Skip to content
Permalink
1006f14155
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

InCommonTAP-Examples/Workbench/docker-compose.yml

Go to file
 
 
Cannot retrieve contributors at this time
532 lines (513 sloc) 16.1 KB
Raw Blame
version: "3.3"
services:
grouper_daemon:
build: ./grouper_daemon/
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon"
depends_on:
- grouper_data
- directory
environment:
- ENV
- USERTOKEN
- GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE=password
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
#- RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt
- RABBITMQ_PASSWORD=password
- SUBJECT_SOURCE_LDAP_PASSWORD=password
networks:
net:
aliases:
- grouper-daemon
healthcheck:
test: gsh
interval: 30s
timeout: 30s
retries: 3
secrets:
- g_database_password.txt
- rabbitmq_password.txt
volumes:
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.client.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.client.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper-loader.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
- type: bind
source: ./configs-and-secrets/grouper/application/subject.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
grouper_ui:
build:
context: ./grouper_ui/
args:
- CSPHOSTNAME
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
depends_on:
- grouper_data
- directory
environment:
- ENV
- USERTOKEN
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
networks:
net:
aliases:
- grouper-ui
ports:
- 8443:443
healthcheck:
test: curl -k -f https://127.0.0.1/grouper/grouperUi/ || exit 1
interval: 30s
timeout: 30s
retries: 3
secrets:
- g_database_password.txt
- source: g_sp-key.pem
target: shib_sp-key.pem
- source: g_host-key.pem
target: host-key.pem
volumes:
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.properties
target: /opt/grouper/conf/grouper.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.client.properties
target: /opt/grouper/conf/grouper.client.properties
- type: bind
source: ./configs-and-secrets/grouper/shibboleth/sp-cert.pem
target: /etc/shibboleth/sp-cert.pem
- type: bind
source: ./configs-and-secrets/grouper/shibboleth/shibboleth2.xml
target: /etc/shibboleth/shibboleth2.xml
# Note: due to a bug in https://github.internet2.edu/docker/grouper/blob/2.5.57/container_files/usr-local-bin/librarySetupFilesForProcess.sh#L72
# This file had to be mounted as shib2.conf, instead of shib.conf (bind mounts don't want to be moved)
- type: bind
source: ./configs-and-secrets/grouper/httpd/shib.conf
target: /etc/httpd/conf.d/shib2.conf
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper-loader.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
- type: bind
source: ./configs-and-secrets/grouper/application/subject.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
grouper_ws:
build: ./grouper_ws/
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws"
depends_on:
- grouper_data
- directory
environment:
- ENV
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
- USERTOKEN
networks:
net:
aliases:
- grouper-ws
ports:
- 9443:443
healthcheck:
test: curl -k -f https://127.0.0.1/grouper-ws/status?diagnosticType=trivial || exit 1
interval: 30s
timeout: 30s
retries: 3
secrets:
- g_database_password.txt
- source: g_sp-key.pem
target: shib_sp-key.pem
- source: g_host-key.pem
target: host-key.pem
volumes:
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.properties
target: /opt/grouper/conf/grouper.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.client.properties
target: /opt/grouper/conf/grouper.client.properties
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper-loader.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
- type: bind
source: ./configs-and-secrets/grouper/application/subject.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
grouper_data:
build: ./grouper_data/
networks:
net:
aliases:
- grouper-data
ports:
- 3306:3306
healthcheck:
