WIP: Add initial version of Gluu configuration #26
|
@ -20,6 +20,9 @@
|
||||||
- "oxtrust/lib/ext"
|
- "oxtrust/lib/ext"
|
||||||
- "oxtrust/logs"
|
- "oxtrust/logs"
|
||||||
- "shared-shibboleth-idp"
|
- "shared-shibboleth-idp"
|
||||||
|
- "vault/config:/vault/config"
|
||||||
|
- "vault/data:/vault/data"
|
||||||
|
- "vault/logs:/vault/logs"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "volume"
|
loop_var: "volume"
|
||||||
|
|
||||||
|
@ -32,12 +35,12 @@
|
||||||
services:
|
services:
|
||||||
consul:
|
consul:
|
||||||
image: consul
|
image: consul
|
||||||
|
container_name: consul
|
||||||
command: agent -server -bootstrap -ui
|
command: agent -server -bootstrap -ui
|
||||||
hostname: consul-1
|
hostname: consul-1
|
||||||
environment:
|
environment:
|
||||||
- CONSUL_BIND_INTERFACE=eth0
|
- CONSUL_BIND_INTERFACE=eth0
|
||||||
- CONSUL_CLIENT_INTERFACE=eth0
|
- CONSUL_CLIENT_INTERFACE=eth0
|
||||||
container_name: consul
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ gluu.volume_folder }}/consul:/consul/data"
|
- "{{ gluu.volume_folder }}/consul:/consul/data"
|
||||||
|
@ -46,10 +49,34 @@
|
||||||
labels:
|
labels:
|
||||||
- "SERVICE_IGNORE=yes"
|
- "SERVICE_IGNORE=yes"
|
||||||
|
|
||||||
|
vault:
|
||||||
|
container_name: vault
|
||||||
|
image: vault:1.0.1
|
||||||
|
command: vault server -config=/vault/config
|
||||||
|
volumes:
|
||||||
|
- "{{ gluu.volume_folder }}/vault/config:/vault/config"
|
||||||
|
- "{{ gluu.volume_folder }}/vault/data:/vault/data"
|
||||||
|
- "{{ gluu.volume_folder }}/vault/logs:/vault/logs"
|
||||||
|
- "{{ gluu.volume_folder }}/vault/vault_gluu_policy.hcl:/vault/config/policy.hcl"
|
||||||
|
- "{{ gluu.volume_folder }}/vault/gcp_kms_stanza.hcl:/vault/config/stanza.hcl"
|
||||||
|
- "{{ gluu.volume_folder }}/vault/gcp_kms_creds.json:/vault/config/creds.json"
|
||||||
|
cap_add:
|
||||||
|
- IPC_LOCK
|
||||||
|
environment:
|
||||||
|
- VAULT_REDIRECT_INTERFACE=eth0
|
||||||
|
- VAULT_CLUSTER_INTERFACE=eth0
|
||||||
|
- VAULT_ADDR=http://0.0.0.0:8200
|
||||||
|
- VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"consul:8500","path":"vault/"}},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}}}
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
- consul
|
||||||
|
labels:
|
||||||
|
- "SERVICE_IGNORE=yes"
|
||||||
|
|
||||||
registrator:
|
registrator:
|
||||||
|
container_name: registrator
|
||||||
image: gluufederation/registrator:dev
|
image: gluufederation/registrator:dev
|
||||||
command: registrator -internal -cleanup -resync 30 -retry-attempts 5 -retry-interval 10 consul://consul:8500
|
command: registrator -internal -cleanup -resync 30 -retry-attempts 5 -retry-interval 10 consul://consul:8500
|
||||||
container_name: registrator
|
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/tmp/docker.sock
|
- /var/run/docker.sock:/tmp/docker.sock
|
||||||
networks:
|
networks:
|
||||||
|
@ -58,45 +85,34 @@
|
||||||
depends_on:
|
depends_on:
|
||||||
- consul
|
- consul
|
||||||
|
|
||||||
# redis:
|
|
||||||
# image: redis:alpine
|
|
||||||
# # run cluster-enabled redis-server
|
|
||||||
# # command: redis-server --port 6379 --cluster-enabled yes --cluster-config-file nodes.conf --appendonly yes --cluster-node-timeout 5000
|
|
||||||
# container_name: redis
|
