...
2.1 Design docker container architecture
| Info |
|---|
Please refer here for information on which to choose between the existing AdamApp, Container AdamApp and Cotainer AdamApp for Azure IoT Edge. |
...
Please see here for resources for CV52 cameras that support docker capabiilitycapability.
Please make sure the app you are porting can work within these limits.
RAM/CPU limits are enforced by cgroups. If RAM usage exceeds the limit, the app will be killed by the OOM Killer.
2.3.2
...
Followings are important points when porting. For more information on Container AdamApp's security policy, please see here.
Containers cannot be run with root privileges. The app runs in the camera with user privileges of uid 1000, gid 1000.
The container is mounted read only.
You cannot write to the container. If an existing app is writing to the container, it will need to write to a tmpfs(RAM) for temporary data, or to a separate mounted volume for persistent data.Options that relax security, such as --previledged, cannot be used.
Docker images cannot be pulled from an external container registry directly from within the camera. The required docker images must be pulled and built on the development PC and included in the Container AdamApp(ext file).
2.3.3 Restrictions on using ADAM API
If Container AdamApp contains multiple containers, the ADAM API can only be used from the main container, not from sub containers.
...
Data storage
By mounting a volume, application can write data to the flash memory inside the camera. Since there is a limit to the number of times data can be written to flash memory,
Please use SD card for storing data if application needs to write frequently.
It is also possible to create a database SQLite on the SD card. This is implemented in the sample app sqlite_app.
2.3.3 About our security policy
Followings are important points when porting. For more information on Container AdamApp's security policy, please see here.
Containers cannot be run with root privileges. The app runs in the camera with user privileges of uid 1000, gid 1000.
The container is mounted read only.
You cannot write to the container. If an existing app is writing to the container, it will need to write to a tmpfs(RAM) for temporary data, or to a separate mounted volume for persistent data.Options that relax security, such as --previledged, cannot be used.
Docker images cannot be pulled from an external container registry directly from within the camera. The required docker images must be pulled and built on the development PC and included in the Container AdamApp(ext file).
| Info |
|---|
Impact of mounting data directories as read only in containers For the ADAM API, ADAM_GetAppDataDirPath is provided as an API that returns the path of the data directory on the flash ROM. For the Container AdamApp, this directory is read-only and cannot be written to. If you want to write data, use a volume. |
2.3.4 Restrictions on using ADAM API
2.3.4.1 Containers that can use the ADAM API
If Container AdamApp contains multiple containers, the ADAM API can only be used from the main container, not from sub containers.
It is better that main image has feature related to camera functions and sub images have features not related to camera functions. Chapter 3.4 shows how to share the data between main and sub images.
2.3.4.2 Directory path that can be obtained with ADAM API
The various directory paths that can be obtained by AdamApp, Container AdamAPp, and Container AdamApp for Azure IoT are shown in the table below. As mentioned in Chapter 2.3.3, in Container AdamApp, the paths that can be obtained by ADAM_GetAppTmpDirPath are read-only areas. In addition, the directories that can be obtained by ADAM_GetAppTmpDirPath are shared with the host side (camera body). Therefore, when temporarily storing data that you do not want to be accessed from the host side, please use the area defined in the tmpfs section of docker-compose.yaml.
| AdamApp | Container AdamApp | Container AdamApp for Azure IoT |
|---|---|---|---|
ADAM_GetAppTmpDirPath | /dev/shm/Adamapp/[App-specific ID] | /dev/shm/Adamapp/[App-specific ID] | /tmp/local/appdata |
ADAM_GetAppDataDirPath | /app/data | /app/data | /ai_data |
3. Development Procedure
3.1 Create a project
...
There are the following methods to exchange data between the main image and sub-image, or between a container and a camera-image.
Use volume.
By writing this in docker-compose.yaml, you can share volumes between containers, so you can exchange data within them. However, this area is on FlashROM, and it affects the lifespan, so it is not suitable for exchanging large amounts of frequent data exchange.Use a tmpfs that allows sharing.
The area directory obtained with the ADAM_GetTmpDirPath() API is on tmpfs(RAM) and can be used to store temporary data.
To access this area from a subcontainer, add the following to volumes: in the subimage description in docker-compose.yaml.Code Block - type: bind target: "/dev/shm/Adamapp" source: "/dev/shm/Adamapp" read_only: false consistency: defaultHowever, since ADAM_GetTmpDirPath() cannot be called from a subcontainer, you must notify the path from the main container using a separate volume, etc.
Retrieved via Local HTTP communication.
In Docker, each container is assigned a virtual IP address, which can be used to call the WebAPI in the same way as outside the camera. Also, if when you specify a domain name in the hostname key of docker-compose.yaml, you can communicate using this name.
In the main container, communication can be performed using the sendDataToAdamApplication WEB API as an ADAM mechanism. This mechanism is a method in which the camera body mediates data to the main container, so the destination is the IP address of the camera body.
Similarly, you can use the camera's CGI to obtain the camera's settings and other informationADAM WEB API sendDataToAdamApplication can be used to send data via HTTP. In this case, destination IP address will be camera firmware’s IP address. Main container will receive the data. In the same way, you can also use the camera firmware's API(CGI) to get camera setting or control camera's function, for example.
| Info |
|---|
The IP address of the camera in the virtual environment can be found from within the container by referencing /etc/hosts from within the container and setting the least significant byte of the last entry to 1. When accessing via WebAPI, you must specify the camera's user name and password. |
...
3.4.2 Example implementation of sample app
The dockersample application “docker_multi_images sample app images” uses the DNS function of the inter-container network to implement sample code that sends an HTTP request from the main container to a sub-container by container name.
The response_by_html function in ${SDK_DIR}/adamapp/docker_multi_images/main.cpp calls the system function that makes a request with curl as follows. Here, “web” is the service name written in docker-compose.yaml.
...