Deploy Bonita Runtime with Docker

How to install and use the Bonita Runtime docker distribution.

This guide assumes you have a working docker environment.

Quick start

To start the latest Community release - main versions only :

docker run --name bonita -d -p 8080:8080 bonita

To start the latest Subscription release - main and maintenance versions only:

Information on how to access Quay.io can be found here

docker login quay.io
docker pull quay.io/bonitasoft/bonita-subscription:2022.1
docker logout quay.io
docker run --name=bonita -d -p 8080:8080 quay.io/bonitasoft/bonita-subscription:2022.1
  • Documentation of the community docker image is available here.

  • Information on how to access Quay.io can be found here.

  • You need to provide a valid licence, follow these steps in order to get and configure one.

Versioning

Multiple tags exist:

  • latest: Points to the latest version of the platform

  • 2022.1: Points to the latest maintenance version of the 2022.1 version

  • 2022.1-XXXX: Tag of a maintenance version of 2022.1

latest and 2022.1 are tags that change each time a new version of the platform is released. It is safer to use the more complete version tag 2022.1-XXXX when scripting deployments to ensure the binaries do not change.

Step-by-step installation procedure

Retrieve a licence

First generate a request key into a container with a specific hostname (-h):

docker run --rm --name=bonita -h <hostname> -ti quay.io/bonitasoft/bonita-subscription:2022.1 /bin/bash ./generateRequestKey.sh

Answer the questions related to the license you want. This will print out the request key and exit automatically from the running container.

Retrieve the licence from the customer portal and place into one folder that will be mounted as a volume of the docker container. In this example, we will use ~/bonita-lic/..

cp ~/Downloads/BonitaSubscription-7.7-Cloud_Techuser-<hostname>-20170124-20170331.lic ~/bonita-lic/.

Alternatively, you can create a named persistent volume in docker for keeping license file. See docker documentation on volumes.

Start the container

Re-create a new Bonita container with the same hostname (-h) and this host directory mounted (-v) :

docker run --name bonita -h <hostname> -v ~/bonita-lic/:/opt/bonita_lic/ -d -p 8080:8080 quay.io/bonitasoft/bonita-subscription:2022.1

This will only add the initial license to the Bonita Runtime. To renew a license on an existing installation see Update configuration and license section

This will start a container running the Tomcat Bundle with Bonita Runtime. As you did not specify any environment variables it’s almost like if you had launched the Bundle on your host using startup.{sh|bat} (with security hardening on REST and HTTP APIs, cf Security concerns). It means that Bonita uses a H2 database here.

You can access the Runtime on http://localhost:8080/bonita and login using the default credentials : install / install

Start the container interactively

You may also run the Bonita container with an interactive shell session in order to control start and stop of the Tomcat bundle. Although the main usage of the Docker image is to automatically start the Bonita runtime, manually start and stop Tomcat may be useful for development or troubleshooting purposes.

Run the container as follows in order to get an interactive bash shell session:

docker run --name bonita -it -p 8080:8080 bonita bash

Subscription release

docker run --name bonita -h <hostname> -v ~/bonita-lic/:/opt/bonita_lic/ -it -p 8080:8080 quay.io/bonitasoft/bonita-subscription:2022.1-XXXX bash

Then run /opt/files/startup.sh inside the container to start Tomcat. In order to stop Tomcat inside the container, press Ctrl-C.
Repeat this sequence to manually start and stop Tomcat in the container.

The H2 database allows the Bonita container to work out of the box, but it is not recommended outside a development environment.

As PostgreSQL is the recommended database for qualification and production environments, follow one of these next sections to configure your Bonita container to run on PostgreSQL database. You can work with either a PostgreSQL Container, or PostgreSQL as an installed service.

PostgreSQL Container

From Bonita 2022.1 onwards, the Bonita docker image does not include configuration scripts for Postgres

Therefore the PostgreSQL container needs to be configured to work with Bonita before starting the Bonita container. The configuration of a PostgreSQL database to work with Bonita is described in detail in the database configuration page.
Alternatively, Bonita provides a preconfigured PostgreSQL image on docker-hub.
You can run the image with the following command:

docker run --name mydbpostgres -d bonitasoft/bonita-postgres:12.6

This image is built from the following GitHub repository, which can be further adapted/customized to suit your needs.

