Make sure the digest is correct (from release notes page) Create a directory to mount files and folder in and out of container.
(e.g. MySQL, utf8, bin collation, create a user and password, and grant all to the new database from username and password) Set grouper.hibernate.properties. Note, for DB URL, “localhost” is the container itself, not the enclosing server.
Strategy Containers Notes SEPARATE-CONTAINERS UI is daemon SCIM More like a production env Uses more memory Can control, bring up down, configure each separately Need to manage ports. Generally 443 for UI, 8443 for Is, 8444 for SCIM ALL-IN-ONE all Runs everything in one container.
This file in generally the same so you log to the same place (/opt/ grouper /logs) in your container, just matters where you mount that outside You can decide if you trust your auth and MFA if you want to leave this open, or lock it down to your VPN or whatever.
--publish 8009:8009 if you want to publish the JK tomcat port for an Apache outside the container --publish 8443:443 8443 on outside if you have multiple containers on one host and 443 is already used docker-image i2incommon/ grouper :2.5.XX put the docker image label from grouper if you don't have a Docker file and subcontainer my- grouper -2.5.XX:latest put the docker image label of you subcontainer if you made one from Docker file or grouper image command UI is daemon SCIM
(SEPARATE-CONTAINERS) Make your Is docker run command in a shell script. (SEPARATE-CONTAINERS) Make your Daemon docker run command in a shell script.
If you need to make changes to run command, or get a new image, you can remove a container. Add a subject source Add Shibboleth Add members to the wheel group Here is an example with AWS for database and server, basically for this example you need a Unix-based server (or Mac), and a Postgres (recommended), or MySQL or oracle database.
If you want to take pieces out and run in an unsupported way feel free to do that on your own. We are open to changing how the container is structured in v2.6, lets discuss and improve together.
Place custom change log consumers here/opt/ grouper /grouperWebapp/WEB-INF/lib/Jars used in all services (UI/Is/daemon/SCIM). Replace database drivers or add jars for all services /opt/ grouper /grouperWebapp/WEB-INF/web.xmlweb.xml for grouper might need security settings for authentication (e.g. tomcat LDAP auth for Is)/opt/ grouper /logic you are externalizing logs to a “mount”, this is the suggested standard location/opt/ grouper /slashRootAny files or folders in here will be overlaid on / (root Dir).
Note, Apache is not needed (default false) -e GROUPER _RUN_Ship_SP=true(RUN_SHIB_SP up to v2.5.27)env var will tell supervisor to kick off ship SP in container.
-e GROUPER _SHIB_LOG_USE_PIPE (v2.5.30+)env var to not set up a pipe for ship. Set to false if should just log stout and std err of ship to /tmp/logshibdMight want to mount /tmp/Toshiba to the external host, or other ship log files-e GROUPER _RUN_Tome=true(RUN_Tome up to v2.5.27)env var will tell supervisor to kick off tome.
Set to -2 to not change the default value in file-e GROUPER _USE_SSL=false (v2.5.28+)if you do not want Apache listening on 443 SSL. If Apache is running, default is true-e GROUPER _MAX_MEMORY='3g'set memory of java to 3 gigs.
NOTE: make sure you use less memory in the JVM than the container has allocated, and this might not be what “free” or OS calls report *'(v2.5.27+)If you want Grouper to automatically install and update the database DDL when it starts up, and don't go to another minor version, anything for v2.5.
*You can instead configure this in the grouper.hibernate.properties config file with key: registry.auto.DDL.perversion. Allow the configuration editor in the UI only from this IP address.
Note you should consider using Grouper LDAP or built in authentication instead. Note, passwords in environment variables or Docker commands are security risks can instead configure this in the morphing.properties config file with key: encrypt.key-e GROUPER _DATABASE_URL_FILE=/a/b/c(v.2.5.28+)Location of the database JDBC URL.
You can instead configure this in the grouper.hibernate.properties config file with key: hibernate.connection.URL Note, passwords in environment variables or Docker commands are security risks can instead configure this in the grouper.hibernate.properties config file with key: hibernate.connection.password-e GROUPERSYSTEM_Quick-start_PASS=myUnsecurePass(v.2.5.27+)If you are running the quick start command on the container, and you set this env var, and you are doing grouper built in authentication in the UI and/or Is, then this password will log in GrouperSystem in the UI and/or Is.
Note, this is a HUGE security problem if this is available in a production system. Docker subimages can COPY as root which negatively affects Grouper.
Note, this is advanced, and should be run as the tomcat user. When the Grouper container starts up, it does a lot of work to manipulate the config files.
Set logging prefix and web app contextgrouperPrepComponentPost() Tag in GitHub docker is: 2.5. X where X is an integer that increases for each build There is a listing of each version in the Grouper 2.5 release notes, with an indication on if it is stable or not Every container will have “yum update” done before the container is released.
If you use Kubernetes, use an Are for the “UI” or “is” and not a COMMAND All of your containers must have the correct time and consistent timezone HTTP Strict Transport Security (Hits) is enabled on the Apache HTTP Server. It is recommended that the various morphing files be associated with the containers as Docker Secrets.
