Docker Deployment
- 16 Apr 2024
- 9 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Docker Deployment
- Updated on 16 Apr 2024
- 9 Minutes to read
- Contributors
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
This article provides the installation requirements and procedures necessary to deploy a Skylight orchestrator Docker container.
Ubuntu Operation System
Procedure Requirements
You must ensure that the Docker has matched the following items before starting the procedure:
- Docker host running Ubuntu 20.04 LTS
- Docker, minimum version 20.10.6
- Docker Compose Standalone (docker-compose CLI), minimum version 1.29.2
Note: Docker Compose plugin (docker compose CLI) is not supported. - OpenSSH server installed and running on the host
- The multipath tool (multipath-tools package) has been installed on the host
- Over 25 GB of free space for Docker images
- 15 GB of free space for the temporary folder used during the installation
- Sudo privileges or root access on the host
- Disable secure boot on the system.
Procedure Steps
Follow the steps below to install Skylight orchestrator on a Docker host.
To install Skylight orchestrator on Docker host
- Using an SSH client, log in to your docker host and execute the installation package on a host operating system (OS), where < version > in the name of the installation package is the version of Skylight orchestrator to be installed:
sudo sh docker-dist-<version>.sh
- Confirm to proceed by typing y or Y as anything else will abort the installation.
- When asked for the temporary installation folder, type Enter to use the /tmp folder or type the location of another temporary folder. A temporary subfolder, so_install, will be created during the installation and will be removed at the end of the installation.
- The installation will create the user skylight and the group skylight on the host, if these do not already exist.
Notes:
If the user is created during the installation, you will be asked to set up its password.
The installation will create the home folder for the user “skylight” in /home/skylight.
During the installation, Docker images are loaded from the installation package. The main user of these images (visionems or mysql, depending on the image) is reset to the host user 'skylight' UID and GID. This ensures that the user in containers has full access to the /home/skylight/so folders on the host, via mapped docker volumes.
A docker network “so-network” is also created, with a random subnet assigned by docker daemon. The subnet can be changed later via Skylight orchestrator client.
For the management of Skylight orchestrator, a climanager service is installed on the host: so.climgr
IMPORTANT: Do not delete the user skylight.
Folder Structure
The installation will create the home folder for the user skylight in /home/skylight.
├── bin
├── config
│ ├── cib
│ ├── climgr
│ │ ├── greetings.txt
│ │ └── hostkey.ser
│ ├── deployment
│ │ └── deployment-user-config.properties
│ ├── domain
│ │ ├── admin-keyfile
│ │ └── keystore.jks
│ ├── gfclient
│ │ └── pass
│ ├── ha
│ │ ├── cib
│ │ ├── drbd-proxy.license
│ │ ├── generated
│ │ └── hamonitorconfig.properties
│ ├── snmp
│ │ └── storesnmpconfig.properties
│ └── ssh
│ │ └── known_hosts
├── data
├── docker
│ ├── core.compose.yaml
│ ├── ha.compose.yaml
│ └── so.env
├── lib
│ └── jdk -> /home/skylight/lib/jdk-17
├── logs
└── mysql
└── mysql-ha
The installation will also create the following Docker volumes that will point, by default, to the home folders of the skylight user:
- so-config → /home/skylight/so/config
- so-data → /home/skylight/so/data
- so-logs → /home/skylight/so/logs
- so-mysql → /home/skylight/so/mysql
Several files are persisted on the host:
- /home/skylight/<so_version>/bin = scripts for managing Skylight orchestrator containers
- /home/skylight/<so_version>/docker = the docker-compose file, the environment file
- /home/skylight/<so_version>/config = the Skylight orchestrator keystore, admin-keyfile and the ssh configuration for the Skylight orchestrator application
- /home/skylight/<so_version>/logs = the logs of Skylight orchestrator services
- /home/skylight/<so_version>/data = data used by Skylight orchestrator (except the main database)
- /home/skylight/<so_version>/mysql = the main database
- /home/skylight/<so_version>/mysql-ha = where the main database is stored while HA feature is enabled
- /home/skylight/so = symlink to the latest installed /home/skylight/<so_version>
- /home/skylight/<so_version>/bin/logs = the log of the CLI manager
IPv6 Connectivity
For Skylight orchestrator to be able to connect to devices on IPv6 networks, you must:
- Add the following flags in the configuration of the Docker service on the host, in the file /etc/docker/daemon.json
{
"ip6tables":true,
"experimental": true
}
- To enable the change, reload and restart the Docker daemon:
sudo systemctl daemon-reload
sudo systemctl restart docker
- Assign an IPv6 subnet to Skylight orchestrator Docker containers.
