RapidMiner Real-Time Scoring Docker deployment
The documentation below describes the following Docker images:
- RapidMiner Real-Time Scoring (
rapidminer/rapidminer-execution-scoring:latest
) - RapidMiner Real-Time Scoring CRON (
rapidminer/rapidminer-real-time-scoring-cron:latest
) - RapidMiner Real-Time Scoring Proxy (
rapidminer/rapidminer-real-time-scoring-proxy:latest
) - RapidMiner Real-Time Scoring Web UI (
rapidminer/rapidminer-real-time-scoring-webui:latest
)
For available Docker images, seeDocker Hub.
Using the Docker images RapidMiner Real-Time Scoring can be deployed on-site or on any cloud provider's Docker or Kubernetes platforms.
Here on docs.www.turtlecreekpls.com, we maintain the documentation for every release of docker images, unlikeDocker Hub, where only the latest release of RapidMiner Real-Time Scoring is documented.
As described indeployments pageDocker based deployment can be done starting asingle containeror a multi-container setup withdocker-compose.
Data persistence
The RapidMiner Real-Time Scoring stack uses the following volumes:
rts-deployments
for storing the deploymentsrts-licenses
for storing the deploymentsuploaded
for storing the uploaded Filescron-log
for storing the logfiles of the background processes of the stack
To make this data persistent, thedocker-compose.yml
file defines this volumes, and mounts them to the related services.
只使用单一容器部署rts-deployments
and therts-licenses
volumes are mounted into the container.
Notices about data persistence
- If the volumes contains data from any previous executions, then the stack will be started with that data (e.g. licenses, deployments, etc.).
- Necessary files can be uploaded using the built inWeb UI.
- Alternative to using volumes, bind mounting directories can provide access to the stored files directly from the host machine.
- By default when using the scoring service, neither request, nor response sensible data is logged, in the proxy access log only the request URL and some additional request informations are recorded, the parameters of the POST requests (e.g. the input of the scoring service) are not:
nginx-proxy_1_33dd1a206bd6 | 123.123.123.123 - admin [22/Aug/2019:08:36:20 +0000] "POST /services/my-first-deployment/score-titanic HTTP/1.1" 200 282 "-" "curl/7.58.0" "-"
- For details about HA deployment, please contact us.
- On the web UI we do not display sensibe informations (e.g. license keys, certificates, certificate keys), to view this files the most convenient way is to enter to the cron container and get the file content with cat:
cd /path/to/compose/file/ docker-compose exec cron bash cat /rapidminer/rts_home/licenses/rapidminer-scoring.lic cat /rapidminer/uploaded/certs/validated_cert.crt cat /rapidminer/uploaded/certs/validated_cert.key
Good to know
- RapidMiner Real-Time Scoring requires at least 2GB of memory. On Windows hosts, please make sure that the Docker Engine is configured to run with enough memory.
- 如果许可证数量不包含许可文件,then the RapidMiner Real-Time Scoring container will wait for the license. You can start scoring after a valid license and a deployment is provided.
- To mount volumes on a Windows system you should pay attention to the Windows-specific Docker volume mount settings:
- Make sure the drive is shared in the Docker settings
- If using docker-compose, consider setting the environment variable "COMPOSE_CONVERT_WINDOWS_PATHS=1"
- Make sure that Docker can read and write to the mounted files and folders
Single container-based deployments
We recommend this type of deployment only in case when the agent will run in a trusted network, or for testing.
- Create a folder on the host machine for the deployments, and copy all your deployment files there.
- 在主机上创建一个文件夹表示“允许”ses, and save your licenses there with .lic extension.
To start a RapidMiner Real-Time Scoring Agent container using bind mounts for data persistence, run the following command:
docker run \ -e WAIT_FOR_LICENSES=1 \ -v :/rapidminer-scoring-agent/home/deployments/ \ -v :/rapidminer-scoring-agent/home/resources/licenses/rapidminer-scoring-agent/ \ -p 8090:8090 \ rapidminer/rapidminer-execution-scoring:latest
Provide the same paths as at the folder creation on the host machine for the licenses and for the deployments.
