SYS.Container API
SYS.Container API
In building its InterSystems IRIS images, InterSystems uses the SYS.Container API to bring the installed InterSystems IRIS instance into a state in which it can safely be serialized into a container image. The class contains several methods that can be used individually, but one of these, SYS.Container.QuiesceForBundling()Opens in a new tab, calls all of the needed methods in a single operation, and is used by InterSystems in creating its images. Using this approach is the recommended best practice, because error-checking across the Linux shell/ObjectScript boundary is difficult and involves the risk of silent errors from InterSystems IRIS; the fewer calls you make, the lower this risk is.
The SYS.Container code is included and fully visible in any InterSystems IRIS instance installed on Linux platforms; see the class reference for documentation. The methods include the following:
-
SYS.Container.QuiesceForBundling()Opens in a new tab
Calls all of the ObjectScript code necessary to get InterSystems IRIS into a state in which it can safely be serialized into a container image.
-
SYS.Container.ChangePassword()Opens in a new tab
Changes the password of all enabled user accounts with at least one role; called by the iris-main --password-file option and the password change script, as described in Authentication and Passwords.
-
SYS.Container.ChangeGatewayMgrPassword()Opens in a new tab
Changes the Web Gateway management password (see Overview of the Web Gateway Management Pages); called by the iris-main --password-file option and the password change script, as described in Authentication and Passwords.
-
SYS.Container.ForcePasswordChange()Opens in a new tab
Sets Change password on next login on user enabled accounts with at least one role (see User Account Properties).
-
SYS.Container.KillPassword()Opens in a new tab
Disables password-based login for a specified user; other forms of authentication (see Authentication: Establishing Identity) remain enabled.
-
SYS.Container.EnableOSAuthentication()Opens in a new tab
Enables OS-based authentication for the instance (see About Operating-System–Based Authentication).
-
SYS.Container.SetNeverExpires()Opens in a new tab
Sets Account Never Expires for the specified user account; without this, user accounts will expire in images that are more than 90 days old (see Properties of Users).
-
SYS.Container.PreventFailoverMessage()Opens in a new tab
Prevents journal rollover messages from the instance in a newly started container.
-
SYS.Container.PreventJournalRolloverMessage()Opens in a new tab
Prevents the instance from posting a warning because the name of the host it is running on is not the same as the hostname stored from the last time it was running.
-
SYS.Container.SetMonitorStateOK()Opens in a new tab
Clears level 1 and level 2 alerts from the System Monitor, generating an error if a level 3 is present (see Using System Monitor.
The methods listed here can be used to specify the configuration details described in Authentication and Passwords.
A common approach is to include these methods in a Dockerfile based on an InterSystems IRIS image from InterSystems (as described in Creating InterSystems IRIS Images) by calling them through the iris terminal command at instance startup, for example:
RUN iris start $ISC_PACKAGE_INSTANCENAME \
&& iris terminal $ISC_PACKAGE_INSTANCENAME -U %SYS "##class(SYS.Container).PreventJournalRolloverMessage()"
&& iris terminal $ISC_PACKAGE_INSTANCENAME -U %SYS "##class(SYS.Container).SetMonitorStateOK()"
&& iris terminal $ISC_PACKAGE_INSTANCENAME -U %SYS "##class(SYS.Container).QuiesceForBundling()"
&& iris stop $ISC_PACKAGE_INSTANCENAME quietly