diff --git a/etc/docker/dev/docker-compose-storage-iam.yml b/etc/docker/dev/docker-compose-storage-iam.yml deleted file mode 100644 index fd468229a8..0000000000 --- a/etc/docker/dev/docker-compose-storage-iam.yml +++ /dev/null @@ -1,200 +0,0 @@ -version: "3" -services: - rucioclient: - image: docker.io/rucio/rucio-dev:latest-alma9 - command: ["sleep", "infinity"] - volumes: - - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - - ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z - - ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z - - ../../certs/ruciouser.pem:/opt/rucio/etc/usercert.pem:z - - ../../certs/ruciouser.key.pem:/opt/rucio/etc/userkey.pem:z - - ../../certs/ruciouser.certkey.pem:/opt/rucio/etc/usercertkey.pem:z - - ../../certs/ssh/ruciouser_sshkey.pub:/root/.ssh/ruciouser_sshkey.pub:z - - ../../certs/ssh/ruciouser_sshkey:/root/.ssh/ruciouser_sshkey:z - - ../../../tools:/opt/rucio/tools:Z - - ../../../bin:/opt/rucio/bin:Z - - ../../../lib:/opt/rucio/lib:Z - - ../../../tests:/opt/rucio/tests:Z - environment: - - X509_USER_CERT=/opt/rucio/etc/usercert.pem - - X509_USER_KEY=/opt/rucio/etc/userkey.pem - - RDBMS=postgres14 - rucio: - image: docker.io/rucio/rucio-dev:latest-alma9 - ports: - - "127.0.0.1:8443:443" - volumes: - - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - - ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z - - ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z - - ../../certs/ruciouser.pem:/opt/rucio/etc/usercert.pem:z - - ../../certs/ruciouser.key.pem:/opt/rucio/etc/userkey.pem:z - - ../../certs/ruciouser.certkey.pem:/opt/rucio/etc/usercertkey.pem:z - - ../../certs/ssh/ruciouser_sshkey.pub:/root/.ssh/ruciouser_sshkey.pub:z - - ../../certs/ssh/ruciouser_sshkey:/root/.ssh/ruciouser_sshkey:z - - ../../../tools:/opt/rucio/tools:Z - - ../../../bin:/opt/rucio/bin:Z - - ../../../lib:/opt/rucio/lib:Z - - ../../../tests:/opt/rucio/tests:Z - environment: - - X509_USER_CERT=/opt/rucio/etc/usercert.pem - - X509_USER_KEY=/opt/rucio/etc/userkey.pem - - RDBMS=postgres14 - ruciodb: - image: docker.io/postgres:14 - ports: - - "127.0.0.1:5432:5432" - environment: - - POSTGRES_USER=rucio - - POSTGRES_DB=rucio - - POSTGRES_PASSWORD=secret - command: ["-c", "fsync=off","-c", "synchronous_commit=off","-c", "full_page_writes=off"] - graphite: - image: docker.io/graphiteapp/graphite-statsd - ports: - - "127.0.0.1:8080:80" - fts: - image: docker.io/rucio/fts - ports: - - "127.0.0.1:8446:8446" - - "127.0.0.1:8449:8449" - volumes: - - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - - ../../certs/hostcert_fts.pem:/etc/grid-security/hostcert.pem:Z - - ../../certs/hostcert_fts.key.pem:/etc/grid-security/hostkey.pem:Z - ftsdb: - image: docker.io/mysql:8 - ports: - - "127.0.0.1:3306:3306" - command: --default-authentication-plugin=mysql_native_password - environment: - - MYSQL_USER=fts - - MYSQL_PASSWORD=fts - - MYSQL_ROOT_PASSWORD=fts - - MYSQL_DATABASE=fts - xrd1: - image: docker.io/rucio/xrootd - ports: - - "127.0.0.1:1094:1094" - environment: - - XRDPORT=1094 - volumes: - - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - - ../../certs/hostcert_xrd1.pem:/tmp/xrdcert.pem:Z - - ../../certs/hostcert_xrd1.key.pem:/tmp/xrdkey.pem:Z - xrd2: - image: docker.io/rucio/xrootd - ports: - - "127.0.0.1:1095:1095" - environment: - - XRDPORT=1095 - volumes: - - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - - ../../certs/hostcert_xrd2.pem:/tmp/xrdcert.pem:Z - - ../../certs/hostcert_xrd2.key.pem:/tmp/xrdkey.pem:Z - xrd3: - image: docker.io/rucio/xrootd - ports: - - "127.0.0.1:1096:1096" - environment: - - XRDPORT=1096 - volumes: - - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - - ../../certs/hostcert_xrd3.pem:/tmp/xrdcert.pem:Z - - ../../certs/hostcert_xrd3.key.pem:/tmp/xrdkey.pem:Z - xrd4: - image: docker.io/rucio/xrootd - ports: - - "127.0.0.1:1097:1097" - environment: - - XRDPORT=1097 - volumes: - - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - - ../../certs/hostcert_xrd4.pem:/tmp/xrdcert.pem:Z - - ../../certs/hostcert_xrd4.key.pem:/tmp/xrdkey.pem:Z - minio: - image: docker.io/minio/minio - ports: - - "127.0.0.1:9000:9000" - environment: - - MINIO_ACCESS_KEY=admin - - MINIO_SECRET_KEY=password - volumes: - - ../../certs/hostcert_minio.pem:/root/.minio/certs/public.crt:Z - - ../../certs/hostcert_minio.key.pem:/root/.minio/certs/private.key:Z - command: ["server", "/data"] - activemq: - image: docker.io/webcenter/activemq:latest - ports: - - "127.0.0.1:61613:61613" - environment: - - ACTIVEMQ_CONFIG_NAME=activemq - - ACTIVEMQ_CONFIG_DEFAULTACCOUNT=false - - ACTIVEMQ_USERS_fts=supersecret - - ACTIVEMQ_GROUPS_writes=fts - - ACTIVEMQ_USERS_receiver=supersecret - - ACTIVEMQ_GROUPS_reads=receiver - - ACTIVEMQ_CONFIG_SCHEDULERENABLED=true - ssh1: - image: docker.io/rucio/ssh - ports: - - "127.0.0.1:2222:22" - volumes: - - ../../certs/ssh/ruciouser_sshkey.pub:/tmp/sshkey.pub:Z - db-iam: - image: mariadb:10.11 - environment: - - TZ=Europe/Paris - - MYSQL_ROOT_PASSWORD=supersecret - - MYSQL_USER=iam - - MYSQL_PASSWORD=secret - - MYSQL_DATABASE=iam_db - ports: - - "127.0.0.1:3307:3306" - nginx-iam: - image: nginx - dns_search: cern.ch - environment: - TZ: Europe/Paris - NGINX_HOST: iam - NGINX_PORT: 443 - ports: - - "127.0.0.1:9443:443" - volumes: - - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z - # - ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z - # - ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z - - /etc/grid-security/:/etc/grid-security/ - - /dev/urandom:/dev/random - - ../../iam-assets/iam.conf:/etc/nginx/conf.d/default.conf:ro - iam: - image: indigoiam/iam-login-service:v1.8.2 - volumes: - - ../../iam-assets/keystore.jwks:/keystore.jwks:ro - environment: - - IAM_JAVA_OPTS=-Djava.security.egd=file:/dev/urandom -Dspring.profiles.active=prod,oidc,cern,registration,wlcg-scopes -agentlib:jdwp=transport=dt_socket,server=y,address=1044,suspend=n -Dlogging.file.name=/var/log/iam/iam.log - - IAM_HOST= - - IAM_PORT=8090 - - IAM_BASE_URL=https:// - - IAM_ISSUER=https:// - - IAM_FORWARD_HEADERS_STRATEGY=native - - IAM_KEY_STORE_LOCATION=file:/keystore.jwks - - IAM_JWK_CACHE_LIFETIME=21600 - # - IAM_X509_TRUST_ANCHORS_DIR=/etc/grid-security/certificates - # - IAM_X509_TRUST_ANCHORS_REFRESH=14400 - - IAM_TOMCAT_ACCESS_LOG_ENABLED=false - - IAM_TOMCAT_ACCESS_LOG_DIRECTORY=/tmp - - IAM_ACTUATOR_USER_USERNAME=user - - IAM_ACTUATOR_USER_PASSWORD=secret - - IAM_LOCAL_RESOURCES_ENABLE=true - - IAM_LOCAL_RESOURCES_LOCATION=file:/indigo-iam/local-resources - - IAM_ORGANISATION_NAME=rucio-dc - - IAM_TOPBAR_TITLE="INDIGO IAM for rucio-dc" - - IAM_DB_HOST= - - IAM_DB_PORT=3307 - - IAM_DB_NAME=iam_db - - IAM_DB_USERNAME=iam - - IAM_DB_PASSWORD=secret - ports: - - "127.0.0.1:8090:8090" \ No newline at end of file diff --git a/etc/docker/dev/docker-compose.ports.yml b/etc/docker/dev/docker-compose.ports.yml index 217b8cd64e..a4b0edd04d 100644 --- a/etc/docker/dev/docker-compose.ports.yml +++ b/etc/docker/dev/docker-compose.ports.yml @@ -64,3 +64,12 @@ services: grafana: ports: - "127.0.0.1:3000:3000" + db-iam: + ports: + - "127.0.0.1:3307:3306" + nginx-iam: + ports: + - "127.0.0.1:9443:443" + iam: + ports: + - "127.0.0.1:8090:8090" diff --git a/etc/docker/dev/docker-compose.yml b/etc/docker/dev/docker-compose.yml index cc8a7eb59a..d2b09195db 100644 --- a/etc/docker/dev/docker-compose.yml +++ b/etc/docker/dev/docker-compose.yml @@ -244,3 +244,59 @@ services: image: docker.io/grafana/grafana:latest profiles: - monitoring + db-iam: + image: mariadb:10.11 + profiles: + - iam + environment: + - TZ=Europe/Paris + - MYSQL_ROOT_PASSWORD=supersecret + - MYSQL_USER=iam + - MYSQL_PASSWORD=secret + - MYSQL_DATABASE=iam_db + nginx-iam: + image: nginx + profiles: + - iam + dns_search: cern.ch + environment: + TZ: Europe/Paris + NGINX_HOST: iam + NGINX_PORT: 443 + volumes: + - ../../certs/rucio_ca.pem:/etc/grid-security/certificates/5fca1cb1.0:z + # - ../../certs/hostcert_rucio.pem:/etc/grid-security/hostcert.pem:z + # - ../../certs/hostcert_rucio.key.pem:/etc/grid-security/hostkey.pem:z + - /etc/grid-security/:/etc/grid-security/ + - /dev/urandom:/dev/random + - ../../iam-assets/iam.conf:/etc/nginx/conf.d/default.conf:ro + iam: + profiles: + - iam + image: indigoiam/iam-login-service:v1.8.2 + volumes: + - ../../iam-assets/keystore.jwks:/keystore.jwks:ro + environment: + - IAM_JAVA_OPTS=-Djava.security.egd=file:/dev/urandom -Dspring.profiles.active=prod,oidc,cern,registration,wlcg-scopes -agentlib:jdwp=transport=dt_socket,server=y,address=1044,suspend=n -Dlogging.file.name=/var/log/iam/iam.log + - IAM_HOST= + - IAM_PORT=8090 + - IAM_BASE_URL=https:// + - IAM_ISSUER=https:// + - IAM_FORWARD_HEADERS_STRATEGY=native + - IAM_KEY_STORE_LOCATION=file:/keystore.jwks + - IAM_JWK_CACHE_LIFETIME=21600 + # - IAM_X509_TRUST_ANCHORS_DIR=/etc/grid-security/certificates + # - IAM_X509_TRUST_ANCHORS_REFRESH=14400 + - IAM_TOMCAT_ACCESS_LOG_ENABLED=false + - IAM_TOMCAT_ACCESS_LOG_DIRECTORY=/tmp + - IAM_ACTUATOR_USER_USERNAME=user + - IAM_ACTUATOR_USER_PASSWORD=secret + - IAM_LOCAL_RESOURCES_ENABLE=true + - IAM_LOCAL_RESOURCES_LOCATION=file:/indigo-iam/local-resources + - IAM_ORGANISATION_NAME=rucio-dc + - IAM_TOPBAR_TITLE="INDIGO IAM for rucio-dc" + - IAM_DB_HOST= + - IAM_DB_PORT=3307 + - IAM_DB_NAME=iam_db + - IAM_DB_USERNAME=iam + - IAM_DB_PASSWORD=secret