Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
InCommonTAP-Examples/Workbench/docker-compose.yml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
532 lines (513 sloc)
16.1 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.3" | |
services: | |
grouper_daemon: | |
build: ./grouper_daemon/ | |
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon" | |
depends_on: | |
- grouper_data | |
- directory | |
environment: | |
- ENV | |
- USERTOKEN | |
- GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE=password | |
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt | |
#- RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt | |
- RABBITMQ_PASSWORD=password | |
- SUBJECT_SOURCE_LDAP_PASSWORD=password | |
networks: | |
net: | |
aliases: | |
- grouper-daemon | |
healthcheck: | |
test: gsh | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
secrets: | |
- g_database_password.txt | |
- rabbitmq_password.txt | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.client.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.client.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper-loader.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/subject.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties | |
grouper_ui: | |
build: | |
context: ./grouper_ui/ | |
args: | |
- CSPHOSTNAME | |
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui" | |
depends_on: | |
- grouper_data | |
- directory | |
environment: | |
- ENV | |
- USERTOKEN | |
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt | |
- SUBJECT_SOURCE_LDAP_PASSWORD=password | |
networks: | |
net: | |
aliases: | |
- grouper-ui | |
ports: | |
- 8443:443 | |
healthcheck: | |
test: curl -k -f https://127.0.0.1/grouper/grouperUi/ || exit 1 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
secrets: | |
- g_database_password.txt | |
- source: g_sp-key.pem | |
target: shib_sp-key.pem | |
- source: g_host-key.pem | |
target: host-key.pem | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.properties | |
target: /opt/grouper/conf/grouper.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.client.properties | |
target: /opt/grouper/conf/grouper.client.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/shibboleth/sp-cert.pem | |
target: /etc/shibboleth/sp-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/shibboleth/shibboleth2.xml | |
target: /etc/shibboleth/shibboleth2.xml | |
# Note: due to a bug in https://github.internet2.edu/docker/grouper/blob/2.5.57/container_files/usr-local-bin/librarySetupFilesForProcess.sh#L72 | |
# This file had to be mounted as shib2.conf, instead of shib.conf (bind mounts don't want to be moved) | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/shib.conf | |
target: /etc/httpd/conf.d/shib2.conf | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/host-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper-loader.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/subject.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties | |
grouper_ws: | |
build: ./grouper_ws/ | |
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws" | |
depends_on: | |
- grouper_data | |
- directory | |
environment: | |
- ENV | |
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt | |
- SUBJECT_SOURCE_LDAP_PASSWORD=password | |
- USERTOKEN | |
networks: | |
net: | |
aliases: | |
- grouper-ws | |
ports: | |
- 9443:443 | |
healthcheck: | |
test: curl -k -f https://127.0.0.1/grouper-ws/status?diagnosticType=trivial || exit 1 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
secrets: | |
- g_database_password.txt | |
- source: g_sp-key.pem | |
target: shib_sp-key.pem | |
- source: g_host-key.pem | |
target: host-key.pem | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.properties | |
target: /opt/grouper/conf/grouper.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.client.properties | |
target: /opt/grouper/conf/grouper.client.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/host-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper-loader.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/subject.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties | |
grouper_data: | |
build: ./grouper_data/ | |
networks: | |
net: | |
aliases: | |
- grouper-data | |
ports: | |
- 3306:3306 | |
healthcheck: | |
test: curl -s 127.0.0.1:3306 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- grouper_data:/var/lib/mysql | |
directory: | |
