Prerequisites for adding the Linux Container Build Box to create the Linux containers
Recommended resource requirements
Preferred operating systems
| Operating System | Version |
|---|---|
| Ubuntu | 16+ |
| RHEL | 7.6+, 8.x |
| CentOS | 7.5+ |
Hardware requirements
| Resource | CPU | RAM | /opt | docker partition ( typically /var/lib/docker/ ) |
|---|---|---|---|---|
| Requirement | 4 cores | 16 GB | 100 GB | 200 GB |
- OmniDeq uses
/optpartition to copy the files from Host to Build Box. Verify it as follows on the Build Box.
[ssh-user@Build Box ~]$ df -lh
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 440G 34G 406G 8% / <- "/opt is part of /" and "406GB > 100GB"
Tip : You have an option on the OmniDeq UI to delete the files copied at /opt partition once the docker container is successfully built. You can use this option to make sure that the required space is always available.
- OmniDeq uses
/optpartition for its operation. Please allow the executable permissions to the folder. Verify it as follows on the Build Box.
[ssh-user@Build Box ~]$ ls -ltr /opt
drwxr-xr-x 9 root testdir 288 Sep 27 2016 X11
"x" is required which ensures the execute permission.
"d" is required which ensures that it is a directory.
Privilege Access
The user account used for connection between OmniDeq/Host machine and Build Box ( 'ubuntu' for example ) must have privilege access.
Below line can be added to /etc/sudoers for allowing connecting user to communicate without password certain commands. Please update the path for system commands like env, md5sum, etc.
ubuntu ALL=(ALL) NOPASSWD: /usr/bin/env, /usr/bin/md5sum, /usr/bin/cp, /usr/bin/mv, /opt/.ch-tools/*/*, /usr/bin/docker, /usr/bin/echo, /usr/bin/cat, /usr/bin/base64, /usr/bin/mkdir, /usr/bin/chmod -R 775 /opt/.ch-tools, /bin/chmod -R 775 /opt/.ch-tools/data, /bin/chown -R ubuntu\: /home/ubuntu/.ch-*,/bin/chown -R ubuntu\: /opt/.ch-tools/*/*/*/*/*/*, /bin/chown -R ubuntu\: /opt/.ch-tools/*/*/*/*/*, /bin/chown -R ubuntu\: /opt/.ch-tools/*/*/*/*,/bin/chown -R ubuntu\: /opt/.ch-tools/*/*/*, /bin/chown -R ubuntu\: /opt/.ch-tools/*/*, /bin/chown -R ubuntu\: /opt/.ch-tools/*, /bin/chown -R ubuntu\: /opt/.ch-tools, /bin/chown -R ubuntu\: /opt/.ch-tools/data, /bin/chown ubuntu\: /home/ubuntu/.ch-*,/opt/.ch-tools/*/*/*/*/*/*/*/*, /bin/chmod -R 775 /opt/.ch-tools/*, /bin/chmod 755 /opt/.ch-tools/*/*
SSHD server
The ssh server (sshd) must be running on the Build Box. Verify it as follows on the Build Box.
[ssh-user@host ~]$ ps ax | grep <sshd or openssh or equivalent>
Connection Method
OmniDeq and Host machine authenticates with the Build Box using the following 2 methods over ssh,
- Username and ssh key
- Username and password
The data transfer between Host machine and Build Box is over ssh using rsync.
Docker
Docker community edition version 18 or higher must be installed on Build Box. Verify it as follows on the Build Box.
[ssh-user@Build Box ~]$ docker version
Client: Docker Engine - Community
Version: 19.03.1
If not, you can refer to Docker's Official Documentation.
For reference, visit the link to install the Docker.
Docker Overlay setting
'Native Overlay Diff' flag must be set as true for the images to be created properly. Verify it as follows on the Build Box.
docker info | grep Diff
Native Overlay Diff: true
If it is set as false, please run the following command as root and set it as true. Please note the docker deamon needs to be restarted for this to take effect (already included in the command)
modprobe -r overlay && modprobe overlay redirect_dir=on && systemctl restart docker
Disable SELinux
Make sure SELinux is disabled on the Build Box. To disable please follow the below command.
$ sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux && cat /etc/sysconfig/selinux
$ setenforce 0
$ sestatus
RequireTTY
Disable requiretty for connecting user from remote machine to Build Box. If set, sudo will only run when the user is logged in to a real terminal and not via other means such as cron, cgi-bin or ssh scripts. Since OmniDeq connects to the build Box remotely without a real terminal, this flag must be disabled. This flag is off by default. Below line can be added to /etc/sudoers file.
Defaults:ubuntu !requiretty
Base Container Images Availability
The application container images are built using the standard images (e.g Ubuntu, CentOS) as base. These base images are fetched from either the public/private docker repository over internet at run time or used from the locally available images on the build box. Please ensure that
- The public/private docker repository is accessible from Build Box to download the base container image at run time without any authentication.
- Or Pre-download the base container image on Build Box in case of public/private repository requires authentication.
Uploading Docker Containers To Container Repository
If the docker container images are to be uploaded to publc repository like ECR, DockerHub please make sure that the internet access is enabled between Build Box and container repository.
Uploading to AWS ECR
If the image is to be pushed to ECR, aws-cli should be installed. Install the aws cli version 1 using the Link. After successful installation verify it as follows on the Build Box.
[ssh-user@Build Box ~]$ sudo su -
[ssh-user@Build Box ~]$ aws --version
aws-cli/1.18.100 Python/2.7.17 Linux/4.18.0-193.el8.x86_64 botocore/1.17.23
Tip : If you cannot fetch the output of above command then, add the below line to "~/.bashrc" file and save it. It will get aws binary in the path.
export PATH=$PATH:$HOME/bin:/usr/local/bin
Tip : Please make sure that repository to which docker images are be pushed is already pre-created on AWS ECR.