- See the specsheet
Maturity level 1 leads you toward how to do container orchestration properly. With maturity level 0, you are using the container "as is" but relying on external "mounts" which means you have configs outside of the container that depend on the host that runs the container. In this model you bake all of that into the container and it is a more stand-alone package that will be more reliable and consistent (i.e. the state of the configs are in the immutable container).
Get a server and database
Here is an example with AWS, basically for this example you need a Unix-based server (or Mac), and a postgres (recommended), or mysql or oracle database. Install Docker as well
See the maturity level 0 document for installing docker, and basic commands of working with images and containers.
Install the container
- See which version of Grouper to run
Pull the image
Make sure the digest is correct (from release notes page)
Create a directory to hold files to put in your subcontainer. You might have one of these directories that is shared for ws/ui/daemon.
Set grouper.hibernate.properties. Note, for DB URL, "localhost" is the container itself, not the enclosing server. You need to use an IP address that the container can communicate with. Look in the grouper.hibernate.properties for documentation on setting up the url.
If you cant connect to the database, go in the container (instructions later ) and test the communication with telnet
- The container contains jdbc drivers for hsql, msyql and postgres. If you're using Oracle, you'll need to add the jar.
Might want to use: https://raw.githubusercontent.com/Internet2/grouper/GROUPER_2_4_BRANCH/grouper/lib/jdbcSamples/ojdbc6_g.jar
Might want to use: https://repo1.maven.org/maven2/com/oracle/ojdbc/ojdbc8/184.108.40.206/ojdbc8-220.127.116.11.jar
Set morphString.properties unique key for encryption
Decide how many containers
Strategy Containers Notes SEPARATE-CONTAINERS ui
More like a production env
Uses more memory
Can control, bring up down, configure each separately
Need to manage ports. Generally 443 for UI, 8443 for WS, 8444 for Scim
ALL-IN-ONE all Runs everything in one container. Don't do this in prod
Uses less memory
When anything is up or down all is up or down
Can use 443 for UI, WS, Scim
This is not documented here. Don't do this in prod
You can have a hybrid and put whatever components in whatever containers you want
Assume logs go to docker. If you want to mount external logs, follow directions from maturity level 0
Allow grouper db config from all. You can decide if you trust your authn and mfa if you want to leave this open, or lock it down to your vpn or whatever.
Make a Dockerfile and subcontainer
Make container. Note you could have one subcontainer (recommended if possible), and deploy that to UI/WS/daemon (either ALL-IN-ONE or SEPARATE-CONTAINERS)
See maturity level 0 for Docker run command (approx step 15), make your shell script(s). Note, you do not need mounts. e.g. for ui
- Setup the database run grouper