Open the Skylight orchestrator client:
socli.sh
- Configure the subnet using the command config edit network subnet and specify an IPv6 subnet with the ipv6 option.
Example:
config set network subnet ipv4 <network/subnet mask> ipv6 <network/prefix>
Changing the Greeting Message
The greeting message, displayed when opening the Skylight orchestrator client (socli.sh), can be changed by replacing the content of the file:
/home/skylight/so/config/climgr/greetings.txt
This file resides on the host and can be edited using sudo, or by opening a shell as user skylight. Make sure to not change the permissions of the file as this has to be readable by the user skylight (original file permissions are 770).
After the change, restart the Skylight orchestrator client manager:
sudo systemctl restart so.climgr
Getting a Signed Certificate for Skylight orchestrator
The user should follow the steps from the article Getting a Signed Certificate for Skylight orchestrator, with the following adjustments:
Instead of opening an SSH session to port 22 to Skylight orchestrator, the user should now run the following command on the host OS, and provide the password of skylight user:
- su - skylight
The path to keytool should be changed from /opt/accedian/skylight/jdk/bin/keytool to:
/home/skylight/so/lib/jdk/bin/keytool
- In the section titled Updating the Skylight orchestrator Keystore from the article Getting a Signed Certificate for Skylight orchestrator, at step 2, the user should enter:
cd /home/skylight/so/config/domain/
- Restart Skylight orchestrator services for the change to take effect.
Red Hat Operation System
Procedure Requirements
- Docker host running Red Hat version 8.8
- Docker, minimum version 20.10.6
- Docker Compose Standalone (docker-compose CLI), minimum version 1.29.2
- OpenSSH server installed and running on the host
- The multipath tool (device-mapper-multipath package) has been installed on the host
- Over 26 GB of free space for Docker images
- 15 GB of free space for the temporary folder used during the installation
- Sudo privileges or root access on the host
- Disable secure boot on the system
- During the installation process, the Docker host must have an internet connection
- Have a file docker-dist-< version >.sh
- The two files below must be stored in the same folder:
set_env_for_redhat.sh
rhel8_drbd_image.tar
Note: Red Hat redeployment script is provided on demand.
IMPORTANT: The redeployment script only supports fresh installation and must be run before deploying Skylight orchestrator Docker version 23.04 or 23.12. This Redhat Docker environment does not support upgrade to future Skylight orchestrator versions.
CAUTION:
If changing the timezone after deploying Skylight orchestrator, the timezone between the Docker host and the Docker container will be inconsistent.
During the installation, some necessary ports will be opened on the Docker host. For more information, see the Base Communications - Network Requirements table in Important Considerations.
Procedure Steps
This section explains the procedures for deploying the Skylight orchestrator on the RHEL Docker host.
The procedures are:
A. Run the set_env_for_redhat.sh script with the -b option to set up some preconditions before deploying Skylight orchestrator.
B. Run a docker-dist file to install Skylight orchestrator Docker.
C. Run the set_env_for_redhat.sh script with -a option to set up some postconditions after deploying Skylight orchestrator.
Setting Up Preconditions Before Deploying Skylight orchestrator
- Run the set_env_for_redhat.sh script to prepare the environment for installing the orchestrator Docker:
sudo ./set_env_for_redhat.sh -b
Confirm to proceed by typing y.
The installation will create the user skylight and the group skylight on the Docker host, if these do not already exist.
IMPORTANT: Do not delete the user skylight.
Installing Skylight orchestrator
To install Skylight orchestrator on Docker host
- Using an SSH client, log into your Docker host and execute the installation package on a host operating system (OS), where < version > in the name of the installation package is the version of Skylight orchestrator to be installed:
sudo sh docker-dist-<version>.sh
Confirm to proceed by typing y or Y as anything else will abort the installation.
When asked for the temporary installation folder, type Enter to use the /tmp folder or type the location of another temporary folder. A temporary subfolder, so_install, will be created during the installation and will be removed at the end of the installation.
