CentOS 6.6 based Customizable OTRS Container - 668 MB - Updated 6/1/2015
Appcontainers OTRS Container Build
This container is built from appcontainers/centos66, a slightly modified bare bones CentOS 6.6 Minimal Installation. Modifications to the minimal installation of CentOS 6.6 that were configured in the centos66 image can be found by looking at the appcontainers/centos66 repository located below:
[appcontainers/centos66 on the Docker Hub] (https://registry.hub.docker.com/u/appcontainers/centos66/) \
[appcontainers/centos66 on the Quay Registry] (https://quay.io/repository/appcontainers/centos66)
To see a full video demo of this container and all of its options in action visit:
Its purpose is to get a customizable otrs instance up and running with a single or multiple docker run statements, depending on how resilient you want the environment. The container is built with environment variables that allow the user to plug in custom values which will allow the container to configure itself on first run. This will give you a fully customized experience just as if you set up otrs on your own from scratch.
This container is built to allow several configurable variables to be passed in at runtime. The values are as follows:
- APP_NAME - This is the fully qualified domain name such as example.com. This should be passed without any prefix such as www.
- APACHE_SVRALIAS - This is exactly what it sounds like, the apache file ServerAlias Directive data.
- MYSQL_SERVER - This is the Host server that runs the MySQL instance where the Application DB will be stored.
- MYSQL_CLIENT - This is the hostname or the IP address of the computer making the connection to the database.
- MYSQL_USER - This is the mysql user that will be used to connect to the mysql instance, and create the database. User must have grant option.
- MYSQL_PASS - This will set the MySQL Root Password on standalone mode, or be used to connect to the database server in remote mode.
- MYSQL_DB - The name of the MySQL DB that the Application will use.
- APP_USER - The username that the Application will use in order to connect to the MySQL DB.
- APP_PASS - The password of the user that the Application uses to connect to the MySQL DB.
- MODE - A toggle to tell the container to install mysql locally, connect to an external server and install a new DB on the remote server, connect to an existing database on an existing remote server, or just run as a persistent data volume with no services.
- ENV - Variable to hold the environment, currently it serves no other purpose but is there in case its needed
- TERMTAG - Environment variable to hold the highlighted bash shell tag. Currently set to the repo name, but can be change from within the container via TERMTAG="Whatever You Want"
NOTE: If you have connected the server to a data volume that already contains a otrs instance, and a pre-generated certificate, then when a new otrs container is fired off using those volumes, it detects those existing files, and will NOT perform any reconfiguration on either the existing otrs instance, nor create a new SSL cert. It will use the existing ones in place. This is assuming that the certificates are named the same as the APP_NAME variable passed.
- Standalone - Start a local mysql instance, and install a new database on the localhost mysql instance.
- Remote - Connect to an existing remote database server and install a new database on the remote mysql instance. MySQL-Server package is removed in this mode. User with grant-option must be pre-configured on the existing database server and supplied at runtime.
- Existing - Connect to an existing remote database on an existing remote mysql instance. MySQL-Server package is removed in this mode.
- DataVol - This mode will uninstall the mysql, mysql-server, mod_rewrite, mod_ssl, mod_env, php php-common, php-cli, php-mysql and httpd packages. This mode is intended to be used solely as a data volume, allowing another instance to connect to the installed directory structure of the application for persistent storage.
Note: If "Remote" or "Existing" is selected, then before running the container the user must know a mysql superuser username/password, or connect to the database and ensure that the APP_USER and APP_PASS that will be used in the run statement, already have permission to either create a new database and publish a new grant (remote), or read the MYSQL_DB (existing).
Note: Keeping the default mode of "standalone" will start the local MySQL instance, and set it to run on start, setting the mode to either "remote" or "existing" remove the mysql-server packages at runtime and will not run mysql at all, but it will leave the mysql package installed for library support.
Running the Container:
###Running the container with default values (standalone)###
docker run -d -it --name otrs -h otrs -p 80:80 -p 443:443 appcontainers/otrs
This will assume the following
- ENV = dev
- TERMTAG = OTRS
- MODE = standalone
- APP_NAME = otrs.local
- APACHE_SVRALIAS = www.otrs.local localhost
- MYSQL_SERVER = localhost
- MYSQL_CLIENT = localhost
- MYSQL_USER = root
- MYSQL_PASS = PAssw0rd
- MYSQL_DB = otrs
- APP_USER = admin
- APP_PASS = PAssw0rd
Setting any of the above values will tell the container to replace the default values already set within the container with the values that are supplied at runtime. For example, if you pass in -e APP_NAME=mysite.com then otrs will be reconfigured for mysite.com. Apache will also be set to listen to requests to mysite.com etc. Additionally SSL Self Signed certs were generated, and the site is configured to listen for both HTTP/HTTPS requests.
