|
| 1 | +# tedge-container-plugin |
| 2 | + |
| 3 | +thin-edge.io container management plugin which enables you to install, remove and monitor containers on a device. |
| 4 | + |
| 5 | +There is a custom Cumulocity UI Plugin to display these container directly from the UI. |
| 6 | + |
| 7 | +## Plugin summary |
| 8 | + |
| 9 | +The following thin-edge.io customization is included in the plugin. |
| 10 | + |
| 11 | +The instructions assume that you are using thin-edge.io >= 1.0.0 |
| 12 | + |
| 13 | +### What will be deployed to the device? |
| 14 | + |
| 15 | +* A service called `tedge-container-plugin`. This provides the monitoring of the containers |
| 16 | +* The following software management plugins which is called when installing and removing containers/container groups via Cumulocity IoT |
| 17 | + * `container` - Deploy a single container (`docker run xxx` equivalent) |
| 18 | + * `container-group` - Deploy one or more container as defined by a `docker-compose.yaml` file (`docker compose up` equivalent), or an archive (gzip or zip) |
| 19 | + |
| 20 | + |
| 21 | +**Technical summary** |
| 22 | + |
| 23 | +The following details the technical aspects of the plugin to get an idea what systems it supports. |
| 24 | + |
| 25 | +||| |
| 26 | +|--|--| |
| 27 | +|**Languages**|`golang`| |
| 28 | +|**CPU Architectures**|`armv6 (armhf)`, `armv7 (armhf)`, `arm64 (aarch64)`, `amd64 (x86_64)`| |
| 29 | +|**Supported init systems**|`systemd` and `init.d/open-rc`| |
| 30 | +|**Required Dependencies**|-| |
| 31 | + |
| 32 | +### How to do I get it? |
| 33 | + |
| 34 | +The following linux package formats are provided on the releases page and also in the [tedge-community](https://cloudsmith.io/~thinedge/repos/community/packages/) repository: |
| 35 | + |
| 36 | +|Operating System|Repository link| |
| 37 | +|--|--| |
| 38 | +|Debian/Raspbian (deb)|[](https://cloudsmith.io/~thinedge/repos/community/packages/detail/deb/tedge-container-plugin-ng/latest/a=arm64;d=any-distro%252Fany-version;t=binary/)| |
| 39 | +|Alpine Linux (apk)|[](https://cloudsmith.io/~thinedge/repos/community/packages/detail/alpine/tedge-container-plugin-ng/latest/a=arm64;d=alpine%252Fany-version/)| |
| 40 | +|RHEL/CentOS/Fedora (rpm)|[](https://cloudsmith.io/~thinedge/repos/community/packages/detail/rpm/tedge-container-plugin-ng/latest/a=arm64;d=any-distro%252Fany-version;t=binary/)| |
| 41 | +## Features |
| 42 | + |
| 43 | +The following features are supported by the plugin: |
| 44 | + |
| 45 | +* Install/remove containers via the Cumulocity IoT software interface |
| 46 | +* Install multiple containers as one group using a `docker-compose.yaml` file or an archive container a `docker-compose.yaml` file |
| 47 | +* Monitor container states (e.g. up/down) via Cumulocity IoT Services (only supported from tedge >= 1.0.0) |
| 48 | +* Download container images via Cumulocity IoT binaries if a URL is provided |
| 49 | +* Support for multiple container engines (docker, podman) |
| 50 | + |
| 51 | + |
| 52 | +## Documentation |
| 53 | + |
| 54 | +### Install/remove single containers |
| 55 | + |
| 56 | +Containers can be installed and removed via the Cumulocity IoT Software Management interface in the Device Management Application. |
| 57 | + |
| 58 | +The software package is modeled so that each software name corresponds to one container instance. Upon installation of a software item, the container uses the `version` field as the source of the container image/tag which is used to create the container. The software package can include an optional `url` referring to an exported container image in the gzip (compressed tarball) format (e.g. the image that you get when running `docker save <my_image> --output <my_image>.tar.gz`). |
| 59 | + |
| 60 | +The software package properties are also describe below: |
| 61 | + |
| 62 | +|Property|Description| |
| 63 | +|----|-----| |
| 64 | +|`name`|Name of the container to create and start. There can only be one instance with this name, but this name can be anything you like. It is recommended to give it a functional name, and not a version. e.g. for a MQTT broker it could be called `mqtt-broker` (not `mosquitto`).| |