build: ./directory/ | |
ports: | |
- 389:389 | |
networks: | |
- net | |
healthcheck: | |
test: netstat -an | grep :389 | grep LISTEN | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- ldap:/var/lib/dirsrv | |
sources: | |
build: ./sources/ | |
ports: | |
- 13306:3306 | |
networks: | |
- net | |
healthcheck: | |
test: curl -s 127.0.0.1:3306 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- source_mysql:/var/lib/mysql | |
- source_data:/var/lib/mysqlmounted | |
environment: | |
- CREATE_NEW_DATABASE=if_needed | |
comanage_data: | |
build: ./comanage_data | |
ports: | |
- 23306:3306 | |
networks: | |
net: | |
aliases: | |
- comanage-data | |
healthcheck: | |
test: curl -s 127.0.0.1:3306 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- comanage_mysql:/var/lib/mysql | |
- comanage_data:/var/lib/mysqlmounted | |
environment: | |
- CREATE_NEW_DATABASE=if_needed | |
midpoint_data: | |
image: postgres:12 | |
environment: | |
- POSTGRES_PASSWORD_FILE=/run/secrets/mp_database_password.txt | |
- POSTGRES_USER=midpoint | |
- POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8 | |
ports: | |
- 5432:5432 | |
networks: | |
net: | |
aliases: | |
- midpoint-data | |
secrets: | |
- mp_database_password.txt | |
healthcheck: | |
test: /usr/bin/pg_isready | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- midpoint_data:/var/lib/postgresql/data | |
midpoint_server: | |
build: | |
context: ./midpoint_server/ | |
args: | |
- CSPHOSTNAME | |
command: /usr/local/bin/startup.sh | |
depends_on: | |
- midpoint_data | |
ports: | |
- 10443:443 | |
command: /usr/local/bin/startup.sh | |
environment: | |
- ENV | |
- USERTOKEN | |
- REPO_DATABASE_TYPE=postgresql | |
- REPO_HOST=midpoint_data | |
- REPO_JDBC_URL | |
- REPO_PORT=5432 | |
- REPO_DATABASE=midpoint | |
- REPO_USER=midpoint | |
- REPO_MISSING_SCHEMA_ACTION | |
- REPO_UPGRADEABLE_SCHEMA_ACTION | |
- REPO_SCHEMA_VERSION_IF_MISSING | |
- REPO_SCHEMA_VARIANT | |
- MP_MEM_MAX | |
- MP_MEM_INIT | |
- MP_JAVA_OPTS | |
- TIER_BEACON_OPT_OUT | |
- TIMEZONE | |
networks: | |
net: | |
aliases: | |
- midpoint-server | |
secrets: | |
- mp_database_password.txt | |
- mp_keystore_password.txt | |
- mp_host-key.pem | |
- mp_shibboleth_sp_keys.jks | |
volumes: | |
- midpoint_home:/opt/midpoint/var | |
- type: bind | |
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/host-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- type: bind | |
source: ./midpoint_server/container_files/csv/source-hr.csv | |
target: /opt/midpoint/csv/source-hr.csv | |
idp: | |
build: | |
context: ./idp/ | |
args: | |
- CSPHOSTNAME | |
depends_on: | |
- directory | |
- idp_ui | |
environment: | |
- JETTY_MAX_HEAP=64m | |
- JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password | |
- JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password | |
networks: | |
- net | |
ports: | |
- 13443:443 | |
volumes: | |
- generated-metadata:/opt/shibboleth-idp/metadata/generated | |
- generated-config:/opt/shibboleth-idp/conf/generated | |
idp_ui: | |
build: | |
context: ./idp_ui/ | |
args: | |
- CSPHOSTNAME | |
depends_on: | |
- idp_ui_data | |
networks: | |
- net | |
ports: | |
- 8080:8080 | |
healthcheck: | |
test: curl -k -f https://127.0.0.1:8443/idpui/login || exit 1 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- generated-metadata:/generated-metadata | |
- generated-config:/generated-config | |
idp_ui_data: | |
image: tier/mariadb:mariadb10.2 | |
ports: | |
- 33366:3306 | |
environment: | |
MYSQL_USER: shibui | |
MYSQL_PASSWORD: secret | |
MYSQL_DATABASE: shibui | |
MYSQL_RANDOM_ROOT_PASSWORD: "yes" | |
networks: | |
net: | |
aliases: | |
- idpui-data | |
healthcheck: | |
test: curl -s 127.0.0.1:3306 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- mariadb-data:/var/lib/mysql | |
mq: | |
build: ./mq/ | |
environment: | |
- RABBITMQ_NODENAME=docker-rabbit | |
hostname: rabbitmq | |
networks: | |
- net | |
ports: | |
- 15672:15672 | |
- 5672:5672 | |
healthcheck: | |
test: curl -s 127.0.0.1:15672 > /dev/null | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- mq:/var/lib/rabbitmq | |
webproxy: | |
build: | |
context: ./webproxy/ | |
args: | |
- CSPHOSTNAME | |
networks: | |
- net | |
ports: | |
- 443:443 | |
wordpress_server: | |
build: | |
context: ./wordpress_server/ | |
args: | |
- CSPHOSTNAME | |
networks: | |
- net | |
depends_on: | |
- wordpress_data | |
