iRODS Demos – iCAT + iDrop-web + Docker (Part 2)

Note: Cloud Browser has superseded all iDrop Web development. While we don’t have an updated Docker container for this yet, please see this blog post or Github for information to help you get started.

In my previous post, I showed how to get a Docker container with an iCAT and iDrop-web server up and running. As promised, in this post, I go through the Dockerfile line-by-line, in case the comments in the file don’t provide quite enough detail. I have omitted blank lines. Otherwise, this is the entire Dockerfile.idrop as of commit e89b99b615.

Update: February 2, 2015: The Docker containers have been updated since this post was written. See this new post for details.

December 4, 2014: I’ve updated this post to show the present state of the github repo, commit ffbf25191c. We are now downloading iRODS version 4.0.3 rather than version 4.0.2, and I’ve updated the iDrop Web 2 pointers to a provisionally stable location.

Start with the Ubuntu 14.04 Docker image. This is the definitive minimal Ubuntu installation, checked in to Docker Hub.

(That’s me.)

Bring the Ubuntu package repository up to date.

For some reason, the locale doesn’t appear to get set automatically. I’m not certain if this is a Docker- or an Ubuntu image-related issue.

This is the first set of packages I wanted to get installed. These are necessary for the rest of the Dockerfile, even if the iRODS dependencies change.

Set up a working directory for SSHd, the SSH server.

Set up Supervisor. Supervisor is a single process that controls all of the other services we need to run: sshd, tomcat, nginx, and irods-server. Note I’m adding two supervisord.conf files. The /etc/supervisor/supervisord.conf specifies general runtime options–at one point, I thought I needed to allow the iRODS setup script to run control Supervisor. I may be able to omit this file in the next update. The /etc/supervisor/conf.d/supervisord.conf specifies particular options and commands for the services we are setting up.

By default, the only user in the container is root. This block creates an admin user, which by default has sudo privileges.

Get the .deb packages from

Ordinarily, we can run “dpkg -i” on the iRODS packages and then run “apt-get -f install” afterward to install any dependencies. However, “docker build” quits if it encounters any errors. So, we need to identify the dependencies using “dpkg -I” and install the dependencies before installing the iRODS packages.

At one point, I had the iRODS script using supervisorctl to start the irodsserver process. That is no longer the case, and I believe I can remove these lines now.

This block of script sets up the iCAT database. Note that postgresql gets started and the database writes get executed on the same command line. They cannot be separated because all running processes are terminated between command line executions. Note that I had to specify the character encoding (UTF8), whereas this is typically done by default. is the command that supervisor uses to start the iRODS server. Supervisor can only start interactive (i.e., not daemon) processes, so we can’t use “irodsctl start” to bring up the server.

Run the iRODS script using the “dbresp” file as the set of inputs to the script.

During the “docker build” process, Docker changes the hostname after each command is executed. When ran, it set
the hostname in irodsEnv. For convenience, we will change this to localhost. Note that also set up the default storage resource with the same hostname. There is a line in the “” script below that fixes this.

Set up Tomcat (application server) and Nginx (http server).

Tomcat throws warnings if these directories aren’t there. sets some environment variables and starts the Tomcat server. It is used by Supervisor. server.xml has been modified from the default to set up port 8443 as an https port, using autogenerated keys.

RUN /usr/lib/jvm/java-6-openjdk-amd64/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/ssl/.keystore
Generate (not quite fake) SSL keys. keyresp contains the responses to the keytool dialog.

Bring in the idrop-web configuration file.

ADD ./idrop/ /home/admin/
RUN chmod a+x /home/admin/ rewrites idrop-web-config2.groovy at runtime to make idrop-web refer back to the host machine’s hostname and the appropriate re-directed TCP ports. We set default values in case these variables are not exported on the “docker run” command line.

Put the idrop-web files in the container.

Add, which executes run-time configuration and starts the SSH, Tomcat, Nginx, and iCAT server processes.

Expose the TCP ports for SSH, HTTP, HTTPS, and iRODS.

Start Supervisor on “docker run”.