Using docker-compose

Create a file docker-compose.yml with the following content

# Use tech_user/secret as user/password credentials
version: '3'

services:
  db:
    image: bonitasoft/bonita-postgres:12.6
    environment:
      POSTGRES_PASSWORD: example
    restart: always
    command:
      - -c
      - max_prepared_transactions=100
  bonita:
    image: quay.io/bonitasoft/bonita-subscription:2022.1
    hostname: <hostname>
    volumes:
      - ~/bonita-lic:/opt/bonita_lic/
    ports:
      - 8080:8080
    environment:
      - DB_VENDOR=postgres
      - DB_HOST=db
      - DB_PORT=5432
      - DB_NAME=bonita
      - DB_USER=bonita
      - DB_PASS=bpm
      - BIZ_DB_NAME=business_data
      - BIZ_DB_USER=business_data
      - BIZ_DB_PASS=bpm
      - TENANT_LOGIN=tech_user
      - TENANT_PASSWORD=secret
      - PLATFORM_LOGIN=pfadmin
      - PLATFORM_PASSWORD=pfsecret
      - MONITORING_USERNAME=monitorAdmin
      - MONITORING_PASSWORD=monitor_Secr3t-P455w0rD
    restart: on-failure:2
    depends_on:
      - db
    entrypoint:
      - bash
      - -c
      - |
        set -e
        echo 'Waiting for PostgreSQL to be available'
        maxTries=10
        while [ "$$maxTries" -gt 0 ] && [ $$(echo 'QUIT' | nc -w 1 "$$DB_HOST" 5432; echo "$$?") -gt 0 ]; do
            sleep 1
            let maxTries--
        done
        if [ "$$maxTries" -le 0 ]; then
            echo >&2 'error: unable to contact Postgres after 10 tries'
            exit 1
        fi
        exec /opt/files/startup.sh /opt/bonita/server/bin/catalina.sh run
  • Replace <hostname> with the one used in the licence generation command

  • Replace ~/bonita-lic with the folder containing the license (on Windows use / and avoid ~)

  • leave double $$ untouched

Run docker-compose up, wait for it to initialize completely, and visit http://localhost:8080, or http://host-ip:8080 (as appropriate).

PostgreSQL as an installed service

If you don’t want to run your database in a docker container, the following file env.txt needs to be configured and provided to the docker run command:

DB_VENDOR=postgres
DB_HOST=172.17.0.2
DB_PORT=5432
DB_NAME=custombonitadb
DB_USER=custombonitauser
DB_PASS=custombonitapass
BIZ_DB_NAME=custombusinessdb
BIZ_DB_USER=custombusinessuser
BIZ_DB_PASS=custombusinesspass
docker run --name=bonita -h <hostname> --env-file=env.txt -d -p 8080:8080 quay.io/bonitasoft/bonita-subscription:2022.1

Start Bonita with custom security credentials

docker run --name=bonita -v ~/bonita-lic:/opt/bonita_lic/ -h <hostname> -e "TENANT_LOGIN=tech_user" -e "TENANT_PASSWORD=secret" -e "PLATFORM_LOGIN=pfadmin" -e "PLATFORM_PASSWORD=pfsecret" -e "MONITORING_USERNAME=monitorAdmin" -e "MONITORING_PASSWORD=monitor_Secr3t-P455w0rD" -d -p 8080:8080 quay.io/bonitasoft/bonita-subscription:2022.1

Now you can access the Bonita Runtime on localhost:8080/bonita and login using: tech_user / secret

Secure your remote access

This docker image ensures to activate by default both static and dynamic authorization checks on REST API. To be coherent it also deactivates the HTTP API. But for specific needs you can override this behavior by setting HTTP_API to true and BONITA_RUNTIME_AUTHORIZATION_DYNAMICCHECK_ENABLED to false :

docker run -e HTTP_API=true -e HTTP_API_PASSWORD=S0me-h11p-s3cr3t -e BONITA_RUNTIME_AUTHORIZATION_DYNAMICCHECK_ENABLED=false --name bonita -v ~/bonita-lic:/opt/bonita_lic/ -h <hostname> -d -p 8080:8080  quay.io/bonitasoft/bonita-subscription:2022.1

Environment variables

When you start the bonita image, you can adjust the configuration of the Bonita instance by passing one or more environment variables on the docker run command line.

