This is how the Grouper container works in v2.5
Grouper Container params
There are a few arguments you can pass to the container, and env vars... Note the command if specified (optional) will set env vars before the env vars. So you could call the container with "ui" but then specify that -e RUN_SHIB_SP='false' (e.g. if you run CAS)
Argument | Description |
---|---|
ui | will set env vars: |
ws | will set env vars: GROUPER_WS='true' RUN_APACHE='true' RUN_TOMEE='true' |
scim | will set env vars: GROUPER_SCIM='true' RUN_APACHE='true' RUN_TOMEE='true' |
daemon | will set env vars: GROUPER_DAEMON='true' RUN_TOMEE='true' |
bin/gsh | will just run gsh commands from docker command line |
ui-ws | will set env vars: GROUPER_UI='true' GROUPER_WS='true' RUN_APACHE='true' RUN_SHIB_SP='true' RUN_TOMEE='true' |
<no command> | run loader? maybe do nothing instead, so GSH can be used in bash in container |
-e GROUPER_UI=true | env var will tell grouper to allow ui calls via grouper.hibernate.base.properties grouper.is.ui.elConfig = ${java.lang.System.getenv().get('GROUPER_UI')} |
-e GROUPER_WS=true | env var will tell grouper to allow ws calls via grouper.hibernate.base.properties grouper.is.ws.elConfig = ${java.lang.System.getenv().get('GROUPER_WS')} |
-e GROUPER_SCIM=true | env var will tell grouper to allow ws calls via grouper.hibernate.base.properties grouper.is.scim.elConfig = ${java.lang.System.getenv().get('GROUPER_SCIM')} |
-e GROUPER_DAEMON=true | env var will tell grouper to kick of daemon thread in tomee grouper.is.daemon.elConfig = ${java.lang.System.getenv().get('GROUPER_DAEMON')} |
-e RUN_APACHE=true | env var will tell supervisor to kick off apache in container. Note, apache is not needed for Grouper. You could hook up an external web server to tomee or run from tomee itself (not recommended) |
-e RUN_SHIB_SP=true | env var will tell supervisor to kick off shib sp in container. Note if you dont use shib this is not needed. Note: you can also run shib outside the grouper container (e.g. in another container or from reverse proxy) Note: if RUN_SHIB_SP is false, it will take the shib apache directive out of grouper-www.conf |
-e RUN_TOMEE=true | env var will tell supervisor to kick off tomee. Note you must have this to true if you are doing anything but a GSH env. The WS/UI/scim/daemon must run tomee in container. |
-e SELF_SIGNED_CERT=true | will overlay /etc/httpd/conf.d/ssl-enabled.conf so that apache uses a self-signed cert for quick starts |
-e GROUPER_MAX_MEMORY='3g' | set memory of java to 3 gigs. recommended 2 or 3 gig for WS and UI, and 12gig for daemon default is 1500m (1.5gig) |
-e GROUPER_EXTRA_CATALINA_OPTS='-XX:+PrintGCDetails' | add additional JVM options |
-e CATALINA_OPTS='whatever' | Generally you should not set this, unless you want to override all the default tomee Grouper customizations |
Building container
- Jenkins output (change version number): https://jenkins.testbed.tier.internet2.edu/job/docker/job/grouper/job/2.5.X/1/console
Versions
- Tag in github docker is: 2.5.X where X is an integer that increases for each build
- There is a listing of each version in the Grouper 2.5 release notes, with an indication on if it is stable or not
Misc
- HTTP Strict Transport Security (HSTS) is enabled on the Apache HTTP Server.
- morphStrings functionality in Grouper is supported. It is recommended that the various morphString files be associated with the containers as Docker Secrets. Set the configuration file properties to use `/var/run/secrets/secretname`.
- Configure Grouper UI and WS authentication
Jars
- If you want a jar in all JVMS (ui/ws/daemon/gsh/scim), add it to /opt/grouper/grouperWebapp/WEB-INF/lib
- If you want a jar in ui/daemon/gsh only, add it to /opt/grouper/grouperWebapp/WEB-INF/libUiAndDaemon
If you are replacing a jar (e.g. an existing driver), you need to remove it first from your dockerfile by wildcard, or overlay a blank file (risky since filenames can change)
RUN rm -rf /opt/grouper/grouperWebapp/WEB-INF/lib/mysql-connector-java*.jar
- dfs