In this case the container will be listening on port 8090, you can use this port for scoring (eg. http://localhost:8090 or any other network interface). If the port 8090 is already bind, you can change the command above as you need (e.g. -p 8091:8090 will bind the service on port 8091 on the host machine).
The WAIT_FOR_LICENSES environment variable changes the behavior of the container in the case there is no license provided. Valid values are:
- 0 the container will exit and restart,
- 1 the container will periodically check if a license file is provided
The MANAGEMENT_API_ENDPOINT environment variable changes the behavior at the container startup, if this variable is provided, the container will try to download the license from a web server from the URL blow:
${MANAGEMENT_API_ENDPOINT}/uploaded/sync/licenses/license.lic
You can specify any URL, but please make sure, that the container has the right network access, and no one else can visit this URL. In case this variable is not defined, the container will check only the licenses folder for licenses.
For Docker image versions, seeDocker Hub.
Notices about single-container deployment:
- Deployment InstallationandDeployment modificationvia file needs a container restart, please consider using the REST API for deployment.
- Please pay attention for the data persistence.
Multi-container-based deployment
This is a fully functional RapidMiner Real-Time Scoring stack, for available versions, please see the tags on the image details pages onDocker Hub.
Docker-compose configuration
Start RapidMiner Real-Time Scoring Agent, proxy, webui, and cron containers using volumes for data persistence:
version: '3' services: real-time-scoring-agent: image: rapidminer/rapidminer-execution-scoring:latest restart: "always" environment: WAIT_FOR_LICENSES: 1 volumes: - rts-deployments:/rapidminer-scoring-agent/home/deployments/ - rts-licenses:/rapidminer-scoring-agent/home/resources/licenses/rapidminer-scoring-agent/ networks: rts-internal-network: aliases: - real-time-scoring-agent nginx-proxy: image: rapidminer/rapidminer-real-time-scoring-proxy:latest restart: "always" volumes: - uploaded:/rapidminer/uploaded/:ro ports: - 80:80 - 443:443 networks: rts-internal-network: aliases: - nginx-proxy real-time-scoring-webui: image: rapidminer/rapidminer-real-time-scoring-webui:latest restart: "always" volumes: - uploaded:/var/www/html/uploaded/ networks: rts-internal-network: aliases: - real-time-scoring-webui cron: image: rapidminer/rapidminer-real-time-scoring-cron:latest restart: "always" volumes: - cron-log:/var/log/ - rts-licenses:/rapidminer/rts_home/licenses/ - uploaded:/rapidminer/uploaded/ - /var/run/docker.sock:/var/run/docker.sock volumes: rts-deployments: rts-licenses: uploaded: cron-log: networks: rts-internal-network:
Architecture:
Notices about docker-compose deployment:
- For security considerations the
docker-compose.yml
file defines a dedicated docker network (rts-internal-network
) for the RapidMiner Real-Time Scoring containers, so they can communicate with each other, but from the external network only the proxy container is available on the 80 and 443 ports. You can use this ports for scoring, and to reach the Web UI (eg. http://localhost, http://localhost/rts-admin/ https://localhost, https://localhost/rts-admin/ or any other IP address or domain name). - The cron container needs the docker socket to be mounted in order to be able to manage (e.g. restart) the other containers. In case this is omitted, you have to restart the proxy container manually after uploading a certificate, and restart the real-time-scoring-agent container after a license is provided or changed.
- Please use the https protocol to provide sensible information (license keys, certificates, certificate keys, deployments), the built in self signed certificate is not secure enough, but it provides encryption and data integrity until a valid certificate and key file is provided.
- The default login credentials are admin / changeit.
- After submitting the certificate and a key file content, a per minute scheduled background process will do some syntax and content checks before applying them in the proxy configuration. If you experience that the new certificate and key files are not applied, please check the background process logs:
cd /path/to/compose/file/ docker-compose exec cron bash cat /var/log/_process_uploads.log
Next: