Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Refactor to use Docker multi-stage builds.
Refactored the Dockerfiles and related
tooling to leverage Docker multi-stage build
functionality. Also updated base containers
to pick up later releases of Apache HTTP Server,
PHP, Shibboleth SP, and mod_auth_openidc.
  • Loading branch information
skoranda committed Apr 22, 2019
1 parent 0ce0ada commit afd84cf
Show file tree
Hide file tree
Showing 93 changed files with 5,143 additions and 5,586 deletions.
4 changes: 2 additions & 2 deletions NOTICE
@@ -1,6 +1,6 @@
Docker for COmanage Registry

Copyright (C) 2010-2017
Copyright (C) 2010-2019
University Corporation for Advanced Internet Development, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
Expand Down Expand Up @@ -30,6 +30,6 @@ to the University Corporation for Advanced Internet Development, Inc. as per
the Contributer License Agreement by,

Spherical Cow Group
https://sphericalcowgroup.com
http://sphericalcowgroup.com

---------------------------------------------------------------------------
210 changes: 87 additions & 123 deletions README.md
Expand Up @@ -21,130 +21,94 @@ limitations under the License.

# COmanage Registry Docker

## What it is
Docker version of [COmanage
Registry](https://spaces.internet2.edu/display/COmanage/Home).
This repository contains Dockerfiles, documenation, and other files necessary to
build and deploy a Dockerized version of
[COmanage Registry](https://spaces.internet2.edu/display/COmanage/Home), as well as
other infrastructure commonly deployed with COmanage Registry.

COmanage Registry is a web application that requires a relational database
Since COmanage Registry is a web application that requires a relational database
and an authentication mechanism such as
[Shibboleth](http://shibboleth.net/products/service-provider.html),
[SimpleSAMLphp](https://simplesamlphp.org/),
[mod_auth_openidc](https://github.com/pingidentity/mod_auth_openidc),
or just simple [Basic Authentication](https://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html).
Since COmanage Registry itself is agnostic about the database and authentication
mechanism used this repository includes multiple Dockerfiles to build images that use various
[Shibboleth](https://www.shibboleth.net/products/service-provider/),
[mod\_auth\_openidc](https://github.com/zmartzone/mod_auth_openidc),
or just simple [Basic Authentication](https://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html),
this repository includes multiple Dockerfiles to build images that use various
combinations of tools.

## How To

* Install Docker. These instructions require version 17.03.1 or higher.

* Install [Docker Compose](https://docs.docker.com/compose/). These instructions require
version 1.13.0 or higher.

* Clone this repository:

```
git clone https://github.com/Internet2/comanage-registry-docker.git
cd comanage-registry-docker
```

* Define the shell variable `COMANAGE_REGISTRY_VERSION` to be the version
of COmanage Registry you want to deploy. See the
[COmanage Registry Release History](https://spaces.internet2.edu/display/COmanage/Release+History)
wiki page for the list of releases. We recommend using the latest release.

Here is an example (but please check the wiki page for the latest release number):

```
export COMANAGE_REGISTRY_VERSION=3.1.1
```

* Build a local image for COmanage Registry:

```
pushd comanage-registry-basic-auth
sed -e s/%%COMANAGE_REGISTRY_VERSION%%/${COMANAGE_REGISTRY_VERSION}/g Dockerfile.template > Dockerfile
docker build -t comanage-registry:${COMANAGE_REGISTRY_VERSION}-basic-auth .
popd
```

* Build a local image of PostgreSQL for COmanage Registry:
```
pushd comanage-registry-postgres
docker build -t comanage-registry-postgres .
popd
```
* Create a template docker-compose.yml file:
```
version: '3.1'
services:
comanage-registry-database:
image: comanage-registry-postgres
comanage-registry:
image: comanage-registry:COMANAGE_REGISTRY_VERSION-basic-auth
ports:
- "80:80"
- "443:443"
```

* Use sed to set the COmanage Registry version for the image in the
docker-compose.yml file:

```
sed -i s/COMANAGE_REGISTRY_VERSION/$COMANAGE_REGISTRY_VERSION/ docker-compose.yml
```

* Start the services:
```
docker-compose up -d
```

* Browse to port 443 on the host, for example `https://localhost/`. You will have to
click through the warning from your browser about the self-signed certificate used
for HTTPS.

* Click `Login` and when prompted enter `registry.admin` as the username and `password`
for the password.

See [Advanced Configuration](docs/advanced-configuration.md)
for details on setting a non-default administrator username and password.

* Visit the [COmanage wiki](https://spaces.internet2.edu/display/COmanage/Setting+Up+Your+First+CO)
to learn how to create your first collaborative organization (CO) and begin using
the platform.

* To stop the services:
```
docker-compose stop
```

* To remove the containers and networks:
```
docker-compose down
```

### Important Notes
The instructions above are *not suitable for a production deployment* for two reasons:

1. The deployed services use default and easily guessed passwords.
2. No data is persisted. When the containers are destroyed so is your data.

## Next Steps
To evolve your COmanage Registry deployment examine the documentation
in the [docs directory](docs/README.md) or follow these direct links:

* [Persist data using host-mounted volumes](docs/basic-auth-postgres-persist.md)
* [Use MariaDB instead of PostgreSQL](docs/basic-auth-mariadb-persist.md)
* [Add OpenLDAP slapd for provisioning](docs/openldap-slapd.md)
* [Advanced configuration](docs/advanced-configuration.md)
* [Complete example recipe for production deployment](docs/shibboleth-sp-postgres-compose.md)
* [Using Docker service stacks and Docker secrets](docs/mod-auth-oidc-mariadb-stacks.md)





## Evaluate COmanage Registry

If you are new to COmanage Registry follow [these instructions](docs/evaluation.md) to build
and run a simple deployment suitable for evaluating COmanage Registry.

