Deploying LogLogic EVA on Docker

To deploy LogLogic EVA on Docker, create a Docker image on the Docker host and run LogLogic EVA as a Docker container on the Docker host.

Overview

Deploying LogLogic EVA on Docker involves the following steps:
  1. Create a Docker image by following steps at Step 2.
  2. Create a Docker container by following one of these methods:

See the characteristics and limitations of LogLogic EVA on Docker.

Important Considerations

Management Station Configuration:
  • When configuring a Management Station setup, you cannot add a different container running on the same host as a Remote Appliance.
  • It is recommended to run one container per host.
Reboot and shutdown of the LogLogic EVA instance:
  • After shutting down the instance from the Administration > System Summary > Appliance Shutdown tab, the appliance cannot be recovered. You must create a new container.
  • You cannot reboot the LogLogic EVA instance from the container. You can reboot the instance from the GUI by using the Administration > System Summary > Appliance Reboot tab.
Docker Host Storage
If the Docker host runs out of storage on the disk where the LogLogic EVA container is running, the container might transition to an undefined state and you might not be able to access the container from the GUI and the CLI. If this happens, destroy the container, make more storage available in the Docker host, and create a new container.

Prerequisites

Before starting deployment, ensure that you meet the following requirements:
  • On the Linux host machine where you want to deploy LogLogic EVA, ensure that you are using the supported version of the appropriate operating system: either CentOS or RHEL. For a complete list of supported platforms and versions, see the LogLogic EVA - Container Edition Readme file.
  • On the Linux host machine, perform the following steps (in the given sequence):
    1. Ensure that a supported version of Docker is installed. For a complete list of supported platforms and versions, see the LogLogic EVA - Container Edition Readme file.
    2. Create the /etc/docker/daemon.json file if it does not exist. To enable the Docker experimental features and IPv6, and to set the storage driver, add the following parameters and values in the file: 
      {
     "ipv6": true,
     "fixed-cidr-v6": "2001:db8:1::/64",
     "experimental": true
}
    3. Restart the Docker daemon by running the following command: 
      $ systemctl restart docker
  • From the Oracle MySQL website, download the following files (in .tar.gz format) to the src_pkgs directory:
    Item Operating System Example file name
    MySQL Server,

    64-bit,

    Enterprise or Community Edition

    		Red Hat Enterprise Linux / Oracle Linux version 7 mysql-<version>-linux-glibc2.12-x86_64.tar.gz
    MySQL Java Connector Red Hat Enterprise Linux / Oracle Linux version 7 mysql-connector-java-<version>.tar.gz

    For a complete list of supported platforms and versions, see the LogLogic EVA - Container Edition Readme file.

    Note: You must have a MySQL Server Enterprise Edition or MySQL Server Community Edition license. When you obtain third-party software or services, it is your responsibility to ensure you understand the license terms associated with such third-party software or services and comply with such terms.
  • Download the archive of the Docker enabler TIB_logevace-<EVA-version>.zip from the TIBCO eDelivery website. Extract the contents of the Docker enabler by running the following command: 
    $ unzip TIB_logevace-<EVA-version>.zip
    The following files and directories are extracted:
    • build_eva_ce_image.sh
    • Dockerfile
    • resources/
    • run_eva_ce.sh
    • src_addon_resources/
    • src_pkgs/

    To check the usage options for the scripts, you can run the script with the -h option. For example:

    • build_eva_ce_image.sh -h
    • run_eva_ce.sh -h
  • Verify the LogLogic LSP version specified in the LSP_INSTALLER_VERSION property in the resources/eva_ce_image.properties file. To use a different version of LogLogic LSP, perform the following steps:
    1. Download the LogLogic LSP installer of the required version to the src_addon_resources directory.
    2. Specify the LogLogic LSP version correctly in the LSP_INSTALLER_VERSION property.
    For a complete list of supported platforms and versions, see the LogLogic EVA - Container Edition Readme file.
  • A list of ports that must be enabled is specified in the resources/eva_ce.properties file. To enable an additional port, you must add the port to the MISC_PORTS list in this file.

