Deploying an AnzoGraph Container Image

If you do not have access to a Kubernetes cluster for dynamic Graph Lakehouse deployments, and an Enterprise Linux (EL) 9.3+ operating system is not available for installing Graph Lakehouse releases with the installer, you can set up a single node container instance on EL 7, 8, or 9. The recommended container engine is Podman.

This topic provides instructions for deploying a single node container image with Podman. Clusters are only supported with the complete Kubernetes infrastructure that is described in Setting up K8s Infrastructure for Dynamic Deployments.

Review the Requirements
Install Podman
Deploy AnzoGraph with Podman
Complete the Post-Deployment Configuration
Connect to Anzo

Review the Requirements

Before deploying a container image, make sure that the following requirements are met. If any of the items are missing, complete those tasks before starting the deployment.

Requirement	Description
Hardware	Make sure that the host server meets the hardware requirements in Hardware Requirements.
Software	The container images include all of the Graph Lakehouse software dependencies. You do not need to install any Graph Lakehouse dependencies on the host server.
Firewall	Open ports 5600 and 5700 on the host server to allow connections to the Graph Studio server. For more information, see Firewall Requirements.
Shared File System	Make sure that the shared file system is mounted to the host server and meets the requirements in Platform Shared File Storage Requirements.
User Account	Make sure that the platform service user account that is used to install all components is available and meets the requirements in Platform Service User Account Requirements.
License	By default, container images have an embedded license that limits Graph Lakehouse to a maximum of 8 GB RAM and 8 cores (slices) for storing data. After deploying the container, you must replace the default license with a new key (supplied by Cambridge Semantics) that increases the limits. Instructions on replacing the license are included in Complete the Post-Deployment Configuration below.
Container Registry	A private container registry is not required, but if the host server does not have outbound internet access for retrieving container images from the Cambridge Semantics public registry, you can create a private registry through your Cloud Service Provider and then copy the public images to the private registry so that the host server can access them.

Install Podman

The Podman documentation includes instructions for installing Podman on various Linux distributions. The steps below are used by Cambridge Semantics on Rocky 8.

Run the following command to install the latest version of Podman:
```
sudo dnf install podman
```
You can run the following command to verify that Podman was installed and check the version.
```
podman -version
```
For example:
```
[anzo@rocky8 ~]$ podman --version
podman version 4.6.1
```

Deploy AnzoGraph with Podman

Follow the steps below to deploy an Graph Lakehouse container image with Podman.

First, make sure that you are logged in as the service user that has been designated to install and run all platform software. If necessary, you can run the following command to become the appropriate user:
```
su <name>
```
Where <name> is the name of the platform service user. For example:
```
su anzo
```
Next, create directories on the host server that can be mapped to the Graph Lakehouse file system in the container. Since Podman, the container, and Graph Lakehouse are all run in rootless mode for security, it is important that you create the directories in a non-privileged location on the server. Altair recommends that you create the directories in the home directory for the platform service user. Run the following command to create the directories:
```
mkdir -p <non_privileged_path>/anzograph/{app-home,config,internal,lib/udx,persistence,spill}
```
For example:
```
mkdir -p ${HOME}/anzograph/{app-home,config,internal,lib/udx,persistence,spill}
```
When deploying the container, these directories are bind mounted so that their contents are preserved on the host file system and can be reused if you remove and then redeploy the container. The list below describes the contents of each directory:
- app-home contains files related to Java tuning.
- config contains the database configuration file, server certificates, and the license file.
- internal contains log files as well as compiled code and query plans that Graph Lakehouse reuses.
- lib/udx contains the Graph Data Interface, C++ extensions, and JDBC drivers.
- persistence contains a copy of the graph data that is in memory. Note that persistence is typically disabled after the deployment.
- spill contains historical system data that is retrieved for x-rays. In very rare cases when disk-based algorithms are triggered, the spill directory is also used for temporary file generation.
After creating the directories, run the following command to set an AZG_HOME environment variable to the location of the anzograph directory.
```
export AZG_HOME=<path>/anzograph
```
For example:
```
export AZG_HOME=${HOME}/anzograph
```
Next, if you have not pulled the Graph Lakehouse database image to the server, run the following command to download the image:
```
podman pull <registry_URL>/cambridgesemantics/anzograph-db:<version_tag>
```
Where <registry_URL> is the URL for the registry and <version_tag> is the Graph Lakehouse version to deploy as tagged on Docker Hub. For example, the following command pulls the 3.1.0 image from the Cambridge Semantics registry:
```
podman pull docker.io/cambridgesemantics/anzograph-db:3.1.0
```

To deploy the image that you pulled, run the following command. The options that are links are described in the table below.

podman run -d --userns=keep-id:uid=10001,gid=10001 \
--group-add=root \
-p 5600:5600 -p 5700:5700 \ 
--volume <host_shared_fs_path>:<container_shared_fs_path> \
--mount=type=tmpfs,tmpfs-size=512M,destination=/tmp \
--mount=type=tmpfs,tmpfs-size=16M,destination=/opt/anzograph/etc \
--volume ${AZG_HOME}/app-home:/opt/anzograph/app-home:z \
--volume ${AZG_HOME}/spill:/opt/anzograph/spill:z \
--volume ${AZG_HOME}/lib/udx:/opt/anzograph/lib/udx:z \
--volume ${AZG_HOME}/config:/opt/anzograph/config:z \
--volume ${AZG_HOME}/internal:/opt/anzograph/internal:z \
--volume ${AZG_HOME}/persistence:/opt/anzograph/persistence:z \
--name=<container_name> cambridgesemantics/anzograph-db:<version_tag>