###Running the container substituting the $variables with your own custom values###
docker run -d -it \ --name otrs \ -h otrs \ -p 80:80 \ -p 443:443 \ -e APP_NAME='testapp.com' \ -e APACHE_SVRALIAS='www.testapp.com localhost' \ -e MYSQL_SERVER='localhost' \ -e MYSQL_PASS='PAssw0rd' \ -e MYSQL_DB='testapp' \ -e APP_USER='admin' \ -e APP_PASS='PAssw0rd' \ -e ENV=production \ -e TERMTAG=prod \ appcontainers/otrs
This example will start a new container named otrs, It will set otrs and apache to testapp.com, It will leave the default database instance on the localhost and configure mysql to have a root password of "PAssw0rd". Additionally a Self Signed SSL cert will be generated, and the site will be configured to be accessible via HTTP/HTTPS. At this point your app is fully configured and you just need to go the default URL of http://OTRSHOST.TLD/otrs/installer.pl on either HTTP/HTTPS to start the web installer. The web installer will guide you through the process of setting up the database, email, and other configuration options required for OTRS to run.
##MODE "Remote" or "remote" :##
In this example lets assume the following scenario:
The database will live on "mydbserver.mydomain.mytld".
The database will be named "otrs".
A connection to the existing database server will be made using the existing mysql user "superuser".
The "superuser" user also has an existing password set to "superpassword".
The otrs user that will be used to connect to the new database will be named "appadmin".
The otrs user "appadmin", password will be set to "flappyjacks".
Connections to the otrsapp database will be allowed from any host (%).
The superuser/superuserpassword users must already exist on the mysql server, and will be used to allow the container, to create a connection, and create the database for otrs. This means that the superuser, user must have the appropriate permissions with the grant option in order to effectively make the connection, create the database, the application user, the application password and he necessary grants to allow the application to interact accordingly with the database.
The above scenario correlates to the following configuration given at container runtime.
Note: The following assumes that on the mysql server, a user named superuser has been created with the grant option, and has permissions on all databases, or you are firing this connection off as the mysql root user, which has been configured already to allow connections from %.
If you are using a user other than root, ensure that the MySQL connecting user (MYSQL_USER) has all privileges including grant, so that the mysql script can create the application user and publish the grant to the newly created database for the application. An appropriate grant statement is as follows
GRANT ALL PRIVILEGES ON *.* TO 'superuser'@'%' IDENTIFIED BY 'superpassword' WITH GRANT OPTION;
###Running the container in "Remote" Mode :###
docker run -d -it \ --name mysql \ -h mysql \ -p 3306:3306 \ -e CREATEDB=false \ -e MYSQL_USER='admin' \ -e MYSQL_PASS='adminpassword123' \ -e MYSQL_CLIENT='172.17.0.%' \ -e TERMTAG=mysql \ appcontainers/mysql docker run -it \ --name otrs \ -h otrs \ -p 80:80 \ -p 443:443 \ --link mysql:mysql \ -e APP_NAME='testapp.com' \ -e APACHE_SVRALIAS='www.testapp.com localhost' \ -e MYSQL_SERVER='mysql' \ -e MYSQL_PASS='adminpassword123' \ -e ENV=production \ -e TERMTAG=prod \ appcontainers/otrs
As stated above, In this scenario, the container will connect to the MYSQL_SERVER (mysql), as superuser (MYSQL_USER)suppling the MYSQL_PASS of adminpassword123, which will grant access to the mysql server instance. A query will be made against the database instance to check to see if the database already exists.. If it exits then it will do nothing further. It will then flush mysql privileges, and finally remove the "test" database if it exits. Finally the local mysql-server package will be removed from the otrs instance. The database is fully configured upon the first run of the http://OTRSSERVER/otrs/installer.pl web installer, via http/https.
MODE "Existing" or "existing":
In the following example, the assumption is made that there is a remote database server, that already contains a pre-existing otrs database, and there is already a grant statement allowing the APP_USER/APP_PASS all privileges on the existing otrs database.
Note: If you are unsure if the APP_USER/APP_PASS credentials have the appropriate permissions on the existing otrs database, then you can connect to the existing database server and issue the following grant substituting the variables with actual values that will be used in the run statement.
GRANT ALL PRIVILEGES ON $MYSQL_DB.* TO '$APP_USER'@'%' IDENTIFIED BY '$APP_PASS';
Running the container in "Existing" Mode :
docker run -d -it \ --name otrs \ -h otrs \ -p 80:80 \ -p 443:443 \ -e MODE='existing' \ -e APP_NAME='testapp.com' \ -e APACHE_SVRALIAS='www.testapp.com localhost' \ -e MYSQL_SERVER='mydbserver.mydomain.mytld' \ -e MYSQL_DB='otrs' \ -e APP_USER='appadmin' \ -e APP_PASS='flappyjacks' \ -e ENV=production \ -e TERMTAG=prod \ appcontainers/otrs
Note: Using the existing mode also tells the otrs instance to remove the local mysql-server package from the otrs instance.
