Docker setup

Loading docker image

Before starting the ASR service, the current version of the docker image provided in the package distribution must be loaded locally.

To load an image, use the command:

docker load -i docker-image/techmo-asr-service:v3.2.1.tar.gz

(Make sure that the name and image version used in the above command match those provided in the package)

Service options and configuration

Service configuration is described by environmental variables inside .env file.

• Can’t see the .env file?

You must open the main service file and execute the command:

ls -la

Content of the sample .env file is presented below:

# === Service configuration ===
SERVICE_IMAGE=techmo-asr-service:v3.2.1
COMPOSE_PROJECY_NAME=techmo-asr-3.2.1
SERVICE_NAME=techmo-asr-3.2.1
ASR_HOST=0.0.0.0
ASR_PORT=12345
ASR_MANAGEMENT_PORT=12346
ASR_STATUS_PORT=12347
ASR_METRICS_PORT=10324
ASR_MODELS_CONFIG=--models-config-path /resources/models_config.json
ASR_ADDITIONAL_CONFIG=--log-level-console debug --log-dir /data/log --log-prefix asr-service --protobuf-logging-dir /data/pblog --protobuf-logging-split --protobuf-logging-raw-format --protobuf-logging-max-size=20GB

# === Resource paths ===
ASR_RESOURCES_PATH=./resources/

# === Licence configuration ===
ASR_LICENCE_PATH=./licence/

# === Storage configuration ===
DATA_DIR=./data/

Licensing data generation

Standard deployment package includes additional Docker Compose startup configuration for licensing data generation inside the generate-licence-info.yml file. Such configuration can be used to generate the licensing data as shown below:

docker-compose -f generate-licence-info.yml up 

Received output should be similar to this one:

techmo-asr-3.2.1 | ==========BEGIN OF LICENCE PARAMETERS==========
techmo-asr-3.2.1 | {
techmo-asr-3.2.1 |     "application-id": "ASR",
techmo-asr-3.2.1 |     "application-version": "3.2.1",
techmo-asr-3.2.1 |     "container-id": "techmo-asr-3.2.1",
techmo-asr-3.2.1 |     "instance-ip": "0.0.0.0",
techmo-asr-3.2.1 |     "instance-port": "12345",
techmo-asr-3.2.1 |     "licence-key-id": "Etc\/3raHotA4X+3ZGH3dm1ncDD6lm10a1qHxDeZk=",
techmo-asr-3.2.1 |     "licence-version": "3",
techmo-asr-3.2.1 |     "machine-id": "TJN\/0f45fKekWE9WV\/eJah32Cham33ZodFWasdJC117I3VU4eerIM0="
techmo-asr-3.2.1 | }
techmo-asr-3.2.1 | ==========END OF LICENCE PARAMETERS==========
techmo-asr-3.2.1 exited with code 0

The above data should be sent to the Techmo team via email in order to generate an individual licence valid on the customer’s machine. Received file should be placed in the licences directory. To remove the container created during data generation process, use:

docker-compose -f generate-licence-info.yml down

TLS authentication

To protect server-client communication, a TLS secure connection can be used. The section below describes how to do it in several simple steps.

Creating certificates and keys

OpenSSL is needed to create the TLS certificates. OpenSSL can be installed using command:

sudo apt-get install openssl

Create separate directory for tls files:

mkdir tls && cd tls

Create keys and certificates. In the commands below replace the password phrase with a secure password (for detailed information check out the openssl documentation).

Generate CA private key:

openssl genrsa -passout pass:password -des3 -out ca.key 4096

Generate self signed certificate:

openssl req -passin pass:password -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=PL/CN=Root CA"

Generate server RSA private key:

openssl genrsa -passout pass:password -des3 -out server.key 4096

Generate server certificate: (in the command below replace “localhost” with the domain’s common name)

openssl req -passin pass:password -new -key server.key -out server.csr -subj "/C=PL/CN=localhost"
openssl x509 -req -passin pass:password -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

Remove passphrase from the server key:

openssl rsa -passin pass:password -in server.key -out server.key

Generate valid client key:

openssl genrsa -passout pass:password -des3 -out client.key 4096

Generate client certificate:

openssl req -passin pass:password -new -key client.key -out client.csr -subj "/C=PL/CN=localhost"
openssl x509 -passin pass:password -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

Remove passphrase from client key:

openssl rsa -passin pass:password -in client.key -out client.key

To perform mutual authentication, client application will need access to the ca.crt, client.key and client.crt, other files should stay on the server side.

Startup configuration with TLS

To run the service with TLS support enabled, a couple of changes have to be done in the configuration. Extend the volumes section in the docker-compose.yml file with tls directory:

services: asr-service: […] volumes: […] - “./tls:/tls”

Save and close docker-compose.yml file. Enable TLS authentication through the ASR_ADDITIONAL_CONFIG variable in the .env file:

ASR_ADDITIONAL_CONFIG=[...] --tls-dir=/tls --tls-enable-mutual-authentication

Save and close .env file. After completing the above steps, service can be started using docker-compose up -d command. If service instance is already running, to apply the changes and enabe the TLS encryption, restart is required.

Starting the Service

After completing the configuration and placing the licence in the correct directory, service can be started using the following command:

docker-compose up

Example docker compose file:

version: '2'

services:
  techmo-asr-3.2.1:
    container_name: ${SERVICE_NAME}
    image: ${SERVICE_IMAGE}
    network_mode: host
    restart: always
    volumes:
      - /run/docker.sock:/run/docker.sock
      - "${DATA_DIR}:/data"
      - "${ASR_RESOURCES_PATH}:/resources"
      - "${ASR_LICENCE_PATH}:/licence"
      - "./tls/:/tls"
    env_file: .env
    command: >
      bin/asr_service
        --address "${ASR_HOST}":"${ASR_PORT}"
        --management-address "${ASR_HOST}":"${ASR_MANAGEMENT_PORT}"
        --status-address "${ASR_HOST}":"${ASR_STATUS_PORT}"
        --prometheus-metrics-address "${ASR_HOST}":"${ASR_METRICS_PORT}"
        --licence-path="/licence/TechmoASR3.lic"
        --tls-dir "/tls"
        --tls-mutual-authentication
        ${ASR_MODELS_CONFIG}
        ${ASR_ADDITIONAL_CONFIG}

To run the Docker container in the background, additionally use the -d (–detach) option:

docker-compose up -d

This will allow the service to remain running after closing the current terminal window

In order to access container’s logs, use the following command:

docker logs ${CONTAINER_NAME}

To terminate the service, use the following command:

docker-compose down