Donnerstag, 18. Mai 2017

ForgeRock IDM Docker Beispiel


Einfaches Beispiel wie man Docker Container erstellen kann.

Hierzu benötigen wir einfach lokal Docker installieren.

Forgerock IDM 5.0 kann über Backstage heruntergeladen werden und muss im Dockerfile Verzeichnis als ZIP zur Verfügung stehen

Viel Spaß beim Testen.


Beispiel Dockerfile:

# Copyright (c) 2016-2017 ForgeRock AS. Use of this source code is subject to the
#FROM openjdk:8-jre
FROM openjdk:8-jre-alpine

WORKDIR /opt

# no need to copy Dockerfile!
# ADD Dockerfile /

# Override these to change the JVM:
# ENV JAVA_OPTS -Xmx1024m -server -XX:+UseG1GC

# giving IDM 2GB
ENV JAVA_OPTS -Xmx2048m -server -XX:+UseG1GC

# copy location of the project IDM config
# ENV PROJECT_DIR $PROJECT_DIR


# Download or add OpenIDM nightly build and unzip.
#
# COPY openidm-4.5.0.zip /var/tmp/openidm.zip
COPY IDM-5.0.0.zip /var/tmp/openidm.zip

# libc6-compat is needed by OrientDB as it uses the snappy Java shared library.
# mysql-client will be used for checking if mysql is running.

RUN apk add --no-cache su-exec libc6-compat mysql-client && \
   adduser -D -h  /opt/openidm openidm openidm && \
   unzip -q /var/tmp/openidm.zip && \
   rm -f /var/tmp/openidm.zip  && rm -fr /opt/openidm/samples && rm -f /opt/openidm/conf/repo.orientdb.json && \
   mkdir /opt/openidm/data && mkdir /opt/openidm/workflow

# make all the projects files available in the image
# change this to the config dir you want to test!
COPY ./projects/5conf-managed-object/ /opt/openidm/conf/

# copy workflow files to the project folder
COPY ./projects/workflow/ /opt/openidm/workflow/

# copy scripts for workflow and others into script folder
COPY ./projects/script/ /opt/openidm/script/
#copy data (csv etc.) to the projct folder
COPY ./projects/data/ /opt/openidm/data/
# copy mysql jar
COPY ./bundle/*.jar /opt/openidm/bundle/


COPY docker-entrypoint.sh /opt/openidm/docker-entrypoint.sh
RUN    chown -R openidm:openidm /opt/openidm
WORKDIR /opt/openidm
ENTRYPOINT ["/opt/openidm/docker-entrypoint.sh"]
CMD ["openidm"]
 Beispiel entrypoint.sh


#!/bin/sh
# Docker entry point for OpenIDM.
if [ "$1" = 'openidm' ]; then
    PROJECT_HOME="${PROJECT_HOME:-/opt/openidm}"

    if [ -z "$LOGGING_CONFIG" ]; then
      if [ -n "$PROJECT_HOME" -a -r "$PROJECT_HOME"/conf/logging.properties ]; then
        LOGGING_CONFIG="-Djava.util.logging.config.file=$PROJECT_HOME/conf/logging.properties"
      elif [ -r "$OPENIDM_HOME"/conf/logging.properties ]; then
        LOGGING_CONFIG="-Djava.util.logging.config.file=$OPENIDM_HOME/conf/logging.properties"
      else
        LOGGING_CONFIG="-Dnop"
      fi
    fi
   HOSTNAME=`hostname`
   NODE_ID=${HOSTNAME}
   # set by docker-compose
   # REPO_HOST="${MYSQL_SERVICE_HOST:-mysql}"
   # REPO_PORT="${MYSQL_SERVICE_PORT:-3306}"
   # REPO_USER="openidm"
   # REPO_PASSWORD="openidm"
   KEYSTORE_PASSWORD=changeit
   # Check for secret volumes and use those if present.
   if [ -r secrets/keystore.pin ]; then
      KEYSTORE_PASSWORD=`cat secrets/keystore.pin`
   fi
   O1="-Dopenidm.keystore.password=${KEYSTORE_PASSWORD} -Dopenidm.truststore.password=${KEYSTORE_PASSWORD}"
  # If secrets keystore is present copy files from the secrets directory to the standard location.
  if [ -r secrets/keystore.jceks ]; then
    cp secrets/*  security
    chown -R openidm:openidm security
  fi
  # copy/override the projects files to the existing conf
  # cp /opt/openidm/projects/${with-conf-to-use=5conf}/ /opt/openidm/conf/
  # wait for mysql to start
  while ! mysqladmin ping -h"$REPO_HOST" -u"$REPO_USER" -p"$REPO_PASSWORD" --silent; do
    echo "wating for mysql at $REPO_HOST to wake up..."
    sleep 5
  done
  # should put in a wait for DJ as well!!

   O2="-Dopenidm.repo.host=$REPO_HOST -Dopenidm.repo.port=$REPO_PORT -Dopenidm.repo.user=${REPO_USER} -Dopenidm.repo.password=${REPO_PASSWORD}"
   O3="-Dopenidm.node.id=$NODE_ID"
   # This is the default
   O4="-Dopenidm.fileinstall.enabled=true"
   OPENIDM_OPTS="$O1 $O2 $O3 $O4"
   echo "Using OPENIDM_OPTS:   $OPENIDM_OPTS"
   CLOPTS="-p ${PROJECT_HOME}"
   LAUNCHER="org.forgerock.commons.launcher.Main"
   # For OpenIDM-5.5.0 use the following:
   # LAUNCHER="org.forgerock.openidm.launcher.Main"

    echo "Starting OpenIDM"
    echo "maybe this helps: cd $PROJECT_HOME"
    # starting path should be the openidm PROJECT_HOME
    cd $PROJECT_HOME

   # The openidm user can not mount the hostPath volume in Minikube due to VirtualBox permissions,
   # so we run as root for now.
   #exec su-exec openidm java
   exec java \
        "${LOGGING_CONFIG}" \
        ${JAVA_OPTS} ${OPENIDM_OPTS} \
       -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \
       -classpath /opt/openidm/bin/*:/opt/openidm/framework/* \
       -Dopenidm.system.server.root=/opt/openidm \
       -Djava.endorsed.dirs= \
       -Djava.awt.headless=true \
       ${LAUNCHER}  -c /opt/openidm/bin/launcher.json ${CLOPTS}
fi
exec su-exec openidm "$@"



Keine Kommentare:

Kommentar veröffentlichen