We are looking into converting/Migrating our Ignition instances from WINDOZE to Linux. As part of that we started looking at Ignition Docker images from Inductive Automation Repo.
Has anyone braved enough to run their production architecture with Docker?
I’ve been using Docker for about seven years and know enough to be dangerous. (Even build somes Docker images from scratch for some of the Oracle Applications such as APEX and ORDS on Tomcat).
It was so much easier with Ignition since Inductive automation has already build Docker Images to be consume, it was such a no brainer.
With that being said, my vision is to have Docker Engine running on Ubuntu host where we will deployed Ignition Docker Image with Docker Volume mounted at run time for “Stateful” container.
Is it a “fever dream” and I should just stick to either WINDOZE or vanilla Linux?
Note: Of course we will test the heck out of this regardless of going to vanilla Linux or Docker.
It can be challenging to use a permanent license with Docker deployments. If you get leased licenses, and don't mind maintaining internet connectivity for lease checks, go for it.
But, for this reason, I would not recommend it for gateways placed on your isolated or semi-isolated OT networks.
A permanent license places critical information in the filesystem, and is tied to root filesystem unique properties (and various other undocumented items). These properties change in many container restart/rebuild situations, even with a persistent volume. You are extremely likely to break your license and need IA support to reset it.
If you delete your docker container and make a new one, you will lose the license activation. Using the 8-Character license key and the online tethering with it enables you to reuse the license key on the new container provided there is only one container running that license at one time.
Note for posterity, with 8-char licenses, one would have to add leased activation session termination to immediately release the activation back to the pool upon gateway shutdown.
Yeesh, I’ll stick to vanilla Linux for our deployment model then. Shame because I really like using Docker for streamlining applications or services deployment.
One additional point of clarification here--as long as you're persisting the data volume for a given Ignition "installation", recreating the container poses no risk to an active lease for your 8-digit license. When the license session is obtained, it is persisted to disk under the data/leased-activation folder; upon startup, that license session will be resumed if it is still valid.
The situation Eric and David describe is if you're fully wiping both your container and the underlying data volume in order to recreate from scratch; in this type of scenario, common in development, you may wish to leverage the automatic session termination so that a clean shutdown actually reaches out to the license server and releases that active session (making it available for a separate, fresh Ignition container).