Docker - monetplus/IDport GitHub Wiki
| Variable | Description | Example |
|---|---|---|
| ${DOCKER_HOME} | Base directory for Docker related scripts | /opt/docker |
| ${COMPOSE_HOME} | Directory with configuration file for docker-compose | /opt/docker/compose |
| ${DISTRO} | Linux distribution: debian / ubuntu | debian |
| ${IMAGE_SOURCE} | Source endpoint for docker images | localhost:8888 |
| ${IDPORT_LOG_DIR} | Directory where to save appplication logs | /home/idport/log |
| ${HOST_DB_DATA} | Directory where to save DB data | /home/idport/dbdata |
| ${IDPORT_CONF_DIR} | Directory where to put configuration | /home/idport/conf |
- Instructions on the official site
- Used commands:
### Remove old versions
$ sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
### Install required tools
$ sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2 \
http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.66-1.el7.noarch.rpm
### Add official repository
$ sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
### Install Docker
$ sudo yum install -y docker-ce
### Run Docker deamon
$ sudo systemctl start docker
### Test installation
$ docker -v
### (Optional) Run Docker after start
$ sudo systemctl enable docker
- Instructions on the official site
- Used commands:
### Download Docker Compose
$ sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
### Allow executing
$ sudo chmod +x /usr/local/bin/docker-compose
### Verify installation
$ docker-compose -version
- Used commands:
### Remove old versions
$ sudo apt-get remove docker docker-engine docker.io
### Install Docker using repos.
$ sudo apt-get update
$ sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common
$ curl -fsSL https://download.docker.com/linux/${distro}/gpg | sudo apt-key add -
$ sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/distro \
$(lsb_release -cs) \
stable"
{
Special on debian wheezy:
Comment out this line in /etc/apt/sources.list
deb-src [arch=amd64] https://download.docker.com/linux/debian wheezy stable
}
$ sudo apt-get update
$ sudo apt-get install docker-ce
### Install docker-compose:
$ sudo rm /usr/local/bin/docker-compose
$ curl -L https://github.com/docker/compose/releases/download/1.11.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
$ chmod +x /usr/local/bin/docker-compose
$ sudo ln -sf /usr/local/bin/docker-compose /usr/bin/docker-compose
You need to run one command first (as root):
wget https://github.com/monetplus/IDport/wiki/files/install-idport.sh -O - | sh
After that you start the application with running: start-idport
All components that need to be run for successful startup of IDPort are automatically downloaded from official Monet+ Docker Repository and deployed.
See next subsection for more detailed description.
You need to create file docker-compose.yml in ${COMPOSE_HOME} directory with following content:
Click to expand...
version: '3'
services:
iapi:
image: docker.monetplus.cz:5000/idport/idport-app-iapi:1.0.3.1
depends_on:
- iam
- hz
- casedb
volumes:
- ${HOST_LOG_DIR}:${CONTAINER_LOG_DIR}
env_file:
- passwords.env
environment:
- "IDPORT_DB_ADDRESS=casedb"
- "IDPORT_DB_SID=xe"
- "IAM_URL=http://iam:8080/mep-iam-mock"
- "HZ_ADDRESS=hz"
- "CORE_ADDRESS=core"
- "PUSHSRV_ADDRESS=pushsrv"
- "CORS_ALLOWED_ORIGINS=*"
- "GID=${GID}"
- "LOG_DIR=${CONTAINER_LOG_DIR}"
networks:
- idport
casems:
image: docker.monetplus.cz:5000/idport/idport-app-casems:1.0.3.1
depends_on:
