Project: Docker and Docker Compose - ForgeRock/frdp-uma-resource-server GitHub Wiki
Why
There needs to be an easy way to "evaluate" the UMA capabilities that are provided by the Resource Server. The current process requires environments to exist before the evaluation can begin. There are also a number of documented manual configurations that must be performed. We need to reduce / remove the "barrier to entry" for evaluation.
How
A prescriptive process is need to simplify the obtaining an evaluation environment. We assume the evaluator will have some developer and/or system administration skills.
The process:
- reuse existing services
- build project source code
- automate configuration
- manage environment life-cycle
What
Technology
Containers
The technologies related to "containers" provide functionality that would enable the implementation. Specifically, Docker "containers" will be used to provide the means to deliver the services required for the solution. Where possible, existing Docker containers from Docker Hub, shall be used for reusable services. For other services, custom Docker containers will need to be created.
Orchestration
All of the containers needs to be properly managed as part of the life-cycle. An "orchestration" mechanism would assist in managing the life-cycle. There are two options for orchestration:
This project is focused on making it easy to "try" the UMA solution. Docker Compose is a lite-weight orchestration mechanism that is typically installed with Docker. Kubernetes is "Production Grade" orchestration mechanism that is heavier-weight and would require an extra technology installation by the evaluator. Kubernetes is focused on supporting production operations with capabilities like auto scaling and recovery. We will be using Docker Compose for the initial delivery of this project. We will consider including a solution using Kubernetes in an update.
Design
Containers
The tables below identifies what containers will be needed
Name | Description | Source |
---|---|---|
MongoDB |
MongoDB database, stores Resource Server credentials and resources. This is used buy the Content Server and the Resource Server | Docker Hub: MongoDB 3.6.+ |
Access Manager |
The ForgeRock Access Manager (7.0.x) that provides OAuth 2.0, UMA 2.0 and policy management services. It is installed as a war file to a Tomcat server | Tomcat 9.0.x jdk11 openjdk |
Content Server |
Provides a generic service for managing JSON documents from a REST interface. This is used by the Resource Server to store JSON data related to a resource. It is installed as a war file to a Tomcat server | Tomcat 9.0.x jdk11 openjdk |
Resource Server |
Provides interfaces for the management and access to secured resources using the UMA 2.0 protocol. It is installed as a war file to a Tomcat server. | Tomcat 9.0.x jdk11 openjdk |
Orchestration
MongoDB
- Use "mongodb" container
- Run initialization process to:
Create databases
Create admin users (for databases)
Create collections in databases
Set indexes for collections
Access Manager
- Use "tomcat" container
- Obtain install package from ForgeRock Backstage
- Set process to load AM configuration
Content Server
- GitHub: checkout, build, package
frdp-framework
frdp-dao-mongo
frdp-content-server - Use "tomcat" container
- Apply JSON configuration file
Resource Server
- GitHub: checkout, build, package
frdp-framework
frdp-dao-mongo
frdp-dao-rest
frdp-uma-resource-server - Use "tomcat" container
- Apply configuration file
Implementation
Files / folders for the implementation:
docker/
compose/
README.md
access_manager/
MongoDB/
content_server/
resource_server/
kubernetes/
Reference
MongoDB