Bonita BPM inside a Docker container

Update : at mid october Bonita BPM has joined the Docker Official Library so I’ve updated accordingly the commands into this article

You may have noticed that some members of our community, like wmarinho, have already “Dockerized” Bonita BPM. I would like to thank them!

In this tutorial I will explain our Docker image which runs Bonita BPM 7.

If you don’t already know Docker, have a look on their website.

Install Docker

You can install Docker on Ubuntu, Mac OS X, or Windows following the official documentation:

On my Ubuntu 14.04, I can use this simple command:

curl -sSL https://get.docker.com/ | sh

How to use this image

Quick start

docker run --name bonita -d -p 8080:8080 bonita

This will start a container running the Tomcat Bundle with Bonita BPM Engine + Bonita BPM Portal. With no environment variables specified, it’s as like if you have launched the bundle on your host using startup.{sh|bat} (with security hardening on REST and HTTP APIs, cf Security part). Bonita BPM uses a H2 database here.

You can access the Bonita BPM Portal on http://localhost:8080/bonita and login using the default credentials: install / install

Link Bonita BPM to a database

MySQL

Increase the packet size which is set by default to 1M:

mkdir -p ~/Documents/Docker/Volumes/custom_mysql
echo "[mysqld]" > ~/Documents/Docker/Volumes/custom_mysql/bonita.cnf
echo "max_allowed_packet=16M" >> ~/Documents/Docker/Volumes/custom_mysql/bonita.cnf

Mount that directory location as /etc/mysql/conf.d inside the MySQL container:

docker run --name mydbmysql -v ~/Documents/Docker/Volumes/custom_mysql/:/etc/mysql/conf.d -e MYSQL_ROOT_PASSWORD=mysecretpassword -d mysql:5.5

See the official MySQL documentation for more details.

Start your application container to link it to the MySQL container:

docker run --name bonita_mysql --link mydbmysql:mysql -d -p 8080:8080 bonita

PostgreSQL

Set max_prepared_transactions to 100:

mkdir -p ~/Documents/Docker/Volumes/custom_postgres
echo '#!/bin/bash' > ~/Documents/Docker/Volumes/custom_postgres/bonita.sh
echo 'sed -i "s/^.*max_prepared_transactions\s*=\s*\(.*\)$/max_prepared_transactions = 100/" "$PGDATA"/postgresql.conf' >> ~/Documents/Docker/Volumes/custom_postgres/bonita.sh
chmod +x ~/Documents/Docker/Volumes/custom_postgres/bonita.sh

Mount that directory location as /docker-entrypoint-initdb.d inside the PostgreSQL container:

docker run --name mydbpostgres -v ~/Documents/Docker/Volumes/custom_postgres/:/docker-entrypoint-initdb.d -e POSTGRES_PASSWORD=mysecretpassword -d postgres:9.3

See the official PostgreSQL documentation for more details.

docker run --name bonita_postgres --link mydbpostgres:postgres -d -p 8080:8080 bonita

Modify default credentials

docker run --name=bonita -e "TENANT_LOGIN=tech_user" -e "TENANT_PASSWORD=secret" -e "PLATFORM_LOGIN=pfadmin" -e "PLATFORM_PASSWORD=pfsecret" -d -p 8080:8080 bonita

Now you can access the Bonita BPM Portal on http://localhost:8080/bonita and login using: tech_user / secret

Where to store data

Most of the data are stored in a database and can be stored outside the Bonita container as described above using the PostgreSQL or MySQL container. However, some data remains inside the Bonita bundle. Bonita Home is a folder, called bonita, which contains configuration, working, and temporary folders and files. There are also log files inside the logs folder.

Important note: There are several ways to store data used by applications that run in Docker containers. We encourage users of the bonita images to familiarize themselves with the options available, including:

  • Let Docker manage the storage of your data by writing the files to disk on the host system using its own internal volume management. This is the default, and is easy and fairly transparent to the user. The downside is that the files may be hard to locate for tools and applications that run directly on the host system, i.e. outside containers.
  • Create a data directory on the host system (outside the container) and mount this to a directory visible from inside the container. This places the database files in a known location on the host system, and makes it easy for tools and applications on the host system to access the files. The downside is that the user needs to make sure that the directory exists, and that directory permissions and other security mechanisms on the host system are set up correctly.

The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blogs and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above:

  1. Create a data directory on a suitable volume on your host system, e.g. /my/own/datadir.

  2. Start your bonita container like this:

    docker run --name some-bonita -v /my/own/datadir:/opt/bonita -d bonita:tag

The -v /my/own/datadir:/opt/bonita part of the command mounts the /my/own/datadir directory from the underlying host system as /opt/bonita inside the container, where Bonita will deploy the bundle and write data files by default.

