---
alias: operation-guide-connectiotinstallation-docker
tags:
- connect iot
description: "This documentation details Docker container setup for Connect IoT, including environment variables, paths, and configuration options"
---
# Docker Container Support
A Docker image is provided with support for x64 and Arm64 architectures.
!!! info
This and other images are available only through the DevOps Center section of the Customer Portal and require proper authorization to be accessed. For more information, visit .
## Variables to set
| Name | Type | Possible Values | Default | Description |
| ----------------------------------- | -------------- | ------------------------------ | --------- | ---------------------------------------------------------------------------------------------------------------------------- |
| CONNECT_IOT_MANAGER_NAME | String | | | Automation Manager Id |
| CONNECT_IOT_MONITOR_HOSTNAME | String | | localhost | Name of the server where the manager is running. Only necessary when driver and controller are running in different managers |
| CONNECT_IOT_REPOSITORY_TYPE | String | `Npm`
`Directory` | Npm | Type of repository to use to retrieve binary packages |
| CONNECT_IOT_REPOSITORY_LOCATION | String | | | Location of the repository (url or directory path) |
| CONNECT_IOT_STORAGE_RETENTION_TIME | Integer\String | | 30d | Time to retain the persisted values |
| DISCOVERY_SERVICES_URL_SUFFIX | String | | | Suffix of the load balancer |
| DISCOVERY_SERVICES_ENABLED | Boolean | | false | Is load balancing running |
| TENANT_NAME | String | | | Tenant of the Host |
| APPLICATION_PUBLIC_HTTP_ADDRESS | String | | | Address where the host is listening |
| APPLICATION_PUBLIC_HTTP_PORT | Integer | | 80 | Port of the host |
| APPLICATION_PUBLIC_HTTP_TIMEOUT | Integer | | 60000 | Timeout to use for system calls |
| APPLICATION_AUTHENTICATION_TYPE | String | `Password`
`SecurityPortal` | Password | Authentication mode to access host |
| APPLICATION_AUTHENTICATION_DOMAIN | String | | | When in `Password` mode, the domain of the user |
| APPLICATION_AUTHENTICATION_USERNAME | String | | | When in `Password` mode, the username |
| APPLICATION_AUTHENTICATION_PASSWORD | String | | | When in `Password` mode, the password |
| APPLICATION_ACCESS_TOKEN | String | | | When in `SecurityPortal` mode, the access token |
| APPLICATION_PUBLIC_HTTP_TLS_ENABLED | Boolean | | false | Is the host running in SSL mode |
| SECURITY_PORTAL_CLIENT_ID | String | | | When in `SecurityPortal` mode, the id of the client |
| SECURITY_PORTAL_PUBLIC_URL | String | | | When in `SecurityPortal` mode ,the public url |
## Special Paths
The following paths are hard-coded in the container, but can be overridden by the creation of the image if you wish to better control the behavior.
| Path | Description |
| ---------------------------- | -------------------------------------------------------------------- |
| /usr/iot/ | Connect IoT Root directory. |
| /usr/iot/manager/config.json | Configuration file generated using the environment variables defined. |
| /usr/iot/cache | Location of the cache (downloaded and validated runtime packages). |
| /usr/iot/persistency | Location of the persisted data. |
| /usr/iot/logs | Location of the written logs. |
Table: Connect IoT Special Paths for Docker
!!! note
The entire content will be lost if kept inside the container when the container is removed.
## Configuration File Included
This is the raw configuration file. Will be automatically pre-processed to include the values of the placeholders, using the corresponding values defined as environment variables.
```json
{
"id": "${CONNECT_IOT_MANAGER_NAME}",
"cache": "/usr/iot/cache",
"hostName": "${CONNECT_IOT_MONITOR_HOSTNAME}",
"monitorApplication": "${pwd}/monitor.js",
"repository": {
"type": "${CONNECT_IOT_REPOSITORY_TYPE}",
"settings": {
"url": "${CONNECT_IOT_REPOSITORY_LOCATION}",
"path": "${CONNECT_IOT_REPOSITORY_LOCATION}"
}
},
"system": {
"tenantName": "${TENANT_NAME}",
"address": "${APPLICATION_PUBLIC_HTTP_ADDRESS}",
"port": "${APPLICATION_PUBLIC_HTTP_PORT}",
"timeout": "${APPLICATION_PUBLIC_HTTP_TIMEOUT}",
"useSsl": "${APPLICATION_PUBLIC_HTTP_TLS_ENABLED}",
"urlSuffix": "${DISCOVERY_SERVICES_URL_SUFFIX}",
"authentication": {
"type": "${APPLICATION_AUTHENTICATION_TYPE}",
"settings": {
"domain": "${APPLICATION_AUTHENTICATION_DOMAIN}",
"username": "${APPLICATION_AUTHENTICATION_USERNAME}",
"password": "${APPLICATION_AUTHENTICATION_PASSWORD}",
"clientId": "${SECURITY_PORTAL_CLIENT_ID}",
"accessToken": "${APPLICATION_ACCESS_TOKEN}",
"openIdConfiguration": "${SECURITY_PORTAL_PUBLIC_URL}/.well-known/openid-configuration"
}
}
},
"storage": {
"type": "Directory",
"settings": {
"path": "/usr/iot/persistency",
"retentionTime": "${STORAGE_RETENTION_TIME}"
}
},
"logging": [
{
"type": "Console",
"options": {
"level": "debug",
"prettyPrint": true,
"colorizeMessage": true
},
"applications": [ "*" ]
},
{
"id": "ControllersAndDrivers",
"type": "File",
"options": {
"filename": "${applicationName}_${date}.log",
"dirname": "/usr/iot/logs/Instances/${entityNameNormalized}/${componentId}",
"level": "debug",
"timestampFormat": "HH:mm:ss.SSSSS",
"maxSize": "10m",
"maxFiles": "30d"
},
"applications": [ "AutomationController", "Driver*" ]
},
{
"id": "ManagerAndMonitor",
"type": "File",
"options": {
"filename": "${applicationName}_${date}.log",
"dirname": "/usr/iot/logs/${applicationName}",
"level": "debug",
"timestampFormat": "HH:mm:ss.SSSSS",
"maxSize": "10m",
"maxFiles": "30d"
},
"applications": [ "AutomationMonitor", "AutomationManager" ]
},
{
"id": "Jobs",
"type": "File",
"options": {
"filename": "Job_${jobId}_${date}.log",
"dirname": "/usr/iot/logs/jobs",
"auditFile": "/usr/iot/logs/jobs/.audit.json",
"level": "debug",
"timestampFormat": "HH:mm:ss.SSSSS",
"maxSize": "10m",
"maxFiles": "30d"
},
"applications": [
"AutomationJob"
]
}
]
}
```
## Examples
The following examples explain what to to under some special scenarios. The command lines provided are to be used as an example only. They must be adapted to match you operating system, directory locations, versions, etc.
