Pivotal tc Server with Docker

Important Disclaimer: Pivotal is currently developing an overall plan for distributing Docker images and Dockerfiles. This is a generic guide to getting started with using tc Server with Docker. At this time official support for tc Server with Docker isn’t available. This document is intended to provide guidance in the short term until official tc Server Docker images are available.

Security Considerations

When creating a docker image please consider the following:

  • The base image will be periodically updated with security updates. You will need to update your docker image with these updates. A CI/CD system is recommended for this.
  • tc Server releases updates periodically. You will need to develop a plan for keeping your images updated.

Base images

We recommend starting with the official Ubuntu Bionic (18.04) docker image and adding an official OpenJDK 8 or 11 binary on top of this image. An example is provided below.

Persisting Data

We recommend using volumes to persist data. The docker container itself should be treated as ephemeral.

By default tc Server uses a separated layout for the tc Runtime this makes it easy to mount a volume containing only the instance data.

Please see the documentation on Docker Volumes

Example Dockerfiles

The following is an example of a Dockerfile which is based on Ubuntu Bionic (18.04) and uses the distribution’s OpenJDK 8 package.

This Docker file uses an environment variable of INSTANCE_NAME to define the instance name. By default a generic instance is used as the name.

In order to use this example Dockerfile to build an image, the Pivotal tc Server Standard 4.0.7.RELEASE package needs to be downloaded from Pivotal Network and extracted. Once extracted, copy the Dockerfile into the newly extracted pivotal-tc-server directory or adjust the paths in the example appropriately.

In this example a tcserver user is created and used to run the tc Runtime. The default instances, runtimes, and template directories are set to the recommended locations.

FROM 'ubuntu:18.04'

COPY standard-4.0.7.RELEASE/ /opt/pivotal/tcserver/standard/
COPY runtimes/ /opt/pivotal/tcserver/runtimes/

RUN useradd --system -U tcserver
RUN mkdir -p /var/opt/pivotal/tcserver/instances && mkdir -p /var/opt/pivotal/tcserver/templates && chown -R tcserver /var/opt/pivotal/tcserver/ /opt/pivotal/tcserver/
RUN apt-get update && apt-get --no-install-recommends -y install openjdk-8-jdk-headless && rm -rf /var/lib/apt/lists/*
RUN sed -i 's/^#instances.directory=.*/instances.directory=\/var\/opt\/pivotal\/tcserver\/instances/g;s/^#runtimes.directory=.*/runtimes.directory=\/opt\/pivotal\/tcserver\/runtimes/g;s/^#templates.directory=.*/templates.directory=\/var\/opt\/pivotal\/tcserver\/templates/g' /opt/pivotal/tcserver/standard/conf/tcserver.properties

ENV TCSERVER_HOME=/opt/pivotal/tcserver/standard
ENV JAVA8_HOME=/usr/lib/jvm/java-8-openjdk-amd64/
ENV JAVA_HOME=$JAVA8_HOME
ENV PATH=$TCSERVER_HOME:$JAVA_HOME/bin:$PATH
ENV INSTANCE_NAME=instance

EXPOSE 8080

USER tcserver
CMD $TCSERVER_HOME/tcserver run $INSTANCE_NAME

To build the image run the usual docker build command. In the following example “mycompany” is prefixed to the image name. This is recommended to avoid a clash with an official Pivotal tc Server image.

docker build . -t "mycompany-pivotal-tc-server-standard:4.0.7.RELEASE"

If successful you should know have a docker images. The first step is to create your instance. The following example will create an instance named instance in the docker volume “myinstances” and then remove the container. This example will map the container’s port 8080 to the host port 8080. 

docker run --rm --name myinstance -p 8080:8080 -v myinstances:/var/opt/pivotal/tcserver/instances mycompany-pivotal-tc-server-standard:4.0.7.RELEASE tcserver create instance

Now that we have an instance in a volume. We can create a container to run the instance.

docker run -d --name myinstance  -p 8080:8080 -v myinstances:/var/opt/pivotal/tcserver/instances mycompany-pivotal-tc-server-standard:4.0.7.RELEASE

Now check logs to make sure everything is as expected

> docker logs myinstance
Instance Name:                     instance
CATALINA_BASE:                     /var/opt/pivotal/tcserver/instances/instance
CATALINA_HOME:                     /opt/pivotal/tcserver/runtimes/tomcat-9.0.20.B.RELEASE
JAVA_HOME:                         /usr/lib/jvm/java-8-openjdk-amd64
tc Runtime Version:                9.0.20.B.RELEASE
tc Server Version:                 4.0.7.RELEASE
tc Server Installation Directory:  /opt/pivotal/tcserver/standard
Apr 19, 2019 11:51:56 AM org.apache.catalina.startup.Catalina load
INFO: Server initialization in [1,175] milliseconds
Apr 19, 2019 11:51:57 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in [720] milliseconds

At this point you should have a working tc Server instance located in the myinstances volume. You can run tcserver commands against the instance by specifying them with the tcserver command on the docker run command. For example, this will apply the template jmx-ssl to the instance:

docker run -d --name myinstance -v myinstances:/var/opt/pivotal/tcserver/instances mycompany-pivotal-tc-server-standard:4.0.7.RELEASE tcserver apply-template instance -t jmx-ssl

You can use docker stop and docker start to control the container.