MODE "Datavol" or "datavol":
As stated above the intention of the datavol mode is to set up a shell of the otrs directory structure that will be set as persistent storage. The idea is that the /opt/otrs, and /etc/pki/tls directories will be flagged as persistent. A second actual instance container will then run connected to the persistent volume and will perform the configuration of the otrs application. This configuration will allow you to remove the otrs container to upgrade to a new one or reset it, without loosing any of your otrs data.
Note: When the otrs container initially runs, it checks for the existence of both the otrs directory and an existing certificate, and if detected, it skips both the otrs configuration steps, or certificate creation steps respectively. Each of these checks are independent of each other, meaning that if a otrs directory is detected, but no certificate is detected, then it will skip only the otrs configuration pieces, but will generate a new certificate. These checks are dependent upon the otrs folder, and certificate being named the same as APP_NAME. Example, if APP_NAME=example.com, then the check will search for /opt/otrs/example.com for otrs, and then will check for /etc/pki/tls/certs/example.com.crt for the certificate. The checks are based on the initial configuration of the application via the very first original container run, which does perform both of those configurations.
Running the container in "Datavol" Mode :
docker run -d -it \ --name mysql \ -h mysql \ -p 3306:3306 \ -e CREATEDB=false \ -e MYSQL_USER='admin' \ -e MYSQL_PASS='adminpassword123' \ -e MYSQL_CLIENT='172.17.0.%' \ -e TERMTAG=mysql \ appcontainers/mysql docker run -d -it \ --name otrs_data \ -h otrs_data \ -v /opt/otrs \ -v /etc/pki/tls \ -e MODE="datavol" \ -e ENV=production \ -e TERMTAG=wp_data \ appcontainers/otrs docker run -it \ --name otrs \ -h otrs \ -p 80:80 \ -p 443:443 \ --link mysql:mysql \ --volumes-from otrs_data \ -e MODE=remote \ -e APP_NAME='testapp.com' \ -e APACHE_SVRALIAS='www.testapp.com localhost' \ -e MYSQL_SERVER='mysql' \ -e MYSQL_USER='admin' \ -e MYSQL_PASS='adminpassword123' \ -e ENV=production \ -e TERMTAG=prod \ appcontainers/otrs
Note: This mode removes all httpd/php/mysql packages from the datavol container. It is intended to be used a persistent storage only, and not actually run any application services.
Access the new Install :
###Navigate to the IP address or FQDN of the server on the port specified (80/443 default) to run through the otrs installation wizard GUI I.E. http://OTRSSERVER/otrs/installer.pl###
Docker Compose YML
Copy the text below and paste it into a file named docker-compose.yml. Then you can navigate to the directory and if you have docker-compose installed, just issue the following command:
docker-compose up -d
dbdata: image: appcontainers/centos66 hostname: dbdata stdin_open: true tty: true volumes: - /var/lib environment: - TERMTAG=DBDATA command: /bin/bash db: image: appcontainers/mysql hostname: db stdin_open: true tty: true restart: always volumes_from: - dbdata environment: - MYSQL_USER=appadmin - MYSQL_PASS=adminpassword123 - TERMTAG=DATABASE command: /bin/bash webdata: image: appcontainers/otrs hostname: otrs-data stdin_open: true tty: true volumes: - /opt/otrs - /etc/pki/tls environment: - MODE=datavol - ENV=production - TERMTAG=WEBDATA command: /bin/bash web: image: appcontainers/otrs hostname: otrs stdin_open: true tty: true restart: always ports: - "80:80" - "443:443" links: - db volumes_from: - webdata environment: - MODE=remote - APP_NAME=testotrs.com - APACHE_SVRALIAS=www.testotrs.com localhost - MYSQL_SERVER=db - MYSQL_USER=appadmin - MYSQL_PASS=adminpassword123 - ENV=production - TERMTAG=wordpress command: /bin/bash
NOTE: This image is now set to generate a SSL key/cert Pair on first run. This cert is not shared with anyone else, and is also only self signed, which will allow for HTTPS connections, but will not be a valid cert. If you wish to use a valid cert, then place your own key/cert in /etc/pki/tls/private, /etc/pki/tls/certs respectively, and change the apache configuration accordingly if the certificate name is changed from its default value.
06/01/2015 - OTRS Initial Container build.
Any possibility of OTRS v5 anytime soon?