Grouper is packaged in TIER as what the installer delivers on a MySQL (MariaDB) database.  It is a virtualbox image, which creates and runs a docker container.

https://github.internet2.edu/docker/grouper/blob

The instructions handed over the TIER packaging team in 2016 to setup the applications are here

See the TIER packaging site for more information and download links,   Testbed

Future work includes using Shibboleth for UI authentication, configuring provisioning, user management with COManage, having an upgrade/patch process, TIER API tomee, etc.

Jankins log

Latest instructions

• Download the latest VM. Get the link from https://spaces.at.internet2.edu/x/DQfSBQ
• Setup networking if you need to, I don't have DHCP so I needed to do a NETnetwork and do some port forwarding...
• SSH with putty or something to port 22, grouper/grouper
• Run: /home/grouper/work/setup.sh
  • I used localhost as domain name
• Run: /home/grouper/build/grouper/bin/build.sh 
• Run: /home/grouper/run/bin/run.sh

• (shouldnt have to do this) Start tomcat:
  
  

  [grouper@localhost run]$ sudo docker exec -i -t grouper /bin/bash bash-4.2# /opt/grouper/2.3.0/apache-tomcat-8.5.12/bin/startup.sh

  
  
  

• s

Running the current VM

Note, The VM requires internet access to finish setup BEFORE it can be used. So you MUST give it internet access at least during the initial setup.

• When you edit the install_oracle_jdk.sh script you are also going to have the script wget the JDK and install it onto the host
• Also when you run the /home/grouper/run/bin/run.sh script it will ( likely) download docker images as well.

Note, if things freeze Oracle VirtualBox might have run out of resources and paused.  Just go to the main VirtualBox window and click pause to run it again

• https://docs.google.com/document/d/1B8iL8Vm50BbJ4-HaoqjzXrlxa-oiDZpEhvtiQfa7y44/edit#

• Get the current VM. Get the link from https://spaces.at.internet2.edu/x/DQfSBQ

• Close background applications on your workstation for memory reasons
  

• Load the VM in virtualbox (Import the OVA, do not start the VM at this point)

• Setup networking in VM in virtualbox
   ( A NAT network is suggested, but not specifically required.) 

  
  
  

• Add some settings to the VM configuration

  

• Port forward 22,8080,3306 in the virtual box Network settings (Assuming you are using a NAT network. Other Network configs may not require/allow ports to be forwarded.)

• Now you should be ready to start the VM. So start it up.
• You may want to login through an external SSH client. ( like putty or securecrt etc)
  • NOTE: The virtualbox ssh client cant copy/paste because the Virtual Box Guest Additions (vm client tools) have not been loaded into the OS by default.
  • Note, you might need to disable authn in your ssh client for anything not user/pass
• Login, grouper/grouper, type ifconfig, get the ip address of enp0s3

• Follow instructions in the README.md ( located at /home/grouper/README.md  See the file for details for the following sections.)

  • Optional: Config HTTPS/SSL
    • If you want to you can provided a proper SSL cert for the VM by following this part of the instructions. 

  • Agree to the Oracle JDK ToS ( by editing the file install_oracle_jdk.sh  NOTE: This file is executed as part of the next step, so just edit it here.)

    [grouper@localhost ~]$ emacs /home/grouper/build/grouper/additional_container_files/bin/install_oracle_jdk.sh

    
    

  • Build the Grouper container

    [grouper@localhost ~]$ /home/grouper/build/grouper/bin/build.sh

    
    

  • Change Service Passwords

    [grouper@localhost ~]$ emacs /home/grouper/run/conf/common.env [grouper@localhost ~]$ emacs /home/grouper/run/conf/grouper.env [grouper@localhost ~]$ emacs /home/grouper/run/conf/db.env

    
    

  • Run the Grouper Service

    [grouper@localhost ~]$ /home/grouper/run/bin/run.sh

    
    

• NOTE: Now you have the service on 8080 ( and optionally 8443 if SSL is up)  and running!

Start using Grouper ! 

• You can connect to the Web Grouper UI at http://127.0.0.1:8080/  ( or http://127.0.0.1:8443/ ) 

  • Use User: GrouperSystem with Password from (edit that in the docker image in /opt/grouper/2.3.0/apache-tomcat-6.0.35/conf/tomcat-users.xml ( after getting a shell in the docker image with the command "sudo docker exec -i -t grouper /bin/bash" )

    GrouperSystem/XXXXXXXXXX

    
    

• You can also connect directly to the mysql (port forward to 3319) with, db: grouper, user: grouper_user, pass: 3cf0ccc7d6b240390188367933c9cd90

• You can also Interact with docker ( from an SSH session or the VM console)

  [grouper@localhost ~]$ docker ps [grouper@localhost ~]$ sudo docker exec -i -t grouper /bin/bash [grouper@localhost ~]$ docker compose up [grouper@localhost ~]$ docker stop grouper [grouper@localhost ~]$ docker start grouper

  
  

• Test grouper WS with a call like this:  http://localhost:8080/grouper-ws/servicesRest/v2_3_000/groups/qsuob:all_students/members

Discussion with Levvel August 1st, 2016

• We will have 3 containers
  • Loader
  • WS
  • UI
• Grouper will continue externalizing configuration so that the subject api and ehcache use configuration properties overlays
• Properties files can be mounted outside the container and specified via env variables
• UI/WS will come with tomcat and apache and ready for shib SP
• Containers will be built with latest patches
  • The container maker can look at release notes page for latest release to see list of patches available

Testing a Grouper container

• At a minimum hit the status servlet on the UI and WS, get a 200 back.  /status?diagnosticType=all
• Note the grouper daemon needs to have been running for a minute or two
• Look at the UI, login, see the Grouper UI, click around a little
• Make a grouper client call to the WS, make sure you get a positive result

See Also

TIER-Grouper Release 17040 (in the TIER Packaging wiki)