Skip to content

Commit

Permalink
Added additional notes
Browse files Browse the repository at this point in the history
  • Loading branch information
John Gasper committed Jan 5, 2018
1 parent 4d364aa commit d7618eb
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,8 @@ $ docker run -it --rm tier/grouper:latest bin/gsh <optional GSH args>

There are several things that are required for this image to successfully start. At a minimum, the `grouper.hibernate.properties` and `subject.properties` (or the old `sources.xml` equivalent) files need to be customized and available to the container at start-up.

Grouper config files maybe placed into `/opt/grouper/conf` and these files will be put into the appropriate location based on the role the container assumes. Docker Secrets starting with the name `grouper_` should take precedence over these files. (See below.)

## Web Apps Configuration

If starting the container to serve the Grouper UI, Grouper Web Services, Grouper SCIM Server components, a TLS key and cert(s) need to be applied to those containers.
Expand Down Expand Up @@ -208,7 +210,7 @@ Here is a list of significant directories and files that deployers should be awa
- `/etc/shibboleth/`: location to overlay the Shibboleth SP configuration files used by the image.
- `/opt/tomcat/`: used to run Grouper UI and Grouper WS
- `/opt/tomee/`: used to run the Grouper SCIM Server.
- `/var/run/`: location where Docker Secrets are mounted into the container. Secrets starting with `grouper_`, `shib_`, and `httpd_` have special meaning. See `Secrets/Configs` above.
- `/var/run/secrets`: location where Docker Secrets are mounted into the container. Secrets starting with `grouper_`, `shib_`, and `httpd_` have special meaning. See `Secrets/Configs` above.

To examine baseline image files, one might run `docker run --name=temp -it tier/grouper bash` and browse through these file system endpoints. While the container is running one may copy files out of the image/container using something like `docker cp containerId:/opt/grouper/grouper.api/conf/grouper.properties .`, which will copy the `grouper.properties` to the Docker client's present working directory. These files can then be edited and applied via the mechanisms outlined above.

Expand All @@ -226,6 +228,11 @@ $ docker run -it --rm \

Note: a less privileged database user maybe used when running the typical Grouper roles. This user need SELECT, INSERT, UPDATE, and DELETE privileges on the schema objects.

# Misc Notes

- [HTTP Strict Transport Security (HSTS)](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is enabled on the Apache HTTP Server.
- morphStrings functionality in Grouper is supported. It is recommended that the various morphString files be associated with the containers as Docker Secrets. Set the configuration file properties to use `/var/run/secrets/secretname`.

# License

View [license information](TODO) for the software contained in this image.
Expand Down

0 comments on commit d7618eb

Please sign in to comment.