--- subtitle: Normal Run header-img: img/header_img/server.jpg date: 2018-03-07 09:50:12 description: Spectrum Protect Server in a Docker Container - Normal Run related: - { page: "index", title: "Containerising SP" } - { page: "firstrun", title: "Initial Container Setup" } - { page: "upgrade", title: "Upgrading SP" } - { page: "recover", title: "Recovering the SP Database" } --- # Normal Run of a Spectrum Protect Server (in a container) Updated for 8.1.9 > **NOTES**: > * The storage used in the example below is from the host file systems, passed to the container with Docker's `-v` option. > * The host was using glusterfs for the persistent storage. That same filesystem is available on mulitple docker nodes, which means I would now have a Spectrum Protect server that could float between nodes if needed! > * This implementation is using DISK or CLOUD storage pool storage. While accessing tape should be possible, I haven't explored what is required for that to work. ## Configuration Our configuration will use these defaults ```bash Helpful Variables SP_DB=/srv/sp/database SP_USER=/srv/sp/user SP_DATA=/srv/sp/data SP_IMAGE=ibm/spectrumprotect:8.1.9 ``` * **SP_DB** is where the TSM Database will be stored on the Docker Host, and will be passed to the container with `-v ${SP_DB}:/database` * **SP_USER** is where the TSM Instance user's home directory is on the Docker Host, and will be passed to the container with `-v ${SP_USER}:/tsm` * **SP_DATA** is where the TSM Disk based storage pools are stored on the Docker Host, and will be passed to the container with `-v ${SP_DATA}:/data` If data is stored in a cloud pool, then this would be where the acceleration pool is holding data before it gets sent to the cloud. Make sure that this directory is owned by your SP instance user ID that you used in the [DockerFile](/server/#Spectrum-Protect-Post-Installation) when you built the container. * **SP_IMAGE** is the name of your docker image (if you followed the instructions on this site it is `ibm/spectrumprotect:8.1.9` # Normal Run Starting SP for normal operations. `docker run --detach=true --hostname=tsm --interactive=false -v ${SP_USER}:/tsm -v ${SP_DB}:/database -v ${SP_DATA}:/data --memory=16g --ipc=host -p 1500:1500 -p 1543:1543 --privileged=true --rm=false --restart=no --tty=false --stop-timeout=300 --name=spectrumprotect ${SP_IMAGE}` ```tsm Expected Startup, viewable by doing docker log -f spectrumprotect ANR7800I DSMSERV generated at 00:18:30 on Feb 5 2019. IBM Spectrum Protect for Linux/x86_64 Version 8, Release 1, Level 7.000 Licensed Materials - Property of IBM ... ANR8200I TCP/IP Version 4 driver ready for connection with clients on port 1500. ANR2560I Schedule manager started. ANR2825I License audit process 1 completed successfully - 0 nodes audited. ANR0985I Process 1 for AUDIT LICENSE running in the BACKGROUND completed with completion state SUCCESS at 04:09:10. ANR0993I Server initialization complete. IBM Spectrum Protect:SERVER1> ``` You should now be able to connect with the Admin Client. > **NOTES**: > * For Spectrum Protect you need to use `--privileged=true`. From what I have worked out, DB2 needs this. I did find some notes on DB2 in docker [here](https://www.ibm.com/developerworks/data/library/techarticle/dm-1602-db2-docker-trs/index.html), and tried these options without using `--privileged=true` but DB2 still reported some errors. > I don't think it is an issue running SP in privileged mode, but if you do find a solution to have it run without full privileges, I would be interested ;) The link above has some important tips regarding DB2 memory and the `--memory=` setting. > * When defining your DISK based storage pools (or STGPOOLDIR for your cloud pools), remember the path to your "data" is `/data` inside the container. If you use another path, you will loose that data when the container is destroyed. > * You should be able to run many SP instances on the same host (or swarm) even at different version levels. In container, they can all respond to port 1500, and outside the container, they'll need to have unique ports EG: `-p 1501:1500`, `-p 1502:1500`, etc. (Just remember to think about resource requirements and potential resource contention.) > * Use the same `--hostname=` setting that you used when running the *init* steps above. DB2 is sensitive to hostname changes. > * Spectrum Scale makes a great persistent storage file system for Docker containers, and gives you great options for Spectrum Protect. For example, you could move SP to different hosts very easily (stop on hosta, start on hostb - if both hosts see the same Spectrum Scale file system and your database/data are on it). > * Starting with 8.1.8 - Spectrum Protect needs some kernel tuning with regards to semaphores, etc. So, I use `--ipc=host` so that the container uses the hosts semaphore configuration, and I use the following configuration: > ```kernel.msgmax = 65536 kernel.msgmnb = 65536 kernel.msgmni = 131072 kernel.sem = 250 1024000 32 4096 kernel.shmall = 18446744073692774399 kernel.shmmax = 18446744073692774399 kernel.shmmni = 32768``` # Shutting down Spectrum Protect By Default when you issue a `docker stop` command, docker, gives the container 10 seconds (the default) for all processes to exit. If, that hasnt happened, then the docker host will send a `SIGKILL` to all the processes left. Spectrum Protect will correctly handle the `SIGTERM` sent by docker, but it may take more than 10 seconds to shutdown. You can start your container with a `--stop-timeout` set to a larger value, if you want docker to shutdown Spectrum Protect. Instead, of using docker stop, I **strongly** recommend you connect with the admin client, and issue `HALT` instead. This way, you can make sure that Spectrum Protect is not doing something important first (using `Q SESSION` or `Q PROCESS`). When Spectrum protect has finished halting, the container will stop.