- iam
- hz
- casedb
- fg
volumes:
- ${HOST_LOG_DIR}:${CONTAINER_LOG_DIR}
env_file:
- passwords.env
environment:
- "IDPORT_DB_ADDRESS=casedb"
- "IDPORT_DB_SID=xe"
- "IAM_URL=http://iam:8080/mep-iam-mock"
- "HZ_ADDRESS=hz"
- "CORE_ADDRESS=core"
- "PUSHSRV_ADDRESS=pushsrv"
- "GID=${GID}"
- "LOG_DIR=${CONTAINER_LOG_DIR}"
networks:
- idport
apache:
image: docker.monetplus.cz:5000/idport/idport-apache:1.0.3.1
ports:
- "443:4443"
- "80:8080"
volumes:
- ${IDPORT_CONF_DIR}/cert:/usr/local/apache2/conf/cert
- ${IDPORT_CONF_DIR}/ext:/usr/local/apache2/conf/ext
env_file:
- passwords.env
environment:
- "GID=${GID}"
networks:
- idport
core:
image: docker.monetplus.cz:5000/idport/idport-app-core:1.0.3.1
volumes:
- ${HOST_LOG_DIR}:/srv/log/deva/idport/casecore/
environment:
- "IDPORT_DB_ADDRESS=casedb"
- "GID=${GID}"
networks:
- idport
fg:
image: docker.monetplus.cz:5000/idport/idport-app-fg:1.0.3.1
volumes:
- ${HOST_LOG_DIR}:${CONTAINER_LOG_DIR}
environment:
- "CASEMS_ADDRESS=http://casems"
- "GID=${GID}"
- "LOG_DIR=${CONTAINER_LOG_DIR}"
networks:
- idport
iam:
image: docker.monetplus.cz:5000/idport/idport-app-iam:1.0.3.1
volumes:
- ${HOST_LOG_DIR}:${CONTAINER_LOG_DIR}
environment:
- "GID=${GID}"
- "LOG_DIR=${CONTAINER_LOG_DIR}"
networks:
- idport
hz:
image: docker.monetplus.cz:5000/idport/idport-app-hz:1.0.3.1
env_file:
- passwords.env
environment:
- "JAVA_OPTS=-DIDPORT_DB_ADDRESS=casedb -DIDPORT_DB_PORT=1521 -DIDPORT_DB_SID=xe"
- "GID=${GID}"
- "LOG_DIR=${CONTAINER_LOG_DIR}"
networks:
- idport
pushsrv:
image: docker.monetplus.cz:5000/idport/idport-app-pushsrv:1.0.3.1
volumes:
- ${HOST_LOG_DIR}:${CONTAINER_LOG_DIR}
depends_on:
- casedb
env_file:
- passwords.env
environment:
- "IDPORT_DB_ADDRESS=casedb"
- "GID=${GID}"
- "LOG_DIR=${CONTAINER_LOG_DIR}"
networks:
- idport
casedb:
image: docker.monetplus.cz:5000/idport/idport-db:1.0.3.1
shm_size: 1g
healthcheck:
test: ["CMD", "/usr/sbin/healthcheck.sh"]
interval: 30s
retries: 16
volumes:
- ${HOST_DB_DATA}:/u01/app/oracle/oradata
env_file:
- passwords.env
environment:
- "GID=${GID}"
- "HEALTHCHECK_USERS=IDPORT_CASE_APP,IDPORT_CASE_CONFIG_APP,IDPORT_CASE_AUDIT_APP,IDPORT_PUSH,IDPORT_PUSH_APP"
networks:
- idport
fe:
image: docker.monetplus.cz:5000/idport/idport-fe:1.0.3.1
networks:
- idport
networks:
idport:
ipam:
driver: default
config:
- subnet: 172.248.0.0/16
docker-compose.yml makes use of passwords.env file stored also in ${COMPOSE_HOME} directory with following content:
Click to expand...
CERTPWD=cert_pwd
IDPORT_DB_PWD=idport_db_pwd
ORACLE_PWD=oracle_pwd
There is IAM Mock for demo purposes only with [email protected], [email protected], ..., [email protected] as active demo identities. You would need to substitute this IAM Mock application with real IAM system. The description of used IAM REST interface is part of this documentation. The configuration of IAM connection to IDPort can be done via change of environment variable IAM_URL in docker-compose.yml file.
If you connect IDPort to your IAM system you can safely remove IAM image from docker-compose.yml file as well.
Due to security reasons, Docker containers are running with non-privileged user. Prior to the start of IDPort applications you need to set appropriate filesystem permissions to allow containers to write log files to host filesystem (in ${IDPORT_LOG_DIR}). This can be done with following script docker-host-perms.sh. Save it and make it executable.
Click to expand...
