Working with Docker containers in patterns

If you have the Docker Pattern Type installed and enabled on the system, a Docker container software component is available that provides support for using Docker containers and Docker images in patterns.

When you deploy a pattern that includes a Docker container, the Docker host, Docker client, and Docker daemon processes are automatically installed and started on the instance. You can pass commands to the Docker client from container operations or by specifying the command in the Command attribute for the Docker container software component during pattern creation or deployment.

Note: Docker CE 17.09.1 supports only Red Hat Enterprise Linux (RHEL) 7. Therefore, be sure that the operating system node is a RHEL 7 image when you build a virtual system pattern with a Docker container. If a RHEL 6 image is selected, the virtual system pattern deployment fails.

The Docker pattern installs Docker CE 17.09.1. All required dependencies are installed on the RHEL 7.3 image, version 3.0.9.0, which is available with the Cloud Pak System group content (sometimes referred to as default data). If you use a different RHEL 7 image, some of the Docker prerequisites, such as libseccomp package, might not be available. You can still use these images if you have a Red Hat Satellite server that is deployed in the same environment profile as the deployed Docker pattern instance. The Docker pattern tries to install the missing packages by using the Red Hat Satellite server.

Specify the Docker image to use to create the Docker container in the Image attribute for the Docker container software component. Depending on your system's configuration, you can either reference images in the Docker Hub, images that were uploaded to a private Docker registry that runs on the system, or your own Docker Trusted Registry. You can also upload a .tar or .tar.gz file that contains an exported Docker image. After you select the Docker image, specify the environment variable names and values (in the Environment variables section), volume names and values (in the Volumes section), and container ports and values (in the Port Bindings section) for the selected Docker image.

You can add multiple Docker containers to the same virtual image so that they can share a Docker host. However, if you configure multiple Docker containers on a single virtual image, you must set the memory and processor limits for each Docker container in the software component attributes so that one Docker container does not use all of the available resources. If two Docker containers are configured on a single virtual image, they can share a container volume. For the first Docker container, configure a container directory that is mapped to a directory on the host. Then, on the second Docker container, specify the name of the first container (where the volume that you want to share is located) in the Data Volume Container(s) field, which is in the Advanced Options section. For example, in the attributes for the first Docker container, named Docker Container, in the Volumes section, configure this mapping:

Table 1. Configuration example for the Volumes section of the first Docker container, named "Docker Container"
container directory	host directory
`/container1`	`/container1`

Then, in the attributes for the second Docker container, specify the name of the first Docker container (which is Docker Container in this example), in the Data Volume Container(s) field in the Advanced Options section.

You can also use multiple Docker containers on separate virtual images in a single pattern. If there are multiple Docker containers in a pattern, you can link two Docker containers. For example, if one Docker container is running an application that requires a database and the other container is running a database server, you can link the two containers so that the application container can access information about the database container. To link two containers, hover over one of the containers until the blue circle turns orange. Select the circle, drag a connection to the second container until the container is highlighted, and then release.

You can add a routing policy to the virtual image that contains the Docker container to configure it for load balancing. Configure the endpoint and port, which are the URL and port that are used to access the application through load balancing, in the routing policy attributes. Set the Port in the routing policy attributes to the value that you configured for the host port in the Port Binding attribute for the Docker container. For example, if the Port Binding attributes are set with 8080 as the host port:

Table 2. Port Binding configuration example
container port	host port
`80`	`8080`

Set the Port attribute in the routing policy to 8080:

Table 3. Routing policy endpoint configuration example
Endpoint	Port
`myserver.mydomain.com/wp-admin`	`8080`

When the instance is in a Running state, the context root in the endpoint (wp-admin in the preceding example), is available on the target host port. If scaling takes place, the same policy settings are used for any new nodes that are created by the scaling process.

Restriction: SSL is not currently supported for routing policies that are used with Docker containers.

When you look at the Instance Details page for an instance that include a Docker container, you can see the details for the Docker daemon in the Middleware perspective. To view the Docker logs for a node in an instance, click the Log link in the VM Status column of the DockerDaemon row. The Log Viewer displays the logs for the node. The Docker logs are under Node > DockerDaemon > /var/log > docker. If you configured any log volumes for the middleware in the Log Volumes attribute for the software component, those logs are available on this page. For more information about managing instances that include a Docker container, see the Related Tasks.

The Docker runtime is started with default security mode. If you want to connect to a secure private Docker registry, see the Docker documentation for details on enhancing the Docker runtime security mode. For example, one option is to add a certificate to host /etc/pki/ca-trust/source/anchors, run the update-ca-trust command on the Docker host virtual machine, and then restart the virtual machine. If you want to connect to a deployed default private Docker registry for testing purposes, add --insecure-registry <registry_ip:port> to the configuration and restart the Docker host virtual machine. For example, in /etc/sysconfig/docker, add: OPTIONS=" --insecure-registry 172.18.173.132:5000 --insecure-registry 172.18.173.137:5000 --bip=10.20.42.1/24"