Instantiate docker containers using docker run (sys-admin nomination required)
1. Prerequisites
The user has to be registered in the IAM system for INFN-CLOUD https://iam.cloud.infn.it/login. Only registered users can login into the INFN-CLOUD dashboard https://my.cloud.infn.it/login.
The access to the INFN-CLOUD dashboard enable the user to instantiate the Run docker application.
2. User responsibilities
The solution described in this guide consists of running users' own containers on top of the Virtual Machine instantiated on INFN-CLOUD infrastructure. The instantiation of a VM comes with the responsibility of maintaining it and all the services it hosts.
Please read the INFN Cloud AUP in order to understand the responsibilities you have in managing this service.
3. How to deploy a container with Run docker
Run docker is an implementation of Docker aimed to deploy docker containers.
Step 1 - Connecting and authenticating to the INFN-CLOUD dashboard
Connecting to the INFN-CLOUD dashboard (https://my.cloud.infn.it/, see Fig. 1), the user can authenticate with the credentials used for the IAM account (https://iam.cloud.infn.it/login, see Fig. 2) in order to access the dashboard.
Step 2 - Select and Configure the Run docker deployment
Note
If you belong to multiple projects, aka multiple IAM-groups, after login into the dashboard, from the bottom left corner, select the one to be used for the deployment you intend to perform. Not all solutions are available for all projects. The resources used for the deployment will be accounted to the respective project, and impact on their available quota. See Figure 3-1 for detail.
After login into the dashboard, select the "Run docker" card in the service catalog and click on the Configure button.
A menu is made available, as in the figure below, and you have to choose the configuration of the docker storage:
The first choice gives the possibility to configure the docker storage on the VM root filesystem, while the second one gives the possibility to attach a volume of a specified size and configure the docker storage to use it. Select the one you are interested in.
Select either Automatic or Manual scheduling as shown below:
In the first case, the Orchestrator will take care of choosing the best available provider, in the other case it will be performed a direct submission towards one of the providers available, to be selected from the drop-down menu. In the case of manual scheduling, the flavors displayed on the next page will be those offered by the chosen provider.
You will be redirected to the deployment setting window (see Fig. 4), where the user has to fill the different parameter fields to submit the deployment. All deployments have a mandatory field Description that needs to be defined before submitting the deployment. The other fields are briefly explained hereafter.
"Configuration" tab
Here one needs to fill the following required mandatory fields:
docker_appname: name to be assigned to the containerdocker_image: name of the image used to create the containerdocker_tag: tag of the image used to create the containerports_mapping: list of ports to publish from the container to the host. Use docker CLI syntax: 8000, or 9000:8000, where 8000 is a container port, 9000 is a host portdocker_command: command to execute when the container starts (optional)service_ports: ports to open on the VM to access the service(s). By default only SSH port (22) is opened. Please consult INFN Cloud Rules of participation the "Networking" section in order to see what are the ports that you can specify in this field. If the port you intend to use is in the list of closed ports, you have to formally request its opening and motivate the request by opening a support ticket.environment_variables: docker environment variables (key-value pairs)
"Advanced" tab
Some advanced parameters can be configured here:
- Creation timeout (minutes): amount of time to wait until the deployment should be considered failed
- Failure policy: delete, or not, the deployment in case of failure
- E-mail: send, or not, a confirmation email when deployment is complete
Step 3 - Submitting the Run docker Deployment
After submitting the deployment, the user is redirected to the deployment list (as shown in Fig. 5). Once successful deployment completion, the user can reach the deployed Run docker application by using the links made available in the deployment list:
- by clicking to the Deployment identifier
- by clicking to the Details button at the end of the row
On successful completion (CREATE_COMPLETE), you can check your
deployment outputs by clicking on the "Details" button and then on the
"Output values" Tab. Use the reported IP address (see figure below) and
the ports you defined at submission time to connect to the services you
deployed. In order to check the status of the containers use sudo.
If the creation of a deployment fails, an additional option (retry) is introduced in the dropdown menu, allowing the user to resubmit the deployment with the same parameters:
If the deletion of a deployment fails, resulting in the status being set
to DELETE_FAILED, the "delete (force)" button is displayed in the
list of available actions, allowing the user to force the deletion of
the deployment:
