Home / InterSystems Cloud Manager Guide / Using ICM with Custom and Third-Party Containers

InterSystems Cloud Manager Guide
Using ICM with Custom and Third-Party Containers
Previous section           Next section
InterSystems: The power behind what matters   

This appendix describes using ICM to deploy customer and third-party containers. Instructions assume that your Docker image resides in a repository accessible by ICM. For information on how to configure your container to communicate with other containers and services (including InterSystems IRIS™), see Scripting with ICM.
Container Naming
Each container running on a given host must have a unique name. When deploying a container using icm run, the container can be named using the -container option:
# icm run -container gracie -image docker/whalesay
You can see the name reflected in the output of icm ps:
# icm ps
Machine            IP Address    Container   Status      Health   Image
-------             ---------     --------    -----      ------   ----
ACME-DM-TEST-0001  gracie      Restarting           docker/whalesay
If the -container option is not provided, the default container name iris is used. Both iris and spark are reserved and should only be used for containers derived from InterSystems IRIS and Apache Spark Docker images provided by InterSystems.
Overriding Default Commands
If you want to override a container's default command, you can do so with -command. For example, suppose the docker/whalesay image runs command /bin/bash by default:
# icm docker -command "ps -a"

17f4ece54c2f  docker/whalesay  "/bin/bash"  4 days ago  Restarting  gracie
To have the container run a different command, such as pwd, you could deploy it as follows:
# icm run -container gracie -image docker/whalesay command pwd
You can verify that the command succeeded by examining the Docker logs:
# icm docker -command "logs gracie"
Using Docker Options
Your container may require Docker options or overrides not explicitly provided by ICM; these can be included using the -options option. This section provides examples a few of the more common use cases. For complete information about Docker options see
By default, ICM deploys containers with the option --restart unless-stopped. This means that if the container crosses an execution boundary for any reason other than an icm stop command (container exit, Docker restart, and so on), Docker keeps attempting to run it. In certain cases however, we want the container to run once and remain terminated. In this case, we can suppress restart as follows:
# icm run -container gracie -image docker/whalesay -options "--restart no"
# icm ps
Machine            IP Address    Container   Status      Health   Image
-------            ---------     --------    -----       ------   -----
ACME-DM-TEST-0001  gracie      Exited (0)           docker/whalesay
Some containers require additional privileges to run, or you may want to remove default privileges. Examples:
# icm run -container sensors -image hello-world -options "--privileged"
# icm run -container fred -image hello-world -options "--cap-add SYS_TIME"
# icm run -container fred -image hello-world -options "--cap-drop MKNOD"
Environment Variables
Environment variables can be passed to your container using the Docker option --env. These variables are be set within your container in a manner similar to the bash export command:
# icm run container fred image hello-world options "--env TERM=vt100"
Mount Volumes
If your container needs to access files on the host machine, a mount point can be created within your container using the Docker --volume option. For example:
# icm run container fred image hello-world options "--volume /dev2:/dev2"
This makes the contents of directory /dev2 on the host available at mount point /dev2 within the container:
# icm ssh -command "touch /dev2/example.txt"  // on the host
# icm exec -command "ls /dev2"                // in the container
Ports within your container can be mapped to the host using the Docker option --publish:
# icm run -container fred -image hello-world -options "--publish 80:8080"
# icm run -container fred -image hello-world -options "--publish-all"
You must open the corresponding port on the host if you wish to access the port from outside. This can be achieved in a number of ways, including:
You also have to ensure that you are not colliding with a port mapped to another container or service on the same host. Finally, keep in mind that --publish has no effect on containers when the overlay network is of type host.
The following example modifies the Terraform template for AWS to allow incoming TCP communication over port 563 (NNTP over SSL/TLS):

Previous section           Next section
View this book as PDF   |  Download all PDFs
Copyright © 1997-2019 InterSystems Corporation, Cambridge, MA
Content Date/Time: 2019-04-23 15:16:10