Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
InCommonTAP-Examples/Workbench/docker-compose.yml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
642 lines (619 sloc)
18.8 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.3" | |
services: | |
grouper_daemon: | |
build: ./grouper_daemon/ | |
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec daemon" | |
depends_on: | |
- grouper_data | |
- directory | |
environment: | |
- ENV | |
- USERTOKEN | |
- GROUPER_CLIENT_WEBSERVICE_PASSWORD_FILE=password | |
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt | |
#- RABBITMQ_PASSWORD_FILE=/run/secrets/rabbitmq_password.txt | |
- RABBITMQ_PASSWORD=password | |
- SUBJECT_SOURCE_LDAP_PASSWORD=password | |
networks: | |
net: | |
aliases: | |
- grouper-daemon | |
healthcheck: | |
test: gsh | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
secrets: | |
- g_database_password.txt | |
- rabbitmq_password.txt | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.client.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.client.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper-loader.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/subject.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties | |
grouper_ui: | |
build: | |
context: ./grouper_ui/ | |
args: | |
- CSPHOSTNAME | |
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql on grouper_data to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap on directory to start; sleep 3; done; exec ui" | |
depends_on: | |
- grouper_data | |
- directory | |
environment: | |
- ENV | |
- USERTOKEN | |
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt | |
- SUBJECT_SOURCE_LDAP_PASSWORD=password | |
networks: | |
net: | |
aliases: | |
- grouper-ui | |
ports: | |
- 8443:443 | |
healthcheck: | |
test: curl -k -f https://127.0.0.1/grouper/grouperUi/ || exit 1 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
secrets: | |
- g_database_password.txt | |
- source: g_sp-key.pem | |
target: shib_sp-key.pem | |
- source: g_host-key.pem | |
target: host-key.pem | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.properties | |
target: /opt/grouper/conf/grouper.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.client.properties | |
target: /opt/grouper/conf/grouper.client.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/shibboleth/sp-cert.pem | |
target: /etc/shibboleth/sp-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/shibboleth/shibboleth2.xml | |
target: /etc/shibboleth/shibboleth2.xml | |
# Note: due to a bug in https://github.internet2.edu/docker/grouper/blob/2.5.57/container_files/usr-local-bin/librarySetupFilesForProcess.sh#L72 | |
# This file had to be mounted as shib2.conf, instead of shib.conf (bind mounts don't want to be moved) | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/shib.conf | |
target: /etc/httpd/conf.d/shib2.conf | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/host-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper-loader.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/subject.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties | |
grouper_ws: | |
build: ./grouper_ws/ | |
command: bash -c "while ! curl -s grouper_data:3306 > /dev/null; do echo waiting for mysql to start; sleep 3; done; while ! curl -s ldap://directory:389 > /dev/null; do echo waiting for ldap to start; sleep 3; done; exec ws" | |
depends_on: | |
- grouper_data | |
- directory | |
environment: | |
- ENV | |
- GROUPER_DATABASE_PASSWORD_FILE=/run/secrets/g_database_password.txt | |
- SUBJECT_SOURCE_LDAP_PASSWORD=password | |
- USERTOKEN | |
networks: | |
net: | |
aliases: | |
- grouper-ws | |
ports: | |
- 9443:443 | |
healthcheck: | |
test: curl -k -f https://127.0.0.1/grouper-ws/status?diagnosticType=trivial || exit 1 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
secrets: | |
- g_database_password.txt | |
- source: g_sp-key.pem | |
target: shib_sp-key.pem | |
- source: g_host-key.pem | |
target: host-key.pem | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.properties | |
target: /opt/grouper/conf/grouper.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.client.properties | |
