Skip to content
Permalink
367955155b
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
642 lines (619 sloc) 18.8 KB
version: "3.3"
services:
grouper_daemon:
build: ./grouper_daemon/
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon"
depends_on:
- grouper_data
- directory
environment:
- ENV
- USERTOKEN
- GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE=password
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
#- RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt
- RABBITMQ_PASSWORD=password
- SUBJECT_SOURCE_LDAP_PASSWORD=password
networks:
net:
aliases:
- grouper-daemon
healthcheck:
test: gsh
interval: 30s
timeout: 30s
retries: 3
secrets:
- g_database_password.txt
- rabbitmq_password.txt
volumes:
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.client.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.client.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper-loader.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
- type: bind
source: ./configs-and-secrets/grouper/application/subject.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
grouper_ui:
build:
context: ./grouper_ui/
args:
- CSPHOSTNAME
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui"
depends_on:
- grouper_data
- directory
environment:
- ENV
- USERTOKEN
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
networks:
net:
aliases:
- grouper-ui
ports:
- 8443:443
healthcheck:
test: curl -k -f https://127.0.0.1/grouper/grouperUi/ || exit 1
interval: 30s
timeout: 30s
retries: 3
secrets:
- g_database_password.txt
- source: g_sp-key.pem
target: shib_sp-key.pem
- source: g_host-key.pem
target: host-key.pem
volumes:
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.properties
target: /opt/grouper/conf/grouper.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.client.properties
target: /opt/grouper/conf/grouper.client.properties
- type: bind
source: ./configs-and-secrets/grouper/shibboleth/sp-cert.pem
target: /etc/shibboleth/sp-cert.pem
- type: bind
source: ./configs-and-secrets/grouper/shibboleth/shibboleth2.xml
target: /etc/shibboleth/shibboleth2.xml
# Note: due to a bug in https://github.internet2.edu/docker/grouper/blob/2.5.57/container_files/usr-local-bin/librarySetupFilesForProcess.sh#L72
# This file had to be mounted as shib2.conf, instead of shib.conf (bind mounts don't want to be moved)
- type: bind
source: ./configs-and-secrets/grouper/httpd/shib.conf
target: /etc/httpd/conf.d/shib2.conf
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper-loader.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
- type: bind
source: ./configs-and-secrets/grouper/application/subject.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
grouper_ws:
build: ./grouper_ws/
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws"
depends_on:
- grouper_data
- directory
environment:
- ENV
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt
- SUBJECT_SOURCE_LDAP_PASSWORD=password
- USERTOKEN
networks:
net:
aliases:
- grouper-ws
ports:
- 9443:443
healthcheck:
test: curl -k -f https://127.0.0.1/grouper-ws/status?diagnosticType=trivial || exit 1
interval: 30s
timeout: 30s
retries: 3
secrets:
- g_database_password.txt
- source: g_sp-key.pem
target: shib_sp-key.pem
- source: g_host-key.pem
target: host-key.pem
volumes:
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.properties
target: /opt/grouper/conf/grouper.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.client.properties
target: /opt/grouper/conf/grouper.client.properties
