docs.intersystems.com
Home  /  Architecture  /  InterSystems Cloud Manager Guide  /  Using ICM with Custom and Third-Party Containers


InterSystems Cloud Manager Guide
Using ICM with Custom and Third-Party Containers
[Back]  [Next] 
InterSystems: The power behind what matters   
Search:  


This appendix describes using ICM to deploy customer and third-party containers. Instructions assume that your Docker image resides in a repository accessible by ICM. For information on how to configure your container to communicate with other containers and services (including InterSystems IRIS™), see Scripting with ICM.
Container Naming
Each container running on a given host must have a unique name. When deploying a container using icm run, the container can be named using the -container option:
# icm run -container gracie -image docker/whalesay
You can see the name reflected in the output of icm ps:
# icm ps
Machine            IP Address    Container   Status      Image
-------             ---------     --------    -----       ----
ISC-DM-TEST-0001   172.16.110.9  gracie      Restarting  docker/whalesay
Note:
If the -container option is not provided, the default container name iris is used. Both iris and spark are reserved and should only be used for containers derived from InterSystems IRIS and Apache Spark Docker images provided by InterSystems.
Overriding Default Commands
If you want to override a container's default command, you can do so with -command. For example, suppose the docker/whalesay image runs command /bin/bash by default:
# icm docker -command "ps -a"

CONTAINER ID  IMAGE            COMMAND      CREATED     STATUS      NAMES
17f4ece54c2f  docker/whalesay  "/bin/bash"  4 days ago  Restarting  gracie
To have the container run a different command, such as pwd, you could deploy it as follows:
# icm run -container gracie -image docker/whalesay command pwd
You can verify that the command succeeded by examining the Docker logs:
# icm docker -command "logs gracie"
/cowsay
Using Docker Options
Your container may require Docker options or overrides not explicitly provided by ICM; these can be passed to your container using the -options option. This section provides examples a few of the more common use cases. For complete information about Docker options see https://docs.docker.com/engine/reference/run/.
Restarting
By default, ICM deploys containers with the option --restart unless-stopped. This means that if the container crosses an execution boundary for any reason other than an icm stop command (container exit, Docker restart, and so on), Docker keeps attempting to run it. In certain cases however, we want the container to run once and remain terminated. In this case, we can suppress restart as follows:
# icm run -container gracie -image docker/whalesay -options "--restart no"
# icm ps
Machine            IP Address    Container   Status      Image
-------            ---------     --------    -----       ----
ISC-DM-TEST-0001   172.16.110.9  gracie      Exited (0)  docker/whalesay
Privileges
Some containers require additional privileges to run, or you may want to remove default privileges. Examples:
# icm run -container sensors -image hello-world -options "--privileged"
# icm run -container fred -image hello-world -options "--cap-add SYS_TIME"
# icm run -container fred -image hello-world -options "--cap-drop MKNOD"
Environment Variables
Environment variables can be passed to your container using the Docker option --env. These variables are be set within your container in a manner similar to the bash export command:
# icm run container fred image hello-world options "--env TERM=vt100"
Mount Volumes
If your container needs to access files on the host machine, a mount point can be created within your container using the Docker --volume option. For example:
# icm run container fred image hello-world options "--volume /dev2:/dev2"
This makes the contents of directory /dev2 on the host available at mount point /dev2 within the container:
# icm ssh -command "touch /dev2/example.txt"  // on the host
# icm exec -command "ls /dev2"                // in the container
example.txt
Ports
Ports within your container can be mapped to the host using the Docker option --publish:
# icm run -container fred -image hello-world -options "--publish 80:8080"
# icm run -container fred -image hello-world -options "--publish-all"
You must open the corresponding port on the host if you wish to access the port from outside. This can be achieved in a number of ways, including:
You also have to ensure that you are not colliding with a port mapped to another container or service on the same host. Finally, keep in mind that --publish has no effect on containers when the overlay network is of type host.
The following example modifies the Terraform template for AWS to allow incoming TCP communication over port 563 (NNTP over SSL/TLS):