Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
Slavek Licehammer Update to midPoint 4.4.1
Latest commit 1795874 Feb 22, 2022 History
2 contributors

Users who have contributed to this file

@mederly @ethan
version: "3.3"
services:
grouper_daemon:
build: ./grouper_daemon/
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; /usr/local/bin/startup.sh"
depends_on:
- grouper_data
- directory
environment:
- ENV
- USERTOKEN
- GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE=password
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
networks:
net:
aliases:
- grouper-daemon
healthcheck:
test: curl -s grouper_data:3306
interval: 30s
timeout: 30s
retries: 3
secrets:
- g_database_password.txt
- rabbitmq_password.txt
- source: grouper.hibernate.properties
target: grouper_grouper.hibernate.properties
- source: grouper-loader.properties
target: grouper_grouper-loader.properties
- source: subject.properties
target: grouper_subject.properties
volumes:
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.properties
target: /opt/grouper/conf/grouper.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.client.properties
target: /opt/grouper/conf/grouper.client.properties
grouper_ui:
build: ./grouper_ui/
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
depends_on:
- grouper_data
- directory
environment:
- ENV
- USERTOKEN
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
networks:
net:
aliases:
- grouper-ui
ports:
- 4443:443
secrets:
- g_database_password.txt
- source: grouper.hibernate.properties
target: grouper_grouper.hibernate.properties
- source: grouper-loader.properties
target: grouper_grouper-loader.properties
- source: subject.properties
target: grouper_subject.properties
- source: g_sp-key.pem
target: shib_sp-key.pem
- source: g_host-key.pem
target: host-key.pem
volumes:
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.properties
target: /opt/grouper/conf/grouper.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.client.properties
target: /opt/grouper/conf/grouper.client.properties
- type: bind
source: ./configs-and-secrets/grouper/shibboleth/sp-cert.pem
target: /etc/shibboleth/sp-cert.pem
- type: bind
source: ./configs-and-secrets/grouper/shibboleth/shibboleth2.xml
target: /etc/shibboleth/shibboleth2.xml
- type: bind
source: ./configs-and-secrets/grouper/shibboleth/idp-metadata.xml
target: /etc/shibboleth/idp-metadata.xml
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
grouper_ws:
build: ./grouper_ws/
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws"
depends_on:
- grouper_data
- directory
environment:
- ENV
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
- USERTOKEN
networks:
net:
aliases:
- grouper-ws
ports:
- 9443:443
secrets:
- g_database_password.txt
- source: grouper.hibernate.properties
target: grouper_grouper.hibernate.properties
- source: grouper-loader.properties
target: grouper_grouper-loader.properties
- source: subject.properties
target: grouper_subject.properties
- source: g_sp-key.pem
target: shib_sp-key.pem
- source: g_host-key.pem
target: host-key.pem
volumes:
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.properties
target: /opt/grouper/conf/grouper.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.client.properties
target: /opt/grouper/conf/grouper.client.properties
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
grouper_data:
build: ./grouper_data/
networks:
net:
aliases:
- grouper-data
ports:
- 3306:3306
healthcheck:
test: curl -s grouper_data:3306
interval: 30s
timeout: 30s
retries: 3
volumes:
- grouper_data:/var/lib/mysql
directory:
build: ./directory/
ports:
- 389:389
networks:
- net
volumes:
- ldap:/var/lib/dirsrv
sources:
build: ./sources/
ports:
- 13306:3306
networks:
- net
volumes:
- source_mysql:/var/lib/mysql
- source_data:/var/lib/mysqlmounted
environment:
- CREATE_NEW_DATABASE=if_needed
data_init:
image: i2incommon/midpoint:${tag:-4.4.1}
command: >
bash -c "
chmod 777 /opt/mp-pw/ ;
touch /opt/mp-pw/db_init_in_progress ;
echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ;
echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ;
/opt/midpoint/bin/midpoint.sh init-native
"
environment:
- MP_INIT_DB_CONCAT=/opt/db-init/init.sql
- MP_DB_PW=/opt/mp-pw/dbpassword
- MP_PW_DEF=/opt/mp-pw/keystorepw
volumes:
- db_init:/opt/db-init
- mp_pw:/opt/mp-pw
midpoint_data:
image: postgres:13-alpine
command: >
bash -c "
rm -f /var/lib/postgresql/data/postmaster.pid ;
while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do
echo 'Waiting to the end of the init process...';
sleep 1;
done ;
{
sleep 2 ;
if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ;
then echo 'DB init did not start...' ;
rm -f /opt/mp-pw/db_ini*;
echo 'The lock files has been removed...';
fi ;
} &
docker-entrypoint.sh postgres
"
user: "70:70"
depends_on:
- data_init
environment:
- POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword
- POSTGRES_USER=midpoint
- POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
ports:
- 5432:5432
networks:
- net
volumes:
- midpoint_data:/var/lib/postgresql/data
- db_init:/docker-entrypoint-initdb.d/
- mp_pw:/opt/mp-pw
midpoint_server:
build:
context: ./midpoint_server/
args:
tag: ${tag:-4.4.1}
depends_on:
- data_init
- midpoint_data
ports:
- 8443:443
environment:
- ENV
- USERTOKEN
- MP_SET_midpoint_repository_jdbcUsername=midpoint
- MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
- MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
- MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw
- MP_SET_server_tomcat_ajp_enabled=true
- MP_SET_server_tomcat_ajp_port=9090
- MP_SET_server_tomcat_ajp_secret=s3cr3t
- MP_SET_logging_path=/tmp/logtomcat
- MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
- MP_NO_ENV_COMPAT=1
- MP_MEM_MAX
- MP_MEM_INIT
- MP_JAVA_OPTS
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
net:
aliases:
- midpoint-server
secrets:
- mp_host-key.pem
- mp_shibboleth_sp_keys.jks
volumes:
- midpoint_home:/opt/midpoint/var
- type: bind
source: ./configs-and-secrets/midpoint/shibboleth/idp-metadata.xml
target: /etc/shibboleth/idp-metadata.xml
- type: bind
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
- type: bind
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- mp_pw:/opt/mp-pw
idp:
build: ./idp/
depends_on:
- directory
environment:
- JETTY_MAX_HEAP=64m
- JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
- JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
networks:
- net
ports:
- 443:443
mq:
build: ./mq/
environment:
- RABBITMQ_NODENAME=docker-rabbit
hostname: rabbitmq
networks:
- net
ports:
- 15672:15672
volumes:
- mq:/var/lib/rabbitmq
networks:
net:
driver: bridge
secrets:
# grouper
g_host-key.pem:
file: ./configs-and-secrets/grouper/httpd/host-key.pem
g_sp-key.pem:
file: ./configs-and-secrets/grouper/shibboleth/sp-key.pem
g_database_password.txt:
file: ./configs-and-secrets/grouper/application/database_password.txt
rabbitmq_password.txt:
file: ./configs-and-secrets/grouper/application/rabbitmq_password.txt
grouper.hibernate.properties:
file: ./configs-and-secrets/grouper/application/grouper.hibernate.properties
grouper-loader.properties:
file: ./configs-and-secrets/grouper/application/grouper-loader.properties
subject.properties:
file: ./configs-and-secrets/grouper/application/subject.properties
# midPoint
mp_host-key.pem:
file: ./configs-and-secrets/midpoint/httpd/host-key.pem
mp_shibboleth_sp_keys.jks:
file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
volumes:
grouper_data:
source_data:
source_mysql:
target_data:
ldap:
db_init:
mp_pw:
midpoint_data:
midpoint_home:
mq: