Docker Compose support

Edit online

Docker Compose provides a simple mechanism for defining multi-container environments.

Developers who want to familiarize themselves with the anatomy of a Verify Identity Access Docker environment can use the following sample .yaml and .env file to easily build an environment on their workstation for development purposes. This practical example is used to illustrate the composition of an example Verify Identity Access Docker environment.

docker-compose.yaml
version: '3'
services:

#
# Verify Identity Access Containers
#

  ivia-config:
    image: icr.io/ivia/ivia-config:${ISVA_VERSION}
    hostname: ivia-conf
    environment:
#     - FIXPACKS=${FIXPACKS}
#     - ADMIN_PWD=${ADMIN_PWD}
#     - SNAPSHOT_ID=${SNAPSHOT_ID}
      - CONTAINER_TIMEZONE=${TIMEZONE}
    volumes:
      - ./ivia-volume:/var/shared
    ports:
      - ${CONFIG_HTTPS_PORT}:9443
    depends_on:
      - ivia-db

  ivia-webseal:
    image: icr.io/ivia/ivia-wrp:${ISVA_VERSION}    
    hostname: ivia-webseal
    environment:
      - INSTANCE=${WEBSEAL_INSTANCE_NAME}
#     - SNAPSHOT_ID=${SNAPSHOT_ID}
    volumes:
      - ./ivia-volume:/var/shared
    ports:
      - "${WEBSEAL_HTTPS_PORT}:9443"
      - "${WEBSEAL_HTTP_PORT}:9080"
    depends_on:
      - ivia-dsc

  ivia-aac:
    image: icr.io/ivia/ivia-runtime:${ISVA_VERSION}
    hostname: ivia-aac
#    environment:
#     - SNAPSHOT_ID=${SNAPSHOT_ID}
#     - FIXPACKS=${FIXPACKS}
    volumes:
      - ./ivia-volume:/var/shared
    ports:
      - "${AAC_HTTPS_PORT}:9443"
      - "${AAC_HTTP_PORT}:9080"
    depends_on:
      - ivia-db
      - ivia-webseal
      - ivia-dsc

  ivia-dsc:
    image: icr.io/ivia/ivia-dsc:${ISVA_VERSION}
    hostname: ivia-dsc
    environment:
      - INSTANCE=1
#     - SNAPSHOT_ID=${SNAPSHOT_ID}
#     - FIXPACKS=${FIXPACKS}
    volumes:
      - ./ivia-volume:/var/shared
    ports:
      - "${DSC_SERVICE_PORT}:443"
      - "${DSC_REPLICA_PORT}:444"

#
# Service Containers
#

  ivia-db:
    image: icr.io/ivia/ivia-postgresql:${ISVA_VERSION}
    hostname: ivia-db
    environment:
      - POSTGRES_DB=${DB_NAME}
      - POSTGRES_USER=${DB_USER}
      - POSTGRES_PASSWORD=${DB_PASSWORD}
      - POSTGRES_SSL_CN=${DB_CN}
#     - POSTGRES_UNSECURE=${DB_SSL_DISABLED}
    volumes:
      - ./pgdata:/var/lib/postgresql/data
    ports:
      - "${DB_PORT}:5432"

Environment

The environment is defined in the following .env file.

ISVA_VERSION=10.0.8.0
TIMEZONE=Australia/Brisbane

#
# Verify Identity Access CONTAINERS
#

# The ID of the snapshot which is to be used when starting the container.
# The snapshot must reside in <shared-volume>/snapshots
# SNAPSHOT_ID=

# A list of fixpacks to apply when starting the container.
# The fixpacks must reside in <shared-volume>/fixpacks
# FIXPACKS=

# The password to be set for the default 'admin' user account.
# ADMIN_PWD=

# Config Container
CONFIG_HTTPS_PORT=10443

# AAC Container
AAC_HTTP_PORT=11080
AAC_HTTPS_PORT=11443

# WebSEAL default Container
WEBSEAL_INSTANCE_NAME=default
WEBSEAL_HTTP_PORT=12080
WEBSEAL_HTTPS_PORT=12443

# DSC Container
DSC_SERVICE_PORT=13443
DSC_REPLICA_PORT=13444

#
# SERVICE CONTAINERS
#

# Database Container
DB_PORT=15432
DB_CN=isva
DB_SSL_DISABLED=false
DB_USER=postgres
DB_PASSWORD=passw0rd
DB_NAME=isva

Overview

This Docker Compose configuration defines an environment with the following containers:

  • Verify Identity Access containers (icr.io/ivia/ivia-config, icr.io/ivia/ivia-wrp,icr.io/ivia/ivia-runtime, and icr.io/ivia/ivia-dsc).
    • Configuration container
    • WebSEAL instance container
    • AAC runtime container
    • DSC container
  • Services
    • PostgreSQL server container (icr.io/ivia/ivia-postgresql)

This environment was created for simplicity to demonstrate the following items.

  • The concept of the shared configuration volume.

    The shared configuration volume is created in a folder named 'ivia-volume'. All Verify Identity Access containers share this volume.

  • Port mappings that are used by each container.

    All environment variables and port mappings are externalized to the file '.env' for convenience.

  • How to persist data within the PostgreSQL container.

    The PostgreSQL container stores its data in a folder that is mounted from './pgdata'.

Note:
  • If you are not using the Advanced Access Control capability, you do not need the ivia-postgres and ivia-aac containers. However, if you are using the Federation capabilities in your environment, you need similar containers created.
  • The name of the WebSEAL instance that is run in the ivia-webseal container must be defined when the container is created. Customize the value of WEBSEAL_INSTANCE_NAME in .env or create your WebSEAL instance with the default name 'default'.

Quick start

Place the 'docker-compose.yaml' and '.env' files into a new directory. From that directory, run the following command to start the test environment:

docker-compose up -d

This command creates and starts the containers in the environment.

To access the LMI, open your web browser and visit:

https://{docker-host}:10443
or 
https://{docker-host}:CONFIG_HTTPS_PORT if .env has been customized

To access the Verify Identity Access terminal, run:

docker exec -it <container-name>

To destroy the environment, run the following command.

docker-compose down
Note: The data that is stored on the shared configuration volume is not removed when the environment is destroyed.

Extra commands

Some example commands for some common Docker Compose tasks are listed in the following table:

Table 1. Example commands for some common Docker Compose tasks
Task Command
Run just the configuration service container and its dependencies. docker-compose run isva-config
Stop the Database service container. docker-compose stop isva-db
Remove the stopped Database service container. docker-compose rm isva-db
Re-create the Database service container. docker-compose up --force-recreate -d isva-db

For more information about Docker Compose, see the Docker Compose website. (https://docs.docker.com/compose/)