Pulling a custom Docker image from an authenticated repository

You can create a custom start script to configure the TERR service to log in to a remote authenticated repository and pull a custom Docker image.

1. If you have already installed the TERR service from the Spotfire Server Admin UI Nodes and Services page, and if it is running, then stop the service.
2. Install the AWS command-line interface (CLI) tool on the computer running the node manager.
   See https://docs.aws.amazon.com/cli/latest/userguide/awscli-install-bundle.html for more information.
   1. Run the command aws configure, and then connect to your account using your AWS Access Key and AWS Secret Access Key.
   2. Verify that the user running the TERR service can run the aws process.
3. Determine your docker.image.name property.
   1. In your AWS account, navigate to Amazon ECR > Respositories.
      The docker image name is listed after Repository URI, and the tag is listed after Image Tags.

      Repository URI 123456.dkr.ecr.us-west-2.amazonaws.com/terr/terrsrv-sample
      Image Tags: latest

   The docker.image.name property is a concatenation of those two values.

   docker.image.name: 123456.dkr.ecr.us-west-2.amazonaws.com/terr/terrsrv-sample:latest

4. On the computer running Spotfire Server, export the custom.properties as described in steps 1-3 of Configuring the TERR service .
5. On the computer running Spotfire Server, create a custom script and save it to your custom configuration directory <server installation dir>/tomcat/spotfire-bin/config/root/conf/.
   The script uses the AWS get-login command to fetch the docker login command. See the following links for more information.

   • https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html
   • https://docs.docker.com/engine/reference/commandline/login/
   In the script, use the absolute path to the aws command (usr/local/bin/aws).

   We named this sample script awsScript.sh.

   If saved to a custom configuration, it resides at the relative path conf/awsScript.sh

   Important: Remember that for any script you write, the line endings must be appropriate for the operating system where the TERR service runs. Many text editors can perform end-of-line (EOL) conversion.

   #!/bin/bash
       # Request a login from AWS
       # The command will return a 'docker login' string
   DOCKER_LOGIN=`/usr/local/bin/aws ecr get-login --no-include-email --region us-west-2`
   echo Retrieved the command ${DOCKER_LOGIN}
       # Execute that 'docker login'
   ${DOCKER_LOGIN}
   echo docker login authentication completed.
   

   Note: From the command line, manually test your script at this stage to ensure that everything works correctly.
6. Edit the relevant properties in the file custom.properties with the appropriate values.

   docker.image.name: 123456.dkr.ecr.us-west-2.amazonaws.com/terr/terrsrv-sample:latest
   use.engine.containers: TRUE
   startup.hook.script: conf/awsScript.sh

7. From the command line, manually test the script to make sure that it works correctly.
8. On the computer running Spotfire Server, import the custom.properties as described in Configuring the TERR service .
9. From the Spotfire Server Admin UI Nodes and Services page, install the service, specifying the configuration to use, and then start the service.
   See Installing the TERR service instance on a node manager for a Spotfire Server for more information.

   If you have already installed the service, then in the node manager, select the service and click Edit. From the Configuration drop-down, select the new configuration.