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
- type: bind
source: ./configs-and-secrets/grouper/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- type: bind
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties
- type: bind
source: ./configs-and-secrets/grouper/application/grouper-loader.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties
- type: bind
source: ./configs-and-secrets/grouper/application/subject.properties
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties
grouper_data:
build: ./grouper_data/
networks:
net:
aliases:
- grouper-data
ports:
- 3306:3306
healthcheck:
test: curl -s 127.0.0.1:3306
interval: 30s
timeout: 30s
retries: 3
volumes:
- grouper_data:/var/lib/mysql
directory:
build: ./directory/
links:
- "ad:ad"
ports:
- 1389:389
networks:
- net
healthcheck:
test: netstat -an | grep :389 | grep LISTEN
interval: 30s
timeout: 30s
retries: 3
volumes:
- ldap:/var/lib/dirsrv
sources:
build: ./sources/
ports:
- 13306:3306
networks:
- net
healthcheck:
test: curl -s 127.0.0.1:3306
interval: 30s
timeout: 30s
retries: 3
volumes:
- source_mysql:/var/lib/mysql
- source_data:/var/lib/mysqlmounted
environment:
- CREATE_NEW_DATABASE=if_needed
comanage_data:
build: ./comanage_data/
environment:
POSTGRES_USER: registry_user
POSTGRES_PASSWORD: 123321
POSTGRES_DB: registry
networks:
net:
aliases:
- comanage-data
ports:
- 25432:5432
healthcheck:
test: /usr/bin/pg_isready
interval: 30s
timeout: 30s
retries: 3
volumes:
- comanage_data:/var/lib/postgresql/data
comanage_midpoint_data:
build: ./comanage_midpoint_data/
environment:
POSTGRES_USER: comanage_midpoint_loader
POSTGRES_PASSWORD: 123321
POSTGRES_DB: comanage_midpoint_loader
networks:
net:
aliases:
- comanage-midpoint-data
ports:
- 35432:5432
healthcheck:
test: /usr/bin/pg_isready
interval: 30s
timeout: 30s
retries: 3
volumes:
- comanage_midpoint_data:/var/lib/postgresql/data
data_init:
image: i2incommon/midpoint:4.6
command: >
bash -c "
chmod 777 /opt/mp-pw/ ;
touch /opt/mp-pw/db_init_in_progress ;
echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ;
echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ;
/opt/midpoint/bin/midpoint.sh init-native
"
environment:
- MP_INIT_DB_CONCAT=/opt/db-init/init.sql
- MP_DB_PW=/opt/mp-pw/dbpassword
- MP_PW_DEF=/opt/mp-pw/keystorepw
volumes:
- db_init:/opt/db-init
- mp_pw:/opt/mp-pw
midpoint_data:
image: postgres:13-alpine
command: >
bash -c "
rm -f /var/lib/postgresql/data/postmaster.pid ;
while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do
echo 'Waiting to the end of the init process...';
sleep 1;
done ;
{
sleep 2 ;
if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ;
then echo 'DB init did not start...' ;
rm -f /opt/mp-pw/db_ini*;
echo 'The lock files has been removed...';
fi ;
} &
docker-entrypoint.sh postgres
"
user: "70:70"
depends_on:
- data_init
environment:
- POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword
- POSTGRES_USER=midpoint
- POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8
ports:
- 5432:5432
healthcheck:
test: /usr/local/bin/pg_isready
interval: 30s
timeout: 30s
retries: 3
networks:
- net
volumes:
- midpoint_data:/var/lib/postgresql/data
- db_init:/docker-entrypoint-initdb.d/
- mp_pw:/opt/mp-pw
midpoint_server:
build:
context: ./midpoint_server/
args:
- CSPHOSTNAME
depends_on:
- data_init
- midpoint_data
ports:
- 10443:443
environment:
- ENV
- USERTOKEN
- REPO_DATABASE_TYPE=postgresql
- MP_SET_midpoint_repository_jdbcUsername=midpoint
- MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword
- MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint
- MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw
- MP_SET_server_tomcat_ajp_enabled=true
- MP_SET_server_tomcat_ajp_port=9090
- MP_SET_server_tomcat_ajp_secret=s3cr3t
- MP_SET_logging_path=/tmp/logtomcat
- MP_UNSET_midpoint_repository_hibernateHbm2ddl=1
- MP_NO_ENV_COMPAT=1
- MP_MEM_MAX
- MP_MEM_INIT
- MP_JAVA_OPTS
- TIER_BEACON_OPT_OUT
- TIMEZONE
networks:
net:
aliases:
- midpoint-server
secrets:
- mp_host-key.pem
- mp_shibboleth_sp_keys.jks
volumes:
- midpoint_home:/opt/midpoint/var
- type: bind
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
target: /etc/pki/tls/certs/host-cert.pem
- type: bind
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- type: bind
source: ./midpoint_server/container_files/csv/source-hr.csv
target: /opt/midpoint/csv/source-hr.csv
- mp_pw:/opt/mp-pw
idp:
build:
context: ./idp/
args:
- CSPHOSTNAME
depends_on:
- directory
environment:
- JETTY_MAX_HEAP=64m
- JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
- JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
networks:
- net
ports:
- 13443:443
volumes:
- generated-metadata:/opt/shibboleth-idp/metadata/generated
- generated-config:/opt/shibboleth-idp/conf/generated
idp_ui:
build:
context: ./idp_ui/
args:
- CSPHOSTNAME
depends_on:
- idp_ui_data
networks:
- net
ports:
- 8080:8080
healthcheck:
test: curl -k -f https://127.0.0.1:8443/idpui/login || exit 1
interval: 30s
timeout: 30s
retries: 3
volumes:
- generated-metadata:/generated-metadata
- generated-config:/generated-config
idp_ui_api:
build:
context: ./idp_ui_api/
args:
- CSPHOSTNAME
depends_on:
- idp_ui_data
- idp_ui
networks:
- net
healthcheck:
test: curl -k -s https://127.0.0.1:8443/idpui-api
interval: 30s
timeout: 30s
retries: 3
volumes:
- generated-metadata:/generated-metadata
- generated-config:/generated-config
idp_ui_data:
image: postgres
environment:
POSTGRES_USER: shibui
POSTGRES_PASSWORD: secret
POSTGRES_DB: shibui
networks:
net:
aliases:
- idpui-data
ports:
- 15432:5432
healthcheck:
test: /usr/bin/pg_isready
interval: 30s
timeout: 30s
retries: 3
volumes:
- idpui_data:/var/lib/postgresql/data
mq:
build: ./mq/
environment:
- RABBITMQ_NODENAME=docker-rabbit
hostname: rabbitmq
networks:
- net
ports:
- 15672:15672
- 5672:5672
healthcheck:
test: curl -s 127.0.0.1:15672 > /dev/null
interval: 30s
timeout: 30s
retries: 3
volumes:
- mq:/var/lib/rabbitmq
webproxy:
build:
context: ./webproxy/
args:
- CSPHOSTNAME
networks:
- net
ports:
- 443:443
wordpress_server:
build:
context: ./wordpress_server/
args:
- CSPHOSTNAME
networks:
- net
depends_on:
- wordpress_data
command: bash -c 'if [ ! -s /var/www/html/wp-config.php ]; then while ! nc -z wordpress_data 3306 ; do echo waiting for mysql on wordpress_data to start; sleep 3; done; /root/wp core download --allow-root && sleep 10 && /root/wp config create --dbname=wordpress --dbuser=wordpress --dbpass=54y6RxN7GfC7aes3 --dbhost=wordpress_data --allow-root; sleep 3 && /root/wp core install --url="https://localhost/" --title="wordpress" --admin_user="banderson" --admin_password="password" --admin_email="sentrifugo.container@gmail.com" --allow-root && /root/wp --allow-root rewrite structure "/%postname%" --hard --debug; /root/wp rewrite flush --hard --debug --allow-root && sed -i "s/<\/IfModule>/RewriteCond \%{HTTP:Authorization} \^\(\.\*\)\nRewriteRule \^\(\.\*\) - [E=HTTP_AUTHORIZATION:\%1]\n<\/IfModule>\nSetEnvIf Authorization "\(\.\*\)" HTTP_AUTHORIZATION=\$$1/" /var/www/html/.htaccess && /root/wp plugin install jwt-authentication-for-wp-rest-api --activate --allow-root && /root/wp plugin install wp-rest-api-log --activate --allow-root && /root/wp plugin install shibboleth --activate --allow-root && /root/sed.sh; fi; /usr/local/bin/startup.sh;'