test: curl -s 127.0.0.1:3306
interval: 30s
timeout: 30s
retries: 3
volumes:
- grouper_data:/var/lib/mysql
directory:
build: ./directory/
ports:
- 389:389
networks:
- net
healthcheck:
test: netstat -an | grep :389 | grep LISTEN
interval: 30s
timeout: 30s
retries: 3
volumes:
- ldap:/var/lib/dirsrv
sources:
build: ./sources/
ports:
- 13306:3306
networks:
- net
healthcheck:
test: curl -s 127.0.0.1:3306
interval: 30s
timeout: 30s
retries: 3
volumes:
- source_mysql:/var/lib/mysql
- source_data:/var/lib/mysqlmounted
environment:
- CREATE_NEW_DATABASE=if_needed
comanage_data:
build: ./comanage_data
ports:
- 23306:3306
networks:
net:
aliases:
- comanage-data
healthcheck:
test: curl -s 127.0.0.1:3306
interval: 30s
timeout: 30s
retries: 3
volumes:
- comanage_mysql:/var/lib/mysql
- comanage_data:/var/lib/mysqlmounted
environment:
- CREATE_NEW_DATABASE=if_needed
midpoint_data:
image: postgres:12
environment:
- POSTGRES_PASSWORD_FILE=/run/secrets/mp_database_password.txt
- POSTGRES_USER=midpoint
- POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
ports:
- 5432:5432
networks:
net:
aliases:
- midpoint-data
secrets:
- mp_database_password.txt
healthcheck:
test: /usr/bin/pg_isready
interval: 30s
timeout: 30s
retries: 3
volumes:
- midpoint_data:/var/lib/postgresql/data
midpoint_server:
build:
context: ./midpoint_server/
args:
- CSPHOSTNAME
command: /usr/local/bin/startup.sh
depends_on:
- midpoint_data
ports:
- 10443:443
command: /usr/local/bin/startup.sh
environment:
- ENV
- USERTOKEN
- REPO_DATABASE_TYPE=postgresql
- REPO_HOST=midpoint_data
- REPO_JDBC_URL
- REPO_PORT=5432
- REPO_DATABASE=midpoint
- REPO_USER=midpoint
- REPO_MISSING_SCHEMA_ACTION
- REPO_UPGRADEABLE_SCHEMA_ACTION
- REPO_SCHEMA_VERSION_IF_MISSING
- REPO_SCHEMA_VARIANT
- MP_MEM_MAX
- MP_MEM_INIT
- MP_JAVA_OPTS
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
net:
aliases:
- midpoint-server
secrets:
- mp_database_password.txt
- mp_keystore_password.txt
- mp_host-key.pem
- mp_shibboleth_sp_keys.jks
volumes:
- midpoint_home:/opt/midpoint/var
- type: bind
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
- type: bind
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- type: bind
source: ./midpoint_server/container_files/csv/source-hr.csv
target: /opt/midpoint/csv/source-hr.csv
idp:
build:
context: ./idp/
args:
- CSPHOSTNAME
depends_on:
- directory
- idp_ui
environment:
- JETTY_MAX_HEAP=64m
- JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
- JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
networks:
- net
ports:
- 13443:443
volumes:
- generated-metadata:/opt/shibboleth-idp/metadata/generated
- generated-config:/opt/shibboleth-idp/conf/generated
idp_ui:
build:
context: ./idp_ui/
args:
- CSPHOSTNAME
depends_on:
- idp_ui_data
networks:
- net
ports:
- 8080:8080
healthcheck:
test: curl -k -f https://127.0.0.1:8443/idpui/login || exit 1
interval: 30s
timeout: 30s
retries: 3
volumes:
- generated-metadata:/generated-metadata
- generated-config:/generated-config
idp_ui_data:
image: tier/mariadb:mariadb10.2
ports:
- 33366:3306
environment:
MYSQL_USER: shibui
MYSQL_PASSWORD: secret
MYSQL_DATABASE: shibui
MYSQL_RANDOM_ROOT_PASSWORD: "yes"
networks:
net:
aliases:
- idpui-data
healthcheck:
test: curl -s 127.0.0.1:3306
interval: 30s
timeout: 30s
retries: 3
volumes:
- mariadb-data:/var/lib/mysql
mq:
build: ./mq/
environment:
- RABBITMQ_NODENAME=docker-rabbit
hostname: rabbitmq
networks:
- net
ports:
- 15672:15672
- 5672:5672
healthcheck:
test: curl -s 127.0.0.1:15672 > /dev/null
interval: 30s
timeout: 30s
retries: 3
volumes:
- mq:/var/lib/rabbitmq
webproxy:
build:
context: ./webproxy/
args:
- CSPHOSTNAME
networks:
- net
ports:
- 443:443
wordpress_server:
build:
context: ./wordpress_server/
args:
- CSPHOSTNAME
networks:
- net
depends_on:
- wordpress_data
