From 0234bc37601e2f0124315c1833d4ebc95103abdd Mon Sep 17 00:00:00 2001 From: Pavol Mederly Date: Fri, 31 Aug 2018 15:16:34 +0200 Subject: [PATCH] Add items related to dockerized version of mP --- README.md | 6 +- midpoint/README.md | 60 +++++++++++++++++ .../midpoint/database_password.txt | 1 + midpoint/docker-compose.yml | 61 +++++++++++++++++ midpoint/download-midpoint | 13 ++++ midpoint/midpoint-data/Dockerfile | 39 +++++++++++ midpoint/midpoint-data/conf/mariadb.repo | 6 ++ midpoint/midpoint-data/database_password.txt | 1 + midpoint/midpoint-data/readme.txt | 1 + midpoint/midpoint-server/Dockerfile | 65 +++++++++++++++++++ .../container_files/log-prefix | 7 ++ .../container_files/repository-url | 7 ++ 12 files changed, 265 insertions(+), 2 deletions(-) create mode 100644 midpoint/README.md create mode 100644 midpoint/configs-and-secrets/midpoint/database_password.txt create mode 100644 midpoint/docker-compose.yml create mode 100755 midpoint/download-midpoint create mode 100644 midpoint/midpoint-data/Dockerfile create mode 100644 midpoint/midpoint-data/conf/mariadb.repo create mode 100644 midpoint/midpoint-data/database_password.txt create mode 100644 midpoint/midpoint-data/readme.txt create mode 100644 midpoint/midpoint-server/Dockerfile create mode 100755 midpoint/midpoint-server/container_files/log-prefix create mode 100755 midpoint/midpoint-server/container_files/repository-url diff --git a/README.md b/README.md index 60c9042..de94626 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # midPoint_container -Eventually here will be a dockerized version of midPoint suitable for the use within TIER environment. +In the [grouper-midpoint](grouper-midpoint) directory there is a [midPoint <-> Grouper integration demo](https://spaces.at.internet2.edu/display/TIERENTREG/midPoint+-+Grouper+integration+demo). -Currently there is [midPoint <-> Grouper integration demo](grouper-midpoint), a work still in progress. +In the [midpoint](midpoint) directory there is a dockerized version of midPoint suitable for the use within TIER environment. + +Both are in progress. diff --git a/midpoint/README.md b/midpoint/README.md new file mode 100644 index 0000000..1a06f1d --- /dev/null +++ b/midpoint/README.md @@ -0,0 +1,60 @@ +# Overview + +This is a preliminary version of midPoint dockerization for TIER environment. + +There are two containers there: + +- `midpoint-server`: provides the midPoint application +- `midpoint-data`: provides the default midPoint repository + +The repository can be implemented in any other way: by another container (perhaps hosting a different database) or by providing it externally: on premises or in cloud. + +All files needed to build and compose these containers are in this directory. + +# Building and starting +## Downloading midPoint + +Before building, please build or download current `midpoint-3.9-SNAPSHOT-dist.tar.gz` file and put it into `midpoint-server` directory. There are the following options: +1. Build midPoint from sources as described [here](https://wiki.evolveum.com/display/midPoint/Building+MidPoint+From+Source+Code) - but use `tmp/tier` branch instead of `master`. It should contain a bit more stable code in comparison with the master branch. +2. Use `download-midpoint` script. +3. Download midPoint manually from [Evolveum web site](https://evolveum.com/downloads/midpoint-tier/midpoint-3.9-SNAPSHOT-dist.tar.gz). + +Showing e.g. the second option: + +``` +$ ./download-midpoint +Downloading midPoint 3.9-SNAPSHOT +----------------------------------------- + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed +100 157M 100 157M 0 0 867k 0 0:03:05 0:03:05 --:--:-- 954k +----------------------------------------- +Checking the download... +OK +``` + +## Creating Docker composition + +After midPoint archive is correctly placed into `midpoint-server` directory, please execute the following commands: + +``` +$ docker-compose up --build +``` + +This will take a while. + +Finally, you will see notices like these: + +``` +Starting midpoint_midpoint-data_1 ... +Starting midpoint_midpoint-data_1 ... done +Recreating midpoint_midpoint-server_1 ... +Recreating midpoint_midpoint-server_1 ... done +Attaching to midpoint_midpoint-data_1, midpoint_midpoint-server_1 +``` + +followed by startup messages from individual Docker containers. + +## After installation + +After Docker containers are up, check that you can log into midPoint at `http://localhost:8080/midpoint` using `administrator/5ecr3t`. diff --git a/midpoint/configs-and-secrets/midpoint/database_password.txt b/midpoint/configs-and-secrets/midpoint/database_password.txt new file mode 100644 index 0000000..11bac01 --- /dev/null +++ b/midpoint/configs-and-secrets/midpoint/database_password.txt @@ -0,0 +1 @@ +456654 diff --git a/midpoint/docker-compose.yml b/midpoint/docker-compose.yml new file mode 100644 index 0000000..b6197a4 --- /dev/null +++ b/midpoint/docker-compose.yml @@ -0,0 +1,61 @@ +# +# Building: +# - docker-compose up --build +# +# It assumes that midpoint-3.9-SNAPSHOT-dist.tar.gz is present in the 'midpoint-server' directory. (TODO: eliminate this!) +# + +version: "3.3" + +services: + midpoint-data: + build: ./midpoint-data/ + expose: + - 3306 + ports: + - 3306:3306 + networks: + - back + volumes: + - midpoint_mysql:/var/lib/mysql + + midpoint-server: + build: ./midpoint-server/ + depends_on: + - midpoint-data + expose: + - 8080 + ports: + - 8080:8080 + volumes: + - midpoint_home:/opt/midpoint/var + networks: + - back + secrets: + - m_database_password.txt +# the following is just to demonstrate required normalization of logging parameters +# environment: +# - LOGFILE=midpoint.log +# - COMPONENT=midpoint;tier +# - "USERTOKEN=user token " +# - ENV=demo only +# +# repository configuration examples +# - REPO_DATABASE_TYPE=mariadb +# - REPO_HOST=xyz +# - REPO_PORT=10000 +# the following overrides default URL construction +# - REPO_JDBC_URL=jdbc:mariadb://midpoint-data:3306/midpoint + +networks: + back: + driver: bridge + + +secrets: + m_database_password.txt: + file: ./configs-and-secrets/midpoint/database_password.txt + +volumes: + midpoint_mysql: + midpoint_home: diff --git a/midpoint/download-midpoint b/midpoint/download-midpoint new file mode 100755 index 0000000..d1b5c06 --- /dev/null +++ b/midpoint/download-midpoint @@ -0,0 +1,13 @@ +#!/bin/bash + +echo "Downloading midPoint 3.9-SNAPSHOT" +echo "-----------------------------------------" +curl --output midpoint-server/midpoint-3.9-SNAPSHOT-dist.tar.gz "https://evolveum.com/downloads/midpoint-tier/midpoint-3.9-SNAPSHOT-dist.tar.gz" +echo "-----------------------------------------" +echo "Checking the download..." +if tar -tf midpoint-server/midpoint-3.9-SNAPSHOT-dist.tar.gz >/dev/null; then + echo "OK" +else + echo "The file was not downloaded correctly" +fi + diff --git a/midpoint/midpoint-data/Dockerfile b/midpoint/midpoint-data/Dockerfile new file mode 100644 index 0000000..fcaa4e0 --- /dev/null +++ b/midpoint/midpoint-data/Dockerfile @@ -0,0 +1,39 @@ +FROM centos:centos7 + +LABEL author="tier-packaging@internet2.edu " + +COPY ./conf/mariadb.repo /etc/yum.repos.d/ + +RUN yum install -y epel-release \ + && yum update -y \ + && yum install -y mariadb-server mariadb \ + && yum clean all \ + && rm -rf /var/cache/yum + +COPY database_password.txt /tmp/ + +RUN mysql_install_db \ + && chown -R mysql:mysql /var/lib/mysql/ \ + && sed -i 's/^\(bind-address\s.*\)/# \1/' /etc/my.cnf \ + && sed -i 's/^\(log_error\s.*\)/# \1/' /etc/my.cnf \ + && sed -i 's/\[mysqld\]/\[mysqld\]\ncharacter_set_server = utf8/' /etc/my.cnf \ + && sed -i 's/\[mysqld\]/\[mysqld\]\ncollation_server = utf8_bin/' /etc/my.cnf \ + && sed -i 's/\[mysqld\]/\[mysqld\]\nport = 3306/' /etc/my.cnf \ + && cat /etc/my.cnf \ + && echo "/usr/bin/mysqld_safe &" > /tmp/config \ + && echo "mysqladmin --silent --wait=30 ping || exit 1" >> /tmp/config \ + && echo "mysql -e \"CREATE USER 'root'@'%' IDENTIFIED BY '`cat /tmp/database_password.txt`';\"" >> /tmp/config \ + && echo "echo ok0" >> /tmp/config \ + && echo "mysql -e 'GRANT ALL PRIVILEGES ON *.