DataMasque Portal

Podman Installation

This page guides you through installing Podman, docker-compose and DataMasque on a supported Red Hat Enterprise Linux (RHEL) system.

Refer to Linux Server Installation for system and OS version requirements.

Install podman

Instead of using Docker to manage images and containers, Podman can be used. Please follow these instructions to be able to use Podman instead of Docker. Podman is a replacement for Docker on RHEL systems.

Note: If you are using podman instead of docker then you should always use the --podman option when running the DataMasque install.sh script.

  1. Install Podman
sudo dnf module enable -y container-tools
sudo dnf module install -y container-tools
  1. Start the Podman socket service to allow docker-compose to communicate with Podman.
sudo systemctl enable podman.socket
sudo systemctl start podman.socket

Notes: sudo systemctl enable is needed so that the podman.socket is started on boot. To ensure the podman socket is active the following command can be used sudo systemctl status podman.socket Communication between the podman socket and docker-compose can be tested with the following curl command:

sudo curl -H "Content-Type: application/json" --unix-socket /var/run/docker.sock http://localhost/_ping
  1. Install Podman-plugins to facilitate communication between containers:
sudo dnf install podman-plugins -y

Notes:

During the installation the following symbolic link created to ensure communication between podman and docker-compose: ln -s /var/run/podman/podman.sock /var/run/docker.sock

A system service datamasque_podman.service stored at /etc/systemd/system/datamasque_podman.service will also be created during installation and will run when the instance is started. This will load all required environment variables, recreate the symbolic link, and start the containers.

Install docker-compose

DataMasque requires the standalone docker-compose command, not the docker compose that is integrated into Docker. docker-compose is required even on Podman installations, as the DataMasque containers are all co-ordinated using a docker-compose file.

Follow these instructions to install the docker-compose standalone package.

  1. Download docker-compose using curl.

Install docker-compose

DataMasque requires the standalone docker-compose command, not the docker compose that is integrated into Docker.

Follow these instructions to install the docker-compose standalone package.

  1. Download docker-compose using curl, and make it executable with chmod +x.
$ sudo curl -SL https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 -o /usr/bin/docker-compose

$ sudo chmod +x /usr/bin/docker-compose
  1. Test that docker-compose is installed correctly by printing out its version with the docker-compose --version command:
$ docker-compose --version
docker-compose version 1.29.2, build 5becea4c

Install DataMasque

Extract the provided DataMasque Docker Compose package on the server, and run the included installation script:

tar -xvzf datamasque-docker-v<version>.pkg
cd datamasque/<version>/
sudo ./install.sh --podman

During installation, a new datamasque user and group will be created and assigned ownership of the DataMasque configuration files under /usr/local/etc/datamasque/. You can manually select the uid and gid for the datamasque user and group by providing --uid and --gid options to install.sh:

sudo ./install.sh --podman --uid 1010 --gid 1010

Once the installation script has run, you can confirm the DataMasque Docker containers are running with the following command:

sudo podman ps --format "table {{.ID}}\t{{.Status}}\t{{.Names}}"

If installation was successful, you should see five DataMasque containers listed:

CONTAINER ID        STATUS              NAMES
60114d0c370d        Up 3 minutes        datamasque_admin-frontend_1
da8bacfbbe48        Up 3 minutes        datamasque_admin-server_1
c9555bf98017        Up 3 minutes        datamasque_agent-worker_1
d46296fd5b3b        Up 3 minutes        datamasque_agent-queue_1
1d5516575e1c        Up 3 minutes        datamasque_admin-db_1

You can now access your DataMasque instance from a client web browser at https://<instance-ip-or-hostname>. Follow the Initial Setup guide to complete the installation of DataMasque.

Note: The first time you visit DataMasque, your browser will display a security warning because the self-signed certificate generated by DataMasque will be untrusted by your browser. You may proceed past this warning for now, and install your own trusted certificate after installation is complete (refer to Installing SSL Credentials). If you are unable to proceed past the warning due to HSTS being enabled for your domain, refer to Installation with HSTS enabled.

podman Troubleshooting

Instance stopped or restarted and DataMasque is not running

Please follow the following instructions to restart the DataMasque containers:

  1. SSH into the instance.

  2. Start the services related to podman:

    sudo systemctl start podman.socket
    sudo systemctl start datamasque_podman.service
    

Environment variables not present in admin-server container

If the DataMasque instance is always displaying the Unexpected Error page, it may be that docker-compose is not reading the environment variables from the .env file created during installation. Examine the logs with the following command:

sudo docker-compose -f <path-to-datamasque-installation>/docker-compose.yml logs

replacing the path with your own installation path, which defaults to: /usr/local/etc/datamasque/.

If you see the following error:

admin-server_1    | django.db.utils.OperationalError: fe_sendauth: no password supplied
admin-server_1    |
admin-server_1    | Database initialization failed. Retrying in 10 seconds (1/15)

then the environment variables are not being read.

To allow docker-compose to read the environment variables, please follow the instructions below:

Note: These commands can also work to start the containers if they are stopped.

  1. SSH into the instance.

  2. Source the environment needed variables. Located in the installation path (defaults to: /usr/local/etc/datamasque/) If access is denied, change to root user with the sudo su command.

    source <path-to-datamasque-installation>/.env
    
  3. Run docker-compose with the environment variables, make sure to add any variables that were added manually. The only environment variable added during installation is MASQUE_ADMIN_DB_PASSWORD

    sudo MASQUE_ADMIN_DB_PASSWORD=$MASQUE_ADMIN_DB_PASSWORD docker-compose -f <path-to-datamasque-installation>docker-compose.yml up -d
    
  4. Confirm DataMasque is running as expected by loading it in a web browser.

    OR

    Check the Docker-Compose logs that no errors are being reported:

    sudo docker-compose -f <path-to-datamasque-installation>/docker-compose.yml logs
    

Permission denied when accessing mounted shares

  • Make sure you are mounting as uid and gid 1000, and with SELinux context container_files_t.

    (See Mounted Share Permissions).