This article provides a sample exercise that demonstrates how to create a Linux Sentry Software instance as a Docker image. The steps listed below aim to simplify this process however there are many ways to accomplish the end goal of making use of Docker Images to simplify creation, testing and deployment of Forum Sentry instances. There are many options to make these processes even simpler with the use of other tools such as Docker Compose, etc.
The setup below assumes some general knowledge of Docker and CentOS v7 administration.
Using Docker containers on a Linux OS is a common mechanism to use for Forum Sentry virtual deployments. This includes docker deployments in cloud environments such as Amazon and Azure. As is the case with the other virtual Forum Sentry form factors, Sentry docker instances allow for automated deployment capabilities such as pre-provisioning, cloning, and using REST API commands for environment updates.
1. Extract the Sample Docker Setup Files
The attached file Helpdesk_Docker_Sentry.zip contains samples that will allow you to easily create a Sentry docker instance. This ZIP file contains:
Extract these ZIP contents into a local directory on your Linux system. The file contents are defined below.
The sample Dockerfile is provided which creates a Centos v8 image with supporting utilities and Forum Sentry. Edit this file to make changes to fit your environment such as the Forum Sentry version you need to install. Place your Dockerfile in the local directory.
This script file is used to create the docker image. To run this script from your Linux instance, give the script exec rights (chmod +x buildDockerImage.sh) and run the script from the local directory (./buildDockerImage.sh)
This script file is used by the Dockerfile as the ENTRYPOINT which will handle the starting of Sentry as well as capturing CTRL-C for controlled shutdown. This script should be given exec privileges (chmod +x runSentry.sh). You do not need to run this script directly, as the Dockerfile will invoke it.
2. Build the Docker Image
You can use the buildDockerImage.sh script to build the docker image. The Dockerfile must be in the same local directory as the scripts and modified with your environment settings. The Sentry install package must also be located in this same directory. This script takes an argument on the command line which is the Sentry version (in this example 9.1.280) you want to install. For example, for Sentry installer for version 9.1.280 is fs-sentry-9.1.280-x86_64-linux.bin.
# ./buildDockerImage.sh 9.1.280
Once finished you should see that the new Docker Image has been created via the command:
# docker images
Or more specifically
# docker images <repository>:<Tag>
# docker images forumsys/services:sentry_9.1.280
REPOSITORY TAG IMAGE ID CREATED SIZE
forumsys/services sentry_9.1.280 fdd4d234086f 2 hours ago 1.69GB
3. Launch the Docker Image
The following two commands launch the Docker Image and start Forum Sentry. The first command shows CPU and Memory allocation as well as mapping of the default Web Admin port (5050) inside the Docker Container to the desired and available port on the host. The second command starts Forum sentry.
Note: in the example below the port on the host is 50501 which is mapped to the web admin port (5050) in the container running Forum Sentry
# docker run --cpus 2 -m 12GB -itd -p 50501:5050 - --name sentry_9.1.280 forumsys/services:Sentry_9.1.280
After running the above command, you should be able to view the newly created container using:
# docker ps
4. Commit the Docker Image
It is recommended that a Docker Image is saved apart from any you intend to deploy. These base images can be used as part of a new Dockerfile to create more specialized Docker Images. For example, the above steps have led to the creation of a base Forum Sentry Linux Docker Image which can be used to further create newer Test/Dev and Production images.
To create a base image, you will need to specify a name tag as follows:
# docker commit 38137c33e867 forumsys/services:Sentry_9.1.280_base
4. License the Forum Sentry Docker Instance
This step can be done by obtaining a license file in XML format and writing it directly to the subdirectory where Forum Sentry is installed (i.e. /root/ForumSystems/xmlserver/config/) or you can launch a web browser and go to your host’s IP at the mapped web admin port (i.e. https://[Docker_Image_IP]:50505) and the license screen that will be the first screen that appears. You can apply an instance license, or an elastic floating license from a Forum License Server.
Launch the browser and go to your host’s IP at the mapped web admin port (i.e. https://docker-development.forumsys.com:50505):
Please contact Forum Systems for Forum Sentry Docker Image licensing.
5. Create a Sentry Configuration
Once licensed you should be prompted to create an initial Web Admin Account. Login and proceed to create a new configuration by adding new policies, etc. You can also import a pre-existing configuration via GDM Import of FSX or FSG. Please note that at this point the newly created Policies will not be exposed until you commit changes.
6. Test your Sentry instance
Send a request to one of your policies and then check logs to see that traffic is indeed being processed by this Sentry instance.
Access log showing transactions via Forum Sentry: