TANGO Docker container

mliszcz · October 7, 2015, 8:15pm

Hello,

I’ve been asked to start a thread here regarding my Docker image with a minimal TANGO installation.

The image is hosted at DockerHub:
https://hub.docker.com/r/mliszcz/tango-cs

This is an automated build, based on a Dockerfile which can be found in this repo: GitHub - tango-controls/tango-cs-docker: Dockerfile for TANGO control system Automated Build..

The image contains configured MySQL instance and a few tango-* packages, including tango-test.

Docker runs natively on all modern Unix-like systems (3.10.x kernel or better is required). To run the image, simply pull it from the repository and start a new container. I’m not going to explain here how docker works - there are a lot of tutorials available.


$ sudo docker pull mliszcz/tango-cs

$ sudo docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
mliszcz/tango-cs    latest              20134ee1249b        3 weeks ago         377.2 MB

$ sudo docker run -d mliszcz/tango-cs
c45033610a59f5b786fd0e5a80926f2074e264ad1a4df2e55dc0eb743b342b83

$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
c45033610a59        mliszcz/tango-cs    "/bin/sh -c 'service "   12 seconds ago      Up 11 seconds       10000/tcp           trusting_leakey

$ sudo docker inspect c45033610a59
// container metadata

Now you may test this image with e.g. Jive, connecting to the container (IP may be obtained with docker inspect) on port 10000.

I’m using this container for testing my TANGO-related projects. It is not suitable for production use. Going into production would require creating separate container for the database (with persistent storage), and separate container for each device server.

I hope somebody will make use of this.
Any feedback welcome.

Best regards,
Michal

agotz · October 8, 2015, 4:44am

Dear Michal,

thank you for this post. It definitely is very interesting to see Tango running under Docker. I am a complete novice to Docker but I managed to use your image without any problems. I installed the latest version of Docker, downloaded your image and ran it. Using the ip address given by docker I could set TANGO_HOST and run jive and connect to TangoTest. This is amazing!

But there are a few things I have not understood like where is the database? Is there a mysql running under docker?

I am interested if others are planning to use Docker for Tango and how. I can imagine it as a replacement or alternate way of distributing Tango especially for device servers.

Thanks for sharing this with the community. Please keep us posted of your progress.

Andy

mliszcz · October 8, 2015, 6:28am

Hi Andy,

let me give a brief overview of Docker here. Please get familiar with this link before proceeding:

There are two primary concepts in Docker world - images and containers.

Container is just a running instance of an image.
Image - kind of VM

Docker is built on top of cgroups (thus, requires modern linux kernel).
The image is just a filesystem - it shares the kernel and all devices with host OS.

For instance, my tango-cs image is just a Ubuntu filesystem, with MySQL (and a few packages) installed.

The images are immutable - can be instantiated many times, and every time you start with a clean environment.

On the other hand, containers are mutable. You can create a container from an image (docker run -it <image> /bin/bash should drop you into bash). Then, you can install any software inside that container. When you exit the bash, the container is stopped. To start it again, use docker start.

Tango image may be created like this:


$ docker pull ubuntu:trusty // pull minimal ubuntu 14.04 image (~200MB)
$ docker run -it ubuntu:trusty /bin/bash // run command `bin/bash` interactively (i) with terminal (t)
// install and configure MySQL
// install other packages
$ exit
$ docker commit -m "msg" -a "me" my-user-on-dockerhub/my-container <container id> // create image
$ docker push ... // publish image - requires account on dockerhub

The other, preferred way to build an image is to use a Dockerfile. Here is mine:

github.com/tango-controls/tango-cs-docker

Dockerfile

main

# TANGO Control System Dockerfile

FROM debian:jessie
MAINTAINER info@tango-controls.org

RUN apt-get update && apt-get install -y supervisor omniidl libomniorb4-dev libcos4-dev libomnithread3-dev libzmq3-dev libmysqlclient-dev

COPY build/bin/*                     /usr/bin/
COPY resources/tango_register_device /usr/local/bin/
COPY resources/wait-for-it.sh        /usr/local/bin/
COPY resources/supervisord.conf      /etc/supervisord.conf

COPY build/lib/* /usr/local/lib/

ENV LD_LIBRARY_PATH=/usr/local/lib
ENV ORB_PORT=10000
ENV TANGO_HOST=127.0.0.1:${ORB_PORT}

EXPOSE ${ORB_PORT}

This file has been truncated. show original

To create an image from a Dockerfile, just run
docker build -t my-user-on-dockerhub/my-container .
from where this Dockerfile is located.

