Date: Fri, 29 Mar 2024 00:08:21 +0000 (UTC) Message-ID: <1734792244.7241.1711670901434@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7240_1617808997.1711670901433" ------=_Part_7240_1617808997.1711670901433 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
The TIER Grouper Virtual Machine software release is a Docker container-b= ased virtual machine distribution that includes the ability both build the = appropriate set of Docker containers and run the containers to provide a Gr= ouper service. The operating environment includes appropriate Grouper and MariaDB containers networked tog= ether to build the Grouper service. The current distribution is based= on Oracle VirtualBox, though an Amazon AMI is available which can easily b= e shared, but is not yet public. The VirtualBox VM can be downloaded = here.
These notes are for TIER-Grouper Release 17040. Release 17040= of the TIER-Shibboleth-IdP appliance contains the following components:
When you complete the process itemized below, you'll be able to see and = login to the Grouper management page.
Once you have started the VM, login to the account grouper= with a password of grouper. You can then use the = Linux ip addr command to determine the IP address that h= as been assigned to your virtual machine. You will need this address = (or its matching DNS name, if any) later in the process. We also reco= mmend that you use a ssh client (e.g. ssh, putty, or securecrt) to login to= the vm instead of using the terminal emulator provided by VirtualBox. &nbs= p;The VirtualBox terminal emulator is very limiting.
Note: You should change the password for t=
he linux account grouper, especially be=
fore placing the VM on a public network. If you fail to change this p=
asswords, your VM might be compromised. The user comanage has su=
do capability. We recommend that you ch=
ange this password now by issuing the following command:
passwd<= /pre>
Issue the following command to configure Grouper:
vm> = /home/grouper/work/setup.sh
The setup.sh script generates a new key-pair, a certificate signing requ= est, and a self-signed certificate. The script installs the self-sign= ed certificate into /home/grouper/= build/grouper/certs where it will later be built into the Docker = container. For a production environment, you must take the certificat= e signing request from /home/group= er/work/crypto/server.csr, have it signed by a commercial CA, and plac= e the resulting certificate in /ho= me/grouper/build/grouper/certs before moving on to the next step.=
Notewell: Virtual machines start will little to no entropy for the rando= m number generator. If your build is for a production environment, be= sure to run the VM for a while, moving data, typing, causing randomness, e= tc., before running the setup.sh script.
Issue the following command to build the containers:
/home/g= rouper/build/grouper/bin/build.sh
Issue the following command to run the containers:
/home/g= rouper/run/bin/run.sh
Setup.sh Log Examplevm> /home/grouper/work/setup.sh Welcome to the TIER Grouper Virtu= al Machine Note: if you are running this script to set u= p a production Grouper instance, please be sure that you have had this VM r= unning for a sufficiently long period of time, with network traffic reachin= g reaching the VM in order to build entropy before keys are generated. <= p class=3D"p1">Grouper requires that you use Oracle Java= . This VM is configured to download it for you as part of the = Docker image build process, but, before we proceed, you must agree to = the Oracle Binary Code License Agreement for Java SE ("Oracle License").&nb= sp; Please review:http://www.oracle.com/technetwork/java/javase/terms/li= cense/index.html By agreei= ng to the Oracle License, you acknowledge that Internet2 is not dist= ributing the Java software and, to the extent an issue arises related to yo= ur use of Oracle Java in the TIER software package, you and Internet2 agree= to hold each other harmless from any third party claims. Do you agree to the terms of the Oracle license [Yes/No]? Yes Please supply the Fully= Qualified Domain Name (FQDN) of your Grouper IdP. We wi= ll use the information you enter here to configure your IdP. Note: for test= ing without DNS support (a common case), simply enter the IPv4 address of y= our VM at the prompt below Enter the FQDN or IP address = of your server: 137.54.129.75= p> You entered: 137.54.129.75 Is this correct [= Yes/No]? yes SSL certificate: enter value for country: US SSL certificate: enter value for State of= Province: Michigan SSL certificate: enter value for Locality: Ann Arbor SSL certificate: enter nam= e of your organization: Internet2 Hit ctrl-C in the next 10 seconds to abort the proces= s. Please do not abort the script is doing work, you can= rerun when its complete if needed Configuring for the d= ownload of Oracle Java Generating certificates for Group= er A self-signed certificate for Grouper is stored in: /= home/grouper/etc/certs For production use, replace this certificate with on= e signed by a commercial CA the Certificate Signing Request for the commerc= ial CA is located at: /home/grouper/work/crypto/server.csr Preliminary setup is complete For pr= oduction use, please review the files in: /home/grouper/run/conf The common= .env and grouper.env files contain passwords that need to be site secrets f= or production use Once you have made any other needed ed= its, cd to /home/grouper/build/grouper and execute bin/build.sh When the build is complete, cd to /home/grouper/run/ and execute bi= n/run.sh *** Wait for grouper to start. This can take a = couple of minutes the first time Then browse to: https://137.54.= 129.75/grouper/ Note: your first connection to this = URL will be very slow and may time out - try again - be patient. |
---|
The first step is to be patient and wait. The first-time startup o= f Grouper can take a couple of minutes. Wait two minutes before start= ing on the next step.
If you are not familiar with Grouper, pl= ease review the on-line Grouper Tra= ining, = Grouper Administration Guides, TIER Grouper Deployment Guide, and Community Contributions/Adopter Sk= etches.
While the normal idea is that you should never need to look inside a con= tainer, it is possible and is sometimes useful for debugging unusual issues= . These commands may be helpful.