Instantiate docker containers using docker run (sys-admin nomination required)

1. Prerequisites

The user has to be registered in the IAM system for INFN-CLOUD https://iam.cloud.infn.it/login. Only registered users can login into the INFN-CLOUD dashboard https://my.cloud.infn.it/login.

The access to the INFN-CLOUD dashboard enable the user to instantiate the Run docker application.

2. User responsibilities

Important

The solution described in this guide consists of running users’ own containers on top of the Virtual Machine instantiated on INFN-CLOUD infrastructure. The instantiation of a VM comes with the responsibility of maintaining it and all the services it hosts.

Please read the INFN Cloud AUP in order to understand the responsibilities you have in managing this service.

3. How to deploy a container with Run docker

Run docker is an implementation of Docker aimed to deploy docker containers.

Step 1 - Connecting and authenticating to the INFN-CLOUD dashboard

Connecting to the INFN-CLOUD dashboard (https://my.cloud.infn.it/, see Fig. 1), the user can authenticate with the credentials used for the IAM account (https://iam.cloud.infn.it/login, see Fig. 2) in order to access the dashboard.

Figure 1: INFN-CLOUD welcome dashboard

Figure 1: INFN-CLOUD welcome dashboard

Figure 2: INFN-CLOUD IAM login

Figure 2: INFN-CLOUD IAM login

Step 2 - Select and Configure the Run docker deployment

Note

Before to continue user has to upload the public (asymmetric) SSH key into the dashboard. The pair public_key and IAM_username will be used to login into the VM. Alternatively, you can generate your own public-private key pair. For more detail visit the section Getting started.

Note

If you belong to multiple projects, aka multiple IAM-groups, after login into the dashboard, from the bottom left corner, select the one to be used for the deployment you intend to perform. Not all solutions are available for all projects. The resources used for the deployment will be accounted to the respective project, and impact on their available quota. See Figure 3-1 for detail.

Figure 3-1: INFN-CLOUD Dashboard: Selection of IAM group

Figure 3-1: INFN-CLOUD Dashboard: Selection of IAM group

After login into the dashboard, select the “Run docker” card in the service catalog and click on the Configure button.

Figure 3-2: INFN-CLOUD Dashboard: Selection of "Run docker" application

Figure 3-2: INFN-CLOUD Dashboard: Selection of “Run docker” application

A menu is made available, as in the figure below, and you have to choose the configuration of the docker storage:

Storage options

Figure 3-3: Storage options

The first choice gives the possibility to configure the docker storage on the VM root filesystem, while the second one gives the possibility to attach a volume of a specified size and configure the docker storage to use it. Select the one you are interested in.

You will be redirected to the deployment setting window (see Fig. 4), where the user has to fill the different parameter fields to submit the deployment. All deployments have a mandatory field Description that needs to be defined before submitting the deployment. The other fields are briefly explained hereafter.

“Configuration” TAB

Here one needs to fill the following required mandatory fields:

  • num_cpus: number of virtual cpus for the VM
  • mem_size: amount of memory for the VM
  • docker_appname: name to be assigned to the container
  • docker_image: name of the image used to create the container
  • docker_tag: tag of the image used to create the container
  • ports_mapping: list of ports to publish from the container to the host. Use docker CLI syntax: 8000, or 9000:8000, where 8000 is a container port, 9000 is a host port
  • docker_command: command to execute when the container starts (optional)
  • service_ports: ports to open on the VM to access the service(s). By default only SSH port (22) is opened. Please consult INFN Cloud Rules of participation <https://baltig.infn.it/infn-cloud/policies_and_procedures/-/raw/master/Rules_of_Participation_latest.pdf?inline=true> the “Networking” section in order to see what are the ports that you can specify in this field. If the port you intend to use is in the list of closed-ports, you have to formally request its opening and motivate the request by following the How To: Request to open ports on deployed VMs <../../general/manage_ports.html>
  • environment_variables: docker environment variables (key,value pairs)
Figure 4-1: Run docker deployment settings

Figure 4-1: Run docker deployment settings

“Advanced” TAB

Some advanced parameters can be configured here:

  • Scheduling: set automatic (recommended) or manual (perform a direct submission towards one of the providers available) scheduling
  • Creation timeout (minutes): amount of time to wait until the deployment should be considered failed
  • Failure policy: delete, or not, the deployment in case of failure
  • E-mail: send, or not, a confirmation email when deployment is complete
Figure 4-2: Run docker advanced settings

Figure 4-2: Run docker advanced settings

Step 3 - Submitting the Run docker Deployment

After submitting the deployment, the user is redirected to the deployment list (as shown in Fig. 5). Once successful deployment completion, the user can reach the deployed Run docker application by using the links made available in the deployment list:

  • by clicking to the Deployment identifier
  • by clicking to the Details button at the end of the row
Figure 5: User deployment list

Figure 5: User deployment list

On successful completion (“CREATE_COMPLETE”), you can check your deployment outputs by clicking on the “Details” button and then on the “Output values” Tab. Use the reported IP address (see figure below) and the ports you defined at submission time to connect to the services you deployed. In order to check the status of the containers use “sudo”.

Output values