This topic describes how to deploy OAT in Docker.
Prerequisites
Before you deploy OAT, confirm the following information:
Your operating system meets the following requirements:
Server typeOperating systemSupported versionx86_64/ARM aarch64 RHEL (and compatible RockyLinux, CentOS, etc.) 7.2 and later versions x86_64/ARM aarch64 Anolis (and compatible Alibaba Cloud Linux, Kylin V10, Unity Operating System (UOS), China Mobile BC-Linux, NeoKylin OS, Zhongke Fangde OS, etc.) 8.4 and later versions x86_64/ARM aarch64 Debian (and compatible Ubuntu, etc.) 11 and later x86_64/ARM aarch64 openSUSE 12 SP3 and later x86_64/ARM aarch64 openSUSE 12 SP3 and later x86_64/ARM aarch64 NeoKylin OS V6.0.99 and later If you use the OAT image package for installation, you must have already installed and started Docker. The recommended Docker version is Community Edition 18.09.9 or later.
Note
If you deploy OAT using the oat-all-in-one installation package, the
install.shscript in oat-all-in-one will automatically install Docker. You do not need to install Docker separately.The default OAT port
7000is not occupied.
Install OAT by using the oat-all-in-one installation package
Note
We recommend that you install OAT using the oat-all-in-one installation package.
To install OAT, perform the following steps:
Contact technical support to obtain the oat-all-in-one installation package for OAT.
Extract the oat-all-in-one installation package.
Example:
tar -xf oat-all-in-one-arm-xxx.tarRun the installation script
install.sh.Example:
sh oat-all-in-one-arm/install.shRunning this command automatically installs Docker (if Docker is not present in your environment), deploys OAT, and scans the images and tool software packages included in oat-all-in-one.
As prompted, confirm the following information in sequence:
- Enter the root directory of Docker (recommended to set it as a separately mounted directory). The default value is
/docker(this directory does not need to be manually created) and can be customized. If Docker is already installed, this step will be skipped. - Enter the path for the OAT data directory. The default value is
/oat_data(this directory does not need to be manually created) and can be customized. - Enter the OAT HTTP listening port. The default value is
7000and can be customized. - Enter the OAT database port. The default value is
3306and can be customized. - Enter the OAT administrator account password (set an initial login password). This can be customized.
- Access OAT using the returned URL to verify the availability of the OAT service.
Example:
Note
The Docker installation step is skipped because Docker is already installed on the server.
Change the OAT data directory path to
/data/oat_dataand press Enter.Input the OAT data dir: /data/oat_dataUse the default value for the OAT HTTP listening port and press Enter directly.
Input the OAT HTTP listen port: 7000Use the default value for the OAT database port and press Enter directly.
Input the OAT database port: 3306After modifying the OAT administrator admin user password (initial login password), press Enter.
Input the OAT admin user password(login password): ******Access OAT using the returned URL to verify the availability of the OAT service.
The return result is as follows:
Start prepare docker Docker is already exists, start check... Already installed docker check healthy, skip install docker Start prepare OAT Loaded image: xxx/oceanbase/oat:x.x.x_20241025_arm 45fd5a9b31b0af6aeb07b3e485503ad4c64629170b91d1d3c9e8128e8e532125 check OAT url http://127.0.0.1:7000/hc OAT API not ready, please wait, sleep 5s retry... OAT API not ready, please wait, sleep 5s retry... OAT API not ready, please wait, sleep 5s retry... OAT API not ready, please wait, sleep 5s retry... OAT API not ready, please wait, sleep 5s retry... OAT API not ready, please wait, sleep 5s retry... OAT API ready Copy images and binary_packages to OAT data dir Trigger OAT scan api to find images and binary_packages Trigger scan task success, please visit OAT web site and wait for scan task finished OAT is ready for visit url is: http://<current_ip>:7000 user/password is: admin/******
- Enter the root directory of Docker (recommended to set it as a separately mounted directory). The default value is
Note
- The
install.shscript starts the OAT container by default using--net host(host network mode). If you need to configure it to another network mode, manually start the container using the OAT image. - The x86 (aarch64) version of
oat-all-in-oneby default only includes images and software packages for x86 (aarch64) and noarch. If you need the aarch64 (x86) architecture, download it yourself and copy it to the corresponding directory mounted in the OAT container, then initiate a scan task to add it.
Install OAT by using the OAT Docker image
Obtain the OAT installation package.
Notice
Contact OAT technical support to obtain the installation package.
Use the
scpcommand to upload the OAT installation package to the server.Here,
oat_serveris the IP address of the server where OAT is to be deployed.scp oat.tgz <oat_server_user>@<oat_server_ip>:~/Example:
scp oat_x.x.x_20241025_arm.tgz root@xxx.xxx.xxx.xxx:/home/admin/oat_rpmMount the OAT directory.
