TIER Reference Implementations are designed to enable rapid evaluation of a component or set of interconnected components and provide a starting point for a full campus deployment.  Reference Implementations are developed for Docker Swarm but dependencies are minimized within the containers in order to facilitate the use of other container orchestration mechanisms.


Like the other TIER distributions for larger production environments, the TIER Grouper solution will be built using Docker Swarm mode.  TIER will provide generic instructions and pointers on setting up the Docker environment for this solution but will not provide a pre-built virtual machine.  Schools needing a vm-based solution should focus on the TIER Grouper Appliance instead.  This deployment specification may be implemented in stages and all requested functions may not be available in the initial release.

  1. Background & Requirements
    1. The migration of a Grouper installation to new platform typically requires:
      1. Full database backup and restore.
      2. Filesystem configuration files backup and restore
        1. Hopefully sites have some form of configuration management in place.  How to leverage this in a TIER context is a question.
    2. High vs. Standard Availability
      1. While we believe that the majority of schools operate Grouper without High Availability, some schools do operate the web services components of Grouper in HA mode.
      2. The production TIER-version will account for high availability.
    3. Expandability
      1. Users will need the ability to install additional modules
      2. Provisioning and Integration
    4. Consider the use of supervisord for multi-process containers.  We are using this in the COmanage TIER implementation and the COmanage team has used it in other projects.
    5. Scripting will exist, when practical, to guide users through the startup process.  Documentation can cover scripting gaps, especially in early versions.  The scripting is focused on Grouper and not building the Docker Swarm environment. 

  2. TIER Production Distribution Components
    The Grouper components listed below will be included in the TIER distribution at the indicated availability levels.
    1. Grouper Database (HA)
      1. The database may be supplied by the campus.
      2. A TIER MARIADB implementation will be available.
      3. Configuration options to either use the TIER-provided database or (perhaps manually) configure a campus database will exist.
    2. Grouper Web Services (HA)
    3. Grouper user interface (HA)
    4. Grouper message bus to AMQP (soon) HA
      1. TIER has selected RabbitMQ for the reference build.
      2. We need to nail down the reference AMQP implementation once implementation starts.
    5. Grouper PSPNG (HA) for LDAP provisioning
    6. Shibboleth SP for authentication to Grouper UI (HA)

  3. Configuration Defaults and Options
    1. Web Services Authentication
      1. Apache basic
      2. LDAP
      3. future: certificate

  4. Implementation
    This section contains the preferred implementation structure for the application.
    1. Containers
      1. Grouper UI Container
        1. Grouper UI
        2. Apache
        3. Shibboleth SP
          1. Preconfigured for InCommon; simple scripting
      2. Grouper Web Services Container
        See also 3.a above
        1. Grouper Web Services
        2. Apache
        3. Shibboleth SP
      3. Database
        1. TIER-provided MARIADB
        2. Ability via documentation or scripting to use campus-provided database.
      4. Grouper Loader
        1. Grouper Loader
        2. Just needs Java
        3. Include jars for: PSPNG, AWS, RabbitMQ, ActivMQ
      5. Load Balancing
        1. Docker swarm native vs. haproxy
        2. Sticky sessions are needed for the Grouper UI
    2. Misc
      1. All containers need to run ntp
      2. Externally exposed ports
        1. Goal: 443 for UI only
        2. Can use second port for web services
        3. May be some other ports in the future
      3. Logging
        1. Goal: send logs to Docker stdout
          1. Swarm log aggregation
          2. Logs will be formatted as per the TIER container logging definition.
        2. Short term: potentially logging to files in containers.
    3. Default Configuration
      1. Goal is to include default settings based on the Grouper Deployment Guide.

  • No labels