This is a work in progress.
In the TIER/midPoint_container GitHub project there are artifacts needed to build and deploy dockerized version of midPoint suitable to use within the TIER IdM environment.
This is the status of the work:
Requirement | Description | State |
---|---|---|
logging | Specific format of log lines with appropriate configurability. | done |
repository attachment | The midPoint repository can be attached to the midPoint server in a flexible way. It can be either deployed in an (alternative) Docker container, or be provided externally either on premises or in the cloud. | partially done |
docker secrets | Sensitive data can be distributed using Docker secrets. | partially done |
Shibboleth integration | Users can be authenticated to midPoint using Shibboleth. | in progress |
... |
Documentation
Logging feature
Logging is configured by setting the following environment variables: either from the command line or from docker-compose.yml (see commented-out examples in the provided file).
Environment variable | Meaning | Default value |
---|---|---|
COMPONENT | component name | midpoint |
LOGFILE | native log file name | midpoint.log |
ENV | environment (e.g. prod, dev, test) | demo |
USERTOKEN | arbitrary user-supplied token | current midPoint version, e.g. 3.9-SNAPSHOT |
According to the specification, semicolons in these fields are eliminated (replaced by underscores). The same is done for spaces in ENV
and USERTOKEN
.
Repository attachment feature
Repository configuration is done via the following environment variables.
Environment variable | Meaning | Default value |
---|---|---|
REPO_DATABASE_TYPE | Type of the database. Supported values are mariadb , mysql , postgresql , sqlserver , oracle . It is possible to use H2 as well but it is strongly disregarded for production use. | mariadb |
REPO_JDBC_URL | URL of the database. |
(in the future we might construct default values for this URL depending on the DB type) |
REPO_HOST | Host of the database. Used to construct the URL. | midpoint-data |
REPO_PORT | Port of the database. Used to construct the URL. | 3306 |
REPO_DATABASE | Specific database to connect to. Used to construct the URL. | midpoint |
REPO_USER | User under which the connection to the database is made. | root |
REPO_PASSWORD_FILE | File (e.g. holding a docker secret) that contains the password for the db connection. | /run/secrets/m_database_password.txt (TODO) |
Docker secrets
...
Shibboleth integration
...