Connect Docker containers securely to MapR-FS using the MapR POSIX Client

Document created by mkieboom Employee on May 31, 2016Last modified by mkieboom Employee on Apr 28, 2017
Version 3Show Document
  • View in full screen mode

UPDATE:

Although the information in this article is still valid and working, we highly recommend to use the MapR Persistent Application Client Container (PACC). The MapR Persistent Application Client Container (PACC) is a Docker-based container image that includes a container-optimized MapR client. The PACC provides seamless access to MapR Converged Data Platform services, including MapR-FS, MapR-DB, and MapR Streams. The PACC makes it fast and easy to run containerized applications that access data in MapR.

Read more on: About the MapR Persistent Application Client Container (PACC) 

 

 

Introduction

When using Docker containers there are various ways to connect to the MapR Filesystem from within the Docker container. When running docker containers using Mesos on the same nodes as MapR for example, allows all Docker containers to have a single source of truth when it comes to the data source.

  1. Provide a volume to the Docker container
  2. Install the MapR POSIX Client wihtin a Docker container

This article describes the installation of the MapR POSIX Client within the Docker container as this allows for both secure communication over the wire between the Docker container and the MapR Filesystem, as well as compression of all data being transfered and faster failover in case of node failures.

Lets get started!

Install and run a Docker CentOS image

If you haven’t already done so, first install and start docker:

# Download and install Docker
curl -fsSL
https://get.docker.com/ | sh

# Start Docker
service docker start
chkconfig docker on

# Get Docker CentOS 6.7 image
docker pull centos:6.7

# Launch the CentOS docker container and connect to it
# note: --cap-add SYS_ADMIN is mandatory to be able to mount later on!
docker run -it --cap-add SYS_ADMIN centos:6.7

Install the MapR POSIX Client

With the docker container up and running, let’s install the MapR POSIX Client:

# Install pre-requisites
yum install -y wget iputils redhat-lsb-core rpcbind nfs-utils

# Import MapR Package key
rpm --import
http://package.mapr.com/releases/pub/maprgpg.key

# Install MapR POSIX client
wget
http://package.mapr.com/releases/v5.1.0/redhat/mapr-loopbacknfs-5.1.0.37549.GA-1.x86_64.rpm
rpm -i mapr-loopbacknfs*.rpm

# Create the mount point
mkdir /mapr

# Set the mount options in the mapr_fstab file
vi /usr/local/mapr-loopbacknfs/conf/mapr_fstab
127.0.0.1:/mapr /mapr hard,nolock

Generate login tickets in case of secure MapRcluster

When connecting the docker container to a secure MapR cluster, the following steps need to be executed to generate a loginticket:

# Optional steps - Only to be executed in case of a secure MapR cluster
# On the MapR cluster, login as the mapr user to generate a ticket
su - mapr
maprlogin password

# Generate a loginticket in /tmp/maprloginticket
maprlogin generateticket -type service -user mapr -duration 365:0:0 -out /tmp/maprloginticket

With the login ticket created on the MapR cluster, copy this to /tmp/maprloginticket on the Docker container running the MapR POSIX Client.

Configure MapR POSIX Client

After installing the POSIX Client in the Docker container, the following configuration parameters need to be set.

# Open the MapR POSIX Client configuration file
vi /usr/local/mapr-loopbacknfs/initscripts/mapr-loopbacknfs

# Set the following based on your MapR cluster configuration
CLUSTER_NAME=my.clustername.com
CLDB_IPS=”hostnamemaprcldb:7222”

# And in case of a secure cluster, set the following addditional parameters:
IS_SECURE=true
MAPR_TICKETFILE_LOCATION=/tmp/maprloginticket

# Finally, run the init script which will process the configuration parameters
/usr/local/mapr-loopbacknfs/initscripts/mapr-loopbacknfs

# Validate the right configuration has been set:
cat /usr/local/mapr-loopbacknfs/conf/mapr-clusters.conf

Launch the MapR POSIX Client

After configuring the POSIX Client, launch it to make use of a secure connection between the Docker container and the MapR Filesystem that has both encryption over the wire as well as compression:

# Start the loopbackservice
service mapr-loopbacknfs restart
chkconfig mapr-loopbacknfs on

# Allow some time for the service to start.
# After that check if the mount point is successfully showing the MapR Filesystem content:
ls /mapr/

Troubleshooting

Some basic troubleshooting for the most common misconfiguration issues:

# Make sure the rpcbind service is running
service rpcbind start
chkconfig rpcbind on

# Set MAPR_SUBNETS in case of multiple network interfaces
# More info:
http://doc.mapr.com/display/MapR/Designating+Subnets+for+MapR
vi /usr/local/mapr-loopbacknfs/conf/env.sh
export MAPR_SUBNETS=<ipaddress>/32

# More information on the MapR POSIX Client:
#
http://doc.mapr.com/display/MapR/MapR+POSIX+Client
2 people found this helpful

Attachments

    Outcomes