This can be automated more, if you decide to use DockerHub and GitHub. Each commit to the repository with your Dockerfile
will trigger rebuilding your container (the build is handled by DockerHub). This is called ‘automated build’.

Docker images are ‘layered’. Each command inside that container creates a new layer (the same applies to each RUN statement in Dockerfile). Visualization: https://imagelayers.io/

If you want to use my image, but you need some special software installed, you may create your own image based on mine. Just run it in interactive mode, change it the way you like and then commit. Alternatively, use Dockerfile with FROM mliszcz/tango-cs:latest clause.

Michal

gphilippe · October 8, 2015, 9:26am

Thank you Michal for this complete presentation.

I will add a few remarks to some questions I saw on the mailing list and detail a point or two. It is based on my understanding but I insist on the point I am not an expert :

The MySQL server is installed on the docker container of Michal.
You can check this into the Dockerfile (tango-cs-docker/Dockerfile at main · tango-controls/tango-cs-docker · GitHub) on the line 27 :

apt-get install -y mysql-server

This Dockerfile is one of the pro of docker : it makes it very simple to understand what is installed in a container.

In comparison to virtual machine, container are lighter but less secured since crashing one container can affect others, which is not the case with two VM (launched on the same computer).

An illustration of the difference can make it easier to understand :

The mutualisation of a container is “smarter” because you only need to share differences between your image and yout host (the OS where is launched docker). Then, if another image uses same libraries or other stuff than the first image, this stuff will be shared allowing this second image to be lighter.

However, this smart memory management can lead to sharing crashes which is the major drawback of container (you can not have your cake and eat it too ;)).

It seems to me it is not a big issue if your two images are closely linked, and if one can not be usefull without ths other one. For example, you can think that your TANGO server will not be very usefull if your MySQL DB stops working.

agotz · October 8, 2015, 11:53am

How much hardware access does Docker allow? If we package TANGO device servers with docker what hardware can they access. I presume the network but what about the PCI bus, serial port, drivers ?

Andy

mliszcz · October 8, 2015, 12:26pm

[quote=“Andy”]How much hardware access does Docker allow? If we package TANGO device servers with docker what hardware can they access. I presume the network but what about the PCI bus, serial port, drivers ?
Andy[/quote]

I’ve never done that before, but check this out:

If these containers are intended to run on a single physical machine, why dont give Vagrant a try?
It comes with multi-vm orchestration support: Multi-Machine | Vagrant | HashiCorp Developer.
Docker can be used in such setup as a Vagrant provider and provisioner.

If you want to distribute containers on multiple machines, then Ansible may be a good choice (for provisioning). The problem might be with supervising such system - e.g. restarting failed containers.

bdonnette · October 9, 2015, 1:46pm

Highly interesting indeed. I am to use lxc-based containers (possibly docker, not sure yet) in another context, and for the supervision side, I would then think of a cwmp device server, as this would help on both safe deployment/upgrade, including signature if needed, usual supervision (does it still work ?), and this could open Tango to a new world, behind cwmp

zreszela · January 10, 2016, 8:09pm

Hello everyone,

I would like to join this interesting discussion and first of all congratulate to Michal his very good image configuration and his and Philippe’s introduction to Docker.

I see two possible scenarios for Tango with Docker.

First, the all-in-one image (mysql, tango-db, tango-test), exactly what Michal has already prepared. This kind of image could be very useful for automated tests as well as demonstrating purposes. We are trying to implement continuous integration for Sardana and Taurus and we plan to employ this kind of images in automated tests (see a proof-of-concept announced in this email).

On the other hand we could have one-image-per-service (one for mysql, one for tango-db, one for tango-test and others for any other device server) that more resemble a microservice application deployed with Docker. This type of setup could be simply administered with the docker commands and options but the docker-compose seems to be a better tool to orchestrate. This scenario has one difficulty due to the service dependencies. Docker-compose does not provide a health-check mechanism (at least yet, see this) and starts the containers one-by-one not waiting for them to initialize. This may cause problems if for example the mysql is not fully operational yet but the tango-db already requires it, similar case is between the tango-db and the device servers. As a workaround a starting health-check script could be added to the image, repeatedly checking the required services and only when they are ready, starting the image’s service (see example). I have checked that already in a setup with few device servers and it works well.
Another doubt that raised to me is if we need starter anymore in this scenario?

So, for the one-image-per-service scenario we could provide the following images:

tango
tango-db (based on tango)
tango-test (based on tango)
pytango (based on tango)

Then custom device server images e.g. C++ could be based on tango or Python could be based on pytango.

I would also like to know your opinion about the client applications both CLI and GUI. Do you also see them running within docker containers?

And regarding the present all-in-one image. I’m not sure if starting processes (like the mysql service) when building the docker images is 100% correct?

Cheers!
Zibi

mliszcz · January 10, 2016, 8:38pm

You mean this line?:

github.com/tango-controls/tango-cs-docker

Dockerfile

main


      
          # TANGO Control System Dockerfile
          
          FROM debian:jessie
          MAINTAINER info@tango-controls.org
          
          RUN apt-get update && apt-get install -y supervisor omniidl libomniorb4-dev libcos4-dev libomnithread3-dev libzmq3-dev libmysqlclient-dev
          
          COPY build/bin/*                     /usr/bin/
          COPY resources/tango_register_device /usr/local/bin/
          COPY resources/wait-for-it.sh        /usr/local/bin/
          COPY resources/supervisord.conf      /etc/supervisord.conf
          
          COPY build/lib/* /usr/local/lib/
          
          ENV LD_LIBRARY_PATH=/usr/local/lib
          ENV ORB_PORT=10000
          ENV TANGO_HOST=127.0.0.1:${ORB_PORT}
          
          EXPOSE ${ORB_PORT}
          
          RUN useradd -ms /bin/bash tango
          USER tango
          
          CMD /usr/local/bin/wait-for-it.sh $MYSQL_HOST --timeout=30 --strict -- \
              /usr/bin/supervisord -c /etc/supervisord.conf


RUN service mysql start && \
    apt-get update && \
    apt-get install -y tango-db tango-accesscontrol tango-test

I believe the mysql-server has to be running during the installation of tango-db.
This is because the database configuration (with debconf) is triggered after tango-db installation.
There are many solutions (like non-interactive installation and manual configuration), but this is the easiest one.

However, remember that the mysql service is running only during the execution of this particular RUN clause. It does not affect further RUN clauses in the Dockerfile/image. Only filesystem changes are persisted.

Michal

zreszela · January 11, 2016, 8:03am

Hi Michal,

I see your point. I just remember to see some publications in the internet regarding that. Since it was few months ago when I was exploring Docker I don’t have it at hand right now. If I encounter it again I will drop it here.

Cheers,
Zibi

gphilippe · April 8, 2016, 11:32am

Hi,
here is a recent article on docker in french for those who are interested : http://informatique.in2p3.fr/li/spip.php?article402

cgarino · September 30, 2020, 8:38am

Hi there,

This thread is quite old now but zreszela asked very relevant questions, left unanswered, around tango docker base images for device server (service oriented), docker orchestration and monitoring as an eventual astor / starter surrogate.

We are using tango for quite a while now and facing same kind of questions.

I would like to reactivate this discussion and share any feedback on this.

Cyrille.

ajoubert · September 30, 2020, 10:14am

Hi Cyrille

The SKA telescope project is doing a lot of work in this area. We are running everything in Docker containers, orchestrated by Kubernetes. No need for Astor. We have followed the one-image-per-service approach. We have separate base images for Tango DB, Database server, Java apps, C++ apps, PyTango apps, etc. Then individual subsystem teams across the telescope can base their work on these images, and create a new image that includes their device server application code.

The base Docker image source files are here, and the README shows the hierarchy of the containers.

We build the images using Gitlab CI, and push them to our own public repository:
https://nexus.engageska-portugal.pt

You could pull a PyTango image like this:
$ docker pull nexus.engageska-portugal.pt/ska-docker/tango-pytango

There is even more info about containers and orchestration here:

Kubernetes is great, but a friendly warning that running everything on it is not simple! There’s a steep learning curve and the platform changes rapidly. We have a whole team dedicated to managing the compute infrastructure, OS configuration, and Kubernetes.

Regards,

Anton