“Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux, Windows Server, and Linux-on-mainframe apps.”
Docker & ionCube Encoder/Loader
With an increasing number of questions related to how to either use our Encoder or Loader software within a Docker container, we thought it would be a good idea to consolidate a number of solutions from our help desk to setting-up Docker containers for them. We will also update this article as and when further tips come to light.
ionCube Loader 10 works straight out of the box against Docker 1.12.6 on Centos 7 within the docker.io/wordpress image with no additional tuning or configuration to the Docker environment apart from our usual updating of the php.ini file that includes reference to the loader via the zend_extension line.
The most common issue for our Encoder within a Docker environment is the enforcement of our product licensing which by nature of Docker containers are generally volatile entities.
Using A Container Based On Alpine?
While we have resolved all known issues with using the Loader within an Alpine Linux container, the Encoder is still experiencing issues due to Alpine not using glibc. We continue to work towards a solution for this and at the moment suggest switching to a container based on glibc such as a Debian one.
Normal Licensing Solution
To use our Encoder as it would function normally outside of a container, the Encoder could be installed and licensed against the base OS and when required, be mounted as part of a data container volume within the container. No changes should be required to the container.
Aggressive Licensing Solution
In some instances (where excessive licensing traffic/checking) can be tolerated, it is possible to license the Encoder before it is used and then release the license once the encoding process has completed. This can be performed using the the Encoder command line settings as found in the user guide via any CI/scripting process.
In addition, a change to the Docker security options on the container will be required to allow for the licensing process to function by using the –security-opt seccomp:unconfined option to the docker run command. See https://docs.docker.com/engine/security/seccomp/ for more details and the implications for using this option.
Encoder License Recovery
Normal containers are by nature volatile and should the situation arise where a licensed Encoder has not been released from within it’s container, recovery of the license will require support assistance and so incur delay.
If the correct exited container can be located committing it to an image and then creating a new container from that image with the original MAC address via the –mac-address option, will allow a safe manual revocation of the license.
If you have any other tips and advice for Docker usage please let us know!