InterSystems IRIS Containerization Tools
InterSystems IRIS Containerization Tools
InterSystems provides several containerization tools to aid you in creating your own InterSystems IRIS-based container images. This sections discusses the following topics:
Required Environment Variables
There are a number of installation parameters available for use in configuring unattended installation of InterSystems IRIS instances on UNIX and Linux; their use is described and they are listed in Unattended InterSystems IRIS Installation. If you install InterSystems IRIS instance from a kit in your Dockerfile, rather than using an InterSystems image as a base as described in Creating InterSystems IRIS Images, the installation parameters that are required as environment variables in the container runtime environment must also be built into the image; without them, container creation from the image will fail. These variables are included in all images from InterSystems and are shown, with the values set by InterSystems, in the following table:
| Parameter/Variable | Description | InterSystems Value |
|---|---|---|
|
ISC_PACKAGE_INSTANCENAME |
Name of the instance to be installed. |
IRIS |
|
ISC_PACKAGE_INSTALLDIR |
Directory in which the instance will be installed. |
/usr/irissys |
|
ISC_PACKAGE_IRISUSER |
Effective user for the InterSystems IRIS superserver. |
irisowner |
|
ISC_PACKAGE_IRISGROUP |
Effective user for InterSystems IRIS processes. |
irisowner |
|
ISC_PACKAGE_MGRUSER |
Username of the installation owner. |
irisowner |
|
ISC_PACKAGE_MGRGROUP |
Group that has permission to start and stop the instance. |
irisowner |
If you are building your own InterSystems IRIS image, you can optionally set the IRISSYS variable to specify the registry directory. InterSystems sets it to /home/irisowner/irissys in all images. If you do not include this environment variable, the registry directory is /usr/local/etc/irissys.
The environment variables discussed here are used to specify the configuration details described in Ownership and Directories.
SYS.Container API
In building its InterSystems IRIS images, InterSystems uses the SYS.Container API to bring the installed InterSystems IRIS instance into a state in which it can safely be serialized into a container image. The class contains several methods that can be used individually, but one of these, SYS.Container.QuiesceForBundling()Opens in a new tab, calls all of the needed methods in a single operation, and is used by InterSystems in creating its images. Using this approach is the recommended best practice, because error-checking across the Linux shell/ObjectScript boundary is difficult and involves the risk of silent errors from InterSystems IRIS; the fewer calls you make, the lower this risk is.
The SYS.Container code is included and fully visible in any InterSystems IRIS instance installed on Linux platforms; see the class reference for documentation. The methods include the following:
-
SYS.Container.QuiesceForBundling()Opens in a new tab
Calls all of the ObjectScript code necessary to get InterSystems IRIS into a state in which it can safely be serialized into a container image.
-
SYS.Container.ChangePassword()Opens in a new tab
Changes the password of all enabled user accounts with at least one role; called by the iris-main --password-file option and the password change script, as described in Authentication and Passwords.
-
SYS.Container.ChangeGatewayMgrPassword()Opens in a new tab
Changes the Web Gateway management password (see Overview of the Web Gateway Management Pages); called by the iris-main --password-file option and the password change script, as described in Authentication and Passwords.
-
SYS.Container.ForcePasswordChange()Opens in a new tab
Sets Change password on next login on user enabled accounts with at least one role (see User Account Properties).
-
SYS.Container.KillPassword()Opens in a new tab
Disables password-based login for a specified user; other forms of authentication (see Authentication: Establishing Identity) remain enabled.
-
SYS.Container.EnableOSAuthentication()Opens in a new tab
Enables OS-based authentication for the instance (see About Operating-System–Based Authentication).
-
SYS.Container.SetNeverExpires()Opens in a new tab
Sets Account Never Expires for the specified user account; without this, user accounts will expire in images that are more than 90 days old (see Properties of Users).
-
SYS.Container.PreventFailoverMessage()Opens in a new tab
Prevents journal rollover messages from the instance in a newly started container.
-
SYS.Container.PreventJournalRolloverMessage()Opens in a new tab
Prevents the instance from posting a warning because the name of the host it is running on is not the same as the hostname stored from the last time it was running.
-
SYS.Container.SetMonitorStateOK()Opens in a new tab
Clears level 1 and level 2 alerts from the System Monitor, generating an error if a level 3 is present (see Using System Monitor.
The methods listed here can be used to specify the configuration details described in Authentication and Passwords.
A common approach is to include these methods in a Dockerfile based on an InterSystems IRIS image from InterSystems (as described in Creating InterSystems IRIS Images) by calling them through the iris terminal command at instance startup, for example:
RUN iris start $ISC_PACKAGE_INSTANCENAME \
&& iris terminal $ISC_PACKAGE_INSTANCENAME -U %SYS "##class(SYS.Container).PreventJournalRolloverMessage()"
&& iris terminal $ISC_PACKAGE_INSTANCENAME -U %SYS "##class(SYS.Container).SetMonitorStateOK()"
&& iris terminal $ISC_PACKAGE_INSTANCENAME -U %SYS "##class(SYS.Container).QuiesceForBundling()"
&& iris stop $ISC_PACKAGE_INSTANCENAME quietly