command: bash -c 'if [ ! -s /var/www/html/wp-config.php ]; then while ! nc -z wordpress_data 3306 ; do echo waiting for mysql on wordpress_data to start; sleep 3; done; /root/wp core download --allow-root && sleep 10 && /root/wp config create --dbname=wordpress --dbuser=wordpress --dbpass=54y6RxN7GfC7aes3 --dbhost=wordpress_data --allow-root; sleep 3 && /root/wp core install --url="https://localhost/" --title="wordpress" --admin_user="banderson" --admin_password="password" --admin_email="sentrifugo.container@gmail.com" --allow-root && /root/wp --allow-root rewrite structure "/%postname%" --hard --debug; /root/wp rewrite flush --hard --debug --allow-root && sed -i "s/<\/IfModule>/RewriteCond \%{HTTP:Authorization} \^\(\.\*\)\nRewriteRule \^\(\.\*\) - [E=HTTP_AUTHORIZATION:\%1]\n<\/IfModule>\nSetEnvIf Authorization "\(\.\*\)" HTTP_AUTHORIZATION=\$$1/" /var/www/html/.htaccess && /root/wp plugin install jwt-authentication-for-wp-rest-api --activate --allow-root && /root/wp plugin install wp-rest-api-log --activate --allow-root && /root/wp plugin install shibboleth --activate --allow-root && /root/sed.sh; fi; /usr/local/bin/startup.sh;'
ports:
- "80:80"
- "12443:443"
healthcheck:
test: curl -s wordpress_server:80
interval: 30s
timeout: 30s
retries: 3
devices:
- "/dev/tty:/dev/tty"
volumes:
- wordpress_server:/var/www/html
- type: bind
source: ./configs-and-secrets/wordpress/shibboleth/shibboleth2.xml
target: /etc/shibboleth/shibboleth2.xml
- type: bind
source: ./configs-and-secrets/wordpress/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- type: bind
source: ./configs-and-secrets/wordpress/httpd/shib.conf
target: /etc/httpd/conf.d/shib.conf
wordpress_data:
build: ./wordpress_data/
networks:
- net
healthcheck:
test: curl -s 127.0.0.1:3306 ; res=$$? ; if [[ $$res -ne 1 ]]; then exit 1; fi
interval: 30s
timeout: 30s
retries: 3
volumes:
- wordpress_data:/var/lib/mysql
ports:
- 3306
comanage:
build:
context: ./comanage/
args:
- CSPHOSTNAME
depends_on:
- comanage_data
environment:
- ENV
- USERTOKEN
- SHIBBOLETH_SP_ENCRYPT_CERT=/etc/shibboleth/sp-cert.pem
- SHIBBOLETH_SP_ENCRYPT_PRIVKEY=/run/secrets/shib_sp-key.pem
- SHIBBOLETH_SP_SIGNING_CERT=/etc/shibboleth/sp-cert.pem
- SHIBBOLETH_SP_SIGNING_PRIVKEY=/run/secrets/shib_sp-key.pem
networks:
- net
ports:
- 11443:443
healthcheck:
test: curl -kf https://127.0.0.1/registry/ || exit 1
interval: 30s
timeout: 30s
retries: 3
volumes:
- type: bind
source: ./configs-and-secrets/comanage/shibboleth/shibboleth2.xml
target: /etc/shibboleth/shibboleth2.xml
- type: bind
source: ./configs-and-secrets/comanage/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- type: bind
source: ./configs-and-secrets/comanage/shibboleth/sp-cert.pem
target: /etc/shibboleth/sp-cert.pem
secrets:
- source: c_sp-key.pem
target: shib_sp-key.pem
comanage-cron:
build:
context: ./comanage_cron/
args:
- CSPHOSTNAME
depends_on:
- comanage
healthcheck:
test: curl -s comanage_data:3306
interval: 30s
timeout: 30s
retries: 3
environment:
- ENV
- USERTOKEN
networks:
- net
networks:
net:
driver: bridge
secrets:
# grouper
g_host-key.pem:
file: ./configs-and-secrets/grouper/httpd/host-key.pem
g_sp-key.pem:
file: ./configs-and-secrets/grouper/shibboleth/sp-key.pem
g_database_password.txt:
file: ./configs-and-secrets/grouper/application/database_password.txt
rabbitmq_password.txt:
file: ./configs-and-secrets/grouper/application/rabbitmq_password.txt
# midPoint
mp_host-key.pem:
file: ./configs-and-secrets/midpoint/httpd/host-key.pem
mp_database_password.txt:
file: ./configs-and-secrets/midpoint/application/database_password.txt
mp_keystore_password.txt:
file: ./configs-and-secrets/midpoint/application/keystore_password.txt
mp_shibboleth_sp_keys.jks:
file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
# COmanage
c_sp-key.pem:
file: ./configs-and-secrets/comanage/shibboleth/sp-key.pem
volumes:
grouper_data:
source_data:
comanage_data:
comanage_mysql:
source_mysql:
target_data:
ldap:
midpoint_data:
midpoint_mysql:
midpoint_home:
mq:
wordpress_data:
wordpress_server:
generated-config:
generated-metadata:
mariadb-data: