[IGN-8931]Edge Panel on Docker licensing issues with one local client and one remote

framebuilder · February 27, 2024, 5:07pm

We are running Edge Panel in a Docker container. Edge is supposed to have one Vision client launchable locally and one Vision client launchable remotely according to license. However, we can only get it to launch one client.

After the first client is launched "locally", we get the error "Unable to log in, too many clients running" on the next remote client that is launched. I initially thought it was due to how Docker uses bridged networks by default and the container actually seemed like a completely different network host and thus all clients would be consider "remote" and only allow 1.

So I changed it the "network_mode" to "host" in the docker-compose.yml file. We then launched the Vision client from the Ubuntu Desktop gui on the host computer that's running Docker service (pointing to Gateway http://127.0.0.1:8088) and now the Address on the Gateway Web page->Status->Overview->Vision Clients is showing it's connecting from a source address of 127.0.0.1 so the Docker host networking mode appears to be passing directly through. But we still cannot get more than 1 Vision client launched.

Does anyone know of a way to run Edge Panel on Docker and still be able to launch 1 local Vision client and 1 remote Vision client simultaneously?

services:
  init-edgegateway:
    image: inductiveautomation/ignition:8.1.37
    entrypoint: sh -c
    volumes:
      # We mount this in the container as `/data` to not conflict with built-in files
      # at `/usr/local/bin/ignition/data`
      - ./edgegateway-data:/data
    command:
      # Seed the files from the image to our /data if marker file not present, skip
      # if the marker file exists (and implicitly exit cleanly with status code 0)
      - |
        if [ ! -f /data/.ignition-seed-complete ]; then
          touch /data/.ignition-seed-complete ;
          cp -dpR /usr/local/bin/ignition/data/* /data/ ;
        fi
  edgegateway:
    image: inductiveautomation/ignition:8.1.37
    network_mode: host
    volumes:
      - ./edgegateway-data:/usr/local/bin/ignition/data
      - ./modules/MQTT-Transmission-signed.modl:/usr/local/bin/ignition/user-lib/modules/MQTT-Transmission-signed.modl
      - ./modules/MQTT-Engine-signed.modl:/usr/local/bin/ignition/user-lib/modules/MQTT-Engine-signed.modl
    environment:
      - ACCEPT_IGNITION_EULA=Y
      - GATEWAY_MODULES_ENABLED=allen-bradley-drivers,modbus-driver-v2,opc-ua,vision
      - IGNITION_EDITION=edge
      - TZ=America/Chicago
    # Use depends_on to only launch this container if our init container exits cleanly
    depends_on:
      init-edgegateway:
        condition: service_completed_successfully
    command: >
      -n bgmedge-2hdpry3

edge2

pturmel · February 27, 2024, 5:15pm

You'd have to run the Vision Client within the docker too. Which is a problem, I suspect, because I've never seen a docker container expose a UI.

{ Why do you need to use Docker? }

framebuilder · February 27, 2024, 5:20pm

@pturmel - I was hoping that wasn't the case. I wonder how IA determines if a client is local vs remote...or if they'd even be willing to share that. Because as far as I can tell, by using Docker with host networking mode, it looks the same as a regular install on the host Linux OS (from the perspective of networking).

We want to use Docker in this situation because it's easy to spin up, upgrade, etc with just a docker-compose.yml file.

pturmel · February 27, 2024, 5:24pm

Localhost is special in *nix, and can pass process privilege information about servers and clients. This breaks between host and container, no matter what networking mode you use.

I don't see you getting Docker to work for the local licensed connection, possibly ever.

PGriffith · February 27, 2024, 5:31pm

The 'host' network mode is (at least theoretically) supposed to work around this, but we're actually planning to relax the constraint here slightly and just make Edge Panel work the same for Vision as it does for Perspective - two connection sessions, regardless of detected origin.

However, that won't happen anytime soon, so I'll ask around to see if anyone has advice for why the host mode wouldn't be working.

kcollins1 · February 27, 2024, 5:48pm

How is Docker installed on this Ubuntu machine? It isn't installed via snap, is it?

framebuilder · February 27, 2024, 6:03pm

Docker was installed via apt

kcollins1 · February 27, 2024, 6:10pm

Okay, I just looked more deeply into this, and it looks like we actually use a local file to determine that the client is launched locally (instead of source IP).

Try the following (from the folder where you've got this Compose file (and thus your edgegateway-data bind-mount)):

# Create preceding paths (with the assumption that there
# is not a native Ignition installation on this host)
sudo mkdir -p /usr/local/bin/ignition
# Create a symbolic link between your containers bind-mounted
# data folder and the same canonical path on your host filesystem
sudo ln -s ${PWD}/edgegateway-data /usr/local/bin/ignition/data

The above should allow a local Vision client to associate your container with a "local" installation. I haven't tested this, but based on what I'm seeing, it should work.

framebuilder · February 27, 2024, 6:52pm

Yep, that worked! Thanks @kcollins1. I also changed back to bridge network mode and all is well.