= Services =

Docker

= Containers =

* aai-discovery, tag: docker.clarin.eu/aai-discovery:1.8.2.2
* md-conversion, tag: docker.clarin.eu/aai-md-conversion:1.0.0
* proxy, tag: docker.clarin.eu/aai-discovery-proxy:1.0.4
* IDP (v3.2), tag: 

== Setup == 

=== Discovery service ===

Pull images from the repository:
{{{
docker pull tianon/true
docker login docker.clarin.eu
docker pull docker.clarin.eu/aai-discovery:1.8.2.2
docker pull docker.clarin.eu/aai-discovery-proxy:1.0.4
}}}

Create containers:
{{{
docker create \
    --name aai-discovery-data \
    -v /data \
    tianon/true

docker create \
    --name aai-discovery \
    -p 8080:8080 \
    --volumes-from aai-discovery-data \
    -v /var/log/docker/aai-discovery/tomcat8:/var/log/tomcat8 \
    docker.clarin.eu/aai-discovery:1.8.2.2

docker create \
    --name proxy  \
    -p 80:80 -p 443:443 \
    -v /root/certstore:/etc/nginx/ssl \
    -v /var/log/docker/proxy/nginx/:/var/log/nginx/ \
    --link aai-discovery:tomcat \
    docker.clarin.eu/aai-discovery-proxy:1.0.4
}}}

Manage containers:
{{{
docker start|stop|restart aai-discovery
docker start|stop|restart proxy
}}}

=== Crontab ===

{{{
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed
*/15 * * * * root docker run -i --rm --volumes-from aai-discovery-data --link aai-discovery:sma docker.clarin.eu/aai-md-conversion:1.0.0
}}}

== IDP v3.2 ==

Authentication flow configuration:
* https://wiki.shibboleth.net/confluence/display/IDP30/AuthenticationFlowSelection
* https://wiki.shibboleth.net/confluence/display/IDP30/AuthenticationConfiguration
* https://wiki.shibboleth.net/confluence/display/IDP30/PasswordAuthnConfiguration
* https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration

Tomcat reverse proxy (X-FORWARDED-* headers):
* http://stackoverflow.com/questions/19916906/nginx-managed-ssl-with-tomcat-7

Building:
{{{
cd ~/docker-shibboleth-demo/shibboleth-idp
docker build -t docker.clarin.eu/idp:1.0.0 .
}}}

Initial run:
{{{
docker run --restart=always -d --name idp2 --volumes-from shibboleth-data --volumes-from shibboleth-idp-data -p 172.17.42.1:8081:8080 docker.clarin.eu/idp:1.0.0
}}}