Using Docker in Production
Running docker images in production requires addressing concerns around the scalability of the deployment stack and security of the sensitive information. Aurora's docker images address these concerns out of the box. Both web and judge docker images have environment variables that can be used in conjunction with docker secrets to ensure the security of sensitive information (like MySQL credentials and securely storing SSL Certs).
Although the judge can be replicated as many times as required as it works independently for each run, such is not the case for Web Interface. Each web container stores session on their respective filesystem and thus can be replicated only on the same host with volume mount to the same location on the host machine. If you replicate without volume mount or on different host machines, then the subsequent calls may go to different containers and the user will be logged out. I am currently working to solve this limitation and will fix this in a future version. You can check issue #17 for more information.
The following steps are needed to be done to deploy Aurora on production.
For this, we will be using the official docker MySQL image. First, we create folders for our initialization scripts. To do this, we run the following commands.
mkdir DB
cd DB
wget https://raw.githubusercontent.com/pushkar8723/aurora/master/DB/2015_05-04_01_aurora_main.sql
wget https://raw.githubusercontent.com/pushkar8723/aurora/master/DB/2017_04_15_01_currentContest_variable.sql
wget https://raw.githubusercontent.com/pushkar8723/aurora/master/DB/2017_04_15_02_sample_input_output_field.sql
cd ..This will create a DB folder and pull initialization SQL files from GitHub repo. If you are already running an older version and want to migrate your legacy data, then export data in problems, teams, sub_code and runs the table in SQL files and put them in this directory.
Since you wouldn't want your data to be lost each time you update MySQL container, you would also need to save data in a directory. For this, we will create a data directory inside your DB directory and mount it. Note: This will also tie your MySQL instance to a host making it hard to scale. To work around this, look for articles on setting up MySQL clusters using docker on the internet.
Finally, create a docker secret for your MySQL root password
echo 'YourRootPassword' | docker secret create mysql_password -
This part is relatively easy, all you need to do is pull a conf file. A sample file is present in GitHub repo, just changing server name and server admin should be good enough to get started. The file will look similar to
Just run the following commands to create the conf directory and pull the sample configuration.
mkdir conf
cd conf
wget https://raw.githubusercontent.com/pushkar8723/aurora/master/conf/000-default.conf
cd ..
Now, we will be mounting this file inside the docker container, which will again bring in the scalability concerns. For this, you can propagate the conf folder to each node or keep this file in docker secret and include the secret in conf file instead.
After, your DB and configuration setup is done. You can now start your docker swarm cluster. Run the following command to initialize the swarm on the master node.
docker swarm init
This will print out the command to add other nodes to the cluster. Go, to each node and run that command.
For this follow our Docker Setup guide
Now, we are ready to deploy our Aurora stack. Just pull the prod compose file and run the deploy command
wget https://github.com/pushkar8723/aurora/blob/master/docker-compose.prod.yml
docker stack deploy -c docker-compose.prod.yml --with-registry-auth aurora
This will deploy aurora and run it on port 8080. Your MySQL database will not be accessible as its port is not bound to host. To change these, update or add the relevant section in the docker-compose file.
If you also want to setup SSL Certificates then check our guide.
Even if you are deploying Aurora on just one box, it is recommended that you follow this guide. Check our security check documentation for docker secrets to understand why.