Note that users on host systems with SELinux enabled may see issues with this. The current workaround is to assign the relevant SELinux policy type to the new data directory so that the container will be allowed to access it:

chcon -Rt svirt_sandbox_file_t /my/own/datadir

Migrate from an earlier version of Bonita BPM

  1. Stop the container to perform a backup

    docker stop bonita_7.0.0_postgres
    
  2. Check where your data are stored

    docker inspect bonita_7.0.0_postgres
    [...]
        "Mounts": [
            {
                "Source": "/home/user/Documents/Docker/Volumes/bonita_7.0.0_postgres",
                "Destination": "/opt/bonita",
                "Mode": "",
                "RW": true
            }
        ],
    [...]
    
  3. Copy data from the filesystem

    cp -r ~/Documents/Docker/Volumes/bonita_7.0.0_postgres ~/Documents/Docker/Volumes/bonita_7.0.3_postgres
    
  4. Retrieve the DB container IP

    docker inspect --format '{{ .NetworkSettings.IPAddress }}' mydbpostgres
    172.17.0.26
    
  5. Dump the database

    export PGPASSWORD=mysecretpassword
    pg_dump -O -x -h 172.17.0.26 -U postgres bonitadb > /tmp/bonitadb.sql
    

    Note that businessdb won’t be updated with the migration tool but you may want to also backup/move it.

  6. Load the dump

    export PGPASSWORD=mysecretpassword
    psql -U postgres -h 172.17.0.26 -d postgres -c "CREATE USER newbonitauser WITH PASSWORD 'newbonitapass';"
    psql -U postgres -h 172.17.0.26 -d postgres -c "CREATE DATABASE newbonitadb OWNER newbonitauser;"
    export PGPASSWORD=newbonitapass
    cat /tmp/bonitadb.sql | psql -U newbonitauser -h 172.17.0.26 newbonitadb
    
  7. Retrieve the last migration tool and the target version of the Bonita bundle

    cd ~/Documents/Docker/Volumes/bonita_7.0.3_postgres
    wget http://download.forge.ow2.org/bonita/bonita-migration-distrib-2.2.0.zip
    wget http://download.forge.ow2.org/bonita/BonitaBPMCommunity-7.0.3-Tomcat-7.0.55.zip
    unzip bonita-migration-distrib-2.2.0.zip -d bonita-migration-distrib-2.2.0
    unzip BonitaBPMCommunity-7.0.3-Tomcat-7.0.55.zip
    
  8. Move the previous Home into the new bundle

    mv BonitaBPMCommunity-7.0.3-Tomcat-7.0.55/bonita/ BonitaBPMCommunity-7.0.3-Tomcat-7.0.55/bonita.orig
    cp -r BonitaBPMCommunity-7.0.0-Tomcat-7.0.55/bonita/ BonitaBPMCommunity-7.0.3-Tomcat-7.0.55/bonita/
    
  9. Configure the migration tool

    cd bonita-migration-distrib-2.2.0/
    

    add the jdbc driver

    cp ../BonitaBPMCommunity-7.0.0-Tomcat-7.0.55/lib/bonita/postgresql-9.3-1102.jdbc41.jar lib/
    

    edit the migration tool config to point towards the copy of bonita home and db

    vim Config.properties
    

    For example :

    bonita.home=/home/user/Documents/Docker/Volumes/bonita_7.0.3_postgres/BonitaBPMCommunity-7.0.3-Tomcat-7.0.55/bonita
    # JDBC properties
    ## Postgres
    db.vendor=postgres
    db.url=jdbc:postgresql://172.17.0.26:5432/newbonitadb
    db.driverClass=org.postgresql.Driver
    db.user=newbonitauser
    db.password=newbonitapass
    
  10. Launch the migration

    ./migration.sh
    
  11. Launch the new container pointing towards the copy of DB and filesystem

    docker run --name=bonita_7.0.3_postgres --link mydbpostgres:postgres -e "DB_NAME=newbonitadb" -e "DB_USER=newbonitauser" -e "DB_PASS=newbonitapass" -v ~/Documents/Docker/Volumes/bonita_7.0.3_postgres:/opt/bonita/ -d -p 8081:8080 bonita:7.0.3
    

For more details regarding Bonita migration, see the documentation.

Security

This Docker image activates both static and dynamic authorization checks by default on REST API. To be consistent, it also deactivates the HTTP API.

