: etc/config.tdsl
    [2020-08-11 13:40:20:968] [CONFIG  ] [                  main ] ConfigHolder.loadConfiguration() : Loaded configuration:
    'config-type' = 'setup'
    http () {
        setup () {
            'admin-password' = 'tigase'
            'admin-user' = 'admin'
        }
    }
    …
    

    Of course NPE will be fixed, but this would be at best 8.1.1. I was thinking that in the startup script we could add a check whether upgrade-schema should indeed be run (either checking if this is a setup mode, i.e. 'config-type' = 'setup' or if there are dataSource's present) -- what do you think @andrzej.wojcik?

  • Andrzej Wójcik (Tigase) commented 5 years ago

    That could work and would be a clean and easy fix for the NPE.

  • Wojciech Kapcia (Tigase) commented 5 years ago

    NPE fixed and article published on blog (https://tigase.net/tigase-meets-docker/) and social media.

  • Artur Hefczyc commented 5 years ago

    Good stuff, both the article and documentation on GitHub. The only minor change I wold suggest is ports description. It would be better to specify that port 5222 is for plain and TLS connections and 5223 is for legacy SSL and the same for other ports.

  • Andrzej Wójcik (Tigase) commented 5 years ago

    @kobit 5223 is for "legacy SSL" but also for newest (and fastest) DirectTLS

  • Artur Hefczyc commented 5 years ago

    Eh, I am sooo not up to date.

    In such a case it is even more useful to add this info to the docs.

  • Wojciech Kapcia (Tigase) commented 5 years ago
  • Artur Hefczyc commented 5 years ago

    I was talking about README page on GitHub: https://github.com/tigase/tigase-xmpp-server-docker This is the first and usually the only place people look for instructions.

  • Wojciech Kapcia (Tigase) commented 5 years ago

    But what would you like to include there? explicit mention of DirectTLS? I updated documentation because it said "legacy SSL" for 5223, which was just plain wrong. On github's docker page it says "SSL/TLS connection" which seems ok.

  • Artur Hefczyc commented 5 years ago

    In the readme we have this section "Exposing ports". And for 5223 we have "connections over TLS/SSL". For 5222 there is no indication of connection type, so it may leave impression that this is only for plain text connections. So I would just update what we have to something like this:

    • 5222 - for incoming client to server XMPP connections over TLS or Plain
    • 5223 - for incoming client to server XMPP connections over DirectTLS or Legacy SSL

    and so on...

    I would be even inclined to drop "Plain" option at all from documentation as it may give impression that Tigase is not secure.

  • Wojciech Kapcia (Tigase) moved 2 years ago
    Previous Value Current Value
    tigase-private/Docker support
    tigase/_server/tigase-xmpp-server-docker
issue 1 of 1
Type
New Feature
Priority
Blocker
Assignee
RedmineID
8675
Version
tigase-server-8.2.0
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/tigase-xmpp-server-docker#11
Page is in error, reload to recover