Docker setup¶
Loading docker image¶
Before starting the ASR service, the current version of the docker image provided in the package distribution must be loaded locally.
To load an image, use the command:
docker load -i docker-image/techmo-asr-service:v3.2.1.tar.gz
(Make sure that the name and image version used in the above command match those provided in the package)
Service options and configuration¶
Service configuration is described by environmental variables inside .env file.
Can’t see the .env file?
You must open the main service file and execute the command:
ls -la
Content of the sample .env file is presented below:
# === Service configuration ===
SERVICE_IMAGE=techmo-asr-service:v3.2.1
COMPOSE_PROJECY_NAME=techmo-asr-3.2.1
SERVICE_NAME=techmo-asr-3.2.1
ASR_HOST=0.0.0.0
ASR_PORT=12345
ASR_MANAGEMENT_PORT=12346
ASR_STATUS_PORT=12347
ASR_METRICS_PORT=10324
ASR_MODELS_CONFIG=--models-config-path /resources/models_config.json
ASR_ADDITIONAL_CONFIG=--log-level-console debug --log-dir /data/log --log-prefix asr-service --protobuf-logging-dir /data/pblog --protobuf-logging-split --protobuf-logging-raw-format --protobuf-logging-max-size=20GB
# === Resource paths ===
ASR_RESOURCES_PATH=./resources/
# === Licence configuration ===
ASR_LICENCE_PATH=./licence/
# === Storage configuration ===
DATA_DIR=./data/
Licensing data generation¶
Standard deployment package includes additional Docker Compose startup configuration for licensing data generation inside the generate-licence-info.yml file. Such configuration can be used to generate the licensing data as shown below:
docker-compose -f generate-licence-info.yml up
Received output should be similar to this one:
techmo-asr-3.2.1 | ==========BEGIN OF LICENCE PARAMETERS==========
techmo-asr-3.2.1 | {
techmo-asr-3.2.1 | "application-id": "ASR",
techmo-asr-3.2.1 | "application-version": "3.2.1",
techmo-asr-3.2.1 | "container-id": "techmo-asr-3.2.1",
techmo-asr-3.2.1 | "instance-ip": "0.0.0.0",
techmo-asr-3.2.1 | "instance-port": "12345",
techmo-asr-3.2.1 | "licence-key-id": "Etc\/3raHotA4X+3ZGH3dm1ncDD6lm10a1qHxDeZk=",
techmo-asr-3.2.1 | "licence-version": "3",
techmo-asr-3.2.1 | "machine-id": "TJN\/0f45fKekWE9WV\/eJah32Cham33ZodFWasdJC117I3VU4eerIM0="
techmo-asr-3.2.1 | }
techmo-asr-3.2.1 | ==========END OF LICENCE PARAMETERS==========
techmo-asr-3.2.1 exited with code 0
The above data should be sent to the Techmo team via email in order to generate an individual licence valid on the customer’s machine. Received file should be placed in the licences directory. To remove the container created during data generation process, use:
docker-compose -f generate-licence-info.yml down
TLS authentication¶
To protect server-client communication, a TLS secure connection can be used. The section below describes how to do it in several simple steps.
Creating certificates and keys¶
OpenSSL is needed to create the TLS certificates. OpenSSL can be installed using command:
sudo apt-get install openssl
Create separate directory for tls files:
mkdir tls && cd tls
Create keys and certificates. In the commands below replace the password phrase with a secure password (for detailed information check out the openssl documentation).
Generate CA private key:
openssl genrsa -passout pass:password -des3 -out ca.key 4096
Generate self signed certificate:
openssl req -passin pass:password -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=PL/CN=Root CA"
Generate server RSA private key:
openssl genrsa -passout pass:password -des3 -out server.key 4096
Generate server certificate: (in the command below replace “localhost” with the domain’s common name)
openssl req -passin pass:password -new -key server.key -out server.csr -subj "/C=PL/CN=localhost"
openssl x509 -req -passin pass:password -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Remove passphrase from the server key:
openssl rsa -passin pass:password -in server.key -out server.key
Generate valid client key:
openssl genrsa -passout pass:password -des3 -out client.key 4096
Generate client certificate:
openssl req -passin pass:password -new -key client.key -out client.csr -subj "/C=PL/CN=localhost"
openssl x509 -passin pass:password -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
Remove passphrase from client key:
openssl rsa -passin pass:password -in client.key -out client.key
To perform mutual authentication, client application will need access to the ca.crt, client.key and client.crt, other files should stay on the server side.
Startup configuration with TLS¶
To run the service with TLS support enabled, a couple of changes have to be done in the configuration. Extend the volumes section in the docker-compose.yml file with tls directory:
services: asr-service: […] volumes: […] - “./tls:/tls”
Save and close docker-compose.yml file. Enable TLS authentication through the ASR_ADDITIONAL_CONFIG variable in the .env file:
ASR_ADDITIONAL_CONFIG=[...] --tls-dir=/tls --tls-enable-mutual-authentication
Save and close .env file. After completing the above steps, service can be started using docker-compose up -d command. If service instance is already running, to apply the changes and enabe the TLS encryption, restart is required.
Starting the Service¶
After completing the configuration and placing the licence in the correct directory, service can be started using the following command:
docker-compose up
Example docker compose file:
version: '2'
services:
techmo-asr-3.2.1:
container_name: ${SERVICE_NAME}
image: ${SERVICE_IMAGE}
network_mode: host
restart: always
volumes:
- /run/docker.sock:/run/docker.sock
- "${DATA_DIR}:/data"
- "${ASR_RESOURCES_PATH}:/resources"
- "${ASR_LICENCE_PATH}:/licence"
- "./tls/:/tls"
env_file: .env
command: >
bin/asr_service
--address "${ASR_HOST}":"${ASR_PORT}"
--management-address "${ASR_HOST}":"${ASR_MANAGEMENT_PORT}"
--status-address "${ASR_HOST}":"${ASR_STATUS_PORT}"
--prometheus-metrics-address "${ASR_HOST}":"${ASR_METRICS_PORT}"
--licence-path="/licence/TechmoASR3.lic"
--tls-dir "/tls"
--tls-mutual-authentication
${ASR_MODELS_CONFIG}
${ASR_ADDITIONAL_CONFIG}
To run the Docker container in the background, additionally use the -d (–detach) option:
docker-compose up -d
This will allow the service to remain running after closing the current terminal window
In order to access container’s logs, use the following command:
docker logs ${CONTAINER_NAME}
To terminate the service, use the following command:
docker-compose down