Skip to end of metadata to start of metadata Maturity level 1 leads you toward how to do container orchestration properly. Here is an example with AWS, basically for this example you need a Unix-based server (or Mac), and a Postgres (recommended), or MySQL or oracle database.
Make sure the digest is correct (from release notes page) Create a directory to hold files to put in your subcontainer.
Strategy Containers Notes SEPARATE-CONTAINERS UI is daemon SCIM More like a production env Uses more memory Can control, bring up down, configure each separately Need to manage ports. Don't do this in prod Uses less memory When anything is up or down all is up or down Can use 443 for UI, Is, SCIM UI-WS daemon This is not documented here.
If you want to mount external logs, follow directions from maturity level 0 You can decide if you trust your auth and MFA if you want to leave this open, or lock it down to your VPN or whatever.
Put those files in your subimage, you can do this in Docker file or in script hook (see below) Grouper could provide an empty shell script with some pre-defined functions.
Functions in here will be called at various points in the Grouper container startup workflow. The main function is grouperScriptHooks_finishPrepPost which can adjust config files after Grouper is done with them but before processes start.
Note you still need to pay attention on upgrades but in general this should be a pretty stable way to adjust config files or run commands... This is risky to replace existing config files since if Grouper changes the file in a subsequent container, and you do not incorporate those changes in your overlay, then the configs will diverge and bad things can happen.
This is a good approach but still needs to be checked on upgrades and cannot be used on files that are generated or massaged by the Grouper startup. This is advanced and should be documented well internally so others in your institution can support your customizations.
Groupers can lock themselves into self-created caves between sand and rock using their powerful gill muscles. In the South, blackened grouper is a favorite preparation, but this versatile fish can be fried, grilled, skewered or used in chowders and soups.
Larger whole grouper can be roasted, and large fillets should be butterflied before grilling because of their thickness. Rated as Good Alternative (yellow) by Monterey Bay Aquarium’s Seafood Watch.
Grouper use their mouth to dig into sand in order to form their shelters under big rocks, jetting it out through their gills. Their gill muscles are so powerful that it is nearly impossible to pull them out of their cave if they feel attacked and extend them in order to lock themselves in.
No description, website, or topics provided. ApiTomcat update and fixes Dec 6, 2017 daemon Grouper container layout based on Union work.
Whether you are on campus, a research organization or a company, finding solutions to simplify and centralize your access management is essential to your success. When paired with software provided through the community-developed Uncommon Trusted Access Platform (in this case Shibboleth), users have single sign-on convenience to services by simply using their existing credentials.
For service providers, this reduces the need to create log-ins and passwords, saving time and effort. Once students have credentials they now need access to learning management systems, coursework repositories, grades, bills, meal programs, and on and on.
Grouper, a component of the Uncommon Trusted Access Platform, provides solutions that are easy to manage and allow for decision-making at the appropriate level. But imagine a scenario where faculty and staff have the ability to add and remove access when needed and appropriate.
Intuitive, easy to use, and automated Easy to manage in terms of access and authentication Efficient, saving time and effort by allowing those closest to the need (course membership, for instance) manage the groups LIGO chose Grouper as the manageable, scalable infrastructure of choice to handle the complex group access and organizational global relationships.
Scott Miranda, senior scientist with the Laser Interferometer Gravitational Wave Observatory (LIGO) project. LIGO selected Grouper as the single place where the information about groups, memberships, and (eventually) roles would be housed and from which other pieces of the infrastructure could draw.
This project is an example of how one might use Docker to facilitate Grouper development. To use the image, you'll need to install the Docker-Toolbox if you are running Windows or OS X. Linux has native support for Docker (reference the Docker docs for your distro).
Set up your environmental variables: docker-machine env
The first time this is run the grouper -demo will need to be pulled from the Docker Hub. The baseline SelfOptOutPrivilegeRevocationVeto.java has a bug that prevents “mailing list” groups from being deleted.
A configured Grouper API, UI, and/or Web Services instance. Configure grouper logging to output as desired (see the tail of src/test/docker/log4j.properties for a reasonable default.
)|contest.optOutRequired.attributeDefName|(required)|The Attribute Defame to check the group or parent tree to determine if Opt-out is required.| If the logging properties are not setup then no output will be returned from the program.
The following example can be appended to the cone/log4j.properties and will output to the console (previously defined in a baseline grouper log4j.properties) and to a static file (logs/customhouse.log). Docker's usage allows for quickly deploying the deployed artifact to a consistent, repeatable, local Grouper environment, which facilitates consistent testing.
If using boot2docker is being used the proper environment variables must be setup (i.e. those displayed by running boot2docker up or boot2docker shelling). Running grade clean uncontained will compile the jar, build the on top of the grouper -demo image (this could take 10-20 minutes the first time depending upon the bandwidth speed), and start an image.
Docker PS will display info about the running container. The image can be connected to from a browser by going to the port listed in the docker PS 8080 mapping (probably 8080).
The customhouse.log can be dumped with docker exec -t grouper -dev cat /logs/customhouse.log. When testing is complete, exit to leave the running container.