Accurate Video Docker setup

This guide covers the installation instructions for Accurate Video running using Docker Compose on a single Amazon EC2 instance. The image below shows how a final deployment could look within AWS, although not everything will be covered in this guide, only the core components within the grey box.

Artboard 14@0.5x.png

Launch an EC2 instance

Go to Amazon EC2 and launch a new instance using the EC2 instance wizard.

For a detailed guide on how to launch an EC2 instance, please refer to the following guide: https://docs.aws.amazon.com/quickstarts/latest/vmlaunch/step-1-launch-instance.html

  1. Choose the Linux distribution to use, in this guide Ubuntu Server 20.04 LTS is used. Any Linux distribution should be fine, but the commands and installing packages might be different.
  2. Choose the desired instance type. For a POC/evaluation system, a t3.medium should be enough.
  3. It is recommended to increase the storage from 8 GB default to about 20 GB.
  4. In the security group section, make sure to add a rule for HTTP to allow inbound TCP port 80, and if you plan on using HTTPS allow inbound TCP port 443, as well.

Installing dependencies

A number of dependencies are required to install before moving forward with the Accurate Video installation.

Prerequisite: Install docker

Docker will be used to launch the Accurate Video containers. Please refer to its guide for installation instructions.

https://docs.docker.com/engine/install/

Also make sure you follow the post-install instructions, adding your user to the Docker group to run containers without sudo.

Prerequisite: Install docker-compose

Docker-compose is used to launch all Accurate Video containers at once. Please refer to the installation guide here.

https://docs.docker.com/compose/install/

Prerequisite: Install git

Unless the system comes with git pre-installed, make sure to install it before going further.

https://git-scm.com/book/en/v2/Getting-Started-Installing-Git

Verify dependencies

Verify that Docker is installed by running the following command, it should download and run a small Hello World! application.

docker run hello-world

Very that Docker Compose is installed by running the following, it should report the version installed (which may differ).

docker-compose --version

Finally, verify that git is installed by running:

git --version

Credentials

Before moving on with the actual guide, make sure you have the following information:

  • Git deploy token
  • Git password
  • Docker registry username
  • Docker registry password
  • Accurate Video license key

The Git deploy token and password will be used when cloning the git repository. The license key for Accurate Video is a special text string that is used to verify your installation.

If you're lacking any of these, contact us at sales@codemill.se and we'll help.

Clone Git repository

The git repository below contains all the needed configuration files to start Accurate Video using Docker Compose. Note that this repository contains no actual binaries, it only has the configuration files required to download the Docker containers from the Codemill Docker registry.

git clone https://gitlab.com/codmill/accurate-player/accurate-video-docker-compose.git

You will be prompted for a username and password. Enter your deploy token & password. The deploy token is a special access key which gives read-only access to this git repository and is only valid for a limited period of time.

Username for 'https://gitlab.com': <username>

Password for 'https://<username>@gitlab.com': <password>

The git repository will be downloaded. Let’s look at the Compose files available:

  • frontend.yml - describes the Accurate Video UI.
  • backend.yml - describes the Accurate Video backend services, the REST API, the analyze service, and an nginx web server.
  • runner.yml - describes the Accurate Video internal jobs system.
  • keycloak.yml - describes the Keycloak authentication system.
  • database.yml - describes the PostgreSQL database (only if running inside a Docker container, read more below in the database section).

When running a Docker Compose command, all of these files need to be referenced together before the command statement, like so:

docker-compose -f frontend.yml -f backend.yml -f runner.yml -f keycloak.yml -f database.yml <command>

Login to Codemill Docker registry

The Codemill Docker registry contains all the Docker containers specified in the Docker Compose configuration. You’ll need to first login or authenticate to the repository. Replace username and password with the given Docker registry credentials.

docker login -u <docker-username> -p <docker-password> codemill-docker.jfrog.io

Pull Docker Compose

After authentication to the Codemill repository, the latest Docker containers need to be downloaded locally. Use the docker-compose pull command to retrieve the latest versions.

docker-compose -f frontend.yml -f backend.yml -f runner.yml -f keycloak.yml -f database.yml pull

Set the license

Accurate Video needs a license key to function properly. This license key is typically given to you and will need to be entered into the settings file. Edit the file config/settings-qc.js and find the following line:

licenseKey: "...",

Replace the value within the quotes above with your given license key.

Picking a database

Accurate Video needs access to a PostgreSQL-based database to store asset metadata and other information. There are a couple of different options available.

  • Run postgres inside a Docker Container
  • Install a local postgres on the same (or a remote on another) EC2 instance
  • Use Amazon RDS for managing the database

Which option you pick depends on the use case, and what your requirements are.

Database with Docker

If you quickly want to get a working system up and running, with minimal configuration and installation needed, you can opt for the first option. Only do this for development instances where you don't care about losing the data inside your database. Don't run the database inside a container for production systems, unless you are absolutely certain what you are doing, you will most likely lose the data. If you choose this option, simply append and use the database.yml file when starting the system using Docker Compose.

External postgres installation

The second option is to install a local Postgres on the same EC2 machine (or an external machine), which is installed using the normal apt system for packet distribution. If you already have a PostgreSQL instance running, you can skip most of the steps in this section.

