This is a work in progress.
In the TIER/midPoint_container GitHub project there are artifacts needed to build and deploy dockerized version of midPoint suitable to use within the TIER IdM environment.
This is the status of the work:
| Requirement | Description | State |
|---|---|---|
| logging | Specific format of log lines with appropriate configurability. | done |
| repository attachment | The midPoint repository can be attached to the midPoint server in a flexible way. It can be either deployed in an (alternative) Docker container, or be provided externally either on premises or in the cloud. | partially done |
| docker secrets | Sensitive data can be distributed using Docker secrets. | partially done |
| Shibboleth integration | Users can be authenticated to midPoint using Shibboleth. | in progress |
| ... |
Documentation
Logging feature
Logging is configured by setting the following environment variables: either from the command line or from docker-compose.yml (see commented-out examples in the provided file).
| Environment variable | Meaning | Default value |
|---|---|---|
| COMPONENT | component name | midpoint |
| LOGFILE | native log file name | midpoint.log |
| ENV | environment (e.g. prod, dev, test) | demo |
| USERTOKEN | arbitrary user-supplied token | current midPoint version, e.g. 3.9-SNAPSHOT |
According to the specification, semicolons in these fields are eliminated (replaced by underscores). The same is done for spaces in ENV and USERTOKEN.
Repository attachment feature
Repository configuration is done via the following environment variables.
| Environment variable | Meaning | Default value |
|---|---|---|
| REPO_DATABASE_TYPE | Type of the database. Supported values are mariadb, mysql, postgresql, sqlserver, oracle. It is possible to use H2 as well but it is strongly disregarded for production use. | mariadb |
| REPO_JDBC_URL | URL of the database. |
(in the future we might construct default values for this URL depending on the DB type) |
| REPO_HOST | Host of the database. Used to construct the URL. | midpoint-data |
| REPO_PORT | Port of the database. Used to construct the URL. | 3306 |
| REPO_DATABASE | Specific database to connect to. Used to construct the URL. | midpoint |
| REPO_USER | User under which the connection to the database is made. | root |
| REPO_PASSWORD_FILE | File (e.g. holding a docker secret) that contains the password for the db connection. | /run/secrets/m_database_password.txt (TODO) |
Docker secrets
...
Shibboleth integration
...