- name: create gluu volume folders file: name: "{{ volume_root_folder }}/{{ volume }}" state: directory loop: - "consul" - "consul/data" - "opendj" - "opendj/config" - "opendj/ldif" - "opendj/logs" - "opendj/db" - "opendj/flag" - "opendj/backup" - "oxauth" - "oxauth/custom" - "oxauth/custom/pages" - "oxauth/custom/static" - "oxauth/lib" - "oxauth/lib/ext" - "oxauth/logs" - "oxtrust" - "oxtrust/custom" - "oxtrust/custom/pages" - "oxtrust/lib" - "oxtrust/lib/ext" - "oxtrust/logs" - "shared-shibboleth-idp" loop_control: loop_var: "volume" - name: set up gluu docker_service: project_name: gluu pull: yes definition: version: "2.3" services: consul: image: consul command: agent -server -bootstrap -ui hostname: consul-1 environment: - CONSUL_BIND_INTERFACE=eth0 - CONSUL_CLIENT_INTERFACE=eth0 container_name: consul restart: unless-stopped volumes: - "{{ volume_root_folder }}/consul:/consul/data" labels: - "SERVICE_IGNORE=yes" restart: unless-stopped registrator: image: gluufederation/registrator:dev command: registrator -internal -cleanup -resync 30 -retry-attempts 5 -retry-interval 10 consul://consul:8500 container_name: registrator volumes: - /var/run/docker.sock:/tmp/docker.sock restart: unless-stopped depends_on: - consul # redis: # image: redis:alpine # # run cluster-enabled redis-server # # command: redis-server --port 6379 --cluster-enabled yes --cluster-config-file nodes.conf --appendonly yes --cluster-node-timeout 5000 # container_name: redis # labels: # - "SERVICE_IGNORE=yes" # restart: unless-stopped nginx: image: gluufederation/nginx:3.1.4_01 environment: - GLUU_CONFIG_ADAPTER=consul - GLUU_CONSUL_HOST=consul - GLUU_CONSUL_PORT=8500 - VIRTUAL_HOST="{{ gluu.domain }}" - LETSENCRYPT_HOST="{{ gluu.domain }}" - LETSENCRYPT_EMAIL="{{ letsencrypt_email }}" ports: - "80" - "443" container_name: nginx restart: unless-stopped labels: - "SERVICE_IGNORE=yes" ldap: image: gluufederation/opendj:3.1.4_04 environment: - GLUU_CONFIG_ADAPTER=consul - GLUU_CONSUL_HOST=consul - GLUU_CONSUL_PORT=8500 - GLUU_LDAP_INIT=true - GLUU_LDAP_INIT_HOST=ldap - GLUU_LDAP_INIT_PORT=1636 - GLUU_LDAP_ADDR_INTERFACE=eth0 - GLUU_OXTRUST_CONFIG_GENERATION=true - GLUU_CACHE_TYPE=NATIVE_PERSISTENCE # - GLUU_CACHE_TYPE=REDIS # don't forget to enable redis service # - GLUU_REDIS_URL=redis:6379 # - GLUU_REDIS_TYPE=STANDALONE # the value must match service name `ldap` because other containers # use this value as LDAP hostname - GLUU_CERT_ALT_NAME=ldap container_name: ldap volumes: - "{{ volume_root_folder }}/opendj/config:/opt/opendj/config" - "{{ volume_root_folder }}/opendj/ldif:/opt/opendj/ldif" - "{{ volume_root_folder }}/opendj/logs:/opt/opendj/logs" - "{{ volume_root_folder }}/opendj/db:/opt/opendj/db" - "{{ volume_root_folder }}/opendj/flag:/flag" - "{{ volume_root_folder }}/opendj/backup:/opt/opendj/bak" restart: unless-stopped labels: - "SERVICE_IGNORE=yes" oxauth: image: gluufederation/oxauth:3.1.4_03 environment: - GLUU_CONFIG_ADAPTER=consul - GLUU_CONSUL_HOST=consul - GLUU_CONSUL_PORT=8500 - GLUU_LDAP_URL=ldap:1636 extra_hosts: - "{{gluu.domain}}:85.235.225.231" container_name: oxauth volumes: - "{{ volume_root_folder }}/oxauth/custom/pages:/opt/gluu/jetty/oxauth/custom/pages" - "{{ volume_root_folder }}/oxauth/custom/static:/opt/gluu/jetty/oxauth/custom/static" - "{{ volume_root_folder }}/oxauth/lib/ext:/opt/gluu/jetty/oxauth/lib/ext" - "{{ volume_root_folder }}/oxauth/logs:/opt/gluu/jetty/oxauth/logs" mem_limit: 1536M restart: unless-stopped labels: - "SERVICE_NAME=oxauth" - "SERVICE_8080_CHECK_HTTP=/oxauth/.well-known/openid-configuration" - "SERVICE_8080_CHECK_INTERVAL=15s" - "SERVICE_8080_CHECK_TIMEOUT=5s" oxtrust: image: gluufederation/oxtrust:3.1.4_02 environment: - GLUU_CONFIG_ADAPTER=consul - GLUU_CONSUL_HOST=consul - GLUU_CONSUL_PORT=8500 - GLUU_LDAP_URL=ldap:1636 - GLUU_OXAUTH_BACKEND=oxauth:8080 extra_hosts: - "{{gluu.domain}}:85.235.225.231" container_name: oxtrust volumes: - "{{ volume_root_folder }}/oxtrust/custom/pages:/opt/gluu/jetty/identity/custom/pages" - "{{ volume_root_folder }}/oxtrust/custom/static:/opt/gluu/jetty/identity/custom/static" - "{{ volume_root_folder }}/oxtrust/lib/ext:/opt/gluu/jetty/identity/lib/ext" - "{{ volume_root_folder }}/oxtrust/logs:/opt/gluu/jetty/identity/logs" - "{{ volume_root_folder }}/shared-shibboleth-idp:/opt/shared-shibboleth-idp" mem_limit: 1536M restart: unless-stopped labels: - "SERVICE_NAME=oxtrust" - "SERVICE_8080_CHECK_HTTP=/identity/restv1/scim-configuration" - "SERVICE_8080_CHECK_INTERVAL=15s" - "SERVICE_8080_CHECK_TIMEOUT=5s" oxshibboleth: image: gluufederation/oxshibboleth:3.1.4_01 environment: - GLUU_CONFIG_ADAPTER=consul - GLUU_CONSUL_HOST=consul - GLUU_CONSUL_PORT=8500 - GLUU_LDAP_URL=ldap:1636 extra_hosts: - "{{gluu.domain}}:85.235.225.231" container_name: oxshibboleth volumes: - "{{ volume_root_folder }}/volumes/shared-shibboleth-idp:/opt/shared-shibboleth-idp" mem_limit: 1024M restart: unless-stopped labels: - "SERVICE_NAME=oxshibboleth" - "SERVICE_8086_CHECK_HTTP=/idp" - "SERVICE_8086_CHECK_INTERVAL=15s" - "SERVICE_8086_CHECK_TIMEOUT=5s" oxpassport: image: gluufederation/oxpassport:3.1.4_02 environment: - GLUU_CONFIG_ADAPTER=consul - GLUU_CONSUL_HOST=consul - GLUU_CONSUL_PORT=8500 - GLUU_LDAP_URL=ldap:1636 # required by wait-for-it script - GLUU_OXAUTH_BACKEND=oxauth:8080 - GLUU_OXTRUST_BACKEND=oxtrust:8080 extra_hosts: - "{{gluu.domain}}:85.235.225.231" container_name: oxpassport restart: unless-stopped labels: - "SERVICE_NAME=oxpassport" - "SERVICE_8090_CHECK_HTTP=/passport" - "SERVICE_8090_CHECK_INTERVAL=15s" - "SERVICE_8090_CHECK_TIMEOUT=5s"