Update the variable *docker_image_tag *using variable precedence to target environments, groups and servers.
Place the Dockerfile and all supporting build files in the folder.
The high level process for updating a Docker image is as follows:ĭevelop the Dockerfile for the service ( ).Ĭreate a new version folder (under files/docker//) in the role that is provisioning the service in the aemdesign-deploy project. NOTE: These images will be migrated to aemdesign-docker and will be available on Roleĭocker-image-oracle-jdk/files/docker/oracle-jdk The following convoy command output demonstrates the ‘wrapping’ of the Device Mapper i.e. Docker calls the Convoy API as part of the container lifecycle API to create and delete Docker volumes. Convoy Volume PluginĪs Convoy is configured as a Docker volume plugin, it is not required to use the ‘convoy’ command line tool. The service is installed via the Virtual Machine Project project in the script ‘aemdesign-vm/scripts/devops/docker-install.sh’. This command returns unused blocks to the thin pool.ĭocker is configured to manage applications using thin pool volume data management via Convoy. The thin pool can ‘ zero out’ the data block but this is a performance concern as a delete will incur a corresponding write operation.Ī recommended way to ensure unused blocks are eventually released, is to schedule a regular job to execute the command *‘fstrim’** *on the mounted file systems. The security concern is as blocks are marked as unused, the blocks may contain sensitive data that can be read by another process when released. This is by design as a security and as a performance concern. Thin Volume ManagementĪs the Docker containers write and delete data in the logical volumes, blocks allocated by the thin pool are not released immediately. The Docker containers in the AEM Platform are configured to use Convoy to manage their data. Convoy is a Docker Plugin that wraps a thin pool backed by the kernel level Device Mapper (NOTE: Red Hat Device Mapper documentation : ). Details on the installation can be found ‘ aemdesign-vm/scripts/devops/docker-install.sh’.Įach server is configured with Convoy (NOTE: Convoy project home: ) which is used in Docker as a volume plugin. Thin PoolĪ Thin Pool named ‘rhel’ is configured in the aemdesign-vm project as part of the initial Docker installation. The IPTables rules for applications that are installed as services on the operating system are required to be defined. The Docker service will forward packets from the statically assigned IP network interface eth0 to the network interface docker0 *that binds to the Docker bridge network (under the Virtual Machine Project and in the file *aemdesign-vm/scripts/devops/firewall.sh) The configuration of IPTables is not strictly required for the Docker containers that bind to the host IP and port. The role ‘server-iptables’ automates the application of the configuration in the Using the IPTables service (NOTE: ) of the Red Hat Product Information.
0 kommentar(er)
