--- title: Server header-img: img/header_img/server.jpg date: 2018-03-07 09:50:12 description: Spectrum Protect Server in a Docker Container related: - { page: "firstrun", title: "Initial Container Setup" } - { page: "normalrun", title: "Normal Run of Container" } - { page: "upgrade", title: "Upgrading SP" } - { page: "recover", title: "Recovering the SP Database" } - { page: "runoc", title: "Running OC in a container" } --- # Putting Spectrum Protect into a Container Updated *Tested with Spectrum Protect 8.1.8!* Just replace any reference to 8.1.7 with 8.1.8! (These instructions as based on Spectrum Protect 8.1.7. References to *SP* means Spectrum Protect.) > **NOTES** > * Depending how your storage volumes are provisioned to running containers, you may need to increase the "default size" of a provisioned volume. For example if your storage driver is `devicemapper` then the default volume size `Base Device Size` may be 10GB, which wont be enough for a SP installation. You will need to increase it to at least 15GB - details on how to do that are outside of the scope of this document. > * Also make sure your host has sufficient memory to perform the build - SP requires at least 12GB of RAM to pass the installation logic. I actually perform the build on an iMac with 16GB of memory allocated to Docker. It is also using the `overlay` storage driver, which means the size of the volume the build container gets is the available free capacity of my `/Users` mount point. > * The accompanying files for this build are available in my [gitlab](http://dev.leenooks.net/deon/spdocker/tree/master) > * And lastly, most importantly, running SP in a container is **not officially supported by IBM** - so you cannot make a help-desk call about having problems. Technically it should work without problems, but if you are experiencing a problem, be prepared to recreate your environment on a physical host and validate that your problem still exists (and thus not a result of Docker or the implementation on Docker). ## Create your Dockerfile As at the time of writing these instructions, Red Hat Linux is not available in the Docker hub - but CentOS is a good clone. We'll use it ### Image preparation ```Dockerfile FROM centos:7 ``` Next we need to install some dependencies - these are documented in the [Knowledge Center](https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.7/srv.install/r_srv_lnx_sysreq_inst_x-linux.html) as a requirement for running SP on Linux. You might like to check to make sure these are still all that is required for newer releases of SP. ```Dockerfile RUN yum -y install http://yum.leenooks.net/CentOS/7/base/redhat-release-7-6.el7.centos.12.2.x86_64.rpm \ libaio \ ksh \ compat-libstdc++-33 \ numactl && \ yum clean all && rm -rf /var/tmp/* ``` **NOTE**: During the installation of SP, it tests to make sure it is running on RedHat Linux by testing the existence of an RPM package `redhat-release`. The redhat-release installed on line 1 is a fake RPM package - it installs no files, but just emulates the existence of that required RPM package. ### Spectrum Protect Installation Now copy in our silent install configuration files. These files are based on the silent install XML files that come on the installation media. Some details on these files are also in the [Knowledge Center](https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.7/srv.install/t_srv_inst_silently-linux.html) ```Dockerfile COPY install.xml install-fp.xml /tmp/ ``` > **NOTES** > * We only include the silent install configuration files here - not the installation media, otherwise the size of the resulting Docker image is too big. Current versions of `docker build` do provide the ability to "flatten" the resulting container, but those instructions are outside the scope of this tutorial. > * The `install.xml` file performs an installation of the server, with the license libraries/files. You need this when you install a licensed version of Spectrum Protect. > * The `install-fp.xml` file performs an installation of the server WITHOUT the license libraries/files. Since fixpacks (from fixpack central) dont includes the license files, we need to use this file during the install of fixpacks. > * TIP: If you download the server package from the IBM http site (which doesnt include the license libraries/files), you can use this `install-fp.xml` file during the install to create a 90 day trial! Next, is performing a silent installation of SP. ```Dockerfile RUN SOURCE_URL=http://YOUR_SITE_URL_HERE && \ mkdir -p /tmp/build/base && cd /tmp/build/base && \ curl -SL ${SOURCE_URL}/SP_8.1_LIN86_SER_STG_ML.bin > tsm && chmod +x tsm && ./tsm && rm -f tsm && \ ./install.sh -s -input /tmp/install.xml -acceptLicense && \ rm -rf /tmp/build/base && \ mkdir -p /tmp/build/patch && cd /tmp/build/patch && \ curl -SL ${SOURCE_URL}/8.1.7.000-IBM-SPSRV-Linuxx86_64.bin > tsm && chmod +x tsm && ./tsm && rm -f tsm && \ ./install.sh -s -input /tmp/install-fp.xml -acceptLicense && \ rm -rf /tmp/build /tmp/install*xml ``` **NOTE**: Some