| 65 | +|`version`|Container image and tag to be used to create the container with the `name` value. (e.g. `eclipse-mosquitto:2.0.15`). The container images usually follow the format `<image>:<tag>`, where the tag is mostly used as a version description of the image| |
| 66 | +|`softwareType`|`container`. This indicates that the package should be managed by the `container` software management plugin| |
| 67 | +|`url`|Optional url pointing to the container image in a tarball format. The file is downloaded and loaded into the container engine, prior to starting the container. The image inside the gzip **MUST** match the one given by the `version` property!| |
| 68 | + |
| 69 | +### Install/remove a `container-group` |
| 70 | + |
| 71 | +A `container-group` is the name given to deploy a `docker-compose.yaml` file or an archive (zip or gzip file) with the `docker-compose.yaml` file at the root level of the archive. A docker compose file allows use to deploy multiple containers/networks/volumes and allows you maximum control over how the container is started. This means you can create a complex setup of persisted volumes, isolated networks, and also facilitate communication between containers. Check out the [docker compose documentation](https://docs.docker.com/compose/compose-file/) for more details on how to write your own service definition. |
| 72 | + |
| 73 | +The software package properties are also describe below: |
| 74 | + |
| 75 | +|Property|Description| |
| 76 | +|----|-----| |
| 77 | +|`name`|Name of the project (this will be the logical name that represents all of the services/networks/volumes in the docker compose file| |
| 78 | +|`version`|A custom defined version number to help track which version of the docker compose file is deployed. Technically this can be anything as it does not have an influence on the actual docker compose command, it is purely used for tracking on the cloud side| |
| 79 | +|`softwareType`|`container-group`. This indicates that the package should be managed by the `container-group` software management plugin| |
| 80 | +|`url`|The url to the uploaded `docker-compose.yaml` file. This is a MANDATORY field and cannot be left blank.| |
| 81 | + |
| 82 | + |
| 83 | +### Monitoring |
| 84 | + |
| 85 | +The plugin also includes a service which monitors the running status of the containers and includes some runtime metrics such as memory, cpu and network io. Please note that access to the container monitoring might not be supported by your container engine. When in doubt, just manually do a `docker stats` and if the data is only showing zeros, then the plugin will also see zeros. |
| 86 | + |
| 87 | +#### Telemetry |
| 88 | + |
| 89 | +Checkout the [TELEMETRY](./docs/TELEMETRY.md) docs for details on what is included in the telemetry data. |
| 90 | + |
| 91 | + |
| 92 | +#### Configuration |
| 93 | + |
| 94 | +The tedge-container-plugin can be configured with the following properties. |
| 95 | + |
| 96 | +|Property|Value|Description| |
| 97 | +|--|--|--| |
| 98 | +|`PRUNE_IMAGES`|`0` or `1`|Prune any unused images after creating/deleting the containers. This is turned off by default| |
| 99 | +|`VALIDATE_TAR_CONTENTS`|`0` or `1`|If the image is in a tarball format, then this setting controls whether the contains of the tarball should be validated against the image name and tag provided in the `version` field of the software package. This is useful to protect against accidentally uploading the wrong binary images to the wrong software packages.| |
| 100 | +|`CONTAINER_RUN_OPTIONS`|String. Example `"--cpus 1 --memory 64m"`|Additional command options to be used when creating/starting the containers. The options will be used by all containers| |
| 101 | +|`ALWAYS_PULL_IMAGE`|`0` or `1`|Always try pulling the image without checking if a local image already exists or not| |
| 102 | +|`CONTAINER_DEFAULT_NETWORK`|String. Example `tedge`|Default network to add when creating a new container| |
