Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 54 Next »

Preparing container runtime

Deploying software as containers requires a container runtime. This documentation provides the required information. It also provides examples for docker container runtime.

Installation of docker or another container runtime following Open Container Initiative (OCI) standard is prerequisite for deploying tia Core as container.

Images for deployment of tia Core are stored at https://images.docker.kgs-cloud.de .

An account is required. It is provided for licensed installations via kgs Customer Support.

On this image hub images are available no older than tia® Content Server core Version 2.1.0.

Example preparation with docker container runtime:

docker login https://images.docker.kgs-cloud.de

Docker will prompt for user and password.

Deploying tia Core

Deploying tia Core requires the following:

  • repository.cfg file. A default repository.cfg file is attaches below, which is suitable for test systems only. For repository configuration settings refer to Repository-wide settings.

  • license file. This file is provided by kgs.

In addition, decide about these settings depending on your requirements:

  • <Name> : Give the tia Core container a custom name. This name is also the application context name.

  • <Hostport> : Listener port on host that forwards to the <Containerport>.

  • <Containerport> : Listener port on the container. This is always 8080.

  • <Folder> : The location on host system where the repository.cfg resides.

  • <License folder> : The location on host system where the license file resides. For more information refer to Location of the license file .

  • <Loglevel> : The log level sets the verboseness of the log writing. Valid are: OFF; ERROR; WARN; INFO orDEBUG.It is recommended to use ERROR or WARN in production environments and WARN or INFO in test systems. Set DEBUG level only when being ask be kgs Customer Support. For more information on logging refer to Logging .

  • <BcryptHash> : To login to the tia Status UI, a password is required that when being hashed must match this value. For more information refer to tia® Status UI Authentication .

  • <Product> : The tia Core product to be deployed: saphttp , cmis

  • <Version> : The version of tia Core to be deployed. kgs recommends to use the latest available version. For this use latest.

Fill in the values into the docker run command below:

docker run --name <Name> -p <Hostport>:<Containerport> -v data_volume:/temp/data  -v <License folder>:/application/config/license/ -v <Folder>/repository.cfg:/application/config/repository.cfg -e LOGGING_LEVEL_ROOT=<Loglevel> -e WEBAPP_SECURITY_AUTH_BASIC_PASSWORD="<BcryptHash>" -d docker.kgs-software.com/tia/core/<Product>:<Version>

Example:

docker run --name tiacore-AL -p 8080:8080 -v data_volume:/temp/data  -v ./tiacore/license:/application/config/license/ -v ./tiacore/repository.cfg:/application/config/repository.cfg -e LOGGING_LEVEL_ROOT=INFO -e WEBAPP_SECURITY_AUTH_BASIC_PASSWORD="\$2a\$10\$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e" -d images.docker.kgs-cloud.de/tia/core/saphttp:latest

Explanation:

Command

Task

docker run

Start the container

-d

run as daemon instead of in foreground

--name {APPLICATION NAME}

gives the container a free choosable name while running (for easier access later).

Hint: You can start multiple instances of the same containers with different ports and different names.

Example:

--name tia-contentserver

-v {HOST_VOLUME}:{CONTAINER_VOLUME}

Maps a host directory into the file system of the container.

This way files are permanently stored even after the container is destroyed, and configuration files can be edited and maintained at the host.

Hint: When host is running Windows, the path may contain drive letter with colon ( : ) and backslashes ( \ ). Use quotation marks and double the backslash to allow correct interpretation.

E.g.: -v "G:\\host\\location":/container/location

-p {HOST_PORT}:{SVC_PORT_IN_CONTAINER}

Maps the host port to the port in the container.

Our Software runs on 8080 inside the container, therefore you always want to map your arbitrary host port to 8080.

