Page History

...

1. Install docker (note, using a server with systemd is easier)
2. See which version of Grouper to run (at least v2.5.26)

3. Issue a run command to run the quick start. 

   Pull the image
   

   Code Block
   bin $ docker pull i2incommon/grouper:2.5.XX

   Make sure the digest is correct (from release notes page)
   

   Code Block
   [root@ip-172-30-3-152 ~]# docker image inspect i2incommon/grouper:2.5.XX | grep i2incommon/grouper@sha256 "i2incommon/grouper@sha256:b675bb410bf873xxxxxxxxxxxxxx5e58a3a42a8048381a33b79fd19"

   Make a start command. 

   1. Note, for the morph string encrypt and quick start pass, just make up a 16 char alphanumeric string or generate from a password manager. 

    Note

   1.  

   2. Note, this is not good security.  It is for quick starts only.  As you evolve to maturity level 0, you can set a different password encrypted in the database which will not be in a script file or in an env variable, and you can further evolve to Shibboleth or another authentication system. 

   3. Note: the first port is the port for apache SSL, change that to whatever you need on your host.
      
      

      Code Block

   grouperContainer

   1. $

   vi
   grouperQsDockerRun.sh #!/bin/bash (or whatever shell)

   1. docker run --detach --name grouper-qs \ --publish 443:443 -e GROUPER_MORPHSTRING_ENCRYPT_KEY=******** \ -e GROUPERSYSTEM_QUICKSTART_PASS=******** i2incommon/grouper:2.5.XX quickstart

   grouperContainer $ chmod +x grouperQsDockerRun.sh grouperContainer $ ./grouperQsDockerRun.sh (Optional) Check logs: grouperContainer $ docker logs grouper-qs (Optional) Shell in: grouperContainer $ docker exec -it grouper-qs /bin/bash

   1. e.g.

      Code Block
      docker run --detach --name grouper-qs \ --publish 443:443 -e GROUPER_MORPHSTRING_ENCRYPT_KEY=abcdefg12345dontUseThis \ -e GROUPERSYSTEM_QUICKSTART_PASS=thisPassInCopyrightedDontUse i2incommon/grouper:2.5.26 quickstart

      
      

4. Log in to UI (note, the first log in can take a minute as HSQLDB database is started and initted
   
   

   Code Block
   Go to: https://localhost/grouper/ Log in with username : GrouperSystem Password is the password you specified in the GrouperSystem QuickStart pass

   
   
   
   

5. Try a web service call
   
   

   Code Block

   Get the client out of the container (or download from maven) $ docker cp grouper-qs:/opt/grouper/grouperWebapp/WEB-INF/lib/grouperClient-2.5.XX.jar . Now you should have a grouper client jar in your directory Make a config file in the same directory $ vi grouper.client.properties grouperClient.webService.url = https://localhost/grouper-ws/servicesRest grouperClient.webService.login = GrouperSystem grouperClient.webService.password = ****** is the password you specified in the GrouperSystem QuickStart pass # turn off SSL until a real SSL certificate is installed # NOTE, THIS IS NOT GOOD SECURITY AND IS FOR THE QUICK START ONLY! grouperClient.https.customSocketFactory = edu.internet2.middleware.grouperClient.ssl.EasySslSocketFactory $ java -jar grouperClient-2.5.0-SNAPSHOT.jar --operation=getSubjectsWs --subjectIds=GrouperSystem Index: 0: success: T, code: SUCCESS, subject: GrouperSystem $

   
   

   Expand
   title Full web service call
   Code Block grouperContainer $ java -jar grouperClient-2.5.0-SNAPSHOT.jar --operation=getSubjectsWs --subjectIds=GrouperSystem --debug=true Reading resource: grouper.client.properties, from: /Users/mchyzer/grouper/docker/grouperContainer/grouper.client.properties WebService: connecting as user: 'GrouperSystem' WebService: connecting to URL: 'https://localhost/grouper-ws/servicesRest/2.5.0-SNAPSHOT/subjects' ################ REQUEST START (indented) ############### POST /grouper-ws/servicesRest/2.5.0-SNAPSHOT/subjects HTTP/1.1 Connection: close Authorization: Basic xxxxxxxxxxxxxxxx User-Agent: Jakarta Commons-HttpClient/3.1 Host: localhost:-1 Content-Length: 161 Content-Type: text/xml; charset=UTF-8 <WsRestGetSubjectsRequest>   <wsSubjectLookups>     <WsSubjectLookup>       <subjectId>GrouperSystem</subjectId>     </WsSubjectLookup>   </wsSubjectLookups> </WsRestGetSubjectsRequest> ################ REQUEST END ############### ################ RESPONSE START (indented) ############### HTTP/1.1 200 OK Date: Mon, 04 May 2020 02:38:16 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips Strict-Transport-Security: max-age=15768000 Set-Cookie: JSESSIONID=xxxxxxxxxxxx; HttpOnly X-Grouper-resultCode: SUCCESS X-Grouper-success: T X-Grouper-resultCode2: NONE Content-Type: application/xml;charset=UTF-8 Connection: close Transfer-Encoding: chunked <WsGetSubjectsResults>   <wsSubjects>     <WsSubject>       <resultCode>SUCCESS</resultCode>       <success>T</success>       <id>GrouperSystem</id>       <name>GrouperSysAdmin</name>       <sourceId>g:isa</sourceId>     </WsSubject>   </wsSubjects>   <resultMetadata>     <resultCode>SUCCESS</resultCode>     <resultMessage>Queried 1 subjects</resultMessage>     <success>T</success>   </resultMetadata>   <responseMetadata>     <resultWarnings></resultWarnings>     <millis>19</millis>     <serverVersion>2.5.0-SNAPSHOT</serverVersion>   </responseMetadata> </WsGetSubjectsResults> ################ RESPONSE END ############### Output template: Index: ${index}: success: ${success}, code: ${wsSubject.resultCode}, subject: ${wsSubject.id}, available variables: wsGetSubjectsResults, grouperClientUtils, index, wsSubject, wsGroup, success Index: 0: success: T, code: SUCCESS, subject: GrouperSystem Elapsed time: 612ms grouperContainer $

   
   

Advanced

1. Verify the digest of the image.  This is a best practice when using Grouper images

   
   

   1. Pull the image
      
      

      Code Block
      bin $ docker pull i2incommon/grouper:2.5.XX

      
      

   2. Make sure the digest is correct (from release notes page)
      
      

      Code Block
      [root@ip-172-30-3-152 ~]# docker image inspect i2incommon/grouper:2.5.XX | grep i2incommon/grouper@sha256 "i2incommon/grouper@sha256:b675bb410bf873xxxxxxxxxxxxxx5e58a3a42a8048381a33b79fd19"

      
      

2. Make the start command in a script so you have it to run it later consistently

   
   
   

   Code Block

   grouperContainer $ vi grouperQsDockerRun.sh #!/bin/bash (or whatever shell) # this is the run command from above that you diddocker run --detach --name grouper-qs \ --publish 443:443 -e GROUPER_MORPHSTRING_ENCRYPT_KEY=******** \ -e GROUPERSYSTEM_QUICKSTART_PASS=******** i2incommon/grouper:2.5.XX quickstart grouperContainer $ chmod +x grouperQsDockerRun.sh# remove the old container if you want to run it again, or stop, or whatevergrouperContainer $ docker rm -f grouper-qsgrouperContainer $ ./grouperQsDockerRun.sh (Optional) Check logs: grouperContainer $ docker logs grouper-qs (Optional) Shell in: grouperContainer $ docker exec -it grouper-qs /bin/bash

   
   
   

3. (Optional) Mount your database files outside of Docker to persist your changes across container restarts.  Note, this is still not a robust database, it is only for non production use.
   
   

   Code Block

   $ mkdir hsqldb Change your start command to include a mount of this directory grouperContainer $ vi grouperQsDockerRun.sh Add this mount in your command --mount type=bind,src=/path/to/hsqldb,dst=/opt/hsqldb You might need to open up permissions on that directory: $ chmod 777 hsqldb Delete the current container $ docker rm -f grouper-qs Start it again $ ./grouperWsDockerRun.sh You will see database files in that dir on your host grouperContainer $ ls -latr hsqldb/ total 6192 drwxr-xr-x 22 mchyzer staff 704 May 3 22:58 .. drwxr-xr-x 2 mchyzer staff 64 May 3 22:58 grouperHSQL.tmp -rw-r--r-- 1 mchyzer staff 1536 May 3 22:58 grouperHSQL.script -rw-r--r-- 1 mchyzer staff 85 May 3 22:58 grouperHSQL.properties drwxrwxrwx 7 mchyzer staff 224 May 3 22:58 . -rw-r--r-- 1 mchyzer staff 16 May 3 23:00 grouperHSQL.lck -rw-r--r-- 1 mchyzer staff 2854600 May 3 23:00 grouperHSQL.log

   
   
   

4. Evolve to maturity level 0