Add the HTTPS port to a Docker container support

Helene · Helene · commit 37996c363b39 · 2020-10-15T15:45:01.000+02:00
diff --git a/docs/RUNNING_AS_DOCKER_CONTAINER.md b/docs/RUNNING_AS_DOCKER_CONTAINER.md
@@ -19,8 +19,10 @@ IMPORTANT The IBM Spectrum Scale system must run 5.0.5.2 or above.
 ```
 
 
+
 ### On the host running docker/podman perform the following steps:
 
+
 1. Clone this repository using git in your favourite directory
 
 ```shell
@@ -55,5 +57,27 @@ cp grafana_bridge/source/gpfsConfig
 
 ```
 
-
 Now you can add the host running the bridge container to the Grafana monitoring Datasource list.
+
+
+
+### Using HTTPS(SSL) connection for the IBM Spectrum Scale Performance Monitoring Bridge running in a container
+
+
+1. Follow the instructions [How to setup HTTPS(SSL)](./SETUP_SSL_CONNECTION.md) to generate a private key and certificate for 
+
+2. Start the bridge running in a container:
+
+```shell
+# podman run -dt -p 4242:4242,8443:8443 -e "SERVER=9.XXX.XXX.XXX" -e "PORT=8443" -e "KEYPATH=/opt/registry/certs" \ -v /tmp:/opt/IBM/bridge/logs -v /opt/registry/certs:/opt/registry/certs \ --pod new:my-bridge-ssl-test-pod --name bridge-ssl-test bridge_ssl_test:grafana 
+
+# podman logs bridge-ssl-test
+Connection to the collector server established successfully
+Successfully retrieved MetaData
+Received sensors:
+
+CPU     DiskFree        GPFSFilesystem  GPFSFilesystemAPI       GPFSNSDDisk     GPFSNSDFS       GPFSNSDPool     GPFSNode        GPFSNodeAPI     GPFSRPCS        GPFSVFS GPFSWaiters     Load    Memory  Netstat Network GPFSDiskCap     GPFSFileset GPFSFilesetQuota        GPFSInodeCap    GPFSPool        GPFSPoolCap
+Initial cherryPy server engine start have been invoked. Python version: 3.6.8 (default, Dec  5 2019, 15:45:45)
+[GCC 8.3.1 20191121 (Red Hat 8.3.1-5)], cherryPy version: 18.6.0.
+server started
+```
diff --git a/docs/SETUP_SSL_CONNECTION.md b/docs/SETUP_SSL_CONNECTION.md
@@ -29,5 +29,9 @@ Note: If you are using python3, please check which cherryPy version is compatibl
 4. Start the bridge listening on the socket port 8443. Don't forget to provide the location of ‘privkey.pem’ and ‘cert.pem’ (-k option), otherwise you will get the error message:
 
 ```shell
-# python zimonGrafanaIntf.py -p 8443
+# python3 zimonGrafanaIntf.py -p 8443 -k /opt/registry/certs
 ```
+
+
+#### Read more about HTTPS(SSL) connection
+ [CherryPy openSSL documentation](https://docs.cherrypy.org/en/latest/deploy.html#ssl-support)
diff --git a/source/Dockerfile b/source/Dockerfile
@@ -19,6 +19,14 @@ COPY ./gpfsConfig/mmsdrfs* /var/mmfs/gen/
 COPY ./gpfsConfig/ZIMon* /opt/IBM/zimon/
 
 
+ARG HTTPPORT=4242
+ENV PORT=$HTTPPORT
+RUN echo "the HTTP/S port is set to $PORT" 
+
+ARG CERTPATH
+ENV KEYPATH=$CERTPATH
+RUN if [ -z "$KEYPATH" ] && [ "$PORT" -eq 8443 ]; then echo "KEYPATH FOR SSL CONNECTION NOT SET - ERROR"; exit 1; else echo "PASS"; fi
+RUN echo "the ssl certificates path is set to $KEYPATH" 
 
 ARG PMCOLLECTORIP=0.0.0.0
 ENV SERVER=$PMCOLLECTORIP
@@ -36,9 +44,11 @@ RUN echo "$(pwd)"
 RUN touch $LOGPATH
 RUN echo "log path: $(dirname $LOGPATH)" >> $LOGPATH
 RUN echo "pmcollector_server: $SERVER" >> $LOGPATH
+RUN echo "ssl certificates location: $KEYPATH" >> $LOGPATH
+RUN echo "HTTP/S port: $PORT" >> $LOGPATH
 
-CMD ["sh", "-c", "python3 zimonGrafanaIntf.py -c 10 -s $SERVER"]
+CMD ["sh", "-c", "python3 zimonGrafanaIntf.py -c 10 -s $SERVER -p $PORT -k $KEYPATH"]
 
-EXPOSE 4242
+EXPOSE 4242 8443
 
 #CMD ["tail", "-f", "/dev/null"]