information on what is occurring here. * This is an "new install" (lines 1-5) then followed by an "upgrade" (lines 6-8). The reason for the new install first, is that the Spectrum Protect license files and license libraries are not available in upgrades (from Fix Central). So you'll need to install from your downloaded media from Passport Advantage, and then upgrade it to the latest release from Fix Central. If you sourced your installation media from Passport Advantage, then the license files and libraries are probably in that installation media, you can exclude lines 6-8. * To avoid the resulting Docker Image being too large, we download the installation media from a web server (Line 3) and then delete it after it has been expanded. We also do the same for up upgrade package (line 7). * Lines 4 and 8 are silent installation methods for install SP and applying updates. * Lines 5 and 9 delete any installation files to reduce the size of the resulting Docker Image. ### Spectrum Protect Post-Installation Now we set our user environment that will ultimately run SP ```Dockerfile ENV USER=tsm USERDIR=/tsm USERID=201 GROUPID=201 ``` **NOTE**: You can set these according to your enterprise policy. `USERDIR` will ultimately need to be persistent storage using your favourite storage provisioning methodology. I generally host mount when starting the container using `-v /host/path/user:/tsm` and it works well. I have used some 3rd party persistent storage offerings, however, they often have not worked. While I haven't explored in detail why not, I suspect it is because of Direct IO calls being made by DB2 and those 3rd party offerings not supporting those system calls. Now we create our user ```Dockerfile RUN groupadd servers -g ${GROUPID} && useradd -d ${USERDIR} -u ${USERID} -g ${GROUPID} -s /bin/bash ${USER} ``` Copy some default Server configuration files in place ```Dockerfile COPY dsmserv.opt tsmdbmgr.opt ${USERDIR}/ COPY dsm.sys /opt/tivoli/tsm/server/bin/dbbkapi/ RUN chmod a+r /opt/tivoli/tsm/server/bin/dbbkapi/dsm.sys ``` We'll now do some post installation setup, first create the DB2 instance for our user and change the default directory for the database to be the same as the instance directory for the server. ```Dockerfile RUN /opt/tivoli/tsm/db2/instance/db2icrt -a server -s ese -u ${USER} ${USER} && \ mkdir -m 750 /database && \ chown ${USER}:servers /database /tsm/dsmserv.opt /tsm/tsmdbmgr.opt && \ su ${USER} -lc "db2 update dbm cfg using dftdbpath ${USERDIR} && db2set -i ${USER} DB2NOEXITLIST=ON" ``` **NOTE**: Keep all these commands on one RUN line otherwise the `db2 update dbm` command will fail with an `SQL6031N` error. Setup sqllib/userprofile ```Dockerfile RUN su ${USER} -lc "echo setenv LD_LIBRARY_PATH /opt/tivoli/tsm/server/bin/dbbkapi:/usr/local/ibm/gsk8_64/lib64:\\\$LD_LIBRARY_PATH >> sqllib/usercshrc && echo export LD_LIBRARY_PATH=/opt/tivoli/tsm/server/bin/dbbkapi:/usr/local/ibm/gsk8_64/lib64:\\\$LD_LIBRARY_PATH >> sqllib/userprofile && echo export DSMI_CONFIG=${USERDIR}/tsmdbmgr.opt >> sqllib/userprofile && echo export DSMI_DIR=/opt/tivoli/tsm/server/bin/dbbkapi >> sqllib/userprofile && echo export DSMI_LOG=${USERDIR} >> sqllib/userprofile" ``` When SP starts on a new install, there are no ADMINs defined, so here is a macro to help us. ```Dockerfile COPY admin.macro /tsm/ ``` ### Final Docker Image Parameters And our final Docker Image settings for when our container starts. ```Dockerfile COPY init /sbin/ EXPOSE 1500 1543 VOLUME [ "${USERDIR}","/database","/data" ] ENTRYPOINT [ "/sbin/init" ] CMD [ "start" ] ``` ### Set your container timezone (optional) If you want your running container to be in your timezone, then add this to your Dockerfile ```Dockerfile # Set out local time RUN ln -sf /usr/share/zoneinfo/Australia/Melbourne /etc/localtime ``` **NOTE**: This will set your timezone to Melbourne, Australia - naturally, choose the appropriate Country/City for your timezone. ## Build your Image A complete Dockerfile is available [here](http://dev.leenooks.net/deon/spdocker/blob/master/Dockerfile) if you need one as a starting point. Once you have your images loaded on a web server, and the supporting build files run `docker build -t ibm/spectrumprotect:8.1.x .` If your final build is successful, you should see a Docker Image that is about 3GB. ```plain REPOSITORY TAG IMAGE ID CREATED SIZE ibm/spectrumprotect 8.1.7 b56baf7faab5 2 minutes ago 3.24GB ``` **NOTES** * Make sure you have enough space in your `/var/lib/docker` directory - the build will use about 9 GB's. Now that your container is built, you'll want to start it a specific way, depending on whether you are starting a clean new instance of SP, or an existing instance. Those details are [here](firstrun.html). # Trying out a container image If you are interested, the SP server (without license files) is available on the IBM FTP site. I've put together the instructions on how to build this server image (v8.1.7) or use my already made image. Those details are [here](/server/registry.html).