Setting up to utilize the container images for sub-prod development and testing and have not been able to get the gateway to do a restore from back up without creating a temp user/role.
I have tried a combination of several combinations of differing environment parameters, but nothing seems to work.
apiVersion: v1
kind: Pod
metadata:
name: setup-mes
spec:
restartPolicy: Always
containers:
- name: setup-frontend
image: inductiveautomation/ignition:8.1.42
resources:
requests:
memory: "1024Mi"
cpu: "500m"
limits:
memory: "4096Mi"
cpu: "2000m"
args:
- -r
- "/restore.gwbk"
env:
# - name: GATEWAY_SYSTEM_NAME
# value: Ignition-setup
# - name: GATEWAY_ADMIN_USERNAME
# value: <admin>
# - name: GATEWAY_ADMIN_PASSWORD
# value: <password>
# - name: IGNITION_EDITION
# value: standard
# - name: ACCEPT_IGNITION_EULA
# value: Y
- name: GATEWAY_MODULES_ENABLED
value: opc-ua,perspective,reporting,tag-historian,web-developer
ports:
- containerPort: 8088
protocol: TCP
hostPort: 8088
- containerPort: 8043
protocol: TCP
hostPort: 8043
- containerPort: 8060
protocol: TCP
hostPort: 8060
volumeMounts:
- mountPath: /usr/local/bin/ignition/data
name: setup-frontend-data
- mountPath: /modules
name: setup-frontend-modules
- mountPath: /restore.gwbk
name: setup-frontend-gwbk
volumes:
- name: setup-frontend-data
persistentVolumeClaim:
claimName: setup-frontend-gw
# hostPath:
# path: ./services/setup-frontend/ignition-data
# type: DirectoryOrCreate
- name: setup-frontend-modules
hostPath:
path: ./modules
type: DirectoryOrCreate
- name: setup-frontend-gwbk
hostPath:
path: ./backups/gateway/setup-frontend.gwbk
type: File
Our company uses RHEL and an architecture that doesn't support docker so have been utilizing podman and the play kube functionality based on kubernetes to do the "compose" files. I've been able to make this work to a point but when trying to restore from backup I continually get the temp profile created. The AD user/role is what I'd like to be able to enable from startup and be good to go so that user/customer testing is immediately available.
@kcollins1, Hoping you have some input as to what triggers that temp user/role to be created by the container image after restoring from backup. Hoping it's just a silly miss.
Main issue looks to be the below. No matter how I update the parameters this seems to happen each time. I found a relevant link below but have not found a relevant way to implement the restore and skip the commissioning.
Gateway Restore command (gwcmd) showing warning and needs manual startup - #4 by kcollins1
init | 2024/08/15 00:13:40 | Attempting to stage gateway restore file: Gateway backup restored, manual startup required
One key aspect is to ensure that you're NOT specifying GATEWAY_ADMIN_PASSWORD
as an env var if you're restoring from GWBK and wanting to keep the built-in auth as-is.
Hmm, I've tried both specifying and not specifying the GATEWAY_ADMIN_PASSWORD env var and see the same results of the temp profile being created. I've restored the same gwbk after the container is up and see it shows as expected. Below is the args I'm using.
A caveat is I am trying to use the bwdesigngroup docker image but have seen the same results on the IA image as well.