target: /opt/grouper/conf/grouper.client.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/host-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper.hibernate.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper.hibernate.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/grouper-loader.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/grouper-loader.properties | |
- type: bind | |
source: ./configs-and-secrets/grouper/application/subject.properties | |
target: /opt/grouper/grouperWebapp/WEB-INF/classes/subject.properties | |
grouper_data: | |
build: ./grouper_data/ | |
networks: | |
net: | |
aliases: | |
- grouper-data | |
ports: | |
- 3306:3306 | |
healthcheck: | |
test: curl -s 127.0.0.1:3306 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- grouper_data:/var/lib/mysql | |
directory: | |
build: ./directory/ | |
links: | |
- "ad:ad" | |
ports: | |
- 1389:389 | |
networks: | |
- net | |
healthcheck: | |
test: netstat -an | grep :389 | grep LISTEN | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- ldap:/var/lib/dirsrv | |
sources: | |
build: ./sources/ | |
ports: | |
- 13306:3306 | |
networks: | |
- net | |
healthcheck: | |
test: curl -s 127.0.0.1:3306 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- source_mysql:/var/lib/mysql | |
- source_data:/var/lib/mysqlmounted | |
environment: | |
- CREATE_NEW_DATABASE=if_needed | |
comanage_data: | |
build: ./comanage_data/ | |
environment: | |
POSTGRES_USER: registry_user | |
POSTGRES_PASSWORD: 123321 | |
POSTGRES_DB: registry | |
networks: | |
net: | |
aliases: | |
- comanage-data | |
ports: | |
- 25432:5432 | |
healthcheck: | |
test: /usr/bin/pg_isready | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- comanage_data:/var/lib/postgresql/data | |
comanage_midpoint_data: | |
build: ./comanage_midpoint_data/ | |
environment: | |
POSTGRES_USER: comanage_midpoint_loader | |
POSTGRES_PASSWORD: 123321 | |
POSTGRES_DB: comanage_midpoint_loader | |
networks: | |
net: | |
aliases: | |
- comanage-midpoint-data | |
ports: | |
- 35432:5432 | |
healthcheck: | |
test: /usr/bin/pg_isready | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- comanage_midpoint_data:/var/lib/postgresql/data | |
data_init: | |
image: i2incommon/midpoint:4.6 | |
command: > | |
bash -c " | |
chmod 777 /opt/mp-pw/ ; | |
touch /opt/mp-pw/db_init_in_progress ; | |
echo -e '#!/bin/sh\ntouch /opt/mp-pw/db_init' >/opt/db-init/000-start.sh ; | |
echo -e '#!/bin/sh\necho DB structure init process has finished...\nrm -f /opt/mp-pw/db_init_in_progress /opt/mp-pw/db_init' > /opt/db-init/999-finish.sh ; | |
/opt/midpoint/bin/midpoint.sh init-native | |
" | |
environment: | |
- MP_INIT_DB_CONCAT=/opt/db-init/init.sql | |
- MP_DB_PW=/opt/mp-pw/dbpassword | |
- MP_PW_DEF=/opt/mp-pw/keystorepw | |
volumes: | |
- db_init:/opt/db-init | |
- mp_pw:/opt/mp-pw | |
midpoint_data: | |
image: postgres:13-alpine | |
command: > | |
bash -c " | |
rm -f /var/lib/postgresql/data/postmaster.pid ; | |
while [ ! -s /opt/mp-pw/dbpassword -o -e /opt/mp-pw/init_in_progress ] ; do | |
echo 'Waiting to the end of the init process...'; | |
sleep 1; | |
done ; | |
{ | |
sleep 2 ; | |
if [ ! -e /opt/mp-pw/db_init -a -e /opt/mp-pw/db_init_in_progress ] ; | |
then echo 'DB init did not start...' ; | |
rm -f /opt/mp-pw/db_ini*; | |
echo 'The lock files has been removed...'; | |
fi ; | |
} & | |
docker-entrypoint.sh postgres | |
" | |
user: "70:70" | |
depends_on: | |
- data_init | |
environment: | |
- POSTGRES_PASSWORD_FILE=/opt/mp-pw/dbpassword | |
- POSTGRES_USER=midpoint | |
- POSTGRES_INITDB_ARGS=--lc-collate=en_US.utf8 --lc-ctype=en_US.utf8 | |
ports: | |
- 5432:5432 | |
healthcheck: | |
test: /usr/local/bin/pg_isready | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
networks: | |
- net | |
volumes: | |
- midpoint_data:/var/lib/postgresql/data | |
- db_init:/docker-entrypoint-initdb.d/ | |
- mp_pw:/opt/mp-pw | |
midpoint_server: | |
build: | |
context: ./midpoint_server/ | |
args: | |
- CSPHOSTNAME | |
depends_on: | |
- data_init | |
- midpoint_data | |
ports: | |
- 10443:443 | |
environment: | |
- ENV | |
- USERTOKEN | |
- REPO_DATABASE_TYPE=postgresql | |
- MP_SET_midpoint_repository_jdbcUsername=midpoint | |
- MP_SET_midpoint_repository_jdbcPassword_FILE=/opt/mp-pw/dbpassword | |
- MP_SET_midpoint_repository_jdbcUrl=jdbc:postgresql://midpoint_data:5432/midpoint | |
- MP_SET_midpoint_keystore_keyStorePassword_FILE=/opt/mp-pw/keystorepw | |
- MP_SET_server_tomcat_ajp_enabled=true | |
- MP_SET_server_tomcat_ajp_port=9090 | |
- MP_SET_server_tomcat_ajp_secret=s3cr3t | |
- MP_SET_logging_path=/tmp/logtomcat | |
- MP_UNSET_midpoint_repository_hibernateHbm2ddl=1 | |
- MP_NO_ENV_COMPAT=1 | |
- MP_MEM_MAX | |
- MP_MEM_INIT | |
- MP_JAVA_OPTS | |
- TIER_BEACON_OPT_OUT | |
- TIMEZONE | |
networks: | |
net: | |
aliases: | |
- midpoint-server | |
secrets: | |
- mp_host-key.pem | |
- mp_shibboleth_sp_keys.jks | |
volumes: | |
- midpoint_home:/opt/midpoint/var | |
- type: bind | |
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/host-cert.pem | |
- type: bind | |
source: ./configs-and-secrets/midpoint/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- type: bind | |
source: ./midpoint_server/container_files/csv/source-hr.csv | |
target: /opt/midpoint/csv/source-hr.csv | |
- mp_pw:/opt/mp-pw | |
idp: | |
build: | |
context: ./idp/ | |
args: | |
- CSPHOSTNAME | |
depends_on: | |
- directory | |
environment: | |
- JETTY_MAX_HEAP=64m | |
- JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password | |
- JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password | |
networks: | |
- net | |
ports: | |
- 13443:443 | |
volumes: | |
- generated-metadata:/opt/shibboleth-idp/metadata/generated | |
- generated-config:/opt/shibboleth-idp/conf/generated | |
idp_ui: | |
build: | |
context: ./idp_ui/ | |
args: | |
- CSPHOSTNAME | |
depends_on: | |
- idp_ui_data | |
networks: | |
- net | |
ports: | |
- 8080:8080 | |
healthcheck: | |
test: curl -k -f https://127.0.0.1:8443/idpui/login || exit 1 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- generated-metadata:/generated-metadata | |
- generated-config:/generated-config | |
idp_ui_api: | |
build: | |
context: ./idp_ui_api/ | |
args: | |
- CSPHOSTNAME | |
depends_on: | |
- idp_ui_data | |
- idp_ui | |
networks: | |
- net | |
healthcheck: | |
test: curl -k -s https://127.0.0.1:8443/idpui-api | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- generated-metadata:/generated-metadata | |
- generated-config:/generated-config | |
idp_ui_data: | |
image: postgres | |
environment: | |
POSTGRES_USER: shibui | |
POSTGRES_PASSWORD: secret | |
POSTGRES_DB: shibui | |
networks: | |
net: | |
aliases: | |
- idpui-data | |
ports: | |
- 15432:5432 | |
healthcheck: | |
test: /usr/bin/pg_isready | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- idpui_data:/var/lib/postgresql/data | |
mq: | |
build: ./mq/ | |
environment: | |
- RABBITMQ_NODENAME=docker-rabbit | |
hostname: rabbitmq | |
networks: | |
- net | |
ports: | |
- 15672:15672 | |
- 5672:5672 | |
healthcheck: | |
test: curl -s 127.0.0.1:15672 > /dev/null | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- mq:/var/lib/rabbitmq | |
webproxy: | |
build: | |
context: ./webproxy/ | |
args: | |
- CSPHOSTNAME | |
networks: | |
- net | |
ports: | |
- 443:443 | |
wordpress_server: | |
build: | |
context: ./wordpress_server/ | |
args: | |
- CSPHOSTNAME | |
networks: | |
- net | |
depends_on: | |
- wordpress_data | |
command: bash -c 'if [ ! -s /var/www/html/wp-config.php ]; then while ! nc -z wordpress_data 3306 ; do echo waiting for mysql on wordpress_data to start; sleep 3; done; /root/wp core download --allow-root && sleep 10 && /root/wp config create --dbname=wordpress --dbuser=wordpress --dbpass=54y6RxN7GfC7aes3 --dbhost=wordpress_data --allow-root; sleep 3 && /root/wp core install --url="https://localhost/" --title="wordpress" --admin_user="banderson" --admin_password="password" --admin_email="sentrifugo.container@gmail.com" --allow-root && /root/wp --allow-root rewrite structure "/%postname%" --hard --debug; /root/wp rewrite flush --hard --debug --allow-root && sed -i "s/<\/IfModule>/RewriteCond \%{HTTP:Authorization} \^\(\.\*\)\nRewriteRule \^\(\.\*\) - [E=HTTP_AUTHORIZATION:\%1]\n<\/IfModule>\nSetEnvIf Authorization "\(\.\*\)" HTTP_AUTHORIZATION=\$$1/" /var/www/html/.htaccess && /root/wp plugin install jwt-authentication-for-wp-rest-api --activate --allow-root && /root/wp plugin install wp-rest-api-log --activate --allow-root && /root/wp plugin install shibboleth --activate --allow-root && /root/sed.sh; fi; /usr/local/bin/startup.sh;' | |
ports: | |
- "80:80" | |
- "12443:443" | |
healthcheck: | |
test: curl -s wordpress_server:80 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
devices: | |
- "/dev/tty:/dev/tty" | |
volumes: | |
- wordpress_server:/var/www/html | |
- type: bind | |
source: ./configs-and-secrets/wordpress/shibboleth/shibboleth2.xml | |
target: /etc/shibboleth/shibboleth2.xml | |
- type: bind | |
source: ./configs-and-secrets/wordpress/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- type: bind | |
source: ./configs-and-secrets/wordpress/httpd/shib.conf | |
target: /etc/httpd/conf.d/shib.conf | |
wordpress_data: | |
build: ./wordpress_data/ | |
networks: | |
- net | |
healthcheck: | |
test: curl -s 127.0.0.1:3306 ; res=$$? ; if [[ $$res -ne 1 ]]; then exit 1; fi | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- wordpress_data:/var/lib/mysql | |
ports: | |
- 3306 | |
comanage: | |
build: | |
context: ./comanage/ | |
args: | |
- CSPHOSTNAME | |
depends_on: | |
- comanage_data | |
environment: | |
- ENV | |
- USERTOKEN | |
- SHIBBOLETH_SP_ENCRYPT_CERT=/etc/shibboleth/sp-cert.pem | |
- SHIBBOLETH_SP_ENCRYPT_PRIVKEY=/run/secrets/shib_sp-key.pem | |
- SHIBBOLETH_SP_SIGNING_CERT=/etc/shibboleth/sp-cert.pem | |
- SHIBBOLETH_SP_SIGNING_PRIVKEY=/run/secrets/shib_sp-key.pem | |
networks: | |
- net | |
ports: | |
- 11443:443 | |
healthcheck: | |
test: curl -kf https://127.0.0.1/registry/ || exit 1 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
volumes: | |
- type: bind | |
source: ./configs-and-secrets/comanage/shibboleth/shibboleth2.xml | |
target: /etc/shibboleth/shibboleth2.xml | |
- type: bind | |
source: ./configs-and-secrets/comanage/httpd/host-cert.pem | |
target: /etc/pki/tls/certs/cachain.pem | |
- type: bind | |
source: ./configs-and-secrets/comanage/shibboleth/sp-cert.pem | |
target: /etc/shibboleth/sp-cert.pem | |
secrets: | |
- source: c_sp-key.pem | |
target: shib_sp-key.pem | |
comanage_cron: | |
build: | |
context: ./comanage_cron/ | |
args: | |
- CSPHOSTNAME | |
depends_on: | |
- comanage | |
healthcheck: | |
test: echo 'QUIT' | nc -w 10 comanage-data 5432 | |
interval: 30s | |
timeout: 30s | |
retries: 3 | |
environment: | |
- ENV | |
- USERTOKEN | |
networks: | |
net: | |
aliases: | |
- comanage-cron | |
ad: | |
build: | |
context: ./ad/ | |
cap_add: | |
- CAP_SYS_ADMIN | |
environment: | |
- DOMAIN=ad.example.edu | |
- DOMAINPASS=Password1 | |
hostname: dc1 | |
networks: | |
net: | |
aliases: | |
- dc1.ad.example.edu | |
volumes: | |
- ad_samba_data:/var/lib/samba | |
- ad_samba_cfg:/etc/samba/external | |
ports: | |
- 53:53 | |
- 53:53/udp | |
- 88:88 | |
- 88:88/udp | |
- 135:135 | |
- 137-138:137-138/udp | |
- 139:139 | |
- 389:389 | |
- 389:389/udp | |
- 445:445 | |
- 464:464 | |
- 464:464/udp | |
- 636:636 | |
- 3268-3269:3268-3269 | |
networks: | |
net: | |
driver: bridge | |
secrets: | |
# grouper | |
g_host-key.pem: | |
file: ./configs-and-secrets/grouper/httpd/host-key.pem | |
g_sp-key.pem: | |
file: ./configs-and-secrets/grouper/shibboleth/sp-key.pem | |
g_database_password.txt: | |
file: ./configs-and-secrets/grouper/application/database_password.txt | |
rabbitmq_password.txt: | |
file: ./configs-and-secrets/grouper/application/rabbitmq_password.txt | |
# midPoint | |
mp_host-key.pem: | |
file: ./configs-and-secrets/midpoint/httpd/host-key.pem | |
mp_shibboleth_sp_keys.jks: | |
file: ./configs-and-secrets/midpoint/shibboleth/shibboleth_sp_keys.jks | |
# COmanage | |
c_sp-key.pem: | |
file: ./configs-and-secrets/comanage/shibboleth/sp-key.pem | |
volumes: | |
grouper_data: | |
source_data: | |
comanage_data: | |
comanage_midpoint_data: | |
comanage_mysql: | |
source_mysql: | |
target_data: | |
ldap: | |
db_init: | |
mp_pw: | |
midpoint_data: | |
midpoint_home: | |
mq: | |
wordpress_data: | |
wordpress_server: | |
generated-config: | |
generated-metadata: | |
mariadb-data: | |
idpui_data: | |
ad_samba_data: | |
ad_samba_cfg: |