Setting Up Postconditions After Deploying Skylight orchestrator
- Run the set_env_for_redhat.sh script to set up some post-conditions after deploying the Skylight orchestrator
sudo ./set_env_for_redhat.sh -a
- Confirm to proceed by typing y.
Folder Structure
The installation will create the home folder for the skylight user in /home/skylight.
├── bin
├── config
│ ├── cib
│ ├── climgr
│ │ ├── greetings.txt
│ │ └── hostkey.ser
│ ├── deployment
│ │ └── deployment-user-config.properties
│ ├── domain
│ │ ├── admin-keyfile
│ │ └── keystore.jks
│ ├── gfclient
│ │ └── pass
│ ├── ha
│ │ ├── cib
│ │ ├── drbd-proxy.license
│ │ ├── generated
│ │ └── hamonitorconfig.properties
│ ├── snmp
│ │ └── storesnmpconfig.properties
│ └── ssh
│ │ └── known_hosts
├── data
├── docker
│ ├── core.compose.yaml
│ ├── ha.compose.yaml
│ └── so.env
├── lib
│ └── jdk -> /home/skylight/lib/jdk-17
├── logs
└── mysql
└── mysql-ha
The installation will also create the following Docker volumes that will point, by default, to the home folders of the skylight user:
- so-config → /home/skylight/so/config
- so-data → /home/skylight/so/data
- so-logs → /home/skylight/so/logs
- so-mysql → /home/skylight/so/mysql
Several files are persisted on the host:
- /home/skylight/<so_version>/bin = scripts for managing Skylight orchestrator containers
- /home/skylight/<so_version>/docker = the docker-compose file, the environment file
- /home/skylight/<so_version>/config = the Skylight orchestrator keystore, admin-keyfile and the ssh configuration for the Skylight orchestrator application
- /home/skylight/<so_version>/logs = the logs of Skylight orchestrator services
- /home/skylight/<so_version>/data = data used by Skylight orchestrator (except the main database)
- /home/skylight/<so_version>/mysql = the main database
- /home/skylight/<so_version>/mysql-ha = where the main database is stored while HA feature is enabled
- /home/skylight/so = symlink to the latest installed /home/skylight/<so_version>
- /home/skylight/<so_version>/bin/logs = the log of the CLI manager
IPv6 Connectivity
For Skylight orchestrator to be able to connect to devices on IPv6 networks, you must:
- Add the following flags in the configuration of the Docker service on the host, in the file /etc/docker/daemon.json
{
"ip6tables":true,
"experimental": true
}
- To enable the change, reload and restart the Docker daemon:
sudo systemctl daemon-reload
sudo systemctl restart docker
- Assign an IPv6 subnet to Skylight orchestrator Docker containers.
Open the Skylight orchestrator client:
socli.sh
- Configure the subnet using the command config edit network subnet and specify an IPv6 subnet with the IPv6 option.
Example:
config set network subnet ipv4 <network/subnet mask> ipv6 <network/prefix>
Changing the Greeting Message
The greeting message, displayed when opening the Skylight orchestrator client (socli.sh), can be changed by replacing the content of the file:
/home/skylight/so/config/climgr/greetings.txt
This file resides on the host and can be edited using sudo, or by opening a shell as user skylight. Make sure to not change the permissions of the file as this has to be readable by the user skylight (original file permissions are 770).
After the change, restart the Skylight orchestrator client manager:
sudo systemctl restart so.climgr
Getting a Signed Certificate for Skylight orchestrator
The user should follow the steps from the article Getting a Signed Certificate for Skylight orchestrator, with the following adjustments:
Instead of opening an SSH session to port 22 to Skylight orchestrator, the user should now run the following command on the host OS, and provide the password of skylight user:
- su - skylight
The path to keytool should be changed from /opt/accedian/skylight/jdk/bin/keytool to:
/home/skylight/so/lib/jdk/bin/keytool
- In the section titled Updating the Skylight orchestrator Keystore from the article Getting a Signed Certificate for Skylight orchestrator, at step 2, the user should enter:
cd /home/skylight/so/config/domain/
- Restart Skylight orchestrator services for the change to take effect.
© 2024 Accedian Networks Inc. All rights reserved. Accedian®, Accedian Networks®, the Accedian logo™, Skylight™, Skylight Interceptor™ and per-packet intel™, are trademarks or registered trademarks of Accedian Networks Inc. To view a list of Accedian trademarks visit: http://accedian.com/legal/trademarks/.
Was this article helpful?