* TO \"root\"@\"%\" WITH GRANT OPTION;'" >> /tmp/config \ + && echo "echo ok1" >> /tmp/config \ + && echo "mysql -e 'CREATE DATABASE midpoint CHARACTER SET utf8 COLLATE utf8_bin;'" >> /tmp/config \ + && echo "echo ok2" >> /tmp/config \ + && echo "mysql -e \"SET PASSWORD FOR 'root'@'localhost' = PASSWORD('`cat /tmp/database_password.txt`');\"" >> /tmp/config \ + && echo "echo ok3" >> /tmp/config \ + && cat /tmp/config \ + && bash /tmp/config \ + && rm -f /tmp/config /tmp/database_password.txt + +EXPOSE 3306 + +CMD mysqld_safe diff --git a/midpoint/midpoint-data/conf/mariadb.repo b/midpoint/midpoint-data/conf/mariadb.repo new file mode 100644 index 0000000..e24b3a0 --- /dev/null +++ b/midpoint/midpoint-data/conf/mariadb.repo @@ -0,0 +1,6 @@ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.1/centos7-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1 + diff --git a/midpoint/midpoint-data/database_password.txt b/midpoint/midpoint-data/database_password.txt new file mode 100644 index 0000000..11bac01 --- /dev/null +++ b/midpoint/midpoint-data/database_password.txt @@ -0,0 +1 @@ +456654 diff --git a/midpoint/midpoint-data/readme.txt b/midpoint/midpoint-data/readme.txt new file mode 100644 index 0000000..e0affb1 --- /dev/null +++ b/midpoint/midpoint-data/readme.txt @@ -0,0 +1 @@ +database_password.txt should be synchronized with ../configs-and-secrets/midpoint/database_password.txt diff --git a/midpoint/midpoint-server/Dockerfile b/midpoint/midpoint-server/Dockerfile new file mode 100644 index 0000000..b17312e --- /dev/null +++ b/midpoint/midpoint-server/Dockerfile @@ -0,0 +1,65 @@ +# +# Building assumes midpoint-3.9-SNAPSHOT-dist.tar.gz is present in the current directory. +# + +FROM tier/shibboleth_sp + +MAINTAINER info@evolveum.com + +# TODO switch to other appropriate Java implementation + +RUN yum -y install java-1.8.0-openjdk + +# Build arguments + +ARG MP_VERSION=3.9-SNAPSHOT +ARG MP_DIST_FILE=midpoint-${MP_VERSION}-dist.tar.gz + +ENV MP_DIR=/opt/midpoint + +# Copying files + +RUN mkdir -p ${MP_DIR}/var +COPY ${MP_DIST_FILE} ${MP_DIR} +COPY container_files/ ${MP_DIR}/ +RUN echo 'Extracting midPoint archive...' \ + && tar xzf ${MP_DIR}/midpoint-${MP_VERSION}-dist.tar.gz -C ${MP_DIR} --strip-components=1 + +VOLUME ${MP_DIR}/var + +# Repository parameters + +ENV REPO_HOST midpoint-data +ENV REPO_PORT 3306 +ENV REPO_USER root +ENV REPO_DATABASE midpoint +ENV REPO_JDBC_URL default +ENV REPO_PASSWORD_FILE /run/secrets/m_database_password.txt +ENV REPO_DATABASE_TYPE mariadb + +# Logging parameters + +ENV COMPONENT midpoint +ENV LOGFILE midpoint.log +ENV ENV demo +ENV USERTOKEN $MP_VERSION + +# Other parameters + +ENV MEM 2048M + +# Execution + +CMD java -Xmx$MEM -Xms2048M -Dfile.encoding=UTF8 \ + -Dmidpoint.home=$MP_DIR/var \ + -Dmidpoint.repository.database=$REPO_DATABASE_TYPE \ + -Dmidpoint.repository.jdbcUsername=$REPO_USER \ + -Dmidpoint.repository.jdbcPasswordFile=$REPO_PASSWORD_FILE \ + -Dmidpoint.repository.jdbcUrl="`$MP_DIR/repository-url`" \ + -Dmidpoint.repository.hibernateHbm2ddl=none \ + -Dmidpoint.repository.missingSchemaAction=create \ + -Dmidpoint.repository.initializationFailTimeout=60000 \ + -Dmidpoint.logging.console.enabled=true \ + -Dmidpoint.logging.console.prefix="`$MP_DIR/log-prefix`" \ + -Dmidpoint.logging.console.timezone=UTC \ + -jar $MP_DIR/lib/midpoint.war diff --git a/midpoint/midpoint-server/container_files/log-prefix b/midpoint/midpoint-server/container_files/log-prefix new file mode 100755 index 0000000..fb7c278 --- /dev/null +++ b/midpoint/midpoint-server/container_files/log-prefix @@ -0,0 +1,7 @@ +#!/bin/bash + +C=${COMPONENT//[;]/_} +L=${LOGFILE//[;]/_} +E=${ENV//[; ]/_} +U=${USERTOKEN//[; ]/_} +echo $C\;$L\;$E\;$U\; diff --git a/midpoint/midpoint-server/container_files/repository-url b/midpoint/midpoint-server/container_files/repository-url new file mode 100755 index 0000000..abaeb2c --- /dev/null +++ b/midpoint/midpoint-server/container_files/repository-url @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ $REPO_JDBC_URL == "default" ]; then + echo "jdbc:mariadb://$REPO_HOST:$REPO_PORT/$REPO_DATABASE?characterEncoding=utf8" +else + echo $REPO_JDBC_URL +fi