Create a
/data_dirdirectory on the server (the path can be customized. This example uses/data_dirfor illustration) to store persistent data for OAT.After the
/data_dirdirectory is mounted to the OAT container, OAT automatically creates the/data_dir/logs,/data_dir/images, and/data_dir/dbdirectories to store OAT system logs, Docker images for components and products, and OAT database files, respectively.mkdir -p /data_dirLoad the OAT installation package as a Docker image.
docker load -i oat_xxx_xxxxxxxx_xxx.tgzHere,
oat_xxx_xxxxxxxx_xxx.tgzis the name of the installation package.Example:
docker load -i oat_x.x.x_20241025_arm.tgzThe return result is as follows:
Loaded image: xxx/oceanbase/oat:x.x.x_20241025_armUse the
docker imagescommand to obtain the tag of the OAT image.Note
If only one OAT installation package is loaded, use the example command. If multiple installation packages are loaded, use the
docker imagescommand to view the output, and concatenate the contents of the first two columns with a colon (:).oat_image=`docker images | grep oat | awk '{printf $1":"$2"\n"}'`Run the
docker runcommand to start OAT.Here,
$oat_imageis the tag of the OAT image.docker run -d --net host --name oat -v /data_dir:/data -e OAT_INITIAL_ADMIN_PASSWORD=xxx --restart on-failure:5 $oat_imageNote
- The HTTP service of OAT listens to port 7000 by default. You can specify the
-e HTTP_PORT=7001parameter to change it to another port. - You can specify the
-e OAT_INITIAL_ADMIN_PASSWORD=xxxparameter to change the password of OAT. - OAT uses MariaDB as its internal data store, which listens to port 3306 by default. You can specify the
-e DB_PORT=3307parameter to change it to another port. - We recommend that you use the
--net hostparameter to start OAT. This is because a container started in bridge network mode may be affected by a failure of thedocker0bridge or the operating system parameterip_forward.
Example:
docker run -d --net host --name oat -v /data_dir:/data -e OAT_INITIAL_ADMIN_PASSWORD=****** --restart on-failure:5 $oat_imageThe return result is as follows:
490344724bfcb2801da271196ebc38b5c15547b796178dc7660553ae62b668c2When installing OAT using the OAT Docker image, you can enable HTTPS with the following command:
docker run -itd --name oat --net host -e ENABLE_HTTPS=true -e HTTP_PORT=7000 -e OAT_INITIAL_ADMIN_PASSWORD=****** -v /data_dir:/data -v <Path to the host certificate's .crt file>:/data/cert/oat.crt -v <Path to the host certificate's .key file>:/data/cert/oat.key --restart on-failure:5 $oat_imageParameter description:
Note
OAT uses MariaDB as its internal data store, which listens to port 3306 by default. You can specify the
-e DB_PORT=3307parameter to change it to another port.ParameterDescription-itd Creates a container that runs in the background but retains interactive terminal capabilities. This is a combination of three parameters: -i(interactive): Keeps standard input open, allowing interaction with the container.-t(tty): Allocates a pseudo-terminal for a more user-friendly interactive experience.-d(detach): Runs the container in the background (daemon mode).
--name oat Assigns a name oatto the container, making it easier to manage the container later by name rather than random ID.--net host Uses the host network mode. The container will directly use the host's network stack, sharing the host's IP address and ports. This means a service listening on port 7000inside the container can be accessed directly from the host ashost_ip:7000, without the need for port mapping.Note
We recommend that you use the
--net hostparameter to start OAT. A container started in bridge network mode may be affected by a failure of thedocker0bridge or the operating system parameterip_forward.-e ENABLE_HTTPS=true Indicates that the OAT application enables the HTTPS protocol. The ENABLE_HTTPSparameter controls whether to start the HTTPS protocol. The default value isfalse.Notice
To enable the HTTPS protocol using the
ENABLE_HTTPSparameter, you also need to mount the TLS certificate.-e HTTP_PORT=7000 Specifies the listening port for the HTTPS/HTTP service. The HTTP_PORTparameter sets the listening port for the HTTPS/HTTP service. The default value is7000.-e OAT_INITIAL_ADMIN_PASSWORD=****** Sets the initial administrator password for the OAT system. The OAT_INITIAL_ADMIN_PASSWORDparameter sets the initial password for OAT.-v /data_dir:/data Performs volume mounting, mapping the host's /data_dirdirectory to the/datadirectory inside the container. Data generated by OAT in the container (such as configuration files and database files) is persistently stored on the host, preventing data loss after the container is deleted.-v <Path to the host certificate's .crt file>:/data/cert/oat.crt Performs volume mounting, mounting the TLS certificate's .crt(public key) file from the host to the specified path inside the container (/data/cert/oat.crtis the path where the certificate is used in the OAT container).-v <Path to the host certificate's .key file>:/data/cert/oat.key Performs volume mounting, mounting the TLS certificate's .key(private key) file from the host to the specified path inside the container (/data/cert/oat.keyis the path where the certificate is used in the OAT container).--restart on-failure:5 Sets the container's restart strategy. on-failuremeans the container will automatically restart only if it exits abnormally (i.e., the exit status code is not 0).:5means Docker will attempt to restart at most five times. This is a common strategy to ensure service availability while avoiding an infinite restart loop.$oat_image Represents the tag of the OAT image (assigned in step 5 above). - The HTTP service of OAT listens to port 7000 by default. You can specify the
After successful startup, enter
http://<oat_server_ip>:7000in the browser address bar.Replace
<oat_server_ip>with the IP address of the server where OAT is deployed.If the login page appears in the browser window, OAT has been successfully installed and started.