PLATFORM_PASSWORD

This environment variable is recommended for you to use the Bonita image. It sets the platform administrator password for Bonita. If it is not specified, the default password platform will be used.

PLATFORM_LOGIN

This optional environment variable is used in conjunction with PLATFORM_PASSWORD to define the username for the platform administrator. If it is not specified, the default username platformAdmin will be used.

TENANT_PASSWORD

This environment variable is recommended for you to use the Bonita image. It sets the tenant administrator password for Bonita. If it is not specified, the default password install will be used.

TENANT_LOGIN

This optional environment variable is used in conjunction with TENANT_PASSWORD to define the username for the tenant administrator. If it is not specified, the default username install will be used.

MONITORING_USERNAME

This optional environment variable is used in conjunction with MONITORING_PASSWORD to define the access to endpoints protected with BASIC Auth access: the Monitoring endpoint, the Jmx publisher, and the API health endpoints. If it is not specified, the default monitoring username monitoring will be used.

MONITORING_PASSWORD

This optional environment variable is used in conjunction with MONITORING_USERNAME to define the access to endpoints protected with BASIC Auth access: the Monitoring endpoint, the Jmx publisher, and the API health endpoints., the default monitoring password mon1tor1ng_adm1n will be used.

REST_API_DYN_AUTH_CHECKS

Removed & does not work anymore, now you can use BONITA_RUNTIME_AUTHORIZATION_DYNAMICCHECK_ENABLED instead.

BONITA_RUNTIME_AUTHORIZATION_DYNAMICCHECK_ENABLED (Subscription editions only)

This optional environment variable is used to enable/disable dynamic authorization checking on Bonita REST API. The default value is true, which will activate dynamic authorization checking.

HTTP_API

This optional environment variable is used to enable/disable the Bonita HTTP API. The default value is false, which will deactivate the HTTP API. From Bonita 2022.1, HTTP API is protected with Basic access authentication. See the following 2 parameters to configure Basic access authentication.

HTTP_API_USERNAME

This optional environment variable is used to configure the HTTP API Basic access authentication username. The default value is http-api.

HTTP_API_PASSWORD

This optional environment variable is used to configure the HTTP API Basic access authentication password. There is no default value, and providing a value is mandatory if HTTP_API=true.

JMX_REMOTE_ACCESS

This optional environment variable is used to enable/disable the access to the JMX console from a remote machine.
Default value is false.
The host to connect to is the name / IP address of the bonita server, the port to connect to is 9000.
The credentials to connect are the environment variables MONITORING_USERNAME, MONITORING_PASSWORD.

REMOTE_IP_VALVE_ENABLED

This optional environment variable allows to activate/deactivate reverse proxy redirection. Default value is false.

ACCESSLOGS_STDOUT_ENABLED

This optional environment variable allows to activate/deactivate writing Tomcat access logs to standard output. Default value is false.

ACCESSLOGS_FILES_ENABLED

This optional environment variable allows to activate/deactivate writing Tomcat access logs to a specific file. When activated, will write those logs to /opt/bonita/logs/ inside the docker container. In practice, it is only useful when mounting a volume to the aforementioned directory. Default value is false.

ACCESSLOGS_PATH

If ACCESSLOGS_FILES_ENABLED=true, this optional environment variable overrides the default path to of the access log file. Default value is /opt/bonita/logs.

ACCESSLOGS_PATH_APPEND_HOSTNAME

If ACCESSLOGS_FILES_ENABLED=true, this optional environment variable allows to append a subdirectory with the hostname to the full path of the directory to put access log files into. Default value is false.

ACCESSLOGS_MAX_DAYS

If ACCESSLOGS_FILES_ENABLED=true, this optional environment variable allows to automatically delete access log files after a certain number of days. Default value is 30.

HTTP_MAX_THREADS

This optional environment variable allows to specify the maximum Http thread number Tomcat will use to serve HTTP/1.1 requests. Directly modifies the maxThreads parameter in the server.xml file of the Tomcat inside the docker container. More information on the usefulness of this parameter can be found here. Default value is 20.

