...
TIER Reference Implementations are designed to enable rapid evaluation of a component or set of interconnected components and provide a starting point for a full campus deployment. All Reference Implementations are developed for Docker Swarm but dependencies are minimized care is taken to minimize dependencies to and within the containers in order to facilitate the use of other container orchestration mechanisms.
A production deployment of COmanage that is designed to support a large-scale virtual organization typically consists of (a) a web server to operate the application itself, (b) the application's database, (c) LDAP infrastructure, and (d) a SAML IdP/SP proxy. Many other environments are possible. Of these elements, LDAP and the SAML proxy are typically operated in high availability mode since they are usually directly involved with most authorization flows. COmanage itself is generally operated in standard availability mode since enrollment flows and organization management activities are not usually needed to be highly available. The database needs backups but not high availability.
Like other applications, the Large Production TIER COmanage deployment will utilize Docker SWARM.
- Logistics
- Leverage the Docker container provided by the COmanage team
- https://github.com/Internet2/comanage-registry-docker
- Includes
- Basic application on apache web server
- Shibboleth Service Provider
- Note for initial build build: export COMANAGE_REGISTRY_VERSION=3.0.0-rc1
- Pre-built containers in DockerHub - https://hub.docker.com/r/sphericalcowgroup/comanage-registry/https://hub.docker.com/r/sphericalcowgroup/comanage-registry-slapd/
- Initial version to use the Release Candidate versions: 3.0.0-rc1-shibboleth-sp/sphericalcowgroup/comanage-registry:3.0.0-rc1-shibboleth-sp
- Look at: https://github.com/Internet2/comanage-registry-docker/blob/master/docs/advanced-configuration.md for configuration options, examples, defaults, etc.
- Database – MARIA DB
- We will use the “TIER” MARIA DB container.
- This database is suitable for evaluation and prototyping purposes but no attempt has been made to configure it for production services.
- LDAP
- OpenLDAP
- Either the TIER OpenLDAP or COmanage OpenLDAP container will work
- The COmanage LDAP includes eduPerson and openssh-lpk.ldif (as does a version of the TIER LDAP)
- IdP/SP SAML Proxy
- We will use SATOSA
- Logging
- All logs will be sent to stdout using the TIER container logging definition.
- Leverage the Docker container provided by the COmanage team
- High Availability
- Typically done This would be typically implemented for the SAML proxy and LDAP only.
- OpenLDAP (master/slave)
- Two SATOSA containers
- The early TIER distribution will not focus on thisWe do not presently implement high availability in Reference Implementations.
- Typically done This would be typically implemented for the SAML proxy and LDAP only.
- Post Install
- Send the users to a URL with “what is next”.
- TIER to draft site, COmanage team will help with the “what” is we can do the writing.
- Users should view the COmanage documentation for initial steps after the startup of the system.
- Configuration and demonstration tools provided in this implementation
- COmanage will use the LDAP provisioner
- Mediawiki will be bundled as a demonstration application through the SATOSA proxy
- TIER COmanage will leverage the LDAP provisioner
- TIER COmanage may provide some setup support for the Grouper provisioner
- TIER COmanage will likely provide no additional assistance for the other COmanage provisoners
- Github
- Home Directory (experimental – create homdirs on new user)
- Mailman
- Mediawiki (should we bundle this as a demo?) Changelog