Option	Description
-d	Deploys the container in detached mode so that the container runs in the background.
--userns=keep-id:uid=10001,gid=10001	Sets the user namespace mode to map the current user to the same anzograph user ID (UID) and group ID (GID) within the container.
--group-add=root	Adds an extended root group for access control in the container. The extended group is needed for certificate management.
-p 5600:5600 -p 5700:5700	Maps the system management port, 5600, and Graph Studio protocol (gRPC) port, 5700, in the container to the same ports on the host server.
--volume <host_shared_fs_path>:<container_shared_fs_path>	Creates a volume bind mount in the container to the shared file system mount on the host server so that the container can access the shared files. The path in the container must be an absolute path. Podman creates the specified path in the container when it is deployed. For example, `--volume /opt/shared/data:/opt/shared/data`.
--mount=type=tmpfs	These statements mount certain directories in the container as temporary file systems with limited space. These are directories whose contents should not be preserved on the host and reused by subsequent container deployments.
--volume ${AZG_HOME}	These statements create volume bind mounts between the directories that you created on the host server and the Graph Lakehouse installation directories in the container. The contents of these directories are preserved on the host for reuse between containers. The `:z` suffix tells Podman that two or more containers can share the volume contents so that you can redeploy the image if necessary and the new container can access the same license file, configuration files, any custom JDBC drivers, etc.
--name=<container_name>	Assigns a short name to the container. For example, `--name=anzograph`.

For example:

podman run -d --userns=keep-id:uid=10001,gid=10001 \
--group-add=root \
-p 5600:5600 -p 5700:5700 \
--volume /opt/shared/data:/opt/shared/data \
--mount=type=tmpfs,tmpfs-size=512M,destination=/tmp \
--mount=type=tmpfs,tmpfs-size=16M,destination=/opt/anzograph/etc \
--volume ${AZG_HOME}/app-home:/opt/anzograph/app-home:z \
--volume ${AZG_HOME}/spill:/opt/anzograph/spill:z \
--volume ${AZG_HOME}/lib/udx:/opt/anzograph/lib/udx:z \
--volume ${AZG_HOME}/config:/opt/anzograph/config:z \
--volume ${AZG_HOME}/etc:/opt/anzograph/etc:z \
--volume ${AZG_HOME}/internal:/opt/anzograph/internal:z \
--volume ${AZG_HOME}/persistence:/opt/anzograph/persistence:z \
--name=anzograph cambridgesemantics/anzograph-db:3.1.0

Podman deploys the container image. When the prompt returns the container ID, the container is running. For example:

[anzo@rocky8 ~]$ podman run -d --userns=keep-id:uid=10001,gid=10001 \
...
> --name=anzograph cambridgesemantics/anzograph-db:3.1.0
9a21eada64b4a9e02e3089deada870cfa6285f0b4af43da1902decc4223f0c29

The next step is to complete the recommended Graph Lakehouse configuration changes and update your license key to remove the default restrictions. See Complete the Post-Deployment Configuration below for instructions.

Complete the Post-Deployment Configuration

Follow the steps below to modify the Graph Lakehouse configuration and apply your license key.

By default, container images are configured for standalone Graph Lakehouse use without Graph Studio. To reconfigure Graph Lakehouse to use the settings for Graph Studio, replace the default settings file (anzograph/config/settings.conf) with the contents of the Graph Studio file (anzograph/config/settings_anzo.conf). To replace the file, run the following command:
```
cp <path>/anzograph/config/settings_anzo.conf <path>/anzograph/config/settings.conf
```
For example:
```
cp ${HOME}/anzograph/config/settings_anzo.conf ${HOME}/anzograph/config/settings.conf
```
Next, if you have custom JDBC drivers that you uploaded to Graph Studio, copy the same drivers to the <path>/anzograph/lib/udx directory on the host server.
Once you have added any drivers, apply your license key to the container. First, run the following command to return the Server ID for the deployment. The Server ID is associated with your license and can be used to retrieve your key from the Cambridge Semantics Licensing Portal.
```
podman exec -ti anzograph /opt/anzograph/bin/azg_get_server_id
```
For example:
```
[anzo@rocky8 ~]$ podman exec -ti anzograph /opt/anzograph/bin/azg_get_server_id
21CF-976F-35D1-EF5D-1834-F6FA
```

When you have copied the license key for your Server ID, run the following command to apply the key:

podman exec -ti anzograph /opt/anzograph/bin/azgctl -license <license_key_text>

For example:

podman exec -ti anzograph /opt/anzograph/bin/azgctl -license H4sIAAAAAJ1UTY/aMBC98yss9VSpRP...

Once the key is applied, it is important to restart and reinitialize the database to remove the resource constraints from the default license. Run the following commands to stop Graph Lakehouse and then restart and initialize the database:

podman exec -ti anzograph /opt/anzograph/bin/azgctl -stop

podman exec -ti anzograph /opt/anzograph/bin/azgctl -start -init

For example:

[anzo@rocky8 ~]$ podman exec -ti anzograph /opt/anzograph/bin/azgctl -stop
Stopping Anzograph...
[anzo@rocky8 ~]$ podman exec -ti anzograph /opt/anzograph/bin/azgctl -start -init
Starting AnzoGraph...

Once the database is started, the instance can be connected to Graph Studio. See Connect to Anzo below.

Connect to Anzo

The steps for connecting an Graph Lakehouse container instance to Graph Studio are the same as connecting a static installer-deployed instance. However, container images include a default administrator username and password that must be used for the AnzoGraph User and AnzoGraph Password fields in the connection configuration. The user is admin and the password is Passw0rd1. For instructions on creating the connection, see Connecting to Graph Lakehouse.