| 103 | +|`CONTAINER_CLI_OPTIONS`|`docker podman nerdctl`|List of container cli tools to auto detect. This has no effect if `CONTAINER_CLI` has a non-empty value. The first command which is found will be used. It assumes that the device is only running one container engine at a time.| |
| 104 | +|`CONTAINER_CLI`|`podman`|Explicitly control which container cli tool will be used. Set this if you know which cli is available on the device| |
| 105 | +|`INTERVAL`|`60`|Interval in seconds on how often the container status/telemetry should be collected. The interval will be the minimal interval as it is the time to sleep between collections| |
| 106 | +|`TELEMETRY`|`1` or `0`|Enable/disable the container telemetry metrics such as memory etc. Regardless of this value, the containers status will still be sent, but the measurements will not| |
| 107 | +|`META_INFO`|`1` or `0`|Enable/disable the container meta information collection (e.g. container id, image, ports, network etc.| |
| 108 | +|`MONITOR_COMPOSE_PROJECTS`|`1` or `0`|Enable/disable the monitoring of docker compose deployments. It is turned on by default, however it will be automatically disabled if docker compose is not available.| |
| 109 | +|`LOG_LEVEL`|`debug`, `info`, `warn`, `error`|Service log level| |
| 110 | +|`SERVICE_TYPE`|`container`|Service type to be used in the service monitoring for single container deployments| |
| 111 | +|`GROUP_SERVICE_TYPE`|`container-group`|Service type used in the service monitoring for docker compose deployments| |
| 112 | + |
| 113 | + |
| 114 | +#### Troubleshooting |
| 115 | + |
| 116 | +##### Systemd |
| 117 | + |
| 118 | +**Start** |
| 119 | + |
| 120 | +```sh |
| 121 | +sudo systemctl start tedge-container-monitor |
| 122 | +``` |
| 123 | + |
| 124 | +**Stop** |
| 125 | + |
| 126 | +```sh |
| 127 | +sudo systemctl stop tedge-container-monitor |
| 128 | +``` |
| 129 | + |
| 130 | +**Reload (configuration)** |
| 131 | + |
| 132 | +```sh |
| 133 | +sudo systemctl reload tedge-container-monitor |
| 134 | +``` |
| 135 | + |
| 136 | +**Get Logs** |
| 137 | + |
| 138 | +```sh |
| 139 | +sudo journalctl -u tedge-container-monitor -f |
| 140 | +``` |
| 141 | + |
| 142 | +##### init.d/open-rc |
| 143 | + |
| 144 | +**Start** |
| 145 | + |
| 146 | +```sh |
| 147 | +sudo service tedge-container-monitor start |
| 148 | +``` |
| 149 | + |
| 150 | +**Stop** |
| 151 | + |
| 152 | +```sh |
| 153 | +sudo service tedge-container-monitor stop |
| 154 | +``` |
| 155 | + |
| 156 | +**Reload (configuration)** |
| 157 | + |
| 158 | +```sh |
| 159 | +sudo service tedge-container-monitor reload |
| 160 | +``` |
| 161 | + |
| 162 | +**Get Logs** |
| 163 | + |
| 164 | +```sh |
| 165 | +tail -f /var/log/tedge-container-monitor.err |
| 166 | +``` |
| 167 | + |
| 168 | +### UI Plugin |
| 169 | + |
| 170 | +With the UI plugin, container monitoring can be added to the Cumulocity UI. The Ui plugin contains 3 components that add the following tabs to the UI: |
| 171 | + |
| 172 | +| Plug-In | Function | |
| 173 | +| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------- | |
| 174 | +| Container Info Tab | Adds a tab to a container service to display all relevant container information. | |
| 175 | +| Container Management Tab | Adds a tab to the device to monitor containers. The tab can include/exclude the containers hosted within container groups. | |
| 176 | +| Container Group Management Tab | Adds a tab to the device to monitor container groups (aka. docker compose). | |
| 177 | + |
| 178 | +The UI Plugin was developed for the Device Management application, but can also be added to the Cockpit if needed. |
| 179 | + |
| 180 | +To use the UI-Plugin, download the tedge-container-plugin-ui.zip version that matches your Cumulocity UI version form the releases and upload it in the Cumulocity administration. Detailed instructions on how to install UI plugins can also be found [here](https://cumulocity.com/guides/users-guide/administration/#custom-applications). |
| 181 | + |
| 182 | +#### Container Info Tab |
