From 1b8bc55f82c06ce6f69c6b3e1aa3a55c85a093c2 Mon Sep 17 00:00:00 2001 From: Jim Van Fleet Date: Fri, 10 Mar 2017 12:06:07 -0500 Subject: [PATCH] Updating README with stopping place statement --- README.md | 62 ++++++++++--------------------------------------------- 1 file changed, 11 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index 6418e0e..8fe418f 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ COPY jce_policy-8.zip /tmp/$oracle_jce_zip Common additional sample configurations may include: -``` +```dockerfile COPY server.xml /usr/local/tomcat/conf/ COPY krb5.conf /etc/ ``` @@ -48,43 +48,29 @@ $ docker build -t my-shibboleth-idp . ## Test the configuration file +_CAN THIS BE DONE? [jvf]_ + ```console $ docker run -it --rm --name shibboleth-idp-test-run my-shibboleth-idp /usr/local/tomcat/bin/startup.sh ``` -## Run the container +## Run using a bind mount to share secrets ```console -$ docker run -d --name my-running-haproxy my-haproxy +$ docker run -d --name my-running-haproxy -v /path/to/shibboleth_idp/certs:/opt/certs my-running-shibboleth-idp ``` -You may need to publish the ports your haproxy is listening on to the host by specifying the -p option, for example -p 8080:80 to publish port 8080 from the container host to port 80 in the container. Make sure the port you're using is free. - -## Directly via bind mount +Note that your host's `/path/to/shibboleth_idp/certs` folder should contain... +__TBD__. -```console -$ docker run -d --name my-running-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro haproxy:1.7 -``` - -Note that your host's `/path/to/etc/haproxy` folder should be populated with a file named `haproxy.cfg`. If this configuration file refers to any other files within that folder then you should ensure that they also exist (e.g. template files such as `400.http`, `404.http`, and so forth). However, many minimal configurations do not require any supporting files. +You may need to publish the ports your Shibboleth IdP is listening on to the host by specifying the -p option, for example -p 8080:80 to publish port 8080 from the container host to port 80 in the container. Make sure the port you're using is free. ### Reloading config -If you used a bind mount for the config and have edited your `haproxy.cfg` file, you can use haproxy's graceful reload feature by sending a `SIGHUP` to the container: - -```console -$ docker kill -s HUP my-running-haproxy -``` - -The entrypoint script in the image checks for running the command `haproxy` and replaces it with `haproxy-systemd-wrapper` from haproxy upstream which takes care of signal handling to do the graceful reload. Under the hood this uses the `-sf` option of haproxy so "there are two small windows of a few milliseconds each where it is possible that a few connection failures will be noticed during high loads" (see [Stopping and restarting HAProxy](http://www.haproxy.org/download/1.7/doc/management.txt)). - -# Image Variants +__TBD__ -The `haproxy` images come in many flavors, each designed for a specific use case. +N.B. that if every config file were on the bind mount, a REHUP of the container would work, but with the files scattered about the filesystem / unspecified.... -## `haproxy:` - -This is the defacto image. If you are unsure about what your needs are, you probably want to use this one. It is designed to be used both as a throw away container (mount your source code and start the container to start your app), as well as the base to build other images off of. # License @@ -101,30 +87,4 @@ This is the defacto image. If you are unsure about what your needs are, you prob ## Contributing -## Documentation - - - - - - -## Before You Build - -### Acquiring Oracle Java - - -You should visit a page similar to [this one](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html) at Oracle to download the Oracle JDK. - -Select *the Linux x64 RPM* and agree to the Oracle Binary Code License Agreement. You'll ultimately need to mount this RPM in your invocation. - -### Acquiring JCE - -You should visit a page similar to [this one](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) at Oracle to download the Oracle Java Crypography Extension policy files. - - -## Building - -``` -docker build --build-arg oracle_jdk_rpm=jdk-8u121-linux-x64.rpm \ - --build-arg oracle_jce_zip=jce_policy-8.zip . -``` \ No newline at end of file +## Documentation \ No newline at end of file