For specific needs you can override this behavior by setting HTTP_API to true and REST_API_DYN_AUTH_CHECKS to false:

docker run  -e HTTP_API=true -e REST_API_DYN_AUTH_CHECKS=false --name bonita -d -p 8080:8080 bonita

Environment variables

When you start the bonita image, you can adjust the configuration of the Bonita instance by passing one or more environment variables on the docker run command line.

PLATFORM_PASSWORD

This environment variable is recommended for you to use the Bonita image. It sets the platform administrator password for Bonita. If it is not specified, the default password platform will be used.

PLATFORM_LOGIN

This optional environment variable is used in conjunction with PLATFORM_PASSWORD to define the username for the platform administrator. If it is not specified, the default user platformAdmin will be used.

TENANT_PASSWORD

This environment variable is recommended for you to use the Bonita image. It sets the tenant administrator password for Bonita. If it is not specified, the default password install will be used.

TENANT_LOGIN

This optional environment variable is used in conjunction with TENANT_PASSWORD to define the username for the tenant administrator. If it is not specified, the default user of install will be used.

REST_API_DYN_AUTH_CHECKS

This optional environment variable is used to enable/disable dynamic authorization checking on Bonita REST API. The default value is true, which will activate dynamic authorization checking.

HTTP_API

This optional environment variable is used to enable/disable the Bonita HTTP API. The default value is false, which will deactivate the HTTP API.

JAVA_OPTS

This optional environment variable is used to customize JAVA_OPTS. The default value is -Xms1024m -Xmx1024m -XX:MaxPermSize=256m.

ENSURE_DB_CHECK_AND_CREATION

This optional environment variable is used to allow/disallow the SQL queries to automatically check and create the databases using the database administrator credentials. The default value is true.

DB_VENDOR

This environment variable is automatically set to postgres or mysql if the Bonita container is linked to a PostgreSQL or MySQL database using --link. The default value is h2. It can be overridden if you don’t use the --link capability.

DB_HOST, DB_PORT

These variables are optional, used in conjunction to configure the bonita image to reach the database instance. There are automatically set if --link is used to run the container.

DB_NAME, DB_USER, DB_PASS

These variables are used in conjunction to create a new user, set that user’s password, and create the bonita database.

DB_NAME default value is bonitadb.

DB_USER default value is bonitauser.

DB_PASS default value is bonitapass.

BIZ_DB_NAME, BIZ_DB_USER, BIZ_DB_PASS

These variables are used in conjunction to create a new user, set that user’s password and create the bonita business database.

BIZ_DB_NAME default value is businessdb.

BIZ_DB_USER default value is businessuser.

BIZ_DB_PASS default value is businesspass.

DB_ADMIN_USER, DB_ADMIN_PASS

These variables are optional, and used in conjunction to create users and databases through the administrator account used on the database instance.

DB_ADMIN_USER if no value is provided, this is automatically set to root with MySQL or postgres with PostgreSQL.

DB_ADMIN_PASS if no value is provided, this is automatically set using the value from the linked container: MYSQL_ENV_MYSQL_ROOT_PASSWORD or POSTGRES_ENV_POSTGRES_PASSWORD.

How to extend this image

If you would like to do additional initialization, you can add a *.sh script under /opt/custom-init.d. The startup.sh file will source any *.sh script found in this directory to do further initialization before starting the service.

For example, you can increase the log level :

mkdir -p ~/Documents/Docker/Volumes/custom_bonita
echo '#!/bin/bash' > ~/Documents/Docker/Volumes/custom_bonita/bonita.sh
echo 'sed -i "s/^org.bonitasoft.level = WARNING$/org.bonitasoft.level = FINEST/" /opt/bonita/BonitaBPMCommunity-7.0.0-Tomcat-7.0.55/conf/logging.properties' >> ~/Documents/Docker/Volumes/custom_bonita/bonita.sh
chmod +x ~/Documents/Docker/Volumes/custom_bonita/bonita.sh

docker run --name bonita_custom -v ~/Documents/Docker/Volumes/custom_bonita/:/opt/custom-init.d -d -p 8080:8080 bonita

Note: There are several ways to check the bonita logs. One of them is

docker exec -ti bonita_custom /bin/bash
tail -f /opt/bonita/BonitaBPMCommunity-7.0.0-Tomcat-7.0.55/logs/bonita.`date +%Y-%m-%d`.log

Issues and contribution

If you have any problems with or questions about this image, please contact us through a GitHub issue.

You are invited to contribute new features, fixes, or updates, large or small; we are always happy to receive pull requests, and do our best to process them as fast as we can.

Before you start to code, we recommend discussing your plans through a GitHub issue, especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.

Don’t forget to tell us where your contributions are. We have some awesome #DeveloperHero t-shirts that we can’t wait to hand out.

Tell us where to look