    For detailed information about these ports, such as protocol, interface, and process name, see Port Assignments in the TIBCO LogLogic® Log Management Intelligence Administration.

Procedure

To create a Docker image:

  1. Copy the archive file that you downloaded from the MySQL Server to the src_pkgs directory.
    Note: Do not modify or extract the contents of the archive.
  2. Based on your requirements, create a Docker image in one of the following ways:
    • Only the image: Create a Docker image in the local repository by running the following command: 
      $ ./build_eva_ce_image.sh -m
      A Docker image named loglogic/eva:XXX is created in the local repository.
    • Image and tarball file: Create a tarball file containing a Docker image in addition to a Docker image in the local repository, by running the following command: 
      $ ./build_eva_ce_image.sh -t -m
      A tarball file named eva_ce_<EVA_version>.tar.gz is created inside a target subdirectory within the working directory.
    In both cases, a Docker image named loglogic/eva:XXX along with LogLogic LSP installed, is created in the local repository.
  3. Optional: If you created a tarball file at Step 2, then import the Docker image from the tarball by running the following commands: 
    $ cd target
$ gunzip -d eva_ce_<EVA_version>.tar.gz
$ docker load --input eva_ce_<EVA_version>.tar
    The Docker image is available in the local repository. To ensure that the image is available, you can run the following command : 
    $ docker images

(Option 1) To create a Docker container by using the built-in script:

  1. Review the parameters in the resources/eva_ce.properties file. You can modify parameters, if required.
  2. Create the container by running the following command: 
    $ ./run_eva_ce.sh
  3. Specify the volume:
    • To create a new volume, type y.
    • To use an existing volume, type n and provide the name of the existing volume.

(Option 2) To create a Docker container by running the Docker commands:

  1. Create a new volume by running the following command: 
    $ docker volume create <volume_name>
  2. Create the container by running the docker run command: 
    $ docker run -it -d 
--privileged=true 
--memory <Memory assigned to container>  
-e TZ=<Timezone String> 
-e CONTAINER_MEMORY=<Container memory in GB>  
-p <Port mapping pair1> -p <Port mapping pair2> ... 
--mount source=<Docker Volume>,target=/loglogic/  
--name <Container name>  <EVA CE Image name> <FEATURE_FLAG>
    For example: 
    docker run -it -d --privileged=true  --memory 32g    
-e TZ=America/Los_Angeles -e CONTAINER_MEMORY=32g     
-p 443:443 -p 514:514/udp -p 514:514/tcp -p 4433:4433/tcp     
-p 5514:5514/tcp -p 5516:5516/tcp -p 123:123/udp -p 161:161/udp 
-p 162:162/udp -p 2055:2055/tcp -p 9555:9555/tcp -p 9995:9995/tcp 
-p 3306:3306/tcp -p 4400:4400/tcp -p 5515:5515/tcp -p 6514:6514/tcp 
-p 7000-8000:7000-8000/tcp -p 9013:9013/tcp -p 9443:9443/tcp 
-p 9611:9611/tcp -p 9620:9620/tcp -p 9621:9621/tcp -p 9622:9622/tcp 
-p 9626:9626/tcp -p 9680:9680/tcp -p 9681:9681/tcp -p 9682:9682/tcp 
-p 9683:9683/tcp -p 9685:9685/tcp -p 9687:9687/tcp -p 9688:9688/tcp 
-p 9689:9689/tcp -p 9880:9880/tcp -p 11965:11965/tcp -p 8081:8081/tcp 
--mount source=vol_eva_ce,target=/loglogic/ 
--name eva_ce-6.3.1 loglogic/eva:6.3.1 LOGU_ON
    Note: All these parameters are required for the container to run properly. You must type the entire command on a single line, without line breaks.
    Parameter Description
    Parameter Description
    -it -d --privileged=true
    Option Description
    -it Allocates a pseudo-tty and keeps STDIN open
    -d Daemonizes the container runtime
    --privileged=true Assigns root privileges to the container
    • <Memory assigned to container>
    • <Container Memory in GB>
    		Maximum memory that the container can use. The value of both parameters must be identical.

