Hitachi

JP1 Version 12 JP1/Base User's Guide

O.5 Notes on installing JP1/Base on a container

To install JP1/Base on a Podman container, and to connect to a Podman host or other hosts, the prerequisites below must be met, and the procedure below must be performed.

A host on which Podman is installed is referred to as a Podman host. A container provided by Podman is referred to as a container.

Organization of this subsection

(1) Prerequisites

To connect a Podman container which JP1/Base is installed with outside containers, TCP/IP communication must be set in both directions to perform properly. The examples are shown below.

(a) To use port forwarding functionality

  1. An IP address that can be used to communicate with a connected host is statically assigned to each container.

    To connect a container that has JP1/Base installed to hosts other than containers, statically assign to the Podman host an IP address corresponding to each container.

  2. Port forwarding settings are configured for Podman containers for which IP addresses are explicitly specified.

    To connect a container to hosts other than containers, you must specify the port forwarding settings for the IP addresses assigned in step 1 to forward data from the port number used by JP1/Base on the Podman host side to the port number used by JP1/Base on the container side.

    For details about the ports used by JP1/Base, see Appendix C. List of Port Numbers. 

    # podman run -p external-IP-address:port-used-by-JP1/Base-on-the-external-IP-address:port-used-by-JP1/Base-on-the-container ...

    -p: Map the port for JP1/Base in a given container to the port on the IP address over which communication can be initiated from external locations.

    Example settings:

    # docker run --privileged -p xxx.xxx.xxx.xxx:20098:20098
-p xxx.xxx.xxx.xxx:20099:20099 -p xxx.xxx.xxx.xxx:20237:20237
-p xxx.xxx.xxx.xxx:20238:20238 -p xxx.xxx.xxx.xxx:20239:20239
-p xxx.xxx.xxx.xxx:20240:20240 -p xxx.xxx.xxx.xxx:20306:20306
-p xxx.xxx.xxx.xxx:20600:20600 --name container-name --hostname host-name -id base-image-name:tag-name

    "xxx.xxx.xxx.xxx" indicates an IP address statically assigned to the Podman host in step 1.

    For details about each option, see the Release Notes provided on the Podman website.

  3. The container is started in privileged mode.

    For some JP1/Base commands, you must start the container in privileged mode. Start the container that has JP1/Base installed in privileged mode (--privileged). See step 2 above for example settings.

  4. JP1 events are forwarded from a container.

    When JP1 events are forwarded from JP1/Base installed on a container to other hosts, the IP addresses specified in step 1 and step 2 are not set as the source IP addresses of the forwarded JP1 events. For this reason, avoid performing operations on the host to which the JP1 events have been forwarded that use the source IP addresses of events forwarded from a container.

(b) To use the Macvlan bridge on the Podman host

  1. The container is started in privileged mode.

    For some JP1/Base commands, you must start the container in privileged mode. Start the container that has JP1/Base installed in privileged mode (--privileged). See the following for example settings. 

    # podman run --privileged --name container-name --hostname host-name -id base-image-name:tag-name

  2. Set the macvlan on Podman host, and then create VNIC.

    # ip link add link IF-with-IP-address-to-connect-outside-of-a-Podman-host name VNIC-name type macvlan mode private

  3. Assign VNIC to the container on Podman host.

    # ID=containerID
# ip link set VNIC-name netns $(podman inspect --format "{{.State.Pid}}" $ID)

  4. Operate container from Podman host, and then give an IP address to the assigned VNIC.

    # podman exec $ID yum install -y iproute libmnl libnfnetlink libnetfilter_conntrack iptables
# podman exec $ID ip addr add dev VNIC-name IP-address-to-give/net-mask
# podman exec $ID ip link set VNIC-name up

    This operation does not required when all of the IP address setting commands have already installed.

  5. JP1 event of which transferred from container

    When JP1 events are transferred from JP1/Base on container to the other hosts, "Source IP address" attributes of JP1 event is not the same with the one set in step 1 and step 2 above. For this reason, you must avoid to operate using "Source IP address" attributes of JP1 events transferred from container on the destination host.

To Page Top

(2) Configuration procedure

  1. Reconfigure the authentication server for JP1/Base within a container.

    If JP1/Base is installed by using Dockerfile, the host name when JP1/Base is installed (when a Podman image is created) differs from the host name when the container is started, so the primary authentication server name specified during installation will differ from the physical host name when the container is started. For this reason, to use an authentication server within the container, you need to re-specify the host name to be used when the container is started.

    To do this, you must execute the following at the command line:

    # /opt/jp1base/bin/jbssetusrsrv `hostname`

  2. On JP1/Base on the container, specify in JP1hosts2 the hosts to which connections are made.

    The hosts file in a container is overwritten during start and stop operations, and the information about other hosts is deleted. For this reason, specify in jp1hosts2 information about the hosts to which connections are made.

  3. On the hosts to which connections are made, specify the settings so that the host name of the container can be resolved to the IP address corresponding to the container set in step 1 and step 2.

    When a Podman container receives requests from external locations, the container waits for requests on the IP address that corresponds to the container. For this reason, on the host to which connections will be made, specify the settings so that the host name of the container can be resolved to the IP address corresponding to the container.

  4. Starting a container

    You cannot use the function to automatically start JP1/Base services when the Podman container starts. To start the JP1/Base services after the Podman container starts, use the command for starting JP1/Base. Alternatively, create a shell script that includes the command that must be executed to start the Podman container, and consider executing the command for starting JP1/Base by using that shell script.

    For details about the commands to start JP1/Base, see 7.2 Starting and stopping JP1/Base (in UNIX).

  5. Stopping a container

    Use the command for terminating JP1/Base to stop the JP1/Base services, and then stop the container.

    For details about the commands for stopping JP1/Base, see 7.2 Starting and stopping JP1/Base (in UNIX).

  6. Linkage between containers

    Podman does not support the container link function (--link). If you want to link containers, edit the /etc/hosts file of each container so that the host name and the IP address of the container are mapped.

To Page Top

Copyright (C) 2019, 2021, Hitachi, Ltd.

Copyright (C) 2019, 2021, Hitachi Solutions, Ltd.