BlueCat Gateway is delivered as a container image published in a public BlueCat cloud registry on Quay.io. You do not need a Quay.io account to pull the BlueCat Gateway image. Use Docker commands in the Linux CLI to pull the image, then to run, stop, start, or remove containers. For a list of commonly used Docker commands, refer to Common Docker commands.
You can also obtain the image as a tar file from BlueCat Customer Care. For more information, refer to Installing BlueCat Gateway from Customer Care.
If your Linux host machine is behind a firewall, you must first pull the BlueCat Gateway image on a separate Linux machine with Internet connectivity, and then copy the image to the host machine.
Before you Start
For improved security and compliance, by default, the Gateway session cookie is only sent under an HTTPS connection. To log in:
- In your browser, change to HTTPS in the Gateway URL and accept the certificate, or
- If you prefer to use HTTP, pass the following environment variable as
part of the
docker run
command when instantiating the Gateway container:-e SESSION_COOKIE_SECURE=False
Define a workspace: A workspace is the logical location for you to place your workflows and associated data, including configurations, libraries, requirements, permissions, and customizations; a workspace can be a Docker volume (recommended) or a volume on your local machine.
For more information, refer to the Workspaces section in the BlueCat Gateway Administration Guide.
Define a logs directory: A logs directory can be a Docker volume (recommended) or a volume on your local machine.
BlueCat recommends that customers map Docker volumes for the workspace and for the log directory. Volumes are completely managed by Docker, which means you do not need to set permissions manually when using Docker volumes. This is also the recommended practice for Docker containers.
If you prefer to mount data and log volumes to your local machine, you must
manually set rwx
(read, write, execute) permissions to those
directories before running the container.
If you do not map data or log volumes to your local machine during installation, BlueCat Gateway will write all the data to the container by default. If you then stop or restart the container, all this data will be lost.
rwx
permissions for external volumes, run the following
command:chmod -R o=rwx <mapped volume>
You can use any name for the workspace and for the logs directory.
BlueCat Gateway saves configuration and workflow data to the workspace, and all execution and session logs to the mapped logs directory. If you do not map a workspace or a logs directory, all the configuration and logging data is written to the container by default.
<bluecat_gateway>
is used throughout the BlueCat Gateway documentation to refer to this workspace.
To obtain the BlueCat Gateway image from the public repository:
-
Run the following command to pull the image and start the container:
docker run -d \ -p 80:8000 \ -p 443:44300 \ -v <path_to_workspace>:/bluecat_gateway/ \ -v <path_to_mapped_log_directory>:/logs/ \ -e BAM_IP=<your bam ip or url> \ --name bluecat_gateway quay.io/bluecat/gateway:24.1.0
Attention: If using RedHat Enterprise Linux-compiled DockerIf you are using RHEL-compiled Docker, you must add:Z
at the end of the file path for any mapped directory. For example:-v <path_to_workspace>:/bluecat_gateway/:Z
Tip: If you remove the Gateway container and wish to re-install it using the same BAM server IP and the same workspace and logging directory, the environment variable does not need to be passed as part of the docker run command.docker run -d \ -p 80:8000 \ -p 443:44300 \ -v <path_to_workspace>:/bluecat_gateway/ \ -v <path_to_mapped_log_directory>:/logs/ \ --name bluecat_gateway quay.io/bluecat/gateway:24.1.0
This completes installation of BlueCat Gateway. Next, go to Address Manager to create the BlueCatGateway UDF and BlueCat Gateway administrators and users.
For more information on Docker commands, refer to Common Docker commands.