Running in containers

The official images

The official EVA ICS v4 Docker images can be found at https://hub.docker.com/r/altertech/eva-ics4. These images can be used with Docker, as well as with Kubernetes.

What is included

  • the container images are based on Ubuntu 20.04 LTS

  • the images do not contain any services pre-deployed

  • the images contain Python and eva-shell installed

  • file and syslog logging is disabled by default

  • internal watchdog is disabled

  • the container time zone is set to UTC

  • the container bus has got an open TCP port 7778 for external connections

Warning

If using containers in untrusted networks, it is highly recommended to remove the open bus TCP port.

Volumes

The following volumes are automatically used as persistent if found, replacing the default EVA ICS directories:

Volume path

Used as

Notes

/mnt/etc

/opt/eva4/etc

Can contain a custom eva_config

/mnt/init

Can contain files for custom node initialization

/mnt/runtime

/opt/eva4/runtime

If the volume is empty, the default runtime is copied

/mnt/log

/opt/eva4/log

Can be used for logging (must be enabled in eva/config/logs)

/mnt/pvt

/opt/eva4/pvt

Used for HMI web applications private files

/mnt/ui

/opt/eva4/ui

Used for HMI web applications

  • It is highly recommended to keep the node item inventory either in an external inventory database or mount runtime volume as a persistent one.

  • A container can be used as a secondary point, which runs a single or multiple services but is connected to an external EVA ICS core. To connect the container to the one which runs the node core, use the corresponding parameters in eva_config.

Preparation

First start

At the first start, before the node process is started, the container executes a script (if exists):

/mnt/init/prepare.sh

The script may contain custom preparation commands as well as apply a custom registry setup.

If the script has no execution permissions, it is started with bash.

Every start

At every start, before the node process is started, the container executes a script (if exists):

/mnt/init/rc.local

If the script has no execution permissions, it is started with bash.

Configuring the node core

The core process can not be restarted. When the core receives restart/shutdown request, the container is terminated.

To pre-configure node settings, the following YAML files can be used to be imported into EVA ICS registry before the node is started:

File path

Imported as the registry key

/mnt/init/config/bus.yml

eva/config/bus

/mnt/init/config/cloud-manager.yml

eva/config/cloud-manager

/mnt/init/config/core.yml

eva/config/core

/mnt/init/config/logs.yml

eva/config/logs

/mnt/init/config/registry.yml

eva/config/registry

See more at Configuration registry keys.

Initialization

At the first start, after the node process is successfully started, the container executes a script (if exists):

/mnt/init/init.sh

The script may contain custom initialization commands as well as custom deployment commands.

If the script has no execution permissions, it is started with bash.

Deployment

At the first start, if the container locates files named /mnt/init/init*.yml (e.g. /mnt/init/init0.yml), they are automatically used for the node deployment.

  • The files are executed one-by-one in alphabetical order

  • As the node comes with no services deployed, for deploying user accounts, keys or ACLs, it is required to split deployment into several files, where first one deploys the required services and the next one deploys the authorization objects. An example can be found at: https://github.com/eva-ics/eva4/tree/main/docker/test/data/init

  • The deployment files may contain external variables. To set the variables, use variable configuration files, which must be named as /mnt/init/vars*.yml where the file name suffix corresponds the deployment file suffix. E.g. if the deployment file is named as init01.yml, the variable file must be named as vars01.yml.

Warning

The deployment/variable files must not contain spaces in their names.

Updating

The containers must be updated only from the image repository. The containers CAN NOT be updated with eva-shell, EVA Cloud Manager CLI or remotely using the native EVA ICS cloud update feature.

After updating, no special actions are required. If persistent volumes are used, the container automatically updates the registry keys and other files if necessary.

Features of using with Kubernetes

See Using with Kubernetes.