Sample:

-p 8080:8080

{IMAGE NAME AS LAST PARAMETER}

The Image to run

Step 1 needed to be complete

Example:

images.docker.kgs-cloud.de/tia-documentrouter/tia-documentrouter

How to access the tia Core WebUI:

After the container has successfully started und is running, access the Status UI via the web browser http://<hostserver>:<hostport>

Login with your combination of username (default:admin) + password

How to connect SAP to tia Core contentserver:

use the transaction code OAC0 to create the repository T1

specify the required connection information for your tia core contentserver

  1. perform the connection test → the result should be as following

  1. send out the sap certificate to the tia core contentserver

Congratulations, you are now able to use tia core for archiving documents via ArchiveLink (smile)

Configuration:

Docker command:

This parameter -v data_volume:/temp/data is only required when data are stored in /temp/data. When you plan to use other storages (like S3) you no not need these parameter. For different location modify repository.cfg and the command accordingly.

Environment Variables

CONFIGDIRECTORY

Directory where repository.cfg is expected. Default is “/application/config/“

LOGGING_LEVEL_ROOT

Log Level for core of tia. Default is “Debug”. Recommended for Production is “WARN” or “ERROR”.

LOGGING_CONFIG

Point to a logback configuration to overwrite the default one. To set the log entry output to JSON format use the value “/application/config/json-logback.xml“. This is recommend for cloud environments.

WEBAPP_SECURITY_AUTH_BASIC_PASSWORD

Set Password for Status Webapp with bcrypt. Password “admin” for testing: $2a$10$5E1KpGIKSq6xuWmGf92bheB17V0l4fEMnVmYPqhWiazKddcx1TF/e

TIA_LICENSE_PATH

Path to the license file (if different from /application/config/license/)

You can overwrite these with -e <key>=value


HTTPS terminated in Container

HTTPS requires a Certificate (public or self-signed) in stored as pkcs12 format. The file needs to be mapped into the container.

Environment Variables

server.ssl.key-store-type

JKS or PKCS12 is supported. PKCS12 is preferred.

server.ssl.key-store

Location of the keystore

server.ssl.key-store-password

Password for the keystore

server.ssl.key-alias

Alias for the certificate in the pkcs12 store

server.ssl.enabled

use “true“ to expose the configured port (default 8080) as https port

Example

Create a keystore with a self signed certificate or skip this step with existing certificate:

keytool -genkeypair -alias kgs -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore kgs.p12 -validity 3650

Map the file in the container:

-v ./tiacore/kgs.p12:/application/kgs.p12

Add to environment variables:

server.ssl.key-store-type: PKCS12
server.ssl.key-store: /application/kgs.p12
server.ssl.key-store-password: test1234
server.ssl.key-alias: kgs
server.ssl.enabled: true

FAQ

 I do not want log files inside my container (for tia® Content Server core < 2.6.0 )

This is no longer required for tia® Content Server core 2.6.0 or higher

  • Use e.g this log4j2.xml without file appender


Map it to the container with -v <Folder>/log4j2.xml:/application/config/log4j2.xml

And set environment variable for the container -e LOGGING_CONFIG=/application/config/log4j2.xml

 I want to use ILM or SAPHTTP?

Both is available on Nexus/Harbor

 I want to check the container logs

You can do that with the following command 

sudo docker container logs [container name / or / container-id]
 Is respository.cfg shared?

In the example repository.cfg is shared when mutiple container use the same repository.cfg. Change one and restart container so that new repository.cfg works for both.

 Where is the tomcat?

Tomcat is now embedded and maintained by kgs.

 How do I update a container

Pull the new image sudo docker pull [docker_image]

Find the ID of the running container sudo docker ps

Stop Container sudo docker stop [container_id]
Remove Container sudo docker rm [container_id]

Start Container docker run -p 8080:8080 -v data_volume:/temp/ -v <Folder>/repository.cfg:/application/config/repository.cfg -d docker.kgs-software.com/tia/core/cmis:<Version>

 Are there files or directories that need to be mapped in the container and need to be permanent with read/write access?

  • Yes, but it depends on your configuration.

    • tia® Content Server core requires a metadata directory (<repo>.configdata.filesystem.root)

    • tia® Content Server core can require a keystore, when you configure it, make sure this file is available for all

      • <repo>.keystoreservice.pkcs12.name

      • <repo>.keystoreservice.pkcs12.path

    • tia® Content Server core requires a temp directory to cache files it is /tmp there are only temporary files stored for short time.

  • No labels