Fleio docker deployment notes

Important

Fleio is transitioning to docker deployment as the only method to install Fleio.

The old deployment methods (deb/rpm system packages) will be deprecated in a few months.

If you are developing Fleio customizations, you need to upgrade your code to work with Fleio docker deployment.

docker-compose services

A vanilla Fleio deployment runs the following services

fleio status

        Name                      Command               State              Ports
--------------------------------------------------------------------------------------------
fleio_backend_1        /var/webapps/fleio/env/bin ...   Up      8000/tcp
fleio_celery_1         /var/webapps/fleio/scripts ...   Up
fleio_celerybeat_1     /var/webapps/fleio/scripts ...   Up
fleio_db_1             docker-entrypoint.sh --cha ...   Up      3306/tcp
fleio_frontend_1       /docker-entrypoint.sh ngin ...   Up      80/tcp
fleio_incomingmail_1   /var/webapps/fleio/scripts ...   Up
fleio_redis_1          docker-entrypoint.sh redis ...   Up      6379/tcp
fleio_updated_1        /var/webapps/fleio/scripts ...   Up
fleio_web_1            /docker-entrypoint.sh ngin ...   Up      80/tcp, 0.0.0.0:80->8080/tcp

And these services are using the following docker images:

docker images

  • backend - runs uwsgi, which processes the requests in Python with Django and the Django REST Framework
  • celery - contains a copy of the backend files and runs Celery, which runs tasks
  • celerybeat - runs Celery beat which is actually similar to Linux cron. It is used for periodic tasks, like “process clients”
  • updated - connects to RabbitMQ and processes messages received from OpenStack (like instance created, instance shut off etc.). The “d” historically comes from “daemon”, hence “update daemon”, but you can also say that this container is keeping the Fleio caching database “updated”.
  • incomingmail - just keeps a container running with an infinite loop in bash a script. Each incoming email message (which is usually piped from /etc/aliases) is parsed by a new process created with docker exec in this container.
  • frontend - contains the static frontend files (.js, .css etc.) and serves them with nginx. This web server is not available on a public IP, but just on the docker local network.
  • web - this is the internet facing service that runs nginx and proxies request to the internal backend and frontend.

The full name of these images container the Fleio docker registry host and the Fleio version, e.g. hub.fleio.com/fleio_backend-2020-11:0. The image prefix is the constant hub.fleio.com/fleio_ and the suffix depends on the Fleio version and is formed based on this convention: -MAJORVERSION-MINORVERSION:PATCH.

If you want to add or change files in the Fleio docker images make sure you don’t go against the docker philosophy and that your changes are not overwritten on Fleio upgrades.

Fleio docker install script

The docker install script performs the following operations:

  • installs docker
  • installs docker-compose
  • checks if minimum RAM storage space requirements are met
  • checks if curl and sudo are installed
  • creates or makes sure that the fleio user (UID 625) and the fleio group (GID 625) are already created. Fleio cannot run if user ID is assigned to another user or if the group ID is assigned to another group.
  • reads the Fleio license, saves it to /home/fleio/.fleio_license and authenticates on hub.fleio.com
  • copies /home/fleio/bin/fleio and install scripts from the backend image
  • generates random MariaDB password and places it in /home/fleio/compose/secrets/.db_password
  • creates the compose files in /home/fleio/compose
  • pulls docker images from hub.fleio.com
  • creates settings files (these are all stored in volumes, see /home/fleio/compose/docker-compose.yml
  • sets Fleio license
  • creates a Fleio administrator user based on environment variables or user input
  • starts services with docker-compose up -d

If you created new files needed to run the docker-compose services, these should be placed in /home/fleio/compose and you must make sure that they are owned by ``fleio:fleio`` (fleio user and fleio group).

The fleio command auto-runs itself as fleio (with sudo -i -u fleio), if it is not already running as fleio.

The following environment variables are available. If a variable is set, the install script will not ask for user input. This way you can create a fully unattended installation, if all variables are set.

Here are the system environment variables with some example values:

FLEIO_LICENSE_ID="<<16 chars license key>>"
FLEIO_LICENSE_KEY="<<the long license key>>"
FLEIO_FRONTEND_URL="http://myfleio.org"
FLEIO_TIMEZONE="UTC"
FLEIO_ADMIN_EMAIL="demoadmin@demoadmin.com"
FLEIO_ADMIN_USERNAME="<<the Fleio admin username>>"
FLEIO_ADMIN_PASSWORD="<<Fleio admin password>>"
FLEIO_ADMIN_FIRSTNAME="Demoadmin"
FLEIO_ADMIN_LASTNAME="Demoadmin"

The install script installs the latest stable version by default.

Run install --include-beta to install the latest beta version (it will install a stable version if it’s newer than any beta) or specify version number: install 2020.11.0.

Docker installation file permissions

All Fleio docker deployment related files are placed under the /home/fleio directory. The only host files outside this path is the fleio command at /usr/bin/fleio, which is actually a symlink to /home/fleio/bin/file.

You will often use the fleio command to check for fleio status, fleio updates or to fleio upgrade your installation.

When you run the fleio command it checks if it is already running as the fleio user, if not, it will re-run itself with sudo -i -u fleio.

For this reason, all files and directories under the /home/fleio path should be owned by the fleio user.

If you encounter any permissions errors, you can run anytime:

sudo chown -R fleio:fleio /home/fleio