JAVA_OPTS

This optional environment variable is used to customize JAVA_OPTS. The default value is -Xms1024m -Xmx1024m -XX:MaxPermSize=256m. The syntax to use is -e JAVA_OPTS="-Xms2048m -Xmx2048m -XX:MaxPermSize=1024m"

DB_VENDOR

This environment variable is automatically set to postgres or mysql if the Bonita container is linked to a PostgreSQL or MySQL database using --link. The default value is h2. It can be overridden if you don’t use the --link capability.

DB_HOST, DB_PORT

These variables are optional, used in conjunction to configure the bonita image to reach the database instance. There are automatically set if --link is used to run the container.

DB_NAME, DB_USER, DB_PASS

These variables are used in conjunction to create a new user, set that user’s password, and create the bonita database.

DB_NAME default value is bonitadb.

DB_USER default value is bonitauser.

DB_PASS default value is bonitapass.

BIZ_DB_NAME, BIZ_DB_USER, BIZ_DB_PASS

These variables are used in conjunction to create a new user, set that user’s password and create the bonita business database.

BIZ_DB_NAME default value is businessdb.

BIZ_DB_USER default value is businessuser.

BIZ_DB_PASS default value is businesspass.

BONITA_SERVER_LOGGING_FILE, BONITA_SETUP_LOGGING_FILE

DEPRECATED See how to configure logger

Since Bonita 7.9 BONITA_SERVER_LOGGING_FILE and BONITA_SETUP_LOGGING_FILE can be used to update logging configuration.

BONITA_SERVER_LOGGING_FILE default value is /opt/bonita/conf/logs/log4j2-appenders.xml,/opt/bonita/conf/logs/log4j2-loggers.xml

BONITA_SETUP_LOGGING_FILE default value is /opt/bonita/setup/logback.xml

Logger configuration

The logger can be configured by mounting a volume on folder /opt/bonita/conf/logs containing the configuration files.

the volume must contain the 2 files log4j2-loggers.xml and log4j2-appenders.xml

Log4j2 automatically reloads configuration files when there is a change. However, if the file is invalid, the initial version of that file is used instead, and is not reloaded unless one of the other watched file is changed.

Migrating from an earlier version of Bonita

The migration scripts affect only the database, not the Bonita instance. The procedure to migrate a Bonita container is therefore as follow:

Update configuration and license

Once renewed from Bonita Customer Portal, the license file and the configuration files are updated using the Setup tool.

Setup tool can be used outside the Docker container directly by downloading the Tomcat bundle and running it from there.

The setup tool needs to be able to access the database. Because of that, if the database is in a docker container, its port must be exposed to the host.

See setup tool page for more information.

Troubleshoot and debug problems inside a Docker container

Bonita 2022.1 docker image comes with a set of tools embedded, jattach, that allows to interact with the Tomcat JVM inside a Bonita container via Dynamic Attach mechanism.

Example of useful commands it supports, that you can run from outside the container, include:

  • docker exec <CONTAINER_NAME> jattach 1 jcmd VM.flags to see all JVM flags passed to Bonita Tomcat JVM:

Connected to remote JVM
JVM response code = 0
-XX:CICompilerCount=4 -XX:ConcGCThreads=2 -XX:G1ConcRefinementThreads=8 -XX:G1HeapRegionSize=1048576 -XX:GCDrainStackTargetSize=64 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/bonita/server/logs
  • docker exec <CONTAINER_NAME> jattach 1 properties to see all System properties that Java will use:

Connected to remote JVM
JVM response code = 0
#Fri Sep 10 14:03:16 GMT 2021
com.arjuna.ats.arjuna.common.propertiesFile=/opt/bonita/server/conf/jbossts-properties.xml
sysprop.bonita.bdm.db.vendor=h2
awt.toolkit=sun.awt.X11.XToolkit
java.specification.version=11
sun.cpu.isalist=
sun.jnu.encoding=ANSI_X3.4-1968
java.class.path=/opt/bonita/server/lib/ext/bonita-tomcat-juli-7.14.0.jar\:/opt/bonita/server/bin/bootstrap.jar\:/opt/bonita/server/bin/tomcat-juli.jar
sysprop.bonita.db.vendor=h2
java.vm.vendor=Ubuntu

Read the official jattach documentation for a complete list of supported commands.