#!/bin/bash
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
GROUP=idport_logs
GID=23456
echo -n "Adding group $GROUP ... "
if [ $(getent group $GROUP) ]; then
echo -e "${GREEN}OK${NC} - group already exists."
else
while [ $(getent group $GID) ]; do
GID=$[$GID+1]
done
if groupadd -g $GID $GROUP ; then
echo -e "${GREEN}OK${NC} - group added."
else
echo -e "${RED}FAIL${NC}"
fi
fi
LOG_DIR=${HOST_LOG_DIR}
echo "Changing permissions on logging directory: $LOG_DIR"
if chown -R :$GROUP $LOG_DIR && chmod g+s $LOG_DIR && setfacl -m "d:u::rwx,d:g::rwx,d:o:---,u::rwx,g::rwx,o:---" $LOG_DIR ; then
echo -e "${GREEN}OK${NC} - permissions set."
else
echo -e "${RED}FAIL${NC}"
fi
After that you can start IDPort applications with following script compose-up.sh:
Click to expand...
#!/bin/bash
export HOST_LOG_DIR=/var/log/idport # change also in idport-mkdir-wget.sh
export IDPORT_HOME=/opt/idport # change also in idport-mkdir-wget.sh
export COMPOSE_HOME=${IDPORT_HOME}/compose # change also in idport-mkdir-wget.sh
export IDPORT_CONF_DIR=${IDPORT_HOME}/conf # change also in idport-mkdir-wget.sh
export HOST_DB_DATA=${IDPORT_HOME}/db-data # change also in idport-mkdir-wget.sh
export CONTAINER_LOG_DIR=/home/case/log # do not change
${IDPORT_HOME}/docker-host-perms.sh
FILE=${COMPOSE_HOME}/docker-compose.yml
export GID=$(getent group idport_logs | cut -d: -f3)
docker-compose --project-name idport -f $FILE up -d
There is IDPort instance running on your Docker host after successful startup. You can connect to web applications AdminFE (https://localhost/adminfe) and DemoFE (https://localhost/demofe) and start enjoying IDPort.
If something is not working properly, please see section Known issues.
You would need to change the access configuration of the IDPort application. This can be done with modifying the Apache configuration.
You can change the TLS server certificate by putting cert.pem (public server certificate in PEM format) and cert.key (private server certificate key in PEM format) in directory ${IDPORT_CONF_DIR}/cert. It is highly recommended to issue server certificate at trusted Certification Authority due to security reasons. For testing purposes in development environment only you can issue untrusted self-signed certificate with following command:
openssl req -x509 -newkey rsa:4096 -keyout cert.key -out cert.pem -days 365
Any additional tweaks of Apache configuration can be done by putting relevant config files in directory ${IDPORT_CONF_DIR}/ext.
Changes are applied after Apache container restart.
You can open logs with following command:
docker logs -f idport_casedb_1
You can restart the application containers with following command:
docker restart idport_hz_1 idport_iapi_1 idport_casems_1 idport_pushsrv_1 idport_core_1 idport_apache_1
The applications start faster than the the database initialisation is finished (faster than SQL scripts which are creating schemas and users, insert data etc.). Therefore applications cannot establish connections to database. The solution is to restart containers with application servers after the database is ready.
The database is intialized, if there are following lines in the database container log (docker logs idport_casedb_1):
#########################
DATABASE IS READY TO USE!
#########################
When the databse is ready, restart dependent containers:
docker restart idport_hz_1 idport_iapi_1 idport_casems_1 idport_pushsrv_1 idport_core_1
Problem of https client communicating with http host solved with and problems with building database image is solved with :
$ sudo echo -e '{\n "insecure-registries": ["${IMAGE_SOURCE}"],\n "storage-driver": "devicemapper"}' > /etc/docker/daemon.json
List all running Docker processes:
docker ps
Show logs of Docker container:
docker logs [OPTIONS] CONTAINER
OPTIONS
-
-f- follow
CONTAINER
- ID or NAME value from
docker ps
Restart containers:
docker restart idport_hz_1 idport_iapi_1 idport_casems_1 idport_pushsrv_1 idport_core_1
Execute provided command on Docker container:
docker exec -it idport_iapi_1 bash
Start bash interactivelly with own TTY.
And as admin:
docker exec -it -u 0 idport_iapi_1 bash
Stop and remove containers, networks created by docker-compose.yml. Run within the folder with docker compose file.
docker-compose --project-name idport down