| 183 | + |
| 184 | +The tab will be enabled for all services of type container. Displays the container properties that are stored in the managed Object. |
| 185 | + |
| 186 | + |
| 187 | +#### Container Management Tab |
| 188 | + |
| 189 | +The tab will be enabled for all devices with a childAddition with serviceType=container. Lists all containers in a grid or list.The search can be used for the image name and the project id. The list can include/exclude the containers that are part of a container group. |
| 190 | + |
| 191 | + |
| 192 | +#### Container Group Management Tab |
| 193 | + |
| 194 | +The tab will be enabled for all devices with a childAddition with serviceType=container. Lists all containers that are part of a project. The filter/search can be used to search for project names or container images. |
| 195 | + |
| 196 | + |
| 197 | +## Developers |
| 198 | + |
| 199 | +This section details everything you need to know about building the package yourself. |
| 200 | + |
| 201 | +### Building |
| 202 | + |
| 203 | +To build the project use the following steps: |
| 204 | + |
| 205 | +1. Checkout the project |
| 206 | + |
| 207 | +2. Install [goreleaser]https://goreleaser.com/install/) |
| 208 | + |
| 209 | + **Note** |
| 210 | + |
| 211 | + Make sure you install it somewhere that is included in your `PATH` environment variable. Use `which goreleaser` to check if your shell can find it after installation. |
| 212 | + |
| 213 | +3. Build the packages |
| 214 | + |
| 215 | + ```sh |
| 216 | + just release-local |
| 217 | + ``` |
| 218 | + |
| 219 | + The built packages are created under the `./dist` folder. |
| 220 | + |
| 221 | +### Running system tests |
| 222 | + |
| 223 | +You can run the system tests can be run locally, however if you're having problem, look at the [test.yaml](.github/workflows/test.yaml) workflow for the tests as this is known to work. |
| 224 | +
|
| 225 | +If you're using VS Code, then you can also install the following extensions to enable running tests via the `tests/*robot` files: |
| 226 | + |
| 227 | +* robocorp.robocorp-code |
| 228 | +* robocorp.robotframework-lsp |
| 229 | + |
| 230 | +To run the tests you will need to have python3 >> 3.9 installed on your system, then run the following |
| 231 | + |
| 232 | +1. Create a `.env` file, and set you Cumulocity IoT credentials |
| 233 | + |
| 234 | + ```sh |
| 235 | + DEVICE_ID=ci_mydevice |
| 236 | + C8Y_BASEURL=mytenant.eu-latest.cumulocity.com |
| 237 | + C8Y_USER=admin |
| 238 | + C8Y_PASSWORD="mypassword" |
| 239 | + ``` |
| 240 | + |
| 241 | +2. Build the software management plugin |
| 242 | + |
| 243 | + ```sh |
| 244 | + just release-local |
| 245 | + ``` |
| 246 | + |
| 247 | +3. Build the test images |
| 248 | + |
| 249 | + ```sh |
| 250 | + just build-test |
| 251 | + ``` |
| 252 | + |
| 253 | +4. Setup the python3 virtual environment and install the test dependencies |
| 254 | + |
| 255 | + ```sh |
| 256 | + just venv |
| 257 | + ``` |
| 258 | + |
| 259 | +5. Run the RobotFramework tests |
| 260 | + |
| 261 | + ```sh |
| 262 | + just test |
| 263 | + ``` |
| 264 | + |
| 265 | +### Building UI |
| 266 | + |
| 267 | +To build the ui use the following steps: |
| 268 | + |
| 269 | +1. Checkout the project |
| 270 | + |
| 271 | +2. Install dependencies: |
| 272 | + |
| 273 | + ```sh |
| 274 | + npm install |
| 275 | + ``` |
| 276 | + |
| 277 | +3. (Optional) Run the UI locally. |
| 278 | + |
| 279 | + Add your tenant in the package.json file: |
| 280 | + |
| 281 | + ```json |
| 282 | + "scripts": { |
| 283 | + "start": "c8ycli server -u https://{{add the url of your tenant here}} --shell devicemanagement", |
| 284 | + ... |
| 285 | + } |
| 286 | + ``` |
| 287 | + |
| 288 | + Start the UI locally via: |
| 289 | + |
| 290 | + ```sh |
| 291 | + npm start |
| 292 | + ``` |
| 293 | + |
| 294 | +4. Build the Plugin |
| 295 | + |
| 296 | + ```sh |
| 297 | + npm run build |
| 298 | + ``` |
| 299 | + |
| 300 | +5. Deploy the Plugin |
| 301 | + |
| 302 | + ```sh |
| 303 | + npm run deploy |
| 304 | + ``` |
0 commit comments