command: bash -c 'if [ ! -s /var/www/html/wp-config.php ]; then while ! nc -z wordpress_data 3306 ; do echo waiting for mysql on wordpress_data to start; sleep 3; done; /root/wp core download --allow-root && sleep 10 && /root/wp config create --dbname=wordpress --dbuser=wordpress --dbpass=54y6RxN7GfC7aes3 --dbhost=wordpress_data --allow-root; sleep 3 && /root/wp core install --url="https://localhost/" --title="wordpress" --admin_user="banderson" --admin_password="password" --admin_email="sentrifugo.container@gmail.com" --allow-root && /root/wp --allow-root rewrite structure "/%postname%" --hard --debug; /root/wp rewrite flush --hard --debug --allow-root && sed -i "s/<\/IfModule>/RewriteCond \%{HTTP:Authorization} \^\(\.\*\)\nRewriteRule \^\(\.\*\) - [E=HTTP_AUTHORIZATION:\%1]\n<\/IfModule>\nSetEnvIf Authorization "\(\.\*\)" HTTP_AUTHORIZATION=\$$1/" /var/www/html/.htaccess && /root/wp plugin install jwt-authentication-for-wp-rest-api --activate --allow-root && /root/wp plugin install wp-rest-api-log --activate --allow-root && /root/wp plugin install shibboleth --activate --allow-root && /root/sed.sh; fi; /usr/local/bin/startup.sh;' | |
ports: | |
- "80:80" | |
- "12443:443" | |
healthcheck: | |
test: curl -s wordpress_server:80 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
devices: | |
- "/dev/tty:/dev/tty" | |
volumes: | |
- wordpress_server:/var/www/html | |
- type: bind | |
source: ./configs-and-secrets/wordpress/shibboleth/shibboleth2.xml | |
target: /etc/shibboleth/shibboleth2.xml | |
- type: bind | |
source: ./configs-and-secrets/wordpress/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- type: bind | |
source: ./configs-and-secrets/wordpress/httpd/shib.conf | |
target: /etc/httpd/conf.d/shib.conf | |
wordpress_data: | |
build: ./wordpress_data/ | |
networks: | |
- net | |
healthcheck: | |
test: curl -s 127.0.0.1:3306 ; res=$$? ; if [[ $$res -ne 1 ]]; then exit 1; fi | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- wordpress_data:/var/lib/mysql | |
ports: | |
- 3306 | |
comanage: | |
build: | |
context: ./comanage/ | |
args: | |
- CSPHOSTNAME | |
depends_on: | |
- comanage_data | |
environment: | |
- ENV | |
- USERTOKEN | |
- SHIBBOLETH_SP_ENCRYPT_CERT=/etc/shibboleth/sp-cert.pem | |
- SHIBBOLETH_SP_ENCRYPT_PRIVKEY=/run/secrets/shib_sp-key.pem | |
- SHIBBOLETH_SP_SIGNING_CERT=/etc/shibboleth/sp-cert.pem | |
- SHIBBOLETH_SP_SIGNING_PRIVKEY=/run/secrets/shib_sp-key.pem | |
networks: | |
- net | |
ports: | |
- 11443:443 | |
healthcheck: | |
test: curl -kf https://127.0.0.1/registry/ || exit 1 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/comanage/shibboleth/shibboleth2.xml | |
target: /etc/shibboleth/shibboleth2.xml | |
- type: bind | |
source: ./configs-and-secrets/comanage/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- type: bind | |
source: ./configs-and-secrets/comanage/shibboleth/sp-cert.pem | |
target: /etc/shibboleth/sp-cert.pem | |
secrets: | |
- source: c_sp-key.pem | |
target: shib_sp-key.pem | |
comanage-cron: | |
build: | |
context: ./comanage_cron/ | |
args: | |
- CSPHOSTNAME | |
depends_on: | |
- comanage | |
healthcheck: | |
test: curl -s comanage_data:3306 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
environment: | |
- ENV | |
- USERTOKEN | |
networks: | |
- net | |
networks: | |
net: | |
driver: bridge | |
secrets: | |
# grouper | |
g_host-key.pem: | |
file: ./configs-and-secrets/grouper/httpd/host-key.pem | |
g_sp-key.pem: | |
file: ./configs-and-secrets/grouper/shibboleth/sp-key.pem | |
g_database_password.txt: | |
file: ./configs-and-secrets/grouper/application/database_password.txt | |
rabbitmq_password.txt: | |
file: ./configs-and-secrets/grouper/application/rabbitmq_password.txt | |
# midPoint | |
mp_host-key.pem: | |
file: ./configs-and-secrets/midpoint/httpd/host-key.pem | |
mp_database_password.txt: | |
file: ./configs-and-secrets/midpoint/application/database_password.txt | |
mp_keystore_password.txt: | |
file: ./configs-and-secrets/midpoint/application/keystore_password.txt | |
mp_shibboleth_sp_keys.jks: | |
file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks | |
# COmanage | |
c_sp-key.pem: | |
file: ./configs-and-secrets/comanage/shibboleth/sp-key.pem | |
volumes: | |
grouper_data: | |
source_data: | |
comanage_data: | |
comanage_mysql: | |
source_mysql: | |
target_data: | |
ldap: | |
midpoint_data: | |
midpoint_mysql: | |
midpoint_home: | |
mq: | |
wordpress_data: | |
wordpress_server: | |
generated-config: | |
generated-metadata: | |
mariadb-data: |