Categories

Versions

You are viewing the RapidMiner Hub documentation for version 2024.0 - Check here for latest version

Real-Time Scoring Docker deployment

The documentation below describes the following Docker images:

  • Real-Time Scoring (rapidminer/rapidminer-execution-scoring:latest)
  • Real-Time Scoring CRON (rapidminer/rapidminer-real-time-scoring-cron:latest)
  • Real-Time Scoring Proxy (rapidminer/rapidminer-real-time-scoring-proxy:latest)
  • Real-Time Scoring Web UI (rapidminer/rapidminer-real-time-scoring-webui:latest)

For available Docker images, see Docker Hub.

Using the Docker images Real-Time Scoring can be deployed on-site or on any cloud provider's Docker or Kubernetes platforms.

Here on docs.rapidminer.com, we maintain the documentation for every release of docker images, unlike Docker Hub, where only the latest release of Real-Time Scoring is documented.

As described in deployments page Docker based deployment can be done starting a single container or a multi-container setup with docker-compose.

Data persistence

The Real-Time Scoring stack uses the following volumes:

  • rts-deployments for storing the deployments
  • rts-licenses for storing the deployments
  • uploaded for storing the uploaded Files
  • cron-log for storing the logfiles of the background processes of the stack

To make this data persistent, the docker-compose.yml file defines this volumes, and mounts them to the related services.

Using the single container deployment only the rts-deployments and the rts-licenses volumes are mounted into the container.

Notices about data persistence

  • If the volumes contains data from any previous executions, then the stack will be started with that data (e.g. licenses, deployments, etc.).
  • Necessary files can be uploaded using the built in Web UI.
  • Alternative to using volumes, bind mounting directories can provide access to the stored files directly from the host machine.
  • By default when using the scoring service, neither request, nor response sensible data is logged, in the proxy access log only the request URL and some additional request informations are recorded, the parameters of the POST requests (e.g. the input of the scoring service) are not:
nginx-proxy_1_33dd1a206bd6 | 123.123.123.123 - admin [22/Aug/2019:08:36:20 +0000] "POST /services/my-first-deployment/score-titanic HTTP/1.1" 200 282 "-" "curl/7.58.0" "-"
  • For details about HA deployment, please contact us.
  • On the web UI we do not display sensibe informations (e.g. license keys, certificates, certificate keys), to view this files the most convenient way is to enter to the cron container and get the file content with cat:
cd /path/to/compose/file/
docker-compose exec cron bash
cat /rapidminer/rts_home/licenses/rapidminer-scoring.lic
cat /rapidminer/uploaded/certs/validated_cert.crt
cat /rapidminer/uploaded/certs/validated_cert.key

Good to know

  • Real-Time Scoring requires at least 2GB of memory.
  • If the licenses volume contains no license file, then the Real-Time Scoring container will wait for the license. You can start scoring after a valid license and a deployment is provided.

Single container-based deployments

We recommend this type of deployment only in case when the agent will run in a trusted network, or for testing.

  • Create a folder on the host machine for the deployments, and copy all your deployment files there.
  • Create a folder on the host machine for your licenses, and save your licenses there with .lic extension.

To start a Real-Time Scoring Agent container using bind mounts for data persistence, run the following command:

docker run \
    -e WAIT_FOR_LICENSES=1 \
    -v </PATH/TO/DEPLOYMENTS/HOME>:/rapidminer-scoring-agent/home/deployments/ \
    -v </PATH/TO/LICENSES/HOME>:/rapidminer-scoring-agent/home/resources/licenses/rapidminer-scoring-agent/ \
    -p 8090:8090 \
    rapidminer/rapidminer-execution-scoring:latest

Provide the same paths as at the folder creation on the host machine for the licenses and for the deployments.

In this case the container will be listening on port 8090, you can use this port for scoring (eg. http://localhost:8090 or any other network interface). If the port 8090 is already bind, you can change the command above as you need (e.g. -p 8091:8090 will bind the service on port 8091 on the host machine).

The WAIT_FOR_LICENSES environment variable changes the behavior of the container in the case there is no license provided. Valid values are:

  • 0 the container will exit and restart,
  • 1 the container will periodically check if a license file is provided

The MANAGEMENT_API_ENDPOINT environment variable changes the behavior at the container startup, if this variable is provided, the container will try to download the license from a web server from the URL blow:

${MANAGEMENT_API_ENDPOINT}/uploaded/sync/licenses/license.lic

You can specify any URL, but please make sure, that the container has the right network access, and no one else can visit this URL. In case this variable is not defined, the container will check only the licenses folder for licenses.

For Docker image versions, see Docker Hub.

Notices about single-container deployment:

Multi-container-based deployment

This is a fully functional Real-Time Scoring stack, for available versions, please see the tags on the image details pages on Docker Hub.

Docker-compose configuration

Start Real-Time Scoring Agent, proxy, webui, and cron containers using volumes for data persistence:

version: '3'

services:
  real-time-scoring-agent:
    image: rapidminer/rapidminer-execution-scoring:latest
    restart: "always"
    environment:
      WAIT_FOR_LICENSES: 1
    volumes:
      - rts-deployments:/rapidminer-scoring-agent/home/deployments/
      - rts-licenses:/rapidminer-scoring-agent/home/resources/licenses/rapidminer-scoring-agent/
    networks:
      rts-internal-network:
        aliases:
         - real-time-scoring-agent

  nginx-proxy:
    image: rapidminer/rapidminer-real-time-scoring-proxy:latest
    restart: "always"
    volumes:
      - uploaded:/rapidminer/uploaded/:ro
    ports:
      - 80:80
      - 443:443
    networks:
      rts-internal-network:
        aliases:
         - nginx-proxy

  real-time-scoring-webui:
    image: rapidminer/rapidminer-real-time-scoring-webui:latest
    restart: "always"
    volumes:
      - uploaded:/var/www/html/uploaded/
    networks:
      rts-internal-network:
        aliases:
         - real-time-scoring-webui

  cron:
    image: rapidminer/rapidminer-real-time-scoring-cron:latest
    restart: "always"
    volumes:
      - cron-log:/var/log/
      - rts-licenses:/rapidminer/rts_home/licenses/
      - uploaded:/rapidminer/uploaded/
      - /var/run/docker.sock:/var/run/docker.sock

volumes:
  rts-deployments:
  rts-licenses:
  uploaded:
  cron-log:

networks:
  rts-internal-network:

Architecture:




Notices about docker-compose deployment:

  • For security considerations the docker-compose.yml file defines a dedicated docker network (rts-internal-network) for the Real-Time Scoring containers, so they can communicate with each other, but from the external network only the proxy container is available on the 80 and 443 ports. You can use this ports for scoring, and to reach the Web UI (eg. http://localhost, http://localhost/rts-admin/ https://localhost, https://localhost/rts-admin/ or any other IP address or domain name).
  • The cron container needs the docker socket to be mounted in order to be able to manage (e.g. restart) the other containers. In case this is omitted, you have to restart the proxy container manually after uploading a certificate, and restart the real-time-scoring-agent container after a license is provided or changed.
  • Please use the https protocol to provide sensible information (license keys, certificates, certificate keys, deployments), the built in self signed certificate is not secure enough, but it provides encryption and data integrity until a valid certificate and key file is provided.
  • The default login credentials are admin / changeit.
  • After submitting the certificate and a key file content, a per minute scheduled background process will do some syntax and content checks before applying them in the proxy configuration. If you experience that the new certificate and key files are not applied, please check the background process logs:
cd /path/to/compose/file/
docker-compose exec cron bash
cat /var/log/_process_uploads.log

Next: