Challenge: CLM Server Image with confidential Data stored on Docker Hub?

There are still obstacles to use the Cloud, even in a private Repository on Docker Hub.

You are walking on “thin ice” when you put important/confidential data to a Cloud solution.

Why is it necessary to have a CLM Server Image on Docker Hub?

We currently use a  Git, Travis and Docker Integration, it means every time you commit changes to Git, Travis will run and perform some Tests. When you develop CLM software extensions this CI Solution is very powerful but you need a CLM Docker Image at Docker Hub.

 

Solution

A possible solution that I found is:

  1. Keep an empty CLM Server Docker Image at Docker Hub
  2. Pull this empty CLM Server with “docker pull…”
  3. And exchange the CLM Derby DB with a local Derby DB.
  4. Start the CLM Server.

This is possible because Derby DB, used in CLM Test Installations, is file system based. It means I could use the Backup/Restore mechanism to exchange the Derby DB.

Details about “Backing up and restoring the Derby database” are here.

 

Let me show you an example with a public Docker Image from Jim Ruehlin. We will use it to to fill the CLM/RTC Database (Derby DB) with Data and make a local Backup of the Derby DB.

 

First Steps (Create and Backup Derby)

  1. Open a Terminal. If you are working on LINUX you may have to type “sudo su -“. My example works on Mac OS.
  2. Login to Docker Hub with “docker login” (in case you are using a private Docker Repository)
  3. Run your “virgin” CLM (or RTC)  Docker Image with “docker run -it -p 9443:9443 -v /Users/sh/dropins:/opt/IBM/JazzTeamServer/server/liberty/servers/clm/dropins jruehlin/clm603-rtc:latest /bin/bash”. The “-v /Users/sh/….” is used to convenient copy the Derby Backup file between your Host and the CLM/RTC Docker Image.
  4. Inside the RTC Docker Image go to the App Server Directory with “cd /opt/IBM/JazzTeamServer/server”
  5. Start the CLM/RTC Server with “./server.startup”
  6. Wait a little bit and open the Browser on your Host with “https://localhost:9443/rm”
  7. Now you can create a DNG Project Area based on confidential DNG Templates
  8. Don’t exit the running Docker Image!
  9. Open a second Terminal and type “docker ps” to get the Container ID of the running CLM/RTC Docker Image.
  10. Go to your first Terminal and stop the running App Server with “./server.shutdown”.
  11. Type in “cd conf” to change to the  /opt/IBM/JazzTeamServer/server/conf directory
  12. Backup the CLM/RTC Derby DB with “tar cvpf clm.tar.gz */derby/*”
  13. Copy the resulting clm.tar.gz to the Host with “cp clm.tar.gz /opt/IBM/JazzTeamServer/server/liberty/servers/clm/dropins “
  14. Change to your second Terminal and go to the /Users/sh/dropins directory. If you want to store the tar file on Git you have to create file with a max of 25 MB. You can do this with “split -b 24m clm.tar.gz ” clm.tar.gz.part”
  15. Kill the running CLM Docker Image with going to your first Terminal an type “exit”. After this step all changes to the CLM Docker before are lost! But we the Tar File with the Backup of the Derby DB (containing the confidential Data).

 

Second Step (Restore the Derby DB to a new CLM/RTC Docker Image)

  1. Open a new Terminal and type “docker run -it -p 9443:9443 -v /Users/sh/dropins:/opt/IBM/JazzTeamServer/server/liberty/servers/clm/dropins jruehlin/clm603-rtc:latest /bin/bash”. In our case docker don’t pull a new CLM/RTC Docker Image from Docker Hub because we have an identical Image already.
  2. Type “cd /opt/IBM/JazzTeamServer/server/conf”
  3. Type “tar xpf /opt/IBM/JazzTeamServer/server/liberty/servers/clm/dropins/clm01.tar.gz” to restore the old Derby DB
  4. Start the App Server with “cd /opt/IBM/JazzTeamServer/server” and “./server.startup”
  5. Wait a little bit and open the Browser on your Host with “https://localhost:9443/rm”
  6. Your confidential DNG Project Area should be available and ready for testing.

A further “step by step” instruction  with Travis and Docker Integration will come…

First travis.yml example

language: java
dist: trusty
network: bluezone
sudo: required
addons:
apt:
packages:
– iproute2
services:
– docker
before_install:
# can be encrypted with env var https://docs.travis-ci.com/user/environment-variables/
– docker login –username xxxx –password xxxx
– docker pull xxxx/clm603empty
– cat clm.tar.gz.parta* > clm.tar.gz
– docker run –name clm -td -p 9443:9443 xxxx/clm603empty
– docker cp clm.tar.gz clm:/opt/IBM/JazzTeamServer/server/conf
– docker exec -i clm /bin/bash -c ‘tar xzfp /opt/IBM/JazzTeamServer/server/conf/clm.tar.gz -C /opt/IBM/JazzTeamServer/server/conf’
– docker exec -i clm /bin/bash -c ‘/opt/IBM/JazzTeamServer/server/server.startup; tail -f /opt/IBM/JazzTeamServer/server/liberty/servers/clm/logs/console.log’
– docker ps -a
script:
– docker logs clm
– curl https://127.0.0.1:9443/jts -k

Useful Informations:

How to copy files to Docker Image

 

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: