Versions Compared

Old Version 13

changes.mady.by.user Scott Koranda

Saved on

compared with

New Version Current

changes.mady.by.user Scott Koranda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create a directory to store database state:

    Code Block
    mkdir -p var/lib/postgresql/data


  2. Create a directory to hold a database initialization script:

    Code Block
    mkdir docker-entrypoint-initdb.d


  3. Create the database initialization script file init-user-db.sh in the directory you just created with contents

    Code Block
    #!/bin/bash
set -e
  
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
    CREATE USER ${COMANAGE_REGISTRY_DATABASE_USER} PASSWORD '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD}';
    CREATE DATABASE ${COMANAGE_REGISTRY_DATABASE};
    GRANT ALL PRIVILEGES ON DATABASE ${COMANAGE_REGISTRY_DATABASE} TO ${COMANAGE_REGISTRY_DATABASE_USER};
EOSQL


  4. Create a directory to hold an X.509 certificate and private key for HTTPS (This approach uses the slashRoot mechanism. An alternative is to bind mount or COPY the files into the container/image and use the HTTPS_CERT_FILE and HTTPS_PRIVKEY_FILE environment variables):

    Code Block
    mkdir -p opt/registry/slashRoot/etc/apache2
cp fullchain.pem opt/registry/slashRoot/etc/apache2/cert.pem
cp privkey.pem opt/registry/slashRoot/etc/apache2/privkey.pem
sudo chown 33 opt/registry/slashRoot/etc/apache2/*.pem
sudo chmod 0600 opt/registry/slashRoot/etc/apache2/privkey.pem


  5. Create a directory to hold Shibboleth SP configuration files (This approach uses the slashRoot mechanism. An alternative is to bind mount or COPY the files into the container/image and/or use environment variables to specify Shibboleth SP configuration details):

    Code Block
    mkdir -p opt/registry/slashRoot/etc/shibboleth
cp shibboleth2.xml opt/registry/slashRoot/etc/shibboleth/shibboleth2.xml
cp attribute-map.xml opt/registry/slashRoot/etc/shibboleth/attribute-map.xml
cp sp-encrypt-cert.pem opt/registry/slashRoot/etc/shibboleth/sp-encrypt-cert.pem
cp sp-encrypt-key.pem opt/registry/slashRoot/etc/shibboleth/sp-encrypt-key.pem
cp sp-signing-cert.pem opt/registry/slashRoot/etc/shibboleth/sp-signing-cert.pem
cp sp-signing-key.pem opt/registry/slashRoot/etc/shibboleth/sp-signing-key.pem
sudo chown 999 opt/registry/slashRoot/etc/shibboleth/*.pem
sudo chmod 0600 opt/registry/slashRoot/etc/shibboleth/*-key.pem


  6. Create the Compose YAML file docker-compose.yml with contents (note that the value for COMANAGE_REGISTRY_ADMIN_USERNAME should be the value that your Shibboleth SP configuration will write into the Apache HTTP Server $REMOTE_USER CGI environment variable)

    Code Block
    services:
    comanage-registry-database:
        image: postgres:14
        volumes:
            - ${PWD}/var/lib/postgresql/data:/var/lib/postgresql/data
            - ${PWD}/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
        environment:
            - POSTGRES_PASSWORD=aHTVzRj7y4fLrXyYIG97
            - COMANAGE_REGISTRY_DATABASE=registry
            - COMANAGE_REGISTRY_DATABASE_USER=registry_user
            - COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=GoHElRGInSwx1mQJlPdw

    comanage-registry:
        image: comanageproject/comanage-registry:4.1.12-shibboleth-sp-supervisor-1
        volumes:
            - ${PWD}/opt/registry/slashRoot:/opt/registry/slashRoot
        environment:
            - COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Scott
            - COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Koranda
            - COMANAGE_REGISTRY_ADMIN_USERNAME=scott.koranda@cilogon.org
            - COMANAGE_REGISTRY_DATASOURCE=Database/Postgres
            - COMANAGE_REGISTRY_DATABASE=registry
            - COMANAGE_REGISTRY_DATABASE_HOST=comanage-registry-database
            - COMANAGE_REGISTRY_DATABASE_USER=registry_user
            - COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=GoHElRGInSwx1mQJlPdw
            - COMANAGE_REGISTRY_EMAIL_FROM_EMAIL=registry@example.com
            - COMANAGE_REGISTRY_EMAIL_FROM_NAME=Registry
            - COMANAGE_REGISTRY_EMAIL_TRANSPORT=Smtp
            - COMANAGE_REGISTRY_EMAIL_HOST=tls://smtp.gmail.com
            - COMANAGE_REGISTRY_EMAIL_PORT=465
            - COMANAGE_REGISTRY_EMAIL_ACCOUNT=registry@example.com
            - COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD=Pr3gP6PvaTlxusMMhHEp
            - COMANAGE_REGISTRY_SECURITY_SALT=HH5WyMJIZ81uwHkPWpalUHSt9sAMIKHILDmNX8pI
            - COMANAGE_REGISTRY_SECURITY_SEED=076674830359094113871495332036
            - COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN=registry.example.com
        ports:
            - "80:80"
            - "443:443"


  7. Start the containers:

    Code Block
    docker compose up -d


  8. Wait for the images to be pulled and the containers to start.
  9. Browse to the value you used for COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN.

  10. To stop the containers:

    Code Block
    docker compose down


...