Docker Compose - Third Party Modules

Blake_Benner · March 16, 2025, 4:26am

I've been working with Docker Compose to put together a docker-compose.yml file to rapidly deploy a Maker container. Everything is working great with the exception of passing the third party modules during container creation.

Upon launching the Maker Gateway, the third party modules are stuck in quarantine, requiring install and signing. Is this expected behavior? What can I do differently, if anything? Although this is for dev, recommendations for an enterprise production environment are welcome. Here is my docker-compose.yml for reference:

services:
  scada:
    image: inductiveautomation/ignition:8.1.47
    ports:
      - 80:8088
      - 443:8043
    command:
      -n scada
      -a localhost
      -h 80
      -s 443
      -m 3072
    environment:
      ACCEPT_IGNITION_EULA: Y
      GATEWAY_ADMIN_USERNAME_FILE: /run/secrets/username
      GATEWAY_ADMIN_PASSWORD_FILE: /run/secrets/password
      TZ: US/Eastern
      GATEWAY_MODULES_ENABLED: alarm-notification,opc-ua,perspective,reporting,sfc,sql-bridge,tag-historian,web-developer,udp-tcp-drivers,modbus-driver-v2
      DISABLE_QUICKSTART: true
      IGNITION_EDITION: maker
      IGNITION_LICENSE_KEY_FILE: /run/secrets/license-key
      IGNITION_ACTIVATION_TOKEN_FILE: /run/secrets/activation-token
      IGNITION_UID: 2003
      IGNITION_GID: 2003
    user: "0:0"
    volumes:
      - scada-data:/usr/local/bin/ignition/data
      - ./modules/MQTT-Distributor-signed.modl:/usr/local/bin/ignition/user-lib/modules/MQTT-Distributor-signed.modl
      - ./modules/MQTT-Engine-signed.modl:/usr/local/bin/ignition/user-lib/modules/MQTT-Engine-signed.modl
      - ./modules/MQTT-Transmission-signed.modl:/usr/local/bin/ignition/user-lib/modules/MQTT-Transmission-signed.modl
    secrets:
      - username
      - password
      - license-key
      - activation-token
      
secrets:
  username:
    file: ./secrets/username
  password:
    file: ./secrets/password
  license-key:
    file: ./secrets/license-key
  activation-token:
    file: ./secrets/activation-token

volumes:
  scada-data:

pturmel · March 16, 2025, 2:34pm

Yes, this is expected behavior.

The simplest solution is to supply a gateway backup that has those modules approved.

kcollins1 · March 16, 2025, 2:52pm

Getting out-of-box behavior right with third-party modules in 8.1.x typically requires building a derived image (note: this will no longer be required when Ignition 8.3 is released, as we're offering some better mechanisms here). If you're running Docker Compose, you can also bind-mount the modules directly into place as you're already doing.

If you're looking for inspiration for building a derived image with third-party modules in place and approved, you can look at this repo: GitHub - thirdgen88/ignition-derived-example: Derived Image Example using Official Ignition Docker Image as Base.

Blake_Benner · March 16, 2025, 3:41pm

Thank you for the clear and concise reply.

I'll look at adding this to my compose project.

Blake_Benner · March 16, 2025, 3:52pm

Looking forward to 8.3!

While creating this project that was where I started based on the Ignition - Docker documentation until I realized that some community members were able to bind-mount the modules. I'll revisit the derived images if @pturmel's suggestion of restoring a gateway backup gives me any trouble.

Thanks for the link and the work you've published. Didn't realize that your derived solution could be used to solve my problem. Your ignition-examples repo has already helped significantly.