Please refer to the official installation instructions for more information: https://www.postgresql.org/download/linux/ubuntu/

On Ubuntu 20.04 LTS, we can install using the following command:

sudo apt install postgresql postgresql-contrib -y

After installation, change the password for the postgres user and the listen address:

sudo -u postgres psql -c "ALTER ROLE postgres WITH PASSWORD 'postgres'";

sudo -u postgres psql -c "ALTER SYSTEM SET listen_addresses TO '*'";

Feel free to change this to another password, just make sure the password in the .env file is matching.

Create a database:

sudo -u postgres createdb accurate-player

Enable local access:

echo "host all all 0.0.0.0/0 md5" | sudo tee -a /etc/postgresql/*/main/pg_hba.conf

The wildcard in the above command is indicating the postgres version you're using. It might be 10, 11, 12 or so, depending on what Linux distribution and version you are installing.

Make sure Postgres is starting up at boot:

sudo systemctl enable postgresql

Finally, restart postgresql to make all configurations take effect:

sudo systemctl restart postgresql

If running the database like this, you'll need to modify the .env file and change the DB_HOST variable:

DB_HOST=172.17.0.1

172.17.0.1 is referring to the IP of the host, when using a Docker bridge network, like in this guide. If you are running the database on an another EC2, simply enter the IP to this machine (also make sure it's possible to connect to it).

Nginx reverse proxy

Nginx is a web server and will be used as a reverse proxy in front of Accurate Video to expose it on the external EC2 IP. This will be the central mechanism for routing incoming requests to the Accurate Video system. In the diagram below, nginx fills the role of the Elastic Load Balancer.

Artboard 14@0.5x.png

Nginx listens per default on port 80 and exposes the following endpoints on the target EC2 machine:

/api -> Accurate Video REST API
/media -> a pre-configured local media storage
/analyze -> Accurate Video media analysis service
/auth -> authentication endpoint for Keycloak

Nginx is defined within the backend.yml Compose file, and the default configuration file can be found at config/nginx.conf. Feel free to inspect these files and make any local changes if required.

Start Accurate Video

You can now attempt to start the system and make sure everything is working, before moving on to configuring authentication. Start the backend and frontend services by using Docker Compose, this command will launch all required containers in the background.

docker-compose -f frontend.yml -f backend.yml -f runner.yml up -d

If you chose to use Postgres inside the Docker container, also include the database.yml when launching:

docker-compose -f frontend.yml -f backend.yml -f runner.yml -f database.yml up -d

You should now be able to access the system on the IP of the machine if you’ve done everything correctly. Opening the IP in a browser should give you access to Accurate Video, as seen in the screenshot below.

Accurate Video running

If you see the screenshot above, everything is running correctly. You won't see any assets in the system yet, but that's expected. You can now move on to the next step, which is adding & configuring the authentication module.

Authentication

For authentication, an open-source Identity and Access Management system called Keycloak is used within Accurate Video. In order to enable authentication, a few steps will need to be made to the configuration.

First, shut down the system:

docker-compose -f frontend.yml -f backend.yml -f runner.yml -f database.yml down

Edit the .env file, and change the following properties to true:

AUTH_ENABLED=true
ACL_ENABLED=true
AUTH_JWT_ENABLED=true

Edit the config/settings-qc.js file, and change the following property to false:

authentication: {
disabled: false
},

Edit the file keycloak.yml, and comment out (add the #) the following line:

# - DB_SCHEMA=${KEYCLOAK_DB_SCHEMA}

Edit the file backend.yml, change the following line to the IP of the EC2 machine:

- AUTH_JWT_ISSUER=http://<IP>/auth/realms/accurate-video

You can now start up the system again, but this time also include the keycloak.yml Compose file:

docker-compose -f frontend.yml -f backend.yml -f runner.yml -f keycloak.yml up -d

You can now access the Keycloak admin console UI, at the following URL:

http://<IP>/auth/admin

Keycloak requires HTTPS when connecting to a remote server. HTTPS should of course be enabled for a production system, but that's out of scope for this guide.

https-required.png

If you get the error message above when connecting to Keycloak, you can get around it by issuing the following command, which will also allow HTTP access:

sudo -u postgres psql -d accurate-player -c "UPDATE realm SET ssl_required='NONE';"

Log in using the credentials found in the .env file, matching the properties KEYCLOAK_USER and KEYCLOAK_PASS.

Screenshot from 2020-11-19 14-45-41.png

You'll enter the Keycloak administration UI, where you can configure the Keycloak realms of the installation. For authentication to work, you'll need to at minimal change the Redirect URL setting.

In the accurate-video realm, select Clients to the left and change the Valid Redirect URIs for the two clients called av-backend and av-local-web. Make sure both of these clients are updated!

In the setting, change the value like so, once again using the IP of the EC2 machine.

http://<IP>/*

Keycloak AV Realm

You can now access the Accurate Video system as normally, and you'll be issued a login prompt to enter username and password.

Screenshot from 2020-11-19 15-10-53.png

You can use the preconfigured user / user to login, or create additional users using the Keycloak admin console. You now have a basic installation of Accurate Video running with authentication enabled. After logging in, you'll see the user name in the top right menu if you click on the cogwheel. From here you can also log out from the system.

Screenshot from 2020-11-19 15-24-22.png

Next steps

The next step would be to connect storage and ingest files into the system. There is a separate guide for connecting a S3 storage and ingesting files here: S3 Storages & ingest guide

Thank you for reading this guide, and we hope you'll enjoy your Accurate Video installation!

Accurate Video S3 Storages Accurate Video AWS EC2 with Vidispine