args:
- -r
- "/restore.gwbk"
env:
- name: TZ
value: America/Los_Angeles
- name: GATEWAY_ADMIN_USERNAME
value: admin
- name: IGNITION_EDITION
value: standard
- name: ACCEPT_IGNITION_EULA
value: Y
- name: GATEWAY_MODULES_ENABLED
value: opc-ua,perspective,reporting,tag-historian,web-developer
- name: GATEWAY_PUBLIC_ADDRESS
value: setup-frontend.localtest.me
these are the logs I'm seeing with those parameters
Running entrypoint with args -r /restore.gwbk -s 8043 -a setup-frontend.localtest.me -h 8088 -- -Dignition.projects.scanFrequency=10 -Dlogback.configurationFile=/workdir/logback.xml
init | 2024/08/15 09:48:23 | Parsed restoreFilePath argument; new value: /restore.gwbk
init | 2024/08/15 09:48:23 | Parsed httpsPort argument; new value: 8043
init | 2024/08/15 09:48:23 | Parsed httpAddress argument; new value: setup-frontend.localtest.me
init | 2024/08/15 09:48:23 | Parsed httpPort argument; new value: 8088
init | 2024/08/15 09:48:23 | Creating init.properties file
init | 2024/08/15 09:48:23 | Creating gateway.xml
init | 2024/08/15 09:48:23 | Collected JVM arg: -Dignition.projects.scanFrequency=10
init | 2024/08/15 09:48:23 | Collected JVM arg: -Dlogback.configurationFile=/workdir/logback.xml
init | 2024/08/15 09:48:23 | Processing GATEWAY_MODULES_ENABLED=opc-ua,perspective,reporting,tag-historian,web-developer
init | 2024/08/15 09:48:23 | Uninstalling 'Logix Driver-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Modbus Driver v2-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Symbol Factory-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Web Browser Module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Mitsubishi-Driver.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Serial Support Client-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Siemens Drivers-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'SFC-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Allen-Bradley Drivers-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'SQL Bridge-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'DNP3-Driver.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Enterprise Administration-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'UDP and TCP Drivers-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'DNP3-Driver-v2.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'SMS Notification-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Serial Support Gateway-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Alarm Notification-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Voice Notification-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Micro800 Driver-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'BACnet Driver-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Omron-Driver.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'IEC 61850 Driver-module.modl'
init | 2024/08/15 09:48:23 | Uninstalling 'Vision-module.modl'
init | 2024/08/15 09:48:23 | Assuming module Production-module.modl is third-party, skipping...
init | 2024/08/15 09:48:23 | Assuming module SPC-module.modl is third-party, skipping...
init | 2024/08/15 09:48:23 | Assuming module OEE_Downtime-module.modl is third-party, skipping...
init | 2024/08/15 09:48:23 | Assuming module Settings_and_Changeover-module.modl is third-party, skipping...
init | 2024/08/15 09:48:23 | Writing Container Init File to /usr/local/bin/ignition/data/.container-init.conf
init | 2024/08/15 09:48:23 | Attempting to stage gateway restore file: Gateway backup restored, manual startup required
init | 2024/08/15 09:48:24 | Setting gateway.publicAddress.autoDetect=false in gateway.xml
init | 2024/08/15 09:48:24 | Setting gateway.publicAddress.httpPort=8088 in gateway.xml
init | 2024/08/15 09:48:24 | Setting gateway.publicAddress.httpsPort=8043 in gateway.xml
init | 2024/08/15 09:48:24 | Setting gateway.publicAddress.address=setup-frontend.localtest.me in gateway.xml
init | 2024/08/15 09:48:24 | Adjusting ownership of 6 Ignition installation files to uid=1000,gid=1000.
init | 2024/08/15 09:48:24 | Staging user step-down from root to uid=1000,gid=1000
init | 2024/08/15 09:48:24 | Starting Ignition gateway
wrapper | 2024/08/15 09:48:24 | --> Wrapper Started as Console
At this point, I'd take a look at a couple of things:
- Check the env vars of the running container. Keep in mind that derived images might bake in default values for env vars prior to any you define at container configuration time.
- Check the gwbk file and the embedded SQLite3 DB (in 8.1.x) to verify that there isn't a
temp
user source in there already.
For the first, you can do something like below for a container named my-ignition
# Use a Go template to print each env var on a new line
docker inspect my-ignition -f '{{ range $v := .Config.Env }}{{ println $v }}{{ end }}'
For the latter, you'll need sqlite3
CLI installed as well as unzip
(assumes a Linux/macOS/WSL2 operating environment):
# Extract the config db to the current folder
unzip restore.gwbk db_backup_sqlite.idb
# View the AUTHPROFILES table (list of user sources),
# checking that 'temp' is not there.
sqlite3 db_backup_sqlite.idb "SELECT * FROM AUTHPROFILES"
# Remove the temporary DB you extracted above
rm db_backup_sqlite.idb
@kcollins1 thanks for feedback. I rechecked assumptions with the base IA image and was able to get it to restore as expected with the env vars you mentioned, nothing a good off and on again reset everything.
Like you said, the derived image is likely not applying the env vars in the order I'd hope it would. Now onto following ICC 2023 guide to get this working as I'd like it to.