### Use a shared directory as directory repository
Assuming the directory to be in `\\10.24.14.17\public\jpsantos\Repository` and it is protected by user/password.
```bash
docker volume create --driver local --opt type=cifs --opt device=//10.24.14.17/public/jpsantos/Repository --opt o=user=cmfsu,domain=cmf.criticalmanufacturing.com,password="ThIsMyPaSsWoRd" repositoryVolume
docker run -it --env-file C:\docker\envVariables.txt --name iot --volume repositoryVolume:/usr/iot/repository criticalmanufacturing.io/criticalmanufacturing/connectiot:8.0.0
```
The main entries of the envVariables.txt file:
```bash
CONNECT_IOT_REPOSITORY_TYPE=Directory
CONNECT_IOT_REPOSITORY_LOCATION=/usr/iot/repository
```
### Attach a USB Barcode Reader for KeyboardWedge driver
Assuming the USB reader is connected and detected by the system (used a Raspberry Pi Linux Arm for the example, so Raspbian OS), mounted as `/dev/hidraw0`.
First step, to avoid using docker image in privileged mode, is to allow access to the device by any user.
1. List USB devices
```bash
pi@raspberrypi:~/iot $ lsusb
Bus 002 Device 002: ID 090c:1000 Silicon Motion, Inc. - Taiwan (formerly Feiya Technology Corp.) Flash Drive
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 007: ID ffff:0035
Bus 001 Device 002: ID 2109:3431 VIA Labs, Inc. Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
```
2. Having identified the device (`Bus 001 Device 007: ID ffff:0035`), create a rules file to allow the usage by anyone that has access to the system.
```bash
pi@raspberrypi:~/iot $ sudo nano /etc/udev/rules.d/rfid.rules
SUBSYSTEM=="usb", ATTRS{idVendor}=="ffff", ATTRS{idProduct}=="0035", MODE="0777"
```
3. Reboot the system to apply the rules
The final step is to start the container and forward the access to the device
```bash
docker run -it --device /dev/hidraw0:/dev/hidraw0 --env-file /home/pi/iot/env.txt --name iot criticalmanufacturing.io/criticalmanufacturing/connectiot:8.0.0
```
`Note`: In the workflow, `Equipment Setup` task, you must set the location of the device to the mapped location of the device as defined in the image. In this example, the device was kept as `/dev/hidraw0`
### Attach a serial device
Some automations require access to serial devices. As with the previous example, it is necessary to allow access from the container to the physical device, but in the case of the serial, it is not necessary to provide special access rules.
```bash
docker run -it --device /dev/serial0:/dev/serial0 --env-file /home/pi/iot/env.txt --name iot criticalmanufacturing.io/criticalmanufacturing/connectiot:8.0.0
```
### Use a mounted location to access with a file driver
Assuming the location `/home/pi/iot/device` is pointing out to and external location where a device places files to be processed by Connect IoT.
```bash
docker run -it --volume /home/pi/iot/device:/usr/iot/toolDirectory --env-file /home/pi/iot/env.txt --name iot criticalmanufacturing.io/criticalmanufacturing/connectiot:8.0.0
```
`Note`: In the workflow, `Equipment Setup` task, you must set the location of the mapped location of the device as defined in the image. In this example, the device was set as `/usr/iot/toolDirectory`
### Use Raspberry Pi included Bluetooth device
`Note`: This is not yet working 100%, but it already allows to scan the existing devices. Connecting to them sometimes causes an error and needs to retry several times. Until a solution is found, it is not recommended to use the BLE driver inside a container.
```bash
docker run -it --cap-add=SYS_ADMIN --cap-add=NET_ADMIN --net=host --env-file /home/pi/iot/env.txt --name iot --device /dev/ttyAMA0 criticalmanufacturing.io/criticalmanufacturing/connectiot:8.0.0
```
## Install Docker in Raspberry pi
The following instructions were tested, based on the tutorial from .
```bash
sudo apt-get update && sudo apt-get upgrade
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# optional, add user pi into docker group to allow running docker commands without sudo
sudo usermod -aG docker pi
docker version
```