Using the ArangoDB Starter

This section describes how to start an ArangoDB stand-alone instance using the toolStarter (the arangodb binary program).

As a precondition you should create a secret to activate authentication. The Starter provides a handyfunctionality to generate such a file:

  1. arangodb create jwt-secret --secret=arangodb.secret

Set appropriate privilege on the generated secret file, e.g. on Linux:

  1. chmod 400 arangodb.secret

Local Start

If you want to start a stand-alone instance of ArangoDB, use the —starter.mode=singleoption of the Starter:

  1. arangodb --starter.mode=single --auth.jwt-secret=/etc/arangodb.secret

Please adapt the path to your secret file accordingly.

Using the ArangoDB Starter in Docker

The Starter can also be used to launch a stand-alone instance based on _Docker_containers:

  1. export IP=<IP of docker host>
  2. docker volume create arangodb
  3. docker run -it --name=adb --rm -p 8528:8528 \
  4. -v arangodb:/data \
  5. -v /var/run/docker.sock:/var/run/docker.sock \
  6. arangodb/arangodb-starter \
  7. --starter.address=$IP \
  8. --starter.mode=single

If you use an ArangoDB version of 3.4 or above and use the EnterpriseEdition Docker image, you have to set the license key in an environmentvariable by adding this option to the above docker command:

  1. -e ARANGO_LICENSE_KEY=<thekey>

You can get a free evaluation license key by visiting:

www.arangodb.com/download-arangodb-enterprise/

Then replace <thekey> above with the actual license key. The startwill then hand on the license key to the Docker container it launchesfor ArangoDB.

TLS verified Docker services

Oftentimes, one needs to harden Docker services using client certificate and TLS verification. The Docker API allows subsequently only certified access.As the ArangoDB starter starts the ArangoDB cluster instances using this Docker API, it is mandatory that the ArangoDB starter is deployed with the proper certificateshanded to it, so that the above command is modified as follows:

  1. export IP=<IP of docker host>
  2. export DOCKER_TLS_VERIFY=1
  3. export DOCKER_CERT_PATH=/path/to/certificate
  4. docker volume create arangodb
  5. docker run -it --name=adb --rm -p 8528:8528 \
  6. -v arangodb:/data \
  7. -v /var/run/docker.sock:/var/run/docker.sock \
  8. -v /path/to/certificate:/path/to/certificate
  9. arangodb/arangodb-starter \
  10. --starter.address=$IP \
  11. --starter.mode=single

Note that the environment variables DOCKER_TLS_VERIFY and DOCKER_CERT_PATH as well as the additional mountpoint containing the certificate have been added above. directory. The assignment of DOCKER_CERT_PATH is optional, in which case it is mandatory that the certificates are stored in $HOME/.docker. Sothe command would then be as follows

  1. export IP=<IP of docker host>
  2. docker volume create arangodb
  3. docker run -it --name=adb --rm -p 8528:8528 \
  4. -v arangodb:/data \
  5. -v /var/run/docker.sock:/var/run/docker.sock \
  6. -v /path/to/cert:/root/.docker \
  7. -e DOCKER_TLS_VERIFY=1 \
  8. arangodb/arangodb-starter \
  9. --starter.address=$IP \
  10. --starter.mode=single