Docker images

A Docker image is a read-only template for creating containers.

Docker images are provided by the user. The IBM® Spectrum Symphony environment mounts to the Docker container automatically, so IBM Spectrum Symphony libraries do not need to be packed into the Docker image. Third-party libraries such as Java and database drivers that service binaries depend on must be built into the Docker image. For example, to mount the JDK for Java applications:

  1. Mount the Java path in the ContainerDefinition section of the application profile:
    <mount hostDir="/pcc/app/Linux_jdk1.7.0_x86_64/" 
containerDir="/pcc/app/Linux_jdk1.7.0_x86_64" permission="rw" />
  2. Set the Java path for the service in the Service section of the application profile:
    <env name="PATH">/pcc/app/Linux_jdk1.7.0_x86_64/bin</env>

For MapReduce applications:

  1. Mount the Java path and user-defined paths, such as /opt/input in the ContainerDefinition section of the application profile; for example:
    <mount containerDir="/opt/input" hostDir="/opt/input" permission="rw"/>
<mount containerDir="/pcc/app/Linux_jdk1.7.0_x86_64" 
hostDir="/pcc/app/Linux_jdk1.7.0_x86_64" permission="rw"/>
  2. Set the Java path for the service in the Service section of the application profile; for example:
    <env name="PATH">/pcc/app/Linux_jdk1.7.0_x86_64/bin</env>

To use an image in IBM Spectrum Symphony that already contains your application, you only need to set the service startCmd to the path of the service binary that is in the Docker image.

The SIM pulls the specified Docker image into the physical host on-demand. The version of Docker image is managed by Docker; if an image in a registry was updated, compute hosts will pull the new version of image automatically while creating new containers.

There are three approaches to deploying a Docker image to compute hosts:

  • SIM tells the Docker daemon to pull the image from a Docker hub (public Docker registry) automatically.
  • SIM tells the Docker daemon to pull the image from a private Docker registry automatically.
  • SIM uses the Docker CLI command docker load to load the image from a tar file; for example:

    docker load --input="/opt/redhat63.tar"

Best practices for using Docker images in an IBM Spectrum Symphony cluster

IBM Spectrum Symphony does not provide a way to build Docker images so they must be provided by users. Service dependencies need to be installed into the Docker image. The IBM Spectrum Symphony environment and libraries will mount to containers by default. Here ares some guidelines for Docker image usage in IBM Spectrum Symphony.

To enable Docker for an existing application in cluster:
  • For CPP applications that have no third-party dependencies, any available image can run the application. The IBM Spectrum Symphony environment and service package will mount directories to containers so the service can be started directly in the container.
  • For Java applications, you need to add Java to the image (and also other third-party libraries). The Java application can then be started in the container.

If you already have a Docker image that contains the application, set the Service startCmd to the path of the service binary that is in the Docker image.

Best practices for Docker image management

  1. Each container user has a service type:

    In this case, each container user has a Docker image. Define the user name and Docker image name in ContainerDefinition for each Service section in the application profile. For a new container user, add the user (user ID should be the same as host OS user) to a new Docker image and define it in a new ContainerDefinition associated with the new service definition. Perform a dynamic application update to update the new ContainerDefinition and Service type in the SSM. Then the new container user will be available for new workload that is submitted using the new service type.

  2. All container users share a service type:

    In this case, all container users share one Docker image. Add new container users (user ID should be the same as host OS) to the shared Docker image and rebuild a new Docker image. Update the imageName in ContainerDefinition in the application profile and perform a dynamic application update to update the ContainerDefinition in SSM so that new incoming workload can use the new Docker image.

  3. Mount all host OS users to a container:

    In this case, you do not need to maintain container users in a Docker image. You only need to mount /etc/passwd to the container and the container will have the same users as the host OS users.