## Building Images

The following link to detailed instructions for building each individual image. See the next
section for links to documentation on how to deploy the images as services.

* [COmanage Registry base image](comanage-registry-base/README.md)
* [COmanage Registry with Basic Authentication](comanage-registry-basic-auth/README.md)
* [COmanage Registry with Shibboleth SP base image](comanage-registry-shibboleth-sp-base/README.md)
* [COmanage Registry with Shibboleth SP](comanage-registry-shibboleth-sp/README.md)
* [COmanage Registry with mod\_auth\_openidc](comanage-registry-mod-auth-openidc/README.md)
* [COmanage Registry for Internet2 TIER base](comanage-registry-internet2-tier-base/README.md)
* [COmanage Registry for Internet2 TIER](comanage-registry-internet2-tier/README.md)
* [PostgreSQL for COmanage Registry](comanage-registry-postgres/README.md)
* [OpenLDAP slapd base for COmanage Registry](comanage-registry-slapd-base/README.md)
* [OpenLDAP slapd for COmanage Registry](comanage-registry-slapd/README.md)
* [OpenLDAP slapd proxy for COmanage Registry](comanage-registry-slapd-proxy/README.md)

## Deploying Images and Running Services

Since COmanage Registry requires a relational database, and because it is often deployed with
other tools like an LDAP directory, multiple images need to be simultanesouly instantiated
as containers. Orchestrating multiple containers to create services is easiest using
tools such as [Docker Compose](https://docs.docker.com/compose/),
[Docker Swarm](https://docs.docker.com/engine/swarm/), or
[Kubernetes](https://kubernetes.io/).

The images built from Dockerfiles in this repository may be used with any container
orchestration platform but the documentation demonstrates how to deploy with
Docker Swarm (the simple evaluation scenario above uses Docker Compose).

The following link to detailed instructions for a number of deployment scenarios.

* [COmanage Registry using the Shibboleth SP and PostgreSQL database](docs/shibboleth-sp-postgresql.md)
* [COmanage Registry using the Shibboleth SP and MariaDB database](docs/shibboleth-sp-mariadb.md)
* [COmanage Registry using mod\_auth\_openidc and MariaDB database](docs/mod-auth-openidc-mariadb.md)
* [COmanage Registry using the Internet2 TIER image](docs/comanage-registry-internet2-tier.md)
* [Adding an OpenLDAP Directory](docs/adding-openldap.md)
* [Adding an OpenLDAP proxy server](docs/adding-openldap-proxy.md)

## All Documentation

### Building Images

* [COmanage Registry base image](comanage-registry-base/README.md)
* [COmanage Registry with Basic Authentication](comanage-registry-basic-auth/README.md)
* [COmanage Registry with Shibboleth SP base image](comanage-registry-shibboleth-sp-base/README.md)
* [COmanage Registry with Shibboleth SP](comanage-registry-shibboleth-sp/README.md)
* [COmanage Registry with mod\_auth\_openidc](comanage-registry-mod-auth-openidc/README.md)
* [COmanage Registry for Internet2 TIER base](comanage-registry-internet2-tier-base/README.md)
* [COmanage Registry for Internet2 TIER](comanage-registry-internet2-tier/README.md)
* [PostgreSQL for COmanage Registry](comanage-registry-postgres/README.md)
* [OpenLDAP slapd base for COmanage Registry](comanage-registry-slapd-base/README.md)
* [OpenLDAP slapd for COmanage Registry](comanage-registry-slapd/README.md)
* [OpenLDAP slapd proxy for COmanage Registry](comanage-registry-slapd-proxy/README.md)

### Deploying Services

* [COmanage Registry using the Shibboleth SP and PostgreSQL database](docs/shibboleth-sp-postgresql.md)
* [COmanage Registry using the Shibboleth SP and MariaDB database](docs/shibboleth-sp-mariadb.md)
* [COmanage Registry using mod\_auth\_openidc and MariaDB database](docs/mod-auth-openidc-mariadb.md)
* [COmanage Registry using the Internet2 TIER image](docs/comanage-registry-internet2-tier.md)
* [Adding an OpenLDAP Directory](docs/adding-openldap.md)
* [Adding an OpenLDAP proxy server](docs/adding-openldap-proxy.md)

### Other

* [COmanage Registry Volumes and Data Persistence](docs/volumes-and-data-persistence.md)
* [Evaluating COmanage Registry using Docker](docs/evaluation.md)
* [Environment Variables Common to All Images](docs/comanage-registry-common-environment-variables.md)
* [Environment Variables Common to Images using Shibboleth SP for Authentication](docs/comanage-registry-common-shibboleth-environment-variables.md)
* [Environment Variables Common to All slapd Images](docs/slapd-common-environment-variables.md)
* [Executing LDIF Files](docs/slapd-ldif.md)
* [OpenLDAP slapd for COmanage Registry Volumes and Data Persistence](docs/openldap-volumes-and-data-persistence.md)

0 comments on commit afd84cf

Please sign in to comment.