- name: create gluu volume folders file: name: "{{ gluu.volume_folder }}/{{ volume }}" state: directory loop: - "config-init/db" - "consul/data" - "opendj/config" - "opendj/ldif" - "opendj/logs" - "opendj/db" - "opendj/flag" - "opendj/backup" - "oxauth/custom" - "oxauth/custom/pages" - "oxauth/custom/static" - "oxauth/lib/ext" - "oxauth/logs" - "oxtrust/custom/pages" - "oxtrust/lib/ext" - "oxtrust/logs" - "shared-shibboleth-idp" - "vault/config:/vault/config" - "vault/data:/vault/data" - "vault/logs:/vault/logs" loop_control: loop_var: "volume" - name: set up gluu docker_service: project_name: gluu pull: yes definition: version: "2.3" services: consul: image: consul container_name: consul command: agent -server -bootstrap -ui hostname: consul-1 environment: - CONSUL_BIND_INTERFACE=eth0 - CONSUL_CLIENT_INTERFACE=eth0 restart: unless-stopped volumes: - "{{ gluu.volume_folder }}/consul:/consul/data" networks: - "gluu" labels: - "SERVICE_IGNORE=yes" vault: container_name: vault image: vault:1.0.1 command: vault server -config=/vault/config volumes: - "{{ gluu.volume_folder }}/vault/config:/vault/config" - "{{ gluu.volume_folder }}/vault/data:/vault/data" - "{{ gluu.volume_folder }}/vault/logs:/vault/logs" - "{{ gluu.volume_folder }}/vault/vault_gluu_policy.hcl:/vault/config/policy.hcl" - "{{ gluu.volume_folder }}/vault/gcp_kms_stanza.hcl:/vault/config/stanza.hcl" - "{{ gluu.volume_folder }}/vault/gcp_kms_creds.json:/vault/config/creds.json" cap_add: - IPC_LOCK environment: - VAULT_REDIRECT_INTERFACE=eth0 - VAULT_CLUSTER_INTERFACE=eth0 - VAULT_ADDR=http://0.0.0.0:8200 - VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"consul:8500","path":"vault/"}},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}}} restart: unless-stopped depends_on: - consul labels: - "SERVICE_IGNORE=yes" registrator: container_name: registrator image: gluufederation/registrator:dev command: registrator -internal -cleanup -resync 30 -retry-attempts 5 -retry-interval 10 consul://consul:8500 volumes: - /var/run/docker.sock:/tmp/docker.sock networks: - "gluu" restart: unless-stopped depends_on: - consul nginx: container_name: nginx image: gluufederation/nginx:3.1.5_02 environment: - GLUU_CONFIG_CONSUL_HOST=consul - GLUU_SECRET_VAULT_HOST=vault - VIRTUAL_HOST="{{ gluu.domain }}" - LETSENCRYPT_HOST="{{ gluu.domain }}" - LETSENCRYPT_EMAIL="{{ letsencrypt_email }}" ports: - "80:80" - "443:443" networks: - "external_services" - "gluu" restart: unless-stopped labels: - "SERVICE_IGNORE=yes" ldap: container_name: ldap image: gluufederation/opendj:3.1.5_02 environment: - GLUU_CONFIG_CONSUL_HOST=consul - GLUU_SECRET_VAULT_HOST=vault - GLUU_LDAP_INIT=true - GLUU_LDAP_INIT_HOST=ldap - GLUU_LDAP_INIT_PORT=1636 - GLUU_OXTRUST_CONFIG_GENERATION=true - GLUU_CACHE_TYPE=NATIVE_PERSISTENCE # - GLUU_CACHE_TYPE=REDIS # don't forget to enable redis service # - GLUU_REDIS_URL=redis:6379 # - GLUU_REDIS_TYPE=STANDALONE # the value must match service name `ldap` because other containers # use this value as LDAP hostname - GLUU_CERT_ALT_NAME=ldap volumes: - "{{ gluu.volume_folder }}/opendj/config:/opt/opendj/config" - "{{ gluu.volume_folder }}/opendj/ldif:/opt/opendj/ldif" - "{{ gluu.volume_folder }}/opendj/logs:/opt/opendj/logs" - "{{ gluu.volume_folder }}/opendj/db:/opt/opendj/db" - "{{ gluu.volume_folder }}/opendj/flag:/flag" - "{{ gluu.volume_folder }}/opendj/backup:/opt/opendj/bak" networks: - "gluu" restart: unless-stopped labels: - "SERVICE_IGNORE=yes" oxauth: container_name: oxauth image: gluufederation/oxauth:3.1.5_02 environment: - GLUU_CONFIG_CONSUL_HOST=consul - GLUU_SECRET_VAULT_HOST=consul - GLUU_LDAP_URL=ldap:1636 extra_hosts: - "{{ gluu.domain }}:85.235.225.231" volumes: - "{{ gluu.volume_folder }}/oxauth/custom/pages:/opt/gluu/jetty/oxauth/custom/pages" - "{{ gluu.volume_folder }}/oxauth/custom/static:/opt/gluu/jetty/oxauth/custom/static" - "{{ gluu.volume_folder }}/oxauth/lib/ext:/opt/gluu/jetty/oxauth/lib/ext" - "{{ gluu.volume_folder }}/oxauth/logs:/opt/gluu/jetty/oxauth/logs" networks: - "gluu" mem_limit: 1536M restart: unless-stopped labels: - "SERVICE_NAME=oxauth" - "SERVICE_8080_CHECK_HTTP=/oxauth/.well-known/openid-configuration" - "SERVICE_8080_CHECK_INTERVAL=15s" - "SERVICE_8080_CHECK_TIMEOUT=5s" oxtrust: image: gluufederation/oxtrust:3.1.5_02 environment: - GLUU_CONFIG_CONSUL_HOST=consul - GLUU_SECRET_VAULT_HOST=vault - GLUU_LDAP_URL=ldap:1636 - GLUU_OXAUTH_BACKEND=oxauth:8080 extra_hosts: - "{{ gluu.domain }}:85.235.225.231" container_name: oxtrust volumes: - "{{ gluu.volume_folder }}/oxtrust/custom/pages:/opt/gluu/jetty/identity/custom/pages" - "{{ gluu.volume_folder }}/oxtrust/custom/static:/opt/gluu/jetty/identity/custom/static" - "{{ gluu.volume_folder }}/oxtrust/lib/ext:/opt/gluu/jetty/identity/lib/ext" - "{{ gluu.volume_folder }}/oxtrust/logs:/opt/gluu/jetty/identity/logs" - "{{ gluu.volume_folder }}/shared-shibboleth-idp:/opt/shared-shibboleth-idp" networks: - "gluu" mem_limit: 1536M restart: unless-stopped labels: - "SERVICE_NAME=oxtrust" - "SERVICE_8080_CHECK_HTTP=/identity/restv1/scim-configuration" - "SERVICE_8080_CHECK_INTERVAL=15s" - "SERVICE_8080_CHECK_TIMEOUT=5s" oxshibboleth: container_name: oxshibboleth image: gluufederation/oxshibboleth:3.1.5_02 environment: - GLUU_CONFIG_CONSUL_HOST=consul - GLUU_SECRET_VAULT_HOST=vault - GLUU_LDAP_URL=ldap:1636 extra_hosts: - "{{gluu.domain}}:85.235.225.231" volumes: - "{{ gluu.volume_folder }}/volumes/shared-shibboleth-idp:/opt/shared-shibboleth-idp" networks: - "gluu" mem_limit: 1024M restart: unless-stopped labels: - "SERVICE_NAME=oxshibboleth" - "SERVICE_8086_CHECK_HTTP=/idp" - "SERVICE_8086_CHECK_INTERVAL=15s" - "SERVICE_8086_CHECK_TIMEOUT=5s" oxpassport: container_name: oxpassport image: gluufederation/oxpassport:3.1.5_02 environment: - GLUU_CONFIG_CONSUL_HOST=consul - GLUU_SECRET_VAULT_HOST=vault - GLUU_LDAP_URL=ldap:1636 # required by wait-for-it script - GLUU_OXAUTH_BACKEND=oxauth:8080 - GLUU_OXTRUST_BACKEND=oxtrust:8080 extra_hosts: - "{{gluu.domain}}:85.235.225.231" networks: - "gluu" restart: unless-stopped labels: - "SERVICE_NAME=oxpassport" - "SERVICE_8090_CHECK_HTTP=/passport" - "SERVICE_8090_CHECK_INTERVAL=15s" - "SERVICE_8090_CHECK_TIMEOUT=5s" networks: external_services: external: true gluu: name: "gluu"