|
||||||
# labels:
|
|
||||||
# - "SERVICE_IGNORE=yes"
|
|
||||||
# restart: unless-stopped
|
|
||||||
|
|
||||||
nginx:
|
nginx:
|
||||||
image: gluufederation/nginx:3.1.4_01
|
container_name: nginx
|
||||||
|
image: gluufederation/nginx:3.1.5_02
|
||||||
environment:
|
environment:
|
||||||
- GLUU_CONFIG_ADAPTER=consul
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
- GLUU_CONSUL_HOST=consul
|
- GLUU_SECRET_VAULT_HOST=vault
|
||||||
- GLUU_CONSUL_PORT=8500
|
|
||||||
- VIRTUAL_HOST="{{ gluu.domain }}"
|
- VIRTUAL_HOST="{{ gluu.domain }}"
|
||||||
- LETSENCRYPT_HOST="{{ gluu.domain }}"
|
- LETSENCRYPT_HOST="{{ gluu.domain }}"
|
||||||
- LETSENCRYPT_EMAIL="{{ letsencrypt_email }}"
|
- LETSENCRYPT_EMAIL="{{ letsencrypt_email }}"
|
||||||
ports:
|
ports:
|
||||||
- "80"
|
- "80:80"
|
||||||
- "443"
|
- "443:443"
|
||||||
networks:
|
networks:
|
||||||
- "external_services"
|
- "external_services"
|
||||||
- "gluu"
|
- "gluu"
|
||||||
container_name: nginx
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
labels:
|
labels:
|
||||||
- "SERVICE_IGNORE=yes"
|
- "SERVICE_IGNORE=yes"
|
||||||
|
|
||||||
ldap:
|
ldap:
|
||||||
image: gluufederation/opendj:3.1.4_04
|
container_name: ldap
|
||||||
|
image: gluufederation/opendj:3.1.5_02
|
||||||
environment:
|
environment:
|
||||||
- GLUU_CONFIG_ADAPTER=consul
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
- GLUU_CONSUL_HOST=consul
|
- GLUU_SECRET_VAULT_HOST=vault
|
||||||
- GLUU_CONSUL_PORT=8500
|
|
||||||
- GLUU_LDAP_INIT=true
|
- GLUU_LDAP_INIT=true
|
||||||
- GLUU_LDAP_INIT_HOST=ldap
|
- GLUU_LDAP_INIT_HOST=ldap
|
||||||
- GLUU_LDAP_INIT_PORT=1636
|
- GLUU_LDAP_INIT_PORT=1636
|
||||||
- GLUU_LDAP_ADDR_INTERFACE=eth0
|
|
||||||
- GLUU_OXTRUST_CONFIG_GENERATION=true
|
- GLUU_OXTRUST_CONFIG_GENERATION=true
|
||||||
- GLUU_CACHE_TYPE=NATIVE_PERSISTENCE
|
- GLUU_CACHE_TYPE=NATIVE_PERSISTENCE
|
||||||
# - GLUU_CACHE_TYPE=REDIS # don't forget to enable redis service
|
# - GLUU_CACHE_TYPE=REDIS # don't forget to enable redis service
|
||||||
|
@ -105,7 +121,6 @@
|
||||||
# the value must match service name `ldap` because other containers
|
# the value must match service name `ldap` because other containers
|
||||||
# use this value as LDAP hostname
|
# use this value as LDAP hostname
|
||||||
- GLUU_CERT_ALT_NAME=ldap
|
- GLUU_CERT_ALT_NAME=ldap
|
||||||
container_name: ldap
|
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ gluu.volume_folder }}/opendj/config:/opt/opendj/config"
|
- "{{ gluu.volume_folder }}/opendj/config:/opt/opendj/config"
|
||||||
- "{{ gluu.volume_folder }}/opendj/ldif:/opt/opendj/ldif"
|
- "{{ gluu.volume_folder }}/opendj/ldif:/opt/opendj/ldif"
|
||||||
|
@ -120,15 +135,14 @@
|
||||||
- "SERVICE_IGNORE=yes"
|
- "SERVICE_IGNORE=yes"
|
||||||
|
|
||||||
oxauth:
|
oxauth:
|
||||||
image: gluufederation/oxauth:3.1.4_03
|
container_name: oxauth
|
||||||
|
image: gluufederation/oxauth:3.1.5_02
|
||||||
environment:
|
environment:
|
||||||
- GLUU_CONFIG_ADAPTER=consul
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
- GLUU_CONSUL_HOST=consul
|
- GLUU_SECRET_VAULT_HOST=consul
|
||||||
- GLUU_CONSUL_PORT=8500
|
|
||||||
- GLUU_LDAP_URL=ldap:1636
|
- GLUU_LDAP_URL=ldap:1636
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
- "{{ gluu.domain }}:85.235.225.231"
|
- "{{ gluu.domain }}:85.235.225.231"
|
||||||
container_name: oxauth
|
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ gluu.volume_folder }}/oxauth/custom/pages:/opt/gluu/jetty/oxauth/custom/pages"
|
- "{{ gluu.volume_folder }}/oxauth/custom/pages:/opt/gluu/jetty/oxauth/custom/pages"
|
||||||
- "{{ gluu.volume_folder }}/oxauth/custom/static:/opt/gluu/jetty/oxauth/custom/static"
|
- "{{ gluu.volume_folder }}/oxauth/custom/static:/opt/gluu/jetty/oxauth/custom/static"
|
||||||
|
@ -145,11 +159,10 @@
|
||||||
- "SERVICE_8080_CHECK_TIMEOUT=5s"
|
- "SERVICE_8080_CHECK_TIMEOUT=5s"
|
||||||
|
|
||||||
oxtrust:
|
oxtrust:
|
||||||
image: gluufederation/oxtrust:3.1.4_02
|
image: gluufederation/oxtrust:3.1.5_02
|
||||||
environment:
|
environment:
|
||||||
- GLUU_CONFIG_ADAPTER=consul
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
- GLUU_CONSUL_HOST=consul
|
- GLUU_SECRET_VAULT_HOST=vault
|
||||||
- GLUU_CONSUL_PORT=8500
|
|
||||||
- GLUU_LDAP_URL=ldap:1636
|
- GLUU_LDAP_URL=ldap:1636
|
||||||
- GLUU_OXAUTH_BACKEND=oxauth:8080
|
- GLUU_OXAUTH_BACKEND=oxauth:8080
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
|
@ -172,15 +185,14 @@
|
||||||
- "SERVICE_8080_CHECK_TIMEOUT=5s"
|
- "SERVICE_8080_CHECK_TIMEOUT=5s"
|
||||||
|
|
||||||
oxshibboleth:
|
oxshibboleth:
|
||||||
image: gluufederation/oxshibboleth:3.1.4_01
|
container_name: oxshibboleth
|
||||||
|
image: gluufederation/oxshibboleth:3.1.5_02
|
||||||
environment:
|
environment:
|
||||||
- GLUU_CONFIG_ADAPTER=consul
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
- GLUU_CONSUL_HOST=consul
|
- GLUU_SECRET_VAULT_HOST=vault
|
||||||
- GLUU_CONSUL_PORT=8500
|
|
||||||
- GLUU_LDAP_URL=ldap:1636
|
- GLUU_LDAP_URL=ldap:1636
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
- "{{gluu.domain}}:85.235.225.231"
|
- "{{gluu.domain}}:85.235.225.231"
|
||||||
container_name: oxshibboleth
|
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ gluu.volume_folder }}/volumes/shared-shibboleth-idp:/opt/shared-shibboleth-idp"
|
- "{{ gluu.volume_folder }}/volumes/shared-shibboleth-idp:/opt/shared-shibboleth-idp"
|
||||||
networks:
|
networks:
|
||||||
|
@ -194,18 +206,17 @@
|
||||||
- "SERVICE_8086_CHECK_TIMEOUT=5s"
|
- "SERVICE_8086_CHECK_TIMEOUT=5s"
|
||||||
|
|
||||||
oxpassport:
|
oxpassport:
|
||||||
image: gluufederation/oxpassport:3.1.4_02
|
container_name: oxpassport
|
||||||
|
image: gluufederation/oxpassport:3.1.5_02
|
||||||
environment:
|
environment:
|
||||||
- GLUU_CONFIG_ADAPTER=consul
|
- GLUU_CONFIG_CONSUL_HOST=consul
|
||||||
- GLUU_CONSUL_HOST=consul
|
- GLUU_SECRET_VAULT_HOST=vault
|
||||||
- GLUU_CONSUL_PORT=8500
|
|
||||||
- GLUU_LDAP_URL=ldap:1636
|
- GLUU_LDAP_URL=ldap:1636
|
||||||
# required by wait-for-it script
|
# required by wait-for-it script
|
||||||
- GLUU_OXAUTH_BACKEND=oxauth:8080
|
- GLUU_OXAUTH_BACKEND=oxauth:8080
|
||||||
- GLUU_OXTRUST_BACKEND=oxtrust:8080
|
- GLUU_OXTRUST_BACKEND=oxtrust:8080
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
- "{{gluu.domain}}:85.235.225.231"
|
- "{{gluu.domain}}:85.235.225.231"
|
||||||
container_name: oxpassport
|
|
||||||
networks:
|
networks:
|
||||||
- "gluu"
|
- "gluu"
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
Loading…
Reference in a new issue