Docker compose
Docker
Fuente: https://docs.docker.com/engine/install/ubuntu/
Quitamos dependencias antiguas
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done
Actualizamos repositorios
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
Instalamos docker
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Usuario sin sudo
sudo vi /etc/group
docker:x:988:soffid01
sudo systemctl restart docker
sudo usermod -aG docker soffid01
exit > login
docker ps
Docker compose
Documentación Soffid: https://bookstack.soffid.com/books/installation/page/installing-soffid
Documentación Docker compose: https://docs.docker.com/reference/cli/docker/compose/
sudo vi docker-compose.yaml
mariadb
services:
mariadb:
image: mariadb:11.1.2
environment:
MYSQL_ROOT_PASSWORD: dkF45.r4f
MYSQL_DATABASE: soffid
MYSQL_USER: soffid
MYSQL_PASSWORD: 98nds.D3
healthcheck:
test: "/usr/bin/mariadb --user=root --password=dkF45.r4f --execute \"SHOW DATABASES;\""
interval: 2s
timeout: 20s
retries: 10
command:
- --max_allowed_packet=128M
- --innodb_log_file_size=256M
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_general_ci
networks:
- network
volumes:
- mariadb_data:/var/lib/mysql
console:
image: soffid/iam-console:3.6.17
environment:
DB_URL: jdbc:mariadb://mariadb/soffid
DB_USER: soffid
DB_PASSWORD: 98nds.D3
ports:
- 8080:8080
networks:
- network
healthcheck:
test: bash -c "(echo 'GET /soffid/anonymous/logo.svg HTTP/1.1' >&0; echo >&0; cat >&2;) <> /dev/tcp/localhost/8080"
interval: 10s
timeout: 20s
retries: 10
start_period: 40s
volumes:
- console_trust:/opt/soffid/iam-console-3/trustedcerts
- console_conf:/opt/soffid/iam-console-3/conf
- console_logs:/opt/soffid/iam-console-3/logs
- console_index:/opt/soffid/iam-console-3/index
depends_on:
mariadb:
condition: service_healthy
sync-server:
image: soffid/iam-sync:3.6.14
hostname: sync-server
environment:
SOFFID_PORT: 1760
SOFFID_HOSTNAME: sync-server.netcompose
SOFFID_MAIN: yes
DB_URL: jdbc:mysql://mariadb/soffid
DB_USER: soffid
DB_PASSWORD: 98nds.D3
networks:
- network
volumes:
- sync_conf:/opt/soffid/iam-sync/conf
depends_on:
mariadb:
condition: service_healthy
console:
condition: service_healthy
networks:
network:
name: netcompose
driver: bridge
volumes:
mariadb_data:
name: compose_mariadbdata
console_trust:
name: compose_console_trustedcerts
console_conf:
name: compose_console_conf
console_logs:
name: compose_console_logs
console_index:
name: compose_console_index
sync_conf:
name: compose_sync_conf
Iniciamos los contenedores.
docker compose up -d
Comandos útiles.
docker compose ps
docker compose logs -f console
docker compose logs -f sync-server
docker compose exec -it console bash
docker compose exec -it sync-server bash
Habilitar port forwarding
Primero hay que confirmar o actualizar la configuración del port forwarding del servidor.
sudo vi /etc/ssh/sshd_config
AllowTcpForwarding yes
sudo systemctl restart ssh
Abrimos el puerto por port forwarding mediante una conexión ssh.
ssh -L 8080:localhost:8080 soffid01@172.16.9.20
Ahora accedemos a través del navegador.
http://localhost:8080
Usuarios admin y svives creados y con password en el vault.
Replica de BBDD
Documentación Soffid: https://bookstack.soffid.com/books/installation/page/creating-a-multimaster-mariadb-replica-2b4
Documentación EMASA: https://bookstack.soffid.com/books/emasa/page/sincronizar-bases-de-datos
Añadir estos parámetros en el servidor 1.
- --server-id=1
- --log-bin
- --binlog-format=row
- --expire-logs-days=15
- --max-binlog-size=1000M
- --replicate-ignore-table=soffid.SC_SEQUENCE
- --slave-skip-errors=1032,1053,1062
En el servidor 2.
- --server-id=2
- --log-bin
- --binlog-format=row
- --expire-logs-days=15
- --max-binlog-size=1000M
- --replicate-ignore-table=soffid.SC_SEQUENCE
- --slave-skip-errors=1032,1053,1062
Hacemos un backup del servidor 1.
docker compose exec -it mariadb bash -c 'mariadb-dump -u root --password="dkF45.r4f" soffid' > mariadb-backup.sql
Lo copiamos al servidor 2
scp mariadb-backup.sql soffid02@172.16.9.35:/home/soffid02/
He dejado solo la base de datos (yaml) y ahora cargamos el backup en el servidor 2.
docker compose cp mariadb-backup.sql mariadb:/tmp
docker compose exec -it mariadb bash
mariadb -u soffid -p soffid < /tmp/mariadb-backup.sql
Creamos un usuario para replicar los datos del servidor 2 al 1
docker compose exec -it mariadb bash
mariadb -u soffid -p soffid
create user replication_user@172.16.9.35 identified by 'SDfh.343';
grant replication slave on *.* to replication_user@172.16.9.35;
set password for replication_user@172.16.9.35 = password('SDfh.343');
Y en el servidor 1.
mariadb -u root -p soffid
grant replication slave on *.* to replication_user@172.16.9.35
set password for replication_user@172.16.9.35 = password('Adfv45.d')
docker compose exec -it mariadb bash
mariadb -u soffid -p soffid
create user replication_user@172.16.9.35 identified by 'SDfh.343';
grant replication slave on *.* to replication_user@172.16.9.35;
set password for replication_user@172.16.9.35 = password('SDfh.343');
Traefik / nginx
Hay que incluir un balanceador para las consultas a la Consola y esta a las base de datos.
???????????????????
Soffid LDAP
Metal: https://bookstack.soffid.com/books/soffid-ldap/page/how-to-install-soffid-ldap
soffid-ldap:
image: soffid/soffidldap:15
environment:
SOFFID_SERVER=https://sync-server.netcompose:1760
SOFFID_AGENT=soffidldap
USER=admin
PASSWORD=4T.g345f
DN=dn=unal,dn=co
ports:
- 1389:389
networks:
- network
healthcheck:
test: bash -c "(echo 'GET /soffid/anonymous/logo.svg HTTP/1.1' >&0; echo >&0; cat >&2;) <> /dev/tcp/localhost/8080"
interval: 10s
timeout: 20s
retries: 10
start_period: 40s
volumes:
- ldapconf:/etc/ldap/slapd.d
- ldapdata:ldapdata
depends_on:
mariadb:
condition: service_healthy