ports:
- "80:80"
- "12443:443"
healthcheck:
test: curl -s wordpress_server:80
interval: 30s
timeout: 30s
retries: 3
devices:
- "/dev/tty:/dev/tty"
volumes:
- wordpress_server:/var/www/html
- type: bind
source: ./configs-and-secrets/wordpress/shibboleth/shibboleth2.xml
target: /etc/shibboleth/shibboleth2.xml
- type: bind
source: ./configs-and-secrets/wordpress/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- type: bind
source: ./configs-and-secrets/wordpress/httpd/shib.conf
target: /etc/httpd/conf.d/shib.conf
wordpress_data:
build: ./wordpress_data/
networks:
- net
healthcheck:
test: curl -s 127.0.0.1:3306 ; res=$$? ; if [[ $$res -ne 1 ]]; then exit 1; fi
interval: 30s
timeout: 30s
retries: 3
volumes:
- wordpress_data:/var/lib/mysql
ports:
- 3306
comanage:
build:
context: ./comanage/
args:
- CSPHOSTNAME
depends_on:
- comanage_data
environment:
- ENV
- USERTOKEN
- SHIBBOLETH_SP_ENCRYPT_CERT=/etc/shibboleth/sp-cert.pem
- SHIBBOLETH_SP_ENCRYPT_PRIVKEY=/run/secrets/shib_sp-key.pem
- SHIBBOLETH_SP_SIGNING_CERT=/etc/shibboleth/sp-cert.pem
- SHIBBOLETH_SP_SIGNING_PRIVKEY=/run/secrets/shib_sp-key.pem
networks:
- net
ports:
- 11443:443
healthcheck:
test: curl -kf https://127.0.0.1/registry/ || exit 1
interval: 30s
timeout: 30s
retries: 3
volumes:
- type: bind
source: ./configs-and-secrets/comanage/shibboleth/shibboleth2.xml
target: /etc/shibboleth/shibboleth2.xml
- type: bind
source: ./configs-and-secrets/comanage/httpd/host-cert.pem
target: /etc/pki/tls/certs/cachain.pem
- type: bind
source: ./configs-and-secrets/comanage/shibboleth/sp-cert.pem
target: /etc/shibboleth/sp-cert.pem
secrets:
- source: c_sp-key.pem
target: shib_sp-key.pem
comanage_cron:
build:
context: ./comanage_cron/
args:
- CSPHOSTNAME
depends_on:
- comanage
healthcheck:
test: echo 'QUIT' | nc -w 10 comanage-data 5432
interval: 30s
timeout: 30s
retries: 3
environment:
- ENV
- USERTOKEN
networks:
net:
aliases:
- comanage-cron
ad:
build:
context: ./ad/
cap_add:
- CAP_SYS_ADMIN
environment:
- DOMAIN=ad.example.edu
- DOMAINPASS=Password1
hostname: dc1
networks:
net:
aliases:
- dc1.ad.example.edu
volumes:
- ad_samba_data:/var/lib/samba
- ad_samba_cfg:/etc/samba/external
ports:
- 53:53
- 53:53/udp
- 88:88
- 88:88/udp
- 135:135
- 137-138:137-138/udp
- 139:139
- 389:389
- 389:389/udp
- 445:445
- 464:464
- 464:464/udp
- 636:636
- 3268-3269:3268-3269
networks:
net:
driver: bridge
secrets:
# grouper
g_host-key.pem:
file: ./configs-and-secrets/grouper/httpd/host-key.pem
g_sp-key.pem:
file: ./configs-and-secrets/grouper/shibboleth/sp-key.pem
g_database_password.txt:
file: ./configs-and-secrets/grouper/application/database_password.txt
rabbitmq_password.txt:
file: ./configs-and-secrets/grouper/application/rabbitmq_password.txt
# midPoint
mp_host-key.pem:
file: ./configs-and-secrets/midpoint/httpd/host-key.pem
mp_shibboleth_sp_keys.jks:
file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks
# COmanage
c_sp-key.pem:
file: ./configs-and-secrets/comanage/shibboleth/sp-key.pem
volumes:
grouper_data:
source_data:
comanage_data:
comanage_midpoint_data:
comanage_mysql:
source_mysql:
target_data:
ldap:
db_init:
mp_pw:
midpoint_data:
midpoint_home:
mq:
wordpress_data:
wordpress_server:
generated-config:
generated-metadata:
mariadb-data:
idpui_data:
ad_samba_data:
ad_samba_cfg: