Deploying TPS on Podman - dogtagpki/pki GitHub Wiki

Overview

Note
This page is still under construction.

This document describes the process to deploy TPS container on Podman with PKI 11.6 or later.

Current limitations:

  • Replication is not yet supported (i.e. no scaling)

  • HSM is not yet supported

  • No security domain (i.e. other subsystems need to be set up manually)

  • Long startup time (due to certs import and instance creation)

Creating Network

Create a network for the containers, for example:

$ podman network create example

Alternatively, use an existing network.

Preparing Certificates

To deploy the OCSP container, prepare the following files:

Then store the files in a location that will be mapped to the /certs folder in the TPS container.

See also:

Preparing Configuration Files

Create a folder (e.g. conf) to store Tomcat and TPS configuration files. This folder will be mapped into the /conf folder in the TPS container.

Preparing Logs Folder

Create a folder (e.g. logs) to store Tomcat and TPS log files. This folder will be mapped into the /logs folder in the TPS container.

Deploying TPS Container

Run the TPS container with the following command:

$ podman run \
    --name tps \
    --hostname tps.example.com \
    --network example \
    --network-alias tps.example.com \
    -v $PWD/certs:/certs \
    -v $PWD/conf:/conf \
    -v $PWD/logs:/logs \
    -e PKI_DS_URL=ldap://ds.example.com:3389 \
    -e PKI_DS_PASSWORD=Secret.123 \
    -d \
    quay.io/dogtagpki/pki-tps:latest

Wait until the TPS service is running:

$ podman logs -f tps

Setting up TPS Database

Setting up TPS Admin User

Removing TPS Container

If the TPS container is no longer needed, it can be removed with the following command:

$ podman rm -f tps
⚠️ **GitHub.com Fallback** ⚠️