    <Container Memory in GB> provides the value to be stored in the environment variable CONTAINER_MEMORY for appropriate dynamic memory allocation across the various engines. The environment variable CONTAINER_MEMORY is used by the built-in scripts to compute the dynamic memory requirement.

    <Timezone String> The time zone for the container. The value <Timezone String> is stored in the environment variable TZ. For example, 'America/Los_Angeles'.

    To view a list of the available time zones, you can run the tzselect Linux command.

    <Port mapping pairs> The complete list of UDP and TCP ports to be exposed, in the following format: 
    <port_number>:<port_number>/<protocol>
    Note: Ensure that all the required ports are exposed. The minimum list of required ports is available in resources/eva_ce.properties. If you want any additional ports to be exposed, you must mention them in the list in this parameter option.
    <Docker Volume> The name of the Docker volume to be used by the container, which you created in Step 7.

    The container data is stored in the /loglogic directory within the container. When the container is destroyed, this data is lost. To prevent such data loss, it is recommended to mount the /loglogic directory to the Docker volume, because the Docker volume is independent of the container, and hence data is preserved.

    <Container name> Name of the container
    <EVA CE Image name> Name of the Docker image
    <FEATURE_FLAG> Specifies the flag value to be used when the entry point script (start_eva_ce.sh) runs. The default value is LOGU_OFF.

    The following table indicates all the valid values of the <FEATURE_FLAG> parameter and the corresponding states of the various Advanced Features:

    Flag value State of Advanced Features options
    Advanced Features Monthly Index Monitoring Console Advanced Aggregation
    LOGU_OFF (default) off off off off
    LOGU_ON on off off off
    ALL_FEATURES_ON on on on on
    LOGU_AGGR_ON on off off on
    LOGU_MONTHLY_INDEX_ON on on off off
    LOGU_MONTR_CONSOLE_ON on off on off
    LOGU_AGGR_MONTR_CONSOLE_ON on off on on
    LOGU_AGGR_MONTHLY_INDEX_ON on on off on
    LOGU_MONTR_CONSOLE_​MONTHLY_INDEX_ON on on on off

Result

A Docker container including LogLogic LSP is created. The logs are stored in the following directories:
  • Logs of the image created:

    logs/build_eva_ce_image_logs/<Time_stamp>

  • Logs of the container created:

    logs/run_eva_ce_logs/<Time_stamp>

What to do next

Access the container from the GUI or CLI:
  • From the GUI: In a web browser, navigate to https://{HOST_IP}:${HTTPS_PORT}

    Here, HOST_IP is the IP address of the host machine on which Docker is running and HTTPS_PORT is the port mapped to the default HTTPS port (443).

    Note: When logging in to a container, you must type https:// before the URL.

    The date and time of all containers running on a host are in sync with those of the host machine. You can change the time zone in the resources/eva_ce.properties file.

    The following GUI menus and pages are not available on the container platform:
    • Administration > File Update menu
    • Administration > System Settings > Time page
    • Administration > Network Settings menu
    • Management > Check Point Configuration menu
  • From the CLI: Run the following Docker commands:
    1. Obtain the container ID: 
      $ docker container ls
    2. Access the container by using the container ID: 
      $ docker exec -ti <CONTAINER ID> bash
    3. To view the status of ports, run the following command: 
      $ docker ps

(Optional) To connect LogLogic EVA to a large number of devices, perform the steps at Configuring LogLogic EVA for Large Number of Devices.

Troubleshooting
If the host machine restarts, you must restart the container. Perform the following steps:
  1. Get a list of containers that exited when the host machine restarted: 
    $ docker ps -a
  2. Start the required container by running the following command: 
    $ docker start <container_ID>
    Specify the appropriate container ID:
    • To use an existing exited container, specify the ID of the existing container that you obtained from the previous step.
    • To create a new container, use one of the following methods: To create a new container with the existing data from the exited container, you can reuse the volume that was attached to the exited container.